Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

after spybot scan, laptop boot up with black screen


  • Please log in to reply
28 replies to this topic

#16 zeotrex

zeotrex
  • Topic Starter

  • Members
  • 21 posts
  • ONLINE
  •  
  • Local time:07:36 PM

Posted 20 June 2018 - 10:52 PM

I Cant attached the blue screen photo. The page stop responding after uploading the photo...

 

anyway, basically the blue screen says..

 

 

A problem has been detected and windows has been shut down to prevent damage  to your computer...

 

bla bla bla.... the common blue screen message...


Edited by zeotrex, 20 June 2018 - 10:53 PM.


BC AdBot (Login to Remove)

 


#17 zeotrex

zeotrex
  • Topic Starter

  • Members
  • 21 posts
  • ONLINE
  •  
  • Local time:07:36 PM

Posted 20 June 2018 - 10:54 PM

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 20.06.2018
Ran by Account (administrator) on ACCOUNT-PC (21-06-2018 11:16:49)
Running from G:\
Loaded Profiles: Account (Available Profiles: Account)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Safe Mode (with Networking)
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Windows\System32\dllhost.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SAIICpl.exe [307768 2010-04-28] ()
HKLM\...\Run: [Energy Management] => C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [9768352 2012-12-17] (Lenovo (Beijing) Limited)
HKLM\...\Run: [EnergyUtility] => C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe [5940128 2012-12-17] (Lenovo(beijing) Limited)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2741544 2011-04-08] (Synaptics Incorporated)
HKLM\...\Run: [Qpost_Pro] => C:\Program Files (x86)\QPostPro\QplusPhoneSeller.exe [2520160 2014-03-03] (Giosis)
HKLM\...\Run: [AVGUI.exe] => C:\Program Files (x86)\AVG\Antivirus\AvLaunch.exe [294928 2018-03-14] (AVG Technologies CZ, s.r.o.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [298296 2018-03-25] (Apple Inc.)
HKLM-x32\...\Run: [YouCam Mirage] => C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe [136488 2010-12-05] (CyberLink)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2011-01-24] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [NSCSysTrayUI_XEROX] => C:\Program Files (x86)\XEROX\NetworkScan\NSCSysUI_XEROX.exe [266240 2009-01-13] (XEROX)
HKLM-x32\...\Run: [Qpost_Pro] => C:\Program Files (x86)\QPostPro\QplusPhoneSeller.exe [2520160 2014-03-03] (Giosis)
HKLM-x32\...\Run: [vProt] => C:\Program Files (x86)\AVG Web TuneUp\vprot.exe [2162760 2016-07-21] ()
HKLM-x32\...\Run: [AvgUi] => "C:\Program Files (x86)\AVG\Framework\Common\avguirna.exe" /lps=fmw
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [3642688 2018-04-09] (Dropbox, Inc.)
HKLM-x32\...\Run: [SDTray] => "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-19\...\Run: [PPS Accelerator] => D:\PPS.tv\PPStream\PPSKernel.exe [3682168 2013-01-23] (PPStream Inc.)
HKU\S-1-5-20\...\Run: [PPS Accelerator] => D:\PPS.tv\PPStream\PPSKernel.exe [3682168 2013-01-23] (PPStream Inc.)
HKU\S-1-5-21-2261380125-1226403923-318164010-1000\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2012-12-19] (Google Inc.)
HKU\S-1-5-21-2261380125-1226403923-318164010-1000\...\Run: [PPS Accelerator] => D:\PPS.tv\PPStream\PPSKernel.exe [3682168 2013-01-23] (PPStream Inc.)
HKU\S-1-5-21-2261380125-1226403923-318164010-1000\...\Run: [AVG-Secure-Search-Update_0913b] => C:\Users\Account\AppData\Roaming\AVG 0913b Campaign\AVG-Secure-Search-Update-0913b.exe /PROMPT --mid 0acb8a3543b547d0b5e04149084ca970-8871f940fff3c513c87493a6713fb2facccaf989 --CMPID 0913b
HKU\S-1-5-21-2261380125-1226403923-318164010-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [30877280 2014-12-11] (Skype Technologies S.A.)
HKU\S-1-5-21-2261380125-1226403923-318164010-1000\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [25624208 2017-11-10] (Google)
HKU\S-1-5-21-2261380125-1226403923-318164010-1000\...\Run: [hdacc] => C:\Program Files (x86)\JJPlayer\hdacc.exe [339640 2015-02-26] (jjvod.com)
HKU\S-1-5-21-2261380125-1226403923-318164010-1000\...\Run: [CBoxService] => C:\Program Files (x86)\CNTV\CBox\CBoxService.exe [439120 2015-03-12] (中国网络电视台CNTV)
HKU\S-1-5-21-2261380125-1226403923-318164010-1000\...\MountPoints2: F - IomegaEncryptionSetup v1.3.exe
HKU\S-1-5-21-2261380125-1226403923-318164010-1000\...\MountPoints2: {00b40537-91a3-11e4-86e8-90004ea84083} - F:\HTC_Sync_Manager_PC.exe
HKU\S-1-5-21-2261380125-1226403923-318164010-1000\...\MountPoints2: {90e2d1bb-4971-11e2-90ea-90004ea84083} - IomegaEncryptionSetup v1.3.exe
HKU\S-1-5-21-2261380125-1226403923-318164010-1000\...\MountPoints2: {ac04ea42-69ae-11e2-9100-90004ea84083} - IomegaEncryptionSetup v1.3.exe
HKU\S-1-5-18\...\Run: [PPS Accelerator] => D:\PPS.tv\PPStream\PPSKernel.exe [3682168 2013-01-23] (PPStream Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk [2012-12-17]
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2018-04-06]
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.11.717\SSScheduler.exe (McAfee, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\RealPlayer Cloud Service UI.lnk [2014-12-07]
ShortcutTarget: RealPlayer Cloud Service UI.lnk -> C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin64\rpsystray.exe (RealNetworks, Inc.)
BootExecute: autocheck autochk * sdnclean64.exe
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: 0.0.0.1    mssplus.mcafee.com
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{1881003A-8DF4-456B-A8F0-219FEB742A36}: [DhcpNameServer] 192.168.0.1

Internet Explorer:
==================
HKU\S-1-5-21-2261380125-1226403923-318164010-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/en-sg/?ocid=iehp
SearchScopes: HKLM -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://astromenda.com/results.php?f=4&q={searchTerms}&a=ast_wnzp01_14_49_ie&cd=2XzuyEtN2Y1L1Qzu0E0CyDyD0FzytDyDzzyDyC0D0AyE0BtAtN0D0Tzu0SzyyEzytN1L2XzutBtFtBtCtFtCzztFyEtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyDzzzzzzyDyE0ByEtG0AyB0F0DtGzz0B0FtAtGyDyE0E0FtGtCtByE0DtD0AtAtB0F0C0ByC2QtN1M1F1B2Z1V1N2Y1L1Qzu2StCzy0F0F0B0AyEyEtG0AzzyD0BtGyByEtA0CtGzzyEyDtAtGyCyD0EtDtCyDzzzytCtCzy0F2Q&cr=1650011702&ir=
SearchScopes: HKLM -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://astromenda.com/results.php?f=4&q={searchTerms}&a=ast_wnzp01_14_49_ie&cd=2XzuyEtN2Y1L1Qzu0E0CyDyD0FzytDyDzzyDyC0D0AyE0BtAtN0D0Tzu0SzyyEzytN1L2XzutBtFtBtCtFtCzztFyEtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyDzzzzzzyDyE0ByEtG0AyB0F0DtGzz0B0FtAtGyDyE0E0FtGtCtByE0DtD0AtAtB0F0C0ByC2QtN1M1F1B2Z1V1N2Y1L1Qzu2StCzy0F0F0B0AyEyEtG0AzzyD0BtGyByEtA0CtGzzyEyDtAtGyCyD0EtDtCyDzzzytCtCzy0F2Q&cr=1650011702&ir=
SearchScopes: HKU\S-1-5-21-2261380125-1226403923-318164010-1000 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxps://mysearch.avg.com/search?cid={EA2AEAB2-AA0A-476D-8137-5416E14278F4}&mid=0acb8a3543b547d0b5e04149084ca970-8871f940fff3c513c87493a6713fb2facccaf989&lang=en&ds=AVG&coid=avgtbavg&cmpid=0415av&pr=fr&d=2015-05-06 22:04:28&v=4.1.0.411&pid=wtu&sg=&sap=dsp&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2261380125-1226403923-318164010-1000 -> {B8E20CD7-BAC2-4820-9AA6-1060B3AF25E2} URL = hxxp://www.baidu.com/s?wd={searchTerms}&ie={inputEncoding}&oe={outputEncoding}&abar=2&tn=20041099_oem_dg&ch=33
BHO: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin64.dll [2014-10-26] (RealDownloader)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO: QvodExtend -> {A8502600-B272-4F68-A67B-A0305D46D298} -> C:\Program Files (x86)\QvodPlayer\QvodExtend\5.0.97.0\QvodExtend_x64.dll [2014-02-18] (Shenzhen QVOD Technology Co.,Ltd)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-27] (Google Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: 0C3B3F11-52BB-6A59-51FC-A435C788255C Class -> {0C3B3F11-52BB-6A59-51FC-A435C788255C} -> C:\Program Files (x86)\ppsaddr\{0C3B3F11-52BB-6A59-51FC-A435C788255C}\AddressBar.dll [2012-12-14] ()
BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll [2014-10-26] (RealDownloader)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2014-08-12] (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO-x32: AVG Web TuneUp -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> C:\Program Files (x86)\AVG Web TuneUp\4.3.2.18\AVG Web TuneUp.dll [2016-07-21] (AVG)
BHO-x32: QvodExtend -> {A8502600-B272-4F68-A67B-A0305D46D297} -> C:\Program Files (x86)\QvodPlayer\QvodExtend\5.0.97.0\QvodExtend.dll [2014-02-18] (Shenzhen QVOD Technology Co.,Ltd)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-27] (Google Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: QQMiniDL Helper Class -> {C9C7334B-5657-41e1-8F79-F6AACECA05F4} -> C:\Program Files (x86)\Common Files\Tencent\QQMiniDL\60\Browser\QQIEHelper01.dll [2014-07-15] (Tencent Technology (Shenzhen) Company Limited)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2014-08-12] (Oracle Corporation)
BHO-x32: AccountProtectBHO Class -> {DDD362CF-523B-4BC9-8FDC-58F93B6BC945} -> C:\Users\Account\AppData\Roaming\Tencent\QQ\QQAntiPhishing\AccountProtect.dll [2017-10-23] (Tencent)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-27] (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-27] (Google Inc.)
Toolbar: HKU\S-1-5-21-2261380125-1226403923-318164010-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-27] (Google Inc.)
DPF: HKLM-x32 {721700FE-7F0E-49C5-BDED-CA92B7CB1245} hxxps://sg.mydlink.com/8D/activeX//camclictrl.cab
DPF: HKLM-x32 {E4BFF825-2E50-4BCC-8497-6EFDFB6C9B3D} hxxps://mybank.icbc.com.cn/icbc/newperbank/USBKEY.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
Filter-x32: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-11-27] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-11-27] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-11-27] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-11-27] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-11-27] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-11-27] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-11-27] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-11-27] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-11-27] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-11-27] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-11-27] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-11-27] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-11-27] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-11-27] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-11-27] (Citrix Systems, Inc.)
Filter-x32: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-11-27] (Citrix Systems, Inc.)
StartMenuInternet: IEXPLORE.EXE - iexplore.exe

FireFox:
========
FF ProfilePath: C:\Users\Account\AppData\Roaming\Mozilla\Firefox\Profiles\p0erq5ku.default-1437658318989 [2018-06-21]
FF HKLM-x32\...\Firefox\Extensions: [{338950EA-82DB-44C1-930D-0C28E023C9F0}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: (RealDownloader) - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2014-12-07] [Legacy] [not signed]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_29_0_0_140.dll [2018-04-11] ()
FF Plugin: @alipay.com/npalicert -> C:\Program Files (x86)\alipay\aliedit\5.3.0.3807\npalicdo64.dll [2015-03-23] (alipay.com)
FF Plugin: @alipay.com/npAliInetHealth -> C:\Program Files (x86)\alipay\aliedit\5.3.0.3807\npAlipaydhc64.dll [2015-03-23] (Alipay.com Inc. )
FF Plugin: @alipay.com/npAliSecCtrl -> C:\Program Files (x86)\alipay\aliedit\5.3.0.3807\npAliSecCtrl64.dll [2015-03-23] (Alipay.com Inc. )
FF Plugin: @java.com/DTPlugin,version=10.10.2 -> C:\Windows\system32\npDeployJava1.dll [2012-12-19] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @qvod.com/QvodShare -> C:\Program Files (x86)\QvodPlayer\npShareModule_x64.dll [2014-02-18] (Shenzhen QVOD Technology Co.,Ltd)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_29_0_0_140.dll [2018-04-11] ()
FF Plugin-x32: @alibaba.com/npwangwang;version=1.0 -> C:\Program Files (x86)\AliQinTao\1.70.03U\npwangwang.dll [No File]
FF Plugin-x32: @alipay.com/npalicert -> C:\Program Files (x86)\alipay\aliedit\5.3.0.3807\npalicdo.dll [2015-03-23] (alipay.com)
FF Plugin-x32: @alipay.com/npalidcp -> C:\Program Files (x86)\alipay\aliedit\5.3.0.3807\npalidcp.dll [2014-07-03] (Alipay.com co.,ltd)
FF Plugin-x32: @alipay.com/npaliedit -> C:\Program Files (x86)\alipay\aliedit\5.3.0.3807\npaliedit.dll [2014-07-03] (Alipay.com co.,ltd)
FF Plugin-x32: @alipay.com/npAliInetHealth -> C:\Program Files (x86)\alipay\aliedit\5.3.0.3807\npAlipaydhc.dll [2015-03-23] (Alipay.com Inc. )
FF Plugin-x32: @alipay.com/npAliSecCtrl -> C:\Program Files (x86)\alipay\aliedit\5.3.0.3807\npAliSecCtrl.dll [2015-03-23] (Alipay.com Inc. )
FF Plugin-x32: @alipay.com/NPComBrg701,version=1.0.2011.701 -> C:\Windows\system32\itruscert\NPComBrg701.dll [No File]
FF Plugin-x32: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin -> C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\40.3.2\\npsitesafety.dll [No File]
FF Plugin-x32: @cfca.com/SecEditCtl.BOC,version=1.0.0.9 -> C:\Windows\system32\npSecEditCtl.BOC.x86.dll [No File]
FF Plugin-x32: @cfca.com/SecEditCtl.BOC,version=1.0.1.7 -> C:\Windows\system32\npSecEditCtl.BOC.x86.dll [No File]
FF Plugin-x32: @Citrix.com/npican -> C:\Program Files (x86)\Citrix\ICA Client\npicaN.dll [2014-11-27] (Citrix Systems, Inc.)
FF Plugin-x32: @itstructures.com/ffactivex -> C:\Program Files (x86)\JJPlayer\npWebPlayer.dll [2015-01-17] (jjvod.com)
FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-08-12] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2014-08-12] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-09-12] (Microsoft Corporation)
FF Plugin-x32: @pptv.com/plugin -> C:\Program Files (x86)\Internet Explorer\PPLite\plugin\1.0.1.3471\npplugin2.dll [2013-02-22] (PPLive Corporation)
FF Plugin-x32: @qq.com/npOpenPlatform -> C:\Program Files (x86)\Common Files\Tencent\OpenPlatform\3.0.0.3201\npQPMWebGamePlugin.dll [2014-09-29] (腾讯公司)
FF Plugin-x32: @qq.com/npqscall -> C:\Program Files (x86)\Common Files\Tencent\Npchrome\npactivex.dll [2015-08-16] (Tencent)
FF Plugin-x32: @qq.com/QQMiniDLPlugin -> C:\Program Files (x86)\Common Files\Tencent\QQMiniDL\60\Browser\npXFMiniDLPlugin.dll [2014-04-25] (Tencent Technology (Shenzhen) Company Limited)
FF Plugin-x32: @qq.com/QQPhotoDrawEx -> C:\Program Files (x86)\Tencent\Qzone\npQQPhotoDrawEx.dll [2013-08-13] ()
FF Plugin-x32: @qq.com/QzoneMusic -> C:\Program Files (x86)\Tencent\QQMusic\QzoneMusic\npQzoneMusic.dll [2014-08-30] (Tencent)
FF Plugin-x32: @qq.com/TXSSO -> C:\Program Files (x86)\Common Files\Tencent\TXSSO\1.2.3.30\Bin\npSSOAxCtrlForPTLogin.dll [2015-06-26] (Tencent)
FF Plugin-x32: @qvod.com/QvodInsert -> C:\Program Files (x86)\QvodPlayer\npQvodInsert.dll [2014-05-19] (Shenzhen QVOD Technology Co.,Ltd)
FF Plugin-x32: @qvod.com/QvodShare -> C:\Program Files (x86)\QvodPlayer\npShareModule.dll [2014-02-18] (Shenzhen QVOD Technology Co.,Ltd)
FF Plugin-x32: @real.com/nppl3260;version=17.0.15.10 -> c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll [2014-12-07] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlhtml5videoshim;version=17.0.15 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll [2014-10-26] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpplugin;version=17.0.15.10 -> c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll [2014-12-07] (RealPlayer Cloud)
FF Plugin-x32: @tencent.com/npQQMailWebKit,version=1.0.0.1 -> C:\Program Files (x86)\QQMailPlugin\npQQMailWebKit.dll [2013-04-25] (Tencent)
FF Plugin-x32: @tencent.com/nptxftnWebKit,version=1.0.0.1 -> C:\Program Files (x86)\QQMailPlugin\nptxftnWebKit.dll [2013-04-08] (Tencent Technology (Shenzhen) Company Limited)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-18] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-18] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2018-02-23] (Adobe Systems Inc.)
FF Plugin HKU\.DEFAULT: @alipay.com/npalicert -> C:\Windows\system32\config\systemprofile\AppData\Roaming\alipay\cf\npalicdo.dll [No File]
FF Plugin HKU\S-1-5-21-2261380125-1226403923-318164010-1000: @1.qq.com/npqqwebgame -> C:\Users\Account\AppData\Roaming\Tencent\WebGamePlugin\1.0.3.9\npqqwebgame.dll [2015-02-03] ( )
FF Plugin HKU\S-1-5-21-2261380125-1226403923-318164010-1000: @alibaba.com/npAliSSOLogin;version=1.0 -> C:\Program Files (x86)\AliWangWang\9.12.03C\npAliSSOLogin.dll [2018-04-07] (Alibaba software (Shanghai) Corporation.)
FF Plugin HKU\S-1-5-21-2261380125-1226403923-318164010-1000: @alibaba.com/nptrademanager;version=1.0 -> "C:\Program Files (x86)\AliWangWang\nptrademanager.dll" [No File]
FF Plugin HKU\S-1-5-21-2261380125-1226403923-318164010-1000: @alibaba.com/npwangwang;version=1.0 -> C:\Program Files (x86)\AliWangWang\9.12.03C\npwangwang.dll [2018-04-07] ( )
FF Plugin HKU\S-1-5-21-2261380125-1226403923-318164010-1000: @alipay.com/npalicert -> C:\Users\Account\AppData\Roaming\alipay\cf\npalicdo.dll [2014-10-21] (alipay.com)
FF Plugin HKU\S-1-5-21-2261380125-1226403923-318164010-1000: @qvod.com/QvodInsert -> C:\Program Files (x86)\QvodPlayer\npQvodInsert.dll [2014-05-19] (Shenzhen QVOD Technology Co.,Ltd)
FF Plugin HKU\S-1-5-21-2261380125-1226403923-318164010-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Account\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2012-09-24] (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-2261380125-1226403923-318164010-1000: KuaiWanInsert -> C:\Program Files (x86)\QvodPlayer\AddIn\KWWebgame\npKWWebGame.dll [2014-02-18] (Shenzhen QVOD Technology Co.,Ltd)

Chrome:
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> hxxp://astromenda.com/?f=1&a=ast_wnzp01_14_49_ie&cd=2XzuyEtN2Y1L1Qzu0E0CyDyD0FzytDyDzzyDyC0D0AyE0BtAtN0D0Tzu0SzyyEzytN1L2XzutBtFtBtCtFtCzztFyEtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyDzzzzzzyDyE0ByEtG0AyB0F0DtGzz0B0FtAtGyDyE0E0FtGtCtByE0DtD0AtAtB0F0C0ByC2QtN1M1F1B2Z1V1N2Y1L1Qzu2StCzy0F0F0B0AyEyEtG0AzzyD0BtGyByEtA0CtGzzyEyDtAtGyCyD0EtDtCyDzzzytCtCzy0F2Q&cr=1650011702&ir=
CHR StartupUrls: Default -> "hxxp://astromenda.com/?f=7&a=ast_wnzp01_14_49_ie&cd=2XzuyEtN2Y1L1Qzu0E0CyDyD0FzytDyDzzyDyC0D0AyE0BtAtN0D0Tzu0SzyyEzytN1L2XzutBtFtBtCtFtCzztFyEtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyDzzzzzzyDyE0ByEtG0AyB0F0DtGzz0B0FtAtGyDyE0E0FtGtCtByE0DtD0AtAtB0F0C0ByC2QtN1M1F1B2Z1V1N2Y1L1Qzu2StCzy0F0F0B0AyEyEtG0AzzyD0BtGyByEtA0CtGzzyEyDtAtGyCyD0EtDtCyDzzzytCtCzy0F2Q&cr=1650011702&ir="
CHR Profile: C:\Users\Account\AppData\Local\Google\Chrome\User Data\Default [2018-06-21]
CHR Extension: (Google Drive) - C:\Users\Account\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-23]
CHR Extension: (YouTube) - C:\Users\Account\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-28]
CHR Extension: (Google Search) - C:\Users\Account\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-29]
CHR Extension: (Google Docs Offline) - C:\Users\Account\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-19]
CHR Extension: (支付宝安全插件) - C:\Users\Account\AppData\Local\Google\Chrome\User Data\Default\Extensions\lapoiohkeidniicbalnfmakkbnpejgbi [2014-09-13]
CHR Extension: (Skype) - C:\Users\Account\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2017-12-08]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\Account\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2014-11-06]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Account\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-05]
CHR Extension: (Gmail) - C:\Users\Account\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-28]
CHR Extension: (Chrome Media Router) - C:\Users\Account\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-06-21]
CHR HKU\S-1-5-21-2261380125-1226403923-318164010-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 AlibabaProtect; C:\Program Files (x86)\AlibabaProtect\1.0.11.753\AlibabaProtect.exe [703416 2018-01-22] (阿里巴巴(中国)软件有限公司)
S2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2018-03-14] (Apple Inc.)
S2 AVG Antivirus; C:\Program Files (x86)\AVG\Antivirus\AVGSvc.exe [304776 2018-03-14] (AVG Technologies CZ, s.r.o.)
S3 avgbIDSAgent; C:\Program Files (x86)\AVG\Antivirus\x64\aswidsagenta.exe [7607288 2018-03-14] (AVG Technologies CZ, s.r.o.)
S2 btwdins; C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe [953632 2010-12-14] (Broadcom Corporation.)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-06-05] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-06-05] (Dropbox, Inc.)
S2 DbxSvc; C:\Windows\system32\DbxSvc.exe [51024 2018-04-09] (Dropbox, Inc.)
S2 DeviceHealth; C:\Program Files (x86)\Microsoft Device Health\DhMachineSvc.exe [196760 2015-01-30] (Microsoft Corporation)
S2 DeviceHealthPluginMgr; C:\Program Files (x86)\Microsoft Device Health\PluginManager\DhPluginMgr.exe [244376 2015-01-30] (Microsoft Corporation)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.11.717\McCHSvc.exe [405392 2018-03-27] (McAfee, Inc.)
S2 pcas; C:\Program Files (x86)\alipay\aliedit\5.3.0.3807\pcas.exe [592856 2015-03-23] (Alipay.com Inc. )
S2 PPTVService; C:\Windows\SysWOW64\PPTVSvc.dll [478032 2013-02-22] (PPTV)
S2 QPCore; C:\Program Files (x86)\Common Files\Tencent\QQProtect\Bin\QQProtect.exe [115104 2018-02-28] (Tencent)
S4 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [39568 2014-10-26] ()
S4 RealPlayer Cloud Service; c:\program files (x86)\real\realplayer\RPDS\Bin\rpdsvc.exe [1141848 2014-12-07] (RealNetworks, Inc.)
S4 RealPlayerUpdateSvc; C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe [31856 2014-10-30] ()
S2 secbizsrv; C:\Program Files (x86)\alipay\aliedit\5.3.0.3807\secbizsrv.exe [594904 2015-03-23] (Alipay.com Inc. )
S2 TBSecSvc; C:\Program Files (x86)\TaobaoProtect\TBSecSvc.exe [227296 2015-11-29] (Alibaba (China) Co., LTD. All rights reserved.)
S2 vToolbarUpdater40.3.2; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\40.3.2\ToolbarUpdater.exe [1309768 2016-07-21] (AVG Secure Search)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S2 WtuSystemSupport; C:\Program Files (x86)\AVG Web TuneUp\WtuSystemSupport.exe [976456 2016-07-21] ()
S2 wwbizsrv; C:\Program Files (x86)\Alibaba\wwbizsrv\wwbizsrv.exe [2907024 2018-04-07] (Alibaba Group)
S2 SDScannerService; "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe" [X]
S2 SDUpdateService; "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe" [X]
S2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [X]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 AliPaladin; C:\Windows\system32\drivers\AliPaladin64.sys [148624 2018-01-03] ()
S1 avgArPot; C:\Windows\System32\drivers\avgArPot.sys [189032 2018-03-14] (AVG Technologies CZ, s.r.o.)
S1 avgbdisk; C:\Windows\System32\drivers\avgbdiska.sys [166552 2018-03-14] (AVG Technologies CZ, s.r.o.)
S1 avgbidsdriver; C:\Windows\System32\drivers\avgbidsdrivera.sys [221096 2018-03-14] (AVG Technologies CZ, s.r.o.)
S0 avgbidsh; C:\Windows\System32\drivers\avgbidsha.sys [193024 2018-03-14] (AVG Technologies CZ, s.r.o.)
S0 avgblog; C:\Windows\System32\drivers\avgbloga.sys [337344 2018-03-14] (AVG Technologies CZ, s.r.o.)
S0 avgbuniv; C:\Windows\System32\drivers\avgbuniva.sys [51272 2018-03-14] (AVG Technologies CZ, s.r.o.)
S3 avgHwid; C:\Windows\System32\drivers\avgHwid.sys [39352 2018-03-14] (AVG Technologies CZ, s.r.o.)
S2 avgMonFlt; C:\Windows\System32\drivers\avgMonFlt.sys [139040 2018-03-14] (AVG Technologies CZ, s.r.o.)
R1 avgRdr; C:\Windows\System32\drivers\avgRdr2.sys [102720 2018-03-14] (AVG Technologies CZ, s.r.o.)
S0 avgRvrt; C:\Windows\System32\drivers\avgRvrt.sys [76760 2018-03-14] (AVG Technologies CZ, s.r.o.)
S1 avgSnx; C:\Windows\System32\drivers\avgSnx.sys [1019088 2018-03-14] (AVG Technologies CZ, s.r.o.)
S1 avgSP; C:\Windows\System32\drivers\avgSP.sys [452904 2018-03-14] (AVG Technologies CZ, s.r.o.)
S2 avgStm; C:\Windows\System32\drivers\avgStm.sys [198368 2018-03-14] (AVG Technologies CZ, s.r.o.)
S0 avgVmm; C:\Windows\System32\drivers\avgVmm.sys [372920 2018-03-14] (AVG Technologies CZ, s.r.o.)
S2 DgiVecp; C:\Windows\system32\Drivers\DgiVecp.sys [54072 2012-12-19] (Samsung Electronics)
S2 ProtectorA; C:\Windows\system32\drivers\ProtectorA.sys [22672 2012-01-11] (www.ISRA.org.cn)
S2 QQProtectX64; C:\Windows\system32\drivers\QQProtectX64.sys [117984 2018-02-28] (Tencent)
S3 SPUVCbv; C:\Windows\System32\Drivers\usbvideo.sys [185344 2013-07-12] (Microsoft Corporation)
S3 dbx; system32\DRIVERS\dbx.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-06-21 11:08 - 2018-06-21 11:08 - 000555240 _____ C:\Windows\Minidump\062118-23914-01.dmp
2018-06-21 07:56 - 2018-06-21 07:56 - 000000000 ____D C:\Windows\system32\config\HiveBackup
2018-06-20 16:02 - 2018-06-20 16:02 - 000555240 _____ C:\Windows\Minidump\062018-24445-01.dmp
2018-06-20 16:01 - 2018-06-21 11:08 - 366430438 _____ C:\Windows\MEMORY.DMP
2018-06-20 01:45 - 2018-06-21 11:16 - 000000000 ____D C:\FRST

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-06-21 11:15 - 2009-07-14 13:13 - 000782510 _____ C:\Windows\system32\PerfStringBackup.INI
2018-06-21 11:15 - 2009-07-14 11:20 - 000000000 ____D C:\Windows\inf
2018-06-21 11:14 - 2016-02-04 07:02 - 000731216 _____ C:\Windows\ntbtlog.txt
2018-06-21 11:08 - 2018-05-08 19:47 - 000000000 ____D C:\Windows\Minidump
2018-06-21 03:28 - 2016-02-02 22:33 - 000000000 ____D C:\Users\TEMP
2018-06-21 03:28 - 2014-12-11 19:52 - 000000000 ____D C:\Windows\system32\appraiser
2018-06-21 03:28 - 2014-04-30 22:44 - 000000000 ___SD C:\Windows\system32\CompatTel
2018-06-21 03:28 - 2009-07-14 11:20 - 000000000 ____D C:\Windows\rescache
2018-06-21 03:27 - 2018-05-07 17:56 - 000000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2018-06-21 03:27 - 2018-04-11 10:46 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2018-06-21 03:27 - 2018-04-06 11:45 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2018-06-21 03:27 - 2018-04-06 11:45 - 000000000 ____D C:\ProgramData\McAfee Security Scan
2018-06-21 03:27 - 2018-04-06 11:45 - 000000000 ____D C:\Program Files\iPod
2018-06-21 03:27 - 2018-04-06 11:42 - 000000000 ____D C:\Program Files\iTunes
2018-06-21 03:27 - 2018-03-05 23:26 - 000000000 ____D C:\ProgramData\Apple Computer
2018-06-21 03:27 - 2018-01-28 22:15 - 000000000 ____D C:\Windows\System32\Tasks\AVG
2018-06-21 03:27 - 2018-01-28 22:15 - 000000000 ____D C:\Program Files\Common Files\AVG
2018-06-21 03:27 - 2015-08-23 21:15 - 000000000 ____D C:\ProgramData\JJPlayer
2018-06-21 03:27 - 2015-05-06 22:04 - 000000000 ____D C:\Program Files (x86)\AVG Web TuneUp
2018-06-21 03:27 - 2014-07-01 16:44 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2018-06-21 03:27 - 2014-07-01 09:59 - 000000000 ____D C:\Users\Account\AppData\Roaming\TaobaoProtect
2018-06-21 03:27 - 2013-03-16 22:32 - 000000000 ____D C:\Users\Public\Documents\ppstream
2018-06-21 03:27 - 2012-12-30 15:48 - 000000000 ____D C:\Users\Account\AppData\Roaming\PPStream
2018-06-21 03:27 - 2012-12-20 12:52 - 000000000 ____D C:\Program Files (x86)\AliWangWang
2018-06-21 03:27 - 2012-12-19 09:36 - 000000000 ____D C:\ProgramData\QvodPlayer
2018-06-21 03:27 - 2012-12-19 07:31 - 000000000 ____D C:\Windows\SysWOW64\Macromed
2018-06-21 03:27 - 2012-12-19 07:31 - 000000000 ____D C:\Windows\system32\Macromed
2018-06-21 03:27 - 2012-12-17 14:30 - 000000000 ____D C:\Users\Account\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Lenovo
2018-06-21 03:27 - 2009-07-14 11:20 - 000000000 ____D C:\Windows\registration
2018-06-21 03:27 - 2009-07-14 11:20 - 000000000 ____D C:\Program Files\Common Files\Microsoft Shared
2018-06-21 03:23 - 2014-03-12 22:49 - 000000000 ____D C:\ProgramData\Real
2018-06-21 03:22 - 2016-06-05 22:23 - 000000000 ____D C:\Program Files (x86)\Dropbox
2018-06-21 03:21 - 2012-12-19 07:04 - 000000000 __RHD C:\MSOCache
2018-06-20 16:02 - 2012-12-17 10:38 - 000000000 ____D C:\Users\Account
2018-06-18 09:59 - 2018-05-07 17:56 - 000000000 ____D C:\Windows\System32\Tasks\Safer-Networking

==================== Files in the root of some directories =======

2014-04-08 15:49 - 2014-06-25 10:55 - 000001078 _____ () C:\Users\Account\AppData\Roaming\base64.cer
2013-11-02 17:15 - 2016-05-26 16:06 - 000000954 _____ () C:\Users\Account\AppData\Roaming\coreavc.ini
2014-08-25 08:57 - 2014-09-13 07:57 - 000000087 _____ () C:\Users\Account\AppData\Roaming\WB.CFG
2012-12-19 08:54 - 2012-12-19 08:54 - 000008049 _____ () C:\Users\Account\AppData\Roaming\XeroxFaxOptions.xml

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2018-05-07 19:23

==================== End of FRST.txt ============================


Additional scan result of Farbar Recovery Scan Tool (x64) Version: 20.06.2018
Ran by Account (21-06-2018 11:18:30)
Running from G:\
Windows 7 Home Premium Service Pack 1 (X64) (2012-12-17 02:38:30)
Boot Mode: Safe Mode (with Networking)
==========================================================


==================== Accounts: =============================

Account (S-1-5-21-2261380125-1226403923-318164010-1000 - Administrator - Enabled) => C:\Users\Account
Administrator (S-1-5-21-2261380125-1226403923-318164010-500 - Administrator - Disabled)
Guest (S-1-5-21-2261380125-1226403923-318164010-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2261380125-1226403923-318164010-1002 - Limited - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: AVG Antivirus (Enabled - Up to date) {C50510DE-367A-330C-FD5C-556ACFB11243}
AS: AVG Antivirus (Enabled - Up to date) {7E64F13A-1040-3C82-C7EC-6E18B43658FE}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 18.011.20038 - Adobe Systems Incorporated)
Adobe Flash Player 29 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 29.0.0.140 - Adobe Systems Incorporated)
Adobe Flash Player 29 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 29.0.0.140 - Adobe Systems Incorporated)
Alipay Cert Component 2.5.0.0 (HKU\.DEFAULT\...\AlipayCert) (Version: 2.5.0.0 - Alipay.com Co., Ltd.)
Alipay Cert Component 2.6.0.0 (HKU\S-1-5-21-2261380125-1226403923-318164010-1000\...\AlipayCert) (Version: 2.6.0.0 - Alipay.com Co., Ltd.)
Apple Application Support (32-bit) (HKLM-x32\...\{543F829B-4591-4B2F-AF63-6E6E6AE59EB2}) (Version: 6.4 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{0ECA3BB5-4410-414B-B226-241FF1C12CD0}) (Version: 6.4 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{9E005AAA-81A3-478E-8944-532D350952EE}) (Version: 11.3.1.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{A30EA700-5515-48F0-88B0-9E99DC356B88}) (Version: 2.6.0.1 - Apple Inc.)
Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 1.0.0.39 - Atheros Communications Inc.)
ATI Catalyst Install Manager (HKLM\...\{42B0E318-B34E-D828-31E3-1DDEB759BA57}) (Version: 3.0.800.0 - ATI Technologies, Inc.)
AVG AntiVirus FREE (HKLM-x32\...\AVG Antivirus) (Version: 18.3.3051 - AVG Technologies)
AVG Web TuneUp (HKLM-x32\...\AVG Web TuneUp) (Version: 4.3.2.18 - AVG Technologies)
BOCNET Security Applet 2.1 (HKLM\...\BOCNET Security Applet_is1) (Version:  - Bank of China, Inc.)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
CBox央视影音 (HKLM-x32\...\{07F79EE3-1012-40BF-BEE7-A07EE6C284DC}_is1) (Version: 3.0.3.0 - 中国网络电视台)
ccc-core-static (HKLM-x32\...\{EAEF2F83-E62A-5635-560D-D8DA1E661C89}) (Version: 2011.0124.2249.40874 - ATI) Hidden
Citrix Receiver (HKLM-x32\...\CitrixOnlinePluginPackWeb) (Version: 14.2.0.10 - Citrix Systems, Inc.)
CoffeeCup Free HTML Editor (HKU\S-1-5-21-2261380125-1226403923-318164010-1000\...\CoffeeCup Free HTML Editor) (Version:  - )
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.54.4.51 - Conexant)
D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
DHTML Editing Component (HKLM-x32\...\{2EA870FA-585F-4187-903D-CB9FFD21E2E0}) (Version: 6.02.0001 - Microsoft Corporation)
Dropbox (HKLM-x32\...\Dropbox) (Version: 48.4.58 - Dropbox, Inc.)
Dropbox Update Helper (HKLM-x32\...\{099218A5-A723-43DC-8DB5-6173656A1E94}) (Version: 1.3.59.1 - Dropbox, Inc.) Hidden
Energy Management (HKLM-x32\...\{D0956C11-0F60-43FE-99AD-524E833471BB}) (Version: 6.0.2.8 - Lenovo) Hidden
Energy Management (HKLM-x32\...\InstallShield_{D0956C11-0F60-43FE-99AD-524E833471BB}) (Version: 6.0.2.8 - Lenovo)
Extended Asian Language font pack for Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-2530-0000-AC0F074E4100}) (Version: 15.007.20033 - Adobe Systems Incorporated)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 66.0.3359.139 - Google Inc.)
Google Drive (HKLM-x32\...\{A8DC81F2-D365-4248-892A-FA3B5951F731}) (Version: 2.34.9392.7803 - Google, Inc.)
Google Earth Pro (HKLM\...\{D9EF644E-2FAE-493B-8180-5617CC774C4F}) (Version: 7.3.1.4507 - Google)
Google Toolbar for Internet Explorer (HKLM-x32\...\{18455581-E099-4BA8-BC6B-F34B2F06600C}) (Version: 1.0.0 - Google Inc.) Hidden
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.8231.2252 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.7 - Google Inc.) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden
HTML-Kit 292 (HKLM-x32\...\HTMLKit_is1) (Version: 1.0 - HTMLKit.com)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1118 - Intel Corporation)
ÍøÂçýÌå²¥·ÅÆ÷V3.93°æ (HKLM-x32\...\ÍøÂçýÌå²¥·ÅÆ÷_is1) (Version:  - ±¦ÀöÐÇͨÈí¼þ£¨±±¾©£©ÓÐÏÞ¹«Ë¾)
iTunes (HKLM\...\{3D8C6B05-FE24-4B9C-A57C-B8E1FA39E83D}) (Version: 12.7.4.80 - Apple Inc.)
Java 7 Update 67 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217067FF}) (Version: 7.0.670 - Oracle)
JJVOD (HKLM-x32\...\JJVOD) (Version: 2.8.0.1 - ©jjvod.com Inc.All Rights Reserved.)
Junk Mail filter update (HKLM-x32\...\{400C31E4-796F-4E86-8FDC-C3C4FACC6847}) (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Lenovo Bluetooth with Enhanced Data Rate Software (HKLM\...\{436E0B79-2CFB-4E5F-9380-E17C1B25D0C5}) (Version: 6.3.0.7400 - Broadcom Corporation)
Lenovo EasyCamera (HKLM-x32\...\{ADE16A9D-FBDC-4ECC-B6BD-9C31E51D0333}) (Version: 1.10.1209.1 - Lenovo EasyCamera)
Lenovo YouCam (HKLM-x32\...\{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.1.3603 - CyberLink Corp.) Hidden
Lenovo YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.1.3603 - CyberLink Corp.)
Lenovo_Wireless_Driver (HKLM-x32\...\{28ABE740-47F3-441B-9437-852F6A64EFF8}) (Version: 1.02.01 - Lenovo)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.11.717.1 - McAfee, Inc.)
Microsoft .NET Framework 4.7.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.7.02558 - Microsoft Corporation)
Microsoft Office Home and Business 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Movie Maker (HKLM-x32\...\{5BABDA39-61CF-41EE-992D-4054B6649A9B}) (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Movie Maker (HKLM-x32\...\{ED6C77F9-4D7E-447C-9EC0-9A212D075535}) (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Mozilla Firefox 59.0.2 (x64 en-US) (HKLM\...\Mozilla Firefox 59.0.2 (x64 en-US)) (Version: 59.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 59.0.2.6656 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MYOB ODBC Direct v8 SG (HKLM-x32\...\{D612148C-C453-43E3-A3B2-F07064DA6D2C}) (Version: 8.0.7 - MYOB Technology Pty Ltd) Hidden
MYOB ODBC Direct v8 SG (HKLM-x32\...\InstallShield_{D612148C-C453-43E3-A3B2-F07064DA6D2C}) (Version: 8.0.7 - MYOB Technology Pty Ltd)
MYOB Premier v12 (HKLM-x32\...\{62BD3DF1-2E84-46CF-B20B-4B8520101AAF}) (Version: 12.4 - MYOB Asia Sdn Bhd) Hidden
MYOB Premier v12 (HKLM-x32\...\InstallShield_{62BD3DF1-2E84-46CF-B20B-4B8520101AAF}) (Version: 12.4 - MYOB Asia Sdn Bhd)
Network Scan (HKLM-x32\...\{9C5725B7-2219-410C-A364-90767F71F00C}) (Version:  - )
Online Plug-in (HKLM-x32\...\{247D1CC0-7A71-4ADB-948F-E8703F0B44FB}) (Version: 14.2.0.10 - Citrix Systems, Inc.) Hidden
PageBreeze Free HTML Editor (HKLM-x32\...\PageBreeze Free HTML Editor) (Version:  - )
ppsAddr (HKLM-x32\...\ppsAddr) (Version: 1.0.0.4 - )
PPSGame V1.0.1.466 (HKLM-x32\...\PPSGame) (Version: 1.0.1.466 - PPStream, Inc.)
PPS影音 V2.7.0.1515 正式版 (HKLM-x32\...\PPStream) (Version: 2.7.0.1515 - PPStream, Inc.)
PPTV V3.3.2.0077 (HKLM-x32\...\PPLive) (Version: 3.3.2 - PPLive Corporation)
PrimoPDF -- brought to you by Nitro PDF Software (HKLM-x32\...\PrimoPDF) (Version: 5 - Nitro PDF Software)
QPostPro 2.9.11.189 (HKLM-x32\...\QPostPro) (Version: 2.9.11.189 - Giosis)
RealDownloader (HKLM-x32\...\{6FCD4D5A-20B9-4D79-ABA5-4E7048944025}) (Version: 17.0.15.4 - RealNetworks, Inc.) Hidden
RealDownloader (HKLM-x32\...\{e6171278-8759-449d-9e0b-c1825debc2ad}) (Version: 17.0.15.7 - RealNetworks) Hidden
RealDownloader (HKLM-x32\...\{FBEFDC9E-F8FB-4B66-A78B-09B7B380D59D}) (Version: 17.0.15.7 - RealNetworks) Hidden
RealNetworks - Microsoft Visual C++ 2008 Runtime (HKLM-x32\...\{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}) (Version: 9.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (HKLM\...\{21E47F47-C9A7-4454-BA48-388327B0EA00}) (Version: 10.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (HKLM-x32\...\{AAECF7BA-E83B-4A10-87EA-DE0B333F8734}) (Version: 10.0 - RealNetworks, Inc) Hidden
RealPlayer Cloud (HKLM-x32\...\RealPlayer 17.0) (Version: 17.0.15 - RealNetworks)
Realtek USB 2.0 Reader Driver (HKLM-x32\...\{62BBB2F0-E220-4821-A564-730807D2C34D}) (Version: 6.1.7600.10003 - Realtek Semiconductor Corp.)
RealUpgrade 1.1 (HKLM-x32\...\{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}) (Version: 1.1.0 - RealNetworks, Inc.) Hidden
SecEditCtl.BOC (only remove) (HKLM-x32\...\SecEditCtl.BOC) (Version: 1.0.1.7 - CFCA)
Self-service Plug-in (HKLM-x32\...\{C787BD95-A1B0-40DF-864F-E75182E828AC}) (Version: 4.2.0.2495 - Citrix Systems, Inc.) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Skype Click to Call (HKLM-x32\...\{873F8E7C-10E6-449F-BD7E-5FBA7C8E1C9B}) (Version: 8.5.0.9167 - Microsoft Corporation)
Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.7.64.0 - Safer-Networking Ltd.)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.3.0.0 - Synaptics Incorporated)
TeamViewer 8 (HKLM-x32\...\TeamViewer 8) (Version: 8.0.16447 - TeamViewer)
Tencent QQMail Plugin (HKLM-x32\...\QQMailPlugin) (Version:  - )
Unity Web Player (HKU\S-1-5-21-2261380125-1226403923-318164010-1000\...\UnityWebPlayer) (Version:  - Unity Technologies ApS)
UpdateService (HKLM-x32\...\{E3AE96D6-E196-45B4-AF62-2B41998B9E37}) (Version: 1.0.0 - RealNetworks, Inc.) Hidden
Video Downloader (HKLM-x32\...\{62796191-6F12-4ABE-BA8B-B4D4A266C997}) (Version: 1.0.0 - RealNetworks) Hidden
Visual Studio 2010 x64 Redistributables (HKLM\...\{21B133D6-5979-47F0-BE1C-F6A6B304693F}) (Version: 13.0.0.1 - AVG Technologies)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
Windows Driver Package - Lenovo (ACPIVPC) System  (08/04/2011 6.1.0.1) (HKLM\...\03A1C6133CBCFD1D944CAC45762E2EC5CD524136) (Version: 08/04/2011 6.1.0.1 - Lenovo)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)
Xerox WorkCentre 3210 (HKLM-x32\...\Xerox WorkCentre 3210) (Version:  - )
影视搜索 (HKLM-x32\...\影视搜索) (Version: 1.0.0 - Shenzhen Qvod Technology Co.,Ltd)
微软设备健康助手 (HKLM-x32\...\{2EAC4B0F-6E44-4FF6-AA5E-5D100F2BAA59}) (Version: 1.5.3.1 - Microsoft Corporation)
快播 5.20.238 (HKLM-x32\...\QvodPlayer) (Version: 5.20.238 - Shenzhen Qvod Technology Co.,Ltd)
支付宝安全控件 5.3.0.3807 (HKLM-x32\...\alieditplus) (Version: 5.3.0.3807 - Alipay.com Co., Ltd.)
网络媒体播放器V3.93版 (HKLM-x32\...\网络媒体播放器_is1) (Version:  - 宝丽星通软件(北京)有限公司)
腾讯QQ (HKLM-x32\...\{052CFB79-9D62-42E3-8A15-DE66C2C97C3E}) (Version: 5.5.11447.0 - 腾讯科技(深圳)有限公司)
阿里旺旺 (HKLM-x32\...\阿里旺旺) (Version: 9.12.03C - 阿里巴巴(中国)有限公司)
阿里旺旺2012正式版SP2 (HKLM-x32\...\AliTalk) (Version:  - 阿里巴巴(中国)有限公司)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-2261380125-1226403923-318164010-1000_Classes\CLSID\{08D512D2-7D97-4E22-B7DB-82791106C086}\InprocServer32 -> C:\Users\Account\AppData\Roaming\alipay\cf\alicdo_x64.dll (Alipay)
CustomCLSID: HKU\S-1-5-21-2261380125-1226403923-318164010-1000_Classes\CLSID\{5D09DD40-CDC4-4C56-B615-0D1E3B357C2B}\InprocServer32 -> C:\Program Files (x86)\AliWangWang\9.12.03C\AliIMX_64.dll (Alibaba software (Shanghai) Corporation.)
ShellIconOverlayIdentifiers: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-04-09] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-04-09] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-04-09] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-04-09] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-04-09] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-04-09] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-04-09] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-04-09] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-04-09] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-04-09] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [  GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2017-11-10] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2017-11-10] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2017-11-10] (Google)
ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ShellIconOverlayIdentifiers: [DownloadIcon] -> {A8502600-B272-4F68-A67B-A0305D46D298} => C:\Program Files (x86)\QvodPlayer\QvodExtend\5.0.97.0\QvodExtend_x64.dll [2014-02-18] (Shenzhen QVOD Technology Co.,Ltd)
ShellIconOverlayIdentifiers-x32: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-04-09] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-04-09] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-04-09] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-04-09] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-04-09] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-04-09] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-04-09] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-04-09] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-04-09] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-04-09] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32-x32: [DownloadIcon] -> {A8502600-B272-4F68-A67B-A0305D46D297} => C:\Program Files (x86)\QvodPlayer\QvodExtend\5.0.97.0\QvodExtend.dll [2014-02-18] (Shenzhen QVOD Technology Co.,Ltd)
ShellIconOverlayIdentifiers-x32-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-04-09] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-04-09] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-04-09] (Dropbox, Inc.)
ContextMenuHandlers1: [AVG] -> {472083B1-C522-11CF-8763-00608CC02F24} => C:\Program Files (x86)\AVG\Antivirus\ashShA64.dll [2018-03-14] (AVG Technologies CZ, s.r.o.)
ContextMenuHandlers1: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-04-09] (Dropbox, Inc.)
ContextMenuHandlers1: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files (x86)\Google\Drive\contextmenu64.dll [2017-11-10] (Google)
ContextMenuHandlers1-x32: [OpenFolder] -> {0DE1378D-F811-40E6-B60A-1CC56F57D3E9} => C:\Program Files (x86)\AliWangWang\AliIMExt.dll [2012-08-30] (Alibaba software (Shanghai) Corporation.)
ContextMenuHandlers1-x32: [QvodMenu] -> {9F44453E-1E46-4D5C-B57C-112FF2EDAE82} => C:\Program Files (x86)\QvodPlayer\QvodBand_x64.dll [2014-05-19] (Shenzhen QVOD Technology Co.,Ltd)
ContextMenuHandlers1-x32: [SDECon32] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll -> No File
ContextMenuHandlers1-x32: [SDECon64] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll -> No File
ContextMenuHandlers1-x32: [{4C5A0DA6-C2DA-422D-89E1-457978AB87B5}] -> {4C5A0DA6-C2DA-422D-89E1-457978AB87B5} => C:\Windows\system32\kindling.dll [2013-02-22] ()
ContextMenuHandlers3: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ContextMenuHandlers3: [QQShellExt] -> {53D2405C-48AB-4C8A-8F59-CE0610F13BBC} => C:\Program Files (x86)\Tencent\QQ\ShellExt\QQShellExt64.dll [2015-08-16] (Tencent)
ContextMenuHandlers3: [{4A7C4306-57E0-4C0C-83A9-78C1528F618C}] -> {4A7C4306-57E0-4C0C-83A9-78C1528F618C} => c:\program files (x86)\real\realplayer\RPDS\Bin64\rpcloudview.dll [2014-12-07] (RealNetworks, Inc.)
ContextMenuHandlers4: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-04-09] (Dropbox, Inc.)
ContextMenuHandlers4: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files (x86)\Google\Drive\contextmenu64.dll [2017-11-10] (Google)
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\atiacm64.dll [2011-01-24] (Advanced Micro Devices, Inc.)
ContextMenuHandlers5: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-04-09] (Dropbox, Inc.)
ContextMenuHandlers6: [AVG] -> {472083B1-C522-11CF-8763-00608CC02F24} => C:\Program Files (x86)\AVG\Antivirus\ashShA64.dll [2018-03-14] (AVG Technologies CZ, s.r.o.)
ContextMenuHandlers6: [QQShellExt] -> {53D2405C-48AB-4C8A-8F59-CE0610F13BBC} => C:\Program Files (x86)\Tencent\QQ\ShellExt\QQShellExt64.dll [2015-08-16] (Tencent)
ContextMenuHandlers6: [SDECon32] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll -> No File
ContextMenuHandlers6: [SDECon64] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll -> No File

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0DB9AA91-7A9A-45CF-B013-C55B5E96D606} - System32\Tasks\{057D96D2-8168-4058-BDC9-4B962353B2B4} => C:\Windows\system32\pcalua.exe -a C:\Windows\system32\pcwrun.exe -c "C:\Program Files (x86)\Novasoft\vodplayer\VODPlayer.exe"
Task: {226F53A5-4780-46E5-A3F7-A6B927CC793B} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-02] (Google Inc.)
Task: {24F81D6F-C71F-43D4-8CC1-09F46B03D9BB} - System32\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-2261380125-1226403923-318164010-1000 => C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe [2014-10-26] (RealNetworks, Inc.)
Task: {2592E5CA-75C4-4907-A73E-3000DA78BEF6} - System32\Tasks\WSE_Astromenda => C:\Users\Account\AppData\Roaming\WSE_AS~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: {2ACFD265-38E7-4E24-B511-A57BCD4B69B1} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-02] (Google Inc.)
Task: {376F0E01-72DA-4823-9495-DFB27E386B89} - System32\Tasks\AliUpdater{05604BC3-3FE6-4893-92F9-6C5B1D7AEDC3} => C:\Program Files (x86)\AliWangWang\AliTask.exe [2018-04-07] (Alibaba software (Shanghai) Corporation.)
Task: {3CEF5C8C-28D2-4412-B168-44361E1F47D8} - System32\Tasks\AVG\Overseer => C:\Program Files\Common Files\AVG\Overseer\overseer.exe [2018-02-11] (AVG Technologies CZ, s.r.o.)
Task: {4B64FA0E-F10D-4722-8D85-B247CB41839A} - System32\Tasks\微软设备健康助手设备检查 => C:\Program Files (x86)\Microsoft Device Health\PluginManager\DhPluginMgrScheduler.exe [2015-01-30] (Microsoft Corporation)
Task: {4BFE5130-9082-4CBC-AC93-A7E33068BECA} - System32\Tasks\ROC_REG_JAN_DELETE => C:\ProgramData\AVG January 2013 Campaign\ROC.exe [2013-01-17] ()
Task: {5DADECEB-6443-46D1-9BC2-612F0D9402F6} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2018-02-09] (Adobe Systems Incorporated)
Task: {6551AC81-E981-4ECA-BCC1-925C98BB3177} - System32\Tasks\Boot Trigger ICBC Task => C:\Program Files\ICBCEbankTools\ICBCSetupIntegration\RunEBank.exe
Task: {678ADBBE-B43E-4CCE-BC68-ED54A2756E42} - System32\Tasks\AVG-SSU_0616tb => C:\ProgramData\Avg_Update_0616tb\AVG-Secure-Search-Update_0616tb.exe [2016-06-21] ()
Task: {6B181AB8-F540-4321-AB63-0892DC08BBB2} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe
Task: {73E3241E-737C-4B8B-817E-E8978D94BD3F} - System32\Tasks\微软设备健康助手开机检测 => C:\Program Files (x86)\Microsoft Device Health\DhUpdate.exe [2015-01-30] (Microsoft Corporation)
Task: {820E7862-A3C9-430D-AF32-67C99B3EC3AA} - System32\Tasks\{A7284660-08DD-4A91-B333-0E3DC75CFF22} => C:\Windows\system32\pcalua.exe -a "C:\Users\Account\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6HAGM96K\vodplayer.exe" -d C:\Users\Account\Desktop
Task: {8C75C3E7-CFAE-4F3E-A1CA-1AD955F6B0D8} - System32\Tasks\微软设备健康助手自动更新 => C:\Program Files (x86)\Microsoft Device Health\DhUpdate.exe [2015-01-30] (Microsoft Corporation)
Task: {8E5B50B7-CE08-4B6A-B967-6AF231E5562B} - System32\Tasks\{3CAE6C31-7C03-4741-9068-D308EB1C2BCD} => C:\Windows\system32\pcalua.exe -a D:\G470\Chipset-IN1CHP36WW5.exe -d D:\G470
Task: {92440F9F-17FA-47D3-B5A8-5D3B8C20F660} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-2261380125-1226403923-318164010-1000 => C:\Program Files (x86)\RealNetworks\RealDownloader\RealUpgrade.exe [2014-10-26] (RealNetworks, Inc.)
Task: {924AE952-0077-4D32-8774-E614493EF962} - System32\Tasks\AVG-SSU_0616tb_DELETE => C:\ProgramData\Avg_Update_0616tb\AVG-Secure-Search-Update_0616tb.exe [2016-06-21] ()
Task: {996BEB92-BE4C-440B-B334-E0D5A445F875} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2018-04-11] (Adobe Systems Incorporated)
Task: {A1105825-06CE-4196-B8F8-43C9C8B66F28} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-2261380125-1226403923-318164010-1000 => C:\Program Files (x86)\RealNetworks\RealDownloader\RealUpgrade.exe [2014-10-26] (RealNetworks, Inc.)
Task: {AC8222F7-E3C7-42C9-963B-4DA90A9A8200} - System32\Tasks\RealDownloader Update Check => C:\Program Files (x86)\RealNetworks\RealDownloader\downloader2.exe [2014-10-29] ()
Task: {B470399E-6998-4069-B160-BAA03421AC68} - System32\Tasks\{D04A93A9-EE8B-4D28-924E-C77022B119A8} => C:\Windows\system32\pcalua.exe -a D:\G470\VideoIN2VDO68WW6.exe -d D:\G470
Task: {B723E6F6-72DF-42F6-8FD3-8BDF59D8CB3F} - System32\Tasks\MirageAgent => C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe [2010-12-05] (CyberLink)
Task: {BEDBA3FA-9198-4E28-A27B-38A42256256C} - System32\Tasks\{8E5AB7CD-5264-4414-A23A-7A5094AEA9C3} => C:\Windows\system32\pcalua.exe -a "C:\Users\Account\Downloads\winxp q323172.exe" -d C:\Users\Account\Downloads
Task: {C74B4655-E010-479F-8D09-30833481CF23} - System32\Tasks\0116tbUpdateInfo => C:\ProgramData\Avg_Update_0116tb\0116tb_{ABFCC42C-FA80-4897-B891-15A58964CA32}.exe [2016-02-04] ()
Task: {CB763F1A-E1CD-47FC-AC9F-16EA5CBE8E4F} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-06-05] (Dropbox, Inc.)
Task: {CFCB9DBC-E716-424D-977A-ECAA4DB82E90} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-06-05] (Dropbox, Inc.)
Task: {DFBF8D04-6A45-4A9D-8127-088D9D15A349} - System32\Tasks\Antivirus Emergency Update => C:\Program Files (x86)\AVG\Antivirus\AvEmUpdate.exe [2018-03-14] (AVG Technologies CZ, s.r.o.)
Task: {E246E8CB-8371-4356-9A07-AC0DB7FCE2D4} - \Safer-Networking\Spybot - Search and Destroy\Check for updates -> No File <==== ATTENTION
Task: {EC6667BC-BC29-41C0-80D3-4037ACEE262F} - System32\Tasks\AVG EUpdate Task => avgsetupx.exe
Task: {EE32CE7E-CC53-41D3-962D-1970E8B43D68} - \Safer-Networking\Spybot - Search and Destroy\Scan the system -> No File <==== ATTENTION
Task: {F05D1D42-D608-4D91-8E21-20C1909F5EFF} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2018-01-08] (Apple Inc.)
Task: {F89C1FB9-0F65-4900-A0AC-5E557320E354} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_29_0_0_140_Plugin.exe [2018-04-11] (Adobe Systems Incorporated)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\0116tbUpdateInfo.job => C:\ProgramData\Avg_Update_0116tb\0116tb_{ABFCC42C-FA80-4897-B891-15A58964CA32}.exe
Task: C:\Windows\Tasks\AliUpdater{05604BC3-3FE6-4893-92F9-6C5B1D7AEDC3}.job => C:\Program Files (x86)\AliWangWang\AliTask.exe
Task: C:\Windows\Tasks\AVG-SSU_0616tb.job => C:\ProgramData\Avg_Update_0616tb\AVG-Secure-Search-Update_0616tb.exe
Task: C:\Windows\Tasks\AVG-SSU_0616tb_DELETE.job => C:\ProgramData\Avg_Update_0616tb\AVG-Secure-Search-Update_0616tb.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\ROC_REG_JAN_DELETE.job => C:\ProgramData\AVG January 2013 Campaign\ROC.exe
Task: C:\Windows\Tasks\WSE_Astromenda.job => C:\Users\Account\AppData\Roaming\WSE_AS~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: C:\Windows\Tasks\微软设备健康助手开机检测.job => C:\Program Files (x86)\Microsoft Device Health\DhUpdate.exe/EnableDHSYSTEMH此任务用于微软设备健康助手的状态检测和自我修复。了解更多请查阅hxxp:/support.microsoft.com
Task: C:\Windows\Tasks\微软设备健康助手自动更新.job => C:\Program Files (x86)\Microsoft Device Health\DhUpdate.exeSYSTEMZ此服务属于微软设备健康助手用于获取最新的版本有助于提高设备健康度及保障支付安全。了解更多请查阅hxxp:/support.microsoft.com
Task: C:\Windows\Tasks\微软设备健康助手设备检查.job => C:\Program Files (x86)\Microsoft Device Health\PluginManager\DhPluginMgrScheduler.exeSYSTEMC此任务用于微软设备健康助手的设备检查。了解更多请查阅hxxp:/support.microsoft.com

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


==================== Loaded Modules (Whitelisted) ==============


==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Users\Account\Downloads\2014噶舉祈願法會 點燈祈願文 17世大寶法王 王菲獻唱 HQ版.mp4:com.dropbox.attributes [168]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Option => "OptionValue"="2"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\.DEFAULT\...\alipay.com -> hxxps://alipay.com
IE trusted site: HKU\.DEFAULT\...\alipay.com -> hxxp://alipay.com
IE trusted site: HKU\.DEFAULT\...\alisoft.com -> hxxps://alisoft.com
IE trusted site: HKU\.DEFAULT\...\alisoft.com -> hxxp://alisoft.com
IE trusted site: HKU\.DEFAULT\...\taobao.com -> hxxps://taobao.com
IE trusted site: HKU\.DEFAULT\...\taobao.com -> hxxp://taobao.com
IE trusted site: HKU\S-1-5-21-2261380125-1226403923-318164010-1000\...\bankofchina.com -> hxxp://www.bankofchina.com
IE trusted site: HKU\S-1-5-21-2261380125-1226403923-318164010-1000\...\boc.cn -> hxxps://ebs.boc.cn
IE trusted site: HKU\S-1-5-21-2261380125-1226403923-318164010-1000\...\icbc.com.cn -> hxxps://icbc.com.cn

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 10:34 - 2018-04-06 11:45 - 000000901 _____ C:\Windows\system32\Drivers\etc\hosts

0.0.0.1    mssplus.mcafee.com

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2261380125-1226403923-318164010-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Account\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is disabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

MSCONFIG\Services: RealNetworks Downloader Resolver Service => 2
MSCONFIG\Services: RealPlayer Cloud Service => 2
MSCONFIG\Services: RealPlayerUpdateSvc => 2
MSCONFIG\Services: TeamViewer8 => 2
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^RealPlayer Cloud Service UI.lnk => C:\Windows\pss\RealPlayer Cloud Service UI.lnk.CommonStartup
MSCONFIG\startupreg: CBoxService => C:\Program Files (x86)\CNTV\CBox\CBoxService.exe
MSCONFIG\startupreg: CitrixReceiver => "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Citrix\Receiver Updater.lnk"
MSCONFIG\startupreg: ConnectionCenter => "C:\Program Files (x86)\Citrix\ICA Client\concentr.exe" /startup
MSCONFIG\startupreg: PPS Accelerator => D:\PPS.tv\PPStream\PPSKernel.exe
MSCONFIG\startupreg: QvodTerminal => "C:\Program Files (x86)\QvodPlayer\QvodTerminal.exe" -autorun
MSCONFIG\startupreg: RealDownloader => C:\Program Files (x86)\RealNetworks\RealDownloader\downloader2.exe
MSCONFIG\startupreg: Redirector => "C:\Program Files (x86)\Citrix\ICA Client\redirector.exe" /startup
MSCONFIG\startupreg: TkBellExe => "c:\program files (x86)\real\realplayer\Update\realsched.exe" -osboot
MSCONFIG\startupreg: YouCam Tray => "C:\Program Files (x86)\Lenovo\YouCam\YouCam.exe" /s

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{AB6E3A10-7202-45FF-A47B-6B3B91EDC110}] => (Allow) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer.exe
FirewallRules: [{02DBF7AE-E4DE-4367-9B37-A89799096526}] => (Allow) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer.exe
FirewallRules: [{8EF9088C-4889-4619-8B6E-6202BC11242D}] => (Allow) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
FirewallRules: [{C4E04991-D621-4173-846B-82EEC926033A}] => (Allow) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
FirewallRules: [{1673A0F9-EC7A-4622-B15F-9B38C7F241D9}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{256E018E-CCE1-460F-A882-DF1595A26014}] => (Allow) C:\Windows\twain_32\Xerox\WC3210\Sscan2io.exe
FirewallRules: [{19FA3DAD-BD9C-4CF8-AA92-FE74F166E8AC}] => (Allow) C:\Windows\twain_32\Xerox\WC3210\Sscan2io.exe
FirewallRules: [TCP Query User{E39E24EF-9C62-44D5-A8DC-4E072D9380D7}C:\program files (x86)\xerox\networkscan\nscsysui_xerox.exe] => (Allow) C:\program files (x86)\xerox\networkscan\nscsysui_xerox.exe
FirewallRules: [UDP Query User{9DAA3940-1894-4C0D-B0E0-6E738F47C3AF}C:\program files (x86)\xerox\networkscan\nscsysui_xerox.exe] => (Allow) C:\program files (x86)\xerox\networkscan\nscsysui_xerox.exe
FirewallRules: [{A73CFFFE-AE44-4E42-86C0-3958D117AEAA}] => (Allow) C:\Users\Account\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RH0Q6J4G\QvodSetup5.exe
FirewallRules: [{DA3ABF99-5921-4E3E-A843-CB7CA8341CBA}] => (Allow) C:\Users\Account\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RH0Q6J4G\QvodSetup5.exe
FirewallRules: [TCP Query User{7ABBE3B6-B309-4BCC-AA6A-14BC9DD45DCE}C:\program files (x86)\kuaiwan\kuaiwan.exe] => (Block) C:\program files (x86)\kuaiwan\kuaiwan.exe
FirewallRules: [UDP Query User{AB10C093-6DCF-4665-BD0E-127E47880DAD}C:\program files (x86)\kuaiwan\kuaiwan.exe] => (Block) C:\program files (x86)\kuaiwan\kuaiwan.exe
FirewallRules: [TCP Query User{5B4BAA0D-BC3D-4C94-8358-57E8669C1C06}C:\program files (x86)\qvodplayer\qvodplayer.exe] => (Block) C:\program files (x86)\qvodplayer\qvodplayer.exe
FirewallRules: [UDP Query User{1020185B-21C1-4A96-B360-1C0EDE11D9E7}C:\program files (x86)\qvodplayer\qvodplayer.exe] => (Block) C:\program files (x86)\qvodplayer\qvodplayer.exe
FirewallRules: [TCP Query User{5BB23285-DFDB-4DB5-A76E-625038226E21}C:\program files (x86)\qvodplayer\qvodterminal.exe] => (Block) C:\program files (x86)\qvodplayer\qvodterminal.exe
FirewallRules: [UDP Query User{02FC0129-27F9-49EC-A3B6-B53EDB48F5BA}C:\program files (x86)\qvodplayer\qvodterminal.exe] => (Block) C:\program files (x86)\qvodplayer\qvodterminal.exe
FirewallRules: [TCP Query User{4FB09545-BBC2-4D65-86AD-8E7C0C63DDD1}C:\program files (x86)\kuaiwan\kuaiwan.exe] => (Block) C:\program files (x86)\kuaiwan\kuaiwan.exe
FirewallRules: [UDP Query User{5DE233A4-B721-48A3-8B6C-FC19F0221BB9}C:\program files (x86)\kuaiwan\kuaiwan.exe] => (Block) C:\program files (x86)\kuaiwan\kuaiwan.exe
FirewallRules: [TCP Query User{8AE05611-33E4-4CF4-83FA-9F0AEF7A4397}C:\program files (x86)\qvodplayer\qvodterminal.exe] => (Allow) C:\program files (x86)\qvodplayer\qvodterminal.exe
FirewallRules: [UDP Query User{5BFCB62B-181B-47E9-BFBA-D4943F409FC0}C:\program files (x86)\qvodplayer\qvodterminal.exe] => (Allow) C:\program files (x86)\qvodplayer\qvodterminal.exe
FirewallRules: [TCP Query User{A348EF1B-6BBB-4142-A94D-9471C5F98242}C:\program files (x86)\aliwangwang\aliim.exe] => (Allow) C:\program files (x86)\aliwangwang\aliim.exe
FirewallRules: [UDP Query User{D05EF55D-2FC4-43AB-9637-6AF8E7975976}C:\program files (x86)\aliwangwang\aliim.exe] => (Allow) C:\program files (x86)\aliwangwang\aliim.exe
FirewallRules: [TCP Query User{85D627C4-EC67-48FC-B655-0C161DAD9895}C:\program files (x86)\xerox\networkscan\nscsysui_xerox.exe] => (Allow) C:\program files (x86)\xerox\networkscan\nscsysui_xerox.exe
FirewallRules: [UDP Query User{DEC26553-8B98-4964-8369-37ACCDC3C1A8}C:\program files (x86)\xerox\networkscan\nscsysui_xerox.exe] => (Allow) C:\program files (x86)\xerox\networkscan\nscsysui_xerox.exe
FirewallRules: [{9F25270E-F31D-4792-B213-834232BBFE7E}] => (Allow) C:\Program Files (x86)\AVG\AVG2013\avgmfapx.exe
FirewallRules: [{9B516A25-8370-41E9-AAE6-1C743C5093F1}] => (Allow) C:\Program Files (x86)\AVG\AVG2013\avgmfapx.exe
FirewallRules: [TCP Query User{EB027DDF-C7B0-415A-BCAB-425C0F92BD8E}C:\program files (x86)\internet explorer\iexplore.exe] => (Allow) C:\program files (x86)\internet explorer\iexplore.exe
FirewallRules: [UDP Query User{0FF1C045-81B9-46DB-83BF-FBBBE4828A16}C:\program files (x86)\internet explorer\iexplore.exe] => (Allow) C:\program files (x86)\internet explorer\iexplore.exe
FirewallRules: [{E4F9FEA7-74F8-4239-99BF-16741B1C9821}] => (Allow) C:\Users\Account\AppData\Roaming\PPStream\ppsupdate.exe
FirewallRules: [{72E55604-6886-46C4-8A2D-185326FA81D7}] => (Allow) C:\Users\Account\AppData\Roaming\PPStream\ppsupdate.exe
FirewallRules: [{20723F6D-E420-4DBE-882A-598B8DE4EF2F}] => (Allow) D:\PPS.tv\PPStream\PPStream.exe
FirewallRules: [{F026F987-0D33-41D5-A36B-E867333FB60C}] => (Allow) D:\PPS.tv\PPStream\PPStream.exe
FirewallRules: [{857291D8-E34E-4420-ABC1-4FE7B91ED828}] => (Allow) D:\PPS.tv\PPStream\PPSKernel.exe
FirewallRules: [{68BA5341-D9C0-4532-AE58-A59F90D56F15}] => (Allow) D:\PPS.tv\PPStream\PPSKernel.exe
FirewallRules: [{D503E695-A9A2-4A79-95F0-F9D6F02C7D73}] => (Allow) D:\PPS.tv\PPSGame\PPSGame.exe
FirewallRules: [{534E7A97-505E-46CA-AB7C-F2121E09EA65}] => (Allow) D:\PPS.tv\PPSGame\PPSGame.exe
FirewallRules: [{59BC75B9-52C2-4EE6-BA00-7A5908787552}] => (Allow) D:\PPS.tv\PPSGame\updater.exe
FirewallRules: [{02E70945-2994-4F11-97E3-22F07AF2F1DD}] => (Allow) D:\PPS.tv\PPSGame\updater.exe
FirewallRules: [TCP Query User{78B9BFCC-36AA-498D-94BB-3518D8F595EA}D:\pps.tv\ppstream\ppskernel.exe] => (Block) D:\pps.tv\ppstream\ppskernel.exe
FirewallRules: [TCP Query User{339CE309-D0F3-48F4-B446-494D58F4270D}C:\program files (x86)\qvodplayer\qvodplayer.exe] => (Block) C:\program files (x86)\qvodplayer\qvodplayer.exe
FirewallRules: [UDP Query User{2F743225-0E89-4831-93F4-66BD71DDBD90}C:\program files (x86)\qvodplayer\qvodplayer.exe] => (Block) C:\program files (x86)\qvodplayer\qvodplayer.exe
FirewallRules: [{E2D9AFCE-9DB9-4517-AF7E-A46170385632}] => (Allow) C:\Users\Account\AppData\Roaming\PPStream\ppsupdate.exe
FirewallRules: [{78BDA1D4-407D-40E0-872E-FF5D7461F5D0}] => (Allow) D:\PPS.tv\PPStream\PPStream.exe
FirewallRules: [{9AEE5A45-CC0F-4339-ACCC-67BC4DE8F94B}] => (Allow) D:\PPS.tv\PPStream\PPSKernel.exe
FirewallRules: [{E57BC01E-3CDE-4C56-8376-998EFA4B4525}] => (Allow) C:\Program Files (x86)\PPLive\PPTV\PPLive.exe
FirewallRules: [{5A157E3A-8F86-4A92-9605-033E254CBA18}] => (Allow) C:\Program Files (x86)\PPLive\PPTV\PPLive.exe
FirewallRules: [{E6F54B57-8C55-445C-A927-C0FA83341525}] => (Allow) C:\Program Files (x86)\PPLive\PPTV\3.3.2.0077\PPLiveU.exe
FirewallRules: [{4F97B66C-244E-486C-AB74-D8FDDA57440C}] => (Allow) C:\Program Files (x86)\PPLive\PPTV\3.3.2.0077\PPLiveU.exe
FirewallRules: [{E8A66B64-65DF-4D9B-A8DC-C0910E246A38}] => (Allow) C:\Program Files (x86)\PPLive\PPTV\3.3.2.0077\RepairSetup.exe
FirewallRules: [{30ADD2BF-73AD-47F7-ACD3-66C771BE0BE6}] => (Allow) C:\Program Files (x86)\PPLive\PPTV\3.3.2.0077\RepairSetup.exe
FirewallRules: [{72B489D0-9CC9-4FF3-B1B9-7B3B1939FA32}] => (Allow) C:\Program Files (x86)\PPLive\PPTV\3.3.2.0077\crashreporter.exe
FirewallRules: [{D7757E44-5289-4337-883E-B85A69C738CF}] => (Allow) C:\Program Files (x86)\PPLive\PPTV\3.3.2.0077\crashreporter.exe
FirewallRules: [{1A0A6505-3686-484C-B420-A811901DBA6F}] => (Allow) C:\Windows\System32\PPTVLauncher.exe
FirewallRules: [{F13A1D57-57C9-4B81-9A0B-7177770E0C2F}] => (Allow) C:\Windows\System32\PPTVLauncher.exe
FirewallRules: [{07E79EFD-152C-4FE3-8FA1-B6F3741080B0}] => (Allow) C:\Program Files (x86)\Common Files\PPLiveNetwork\PPAP.exe
FirewallRules: [{8BF59435-BDD4-459C-A447-E5514EF208C2}] => (Allow) C:\Program Files (x86)\Common Files\PPLiveNetwork\PPAP.exe
FirewallRules: [{24A10776-01B7-421A-AF2C-89F6FE3BEBC0}] => (Allow) C:\Program Files (x86)\Internet Explorer\PPLite\plugin\1.0.1.3471\PluginInstaller.exe
FirewallRules: [{E68DAB9C-82CA-4E66-A22C-6F5AF8839660}] => (Allow) C:\Program Files (x86)\Internet Explorer\PPLite\plugin\1.0.1.3471\PluginInstaller.exe
FirewallRules: [TCP Query User{D5F4655E-4506-4FE4-8A59-75FCC14F63B2}C:\program files (x86)\common files\pplivenetwork\ppap.exe] => (Block) C:\program files (x86)\common files\pplivenetwork\ppap.exe
FirewallRules: [UDP Query User{0C274FA0-08AB-4879-B225-BB358B0801CB}C:\program files (x86)\common files\pplivenetwork\ppap.exe] => (Block) C:\program files (x86)\common files\pplivenetwork\ppap.exe
FirewallRules: [{1D85F381-2823-46AE-AA55-B8BE7086C738}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{3B82B452-934B-46A8-B8E7-F8C1B208EC52}] => (Allow) LPort=2869
FirewallRules: [{AEB30D98-F0CE-4BED-BE02-7AF3D68C2326}] => (Allow) LPort=1900
FirewallRules: [{2918298C-F99D-46DD-95F8-3D8AC2C4BAC1}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [TCP Query User{54C70AF5-647A-4579-88BA-305271024B1B}C:\users\account\appdata\roaming\dropbox\bin\dropbox.exe] => (Allow) C:\users\account\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [UDP Query User{512F2DFB-5509-47EB-B574-A908F2C0D36B}C:\users\account\appdata\roaming\dropbox\bin\dropbox.exe] => (Allow) C:\users\account\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [{E84B73AB-C6B3-46AC-90AA-98321ADE3449}] => (Allow) C:\Users\Account\AppData\Roaming\Tencent\QQ\STemp\SetupEx0\QQSetupEx.exe
FirewallRules: [{EABB19E3-C258-4571-9423-9C630DE1C683}] => (Allow) C:\Program Files (x86)\Tencent\QQ\QQProtect\Bin\QQProtect.exe
FirewallRules: [{7880AA0B-1A88-456D-BEA5-D6C24040CD8A}] => (Allow) C:\Program Files (x86)\Tencent\QQ\Bin\QQ.exe
FirewallRules: [{13E7E3EA-BDE2-4D80-885B-B5C52EEC0DDF}] => (Allow) C:\Program Files (x86)\Tencent\QQ\Bin\auclt.exe
FirewallRules: [{0AA683F5-BD02-4005-BCE4-1AFD8593696E}] => (Allow) C:\Program Files (x86)\Tencent\QQ\Bin\txupd.exe
FirewallRules: [{CE6734CA-8E84-4505-8CC4-56A939E36A46}] => (Allow) C:\Program Files (x86)\Tencent\QQ\Bin\SetupEx\SetupEx.exe
FirewallRules: [{F992A82F-4045-476B-B207-9D2526C4E0A1}] => (Allow) C:\Program Files (x86)\Tencent\QQ\Bin\maLauncher.exe
FirewallRules: [{AB8655C0-2AB4-4E72-A38F-0D83DE8BF200}] => (Allow) C:\Program Files (x86)\Tencent\QQ\Bin\maUpdat.exe
FirewallRules: [{D8F39B18-F2FC-4B69-9548-7886AFDE28D6}] => (Allow) C:\program files (x86)\common files\tencent\qqdownload\128\tencentdl.exe
FirewallRules: [{F0969E49-CA70-428F-9C68-E0F5E2990F5E}] => (Allow) C:\program files (x86)\common files\tencent\qqdownload\128\bugreport_xf.exe
FirewallRules: [{3421567B-1FC4-4DCD-9DD8-3D521323B324}] => (Allow) C:\Program Files (x86)\Tencent\QQMusic\QzoneMusic\QzoneMusic.exe
FirewallRules: [{A209754B-0E0E-45E3-A824-F10F2B87A17A}] => (Allow) C:\Program Files (x86)\Tencent\QQMusic\QzoneMusic\QzoneMusic.exe
FirewallRules: [{EDECEB2A-F2DF-49AB-B131-B8148489AA40}] => (Allow) C:\Users\Account\AppData\Roaming\Tencent\QQ\STemp\BackupDLTmp\Download\MiniQTUpdate.exe
FirewallRules: [{B5AC7912-820B-4487-921D-FF48363BD8F8}] => (Allow) C:\Users\Account\AppData\Roaming\Tencent\QQ\STemp\BackupDLTmp\Download\MiniQTUpdate.exe
FirewallRules: [{807C1A11-E619-4B44-ADD5-F5EDF92E2D81}] => (Allow) C:\program files (x86)\common files\tencent\qqminidl\56\qqminidl.exe
FirewallRules: [{F2B4163B-4EA0-479C-ADAA-B09202C4EBCE}] => (Allow) C:\program files (x86)\common files\tencent\qqminidl\56\QQGameUpUI.exe
FirewallRules: [{7C42BF0C-9C89-4CA3-B544-267B3AD5FE01}] => (Allow) C:\program files (x86)\common files\tencent\qqminidl\56\QQMiniDLUI.exe
FirewallRules: [{181840C9-AE07-4B62-9A17-18A28C15A19A}] => (Allow) C:\Users\Public\Documents\Tencent\QQGameMicro\IEProc.exe
FirewallRules: [{82C1697C-FBBA-49D5-8F85-032466CB69CF}] => (Allow) C:\Users\Public\Documents\Tencent\QQGameMicro\QQGameMicro.exe
FirewallRules: [TCP Query User{7936F343-AB96-422F-B67B-3425C03DBA44}C:\program files (x86)\aliwangwang\aliim.exe] => (Allow) C:\program files (x86)\aliwangwang\aliim.exe
FirewallRules: [UDP Query User{C0A432B8-DE9D-4955-9B2B-F1C34F351CE2}C:\program files (x86)\aliwangwang\aliim.exe] => (Allow) C:\program files (x86)\aliwangwang\aliim.exe
FirewallRules: [TCP Query User{8C33C280-9D7E-4FB2-807E-E64EFAC40170}C:\program files (x86)\internet explorer\iexplore.exe] => (Block) C:\program files (x86)\internet explorer\iexplore.exe
FirewallRules: [UDP Query User{3291ABFC-FE01-4DB4-8CCB-EE7D9631C0A5}C:\program files (x86)\internet explorer\iexplore.exe] => (Block) C:\program files (x86)\internet explorer\iexplore.exe
FirewallRules: [TCP Query User{DAF318C2-9C51-45BD-AE85-999615EE74C8}C:\program files (x86)\qvodplayer\qvodiosdown.exe] => (Block) C:\program files (x86)\qvodplayer\qvodiosdown.exe
FirewallRules: [UDP Query User{855372C2-22F3-4459-BBDE-904A91A2A28E}C:\program files (x86)\qvodplayer\qvodiosdown.exe] => (Block) C:\program files (x86)\qvodplayer\qvodiosdown.exe
FirewallRules: [{19B7AF09-315C-4853-9DB4-98F50E6CDB4B}] => (Allow) c:\program files (x86)\real\realplayer\RPDS\Bin\rpdsvc.exe
FirewallRules: [{8E3EE6B9-9E56-4A6F-B952-D3676A204E2B}] => (Allow) C:\program files (x86)\common files\tencent\qqdownload\128\bugreport_xf.exe
FirewallRules: [{709D5AB2-1AB2-411F-B032-318FDC793771}] => (Allow) C:\program files (x86)\common files\tencent\qqdownload\128\tencentdl.exe
FirewallRules: [{28826F20-86CD-4323-9C37-8CAE936F9795}] => (Allow) C:\Program Files (x86)\Tencent\QQ\Bin\maLauncher.exe
FirewallRules: [{BF80D785-411E-49B6-9B6F-1D1A41CC744F}] => (Allow) C:\Program Files (x86)\Tencent\QQ\Bin\maLauncher.exe
FirewallRules: [{4BE6E1F7-FDB5-46C1-868B-7A548D460326}] => (Allow) C:\Program Files (x86)\Tencent\QQ\Bin\maUpdat.exe
FirewallRules: [{6161DC5E-73EF-49F6-B10A-69597F46E38F}] => (Allow) C:\Program Files (x86)\Tencent\QQ\Bin\maUpdat.exe
FirewallRules: [TCP Query User{F1C36FBF-7B23-4122-8EC1-D9A600AAABFB}C:\program files (x86)\tencent\qq\bin\setupex\qqsetupex.exe] => (Allow) C:\program files (x86)\tencent\qq\bin\setupex\qqsetupex.exe
FirewallRules: [UDP Query User{4D2031E5-31FA-41AE-A785-FAAACA36CBF0}C:\program files (x86)\tencent\qq\bin\setupex\qqsetupex.exe] => (Allow) C:\program files (x86)\tencent\qq\bin\setupex\qqsetupex.exe
FirewallRules: [{20A7525F-EE99-47E0-9673-1D0C892455AD}] => (Allow) C:\program files (x86)\common files\tencent\qqminidl\60\QQGameUpUI.exe
FirewallRules: [{764E3BFA-51BF-411B-98EE-5BF32DA6A424}] => (Allow) C:\program files (x86)\common files\tencent\qqminidl\60\QQMiniDLUI.exe
FirewallRules: [{2D321C92-D967-47DD-AB72-28BE7C51FD15}] => (Allow) C:\program files (x86)\common files\tencent\qqminidl\60\qqminidl.exe
FirewallRules: [{D8BC3395-C5BA-4637-849A-5C356C9CAB6C}] => (Allow) C:\Program Files (x86)\Tencent\QZoneMusic\2015.1.1.22.25.38\QzoneMusic.exe
FirewallRules: [{E08ABBC8-56D8-41EB-94C2-F0E743471D77}] => (Allow) C:\Users\Account\AppData\Local\Temp\QQPCDetector.exe
FirewallRules: [{EA1E68E7-54A6-4BBF-BBBE-954CC26CA8DE}] => (Allow) C:\Users\Account\AppData\Local\Temp\QQPCDetector.exe
FirewallRules: [{4E755B44-8E4A-4F47-87D4-12D938134F5B}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{B787DE67-E76D-48E6-BB71-36E425D8BB19}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{A9DF4525-1759-4470-B0D4-8686F9F5DD10}] => (Allow) C:\program files (x86)\common files\tencent\qqdownload\128\tencentdl.exe
FirewallRules: [{F61BD619-A963-4BD9-8A86-A217F7E3E5AB}] => (Allow) C:\program files (x86)\common files\tencent\qqdownload\128\bugreport_xf.exe
FirewallRules: [{CFFFBDB8-0C21-424C-845E-1D6974A073C2}] => (Allow) C:\program files (x86)\common files\tencent\qqdownload\128\tencentdl.exe
FirewallRules: [{AC8138EC-EEB4-4D97-8900-00D4EE89D7E4}] => (Allow) C:\program files (x86)\common files\tencent\qqdownload\128\bugreport_xf.exe
FirewallRules: [{97762779-3517-47BA-B17E-AD8B05B57948}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgmfapx.exe
FirewallRules: [{27617491-9BB3-47E1-B5A7-2F0D7965F4C8}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgmfapx.exe
FirewallRules: [{9F96B958-DD45-464E-804B-CEF442647B14}] => (Allow) C:\program files (x86)\common files\tencent\qqdownload\128\bugreport_xf.exe
FirewallRules: [{06B29392-8623-469C-8B61-52063A12C29F}] => (Allow) C:\program files (x86)\common files\tencent\qqdownload\128\tencentdl.exe
FirewallRules: [TCP Query User{AA37BE4E-8D07-459B-9E09-FB14A95E11B6}C:\program files (x86)\qvodplayer\qvoddaily.exe] => (Block) C:\program files (x86)\qvodplayer\qvoddaily.exe
FirewallRules: [UDP Query User{31AA30EC-F222-44A2-8E59-DFDE9749CFAA}C:\program files (x86)\qvodplayer\qvoddaily.exe] => (Block) C:\program files (x86)\qvodplayer\qvoddaily.exe
FirewallRules: [TCP Query User{C74432BC-FC51-4B81-AECC-D22A1782E381}C:\program files (x86)\jjplayer\hdacc.exe] => (Allow) C:\program files (x86)\jjplayer\hdacc.exe
FirewallRules: [UDP Query User{D7F72B01-8D4D-40F0-B564-506A118DAAA0}C:\program files (x86)\jjplayer\hdacc.exe] => (Allow) C:\program files (x86)\jjplayer\hdacc.exe
FirewallRules: [TCP Query User{17AC32C1-78E8-4AFB-8C17-E55943ABCD12}C:\program files (x86)\jjplayer\hdacc.exe] => (Block) C:\program files (x86)\jjplayer\hdacc.exe
FirewallRules: [UDP Query User{F20DFE15-2942-4B50-947B-1655A2B4ABE0}C:\program files (x86)\jjplayer\hdacc.exe] => (Block) C:\program files (x86)\jjplayer\hdacc.exe
FirewallRules: [{16F5FA7B-A650-4198-89DF-6A352C5BA86A}] => (Allow) C:\Program Files (x86)\AVG\Av\avgmfapx.exe
FirewallRules: [{9FA357BA-4CC1-42CC-BE41-023F6F1DC994}] => (Allow) C:\Program Files (x86)\AVG\Av\avgmfapx.exe
FirewallRules: [{08C38114-C80B-4830-8E92-FB7333BFCAB1}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{0B0A9341-29B3-418C-A2CE-E3AB996B3ECE}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{ECB5F7B8-670D-4BCE-89AF-B53B0859AA3C}C:\windows\syswow64\rundll32.exe] => (Block) C:\windows\syswow64\rundll32.exe
FirewallRules: [UDP Query User{C653EDD3-5C93-4D8A-8B8F-C1F050395F55}C:\windows\syswow64\rundll32.exe] => (Block) C:\windows\syswow64\rundll32.exe
FirewallRules: [TCP Query User{CEC3BFCD-16DA-47EF-97CC-543CFC4AB4F5}C:\program files (x86)\cntv\cbox\cbox.exe] => (Allow) C:\program files (x86)\cntv\cbox\cbox.exe
FirewallRules: [UDP Query User{37EAF803-1713-4C4E-A9EE-41C2EC41E2EE}C:\program files (x86)\cntv\cbox\cbox.exe] => (Allow) C:\program files (x86)\cntv\cbox\cbox.exe
FirewallRules: [{B7242E5E-E7B8-4774-8744-CFA7CA779A16}] => (Allow) C:\Windows\system32\config\systemprofile\AppData\Roaming\WIN10CHECK0512.EXE
FirewallRules: [{9087B2C8-2B8D-4164-9B9B-6F27E76F8C7E}] => (Allow) C:\Program Files (x86)\AVG\Av\avgnsa.exe
FirewallRules: [{C7002AE2-29EF-4372-BEDC-0D489FD83ED0}] => (Allow) C:\Program Files (x86)\AVG\Av\avgnsa.exe
FirewallRules: [{EC6D8938-3FB6-4012-A270-1F5D171B35AF}] => (Allow) C:\Program Files (x86)\AVG\Av\avgemca.exe
FirewallRules: [{D8711FE8-E235-4E14-B9DD-38A7F0954903}] => (Allow) C:\Program Files (x86)\AVG\Av\avgemca.exe
FirewallRules: [{A27683A1-DE18-43B2-8ACF-0AD924C2029F}] => (Allow) %ProgramFiles% (x86)\Citrix\Receiver\Receiver.exe
FirewallRules: [{C14A2510-C4B3-4953-B745-3550B76EFC84}] => (Allow) %ProgramFiles% (x86)\Citrix\Receiver\Receiver.exe
FirewallRules: [{6AACCE55-7B86-4956-B98A-247494371031}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
FirewallRules: [{76D43705-4DA6-419A-B3AD-8DE3D239322D}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{048F71A6-6FD3-401C-A07F-54D00B9E6745}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{EDC39C0A-8C8F-4BF1-B86A-357FD13D8145}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{9D359353-69F3-4142-9668-86AE220655D9}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{8AADFF0F-BD65-42F4-9A12-47468B40F0E8}] => (Allow) C:\Program Files (x86)\AlibabaProtect\1.0.11.753\AlibabaProtect.exe
FirewallRules: [{7E2458F8-F05B-4DF5-80F5-EA147C8F61CD}] => (Allow) C:\Program Files (x86)\AlibabaProtect\1.0.11.753\AlibabaProtect.exe
FirewallRules: [{C82D1E57-0286-4243-B9E4-249885B000BB}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
FirewallRules: [{620D8955-C551-4E5E-A6DD-4A29FDDC5A7F}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{614C158B-C045-4486-85BE-D9D3F922D25C}] => (Allow) C:\Program Files\iTunes\iTunes.exe
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service

==================== Restore Points =========================

12-04-2018 10:05:03 Windows Update
07-05-2018 19:30:42 Scheduled Checkpoint

==================== Faulty Device Manager Devices =============

Name: Security Processor Loader Driver
Description: Security Processor Loader Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: spldr
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: Redmi
Description: Redmi
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: avgRvrt
Description: avgRvrt
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: avgRvrt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: avgVmm
Description: avgVmm
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: avgVmm
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: Broadcom Bluetooth 2.1 USB
Description: Broadcom Bluetooth 2.1 USB
Class Guid: {e0cbf06c-cd8b-4647-bb8a-263b43f0f974}
Manufacturer: Broadcom
Service: BTHUSB
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Atheros AR8152/8158 PCI-E Fast Ethernet Controller (NDIS 6.20)
Description: Atheros AR8152/8158 PCI-E Fast Ethernet Controller (NDIS 6.20)
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Atheros
Service: L1C
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver


==================== Event log errors: =========================

Application errors:
==================
Error: (06/21/2018 11:11:52 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Explorer.EXE, version: 6.1.7601.23537, time stamp: 0x57c44efe
Faulting module name: msi.dll, version: 5.0.7601.24052, time stamp: 0x5a74ab67
Exception code: 0xc0000005
Fault offset: 0x00000000001c2c56
Faulting process id: 0x588
Faulting application start time: 0x01d4090d399f5bbf
Faulting application path: C:\Windows\Explorer.EXE
Faulting module path: C:\Windows\system32\msi.dll
Report Id: d7866793-7500-11e8-b716-f67f8a99e16b

Error: (06/21/2018 11:10:23 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (06/20/2018 04:04:12 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (05/08/2018 07:42:22 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (05/08/2018 07:42:14 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 75835658

Error: (05/08/2018 07:42:14 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 75835658

Error: (05/08/2018 07:42:14 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (05/08/2018 07:42:05 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 4446


System errors:
=============
Error: (06/21/2018 11:14:48 AM) (Source: DCOM) (EventID: 10005) (User: )
Description: DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server:
{D3DCB472-7261-43CE-924B-0704BD730D5F}

Error: (06/21/2018 11:14:48 AM) (Source: DCOM) (EventID: 10005) (User: )
Description: DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server:
{145B4335-FE2A-4927-A040-7C35AD3180EF}

Error: (06/21/2018 11:14:12 AM) (Source: DCOM) (EventID: 10005) (User: )
Description: DCOM got error "1084" attempting to start the service wuauserv with arguments "" in order to run the server:
{E60687F7-01A1-40AA-86AC-DB1CBF673334}

Error: (06/21/2018 11:09:46 AM) (Source: DCOM) (EventID: 10005) (User: )
Description: DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server:
{9E175B6D-F52A-11D8-B9A5-505054503030}

Error: (06/21/2018 11:09:45 AM) (Source: DCOM) (EventID: 10005) (User: )
Description: DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server:
{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

Error: (06/21/2018 11:09:37 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
The dependency service or group failed to start.

Error: (06/21/2018 11:09:37 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
The dependency service or group failed to start.

Error: (06/21/2018 11:09:37 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
The dependency service or group failed to start.


==================== Memory info ===========================

Processor: Intel® Core™ i5-2410M CPU @ 2.30GHz
Percentage of memory in use: 11%
Total physical RAM: 8173.86 MB
Available physical RAM: 7253.97 MB
Total Virtual: 16345.89 MB
Available Virtual: 15487.71 MB

==================== Drives ================================

Drive c: (Win 7) (Fixed) (Total:307.91 GB) (Free:133.96 GB) NTFS
Drive d: (Storage) (Fixed) (Total:390.62 GB) (Free:382.78 GB) NTFS
Drive f: (OPPO DRIVER) (CDROM) (Total:0.02 GB) (Free:0 GB) CDFS
Drive g: () (Removable) (Total:3.73 GB) (Free:3.68 GB) FAT32

\\?\Volume{60178b45-4877-11e2-b169-806e6f6e6963}\ (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 698.6 GB) (Disk ID: 07D4C1E0)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=307.9 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=390.6 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Protective MBR) (Size: 3.7 GB) (Disk ID: 00000000)

Partition: GPT.

==================== End of Addition.txt ============================



#18 zeotrex

zeotrex
  • Topic Starter

  • Members
  • 21 posts
  • ONLINE
  •  
  • Local time:07:36 PM

Posted 20 June 2018 - 10:56 PM

By the way, originally there ware 3 restore points... One of the windows critical update restore point was deleted automatically after failing to restore



#19 polskamachina

polskamachina

  • Malware Response Team
  • 3,939 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:36 AM

Posted 21 June 2018 - 01:02 AM

Hi zeotrex :)

 

I will address your monitor issues once we get the computer booting normally. By the way, do you ever see any light coming from the monitor no matter how faint it may be?

 

Next:

  • Boot to Safe mode with networking or Normal mode if you are able
  • Highlight the text below in its entirety and then press Ctrl-C to copy it:
Start::
CreateRestorePoint:
CloseProcesses:
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
Task: {2592E5CA-75C4-4907-A73E-3000DA78BEF6} - System32\Tasks\WSE_Astromenda => C:\Users\Account\AppData\Roaming\WSE_AS~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: {E246E8CB-8371-4356-9A07-AC0DB7FCE2D4} - \Safer-Networking\Spybot - Search and Destroy\Check for updates -> No File <==== ATTENTION
Task: {EE32CE7E-CC53-41D3-962D-1970E8B43D68} - \Safer-Networking\Spybot - Search and Destroy\Scan the system -> No File <==== ATTENTION
Task: C:\Windows\Tasks\WSE_Astromenda.job => C:\Users\Account\AppData\Roaming\WSE_AS~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
End::
  • Run FRST64
  • Click Fix
  • Upon completion of the Fix if you are asked to restart your computer, allow it to restart
  • Fixlog.txt will be written into the same folder where FRST64 is located
  • Please copy and paste Fixlog.txt into your next reply to me

Now it's time to remove Spybot S&D. Use ONLY the directions below to remove it.

 

Note: Revo Uninstaller does a more thorough job deleting programs on your computer than using the Programs and Features option in Windows. Since it is a more powerful tool, please be sure to follow these instructions VERY carefully.
Note: If the program you want to uninstall is not listed by Revo, let me know and we will try an alternate method of removal.
  • Please download and install Revo Uninstaller Free
    note: there is no need to click anything on that page, the download will start automatically
  • Double click Revo Uninstaller to run it
  • From the list of your installed programs double click on Spybot - Search & Destroy
  • When prompted if you want to uninstall it, click Yes (even if the Spybot - Search & Destroy uninstaller fails, please continue with the rest of these directions)
  • Be sure the Advanced option is selected then click Next
  • The program will run, If prompted again, click Yes
  • Note this important step: Before Revo removes the remnants of the program, the original program's uninstaller will run and will prompt you that the process is complete. Then it may ask you to restart your computer. DO NOT RESTART YOUR COMPUTER AT THIS TIME. Click cancel on the restart option and then continue with Revo's uninstallation process.
  • Once the program has searched for leftovers click Next
  • Check the box for Select All and then click Delete and accept the prompt that asks if you want to delete the selections
  • When prompted click on Yes and then on Next
  • Repeat the above 3 steps until the uninstall completes
  • Once done click Finish
  • Restart your computer after Revo has finished with the uninstall
  • Let me know if your computer now boots cleanly without the blue screen and into Normal mode

Next:

  • Run FRST64 again
  • Click on Scan
  • Copy and paste the log results, FRST.txt and Addition.txt into your next reply to me

In summary I will need from you:

  • Does your monitor ever light up at all?
  • Fixlog.txt
  • Results of removing Spybot - Search & Destroy
  • FRST.txt
  • Addition.txt
  • How is your computer performing now?

polskamachina



#20 zeotrex

zeotrex
  • Topic Starter

  • Members
  • 21 posts
  • ONLINE
  •  
  • Local time:07:36 PM

Posted 21 June 2018 - 01:44 AM

 

Hi zeotrex :)

 

I will address your monitor issues once we get the computer booting normally. By the way, do you ever see any light coming from the monitor no matter how faint it may be?

 

Next:

  • Boot to Safe mode with networking or Normal mode if you are able
  • Highlight the text below in its entirety and then press Ctrl-C to copy it:
Start::
CreateRestorePoint:
CloseProcesses:
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
Task: {2592E5CA-75C4-4907-A73E-3000DA78BEF6} - System32\Tasks\WSE_Astromenda => C:\Users\Account\AppData\Roaming\WSE_AS~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: {E246E8CB-8371-4356-9A07-AC0DB7FCE2D4} - \Safer-Networking\Spybot - Search and Destroy\Check for updates -> No File <==== ATTENTION
Task: {EE32CE7E-CC53-41D3-962D-1970E8B43D68} - \Safer-Networking\Spybot - Search and Destroy\Scan the system -> No File <==== ATTENTION
Task: C:\Windows\Tasks\WSE_Astromenda.job => C:\Users\Account\AppData\Roaming\WSE_AS~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
End::
  • Run FRST64
  • Click Fix

Where do i need to copy the script to? u said press crtl-c: then press fix on frst.exe... But where to paste the script? m i missing anything?



#21 zeotrex

zeotrex
  • Topic Starter

  • Members
  • 21 posts
  • ONLINE
  •  
  • Local time:07:36 PM

Posted 21 June 2018 - 02:58 AM

I think i got it...

i just open the this web on the crashed safe mode windows. Instead of creating the fixlist like earlier, i just crtl-c the script onto the clipboard, runing frst.exe fix will detect the script automatically...

 

I did that... it seems the fix failed. below is the fixlog

 

Some answer:

1. The laptop's lcd is fully black.

2. after the fix, nothing change. Seems like fix failed. The windows start normally and failed with a blue screen.

3. I ran Revo, The uninstallation failed. So i click Advanced, and selected all the reg keys and deleted them, then next screen selected all the leftover files and deleted all.

 

this round fix, not fruitful.



#22 zeotrex

zeotrex
  • Topic Starter

  • Members
  • 21 posts
  • ONLINE
  •  
  • Local time:07:36 PM

Posted 21 June 2018 - 03:02 AM

Fix result of Farbar Recovery Scan Tool (x64) Version: 20.06.2018
Ran by Account (21-06-2018 15:09:27) Run:2
Running from G:\
Loaded Profiles: Account (Available Profiles: Account)
Boot Mode: Safe Mode (with Networking)
==============================================

fixlist content:
*****************
CreateRestorePoint:
CloseProcesses:
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
Task: {2592E5CA-75C4-4907-A73E-3000DA78BEF6} - System32\Tasks\WSE_Astromenda => C:\Users\Account\AppData\Roaming\WSE_AS~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: {E246E8CB-8371-4356-9A07-AC0DB7FCE2D4} - \Safer-Networking\Spybot - Search and Destroy\Check for updates -> No File <==== ATTENTION
Task: {EE32CE7E-CC53-41D3-962D-1970E8B43D68} - \Safer-Networking\Spybot - Search and Destroy\Scan the system -> No File <==== ATTENTION
Task: C:\Windows\Tasks\WSE_Astromenda.job => C:\Users\Account\AppData\Roaming\WSE_AS~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION

*****************

Error: Restore point can only be created in normal mode.
Processes closed successfully.
"HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SDWinLogon" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2592E5CA-75C4-4907-A73E-3000DA78BEF6}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2592E5CA-75C4-4907-A73E-3000DA78BEF6}" => removed successfully
C:\Windows\System32\Tasks\WSE_Astromenda => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\WSE_Astromenda" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{E246E8CB-8371-4356-9A07-AC0DB7FCE2D4}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E246E8CB-8371-4356-9A07-AC0DB7FCE2D4}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Safer-Networking\Spybot - Search and Destroy\Check for updates" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{EE32CE7E-CC53-41D3-962D-1970E8B43D68}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EE32CE7E-CC53-41D3-962D-1970E8B43D68}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Safer-Networking\Spybot - Search and Destroy\Scan the system" => removed successfully
C:\Windows\Tasks\WSE_Astromenda.job => moved successfully


The system needed a reboot.

==== End of Fixlog 15:09:27 ====



#23 zeotrex

zeotrex
  • Topic Starter

  • Members
  • 21 posts
  • ONLINE
  •  
  • Local time:07:36 PM

Posted 21 June 2018 - 03:04 AM

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 20.06.2018
Ran by Account (administrator) on ACCOUNT-PC (21-06-2018 15:58:00)
Running from G:\
Loaded Profiles: Account (Available Profiles: Account)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Safe Mode (with Networking)
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Windows\HelpPane.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SAIICpl.exe [307768 2010-04-28] ()
HKLM\...\Run: [Energy Management] => C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [9768352 2012-12-17] (Lenovo (Beijing) Limited)
HKLM\...\Run: [EnergyUtility] => C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe [5940128 2012-12-17] (Lenovo(beijing) Limited)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2741544 2011-04-08] (Synaptics Incorporated)
HKLM\...\Run: [Qpost_Pro] => C:\Program Files (x86)\QPostPro\QplusPhoneSeller.exe [2520160 2014-03-03] (Giosis)
HKLM\...\Run: [AVGUI.exe] => C:\Program Files (x86)\AVG\Antivirus\AvLaunch.exe [294928 2018-03-14] (AVG Technologies CZ, s.r.o.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [298296 2018-03-25] (Apple Inc.)
HKLM-x32\...\Run: [YouCam Mirage] => C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe [136488 2010-12-05] (CyberLink)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2011-01-24] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [NSCSysTrayUI_XEROX] => C:\Program Files (x86)\XEROX\NetworkScan\NSCSysUI_XEROX.exe [266240 2009-01-13] (XEROX)
HKLM-x32\...\Run: [Qpost_Pro] => C:\Program Files (x86)\QPostPro\QplusPhoneSeller.exe [2520160 2014-03-03] (Giosis)
HKLM-x32\...\Run: [vProt] => C:\Program Files (x86)\AVG Web TuneUp\vprot.exe [2162760 2016-07-21] ()
HKLM-x32\...\Run: [AvgUi] => "C:\Program Files (x86)\AVG\Framework\Common\avguirna.exe" /lps=fmw
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [3642688 2018-04-09] (Dropbox, Inc.)
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-19\...\Run: [PPS Accelerator] => D:\PPS.tv\PPStream\PPSKernel.exe [3682168 2013-01-23] (PPStream Inc.)
HKU\S-1-5-20\...\Run: [PPS Accelerator] => D:\PPS.tv\PPStream\PPSKernel.exe [3682168 2013-01-23] (PPStream Inc.)
HKU\S-1-5-21-2261380125-1226403923-318164010-1000\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2012-12-19] (Google Inc.)
HKU\S-1-5-21-2261380125-1226403923-318164010-1000\...\Run: [PPS Accelerator] => D:\PPS.tv\PPStream\PPSKernel.exe [3682168 2013-01-23] (PPStream Inc.)
HKU\S-1-5-21-2261380125-1226403923-318164010-1000\...\Run: [AVG-Secure-Search-Update_0913b] => C:\Users\Account\AppData\Roaming\AVG 0913b Campaign\AVG-Secure-Search-Update-0913b.exe /PROMPT --mid 0acb8a3543b547d0b5e04149084ca970-8871f940fff3c513c87493a6713fb2facccaf989 --CMPID 0913b
HKU\S-1-5-21-2261380125-1226403923-318164010-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [30877280 2014-12-11] (Skype Technologies S.A.)
HKU\S-1-5-21-2261380125-1226403923-318164010-1000\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [25624208 2017-11-10] (Google)
HKU\S-1-5-21-2261380125-1226403923-318164010-1000\...\Run: [hdacc] => C:\Program Files (x86)\JJPlayer\hdacc.exe [339640 2015-02-26] (jjvod.com)
HKU\S-1-5-21-2261380125-1226403923-318164010-1000\...\Run: [CBoxService] => C:\Program Files (x86)\CNTV\CBox\CBoxService.exe [439120 2015-03-12] (中国网络电视台CNTV)
HKU\S-1-5-21-2261380125-1226403923-318164010-1000\...\MountPoints2: E - E:\setup.exe
HKU\S-1-5-21-2261380125-1226403923-318164010-1000\...\MountPoints2: F - IomegaEncryptionSetup v1.3.exe
HKU\S-1-5-21-2261380125-1226403923-318164010-1000\...\MountPoints2: {00b40537-91a3-11e4-86e8-90004ea84083} - F:\HTC_Sync_Manager_PC.exe
HKU\S-1-5-21-2261380125-1226403923-318164010-1000\...\MountPoints2: {90e2d1bb-4971-11e2-90ea-90004ea84083} - IomegaEncryptionSetup v1.3.exe
HKU\S-1-5-21-2261380125-1226403923-318164010-1000\...\MountPoints2: {ac04ea42-69ae-11e2-9100-90004ea84083} - IomegaEncryptionSetup v1.3.exe
HKU\S-1-5-18\...\Run: [PPS Accelerator] => D:\PPS.tv\PPStream\PPSKernel.exe [3682168 2013-01-23] (PPStream Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk [2012-12-17]
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2018-04-06]
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.11.717\SSScheduler.exe (McAfee, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\RealPlayer Cloud Service UI.lnk [2014-12-07]
ShortcutTarget: RealPlayer Cloud Service UI.lnk -> C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin64\rpsystray.exe (RealNetworks, Inc.)
BootExecute: autocheck autochk * sdnclean64.exe
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: 0.0.0.1    mssplus.mcafee.com
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{1881003A-8DF4-456B-A8F0-219FEB742A36}: [DhcpNameServer] 192.168.0.1

Internet Explorer:
==================
HKU\S-1-5-21-2261380125-1226403923-318164010-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/en-sg/?ocid=iehp
SearchScopes: HKLM -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://astromenda.com/results.php?f=4&q={searchTerms}&a=ast_wnzp01_14_49_ie&cd=2XzuyEtN2Y1L1Qzu0E0CyDyD0FzytDyDzzyDyC0D0AyE0BtAtN0D0Tzu0SzyyEzytN1L2XzutBtFtBtCtFtCzztFyEtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyDzzzzzzyDyE0ByEtG0AyB0F0DtGzz0B0FtAtGyDyE0E0FtGtCtByE0DtD0AtAtB0F0C0ByC2QtN1M1F1B2Z1V1N2Y1L1Qzu2StCzy0F0F0B0AyEyEtG0AzzyD0BtGyByEtA0CtGzzyEyDtAtGyCyD0EtDtCyDzzzytCtCzy0F2Q&cr=1650011702&ir=
SearchScopes: HKLM -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://astromenda.com/results.php?f=4&q={searchTerms}&a=ast_wnzp01_14_49_ie&cd=2XzuyEtN2Y1L1Qzu0E0CyDyD0FzytDyDzzyDyC0D0AyE0BtAtN0D0Tzu0SzyyEzytN1L2XzutBtFtBtCtFtCzztFyEtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyDzzzzzzyDyE0ByEtG0AyB0F0DtGzz0B0FtAtGyDyE0E0FtGtCtByE0DtD0AtAtB0F0C0ByC2QtN1M1F1B2Z1V1N2Y1L1Qzu2StCzy0F0F0B0AyEyEtG0AzzyD0BtGyByEtA0CtGzzyEyDtAtGyCyD0EtDtCyDzzzytCtCzy0F2Q&cr=1650011702&ir=
SearchScopes: HKU\S-1-5-21-2261380125-1226403923-318164010-1000 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxps://mysearch.avg.com/search?cid={EA2AEAB2-AA0A-476D-8137-5416E14278F4}&mid=0acb8a3543b547d0b5e04149084ca970-8871f940fff3c513c87493a6713fb2facccaf989&lang=en&ds=AVG&coid=avgtbavg&cmpid=0415av&pr=fr&d=2015-05-06 22:04:28&v=4.1.0.411&pid=wtu&sg=&sap=dsp&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2261380125-1226403923-318164010-1000 -> {B8E20CD7-BAC2-4820-9AA6-1060B3AF25E2} URL = hxxp://www.baidu.com/s?wd={searchTerms}&ie={inputEncoding}&oe={outputEncoding}&abar=2&tn=20041099_oem_dg&ch=33
BHO: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin64.dll [2014-10-26] (RealDownloader)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO: QvodExtend -> {A8502600-B272-4F68-A67B-A0305D46D298} -> C:\Program Files (x86)\QvodPlayer\QvodExtend\5.0.97.0\QvodExtend_x64.dll [2014-02-18] (Shenzhen QVOD Technology Co.,Ltd)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-27] (Google Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: 0C3B3F11-52BB-6A59-51FC-A435C788255C Class -> {0C3B3F11-52BB-6A59-51FC-A435C788255C} -> C:\Program Files (x86)\ppsaddr\{0C3B3F11-52BB-6A59-51FC-A435C788255C}\AddressBar.dll [2012-12-14] ()
BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll [2014-10-26] (RealDownloader)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2014-08-12] (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO-x32: AVG Web TuneUp -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> C:\Program Files (x86)\AVG Web TuneUp\4.3.2.18\AVG Web TuneUp.dll [2016-07-21] (AVG)
BHO-x32: QvodExtend -> {A8502600-B272-4F68-A67B-A0305D46D297} -> C:\Program Files (x86)\QvodPlayer\QvodExtend\5.0.97.0\QvodExtend.dll [2014-02-18] (Shenzhen QVOD Technology Co.,Ltd)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-27] (Google Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: QQMiniDL Helper Class -> {C9C7334B-5657-41e1-8F79-F6AACECA05F4} -> C:\Program Files (x86)\Common Files\Tencent\QQMiniDL\60\Browser\QQIEHelper01.dll [2014-07-15] (Tencent Technology (Shenzhen) Company Limited)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2014-08-12] (Oracle Corporation)
BHO-x32: AccountProtectBHO Class -> {DDD362CF-523B-4BC9-8FDC-58F93B6BC945} -> C:\Users\Account\AppData\Roaming\Tencent\QQ\QQAntiPhishing\AccountProtect.dll [2017-10-23] (Tencent)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-27] (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-27] (Google Inc.)
Toolbar: HKU\S-1-5-21-2261380125-1226403923-318164010-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-27] (Google Inc.)
DPF: HKLM-x32 {721700FE-7F0E-49C5-BDED-CA92B7CB1245} hxxps://sg.mydlink.com/8D/activeX//camclictrl.cab
DPF: HKLM-x32 {E4BFF825-2E50-4BCC-8497-6EFDFB6C9B3D} hxxps://mybank.icbc.com.cn/icbc/newperbank/USBKEY.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
Filter-x32: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-11-27] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-11-27] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-11-27] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-11-27] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-11-27] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-11-27] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-11-27] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-11-27] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-11-27] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-11-27] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-11-27] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-11-27] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-11-27] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-11-27] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-11-27] (Citrix Systems, Inc.)
Filter-x32: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-11-27] (Citrix Systems, Inc.)
StartMenuInternet: IEXPLORE.EXE - iexplore.exe

FireFox:
========
FF ProfilePath: C:\Users\Account\AppData\Roaming\Mozilla\Firefox\Profiles\p0erq5ku.default-1437658318989 [2018-06-21]
FF HKLM-x32\...\Firefox\Extensions: [{338950EA-82DB-44C1-930D-0C28E023C9F0}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: (RealDownloader) - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2014-12-07] [Legacy] [not signed]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_29_0_0_140.dll [2018-04-11] ()
FF Plugin: @alipay.com/npalicert -> C:\Program Files (x86)\alipay\aliedit\5.3.0.3807\npalicdo64.dll [2015-03-23] (alipay.com)
FF Plugin: @alipay.com/npAliInetHealth -> C:\Program Files (x86)\alipay\aliedit\5.3.0.3807\npAlipaydhc64.dll [2015-03-23] (Alipay.com Inc. )
FF Plugin: @alipay.com/npAliSecCtrl -> C:\Program Files (x86)\alipay\aliedit\5.3.0.3807\npAliSecCtrl64.dll [2015-03-23] (Alipay.com Inc. )
FF Plugin: @java.com/DTPlugin,version=10.10.2 -> C:\Windows\system32\npDeployJava1.dll [2012-12-19] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @qvod.com/QvodShare -> C:\Program Files (x86)\QvodPlayer\npShareModule_x64.dll [2014-02-18] (Shenzhen QVOD Technology Co.,Ltd)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_29_0_0_140.dll [2018-04-11] ()
FF Plugin-x32: @alibaba.com/npwangwang;version=1.0 -> C:\Program Files (x86)\AliQinTao\1.70.03U\npwangwang.dll [No File]
FF Plugin-x32: @alipay.com/npalicert -> C:\Program Files (x86)\alipay\aliedit\5.3.0.3807\npalicdo.dll [2015-03-23] (alipay.com)
FF Plugin-x32: @alipay.com/npalidcp -> C:\Program Files (x86)\alipay\aliedit\5.3.0.3807\npalidcp.dll [2014-07-03] (Alipay.com co.,ltd)
FF Plugin-x32: @alipay.com/npaliedit -> C:\Program Files (x86)\alipay\aliedit\5.3.0.3807\npaliedit.dll [2014-07-03] (Alipay.com co.,ltd)
FF Plugin-x32: @alipay.com/npAliInetHealth -> C:\Program Files (x86)\alipay\aliedit\5.3.0.3807\npAlipaydhc.dll [2015-03-23] (Alipay.com Inc. )
FF Plugin-x32: @alipay.com/npAliSecCtrl -> C:\Program Files (x86)\alipay\aliedit\5.3.0.3807\npAliSecCtrl.dll [2015-03-23] (Alipay.com Inc. )
FF Plugin-x32: @alipay.com/NPComBrg701,version=1.0.2011.701 -> C:\Windows\system32\itruscert\NPComBrg701.dll [No File]
FF Plugin-x32: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin -> C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\40.3.2\\npsitesafety.dll [No File]
FF Plugin-x32: @cfca.com/SecEditCtl.BOC,version=1.0.0.9 -> C:\Windows\system32\npSecEditCtl.BOC.x86.dll [No File]
FF Plugin-x32: @cfca.com/SecEditCtl.BOC,version=1.0.1.7 -> C:\Windows\system32\npSecEditCtl.BOC.x86.dll [No File]
FF Plugin-x32: @Citrix.com/npican -> C:\Program Files (x86)\Citrix\ICA Client\npicaN.dll [2014-11-27] (Citrix Systems, Inc.)
FF Plugin-x32: @itstructures.com/ffactivex -> C:\Program Files (x86)\JJPlayer\npWebPlayer.dll [2015-01-17] (jjvod.com)
FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-08-12] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2014-08-12] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-09-12] (Microsoft Corporation)
FF Plugin-x32: @pptv.com/plugin -> C:\Program Files (x86)\Internet Explorer\PPLite\plugin\1.0.1.3471\npplugin2.dll [2013-02-22] (PPLive Corporation)
FF Plugin-x32: @qq.com/npOpenPlatform -> C:\Program Files (x86)\Common Files\Tencent\OpenPlatform\3.0.0.3201\npQPMWebGamePlugin.dll [2014-09-29] (腾讯公司)
FF Plugin-x32: @qq.com/npqscall -> C:\Program Files (x86)\Common Files\Tencent\Npchrome\npactivex.dll [2015-08-16] (Tencent)
FF Plugin-x32: @qq.com/QQMiniDLPlugin -> C:\Program Files (x86)\Common Files\Tencent\QQMiniDL\60\Browser\npXFMiniDLPlugin.dll [2014-04-25] (Tencent Technology (Shenzhen) Company Limited)
FF Plugin-x32: @qq.com/QQPhotoDrawEx -> C:\Program Files (x86)\Tencent\Qzone\npQQPhotoDrawEx.dll [2013-08-13] ()
FF Plugin-x32: @qq.com/QzoneMusic -> C:\Program Files (x86)\Tencent\QQMusic\QzoneMusic\npQzoneMusic.dll [2014-08-30] (Tencent)
FF Plugin-x32: @qq.com/TXSSO -> C:\Program Files (x86)\Common Files\Tencent\TXSSO\1.2.3.30\Bin\npSSOAxCtrlForPTLogin.dll [2015-06-26] (Tencent)
FF Plugin-x32: @qvod.com/QvodInsert -> C:\Program Files (x86)\QvodPlayer\npQvodInsert.dll [2014-05-19] (Shenzhen QVOD Technology Co.,Ltd)
FF Plugin-x32: @qvod.com/QvodShare -> C:\Program Files (x86)\QvodPlayer\npShareModule.dll [2014-02-18] (Shenzhen QVOD Technology Co.,Ltd)
FF Plugin-x32: @real.com/nppl3260;version=17.0.15.10 -> c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll [2014-12-07] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlhtml5videoshim;version=17.0.15 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll [2014-10-26] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpplugin;version=17.0.15.10 -> c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll [2014-12-07] (RealPlayer Cloud)
FF Plugin-x32: @tencent.com/npQQMailWebKit,version=1.0.0.1 -> C:\Program Files (x86)\QQMailPlugin\npQQMailWebKit.dll [2013-04-25] (Tencent)
FF Plugin-x32: @tencent.com/nptxftnWebKit,version=1.0.0.1 -> C:\Program Files (x86)\QQMailPlugin\nptxftnWebKit.dll [2013-04-08] (Tencent Technology (Shenzhen) Company Limited)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-18] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-18] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2018-02-23] (Adobe Systems Inc.)
FF Plugin HKU\.DEFAULT: @alipay.com/npalicert -> C:\Windows\system32\config\systemprofile\AppData\Roaming\alipay\cf\npalicdo.dll [No File]
FF Plugin HKU\S-1-5-21-2261380125-1226403923-318164010-1000: @1.qq.com/npqqwebgame -> C:\Users\Account\AppData\Roaming\Tencent\WebGamePlugin\1.0.3.9\npqqwebgame.dll [2015-02-03] ( )
FF Plugin HKU\S-1-5-21-2261380125-1226403923-318164010-1000: @alibaba.com/npAliSSOLogin;version=1.0 -> C:\Program Files (x86)\AliWangWang\9.12.03C\npAliSSOLogin.dll [2018-04-07] (Alibaba software (Shanghai) Corporation.)
FF Plugin HKU\S-1-5-21-2261380125-1226403923-318164010-1000: @alibaba.com/nptrademanager;version=1.0 -> "C:\Program Files (x86)\AliWangWang\nptrademanager.dll" [No File]
FF Plugin HKU\S-1-5-21-2261380125-1226403923-318164010-1000: @alibaba.com/npwangwang;version=1.0 -> C:\Program Files (x86)\AliWangWang\9.12.03C\npwangwang.dll [2018-04-07] ( )
FF Plugin HKU\S-1-5-21-2261380125-1226403923-318164010-1000: @alipay.com/npalicert -> C:\Users\Account\AppData\Roaming\alipay\cf\npalicdo.dll [2014-10-21] (alipay.com)
FF Plugin HKU\S-1-5-21-2261380125-1226403923-318164010-1000: @qvod.com/QvodInsert -> C:\Program Files (x86)\QvodPlayer\npQvodInsert.dll [2014-05-19] (Shenzhen QVOD Technology Co.,Ltd)
FF Plugin HKU\S-1-5-21-2261380125-1226403923-318164010-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Account\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2012-09-24] (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-2261380125-1226403923-318164010-1000: KuaiWanInsert -> C:\Program Files (x86)\QvodPlayer\AddIn\KWWebgame\npKWWebGame.dll [2014-02-18] (Shenzhen QVOD Technology Co.,Ltd)

Chrome:
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> hxxp://astromenda.com/?f=1&a=ast_wnzp01_14_49_ie&cd=2XzuyEtN2Y1L1Qzu0E0CyDyD0FzytDyDzzyDyC0D0AyE0BtAtN0D0Tzu0SzyyEzytN1L2XzutBtFtBtCtFtCzztFyEtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyDzzzzzzyDyE0ByEtG0AyB0F0DtGzz0B0FtAtGyDyE0E0FtGtCtByE0DtD0AtAtB0F0C0ByC2QtN1M1F1B2Z1V1N2Y1L1Qzu2StCzy0F0F0B0AyEyEtG0AzzyD0BtGyByEtA0CtGzzyEyDtAtGyCyD0EtDtCyDzzzytCtCzy0F2Q&cr=1650011702&ir=
CHR StartupUrls: Default -> "hxxp://astromenda.com/?f=7&a=ast_wnzp01_14_49_ie&cd=2XzuyEtN2Y1L1Qzu0E0CyDyD0FzytDyDzzyDyC0D0AyE0BtAtN0D0Tzu0SzyyEzytN1L2XzutBtFtBtCtFtCzztFyEtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyDzzzzzzyDyE0ByEtG0AyB0F0DtGzz0B0FtAtGyDyE0E0FtGtCtByE0DtD0AtAtB0F0C0ByC2QtN1M1F1B2Z1V1N2Y1L1Qzu2StCzy0F0F0B0AyEyEtG0AzzyD0BtGyByEtA0CtGzzyEyDtAtGyCyD0EtDtCyDzzzytCtCzy0F2Q&cr=1650011702&ir="
CHR Profile: C:\Users\Account\AppData\Local\Google\Chrome\User Data\Default [2018-06-21]
CHR Extension: (Google Drive) - C:\Users\Account\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-23]
CHR Extension: (YouTube) - C:\Users\Account\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-28]
CHR Extension: (Google Search) - C:\Users\Account\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-29]
CHR Extension: (Google Docs Offline) - C:\Users\Account\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-19]
CHR Extension: (支付宝安全插件) - C:\Users\Account\AppData\Local\Google\Chrome\User Data\Default\Extensions\lapoiohkeidniicbalnfmakkbnpejgbi [2014-09-13]
CHR Extension: (Skype) - C:\Users\Account\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2017-12-08]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\Account\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2014-11-06]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Account\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-05]
CHR Extension: (Gmail) - C:\Users\Account\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-28]
CHR Extension: (Chrome Media Router) - C:\Users\Account\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-06-21]
CHR HKU\S-1-5-21-2261380125-1226403923-318164010-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 AlibabaProtect; C:\Program Files (x86)\AlibabaProtect\1.0.11.753\AlibabaProtect.exe [703416 2018-01-22] (阿里巴巴(中国)软件有限公司)
S2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2018-03-14] (Apple Inc.)
S2 AVG Antivirus; C:\Program Files (x86)\AVG\Antivirus\AVGSvc.exe [304776 2018-03-14] (AVG Technologies CZ, s.r.o.)
S3 avgbIDSAgent; C:\Program Files (x86)\AVG\Antivirus\x64\aswidsagenta.exe [7607288 2018-03-14] (AVG Technologies CZ, s.r.o.)
S2 btwdins; C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe [953632 2010-12-14] (Broadcom Corporation.)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-06-05] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-06-05] (Dropbox, Inc.)
S2 DbxSvc; C:\Windows\system32\DbxSvc.exe [51024 2018-04-09] (Dropbox, Inc.)
S2 DeviceHealth; C:\Program Files (x86)\Microsoft Device Health\DhMachineSvc.exe [196760 2015-01-30] (Microsoft Corporation)
S2 DeviceHealthPluginMgr; C:\Program Files (x86)\Microsoft Device Health\PluginManager\DhPluginMgr.exe [244376 2015-01-30] (Microsoft Corporation)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.11.717\McCHSvc.exe [405392 2018-03-27] (McAfee, Inc.)
S2 pcas; C:\Program Files (x86)\alipay\aliedit\5.3.0.3807\pcas.exe [592856 2015-03-23] (Alipay.com Inc. )
S2 PPTVService; C:\Windows\SysWOW64\PPTVSvc.dll [478032 2013-02-22] (PPTV)
S2 QPCore; C:\Program Files (x86)\Common Files\Tencent\QQProtect\Bin\QQProtect.exe [115104 2018-02-28] (Tencent)
S4 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [39568 2014-10-26] ()
S4 RealPlayer Cloud Service; c:\program files (x86)\real\realplayer\RPDS\Bin\rpdsvc.exe [1141848 2014-12-07] (RealNetworks, Inc.)
S4 RealPlayerUpdateSvc; C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe [31856 2014-10-30] ()
S2 secbizsrv; C:\Program Files (x86)\alipay\aliedit\5.3.0.3807\secbizsrv.exe [594904 2015-03-23] (Alipay.com Inc. )
S2 TBSecSvc; C:\Program Files (x86)\TaobaoProtect\TBSecSvc.exe [227296 2015-11-29] (Alibaba (China) Co., LTD. All rights reserved.)
S2 vToolbarUpdater40.3.2; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\40.3.2\ToolbarUpdater.exe [1309768 2016-07-21] (AVG Secure Search)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S2 WtuSystemSupport; C:\Program Files (x86)\AVG Web TuneUp\WtuSystemSupport.exe [976456 2016-07-21] ()
S2 wwbizsrv; C:\Program Files (x86)\Alibaba\wwbizsrv\wwbizsrv.exe [2907024 2018-04-07] (Alibaba Group)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 AliPaladin; C:\Windows\system32\drivers\AliPaladin64.sys [148624 2018-01-03] ()
S1 avgArPot; C:\Windows\System32\drivers\avgArPot.sys [189032 2018-03-14] (AVG Technologies CZ, s.r.o.)
S1 avgbdisk; C:\Windows\System32\drivers\avgbdiska.sys [166552 2018-03-14] (AVG Technologies CZ, s.r.o.)
S1 avgbidsdriver; C:\Windows\System32\drivers\avgbidsdrivera.sys [221096 2018-03-14] (AVG Technologies CZ, s.r.o.)
S0 avgbidsh; C:\Windows\System32\drivers\avgbidsha.sys [193024 2018-03-14] (AVG Technologies CZ, s.r.o.)
S0 avgblog; C:\Windows\System32\drivers\avgbloga.sys [337344 2018-03-14] (AVG Technologies CZ, s.r.o.)
S0 avgbuniv; C:\Windows\System32\drivers\avgbuniva.sys [51272 2018-03-14] (AVG Technologies CZ, s.r.o.)
S3 avgHwid; C:\Windows\System32\drivers\avgHwid.sys [39352 2018-03-14] (AVG Technologies CZ, s.r.o.)
S2 avgMonFlt; C:\Windows\System32\drivers\avgMonFlt.sys [139040 2018-03-14] (AVG Technologies CZ, s.r.o.)
R1 avgRdr; C:\Windows\System32\drivers\avgRdr2.sys [102720 2018-03-14] (AVG Technologies CZ, s.r.o.)
S0 avgRvrt; C:\Windows\System32\drivers\avgRvrt.sys [76760 2018-03-14] (AVG Technologies CZ, s.r.o.)
S1 avgSnx; C:\Windows\System32\drivers\avgSnx.sys [1019088 2018-03-14] (AVG Technologies CZ, s.r.o.)
S1 avgSP; C:\Windows\System32\drivers\avgSP.sys [452904 2018-03-14] (AVG Technologies CZ, s.r.o.)
S2 avgStm; C:\Windows\System32\drivers\avgStm.sys [198368 2018-03-14] (AVG Technologies CZ, s.r.o.)
S0 avgVmm; C:\Windows\System32\drivers\avgVmm.sys [372920 2018-03-14] (AVG Technologies CZ, s.r.o.)
S2 DgiVecp; C:\Windows\system32\Drivers\DgiVecp.sys [54072 2012-12-19] (Samsung Electronics)
S2 ProtectorA; C:\Windows\system32\drivers\ProtectorA.sys [22672 2012-01-11] (www.ISRA.org.cn)
S2 QQProtectX64; C:\Windows\system32\drivers\QQProtectX64.sys [117984 2018-02-28] (Tencent)
S3 SPUVCbv; C:\Windows\System32\Drivers\usbvideo.sys [185344 2013-07-12] (Microsoft Corporation)
S3 dbx; system32\DRIVERS\dbx.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-06-21 15:41 - 2018-06-21 15:41 - 000555240 _____ C:\Windows\Minidump\062118-21637-01.dmp
2018-06-21 15:34 - 2018-06-21 15:34 - 400948112 _____ C:\Users\Account\Desktop\210618-1.reg
2018-06-21 15:24 - 2018-06-21 15:24 - 000000999 _____ C:\Users\Public\Desktop\Revo Uninstaller.lnk
2018-06-21 15:24 - 2018-06-21 15:24 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
2018-06-21 15:24 - 2018-06-21 15:24 - 000000000 ____D C:\Program Files\VS Revo Group
2018-06-21 15:16 - 2018-06-21 15:16 - 000555240 _____ C:\Windows\Minidump\062118-19890-01.dmp
2018-06-21 14:37 - 2018-06-21 14:37 - 000555240 _____ C:\Windows\Minidump\062118-20404-01.dmp
2018-06-21 13:05 - 2018-06-21 13:05 - 000555240 _____ C:\Windows\Minidump\062118-24351-01.dmp
2018-06-21 12:30 - 2018-06-21 12:40 - 000001908 _____ C:\Windows\diagwrn.xml
2018-06-21 12:30 - 2018-06-21 12:40 - 000001908 _____ C:\Windows\diagerr.xml
2018-06-21 11:08 - 2018-06-21 11:08 - 000555240 _____ C:\Windows\Minidump\062118-23914-01.dmp
2018-06-21 07:56 - 2018-06-21 07:56 - 000000000 ____D C:\Windows\system32\config\HiveBackup
2018-06-20 16:02 - 2018-06-20 16:02 - 000555240 _____ C:\Windows\Minidump\062018-24445-01.dmp
2018-06-20 16:01 - 2018-06-21 15:41 - 361679078 _____ C:\Windows\MEMORY.DMP
2018-06-20 01:45 - 2018-06-21 15:58 - 000000000 ____D C:\FRST

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-06-21 15:46 - 2009-07-14 13:13 - 000782510 _____ C:\Windows\system32\PerfStringBackup.INI
2018-06-21 15:46 - 2009-07-14 11:20 - 000000000 ____D C:\Windows\inf
2018-06-21 15:43 - 2016-02-04 07:02 - 001115928 _____ C:\Windows\ntbtlog.txt
2018-06-21 15:41 - 2018-05-08 19:47 - 000000000 ____D C:\Windows\Minidump
2018-06-21 03:28 - 2016-02-02 22:33 - 000000000 ____D C:\Users\TEMP
2018-06-21 03:28 - 2014-12-11 19:52 - 000000000 ____D C:\Windows\system32\appraiser
2018-06-21 03:28 - 2014-04-30 22:44 - 000000000 ___SD C:\Windows\system32\CompatTel
2018-06-21 03:28 - 2009-07-14 11:20 - 000000000 ____D C:\Windows\rescache
2018-06-21 03:27 - 2018-04-11 10:46 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2018-06-21 03:27 - 2018-04-06 11:45 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2018-06-21 03:27 - 2018-04-06 11:45 - 000000000 ____D C:\ProgramData\McAfee Security Scan
2018-06-21 03:27 - 2018-04-06 11:45 - 000000000 ____D C:\Program Files\iPod
2018-06-21 03:27 - 2018-04-06 11:42 - 000000000 ____D C:\Program Files\iTunes
2018-06-21 03:27 - 2018-03-05 23:26 - 000000000 ____D C:\ProgramData\Apple Computer
2018-06-21 03:27 - 2018-01-28 22:15 - 000000000 ____D C:\Windows\System32\Tasks\AVG
2018-06-21 03:27 - 2018-01-28 22:15 - 000000000 ____D C:\Program Files\Common Files\AVG
2018-06-21 03:27 - 2015-08-23 21:15 - 000000000 ____D C:\ProgramData\JJPlayer
2018-06-21 03:27 - 2015-05-06 22:04 - 000000000 ____D C:\Program Files (x86)\AVG Web TuneUp
2018-06-21 03:27 - 2014-07-01 16:44 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2018-06-21 03:27 - 2014-07-01 09:59 - 000000000 ____D C:\Users\Account\AppData\Roaming\TaobaoProtect
2018-06-21 03:27 - 2013-03-16 22:32 - 000000000 ____D C:\Users\Public\Documents\ppstream
2018-06-21 03:27 - 2012-12-30 15:48 - 000000000 ____D C:\Users\Account\AppData\Roaming\PPStream
2018-06-21 03:27 - 2012-12-20 12:52 - 000000000 ____D C:\Program Files (x86)\AliWangWang
2018-06-21 03:27 - 2012-12-19 09:36 - 000000000 ____D C:\ProgramData\QvodPlayer
2018-06-21 03:27 - 2012-12-19 07:31 - 000000000 ____D C:\Windows\SysWOW64\Macromed
2018-06-21 03:27 - 2012-12-19 07:31 - 000000000 ____D C:\Windows\system32\Macromed
2018-06-21 03:27 - 2012-12-17 14:30 - 000000000 ____D C:\Users\Account\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Lenovo
2018-06-21 03:27 - 2009-07-14 11:20 - 000000000 ____D C:\Windows\registration
2018-06-21 03:27 - 2009-07-14 11:20 - 000000000 ____D C:\Program Files\Common Files\Microsoft Shared
2018-06-21 03:23 - 2014-03-12 22:49 - 000000000 ____D C:\ProgramData\Real
2018-06-21 03:22 - 2016-06-05 22:23 - 000000000 ____D C:\Program Files (x86)\Dropbox
2018-06-21 03:21 - 2012-12-19 07:04 - 000000000 __RHD C:\MSOCache
2018-06-20 16:02 - 2012-12-17 10:38 - 000000000 ____D C:\Users\Account
2018-06-18 09:59 - 2018-05-07 17:56 - 000000000 ____D C:\Windows\System32\Tasks\Safer-Networking

==================== Files in the root of some directories =======

2014-04-08 15:49 - 2014-06-25 10:55 - 000001078 _____ () C:\Users\Account\AppData\Roaming\base64.cer
2013-11-02 17:15 - 2016-05-26 16:06 - 000000954 _____ () C:\Users\Account\AppData\Roaming\coreavc.ini
2014-08-25 08:57 - 2014-09-13 07:57 - 000000087 _____ () C:\Users\Account\AppData\Roaming\WB.CFG
2012-12-19 08:54 - 2012-12-19 08:54 - 000008049 _____ () C:\Users\Account\AppData\Roaming\XeroxFaxOptions.xml

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2018-05-07 19:23

==================== End of FRST.txt ============================



#24 zeotrex

zeotrex
  • Topic Starter

  • Members
  • 21 posts
  • ONLINE
  •  
  • Local time:07:36 PM

Posted 21 June 2018 - 03:10 AM

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 20.06.2018
Ran by Account (21-06-2018 15:59:32)
Running from G:\
Windows 7 Home Premium Service Pack 1 (X64) (2012-12-17 02:38:30)
Boot Mode: Safe Mode (with Networking)
==========================================================


==================== Accounts: =============================

Account (S-1-5-21-2261380125-1226403923-318164010-1000 - Administrator - Enabled) => C:\Users\Account
Administrator (S-1-5-21-2261380125-1226403923-318164010-500 - Administrator - Disabled)
Guest (S-1-5-21-2261380125-1226403923-318164010-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2261380125-1226403923-318164010-1002 - Limited - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: AVG Antivirus (Enabled - Up to date) {C50510DE-367A-330C-FD5C-556ACFB11243}
AS: AVG Antivirus (Enabled - Up to date) {7E64F13A-1040-3C82-C7EC-6E18B43658FE}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 18.011.20038 - Adobe Systems Incorporated)
Adobe Flash Player 29 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 29.0.0.140 - Adobe Systems Incorporated)
Adobe Flash Player 29 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 29.0.0.140 - Adobe Systems Incorporated)
Alipay Cert Component 2.5.0.0 (HKU\.DEFAULT\...\AlipayCert) (Version: 2.5.0.0 - Alipay.com Co., Ltd.)
Alipay Cert Component 2.6.0.0 (HKU\S-1-5-21-2261380125-1226403923-318164010-1000\...\AlipayCert) (Version: 2.6.0.0 - Alipay.com Co., Ltd.)
Apple Application Support (32-bit) (HKLM-x32\...\{543F829B-4591-4B2F-AF63-6E6E6AE59EB2}) (Version: 6.4 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{0ECA3BB5-4410-414B-B226-241FF1C12CD0}) (Version: 6.4 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{9E005AAA-81A3-478E-8944-532D350952EE}) (Version: 11.3.1.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{A30EA700-5515-48F0-88B0-9E99DC356B88}) (Version: 2.6.0.1 - Apple Inc.)
Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 1.0.0.39 - Atheros Communications Inc.)
ATI Catalyst Install Manager (HKLM\...\{42B0E318-B34E-D828-31E3-1DDEB759BA57}) (Version: 3.0.800.0 - ATI Technologies, Inc.)
AVG AntiVirus FREE (HKLM-x32\...\AVG Antivirus) (Version: 18.3.3051 - AVG Technologies)
AVG Web TuneUp (HKLM-x32\...\AVG Web TuneUp) (Version: 4.3.2.18 - AVG Technologies)
BOCNET Security Applet 2.1 (HKLM\...\BOCNET Security Applet_is1) (Version:  - Bank of China, Inc.)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
CBox央视影音 (HKLM-x32\...\{07F79EE3-1012-40BF-BEE7-A07EE6C284DC}_is1) (Version: 3.0.3.0 - 中国网络电视台)
ccc-core-static (HKLM-x32\...\{EAEF2F83-E62A-5635-560D-D8DA1E661C89}) (Version: 2011.0124.2249.40874 - ATI) Hidden
Citrix Receiver (HKLM-x32\...\CitrixOnlinePluginPackWeb) (Version: 14.2.0.10 - Citrix Systems, Inc.)
CoffeeCup Free HTML Editor (HKU\S-1-5-21-2261380125-1226403923-318164010-1000\...\CoffeeCup Free HTML Editor) (Version:  - )
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.54.4.51 - Conexant)
D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
DHTML Editing Component (HKLM-x32\...\{2EA870FA-585F-4187-903D-CB9FFD21E2E0}) (Version: 6.02.0001 - Microsoft Corporation)
Dropbox (HKLM-x32\...\Dropbox) (Version: 48.4.58 - Dropbox, Inc.)
Dropbox Update Helper (HKLM-x32\...\{099218A5-A723-43DC-8DB5-6173656A1E94}) (Version: 1.3.59.1 - Dropbox, Inc.) Hidden
Energy Management (HKLM-x32\...\{D0956C11-0F60-43FE-99AD-524E833471BB}) (Version: 6.0.2.8 - Lenovo) Hidden
Energy Management (HKLM-x32\...\InstallShield_{D0956C11-0F60-43FE-99AD-524E833471BB}) (Version: 6.0.2.8 - Lenovo)
Extended Asian Language font pack for Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-2530-0000-AC0F074E4100}) (Version: 15.007.20033 - Adobe Systems Incorporated)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 66.0.3359.139 - Google Inc.)
Google Drive (HKLM-x32\...\{A8DC81F2-D365-4248-892A-FA3B5951F731}) (Version: 2.34.9392.7803 - Google, Inc.)
Google Earth Pro (HKLM\...\{D9EF644E-2FAE-493B-8180-5617CC774C4F}) (Version: 7.3.1.4507 - Google)
Google Toolbar for Internet Explorer (HKLM-x32\...\{18455581-E099-4BA8-BC6B-F34B2F06600C}) (Version: 1.0.0 - Google Inc.) Hidden
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.8231.2252 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.7 - Google Inc.) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden
HTML-Kit 292 (HKLM-x32\...\HTMLKit_is1) (Version: 1.0 - HTMLKit.com)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1118 - Intel Corporation)
ÍøÂçýÌå²¥·ÅÆ÷V3.93°æ (HKLM-x32\...\ÍøÂçýÌå²¥·ÅÆ÷_is1) (Version:  - ±¦ÀöÐÇͨÈí¼þ£¨±±¾©£©ÓÐÏÞ¹«Ë¾)
iTunes (HKLM\...\{3D8C6B05-FE24-4B9C-A57C-B8E1FA39E83D}) (Version: 12.7.4.80 - Apple Inc.)
Java 7 Update 67 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217067FF}) (Version: 7.0.670 - Oracle)
JJVOD (HKLM-x32\...\JJVOD) (Version: 2.8.0.1 - ©jjvod.com Inc.All Rights Reserved.)
Junk Mail filter update (HKLM-x32\...\{400C31E4-796F-4E86-8FDC-C3C4FACC6847}) (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Lenovo Bluetooth with Enhanced Data Rate Software (HKLM\...\{436E0B79-2CFB-4E5F-9380-E17C1B25D0C5}) (Version: 6.3.0.7400 - Broadcom Corporation)
Lenovo EasyCamera (HKLM-x32\...\{ADE16A9D-FBDC-4ECC-B6BD-9C31E51D0333}) (Version: 1.10.1209.1 - Lenovo EasyCamera)
Lenovo YouCam (HKLM-x32\...\{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.1.3603 - CyberLink Corp.) Hidden
Lenovo YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.1.3603 - CyberLink Corp.)
Lenovo_Wireless_Driver (HKLM-x32\...\{28ABE740-47F3-441B-9437-852F6A64EFF8}) (Version: 1.02.01 - Lenovo)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.11.717.1 - McAfee, Inc.)
Microsoft .NET Framework 4.7.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.7.02558 - Microsoft Corporation)
Microsoft Office Home and Business 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Movie Maker (HKLM-x32\...\{5BABDA39-61CF-41EE-992D-4054B6649A9B}) (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Movie Maker (HKLM-x32\...\{ED6C77F9-4D7E-447C-9EC0-9A212D075535}) (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Mozilla Firefox 59.0.2 (x64 en-US) (HKLM\...\Mozilla Firefox 59.0.2 (x64 en-US)) (Version: 59.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 59.0.2.6656 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MYOB ODBC Direct v8 SG (HKLM-x32\...\{D612148C-C453-43E3-A3B2-F07064DA6D2C}) (Version: 8.0.7 - MYOB Technology Pty Ltd) Hidden
MYOB ODBC Direct v8 SG (HKLM-x32\...\InstallShield_{D612148C-C453-43E3-A3B2-F07064DA6D2C}) (Version: 8.0.7 - MYOB Technology Pty Ltd)
MYOB Premier v12 (HKLM-x32\...\{62BD3DF1-2E84-46CF-B20B-4B8520101AAF}) (Version: 12.4 - MYOB Asia Sdn Bhd) Hidden
MYOB Premier v12 (HKLM-x32\...\InstallShield_{62BD3DF1-2E84-46CF-B20B-4B8520101AAF}) (Version: 12.4 - MYOB Asia Sdn Bhd)
Network Scan (HKLM-x32\...\{9C5725B7-2219-410C-A364-90767F71F00C}) (Version:  - )
Online Plug-in (HKLM-x32\...\{247D1CC0-7A71-4ADB-948F-E8703F0B44FB}) (Version: 14.2.0.10 - Citrix Systems, Inc.) Hidden
PageBreeze Free HTML Editor (HKLM-x32\...\PageBreeze Free HTML Editor) (Version:  - )
ppsAddr (HKLM-x32\...\ppsAddr) (Version: 1.0.0.4 - )
PPSGame V1.0.1.466 (HKLM-x32\...\PPSGame) (Version: 1.0.1.466 - PPStream, Inc.)
PPS影音 V2.7.0.1515 正式版 (HKLM-x32\...\PPStream) (Version: 2.7.0.1515 - PPStream, Inc.)
PPTV V3.3.2.0077 (HKLM-x32\...\PPLive) (Version: 3.3.2 - PPLive Corporation)
PrimoPDF -- brought to you by Nitro PDF Software (HKLM-x32\...\PrimoPDF) (Version: 5 - Nitro PDF Software)
QPostPro 2.9.11.189 (HKLM-x32\...\QPostPro) (Version: 2.9.11.189 - Giosis)
RealDownloader (HKLM-x32\...\{6FCD4D5A-20B9-4D79-ABA5-4E7048944025}) (Version: 17.0.15.4 - RealNetworks, Inc.) Hidden
RealDownloader (HKLM-x32\...\{e6171278-8759-449d-9e0b-c1825debc2ad}) (Version: 17.0.15.7 - RealNetworks) Hidden
RealDownloader (HKLM-x32\...\{FBEFDC9E-F8FB-4B66-A78B-09B7B380D59D}) (Version: 17.0.15.7 - RealNetworks) Hidden
RealNetworks - Microsoft Visual C++ 2008 Runtime (HKLM-x32\...\{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}) (Version: 9.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (HKLM\...\{21E47F47-C9A7-4454-BA48-388327B0EA00}) (Version: 10.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (HKLM-x32\...\{AAECF7BA-E83B-4A10-87EA-DE0B333F8734}) (Version: 10.0 - RealNetworks, Inc) Hidden
RealPlayer Cloud (HKLM-x32\...\RealPlayer 17.0) (Version: 17.0.15 - RealNetworks)
Realtek USB 2.0 Reader Driver (HKLM-x32\...\{62BBB2F0-E220-4821-A564-730807D2C34D}) (Version: 6.1.7600.10003 - Realtek Semiconductor Corp.)
RealUpgrade 1.1 (HKLM-x32\...\{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}) (Version: 1.1.0 - RealNetworks, Inc.) Hidden
Revo Uninstaller 2.0.5 (HKLM\...\{A28DBDA2-3CC7-4ADC-8BFE-66D7743C6C97}_is1) (Version: 2.0.5 - VS Revo Group, Ltd.)
SecEditCtl.BOC (only remove) (HKLM-x32\...\SecEditCtl.BOC) (Version: 1.0.1.7 - CFCA)
Self-service Plug-in (HKLM-x32\...\{C787BD95-A1B0-40DF-864F-E75182E828AC}) (Version: 4.2.0.2495 - Citrix Systems, Inc.) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Skype Click to Call (HKLM-x32\...\{873F8E7C-10E6-449F-BD7E-5FBA7C8E1C9B}) (Version: 8.5.0.9167 - Microsoft Corporation)
Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.3.0.0 - Synaptics Incorporated)
TeamViewer 8 (HKLM-x32\...\TeamViewer 8) (Version: 8.0.16447 - TeamViewer)
Tencent QQMail Plugin (HKLM-x32\...\QQMailPlugin) (Version:  - )
Unity Web Player (HKU\S-1-5-21-2261380125-1226403923-318164010-1000\...\UnityWebPlayer) (Version:  - Unity Technologies ApS)
UpdateService (HKLM-x32\...\{E3AE96D6-E196-45B4-AF62-2B41998B9E37}) (Version: 1.0.0 - RealNetworks, Inc.) Hidden
Video Downloader (HKLM-x32\...\{62796191-6F12-4ABE-BA8B-B4D4A266C997}) (Version: 1.0.0 - RealNetworks) Hidden
Visual Studio 2010 x64 Redistributables (HKLM\...\{21B133D6-5979-47F0-BE1C-F6A6B304693F}) (Version: 13.0.0.1 - AVG Technologies)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
Windows Driver Package - Lenovo (ACPIVPC) System  (08/04/2011 6.1.0.1) (HKLM\...\03A1C6133CBCFD1D944CAC45762E2EC5CD524136) (Version: 08/04/2011 6.1.0.1 - Lenovo)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)
Xerox WorkCentre 3210 (HKLM-x32\...\Xerox WorkCentre 3210) (Version:  - )
影视搜索 (HKLM-x32\...\影视搜索) (Version: 1.0.0 - Shenzhen Qvod Technology Co.,Ltd)
微软设备健康助手 (HKLM-x32\...\{2EAC4B0F-6E44-4FF6-AA5E-5D100F2BAA59}) (Version: 1.5.3.1 - Microsoft Corporation)
快播 5.20.238 (HKLM-x32\...\QvodPlayer) (Version: 5.20.238 - Shenzhen Qvod Technology Co.,Ltd)
支付宝安全控件 5.3.0.3807 (HKLM-x32\...\alieditplus) (Version: 5.3.0.3807 - Alipay.com Co., Ltd.)
网络媒体播放器V3.93版 (HKLM-x32\...\网络媒体播放器_is1) (Version:  - 宝丽星通软件(北京)有限公司)
腾讯QQ (HKLM-x32\...\{052CFB79-9D62-42E3-8A15-DE66C2C97C3E}) (Version: 5.5.11447.0 - 腾讯科技(深圳)有限公司)
阿里旺旺 (HKLM-x32\...\阿里旺旺) (Version: 9.12.03C - 阿里巴巴(中国)有限公司)
阿里旺旺2012正式版SP2 (HKLM-x32\...\AliTalk) (Version:  - 阿里巴巴(中国)有限公司)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-2261380125-1226403923-318164010-1000_Classes\CLSID\{08D512D2-7D97-4E22-B7DB-82791106C086}\InprocServer32 -> C:\Users\Account\AppData\Roaming\alipay\cf\alicdo_x64.dll (Alipay)
CustomCLSID: HKU\S-1-5-21-2261380125-1226403923-318164010-1000_Classes\CLSID\{5D09DD40-CDC4-4C56-B615-0D1E3B357C2B}\InprocServer32 -> C:\Program Files (x86)\AliWangWang\9.12.03C\AliIMX_64.dll (Alibaba software (Shanghai) Corporation.)
ShellIconOverlayIdentifiers: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-04-09] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-04-09] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-04-09] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-04-09] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-04-09] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-04-09] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-04-09] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-04-09] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-04-09] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-04-09] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [  GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2017-11-10] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2017-11-10] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2017-11-10] (Google)
ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ShellIconOverlayIdentifiers: [DownloadIcon] -> {A8502600-B272-4F68-A67B-A0305D46D298} => C:\Program Files (x86)\QvodPlayer\QvodExtend\5.0.97.0\QvodExtend_x64.dll [2014-02-18] (Shenzhen QVOD Technology Co.,Ltd)
ShellIconOverlayIdentifiers-x32: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-04-09] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-04-09] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-04-09] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-04-09] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-04-09] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-04-09] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-04-09] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-04-09] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-04-09] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-04-09] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32-x32: [DownloadIcon] -> {A8502600-B272-4F68-A67B-A0305D46D297} => C:\Program Files (x86)\QvodPlayer\QvodExtend\5.0.97.0\QvodExtend.dll [2014-02-18] (Shenzhen QVOD Technology Co.,Ltd)
ShellIconOverlayIdentifiers-x32-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-04-09] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-04-09] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-04-09] (Dropbox, Inc.)
ContextMenuHandlers1: [AVG] -> {472083B1-C522-11CF-8763-00608CC02F24} => C:\Program Files (x86)\AVG\Antivirus\ashShA64.dll [2018-03-14] (AVG Technologies CZ, s.r.o.)
ContextMenuHandlers1: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-04-09] (Dropbox, Inc.)
ContextMenuHandlers1: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files (x86)\Google\Drive\contextmenu64.dll [2017-11-10] (Google)
ContextMenuHandlers1-x32: [OpenFolder] -> {0DE1378D-F811-40E6-B60A-1CC56F57D3E9} => C:\Program Files (x86)\AliWangWang\AliIMExt.dll [2012-08-30] (Alibaba software (Shanghai) Corporation.)
ContextMenuHandlers1-x32: [QvodMenu] -> {9F44453E-1E46-4D5C-B57C-112FF2EDAE82} => C:\Program Files (x86)\QvodPlayer\QvodBand_x64.dll [2014-05-19] (Shenzhen QVOD Technology Co.,Ltd)
ContextMenuHandlers1-x32: [{4C5A0DA6-C2DA-422D-89E1-457978AB87B5}] -> {4C5A0DA6-C2DA-422D-89E1-457978AB87B5} => C:\Windows\system32\kindling.dll [2013-02-22] ()
ContextMenuHandlers3: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ContextMenuHandlers3: [QQShellExt] -> {53D2405C-48AB-4C8A-8F59-CE0610F13BBC} => C:\Program Files (x86)\Tencent\QQ\ShellExt\QQShellExt64.dll [2015-08-16] (Tencent)
ContextMenuHandlers3: [{4A7C4306-57E0-4C0C-83A9-78C1528F618C}] -> {4A7C4306-57E0-4C0C-83A9-78C1528F618C} => c:\program files (x86)\real\realplayer\RPDS\Bin64\rpcloudview.dll [2014-12-07] (RealNetworks, Inc.)
ContextMenuHandlers4: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-04-09] (Dropbox, Inc.)
ContextMenuHandlers4: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files (x86)\Google\Drive\contextmenu64.dll [2017-11-10] (Google)
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\atiacm64.dll [2011-01-24] (Advanced Micro Devices, Inc.)
ContextMenuHandlers5: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-04-09] (Dropbox, Inc.)
ContextMenuHandlers6: [AVG] -> {472083B1-C522-11CF-8763-00608CC02F24} => C:\Program Files (x86)\AVG\Antivirus\ashShA64.dll [2018-03-14] (AVG Technologies CZ, s.r.o.)
ContextMenuHandlers6: [QQShellExt] -> {53D2405C-48AB-4C8A-8F59-CE0610F13BBC} => C:\Program Files (x86)\Tencent\QQ\ShellExt\QQShellExt64.dll [2015-08-16] (Tencent)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0DB9AA91-7A9A-45CF-B013-C55B5E96D606} - System32\Tasks\{057D96D2-8168-4058-BDC9-4B962353B2B4} => C:\Windows\system32\pcalua.exe -a C:\Windows\system32\pcwrun.exe -c "C:\Program Files (x86)\Novasoft\vodplayer\VODPlayer.exe"
Task: {226F53A5-4780-46E5-A3F7-A6B927CC793B} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-02] (Google Inc.)
Task: {24F81D6F-C71F-43D4-8CC1-09F46B03D9BB} - System32\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-2261380125-1226403923-318164010-1000 => C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe [2014-10-26] (RealNetworks, Inc.)
Task: {2ACFD265-38E7-4E24-B511-A57BCD4B69B1} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-02] (Google Inc.)
Task: {376F0E01-72DA-4823-9495-DFB27E386B89} - System32\Tasks\AliUpdater{05604BC3-3FE6-4893-92F9-6C5B1D7AEDC3} => C:\Program Files (x86)\AliWangWang\AliTask.exe [2018-04-07] (Alibaba software (Shanghai) Corporation.)
Task: {3CEF5C8C-28D2-4412-B168-44361E1F47D8} - System32\Tasks\AVG\Overseer => C:\Program Files\Common Files\AVG\Overseer\overseer.exe [2018-02-11] (AVG Technologies CZ, s.r.o.)
Task: {4B64FA0E-F10D-4722-8D85-B247CB41839A} - System32\Tasks\微软设备健康助手设备检查 => C:\Program Files (x86)\Microsoft Device Health\PluginManager\DhPluginMgrScheduler.exe [2015-01-30] (Microsoft Corporation)
Task: {4BFE5130-9082-4CBC-AC93-A7E33068BECA} - System32\Tasks\ROC_REG_JAN_DELETE => C:\ProgramData\AVG January 2013 Campaign\ROC.exe [2013-01-17] ()
Task: {5DADECEB-6443-46D1-9BC2-612F0D9402F6} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2018-02-09] (Adobe Systems Incorporated)
Task: {6551AC81-E981-4ECA-BCC1-925C98BB3177} - System32\Tasks\Boot Trigger ICBC Task => C:\Program Files\ICBCEbankTools\ICBCSetupIntegration\RunEBank.exe
Task: {678ADBBE-B43E-4CCE-BC68-ED54A2756E42} - System32\Tasks\AVG-SSU_0616tb => C:\ProgramData\Avg_Update_0616tb\AVG-Secure-Search-Update_0616tb.exe [2016-06-21] ()
Task: {6B181AB8-F540-4321-AB63-0892DC08BBB2} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe
Task: {73E3241E-737C-4B8B-817E-E8978D94BD3F} - System32\Tasks\微软设备健康助手开机检测 => C:\Program Files (x86)\Microsoft Device Health\DhUpdate.exe [2015-01-30] (Microsoft Corporation)
Task: {820E7862-A3C9-430D-AF32-67C99B3EC3AA} - System32\Tasks\{A7284660-08DD-4A91-B333-0E3DC75CFF22} => C:\Windows\system32\pcalua.exe -a "C:\Users\Account\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6HAGM96K\vodplayer.exe" -d C:\Users\Account\Desktop
Task: {8C75C3E7-CFAE-4F3E-A1CA-1AD955F6B0D8} - System32\Tasks\微软设备健康助手自动更新 => C:\Program Files (x86)\Microsoft Device Health\DhUpdate.exe [2015-01-30] (Microsoft Corporation)
Task: {8E5B50B7-CE08-4B6A-B967-6AF231E5562B} - System32\Tasks\{3CAE6C31-7C03-4741-9068-D308EB1C2BCD} => C:\Windows\system32\pcalua.exe -a D:\G470\Chipset-IN1CHP36WW5.exe -d D:\G470
Task: {92440F9F-17FA-47D3-B5A8-5D3B8C20F660} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-2261380125-1226403923-318164010-1000 => C:\Program Files (x86)\RealNetworks\RealDownloader\RealUpgrade.exe [2014-10-26] (RealNetworks, Inc.)
Task: {924AE952-0077-4D32-8774-E614493EF962} - System32\Tasks\AVG-SSU_0616tb_DELETE => C:\ProgramData\Avg_Update_0616tb\AVG-Secure-Search-Update_0616tb.exe [2016-06-21] ()
Task: {996BEB92-BE4C-440B-B334-E0D5A445F875} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2018-04-11] (Adobe Systems Incorporated)
Task: {A1105825-06CE-4196-B8F8-43C9C8B66F28} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-2261380125-1226403923-318164010-1000 => C:\Program Files (x86)\RealNetworks\RealDownloader\RealUpgrade.exe [2014-10-26] (RealNetworks, Inc.)
Task: {AC8222F7-E3C7-42C9-963B-4DA90A9A8200} - System32\Tasks\RealDownloader Update Check => C:\Program Files (x86)\RealNetworks\RealDownloader\downloader2.exe [2014-10-29] ()
Task: {B470399E-6998-4069-B160-BAA03421AC68} - System32\Tasks\{D04A93A9-EE8B-4D28-924E-C77022B119A8} => C:\Windows\system32\pcalua.exe -a D:\G470\VideoIN2VDO68WW6.exe -d D:\G470
Task: {B723E6F6-72DF-42F6-8FD3-8BDF59D8CB3F} - System32\Tasks\MirageAgent => C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe [2010-12-05] (CyberLink)
Task: {BEDBA3FA-9198-4E28-A27B-38A42256256C} - System32\Tasks\{8E5AB7CD-5264-4414-A23A-7A5094AEA9C3} => C:\Windows\system32\pcalua.exe -a "C:\Users\Account\Downloads\winxp q323172.exe" -d C:\Users\Account\Downloads
Task: {C74B4655-E010-479F-8D09-30833481CF23} - System32\Tasks\0116tbUpdateInfo => C:\ProgramData\Avg_Update_0116tb\0116tb_{ABFCC42C-FA80-4897-B891-15A58964CA32}.exe [2016-02-04] ()
Task: {CB763F1A-E1CD-47FC-AC9F-16EA5CBE8E4F} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-06-05] (Dropbox, Inc.)
Task: {CFCB9DBC-E716-424D-977A-ECAA4DB82E90} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-06-05] (Dropbox, Inc.)
Task: {DFBF8D04-6A45-4A9D-8127-088D9D15A349} - System32\Tasks\Antivirus Emergency Update => C:\Program Files (x86)\AVG\Antivirus\AvEmUpdate.exe [2018-03-14] (AVG Technologies CZ, s.r.o.)
Task: {EC6667BC-BC29-41C0-80D3-4037ACEE262F} - System32\Tasks\AVG EUpdate Task => avgsetupx.exe
Task: {F05D1D42-D608-4D91-8E21-20C1909F5EFF} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2018-01-08] (Apple Inc.)
Task: {F89C1FB9-0F65-4900-A0AC-5E557320E354} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_29_0_0_140_Plugin.exe [2018-04-11] (Adobe Systems Incorporated)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\0116tbUpdateInfo.job => C:\ProgramData\Avg_Update_0116tb\0116tb_{ABFCC42C-FA80-4897-B891-15A58964CA32}.exe
Task: C:\Windows\Tasks\AliUpdater{05604BC3-3FE6-4893-92F9-6C5B1D7AEDC3}.job => C:\Program Files (x86)\AliWangWang\AliTask.exe
Task: C:\Windows\Tasks\AVG-SSU_0616tb.job => C:\ProgramData\Avg_Update_0616tb\AVG-Secure-Search-Update_0616tb.exe
Task: C:\Windows\Tasks\AVG-SSU_0616tb_DELETE.job => C:\ProgramData\Avg_Update_0616tb\AVG-Secure-Search-Update_0616tb.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\ROC_REG_JAN_DELETE.job => C:\ProgramData\AVG January 2013 Campaign\ROC.exe
Task: C:\Windows\Tasks\微软设备健康助手开机检测.job => C:\Program Files (x86)\Microsoft Device Health\DhUpdate.exe/EnableDHSYSTEMH此任务用于微软设备健康助手的状态检测和自我修复。了解更多请查阅hxxp:/support.microsoft.com
Task: C:\Windows\Tasks\微软设备健康助手自动更新.job => C:\Program Files (x86)\Microsoft Device Health\DhUpdate.exeSYSTEMZ此服务属于微软设备健康助手用于获取最新的版本有助于提高设备健康度及保障支付安全。了解更多请查阅hxxp:/support.microsoft.com
Task: C:\Windows\Tasks\微软设备健康助手设备检查.job => C:\Program Files (x86)\Microsoft Device Health\PluginManager\DhPluginMgrScheduler.exeSYSTEMC此任务用于微软设备健康助手的设备检查。了解更多请查阅hxxp:/support.microsoft.com

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


==================== Loaded Modules (Whitelisted) ==============


==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Users\Account\Downloads\2014噶舉祈願法會 點燈祈願文 17世大寶法王 王菲獻唱 HQ版.mp4:com.dropbox.attributes [168]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Option => "OptionValue"="2"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\.DEFAULT\...\alipay.com -> hxxps://alipay.com
IE trusted site: HKU\.DEFAULT\...\alipay.com -> hxxp://alipay.com
IE trusted site: HKU\.DEFAULT\...\alisoft.com -> hxxps://alisoft.com
IE trusted site: HKU\.DEFAULT\...\alisoft.com -> hxxp://alisoft.com
IE trusted site: HKU\.DEFAULT\...\taobao.com -> hxxps://taobao.com
IE trusted site: HKU\.DEFAULT\...\taobao.com -> hxxp://taobao.com
IE trusted site: HKU\S-1-5-21-2261380125-1226403923-318164010-1000\...\bankofchina.com -> hxxp://www.bankofchina.com
IE trusted site: HKU\S-1-5-21-2261380125-1226403923-318164010-1000\...\boc.cn -> hxxps://ebs.boc.cn
IE trusted site: HKU\S-1-5-21-2261380125-1226403923-318164010-1000\...\icbc.com.cn -> hxxps://icbc.com.cn

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 10:34 - 2018-04-06 11:45 - 000000901 _____ C:\Windows\system32\Drivers\etc\hosts

0.0.0.1    mssplus.mcafee.com

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2261380125-1226403923-318164010-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Account\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is disabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

MSCONFIG\Services: RealNetworks Downloader Resolver Service => 2
MSCONFIG\Services: RealPlayer Cloud Service => 2
MSCONFIG\Services: RealPlayerUpdateSvc => 2
MSCONFIG\Services: TeamViewer8 => 2
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^RealPlayer Cloud Service UI.lnk => C:\Windows\pss\RealPlayer Cloud Service UI.lnk.CommonStartup
MSCONFIG\startupreg: CBoxService => C:\Program Files (x86)\CNTV\CBox\CBoxService.exe
MSCONFIG\startupreg: CitrixReceiver => "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Citrix\Receiver Updater.lnk"
MSCONFIG\startupreg: ConnectionCenter => "C:\Program Files (x86)\Citrix\ICA Client\concentr.exe" /startup
MSCONFIG\startupreg: PPS Accelerator => D:\PPS.tv\PPStream\PPSKernel.exe
MSCONFIG\startupreg: QvodTerminal => "C:\Program Files (x86)\QvodPlayer\QvodTerminal.exe" -autorun
MSCONFIG\startupreg: RealDownloader => C:\Program Files (x86)\RealNetworks\RealDownloader\downloader2.exe
MSCONFIG\startupreg: Redirector => "C:\Program Files (x86)\Citrix\ICA Client\redirector.exe" /startup
MSCONFIG\startupreg: TkBellExe => "c:\program files (x86)\real\realplayer\Update\realsched.exe" -osboot
MSCONFIG\startupreg: YouCam Tray => "C:\Program Files (x86)\Lenovo\YouCam\YouCam.exe" /s

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{AB6E3A10-7202-45FF-A47B-6B3B91EDC110}] => (Allow) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer.exe
FirewallRules: [{02DBF7AE-E4DE-4367-9B37-A89799096526}] => (Allow) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer.exe
FirewallRules: [{8EF9088C-4889-4619-8B6E-6202BC11242D}] => (Allow) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
FirewallRules: [{C4E04991-D621-4173-846B-82EEC926033A}] => (Allow) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
FirewallRules: [{1673A0F9-EC7A-4622-B15F-9B38C7F241D9}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{256E018E-CCE1-460F-A882-DF1595A26014}] => (Allow) C:\Windows\twain_32\Xerox\WC3210\Sscan2io.exe
FirewallRules: [{19FA3DAD-BD9C-4CF8-AA92-FE74F166E8AC}] => (Allow) C:\Windows\twain_32\Xerox\WC3210\Sscan2io.exe
FirewallRules: [TCP Query User{E39E24EF-9C62-44D5-A8DC-4E072D9380D7}C:\program files (x86)\xerox\networkscan\nscsysui_xerox.exe] => (Allow) C:\program files (x86)\xerox\networkscan\nscsysui_xerox.exe
FirewallRules: [UDP Query User{9DAA3940-1894-4C0D-B0E0-6E738F47C3AF}C:\program files (x86)\xerox\networkscan\nscsysui_xerox.exe] => (Allow) C:\program files (x86)\xerox\networkscan\nscsysui_xerox.exe
FirewallRules: [{A73CFFFE-AE44-4E42-86C0-3958D117AEAA}] => (Allow) C:\Users\Account\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RH0Q6J4G\QvodSetup5.exe
FirewallRules: [{DA3ABF99-5921-4E3E-A843-CB7CA8341CBA}] => (Allow) C:\Users\Account\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RH0Q6J4G\QvodSetup5.exe
FirewallRules: [TCP Query User{7ABBE3B6-B309-4BCC-AA6A-14BC9DD45DCE}C:\program files (x86)\kuaiwan\kuaiwan.exe] => (Block) C:\program files (x86)\kuaiwan\kuaiwan.exe
FirewallRules: [UDP Query User{AB10C093-6DCF-4665-BD0E-127E47880DAD}C:\program files (x86)\kuaiwan\kuaiwan.exe] => (Block) C:\program files (x86)\kuaiwan\kuaiwan.exe
FirewallRules: [TCP Query User{5B4BAA0D-BC3D-4C94-8358-57E8669C1C06}C:\program files (x86)\qvodplayer\qvodplayer.exe] => (Block) C:\program files (x86)\qvodplayer\qvodplayer.exe
FirewallRules: [UDP Query User{1020185B-21C1-4A96-B360-1C0EDE11D9E7}C:\program files (x86)\qvodplayer\qvodplayer.exe] => (Block) C:\program files (x86)\qvodplayer\qvodplayer.exe
FirewallRules: [TCP Query User{5BB23285-DFDB-4DB5-A76E-625038226E21}C:\program files (x86)\qvodplayer\qvodterminal.exe] => (Block) C:\program files (x86)\qvodplayer\qvodterminal.exe
FirewallRules: [UDP Query User{02FC0129-27F9-49EC-A3B6-B53EDB48F5BA}C:\program files (x86)\qvodplayer\qvodterminal.exe] => (Block) C:\program files (x86)\qvodplayer\qvodterminal.exe
FirewallRules: [TCP Query User{4FB09545-BBC2-4D65-86AD-8E7C0C63DDD1}C:\program files (x86)\kuaiwan\kuaiwan.exe] => (Block) C:\program files (x86)\kuaiwan\kuaiwan.exe
FirewallRules: [UDP Query User{5DE233A4-B721-48A3-8B6C-FC19F0221BB9}C:\program files (x86)\kuaiwan\kuaiwan.exe] => (Block) C:\program files (x86)\kuaiwan\kuaiwan.exe
FirewallRules: [TCP Query User{8AE05611-33E4-4CF4-83FA-9F0AEF7A4397}C:\program files (x86)\qvodplayer\qvodterminal.exe] => (Allow) C:\program files (x86)\qvodplayer\qvodterminal.exe
FirewallRules: [UDP Query User{5BFCB62B-181B-47E9-BFBA-D4943F409FC0}C:\program files (x86)\qvodplayer\qvodterminal.exe] => (Allow) C:\program files (x86)\qvodplayer\qvodterminal.exe
FirewallRules: [TCP Query User{A348EF1B-6BBB-4142-A94D-9471C5F98242}C:\program files (x86)\aliwangwang\aliim.exe] => (Allow) C:\program files (x86)\aliwangwang\aliim.exe
FirewallRules: [UDP Query User{D05EF55D-2FC4-43AB-9637-6AF8E7975976}C:\program files (x86)\aliwangwang\aliim.exe] => (Allow) C:\program files (x86)\aliwangwang\aliim.exe
FirewallRules: [TCP Query User{85D627C4-EC67-48FC-B655-0C161DAD9895}C:\program files (x86)\xerox\networkscan\nscsysui_xerox.exe] => (Allow) C:\program files (x86)\xerox\networkscan\nscsysui_xerox.exe
FirewallRules: [UDP Query User{DEC26553-8B98-4964-8369-37ACCDC3C1A8}C:\program files (x86)\xerox\networkscan\nscsysui_xerox.exe] => (Allow) C:\program files (x86)\xerox\networkscan\nscsysui_xerox.exe
FirewallRules: [{9F25270E-F31D-4792-B213-834232BBFE7E}] => (Allow) C:\Program Files (x86)\AVG\AVG2013\avgmfapx.exe
FirewallRules: [{9B516A25-8370-41E9-AAE6-1C743C5093F1}] => (Allow) C:\Program Files (x86)\AVG\AVG2013\avgmfapx.exe
FirewallRules: [TCP Query User{EB027DDF-C7B0-415A-BCAB-425C0F92BD8E}C:\program files (x86)\internet explorer\iexplore.exe] => (Allow) C:\program files (x86)\internet explorer\iexplore.exe
FirewallRules: [UDP Query User{0FF1C045-81B9-46DB-83BF-FBBBE4828A16}C:\program files (x86)\internet explorer\iexplore.exe] => (Allow) C:\program files (x86)\internet explorer\iexplore.exe
FirewallRules: [{E4F9FEA7-74F8-4239-99BF-16741B1C9821}] => (Allow) C:\Users\Account\AppData\Roaming\PPStream\ppsupdate.exe
FirewallRules: [{72E55604-6886-46C4-8A2D-185326FA81D7}] => (Allow) C:\Users\Account\AppData\Roaming\PPStream\ppsupdate.exe
FirewallRules: [{20723F6D-E420-4DBE-882A-598B8DE4EF2F}] => (Allow) D:\PPS.tv\PPStream\PPStream.exe
FirewallRules: [{F026F987-0D33-41D5-A36B-E867333FB60C}] => (Allow) D:\PPS.tv\PPStream\PPStream.exe
FirewallRules: [{857291D8-E34E-4420-ABC1-4FE7B91ED828}] => (Allow) D:\PPS.tv\PPStream\PPSKernel.exe
FirewallRules: [{68BA5341-D9C0-4532-AE58-A59F90D56F15}] => (Allow) D:\PPS.tv\PPStream\PPSKernel.exe
FirewallRules: [{D503E695-A9A2-4A79-95F0-F9D6F02C7D73}] => (Allow) D:\PPS.tv\PPSGame\PPSGame.exe
FirewallRules: [{534E7A97-505E-46CA-AB7C-F2121E09EA65}] => (Allow) D:\PPS.tv\PPSGame\PPSGame.exe
FirewallRules: [{59BC75B9-52C2-4EE6-BA00-7A5908787552}] => (Allow) D:\PPS.tv\PPSGame\updater.exe
FirewallRules: [{02E70945-2994-4F11-97E3-22F07AF2F1DD}] => (Allow) D:\PPS.tv\PPSGame\updater.exe
FirewallRules: [TCP Query User{78B9BFCC-36AA-498D-94BB-3518D8F595EA}D:\pps.tv\ppstream\ppskernel.exe] => (Block) D:\pps.tv\ppstream\ppskernel.exe
FirewallRules: [TCP Query User{339CE309-D0F3-48F4-B446-494D58F4270D}C:\program files (x86)\qvodplayer\qvodplayer.exe] => (Block) C:\program files (x86)\qvodplayer\qvodplayer.exe
FirewallRules: [UDP Query User{2F743225-0E89-4831-93F4-66BD71DDBD90}C:\program files (x86)\qvodplayer\qvodplayer.exe] => (Block) C:\program files (x86)\qvodplayer\qvodplayer.exe
FirewallRules: [{E2D9AFCE-9DB9-4517-AF7E-A46170385632}] => (Allow) C:\Users\Account\AppData\Roaming\PPStream\ppsupdate.exe
FirewallRules: [{78BDA1D4-407D-40E0-872E-FF5D7461F5D0}] => (Allow) D:\PPS.tv\PPStream\PPStream.exe
FirewallRules: [{9AEE5A45-CC0F-4339-ACCC-67BC4DE8F94B}] => (Allow) D:\PPS.tv\PPStream\PPSKernel.exe
FirewallRules: [{E57BC01E-3CDE-4C56-8376-998EFA4B4525}] => (Allow) C:\Program Files (x86)\PPLive\PPTV\PPLive.exe
FirewallRules: [{5A157E3A-8F86-4A92-9605-033E254CBA18}] => (Allow) C:\Program Files (x86)\PPLive\PPTV\PPLive.exe
FirewallRules: [{E6F54B57-8C55-445C-A927-C0FA83341525}] => (Allow) C:\Program Files (x86)\PPLive\PPTV\3.3.2.0077\PPLiveU.exe
FirewallRules: [{4F97B66C-244E-486C-AB74-D8FDDA57440C}] => (Allow) C:\Program Files (x86)\PPLive\PPTV\3.3.2.0077\PPLiveU.exe
FirewallRules: [{E8A66B64-65DF-4D9B-A8DC-C0910E246A38}] => (Allow) C:\Program Files (x86)\PPLive\PPTV\3.3.2.0077\RepairSetup.exe
FirewallRules: [{30ADD2BF-73AD-47F7-ACD3-66C771BE0BE6}] => (Allow) C:\Program Files (x86)\PPLive\PPTV\3.3.2.0077\RepairSetup.exe
FirewallRules: [{72B489D0-9CC9-4FF3-B1B9-7B3B1939FA32}] => (Allow) C:\Program Files (x86)\PPLive\PPTV\3.3.2.0077\crashreporter.exe
FirewallRules: [{D7757E44-5289-4337-883E-B85A69C738CF}] => (Allow) C:\Program Files (x86)\PPLive\PPTV\3.3.2.0077\crashreporter.exe
FirewallRules: [{1A0A6505-3686-484C-B420-A811901DBA6F}] => (Allow) C:\Windows\System32\PPTVLauncher.exe
FirewallRules: [{F13A1D57-57C9-4B81-9A0B-7177770E0C2F}] => (Allow) C:\Windows\System32\PPTVLauncher.exe
FirewallRules: [{07E79EFD-152C-4FE3-8FA1-B6F3741080B0}] => (Allow) C:\Program Files (x86)\Common Files\PPLiveNetwork\PPAP.exe
FirewallRules: [{8BF59435-BDD4-459C-A447-E5514EF208C2}] => (Allow) C:\Program Files (x86)\Common Files\PPLiveNetwork\PPAP.exe
FirewallRules: [{24A10776-01B7-421A-AF2C-89F6FE3BEBC0}] => (Allow) C:\Program Files (x86)\Internet Explorer\PPLite\plugin\1.0.1.3471\PluginInstaller.exe
FirewallRules: [{E68DAB9C-82CA-4E66-A22C-6F5AF8839660}] => (Allow) C:\Program Files (x86)\Internet Explorer\PPLite\plugin\1.0.1.3471\PluginInstaller.exe
FirewallRules: [TCP Query User{D5F4655E-4506-4FE4-8A59-75FCC14F63B2}C:\program files (x86)\common files\pplivenetwork\ppap.exe] => (Block) C:\program files (x86)\common files\pplivenetwork\ppap.exe
FirewallRules: [UDP Query User{0C274FA0-08AB-4879-B225-BB358B0801CB}C:\program files (x86)\common files\pplivenetwork\ppap.exe] => (Block) C:\program files (x86)\common files\pplivenetwork\ppap.exe
FirewallRules: [{1D85F381-2823-46AE-AA55-B8BE7086C738}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{3B82B452-934B-46A8-B8E7-F8C1B208EC52}] => (Allow) LPort=2869
FirewallRules: [{AEB30D98-F0CE-4BED-BE02-7AF3D68C2326}] => (Allow) LPort=1900
FirewallRules: [{2918298C-F99D-46DD-95F8-3D8AC2C4BAC1}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [TCP Query User{54C70AF5-647A-4579-88BA-305271024B1B}C:\users\account\appdata\roaming\dropbox\bin\dropbox.exe] => (Allow) C:\users\account\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [UDP Query User{512F2DFB-5509-47EB-B574-A908F2C0D36B}C:\users\account\appdata\roaming\dropbox\bin\dropbox.exe] => (Allow) C:\users\account\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [{E84B73AB-C6B3-46AC-90AA-98321ADE3449}] => (Allow) C:\Users\Account\AppData\Roaming\Tencent\QQ\STemp\SetupEx0\QQSetupEx.exe
FirewallRules: [{EABB19E3-C258-4571-9423-9C630DE1C683}] => (Allow) C:\Program Files (x86)\Tencent\QQ\QQProtect\Bin\QQProtect.exe
FirewallRules: [{7880AA0B-1A88-456D-BEA5-D6C24040CD8A}] => (Allow) C:\Program Files (x86)\Tencent\QQ\Bin\QQ.exe
FirewallRules: [{13E7E3EA-BDE2-4D80-885B-B5C52EEC0DDF}] => (Allow) C:\Program Files (x86)\Tencent\QQ\Bin\auclt.exe
FirewallRules: [{0AA683F5-BD02-4005-BCE4-1AFD8593696E}] => (Allow) C:\Program Files (x86)\Tencent\QQ\Bin\txupd.exe
FirewallRules: [{CE6734CA-8E84-4505-8CC4-56A939E36A46}] => (Allow) C:\Program Files (x86)\Tencent\QQ\Bin\SetupEx\SetupEx.exe
FirewallRules: [{F992A82F-4045-476B-B207-9D2526C4E0A1}] => (Allow) C:\Program Files (x86)\Tencent\QQ\Bin\maLauncher.exe
FirewallRules: [{AB8655C0-2AB4-4E72-A38F-0D83DE8BF200}] => (Allow) C:\Program Files (x86)\Tencent\QQ\Bin\maUpdat.exe
FirewallRules: [{D8F39B18-F2FC-4B69-9548-7886AFDE28D6}] => (Allow) C:\program files (x86)\common files\tencent\qqdownload\128\tencentdl.exe
FirewallRules: [{F0969E49-CA70-428F-9C68-E0F5E2990F5E}] => (Allow) C:\program files (x86)\common files\tencent\qqdownload\128\bugreport_xf.exe
FirewallRules: [{3421567B-1FC4-4DCD-9DD8-3D521323B324}] => (Allow) C:\Program Files (x86)\Tencent\QQMusic\QzoneMusic\QzoneMusic.exe
FirewallRules: [{A209754B-0E0E-45E3-A824-F10F2B87A17A}] => (Allow) C:\Program Files (x86)\Tencent\QQMusic\QzoneMusic\QzoneMusic.exe
FirewallRules: [{EDECEB2A-F2DF-49AB-B131-B8148489AA40}] => (Allow) C:\Users\Account\AppData\Roaming\Tencent\QQ\STemp\BackupDLTmp\Download\MiniQTUpdate.exe
FirewallRules: [{B5AC7912-820B-4487-921D-FF48363BD8F8}] => (Allow) C:\Users\Account\AppData\Roaming\Tencent\QQ\STemp\BackupDLTmp\Download\MiniQTUpdate.exe
FirewallRules: [{807C1A11-E619-4B44-ADD5-F5EDF92E2D81}] => (Allow) C:\program files (x86)\common files\tencent\qqminidl\56\qqminidl.exe
FirewallRules: [{F2B4163B-4EA0-479C-ADAA-B09202C4EBCE}] => (Allow) C:\program files (x86)\common files\tencent\qqminidl\56\QQGameUpUI.exe
FirewallRules: [{7C42BF0C-9C89-4CA3-B544-267B3AD5FE01}] => (Allow) C:\program files (x86)\common files\tencent\qqminidl\56\QQMiniDLUI.exe
FirewallRules: [{181840C9-AE07-4B62-9A17-18A28C15A19A}] => (Allow) C:\Users\Public\Documents\Tencent\QQGameMicro\IEProc.exe
FirewallRules: [{82C1697C-FBBA-49D5-8F85-032466CB69CF}] => (Allow) C:\Users\Public\Documents\Tencent\QQGameMicro\QQGameMicro.exe
FirewallRules: [TCP Query User{7936F343-AB96-422F-B67B-3425C03DBA44}C:\program files (x86)\aliwangwang\aliim.exe] => (Allow) C:\program files (x86)\aliwangwang\aliim.exe
FirewallRules: [UDP Query User{C0A432B8-DE9D-4955-9B2B-F1C34F351CE2}C:\program files (x86)\aliwangwang\aliim.exe] => (Allow) C:\program files (x86)\aliwangwang\aliim.exe
FirewallRules: [TCP Query User{8C33C280-9D7E-4FB2-807E-E64EFAC40170}C:\program files (x86)\internet explorer\iexplore.exe] => (Block) C:\program files (x86)\internet explorer\iexplore.exe
FirewallRules: [UDP Query User{3291ABFC-FE01-4DB4-8CCB-EE7D9631C0A5}C:\program files (x86)\internet explorer\iexplore.exe] => (Block) C:\program files (x86)\internet explorer\iexplore.exe
FirewallRules: [TCP Query User{DAF318C2-9C51-45BD-AE85-999615EE74C8}C:\program files (x86)\qvodplayer\qvodiosdown.exe] => (Block) C:\program files (x86)\qvodplayer\qvodiosdown.exe
FirewallRules: [UDP Query User{855372C2-22F3-4459-BBDE-904A91A2A28E}C:\program files (x86)\qvodplayer\qvodiosdown.exe] => (Block) C:\program files (x86)\qvodplayer\qvodiosdown.exe
FirewallRules: [{19B7AF09-315C-4853-9DB4-98F50E6CDB4B}] => (Allow) c:\program files (x86)\real\realplayer\RPDS\Bin\rpdsvc.exe
FirewallRules: [{8E3EE6B9-9E56-4A6F-B952-D3676A204E2B}] => (Allow) C:\program files (x86)\common files\tencent\qqdownload\128\bugreport_xf.exe
FirewallRules: [{709D5AB2-1AB2-411F-B032-318FDC793771}] => (Allow) C:\program files (x86)\common files\tencent\qqdownload\128\tencentdl.exe
FirewallRules: [{28826F20-86CD-4323-9C37-8CAE936F9795}] => (Allow) C:\Program Files (x86)\Tencent\QQ\Bin\maLauncher.exe
FirewallRules: [{BF80D785-411E-49B6-9B6F-1D1A41CC744F}] => (Allow) C:\Program Files (x86)\Tencent\QQ\Bin\maLauncher.exe
FirewallRules: [{4BE6E1F7-FDB5-46C1-868B-7A548D460326}] => (Allow) C:\Program Files (x86)\Tencent\QQ\Bin\maUpdat.exe
FirewallRules: [{6161DC5E-73EF-49F6-B10A-69597F46E38F}] => (Allow) C:\Program Files (x86)\Tencent\QQ\Bin\maUpdat.exe
FirewallRules: [TCP Query User{F1C36FBF-7B23-4122-8EC1-D9A600AAABFB}C:\program files (x86)\tencent\qq\bin\setupex\qqsetupex.exe] => (Allow) C:\program files (x86)\tencent\qq\bin\setupex\qqsetupex.exe
FirewallRules: [UDP Query User{4D2031E5-31FA-41AE-A785-FAAACA36CBF0}C:\program files (x86)\tencent\qq\bin\setupex\qqsetupex.exe] => (Allow) C:\program files (x86)\tencent\qq\bin\setupex\qqsetupex.exe
FirewallRules: [{20A7525F-EE99-47E0-9673-1D0C892455AD}] => (Allow) C:\program files (x86)\common files\tencent\qqminidl\60\QQGameUpUI.exe
FirewallRules: [{764E3BFA-51BF-411B-98EE-5BF32DA6A424}] => (Allow) C:\program files (x86)\common files\tencent\qqminidl\60\QQMiniDLUI.exe
FirewallRules: [{2D321C92-D967-47DD-AB72-28BE7C51FD15}] => (Allow) C:\program files (x86)\common files\tencent\qqminidl\60\qqminidl.exe
FirewallRules: [{D8BC3395-C5BA-4637-849A-5C356C9CAB6C}] => (Allow) C:\Program Files (x86)\Tencent\QZoneMusic\2015.1.1.22.25.38\QzoneMusic.exe
FirewallRules: [{E08ABBC8-56D8-41EB-94C2-F0E743471D77}] => (Allow) C:\Users\Account\AppData\Local\Temp\QQPCDetector.exe
FirewallRules: [{EA1E68E7-54A6-4BBF-BBBE-954CC26CA8DE}] => (Allow) C:\Users\Account\AppData\Local\Temp\QQPCDetector.exe
FirewallRules: [{4E755B44-8E4A-4F47-87D4-12D938134F5B}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{B787DE67-E76D-48E6-BB71-36E425D8BB19}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{A9DF4525-1759-4470-B0D4-8686F9F5DD10}] => (Allow) C:\program files (x86)\common files\tencent\qqdownload\128\tencentdl.exe
FirewallRules: [{F61BD619-A963-4BD9-8A86-A217F7E3E5AB}] => (Allow) C:\program files (x86)\common files\tencent\qqdownload\128\bugreport_xf.exe
FirewallRules: [{CFFFBDB8-0C21-424C-845E-1D6974A073C2}] => (Allow) C:\program files (x86)\common files\tencent\qqdownload\128\tencentdl.exe
FirewallRules: [{AC8138EC-EEB4-4D97-8900-00D4EE89D7E4}] => (Allow) C:\program files (x86)\common files\tencent\qqdownload\128\bugreport_xf.exe
FirewallRules: [{97762779-3517-47BA-B17E-AD8B05B57948}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgmfapx.exe
FirewallRules: [{27617491-9BB3-47E1-B5A7-2F0D7965F4C8}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgmfapx.exe
FirewallRules: [{9F96B958-DD45-464E-804B-CEF442647B14}] => (Allow) C:\program files (x86)\common files\tencent\qqdownload\128\bugreport_xf.exe
FirewallRules: [{06B29392-8623-469C-8B61-52063A12C29F}] => (Allow) C:\program files (x86)\common files\tencent\qqdownload\128\tencentdl.exe
FirewallRules: [TCP Query User{AA37BE4E-8D07-459B-9E09-FB14A95E11B6}C:\program files (x86)\qvodplayer\qvoddaily.exe] => (Block) C:\program files (x86)\qvodplayer\qvoddaily.exe
FirewallRules: [UDP Query User{31AA30EC-F222-44A2-8E59-DFDE9749CFAA}C:\program files (x86)\qvodplayer\qvoddaily.exe] => (Block) C:\program files (x86)\qvodplayer\qvoddaily.exe
FirewallRules: [TCP Query User{C74432BC-FC51-4B81-AECC-D22A1782E381}C:\program files (x86)\jjplayer\hdacc.exe] => (Allow) C:\program files (x86)\jjplayer\hdacc.exe
FirewallRules: [UDP Query User{D7F72B01-8D4D-40F0-B564-506A118DAAA0}C:\program files (x86)\jjplayer\hdacc.exe] => (Allow) C:\program files (x86)\jjplayer\hdacc.exe
FirewallRules: [TCP Query User{17AC32C1-78E8-4AFB-8C17-E55943ABCD12}C:\program files (x86)\jjplayer\hdacc.exe] => (Block) C:\program files (x86)\jjplayer\hdacc.exe
FirewallRules: [UDP Query User{F20DFE15-2942-4B50-947B-1655A2B4ABE0}C:\program files (x86)\jjplayer\hdacc.exe] => (Block) C:\program files (x86)\jjplayer\hdacc.exe
FirewallRules: [{16F5FA7B-A650-4198-89DF-6A352C5BA86A}] => (Allow) C:\Program Files (x86)\AVG\Av\avgmfapx.exe
FirewallRules: [{9FA357BA-4CC1-42CC-BE41-023F6F1DC994}] => (Allow) C:\Program Files (x86)\AVG\Av\avgmfapx.exe
FirewallRules: [{08C38114-C80B-4830-8E92-FB7333BFCAB1}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{0B0A9341-29B3-418C-A2CE-E3AB996B3ECE}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{ECB5F7B8-670D-4BCE-89AF-B53B0859AA3C}C:\windows\syswow64\rundll32.exe] => (Block) C:\windows\syswow64\rundll32.exe
FirewallRules: [UDP Query User{C653EDD3-5C93-4D8A-8B8F-C1F050395F55}C:\windows\syswow64\rundll32.exe] => (Block) C:\windows\syswow64\rundll32.exe
FirewallRules: [TCP Query User{CEC3BFCD-16DA-47EF-97CC-543CFC4AB4F5}C:\program files (x86)\cntv\cbox\cbox.exe] => (Allow) C:\program files (x86)\cntv\cbox\cbox.exe
FirewallRules: [UDP Query User{37EAF803-1713-4C4E-A9EE-41C2EC41E2EE}C:\program files (x86)\cntv\cbox\cbox.exe] => (Allow) C:\program files (x86)\cntv\cbox\cbox.exe
FirewallRules: [{B7242E5E-E7B8-4774-8744-CFA7CA779A16}] => (Allow) C:\Windows\system32\config\systemprofile\AppData\Roaming\WIN10CHECK0512.EXE
FirewallRules: [{9087B2C8-2B8D-4164-9B9B-6F27E76F8C7E}] => (Allow) C:\Program Files (x86)\AVG\Av\avgnsa.exe
FirewallRules: [{C7002AE2-29EF-4372-BEDC-0D489FD83ED0}] => (Allow) C:\Program Files (x86)\AVG\Av\avgnsa.exe
FirewallRules: [{EC6D8938-3FB6-4012-A270-1F5D171B35AF}] => (Allow) C:\Program Files (x86)\AVG\Av\avgemca.exe
FirewallRules: [{D8711FE8-E235-4E14-B9DD-38A7F0954903}] => (Allow) C:\Program Files (x86)\AVG\Av\avgemca.exe
FirewallRules: [{A27683A1-DE18-43B2-8ACF-0AD924C2029F}] => (Allow) %ProgramFiles% (x86)\Citrix\Receiver\Receiver.exe
FirewallRules: [{C14A2510-C4B3-4953-B745-3550B76EFC84}] => (Allow) %ProgramFiles% (x86)\Citrix\Receiver\Receiver.exe
FirewallRules: [{6AACCE55-7B86-4956-B98A-247494371031}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
FirewallRules: [{76D43705-4DA6-419A-B3AD-8DE3D239322D}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{048F71A6-6FD3-401C-A07F-54D00B9E6745}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{EDC39C0A-8C8F-4BF1-B86A-357FD13D8145}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{9D359353-69F3-4142-9668-86AE220655D9}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{8AADFF0F-BD65-42F4-9A12-47468B40F0E8}] => (Allow) C:\Program Files (x86)\AlibabaProtect\1.0.11.753\AlibabaProtect.exe
FirewallRules: [{7E2458F8-F05B-4DF5-80F5-EA147C8F61CD}] => (Allow) C:\Program Files (x86)\AlibabaProtect\1.0.11.753\AlibabaProtect.exe
FirewallRules: [{C82D1E57-0286-4243-B9E4-249885B000BB}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
FirewallRules: [{620D8955-C551-4E5E-A6DD-4A29FDDC5A7F}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{614C158B-C045-4486-85BE-D9D3F922D25C}] => (Allow) C:\Program Files\iTunes\iTunes.exe

==================== Restore Points =========================

12-04-2018 10:05:03 Windows Update
07-05-2018 19:30:42 Scheduled Checkpoint

==================== Faulty Device Manager Devices =============

Name: Broadcom Bluetooth 2.1 USB
Description: Broadcom Bluetooth 2.1 USB
Class Guid: {e0cbf06c-cd8b-4647-bb8a-263b43f0f974}
Manufacturer: Broadcom
Service: BTHUSB
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Redmi
Description: Redmi
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Security Processor Loader Driver
Description: Security Processor Loader Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: spldr
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: avgRvrt
Description: avgRvrt
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: avgRvrt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: avgVmm
Description: avgVmm
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: avgVmm
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: Atheros AR8152/8158 PCI-E Fast Ethernet Controller (NDIS 6.20)
Description: Atheros AR8152/8158 PCI-E Fast Ethernet Controller (NDIS 6.20)
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Atheros
Service: L1C
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver


==================== Event log errors: =========================

Application errors:
==================
Error: (06/21/2018 03:43:27 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (06/21/2018 03:27:14 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point (Process = C:\Program Files\VS Revo Group\Revo Uninstaller\RevoUnin.exe Files\VS Revo Group\Revo Uninstaller\RevoUnin.exe"; Description = Revo Uninstaller's restore point - Spybot - Search & Destroy; Error = 0x8007043c).

Error: (06/21/2018 03:17:46 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (06/21/2018 02:39:02 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (06/21/2018 01:07:25 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (06/21/2018 11:11:52 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Explorer.EXE, version: 6.1.7601.23537, time stamp: 0x57c44efe
Faulting module name: msi.dll, version: 5.0.7601.24052, time stamp: 0x5a74ab67
Exception code: 0xc0000005
Fault offset: 0x00000000001c2c56
Faulting process id: 0x588
Faulting application start time: 0x01d4090d399f5bbf
Faulting application path: C:\Windows\Explorer.EXE
Faulting module path: C:\Windows\system32\msi.dll
Report Id: d7866793-7500-11e8-b716-f67f8a99e16b

Error: (06/21/2018 11:10:23 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (06/20/2018 04:04:12 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.


System errors:
=============
Error: (06/21/2018 03:57:20 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server:
{D3DCB472-7261-43CE-924B-0704BD730D5F}

Error: (06/21/2018 03:57:20 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server:
{145B4335-FE2A-4927-A040-7C35AD3180EF}

Error: (06/21/2018 03:43:03 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server:
{9E175B6D-F52A-11D8-B9A5-505054503030}

Error: (06/21/2018 03:43:03 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server:
{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

Error: (06/21/2018 03:42:54 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
The dependency service or group failed to start.

Error: (06/21/2018 03:42:54 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
The dependency service or group failed to start.

Error: (06/21/2018 03:42:54 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
The dependency service or group failed to start.

Error: (06/21/2018 03:42:54 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
The dependency service or group failed to start.


==================== Memory info ===========================

Processor: Intel® Core™ i5-2410M CPU @ 2.30GHz
Percentage of memory in use: 11%
Total physical RAM: 8173.86 MB
Available physical RAM: 7250.61 MB
Total Virtual: 16345.89 MB
Available Virtual: 15484.32 MB

==================== Drives ================================

Drive c: (Win 7) (Fixed) (Total:307.91 GB) (Free:133.57 GB) NTFS
Drive d: (Storage) (Fixed) (Total:390.62 GB) (Free:382.78 GB) NTFS
Drive g: () (Removable) (Total:3.73 GB) (Free:3.68 GB) FAT32

\\?\Volume{60178b45-4877-11e2-b169-806e6f6e6963}\ (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 698.6 GB) (Disk ID: 07D4C1E0)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=307.9 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=390.6 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Protective MBR) (Size: 3.7 GB) (Disk ID: 00000000)

Partition: GPT.

==================== End of Addition.txt ============================



#25 polskamachina

polskamachina

  • Malware Response Team
  • 3,939 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:36 AM

Posted 21 June 2018 - 05:01 PM

Hi zeotrex :)
 
I've noticed some of your FRST entries and program listings are named with Asian characters. Can you please go through your installed program list and let me know if they were intentionally installed by you or your friend? Are there programs or files there that don't look familiar to you?

 

Regarding your monitor that doesn't work: if after powering on your system you do not see any signs of life from the monitor, you most likely have a hardware issue. One thing you may try it is to boot to the computer's BIOS screen and check the video settings. Set them to default, save the changes, reboot and see if that makes any difference.
 
Note: The following directions are for an older version of Malwarebytes Antilmalware product but the basic procedure is still the same.
Please download the free version of Malwarebytes Anti-Malware photo.jpg?sz=48 and save it to your desktop. If during the installation you are presented with options to upgrade to the premium paid version, it is your decision as to whether or not you want to do that. The free program will work fine for our present issues..

  • Locate the downloaded file, mb3-setup-consumer-x.x.x.xxxx.exe. The “x.x.x.xxxx” represents the version of Malwarebytes for Windows. (In most cases, downloaded files appear in the Downloads folder.)
  • Double-click mb3-setup-consumer-x.x.x.xxxx.exe to start the Malwarebytes for Windows setup
  • Detailed installation instructions are here
  • After installation, run the program
  • Malwarebytes will automatically open to its Dashboard. If you have never run this version, you should see a red note at the top indicating "A scan has never been run on your system"

    malwarebytes-anti-malware-fix-now.jpg
    .
  • Click on Update Now to download the current database definitions, then click the Scan Now >> button.
    .
  • If you have run this version before, you should see a green note at the top indicating "Your system is fully protected".
  • You will be prompted to update Malwarebytes...click on the Update Now button.

    malwarebytes-anti-malware-2-0-update-now
    .
  • The THREAT SCAN will automatically begin.

    malwarebytes-anti-malware-scan.jpg
    .
  • When the scan has completed, the results will be displayed. Click on Quarantine All, then click on Apply Actions.

    malwarebytes-anti-malware-potential-thre
    .
  • To complete any actions taken you will be prompted to restart your computer...click on Yes. Failure to reboot normally will prevent Malwarebytes from removing all the malware.
  • After rebooting the computer, copy and paste the mbam.log in your next reply.
  • .
    To retrieve the Malwarebytes Anti-Malware scan log information
    • Open Malwarebytes Anti-Malware.
    • Click the History Tab at the top and select Application Logs.
    • Select (check) the box next to Scan Log. Choose the most current scan.
    • Click the View button.
    • Click Copy to Clipboard at the bottom...come back to this thread, click Add Reply, then right-click and choose Paste.
    • Alternatively, you can click Export and save the log as a .txt file on your Desktop or another location.
    • Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.

Next:
 
Please download AdwCleaner and save it to your Desktop

  • Double click on AdwCleaner.exe to run the tool.
  • Right-click and select Run As Administrator
  • The tool will start to update the database if one is required.
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Logfile button.
  • A window will open which lists the logs of your scans.
  • Click on the Scan tab.
  • Double-click the most recent scan which will be at the top of the list....the log will appear.
  • The contents of the AdwCleaner log file may be confusing. If you see an entry you want to keep, return to AdwCleaner before cleaning...all detected items will be listed (and checked) in each tab. Click on and uncheck any items you want to keep.
  • After reviewing the log, click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[CX].txt) will open automatically (where the largest value of X represents the most recent report).
  • To open a Cleaning log, launch AdwCleaner, click on the Logfile button, click on the Cleaning tab and double-click the log at the top of the list.
  • Copy and paste the contents of AdwCleaner[CX].txt in your next reply.
  • A copy of all logfiles are saved to C:\AdwCleaner.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of all logfiles are saved to C:\AdwCleaner.

In summary I will need from you:

  • Malwarebytes Antimalware log
  • AdwCleaner log
  • Results of your review of your program listing for programs that you didn't install intentionally
  • Did you notice any improvements in the computer's performance?

Let me know if you have any questions.

 

polskamachina



#26 zeotrex

zeotrex
  • Topic Starter

  • Members
  • 21 posts
  • ONLINE
  •  
  • Local time:07:36 PM

Posted 22 June 2018 - 05:16 AM

Hi Polskamachina,

 

Here the progress.

 

1. I have check the all the Chinese program, all are safe.

2. Noted on the laptop's lcd. For now i assume the lcd is software problem because it went black at the same time the windows crashed. After windows fixed, i will get new laptop's lcd. :)

3. Yes, i checked the bios earlier. the lcd is at default.

4. No improvement on the performance so far. After the first fix which allow the laptop startup in safe mode, no progress.

 

By the way, the screen resolution in safe mode is terribel. Only can run at 16bit and 640x320. I hardly see writing and full screen of most program. I cant change the resolution any better.

 

Today repairs, after 2 malware scan, no changes.... still same.


Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 6/22/18
Scan Time: 4:14 PM
Log File: 40ab5b51-75f4-11e8-99d1-000000000000.json
Administrator: Yes

-Software Information-
Version: 3.5.1.2522
Components Version: 1.0.365
Update Package Version: 1.0.5580
License: Trial

-System Information-
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Account-PC\Account

-Scan Summary-
Scan Type: Threat Scan
Scan Initiated By: Manual
Result: Completed
Objects Scanned: 315747
Threats Detected: 80
Threats Quarantined: 80
Time Elapsed: 14 min, 35 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Detect
PUM: Detect

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 52
PUP.Optional.Astromenda, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}, Quarantined, [253], [235608],1.0.5580
PUP.Optional.Astromenda, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}, Quarantined, [253], [235608],1.0.5580
PUP.Optional.Astromenda, HKU\S-1-5-21-2261380125-1226403923-318164010-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}, Quarantined, [253], [235608],1.0.5580
PUP.Optional.InstallCore, HKU\S-1-5-21-2261380125-1226403923-318164010-1000\SOFTWARE\InstallCore, Quarantined, [393], [239563],1.0.5580
PUP.Optional.Astromenda, HKU\S-1-5-21-2261380125-1226403923-318164010-1000\SOFTWARE\WSE_Astromenda, Quarantined, [253], [235611],1.0.5580
PUP.Optional.Funshion, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{0C3B3F11-52BB-6A59-51FC-A435C788255C}, Quarantined, [981], [163203],1.0.5580
PUP.Optional.Funshion, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{0C3B3F11-52BB-6A59-51FC-A435C788255C}, Quarantined, [981], [163203],1.0.5580
PUP.Optional.Funshion, HKLM\SOFTWARE\CLASSES\0C3B3F11-52BB-6A59-51FC-A435C788255C.Addr, Quarantined, [981], [163203],1.0.5580
PUP.Optional.Funshion, HKLM\SOFTWARE\CLASSES\0C3B3F11-52BB-6A59-51FC-A435C788255C.Addr.1, Quarantined, [981], [163203],1.0.5580
PUP.Optional.Funshion, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{0C3B3F11-52BB-6A59-51FC-A435C788255C}, Quarantined, [981], [163203],1.0.5580
PUP.Optional.Funshion, HKLM\SOFTWARE\CLASSES\TYPELIB\{F9BC0421-BB5C-447D-8547-BB45AFA80A4D}, Quarantined, [981], [163203],1.0.5580
PUP.Optional.Funshion, HKLM\SOFTWARE\CLASSES\INTERFACE\{4D89001B-5B5B-4E76-A1F5-638E49DB7A58}, Quarantined, [981], [163203],1.0.5580
PUP.Optional.Funshion, HKLM\SOFTWARE\CLASSES\INTERFACE\{FA677CC1-D6FA-4B55-825D-6C493F56ED84}, Quarantined, [981], [163203],1.0.5580
PUP.Optional.Funshion, HKLM\SOFTWARE\CLASSES\INTERFACE\{FE575A61-09BD-4F3A-B8B5-B55B813B44EC}, Quarantined, [981], [163203],1.0.5580
PUP.Optional.Funshion, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{4D89001B-5B5B-4E76-A1F5-638E49DB7A58}, Quarantined, [981], [163203],1.0.5580
PUP.Optional.Funshion, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{FA677CC1-D6FA-4B55-825D-6C493F56ED84}, Quarantined, [981], [163203],1.0.5580
PUP.Optional.Funshion, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{FE575A61-09BD-4F3A-B8B5-B55B813B44EC}, Quarantined, [981], [163203],1.0.5580
PUP.Optional.Funshion, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{4D89001B-5B5B-4E76-A1F5-638E49DB7A58}, Quarantined, [981], [163203],1.0.5580
PUP.Optional.Funshion, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{FA677CC1-D6FA-4B55-825D-6C493F56ED84}, Quarantined, [981], [163203],1.0.5580
PUP.Optional.Funshion, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{FE575A61-09BD-4F3A-B8B5-B55B813B44EC}, Quarantined, [981], [163203],1.0.5580
PUP.Optional.Funshion, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{F9BC0421-BB5C-447D-8547-BB45AFA80A4D}, Quarantined, [981], [163203],1.0.5580
PUP.Optional.Funshion, HKLM\SOFTWARE\CLASSES\WOW6432NODE\TYPELIB\{F9BC0421-BB5C-447D-8547-BB45AFA80A4D}, Quarantined, [981], [163203],1.0.5580
PUP.Optional.Funshion, HKU\S-1-5-21-2261380125-1226403923-318164010-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{0C3B3F11-52BB-6A59-51FC-A435C788255C}, Quarantined, [981], [163203],1.0.5580
PUP.Optional.Funshion, HKU\S-1-5-21-2261380125-1226403923-318164010-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{0C3B3F11-52BB-6A59-51FC-A435C788255C}, Quarantined, [981], [163203],1.0.5580
PUP.Optional.Funshion, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{0C3B3F11-52BB-6A59-51FC-A435C788255C}\InprocServer32, Quarantined, [981], [163203],1.0.5580
PUP.Optional.Funshion, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{11CC93E4-0BE6-4f8f-82AA-D577FB955B05}, Quarantined, [981], [163203],1.0.5580
PUP.Optional.Funshion, HKLM\SOFTWARE\CLASSES\AddressSearch.JsObject, Quarantined, [981], [163203],1.0.5580
PUP.Optional.Funshion, HKLM\SOFTWARE\CLASSES\AddressSearch.JsObject.1, Quarantined, [981], [163203],1.0.5580
PUP.Optional.Funshion, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{11CC93E4-0BE6-4F8F-82AA-D577FB955B05}, Quarantined, [981], [163203],1.0.5580
PUP.Optional.Funshion, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{11CC93E4-0BE6-4f8f-82AA-D577FB955B05}\InprocServer32, Quarantined, [981], [163203],1.0.5580
PUP.Optional.Funshion, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{FBEDBA6C-44A2-43b9-BD49-20EB6E0C4E86}, Quarantined, [981], [163203],1.0.5580
PUP.Optional.Funshion, HKLM\SOFTWARE\CLASSES\AddressSearch.SnavHttpProtocol, Quarantined, [981], [163203],1.0.5580
PUP.Optional.Funshion, HKLM\SOFTWARE\CLASSES\AddressSearch.SnavHttpProtocol.1, Quarantined, [981], [163203],1.0.5580
PUP.Optional.Funshion, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{FBEDBA6C-44A2-43B9-BD49-20EB6E0C4E86}, Quarantined, [981], [163203],1.0.5580
PUP.Optional.Funshion, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{FBEDBA6C-44A2-43b9-BD49-20EB6E0C4E86}\InprocServer32, Quarantined, [981], [163203],1.0.5580
PUP.Optional.Funshion, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{0C3B3F11-52BB-6A59-51FC-A435C788255C}\InprocServer32, Quarantined, [981], [163203],1.0.5580
PUP.Optional.Funshion, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{11CC93E4-0BE6-4f8f-82AA-D577FB955B05}\InprocServer32, Quarantined, [981], [163203],1.0.5580
PUP.Optional.Funshion, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{FBEDBA6C-44A2-43b9-BD49-20EB6E0C4E86}\InprocServer32, Quarantined, [981], [163203],1.0.5580
PUP.Optional.Funshion, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{11CC93E4-0BE6-4f8f-82AA-D577FB955B05}, Quarantined, [981], [163203],1.0.5580
PUP.Optional.Funshion, HKLM\SOFTWARE\CLASSES\TYPELIB\{D02E3AB9-7796-40CB-BDFC-20D834FE1F75}, Quarantined, [981], [163202],1.0.5580
PUP.Optional.Funshion, HKLM\SOFTWARE\CLASSES\INTERFACE\{FCB380C4-D350-44BE-8791-50216F4747AC}, Quarantined, [981], [163202],1.0.5580
PUP.Optional.Funshion, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{FCB380C4-D350-44BE-8791-50216F4747AC}, Quarantined, [981], [163202],1.0.5580
PUP.Optional.Funshion, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{FCB380C4-D350-44BE-8791-50216F4747AC}, Quarantined, [981], [163202],1.0.5580
PUP.Optional.Funshion, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{D02E3AB9-7796-40CB-BDFC-20D834FE1F75}, Quarantined, [981], [163202],1.0.5580
PUP.Optional.Funshion, HKLM\SOFTWARE\CLASSES\WOW6432NODE\TYPELIB\{D02E3AB9-7796-40CB-BDFC-20D834FE1F75}, Quarantined, [981], [163202],1.0.5580
PUP.Optional.Funshion, HKLM\SOFTWARE\CLASSES\ASBarBroker.BDBroker, Quarantined, [981], [163202],1.0.5580
PUP.Optional.Funshion, HKLM\SOFTWARE\CLASSES\ASBarBroker.BDBroker.1, Quarantined, [981], [163202],1.0.5580
PUP.Optional.Funshion, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{91878E42-FC03-4785-B513-1F9E613D1027}, Quarantined, [981], [163202],1.0.5580
PUP.Optional.Funshion, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{91878E42-FC03-4785-B513-1F9E613D1027}, Quarantined, [981], [163202],1.0.5580
PUP.Optional.Funshion, HKLM\SOFTWARE\WOW6432NODE\CLASSES\APPID\{1DD31B76-C57E-49BA-94BC-BF53F0C82CD4}, Quarantined, [981], [163204],1.0.5580
PUP.Optional.Funshion, HKLM\SOFTWARE\CLASSES\WOW6432NODE\APPID\{1DD31B76-C57E-49BA-94BC-BF53F0C82CD4}, Quarantined, [981], [163204],1.0.5580
PUP.Optional.Funshion, HKLM\SOFTWARE\CLASSES\APPID\{1DD31B76-C57E-49ba-94BC-BF53F0C82CD4}, Quarantined, [981], [163204],1.0.5580

Registry Value: 9
PUP.Optional.Astromenda, HKU\S-1-5-21-2261380125-1226403923-318164010-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}|TOPRESULTURLFALLBACK, Quarantined, [253], [235608],1.0.5580
PUP.Optional.Astromenda, HKU\S-1-5-21-2261380125-1226403923-318164010-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}|FAVICONPATH, Quarantined, [253], [235608],1.0.5580
PUP.Optional.Astromenda, HKU\S-1-5-21-2261380125-1226403923-318164010-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}|, Quarantined, [253], [235608],1.0.5580
PUP.Optional.Astromenda, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}|URL, Quarantined, [253], [235614],1.0.5580
PUP.Optional.Astromenda, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}|TOPRESULTURLFALLBACK, Quarantined, [253], [235614],1.0.5580
PUP.Optional.Astromenda, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}|FAVICONPATH, Quarantined, [253], [235614],1.0.5580
PUP.Optional.Astromenda, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}|, Quarantined, [253], [235614],1.0.5580
PUP.Optional.Astromenda, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}|DISPLAYNAME, Quarantined, [253], [235614],1.0.5580
PUP.Optional.Astromenda, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY|APPPATH, Quarantined, [253], [235613],1.0.5580

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 4
PUP.Optional.Astromenda, C:\Users\Account\AppData\Roaming\Astromenda\icons_2.21.18.4, Quarantined, [253], [175529],1.0.5580
PUP.Optional.Astromenda, C:\USERS\ACCOUNT\APPDATA\ROAMING\ASTROMENDA, Quarantined, [253], [175529],1.0.5580
PUP.Optional.Astromenda, C:\Users\Account\AppData\Roaming\WSE_Astromenda\UpdateProc, Quarantined, [253], [175530],1.0.5580
PUP.Optional.Astromenda, C:\USERS\ACCOUNT\APPDATA\ROAMING\WSE_ASTROMENDA, Quarantined, [253], [175530],1.0.5580

File: 15
PUP.Optional.Astromenda, C:\Users\Account\AppData\Roaming\Astromenda\icons_2.21.18.4\ctr.ico, Quarantined, [253], [175529],1.0.5580
PUP.Optional.Astromenda, C:\Users\Account\AppData\Roaming\WSE_Astromenda\UpdateProc\bkup.dat, Quarantined, [253], [175530],1.0.5580
PUP.Optional.Astromenda, C:\Users\Account\AppData\Roaming\WSE_Astromenda\UpdateProc\config.dat, Quarantined, [253], [175530],1.0.5580
PUP.Optional.Astromenda, C:\Users\Account\AppData\Roaming\WSE_Astromenda\UpdateProc\info.dat, Quarantined, [253], [175530],1.0.5580
PUP.Optional.Astromenda, C:\Users\Account\AppData\Roaming\WSE_Astromenda\UpdateProc\STTL.DAT, Quarantined, [253], [175530],1.0.5580
PUP.Optional.Astromenda, C:\Users\Account\AppData\Roaming\WSE_Astromenda\UpdateProc\TTL.DAT, Quarantined, [253], [175530],1.0.5580
Trojan.Agent.Gen, C:\WINDOWS\SYSWOW64\CONFIG\SYSTEMPROFILE\APPDATA\ROAMING\WIN10CHECK0106.EXE, Quarantined, [1498], [220435],1.0.5580
Trojan.Agent.Gen, C:\WINDOWS\SYSWOW64\CONFIG\SYSTEMPROFILE\APPDATA\ROAMING\WIN10CHECK0512.EXE, Quarantined, [1498], [220435],1.0.5580
PUP.Optional.Funshion, C:\PROGRAM FILES (X86)\PPSADDR\{0C3B3F11-52BB-6A59-51FC-A435C788255C}\ADDRESSBAR.DLL, Quarantined, [981], [163203],1.0.5580
PUP.Optional.Funshion, C:\PROGRAM FILES (X86)\PPSADDR\{0C3B3F11-52BB-6A59-51FC-A435C788255C}\ASBARBROKER.EXE, Quarantined, [981], [163202],1.0.5580
PUP.Optional.Astromenda, C:\USERS\ACCOUNT\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Secure Preferences, Replaced, [253], [455058],1.0.5580
PUP.Optional.Astromenda, C:\USERS\ACCOUNT\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Web Data, Replaced, [253], [455058],1.0.5580
PUP.Optional.Astromenda, C:\USERS\ACCOUNT\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Secure Preferences, Replaced, [253], [455058],1.0.5580
PUP.Optional.Astromenda, C:\USERS\ACCOUNT\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Web Data, Replaced, [253], [455058],1.0.5580
PUP.Optional.Astromenda, C:\USERS\ACCOUNT\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Web Data, Replaced, [253], [455058],1.0.5580

Physical Sector: 0
(No malicious items detected)

WMI: 0
(No malicious items detected)


(end)



#27 zeotrex

zeotrex
  • Topic Starter

  • Members
  • 21 posts
  • ONLINE
  •  
  • Local time:07:36 PM

Posted 22 June 2018 - 05:17 AM

# -------------------------------
# Malwarebytes AdwCleaner 7.2.0.0
# -------------------------------
# Build:    06-05-2018
# Database: 2018-06-19.4
# Support:  https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start:    06-22-2018
# Duration: 00:00:35
# OS:       Windows 7 Home Premium
# Cleaned:  145
# Failed:   0


***** [ Services ] *****

Deleted       vToolbarUpdater40.3.2
Deleted       tbsecsvc
Deleted       secbizsrv
Deleted       pcas
Deleted       QPCore
Deleted       WtuSystemSupport

***** [ Folders ] *****

Deleted       C:\Users\Public\Device
Deleted       C:\ProgramData\AVG_UPDATE_0915TB
Deleted       C:\ProgramData\AVG_UPDATE_0616TB
Deleted       C:\ProgramData\AVG_UPDATE_0116TB
Deleted       C:\ProgramData\Microsoft\Windows\Start Menu\Programs\腾讯软件
Deleted       C:\ProgramData\Tencent
Deleted       C:\Program Files (x86)\Tencent
Deleted       C:\Program Files (x86)\Common Files\Tencent
Deleted       C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Tencent
Deleted       C:\Windows\Temp\Tencent
Deleted       C:\Users\Account\AppData\Local\Tencent
Deleted       C:\Users\Account\AppData\LocalLow\Tencent
Deleted       C:\Users\Account\AppData\Roaming\Tencent
Deleted       C:\Users\Public\Documents\Tencent
Deleted       C:\ProgramData\KuaiWan
Deleted       C:\Program Files (x86)\KuaiWan
Deleted       C:\ProgramData\avg web tuneup
Deleted       C:\Program Files (x86)\avg web tuneup
Deleted       C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\avg web tuneup
Deleted       C:\Users\Account\AppData\Local\avg web tuneup
Deleted       C:\Users\Account\AppData\LocalLow\avg web tuneup
Deleted       C:\QvodPlayer
Deleted       C:\ProgramData\QvodPlayer
Deleted       C:\Program Files (x86)\QvodPlayer
Deleted       C:\ProgramData\AVG Security Toolbar
Deleted       C:\ProgramData\AVG Secure Search
Deleted       C:\Program Files\Common Files\AVG Secure Search
Deleted       C:\Program Files (x86)\Common Files\AVG Secure Search

***** [ Files ] *****

Deleted       C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\QMNetworkMgr.ini

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

Deleted       C:\Windows\Tasks\AVG-SSU_0616TB_DELETE.JOB
Deleted       C:\Windows\Tasks\AVG-SSU_0616TB.JOB
Deleted       C:\Windows\System32\Tasks\AVG-SSU_0616TB_DELETE
Deleted       C:\Windows\System32\Tasks\AVG-SSU_0616TB
Deleted       C:\Windows\Tasks\0116TBUPDATEINFO.JOB
Deleted       C:\Windows\System32\Tasks\0116TBUPDATEINFO

***** [ Registry ] *****

Deleted       HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{678ADBBE-B43E-4CCE-BC68-ED54A2756E42}
Deleted       HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AVG-SSU_0616tb
Deleted       HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C74B4655-E010-479F-8D09-30833481CF23}
Deleted       HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C74B4655-E010-479F-8D09-30833481CF23}
Deleted       HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\0116tbUpdateInfo
Deleted       HKCU\Software\Classes\Tencent
Deleted       HKLM\Software\Classes\Tencent
Deleted       HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\QvodPlayer
Deleted       HKCU\Software\QvodPlayer
Deleted       HKLM\Software\Wow6432Node\QvodPlayer
Deleted       HKLM\Software\Wow6432Node\AVG Tuneup
Deleted       HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\PPStream
Deleted       HKCU\Software\PPStream
Deleted       HKLM\Software\Wow6432Node\AVG Security Toolbar
Deleted       HKLM\Software\Wow6432Node\AVG Secure Search
Deleted       HKCU\Software\AVG Nation toolbar
Deleted       HKLM\Software\Wow6432Node\AVG Nation toolbar
Deleted       HKCU\Software\APN PIP
Deleted       HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\App Paths\QvodPlayer.exe
Deleted       HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\QvodPlayer.exe
Deleted       HKCU\Software\MozillaPlugins\KuaiWanInsert
Deleted       HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\App Paths\Kuaiwan.exe
Deleted       HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\Kuaiwan.exe
Deleted       HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DownloadIcon
Deleted       HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DownloadIcon
Deleted       HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\App Paths\PPStream.exe
Deleted       HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\PPStream.exe
Deleted       HKLM\Software\Wow6432Node\Google\Chrome\NativeMessagingHosts\avgsh
Deleted       HKLM\Software\Wow6432Node\Classes\AppID\DownloadProxy.EXE
Deleted       HKLM\SOFTWARE\Classes\AppID\DownloadProxy.EXE
Deleted       HKLM\Software\Wow6432Node\Classes\TypeLib\{4BC8AD89-AC5F-4DBD-A38F-C355C7DD33D7}
Deleted       HKLM\Software\Classes\TypeLib\{4BC8AD89-AC5F-4DBD-A38F-C355C7DD33D7}
Deleted       HKLM\Software\Wow6432Node\Classes\Interface\{B9E49847-9822-4139-BC55-7173ED1ADA11}
Deleted       HKLM\Software\Wow6432Node\Classes\CLSID\{B9E49847-9822-4139-BC55-7173ED1ADA11}
Deleted       HKLM\Software\Wow6432Node\Classes\CLSID\{CA3A5461-96B5-46DD-9341-5350D3C94615}
Deleted       HKLM\Software\Microsoft\Windows\CurrentVersion\Ext\Preapproved\{A8502600-B272-4F68-A67B-A0305D46D298}
Deleted       HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A8502600-B272-4F68-A67B-A0305D46D298}
Deleted       HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A8502600-B272-4F68-A67B-A0305D46D298}
Deleted       HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A8502600-B272-4F68-A67B-A0305D46D298}
Deleted       HKLM\Software\Classes\CLSID\{A8502600-B272-4F68-A67B-A0305D46D298}
Deleted       HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{50F4150A-48B2-417A-BE4C-C83F580FB904}
Deleted       HKLM\Software\Wow6432Node\Classes\CLSID\{50F4150A-48B2-417A-BE4C-C83F580FB904}
Deleted       HKLM\Software\Wow6432Node\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Deleted       HKLM\Software\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Deleted       HKLM\Software\Wow6432Node\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Deleted       HKLM\Software\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Deleted       HKLM\Software\Wow6432Node\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
Deleted       HKLM\Software\Wow6432Node\Classes\CLSID\{70DE12EA-79F4-46BC-9812-86DB50A2FD64}
Deleted       HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{BAC94FEE-45B4-4FD4-9EEA-D8978EC96C6E}
Deleted       HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5EC7C511-CD0F-42E6-830C-1BD9882F3458}
Deleted       HKLM\Software\Wow6432Node\Classes\CLSID\{5EC7C511-CD0F-42E6-830C-1BD9882F3458}
Deleted       HKLM\Software\Wow6432Node\Classes\Interface\{E7270EC6-0113-4A78-B610-E501D0A9E48E}
Deleted       HKLM\Software\Classes\Interface\{E7270EC6-0113-4A78-B610-E501D0A9E48E}
Deleted       HKLM\Software\Wow6432Node\Classes\Interface\{6B3732AA-F6D4-4F16-9E22-49EDC52C9514}
Deleted       HKLM\Software\Wow6432Node\Classes\AppID\{51BEE30D-EEC8-4BA3-930B-298B8E759EB1}
Deleted       HKLM\Software\Classes\AppID\{51BEE30D-EEC8-4BA3-930B-298B8E759EB1}
Deleted       HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|UDP Query User{5BFCB62B-181B-47E9-BFBA-D4943F409FC0}C:\program files (x86)\qvodplayer\qvodterminal.exe
Deleted       HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|TCP Query User{8AE05611-33E4-4CF4-83FA-9F0AEF7A4397}C:\program files (x86)\qvodplayer\qvodterminal.exe
Deleted       HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|UDP Query User{02FC0129-27F9-49EC-A3B6-B53EDB48F5BA}C:\program files (x86)\qvodplayer\qvodterminal.exe
Deleted       HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|TCP Query User{5BB23285-DFDB-4DB5-A76E-625038226E21}C:\program files (x86)\qvodplayer\qvodterminal.exe
Deleted       HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{06B29392-8623-469C-8B61-52063A12C29F}
Deleted       HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{9F96B958-DD45-464E-804B-CEF442647B14}
Deleted       HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{AC8138EC-EEB4-4D97-8900-00D4EE89D7E4}
Deleted       HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{CFFFBDB8-0C21-424C-845E-1D6974A073C2}
Deleted       HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{F61BD619-A963-4BD9-8A86-A217F7E3E5AB}
Deleted       HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{A9DF4525-1759-4470-B0D4-8686F9F5DD10}
Deleted       HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{EA1E68E7-54A6-4BBF-BBBE-954CC26CA8DE}
Deleted       HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{E08ABBC8-56D8-41EB-94C2-F0E743471D77}
Deleted       HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{D8BC3395-C5BA-4637-849A-5C356C9CAB6C}
Deleted       HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{2D321C92-D967-47DD-AB72-28BE7C51FD15}
Deleted       HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{764E3BFA-51BF-411B-98EE-5BF32DA6A424}
Deleted       HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{20A7525F-EE99-47E0-9673-1D0C892455AD}
Deleted       HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|UDP Query User{4D2031E5-31FA-41AE-A785-FAAACA36CBF0}C:\program files (x86)\tencent\qq\bin\setupex\qqsetupex.exe
Deleted       HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|TCP Query User{F1C36FBF-7B23-4122-8EC1-D9A600AAABFB}C:\program files (x86)\tencent\qq\bin\setupex\qqsetupex.exe
Deleted       HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{6161DC5E-73EF-49F6-B10A-69597F46E38F}
Deleted       HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{4BE6E1F7-FDB5-46C1-868B-7A548D460326}
Deleted       HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{BF80D785-411E-49B6-9B6F-1D1A41CC744F}
Deleted       HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{28826F20-86CD-4323-9C37-8CAE936F9795}
Deleted       HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{709D5AB2-1AB2-411F-B032-318FDC793771}
Deleted       HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{8E3EE6B9-9E56-4A6F-B952-D3676A204E2B}
Deleted       HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{82C1697C-FBBA-49D5-8F85-032466CB69CF}
Deleted       HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{181840C9-AE07-4B62-9A17-18A28C15A19A}
Deleted       HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{7C42BF0C-9C89-4CA3-B544-267B3AD5FE01}
Deleted       HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{F2B4163B-4EA0-479C-ADAA-B09202C4EBCE}
Deleted       HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{807C1A11-E619-4B44-ADD5-F5EDF92E2D81}
Deleted       HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{B5AC7912-820B-4487-921D-FF48363BD8F8}
Deleted       HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{EDECEB2A-F2DF-49AB-B131-B8148489AA40}
Deleted       HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{A209754B-0E0E-45E3-A824-F10F2B87A17A}
Deleted       HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{3421567B-1FC4-4DCD-9DD8-3D521323B324}
Deleted       HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{F0969E49-CA70-428F-9C68-E0F5E2990F5E}
Deleted       HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{D8F39B18-F2FC-4B69-9548-7886AFDE28D6}
Deleted       HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{AB8655C0-2AB4-4E72-A38F-0D83DE8BF200}
Deleted       HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{F992A82F-4045-476B-B207-9D2526C4E0A1}
Deleted       HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{CE6734CA-8E84-4505-8CC4-56A939E36A46}
Deleted       HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{0AA683F5-BD02-4005-BCE4-1AFD8593696E}
Deleted       HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{13E7E3EA-BDE2-4D80-885B-B5C52EEC0DDF}
Deleted       HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{7880AA0B-1A88-456D-BEA5-D6C24040CD8A}
Deleted       HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{EABB19E3-C258-4571-9423-9C630DE1C683}
Deleted       HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{E84B73AB-C6B3-46AC-90AA-98321ADE3449}
Deleted       HKLM\Software\Classes\ppsmb
Deleted       HKLM\Software\Classes\METNSD

***** [ Chromium (and derivatives) ] *****

Deleted       McAfee Security Scan+

***** [ Chromium URLs ] *****

Deleted       Ask
Deleted       AOL

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.


*************************

[+] Delete Tracing Keys
[+] Reset Winsock

*************************

AdwCleaner[S00].txt - [17508 octets] - [22/06/2018 17:16:21]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ##########
 



#28 polskamachina

polskamachina

  • Malware Response Team
  • 3,939 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:36 AM

Posted 22 June 2018 - 12:27 PM

Hi zeotrex :)
 
Earlier you said:

anyway, basically the blue screen says..
 
A problem has been detected and windows has been shut down to prevent damage  to your computer...
 
bla bla bla.... the common blue screen message...

If you're still getting that blue screen, that "bla bla bla" part may contain some clues. Are there any hex numbers starting with 0x in that message?

Noted on the laptop's lcd. For now i assume the lcd is software problem because it went black at the same time the windows crashed. After windows fixed, i will get new laptop's lcd.

It's quite unlikely it's a software problem if you don't even see the BIOS screen appear. Also, it is very likely that there may be a video processor failure in  your laptop that is causing the issue. In other words, I wouldn't immediately go and buy a new lcd screen for your computer once it's running again.

By the way, the screen resolution in safe mode is terribel. Only can run at 16bit and 640x320. I hardly see writing and full screen of most program. I cant change the resolution any better.

Yes, that's what happens in safe mode. None of the advanced video drivers are loaded so you cannot adjust the screen resolution. The reason for that is that safe mode is a diagnostic mode and wasn't meant to be used for everyday kinds of things.

 

Just to make sure your safe mode boot isn't something that is happening by design, please do the following:

  • Hold down the Windows flag key and tap the letter R
  • The Run box will open
  • Type msconfig into the box and press Enter
  • The System Configuration window will open
  • Click on the Boot tab at the top of the window
  • Make sure the selection for Safe boot is not checked. If it is checked, uncheck the box and restart your system

Assuming your System Configuration inspection showed that your Safe boot option was already unchecked, proceed with the following:

 
We need to run the SFC /SCANNOW Command to check the integrity of your system files

The sfc /scannow command (System File Checker) scans the integrity of all protected Windows system files and replaces incorrect corrupted, changed/modified, or damaged versions with the correct versions if possible.

Note: Be aware that if you have modified your system files as in theming explorer/system files, running sfc /scannow will revert the system files such as explorer.exe back to its default state.

Note: Make the appropriate backups of your system files that you have modified for theming if you wish to save them before running sfc /scannow.

  • Click the Windows Orb button
  • Type cmd
  • Right click on the search result cmd.exe and click Run as Administrator
  • Copy the following line of text and paste it into the black box
    (right-click in the black box and choose paste)
    sfc /scannow
  • Press Enter to run the command.
    Note: This may take a long while to finish
  • If SFC could not fix something, then run the command again to see if it may be able to the next time. Sometimes it may take running the sfc /scannow command 3 or more times to completely fix everything that it's able to

Retrieving SFC /scannow log

  • Click the Windows Orb button
  • Type cmd.
  • Right click on the search result cmd.exe and click Run as Administrator
  • Copy the following line of text and paste it into the black box
    (right-click in the black box and choose paste)
    findstr /c:"[SR]" %windir%\logs\cbs\cbs.log >> "%userprofile%\desktop\sfcdetails.txt"
  • Press Enter to run the command.
  • A text file sfcdetails.txt should appear on your desktop. Post the content of the file in your next reply
  • Note the SFC scan may not repair everything but the log will show me what things did not get repaired and then we can repair them manually.

In summary I will need from you:

  • Details about your blue screen message if it is still appearing
  • Results of your System Configuration inspection. Was the Safe boot option box checked?
  • sfcdetails.txt
  • Any changes in your computer's performance?

Let me know if you have any questions

 

polskamachina



#29 zeotrex

zeotrex
  • Topic Starter

  • Members
  • 21 posts
  • ONLINE
  •  
  • Local time:07:36 PM

Posted Today, 06:19 AM

Hi polskamachina,

 

Let me get back to you on these tomorrow. Sorry for the delay.

 

Thnaks






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users