Additional scan result of Farbar Recovery Scan Tool (x64) Version: 08-11-2019 Ran by anime (09-11-2019 18:58:49) Running from C:\Users\anime\Downloads Windows 10 Home Version 1903 18362.418 (X64) (2019-08-18 12:26:53) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-237224756-2638106951-3263937477-500 - Administrator - Disabled) anime (S-1-5-21-237224756-2638106951-3263937477-1001 - Administrator - Enabled) => C:\Users\anime DefaultAccount (S-1-5-21-237224756-2638106951-3263937477-503 - Limited - Disabled) Guest (S-1-5-21-237224756-2638106951-3263937477-501 - Limited - Disabled) WDAGUtilityAccount (S-1-5-21-237224756-2638106951-3263937477-504 - Limited - Disabled) ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 19.021.20049 - Adobe Systems Incorporated) Adobe Flash Player 32 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 32.0.0.270 - Adobe) Adobe Flash Player 32 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 32.0.0.270 - Adobe) Allavsoft 3.15.1.6470 (HKLM-x32\...\{6EBED4D8-13D9-4270-8D44-B57DDB7A787C}_is1) (Version: - Allavsoft Corporation) AMD Settings (HKLM\...\WUCCCApp) (Version: 2017.1026.2023.34870 - Advanced Micro Devices, Inc.) AMD Software (HKLM\...\AMD Catalyst Install Manager) (Version: 17.7 - Advanced Micro Devices, Inc.) Apple Application Support (32-bit) (HKLM-x32\...\{5C028510-A6A1-409A-A2BF-4DCB43B21EF9}) (Version: 7.6 - Apple Inc.) Apple Application Support (64-bit) (HKLM\...\{5C7D4FCF-80C5-4520-9934-D50532AAC59C}) (Version: 7.6 - Apple Inc.) Apple Mobile Device Support (HKLM\...\{B5A46811-3612-4DA5-8A5A-E6DED5D7C523}) (Version: 12.2.1.12 - Apple Inc.) Apple Software Update (HKLM-x32\...\{A30EA700-5515-48F0-88B0-9E99DC356B88}) (Version: 2.6.0.1 - Apple Inc.) Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.) Canon MG5200 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG5200_series) (Version: - Canon Inc.) Canon MP Navigator EX 4.0 (HKLM-x32\...\MP Navigator EX 4.0) (Version: - ) Catalyst Control Center Next Localization BR (HKLM\...\{021C0B83-74D5-525C-7753-4246F4A58B09}) (Version: 2017.0505.1651.28515 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization CHS (HKLM\...\{52B22649-F1AD-C60A-7F7C-6E0ECA587A98}) (Version: 2017.0505.1651.28515 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization CHT (HKLM\...\{79C9E512-2E43-4CCD-F4FE-FB781E4D7B8B}) (Version: 2017.0505.1651.28515 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization CS (HKLM\...\{0091325B-4511-569B-3C5D-6C0489A2A5DE}) (Version: 2017.0505.1651.28515 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization DA (HKLM\...\{B1A1D7DC-D9E6-E431-EB9C-57E6A8788797}) (Version: 2017.0505.1651.28515 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization DE (HKLM\...\{F99CBBE6-AE83-D251-30A0-94174CA0EE4E}) (Version: 2017.0505.1651.28515 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization EL (HKLM\...\{DDE0B23D-374C-DABE-371B-E969D2EEB56E}) (Version: 2017.0505.1651.28515 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization ES (HKLM\...\{1214BF5B-A322-0BAF-866B-CC8BA8C4A854}) (Version: 2017.0505.1651.28515 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization FI (HKLM\...\{860A0F8E-8D1A-6CB5-53CE-CF8E0D5E320F}) (Version: 2017.0505.1651.28515 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization FR (HKLM\...\{30AC7D4E-C127-C77D-0172-6299E937785B}) (Version: 2017.0505.1651.28515 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization HU (HKLM\...\{11F824FA-1B40-2712-4DBF-3398AD2C23BB}) (Version: 2017.0505.1651.28515 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization IT (HKLM\...\{C425A2E3-7240-0F27-EE7E-85F1A1CBBA01}) (Version: 2017.0505.1651.28515 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization JA (HKLM\...\{2AA8096F-D67C-402F-0C84-AAB3FEDC98A7}) (Version: 2017.0505.1651.28515 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization KO (HKLM\...\{D0D1C792-B843-697A-D21E-29A687F1070C}) (Version: 2017.0505.1651.28515 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization NL (HKLM\...\{471485B7-4E96-BF17-2BD2-DF4A019B828A}) (Version: 2017.0505.1651.28515 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization NO (HKLM\...\{CF876DE7-CFD5-D7DC-C90A-D5DC5AB74529}) (Version: 2017.0505.1651.28515 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization PL (HKLM\...\{D550F9D4-0583-04AE-F96A-99B65BED4CDA}) (Version: 2017.0505.1651.28515 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization RU (HKLM\...\{CF1E4E82-8AA5-6ECD-43E0-328260053840}) (Version: 2017.0505.1651.28515 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization SV (HKLM\...\{E644F3CF-DD3E-362A-FC78-5340A67D0E0D}) (Version: 2017.0505.1651.28515 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization TH (HKLM\...\{C51A1ED6-AA6F-80AD-66F4-511F63C1FEF6}) (Version: 2017.0505.1651.28515 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization TR (HKLM\...\{1E3F91A3-ECBA-9D86-9F69-04C333638B11}) (Version: 2017.0505.1651.28515 - Advanced Micro Devices, Inc.) Hidden CutePDF Writer 3.1 (HKLM\...\CutePDF Writer Installation) (Version: 3.1 - Acro Software Inc.) Dell Customer Connect (HKLM-x32\...\{04A41EBC-AB30-4574-A14D-E0CDFE31AB70}) (Version: 1.5.1.0 - Dell Inc.) Dell Digital Delivery (HKLM-x32\...\{4B38FF9D-7308-411D-93BF-CCF259B476ED}) (Version: 3.5.2013.0 - Dell Products, LP) Dell Help & Support (HKLM\...\{8917AEA5-01A5-476F-AA27-A52EA6C94212}) (Version: 2.6.1.0 - Dell Inc.) Hidden Dell Help & Support (HKLM-x32\...\InstallShield_{8917AEA5-01A5-476F-AA27-A52EA6C94212}) (Version: 2.6.1.0 - Dell Inc.) Dell Product Registration (HKLM-x32\...\InstallShield_{48114909-3C3B-43E6-BF98-AE9C396500A3}) (Version: 3.0.127.0 - Dell Inc.) Dell SupportAssist (HKLM\...\{95BD6E30-2B18-4FB0-B5AE-8250E5584831}) (Version: 3.3.3.13 - Dell Inc.) Dell SupportAssist Remediation (HKLM\...\{5832D99C-C9C6-437F-861C-43ED6333956F}) (Version: 4.1.0.6828 - Dell Inc.) Hidden Dell SupportAssist Remediation (HKLM-x32\...\{48253a97-70d4-4166-9a2b-80b3bb2fcc75}) (Version: 4.1.0.6828 - Dell Inc.) Dell Touchpad (HKLM\...\SynTPDeinstKey) (Version: 19.2.17.70 - Synaptics Incorporated) Dell Update - SupportAssist Update Plugin (HKLM\...\{77C86F54-9452-4EB6-B4C3-8A57FBF72D2B}) (Version: 4.4.0.9836 - Dell Inc.) Hidden Dell Update - SupportAssist Update Plugin (HKLM-x32\...\{d2a00335-3e50-405c-8c5d-32e2a636bbe1}) (Version: 4.4.0.9836 - Dell Inc.) Dell Update (HKLM-x32\...\{5EBBC1DA-975F-44A0-B438-F325BCD45577}) (Version: 3.0.1 - Dell Inc.) Dropbox 20 GB (HKLM-x32\...\{0867A88D-764F-366E-9E21-130DA8B472C3}) (Version: 3.1.18.0 - Dropbox, Inc.) Dropbox Update Helper (HKLM-x32\...\{099218A5-A723-43DC-8DB5-6173656A1E94}) (Version: 1.3.241.1 - Dropbox, Inc.) Hidden Free Audio Editor (HKLM-x32\...\Free Audio Editor_is1) (Version: 1.1.35.831 - Digital Wave Ltd) Free Studio (HKLM-x32\...\Free Studio_is1) (Version: 6.7.0.712 - Digital Wave Ltd) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 78.0.3904.97 - Google LLC) Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.35.341 - Google LLC) Hidden Instagiffer version 1.75 (HKLM-x32\...\{13DEF8F8-5280-4555-95A4-E815C3F9540F}_is1) (Version: 1.75 - Justin Todd) Intel(R) Chipset Device Software (HKLM-x32\...\{60c073df-e736-4210-9c3a-5fc2b651cef3}) (Version: 10.1.1.7 - Intel(R) Corporation) Hidden Intel(R) HID Event Filter (HKLM-x32\...\3FB06EEC-013D-4366-9918-71B97DFB84EB) (Version: 1.1.0.310 - Intel Corporation) Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.7.0.1058 - Intel Corporation) Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 22.20.16.4836 - Intel Corporation) Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 14.8.9.1053 - Intel Corporation) Intel(R) Serial IO (HKLM\...\{9FD91C5C-44AE-4D9D-85BE-AE52816B0294}) (Version: 30.100.1519.7 - Intel Corporation) Intel(R) Trusted Connect Service Client x86 (HKLM-x32\...\{C9552825-7BF2-4344-BA91-D3CD46F4C441}) (Version: 1.48.139.0 - Intel Corporation) Hidden Intel(R) Trusted Connect Services Client (HKLM-x32\...\{fd62de85-bda9-4280-a95b-fa2f86e0dc58}) (Version: 1.48.139.0 - Intel Corporation) Hidden Intel(R) Wireless Bluetooth(R) (HKLM-x32\...\{00001090-0200-1033-84C8-B8D95FA3C8C3}) (Version: 20.90.1 - Intel Corporation) Intel® PROSet/Wireless Software (HKLM-x32\...\{7f55d00c-cc02-4c82-b569-466f4d954c48}) (Version: 20.120.1 - Intel Corporation) Intel® Security Assist (HKLM-x32\...\{4B230374-6475-4A73-BA6E-41015E9C5013}) (Version: 1.0.0.532 - Intel Corporation) Intel® Software Guard Extensions Platform Software (HKLM\...\{10307C17-F7FD-405D-9F3B-0BF66EA43857}) (Version: 1.0.26920.1393 - Intel Corporation) iTunes (HKLM\...\{00ECC1A0-72EC-4E21-A03E-A9242A92CE1F}) (Version: 12.9.6.3 - Apple Inc.) Joyoshare Media Cutter 3.2.0.43 (HKLM-x32\...\Joyoshare Media Cutter_is1) (Version: - Joyoshare, Inc.) Malwarebytes version 4.0.4.49 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.0.4.49 - Malwarebytes) Maxx Audio Installer (x64) (HKLM\...\{307032B2-6AF2-46D7-B933-62438DEB2B9A}) (Version: 2.6.9060.3 - Waves Audio Ltd.) Hidden McAfee WebAdvisor (HKLM-x32\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 4.1.0.102 - McAfee, LLC.) Microsoft ASP.NET MVC 2 (HKLM-x32\...\{DD8FF2F3-0D97-4CF3-AF78-FA0E1B242244}) (Version: 2.0.60926.0 - Microsoft Corporation) Microsoft Office 365 ProPlus - en-us (HKLM\...\O365ProPlusRetail - en-us) (Version: 16.0.11328.20438 - Microsoft Corporation) Microsoft OneDrive (HKU\S-1-5-21-237224756-2638106951-3263937477-1001\...\OneDriveSetup.exe) (Version: 19.174.0902.0013 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50918.0 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40660 (HKLM-x32\...\{ef6b00ec-13e1-4c25-9064-b2f383cb8412}) (Version: 12.0.40660.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation) Microsoft Visual C++ 2017 Redistributable (x64) - 14.11.25325 (HKLM-x32\...\{6c6356fe-cbfa-4944-9bed-a9e99f45cb7a}) (Version: 14.11.25325.0 - Microsoft Corporation) mIRC (HKLM-x32\...\mIRC) (Version: 7.44 - mIRC Co. Ltd.) Mozilla Firefox 65.0.1 (x64 en-US) (HKLM\...\Mozilla Firefox 65.0.1 (x64 en-US)) (Version: 65.0.1 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 65.0.1.6981 - Mozilla) Mp3 Volumer v1.3 (HKLM-x32\...\Mp3 Volumer_is1) (Version: 1.3.0.0 - Mp3 Volumer) OEM Application Profile (HKLM-x32\...\{12C2AEB0-ED60-4CCF-DD83-C65BC7CCFB50}) (Version: 1.00.0000 - Advanced Micro Devices, Inc.) OEM Application Profile (HKLM-x32\...\{B4B7FD8F-06FC-E277-4F29-8F75F8281D8F}) (Version: 1.00.0000 - Advanced Micro Devices, Inc.) Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.11328.20438 - Microsoft Corporation) Hidden Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.11328.20438 - Microsoft Corporation) Hidden Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.11328.20438 - Microsoft Corporation) Hidden Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0409-0000-0000000FF1CE}) (Version: 16.0.11328.20438 - Microsoft Corporation) Hidden Product Registration (HKLM\...\{48114909-3C3B-43E6-BF98-AE9C396500A3}) (Version: 3.0.127.0 - Dell Inc.) Hidden PX Profile Update (HKLM-x32\...\{0D5E5C9A-84C2-D3E9-30EE-1836BA479E0E}) (Version: 1.00.1. - AMD) Hidden PX Profile Update (HKLM-x32\...\{6551EEEC-4938-70FF-77EB-E83D1E3E88C8}) (Version: 1.00.1. - AMD) Hidden PX Profile Update (HKLM-x32\...\{B25A29B4-A7BA-F6EF-B546-04526CDF28D0}) (Version: 1.00.1. - AMD) Hidden PX Profile Update (HKLM-x32\...\{C51F4B50-9A88-F6B4-F3B2-9A32B8ED9A3F}) (Version: 1.00.1. - AMD) Hidden qBittorrent 4.1.7 (HKLM-x32\...\qBittorrent) (Version: 4.1.7 - The qBittorrent project) QQ International (HKLM-x32\...\{3CA54984-A14B-42FE-9FF1-7EA90151D725}) (Version: 1.91.1369.0 - Tencent Technology(Shenzhen) Company Limited) Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.10125.31214 - Realtek Semiconductor Corp.) Realtek Ethernet Controller All-In-One Windows Driver (HKLM-x32\...\{F7E7F0CB-AA41-4D5A-B6F2-8E6738EB063F}) (Version: 10.19.627.2017 - Realtek) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8142 - Realtek Semiconductor Corp.) Recuva (HKLM\...\Recuva) (Version: 1.53 - Piriform) UiPath Studio (HKU\S-1-5-21-237224756-2638106951-3263937477-1001\...\UiPath) (Version: 19.10.0-beta0484 - UiPath) Unlocker 1.9.2 (HKLM\...\Unlocker) (Version: 1.9.2 - Cedrick Collomb) Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{16AD6161-2E47-4BF1-AA77-0946EFE93E08}) (Version: 2.61.0.0 - Microsoft Corporation) VEGAS Pro 14.0 (64-bit) (HKLM\...\{A91B8400-BE51-11E6-B89B-BE9B4130C4C9}) (Version: 14.0.211 - VEGAS) VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.2 - VideoLAN) VSDC Free Video Editor version 6.3.9.49 (HKLM\...\VSDC Free Video Editor_is1) (Version: 6.3.9.49 - Flash-Integro LLC) Vulkan Run Time Libraries 1.0.33.0 (HKLM\...\VulkanRT1.0.33.0) (Version: 1.0.33.0 - LunarG, Inc.) Vulkan Run Time Libraries 1.0.39.1 (HKLM\...\VulkanRT1.0.39.1) (Version: 1.0.39.1 - LunarG, Inc.) Vulkan Run Time Libraries 1.0.54.1 (HKLM\...\VulkanRT1.0.54.1) (Version: 1.0.54.1 - Intel Corporation Inc.) Hidden Vulkan Run Time Libraries 1.0.54.1 (HKLM\...\VulkanRT1.0.54.1-2) (Version: 1.0.54.1 - Intel Corporation Inc.) Vulkan Run Time Libraries 1.0.61.0 (HKLM\...\VulkanRT1.0.61.0) (Version: 1.0.61.0 - LunarG, Inc.) Hidden Vulkan Run Time Libraries 1.0.61.0 (HKLM\...\VulkanRT1.0.61.0-2) (Version: 1.0.61.0 - LunarG, Inc.) Hidden Vulkan Run Time Libraries 1.0.65.1 (HKLM\...\VulkanRT1.0.65.1) (Version: 1.0.65.1 - LunarG, Inc.) Hidden Vulkan Run Time Libraries 1.0.65.1 (HKLM\...\VulkanRT1.0.65.1-2) (Version: 1.0.65.1 - LunarG, Inc.) Hidden WinRAR 5.31 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.31.0 - win.rar GmbH) WinRAR 5.31 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.31.0 - win.rar GmbH) ZPN Connect (HKLM-x32\...\ZPN Connect) (Version: - ZPN) 优酷 (HKLM-x32\...\YoukuClient) (Version: 7.7.1.1283 - youkutudou, Inc.) 爱剪辑 正式版 V3.0 (HKLM\...\爱剪辑_is1) (Version: - 爱剪辑) 百度网盘 (HKLM-x32\...\百度云管家) (Version: 5.5.2 - 百度在线网络技术(北京)有限公司) 腾讯QQ (HKLM-x32\...\{052CFB79-9D62-42E3-8A15-DE66C2C97C3E}) (Version: 9.1.8.26211 - 腾讯科技(深圳)有限公司) Packages: ========= Candy Crush Soda Saga -> C:\Program Files\WindowsApps\king.com.CandyCrushSodaSaga_1.151.300.0_x86__kgqvnymyfvs32 [2019-11-02] (king.com) Canon Inkjet Print Utility -> C:\Program Files\WindowsApps\34791E63.CanonInkjetPrintUtility_2.8.0.1_neutral__6e5tt8cgb93ep [2019-05-23] (Canon Inc.) Dell SupportAssist for PCs -> C:\Program Files\WindowsApps\DellInc.DellSupportAssistforPCs_3.3.8.0_x64__htrsf667h5kn2 [2019-09-17] (Dell Inc) Fitbit -> C:\Program Files\WindowsApps\Fitbit.Fitbit_2.44.1997.0_x64__6mqt6hf9g46tw [2019-10-05] (Fitbit) Mail and Calendar -> C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.12026.20368.0_x64__8wekyb3d8bbwe [2019-11-05] (Microsoft Corporation) [MS Ad] Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2019-02-09] (Microsoft Corporation) [MS Ad] Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-02-09] (Microsoft Corporation) [MS Ad] Microsoft News -> C:\Program Files\WindowsApps\Microsoft.BingNews_4.32.12463.0_x64__8wekyb3d8bbwe [2019-09-11] (Microsoft Corporation) [MS Ad] Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.4.11052.0_x64__8wekyb3d8bbwe [2019-11-08] (Microsoft Studios) [MS Ad] MSN Money -> C:\Program Files\WindowsApps\Microsoft.BingFinance_4.31.11905.0_x64__8wekyb3d8bbwe [2019-07-19] (Microsoft Corporation) [MS Ad] MSN Sport -> C:\Program Files\WindowsApps\Microsoft.BingSports_4.31.11905.0_x64__8wekyb3d8bbwe [2019-07-19] (Microsoft Corporation) [MS Ad] MSN Weather -> C:\Program Files\WindowsApps\Microsoft.BingWeather_4.32.12463.0_x64__8wekyb3d8bbwe [2019-09-11] (Microsoft Corporation) [MS Ad] Photos Add-on -> C:\Program Files\WindowsApps\Microsoft.Windows.Photos.DLC.Main_2017.39121.36610.0_x64__8wekyb3d8bbwe [2019-07-13] (Microsoft Corporation) Photos Media Engine Add-on -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2019-11-06] (Microsoft Corporation) Power BI Desktop -> C:\Program Files\WindowsApps\Microsoft.MicrosoftPowerBIDesktop_2.74.5624.0_x64__8wekyb3d8bbwe [2019-10-24] (Microsoft Corporation) Twitter -> C:\Program Files\WindowsApps\9E2F88E3.Twitter_6.1.4.1000_neutral__wgeqdkkx372wm [2018-09-08] (Twitter Inc.) Video Cutter Editor -> C:\Program Files\WindowsApps\22546Cidade.VideoCutterEditor_4.1.15.0_x64__cjt5542sbwgmj [2019-11-07] (Cidade) [MS Ad] ==================== Custom CLSID (Whitelisted): ============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) CustomCLSID: HKU\S-1-5-21-237224756-2638106951-3263937477-1001_Classes\CLSID\{679F137C-3162-45da-BE3C-2F9C3D093F64}\Shell\Open\Command -> C:\Users\anime\AppData\Roaming\baidu\BaiduNetdisk\BaiduNetdisk.exe (Beijing Baidu Netcom Science and Technology Co.,Ltd -> ) CustomCLSID: HKU\S-1-5-21-237224756-2638106951-3263937477-1001_Classes\CLSID\{679F137C-3162-45da-BE3C-2F9C3D093F64} -> [百度网盘] => C:\Users\anime\AppData\Roaming\baidu\BaiduNetdisk\ [0000-00-00 00:00] ContextMenuHandlers1: [FormatFactoryShell] -> {A3777921-CFD3-4A6B-89BF-08E6B95716E8} => C:\Program Files (x86)\FormatFactory\ShellEx64_103.dll [2013-06-18] (Free Time) [File not signed] ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-02-04] (win.rar GmbH -> Alexander Roshal) ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2016-02-04] (win.rar GmbH -> Alexander Roshal) ContextMenuHandlers1: [YunShellExt] -> {6D85624F-305A-491d-8848-C1927AA0D790} => C:\Users\anime\AppData\Roaming\baidu\BaiduNetdisk\YunShellExt64.dll [2019-08-15] (Beijing Baidu Netcom Science and Technology Co.,Ltd -> ) ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2016-12-14] (Malwarebytes Corporation -> Malwarebytes) ContextMenuHandlers3: [UnlockerShellExtension] -> {DDE4BEEB-DDE6-48fd-8EB5-035C09923F83} => C:\Program Files\Unlocker\UnlockerCOM.dll [2010-07-15] (Empty Loop -> ) ContextMenuHandlers4: [FormatFactoryShell] -> {A3777921-CFD3-4A6B-89BF-08E6B95716E8} => C:\Program Files (x86)\FormatFactory\ShellEx64_103.dll [2013-06-18] (Free Time) [File not signed] ContextMenuHandlers4: [RecuvaShellExt] -> {435E5DF5-2510-463C-B223-BDA47006D002} => C:\Program Files\Recuva\RecuvaShell64.dll [2016-06-06] (Piriform Ltd -> Piriform Ltd) ContextMenuHandlers4: [YunShellExt] -> {6D85624F-305A-491d-8848-C1927AA0D790} => C:\Users\anime\AppData\Roaming\baidu\BaiduNetdisk\YunShellExt64.dll [2019-08-15] (Beijing Baidu Netcom Science and Technology Co.,Ltd -> ) ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files\AMD\CNext\CNext\atiacm64.dll [2017-10-26] (Advanced Micro Devices, Inc.) [File not signed] ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\System32\DriverStore\FileRepository\ki127176.inf_amd64_86c658cabfb17c9c\igfxDTCM.dll [2018-03-22] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation) ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2016-12-14] (Malwarebytes Corporation -> Malwarebytes) ContextMenuHandlers6: [RecuvaShellExt] -> {435E5DF5-2510-463C-B223-BDA47006D002} => C:\Program Files\Recuva\RecuvaShell64.dll [2016-06-06] (Piriform Ltd -> Piriform Ltd) ContextMenuHandlers6: [UnlockerShellExtension] -> {DDE4BEEB-DDE6-48fd-8EB5-035C09923F83} => C:\Program Files\Unlocker\UnlockerCOM.dll [2010-07-15] (Empty Loop -> ) ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-02-04] (win.rar GmbH -> Alexander Roshal) ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2016-02-04] (win.rar GmbH -> Alexander Roshal) ==================== Codecs (Whitelisted) ==================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Drivers32: [msacm.voxacm160] => C:\WINDOWS\system32\vct3216.acm [82944 2003-05-21] (Voxware, Inc.) [File not signed] HKLM\...\Drivers32: [msacm.scg726] => C:\WINDOWS\system32\scg726.acm [13239 2000-03-14] (SHARP Corporation) [File not signed] HKLM\...\Drivers32: [msacm.alf2cd] => C:\WINDOWS\system32\alf2cd.acm [38912 2003-05-21] (NCT Company) [File not signed] HKLM\...\Drivers32: [msacm.ac3acm] => C:\WINDOWS\system32\AC3ACM.acm [81920 2004-02-04] (fccHandler) [File not signed] HKLM\...\Drivers32: [msacm.lame] => C:\WINDOWS\system32\lame.ax [245760 2005-08-01] () [File not signed] HKLM\...\Drivers32: [vidc.dvsd] => C:\WINDOWS\system32\mcdvd_32.dll [261632 2003-05-21] (MainConcept) [File not signed] HKLM\...\Drivers32: [vidc.mpg4] => C:\WINDOWS\system32\mpg4c32.dll [413760 2002-08-19] (Microsoft Corporation) [File not signed] HKLM\...\Drivers32: [vidc.mp42] => C:\WINDOWS\system32\mpg4c32.dll [413760 2002-08-19] (Microsoft Corporation) [File not signed] HKLM\...\Drivers32: [vidc.mp43] => C:\WINDOWS\system32\mpg4c32.dll [413760 2002-08-19] (Microsoft Corporation) [File not signed] HKLM\...\Drivers32: [vidc.xvid] => C:\WINDOWS\system32\xvidvfw.dll [139264 2004-07-03] () [File not signed] HKLM\...\Drivers32: [vidc.DIVX] => C:\WINDOWS\system32\DivX.dll [638976 2003-05-22] (DivXNetworks, Inc.) [File not signed] HKLM\...\Drivers32: [vidc.VP60] => C:\WINDOWS\system32\vp6vfw.dll [438272 2004-12-10] (On2.com) [File not signed] HKLM\...\Drivers32: [vidc.VP61] => C:\WINDOWS\system32\vp6vfw.dll [438272 2004-12-10] (On2.com) [File not signed] HKLM\...\Drivers32: [vidc.VP62] => C:\WINDOWS\system32\vp6vfw.dll [438272 2004-12-10] (On2.com) [File not signed] HKLM\...\Drivers32: [vidc.LAGS] => C:\WINDOWS\system32\lagarith.dll [216064 2011-12-07] ( ) [File not signed] ==================== Shortcuts & WMI ======================== ==================== Loaded Modules (Whitelisted) ============= 2015-02-03 19:42 - 2015-02-03 19:42 - 000544817 _____ () [File not signed] C:\Program Files (x86)\ZPN Connect\libgcc_s_dw2-1.dll 2015-02-03 19:42 - 2015-02-03 19:42 - 000989805 _____ () [File not signed] C:\Program Files (x86)\ZPN Connect\libstdc++-6.dll 2017-06-05 05:33 - 2017-06-05 05:33 - 000015360 _____ () [File not signed] C:\Program Files\AMD\CNext\CNext\libEGL.DLL 2017-06-05 05:33 - 2017-06-05 05:33 - 002519040 _____ () [File not signed] C:\Program Files\AMD\CNext\CNext\libGLESv2.dll 2015-02-03 19:42 - 2015-02-03 19:42 - 002866688 _____ (Digia Plc and/or its subsidiary(-ies)) [File not signed] C:\Program Files (x86)\ZPN Connect\QtCore4.dll 2015-02-03 19:42 - 2015-02-03 19:42 - 001254400 _____ (Digia Plc and/or its subsidiary(-ies)) [File not signed] C:\Program Files (x86)\ZPN Connect\QtNetwork4.dll 2013-06-18 01:33 - 2013-06-18 01:33 - 000090112 _____ (Free Time) [File not signed] C:\Program Files (x86)\FormatFactory\ShellEx64_103.dll 2016-03-13 23:34 - 2016-03-13 23:34 - 000000000 ____L (Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\root\Office16\AppVIsvSubsystems32.dll 2016-03-13 23:34 - 2016-03-13 23:34 - 000000000 ____L (Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\root\Office16\c2r32.dll 2015-02-03 19:42 - 2015-02-03 19:42 - 000073901 _____ (MingW-W64 Project. All rights reserved.) [File not signed] C:\Program Files (x86)\ZPN Connect\libwinpthread-1.dll 2017-06-05 05:33 - 2017-06-05 05:33 - 000032768 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qgif.dll 2017-06-05 05:33 - 2017-06-05 05:33 - 000039936 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qicns.dll 2017-06-05 05:33 - 2017-06-05 05:33 - 000034816 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qico.dll 2017-06-05 05:33 - 2017-06-05 05:33 - 000237568 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qjpeg.dll 2017-06-05 05:33 - 2017-06-05 05:33 - 000025600 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qsvg.dll 2017-06-05 05:33 - 2017-06-05 05:33 - 000025600 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qtga.dll 2017-06-05 05:33 - 2017-06-05 05:33 - 000024064 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qwbmp.dll 2017-06-05 05:33 - 2017-06-05 05:33 - 000481792 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qwebp.dll 2017-06-05 05:33 - 2017-06-05 05:33 - 001336832 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\platforms\qwindows.dll 2017-06-05 05:32 - 2017-06-05 05:32 - 001136128 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Charts.dll 2017-10-26 20:20 - 2017-10-26 20:20 - 005766144 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Core.dll 2017-06-05 05:32 - 2017-06-05 05:32 - 006045696 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Gui.dll 2017-06-05 05:32 - 2017-06-05 05:32 - 001204736 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Network.dll 2017-06-05 05:32 - 2017-06-05 05:32 - 003234304 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Qml.dll 2017-06-05 05:33 - 2017-06-05 05:33 - 003406848 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Quick.dll 2017-06-05 05:33 - 2017-06-05 05:33 - 000328704 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Svg.dll 2017-06-05 05:33 - 2017-06-05 05:33 - 005523456 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Widgets.dll 2017-06-05 05:33 - 2017-06-05 05:33 - 000283136 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5WinExtras.dll 2017-06-05 05:33 - 2017-06-05 05:33 - 000194560 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Xml.dll 2017-06-05 05:33 - 2017-06-05 05:33 - 000049152 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\QtGraphicalEffects\private\qtgraphicaleffectsprivate.dll 2017-06-05 05:33 - 2017-06-05 05:33 - 000018432 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\QtGraphicalEffects\qtgraphicaleffectsplugin.dll 2017-06-05 05:33 - 2017-06-05 05:33 - 000018432 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick.2\qtquick2plugin.dll 2017-06-05 05:33 - 2017-06-05 05:33 - 000311296 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick\Controls\qtquickcontrolsplugin.dll 2017-06-05 05:33 - 2017-06-05 05:33 - 000139264 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick\Dialogs\dialogplugin.dll 2017-06-05 05:33 - 2017-06-05 05:33 - 000089600 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick\Layouts\qquicklayoutsplugin.dll 2017-06-05 05:33 - 2017-06-05 05:33 - 000018432 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick\Window.2\windowplugin.dll 2016-12-20 23:34 - 2016-12-08 10:15 - 000038912 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\imageformats\qdds.dll 2016-12-20 23:34 - 2016-12-08 10:15 - 000024576 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\imageformats\qgif.dll 2016-12-20 23:34 - 2016-12-08 10:15 - 000030720 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\imageformats\qicns.dll 2016-12-20 23:34 - 2016-12-08 10:15 - 000018432 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\imageformats\qtga.dll 2016-12-20 23:34 - 2016-12-08 10:15 - 000313344 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\imageformats\qtiff.dll 2016-12-20 23:34 - 2016-12-08 10:15 - 000017920 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\imageformats\qwbmp.dll 2016-12-20 23:34 - 2016-12-08 10:16 - 000324608 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\imageformats\qwebp.dll ==================== Alternate Data Streams (Whitelisted) ======== ==================== Safe Mode (Whitelisted) ================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service" ==================== Association (Whitelisted) ================= ==================== Internet Explorer trusted/restricted ========== ==================== Hosts content: ========================= (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2015-10-30 15:24 - 2016-12-09 21:36 - 000000027 _____ C:\WINDOWS\system32\drivers\etc\hosts 127.0.0.1 localhost ==================== Other Areas =========================== (Currently there is no automatic fix for this section.) HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static;c:\Program Files\Intel\IntelSGXPSW\bin\x64\Release\;c:\Program Files\Intel\IntelSGXPSW\bin\win32\Release\;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;%SYSTEMROOT%\System32\OpenSSH\;C:\Program Files\Intel\WiFi\bin\;C:\Program Files\Common Files\Intel\WirelessCommon\ HKU\S-1-5-21-237224756-2638106951-3263937477-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\anime\Pictures\My stuff\Anime\Violet_Evergarden_anime_girls_Violet_Evergarden_anime_water_umbrella-1300949.jpg DNS Servers: 192.168.1.254 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == (If an entry is included in the fixlist, it will be removed.) HKLM\...\StartupApproved\Run: => "iTunesHelper" HKLM\...\StartupApproved\Run: => "Malwarebytes TrayApp" HKLM\...\StartupApproved\Run32: => "YoukuMediaCenter" HKU\S-1-5-21-237224756-2638106951-3263937477-1001\...\StartupApproved\Run: => "OneDrive" HKU\S-1-5-21-237224756-2638106951-3263937477-1001\...\StartupApproved\Run: => "FlashGet 3" HKU\S-1-5-21-237224756-2638106951-3263937477-1001\...\StartupApproved\Run: => "YoukuMediaCenter" HKU\S-1-5-21-237224756-2638106951-3263937477-1001\...\StartupApproved\Run: => "BaiduYunDetect" ==================== FirewallRules (Whitelisted) ================ (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [{D7633093-967F-46D5-80AC-D87CB2E46BA5}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe (Intel Corporation -> ) FirewallRules: [{E8E6B6A7-5C78-4A28-9B12-35E6F2A01186}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{262F79BF-B00A-4F2D-A0A5-F6478CCAC7EE}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{0852989A-585B-493C-B372-29D0ACCDA9B4}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{ED29C3D2-F9F7-46E0-BE0F-E9EA50D751C8}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{FB63FD93-D997-464F-847B-F0D45A8B308D}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{8755E594-D5C5-4585-BD49-9FDE88B7F525}] => (Allow) C:\Program Files (x86)\AlibabaProtect\1.0.20.850\AlibabaProtect.exe (Alibaba (China) Network Technology Co.,Ltd. -> 阿里巴巴(中国)软件有限公司) FirewallRules: [{E405366C-DA51-4867-B465-22436E3737B8}] => (Allow) C:\Program Files (x86)\AlibabaProtect\1.0.20.850\AlibabaProtect.exe (Alibaba (China) Network Technology Co.,Ltd. -> 阿里巴巴(中国)软件有限公司) FirewallRules: [{AB548649-3BA3-436D-855F-F1BD7E1C7285}] => (Allow) C:\Program Files (x86)\FormatFactory\FormatFactory.exe (Free Time Co., Ltd. -> Free Time Co., Ltd.) FirewallRules: [{A2B1BA52-D1E4-4FA3-A093-616809861DE5}] => (Allow) C:\Program Files (x86)\FormatFactory\FFModules\Encoder\Doc\EBookCodec.exe (Free Time Co., Ltd. -> Free Time Co., Ltd.) FirewallRules: [{1B9FDA86-C6A9-4D96-B75F-BC86EAD4C646}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation) FirewallRules: [{77337F39-B7E8-4BE6-90B3-72F2E2902B78}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation) FirewallRules: [{54819977-BA7E-42A1-93A2-C1D32C5CB4C5}] => (Allow) C:\Program Files (x86)\FormatFactory\FFModules\Encoder\Doc\EBookCodec.exe (Free Time Co., Ltd. -> Free Time Co., Ltd.) FirewallRules: [{5BB2BAA9-69A4-42BC-97FE-9254C9B8B852}] => (Allow) C:\Program Files (x86)\FormatFactory\FormatFactory.exe (Free Time Co., Ltd. -> Free Time Co., Ltd.) FirewallRules: [{D1E1AD11-F6DB-4F9C-952E-6CB4A22A5A90}] => (Allow) C:\Program Files (x86)\FormatFactory\FFModules\Encoder\Doc\EBookCodec.exe (Free Time Co., Ltd. -> Free Time Co., Ltd.) FirewallRules: [{440F7831-9D50-4729-B4B0-45C1F67B26F2}] => (Allow) C:\Program Files (x86)\FormatFactory\FormatFactory.exe (Free Time Co., Ltd. -> Free Time Co., Ltd.) FirewallRules: [{02A41578-0534-48E8-8EEB-2E40C0EDAACB}] => (Allow) C:\Program Files (x86)\FormatFactory\FFModules\Package\PTInstOnline.exe (Free Time Co., Ltd. -> Free Time) FirewallRules: [{F19E8A84-0738-4CAA-9E15-AA210E718231}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.) FirewallRules: [{1DD8C292-FFC5-4751-96E2-00F6012D7820}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.) FirewallRules: [{4C1B637B-534D-4F3B-B93E-E7AC756A8AB1}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.) FirewallRules: [{C9B2F7DD-79B0-4C5B-A4A4-776CE7B158E3}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.) FirewallRules: [{8F1A3497-DF97-4B20-860D-D431E5920618}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc. -> Apple Inc.) FirewallRules: [{69724467-D59D-44DE-BD78-1DEB3C22815C}] => (Allow) C:\Program Files\iTunes\iTunes.exe (Apple Inc. -> Apple Inc.) FirewallRules: [{88761229-3663-4CB4-B15A-3586B44993FD}] => (Allow) C:\Program Files (x86)\qBittorrent\qbittorrent.exe () [File not signed] FirewallRules: [{C8411646-283A-49AD-8A1C-ED541A536D1B}] => (Allow) C:\Program Files (x86)\qBittorrent\qbittorrent.exe () [File not signed] FirewallRules: [{449B58BA-45E5-4389-86DE-535E4AF0C3E7}] => (Allow) C:\Program Files (x86)\DVDVideoSoft\Free Torrent Download\FreeTorrentDownload.exe (Digital Wave Ltd -> DVDVideoSoft Ltd.) FirewallRules: [{5FB1A53F-3925-446A-821B-FE13C1B7B094}] => (Allow) C:\Program Files (x86)\DVDVideoSoft\Free Torrent Download\FreeTorrentDownload.exe (Digital Wave Ltd -> DVDVideoSoft Ltd.) FirewallRules: [{0969CED6-A190-4941-9D14-58323488CE80}] => (Allow) C:\Program Files\FlashIntegro\VideoEditor\VideoEditor.exe (Vector -> Flash-Integro LLC) FirewallRules: [{B9CC9F01-EE88-4169-A5CA-110DCA38F302}] => (Allow) C:\Program Files\FlashIntegro\VideoEditor\VideoEditor.exe (Vector -> Flash-Integro LLC) FirewallRules: [{43FBC616-2D6E-4ECB-AB08-3457615D4F01}] => (Allow) C:\Program Files\FlashIntegro\VideoEditor\Activation.exe (Vector -> Flash-Integro LLC) FirewallRules: [{1EB2BE7E-D4E1-4CD4-B693-C91E2291178B}] => (Allow) C:\Program Files\FlashIntegro\VideoEditor\Activation.exe (Vector -> Flash-Integro LLC) FirewallRules: [{9C692B30-7DBA-4E90-AB35-FF323176CEB5}] => (Allow) C:\Program Files\FlashIntegro\VideoEditor\Updater.exe (Vector -> Flash-Integro LLC) FirewallRules: [{B7AACF99-7300-49AD-AFB0-234CCC30FF04}] => (Allow) C:\Program Files\FlashIntegro\VideoEditor\Updater.exe (Vector -> Flash-Integro LLC) FirewallRules: [{F53647C8-129D-4F32-9970-8F2B8B4C83A2}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC) StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\FlashGet Network\FlashGet 3\FlashGet3.exe] => Enabled:Flashget3 ==================== Restore Points ========================= 31-10-2019 23:42:45 Windows Update 05-11-2019 11:32:40 Windows Update 08-11-2019 21:49:48 Windows Update ==================== Faulty Device Manager Devices ============ ==================== Event log errors: ======================== Application errors: ================== Error: (11/09/2019 07:00:51 PM) (Source: ESENT) (EventID: 455) (User: ) Description: svchost (5324,R,98) TILEREPOSITORYS-1-5-18: Error -1023 (0xfffffc01) occurred while opening logfile C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log. Error: (11/09/2019 06:48:31 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: DeliveryService.exe, version: 3.5.2013.0, time stamp: 0x5d025c33 Faulting module name: KERNELBASE.dll, version: 10.0.18362.418, time stamp: 0x2b181c2c Exception code: 0xe0434352 Fault offset: 0x00113572 Faulting process id: 0x2fd8 Faulting application start time: 0x01d596eb37427ba8 Faulting application path: C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe Faulting module path: C:\WINDOWS\System32\KERNELBASE.dll Report Id: 78056d3f-7dcd-4b85-9bfd-6bc4b1d98e58 Faulting package full name: Faulting package-relative application ID: Error: (11/09/2019 06:48:27 PM) (Source: .NET Runtime) (EventID: 1026) (User: ) Description: Application: DeliveryService.exe Framework Version: v4.0.30319 Description: The process was terminated due to an unhandled exception. Exception Info: System.IO.FileNotFoundException at Dell.ClientFulfillmentService.ClientFulfillmentService.RetrieveAppConfig() at Dell.ClientFulfillmentService.ClientFulfillmentService.ProcessAppConfig() at Dell.ClientFulfillmentService.ClientFulfillmentService.InitializeService(System.Object) at System.Threading.TimerQueueTimer.CallCallbackInContext(System.Object) at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean) at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean) at System.Threading.TimerQueueTimer.CallCallback() at System.Threading.TimerQueueTimer.Fire() at System.Threading.TimerQueue.FireNextTimers() at System.Threading.TimerQueue.AppDomainTimerCallback(Int32) Error: (11/09/2019 06:39:05 PM) (Source: Office 2016 Licensing Service) (EventID: 0) (User: ) Description: Event-ID 0 Error: (11/09/2019 06:28:51 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: DeliveryService.exe, version: 3.5.2013.0, time stamp: 0x5d025c33 Faulting module name: KERNELBASE.dll, version: 10.0.18362.418, time stamp: 0x2b181c2c Exception code: 0xe0434352 Fault offset: 0x00113572 Faulting process id: 0xcc8 Faulting application start time: 0x01d596e87162d46b Faulting application path: C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe Faulting module path: C:\WINDOWS\System32\KERNELBASE.dll Report Id: e339bb22-0ab0-4542-9cf7-55220a561f3d Faulting package full name: Faulting package-relative application ID: Error: (11/09/2019 06:28:44 PM) (Source: .NET Runtime) (EventID: 1026) (User: ) Description: Application: DeliveryService.exe Framework Version: v4.0.30319 Description: The process was terminated due to an unhandled exception. Exception Info: System.IO.FileNotFoundException at Dell.ClientFulfillmentService.ClientFulfillmentService.RetrieveAppConfig() at Dell.ClientFulfillmentService.ClientFulfillmentService.ProcessAppConfig() at Dell.ClientFulfillmentService.ClientFulfillmentService.InitializeService(System.Object) at System.Threading.TimerQueueTimer.CallCallbackInContext(System.Object) at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean) at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean) at System.Threading.TimerQueueTimer.CallCallback() at System.Threading.TimerQueueTimer.Fire() at System.Threading.TimerQueue.FireNextTimers() at System.Threading.TimerQueue.AppDomainTimerCallback(Int32) Error: (11/08/2019 11:44:00 PM) (Source: ESENT) (EventID: 455) (User: ) Description: svchost (4596,R,98) TILEREPOSITORYS-1-5-18: Error -1023 (0xfffffc01) occurred while opening logfile C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log. Error: (11/08/2019 10:48:10 PM) (Source: Service1) (EventID: 0) (User: ) Description: Failed in handling the PowerEvent. The error that occurred was: System.ArgumentOutOfRangeException: Time-out interval must be less than 2^32-2. Parameter name: dueTm at System.Threading.Timer..ctor(TimerCallback callback, Object state, TimeSpan dueTime, TimeSpan period) at OTBSurvey.Controller.SetSurveyRequestTimer() at OTBSurvey.OTBSurveyService.OnPowerEvent(PowerBroadcastStatus powerStatus) at System.ServiceProcess.ServiceBase.DeferredPowerEvent(Int32 eventType, IntPtr eventData). System errors: ============= Error: (11/09/2019 06:48:36 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: The Dell Digital Delivery Service service terminated unexpectedly. It has done this 1 time(s). Error: (11/09/2019 06:42:32 PM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY) Description: DCOM got error "1115" attempting to start the service wuauserv with arguments "Unavailable" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334} Error: (11/09/2019 06:42:32 PM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY) Description: DCOM got error "1115" attempting to start the service wuauserv with arguments "Unavailable" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334} Error: (11/09/2019 06:29:18 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: The Dell Digital Delivery Service service terminated unexpectedly. It has done this 1 time(s). Error: (11/08/2019 09:56:57 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY) Description: Installation Failure: Windows failed to install the following update with error 0x80073d02: 9WZDNCRFJ364-MICROSOFT.SKYPEAPP. Error: (11/08/2019 09:52:18 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY) Description: Installation Failure: Windows failed to install the following update with error 0x80070103: Synaptics - Mouse - 9/19/2018 12:00:00 AM - 19.2.17.70. Error: (11/08/2019 02:16:42 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: The Dell Digital Delivery Service service terminated unexpectedly. It has done this 1 time(s). Error: (11/08/2019 02:09:55 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY) Description: WLAN Extensibility Module has stopped unexpectedly. Module Path: C:\WINDOWS\System32\IWMSSvc.dll Windows Defender: =================================== Date: 2019-11-08 22:48:11.361 Description: 在完成前停止了 Windows Defender 防病毒程序 扫描。 扫描 ID: {BF1F65BF-290A-454B-873C-C032A0894779} 扫描类型: 反恶意软件 扫描参数: 快速扫描 用户: NT AUTHORITY\SYSTEM Date: 2019-11-07 22:15:38.207 Description: 在完成前停止了 Windows Defender 防病毒程序 扫描。 扫描 ID: {4BEE4B11-4995-4C7D-BD71-0C9F0F365097} 扫描类型: 反恶意软件 扫描参数: 快速扫描 用户: NT AUTHORITY\SYSTEM Date: 2019-11-07 22:05:34.886 Description: 在完成前停止了 Windows Defender 防病毒程序 扫描。 扫描 ID: {AF8A11B1-CB46-449D-B57E-D6AE6A2ED4A8} 扫描类型: 反恶意软件 扫描参数: 快速扫描 用户: NT AUTHORITY\SYSTEM Date: 2019-11-06 23:56:13.176 Description: Windows Defender 防病毒程序 检测到恶意软件或其他可能不需要的软件。 有关详细信息,请参阅以下内容: https://go.microsoft.com/fwlink/?linkid=37020&name=Ransom:Win32/STOP.BS!MTB&threatid=2147743901&enterprise=0 名称: Ransom:Win32/STOP.BS!MTB ID: 2147743901 严重性: Severe 类别: Ransomware 路径: file:_C:\Users\anime\AppData\Local\1799b3a5-159f-4a93-af0d-7c140311156e\tbvgrfced.exe; file:_C:\WINDOWS\System32\Tasks\Time Trigger Task->(UTF-16LE); regkey:_HKCU@S-1-5-21-237224756-2638106951-3263937477-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\\SysHelper; regkey:_HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{67F7A9B4-DEDF-4403-AE0B-2F7DE9BB191C}; regkey:_HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Time Trigger Task; runkey:_HKCU@S-1-5-21-237224756-2638106951-3263937477-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\\SysHelper; taskscheduler:_C:\WINDOWS\System32\Tasks\Time Trigger Task 检测起源: 本地计算机 检测类型: 快速路径 检测源: 实时保护 用户: DESKTOP-E1SJRSE\anime 进程名称: C:\Windows\System32\svchost.exe 安全智能版本: AV: 1.305.1513.0, AS: 1.305.1513.0, NIS: 1.305.1513.0 引擎版本: AM: 1.1.16500.1, NIS: 1.1.16500.1 Date: 2019-11-06 23:54:05.722 Description: Windows Defender 防病毒程序 检测到恶意软件或其他可能不需要的软件。 有关详细信息,请参阅以下内容: https://go.microsoft.com/fwlink/?linkid=37020&name=Ransom:Win32/STOP.BS!MTB&threatid=2147743901&enterprise=0 名称: Ransom:Win32/STOP.BS!MTB ID: 2147743901 严重性: Severe 类别: Ransomware 路径: file:_C:\Users\anime\AppData\Local\1799b3a5-159f-4a93-af0d-7c140311156e\tbvgrfced.exe 检测起源: 本地计算机 检测类型: 快速路径 检测源: 实时保护 用户: DESKTOP-E1SJRSE\anime 进程名称: C:\Windows\System32\svchost.exe 安全智能版本: AV: 1.305.1513.0, AS: 1.305.1513.0, NIS: 1.305.1513.0 引擎版本: AM: 1.1.16500.1, NIS: 1.1.16500.1 Date: 2019-11-09 18:42:28.744 Description: Windows Defender 防病毒程序 尝试更新安全智能时遇到错误。 新安全智能版本: 以前的安全智能版本: 1.305.1619.0 更新源: Microsoft 更新服务器 安全智能类型: 防病毒 更新类型: 完全 用户: NT AUTHORITY\SYSTEM 当前引擎版本: 上一个引擎版本: 1.1.16500.1 错误代码: 0x80240022 错误说明: The program can't check for definition updates. Date: 2019-11-09 18:42:28.732 Description: Windows Defender 防病毒程序 尝试更新安全智能时遇到错误。 新安全智能版本: 以前的安全智能版本: 1.305.1619.0 更新源: Microsoft 更新服务器 安全智能类型: 防病毒 更新类型: 完全 用户: NT AUTHORITY\SYSTEM 当前引擎版本: 上一个引擎版本: 1.1.16500.1 错误代码: 0x80240022 错误说明: The program can't check for definition updates. Date: 2019-11-02 19:23:30.795 Description: Windows Defender 防病毒程序 尝试更新安全智能时遇到错误。 新安全智能版本: 以前的安全智能版本: 1.305.1222.0 更新源: Microsoft 恶意软件防护中心 安全智能类型: 防病毒 更新类型: 完全 用户: NT AUTHORITY\NETWORK SERVICE 当前引擎版本: 上一个引擎版本: 1.1.16500.1 错误代码: 0x8050a003 错误说明: This package does not contain up-to-date definition files for this program. For more information, see Help and Support. Date: 2019-11-02 19:23:30.794 Description: Windows Defender 防病毒程序 尝试更新安全智能时遇到错误。 新安全智能版本: 以前的安全智能版本: 1.305.1222.0 更新源: Microsoft 恶意软件防护中心 安全智能类型: 反间谍软件 更新类型: 完全 用户: NT AUTHORITY\NETWORK SERVICE 当前引擎版本: 上一个引擎版本: 1.1.16500.1 错误代码: 0x8050a003 错误说明: This package does not contain up-to-date definition files for this program. For more information, see Help and Support. Date: 2019-11-02 19:23:30.794 Description: Windows Defender 防病毒程序 尝试更新安全智能时遇到错误。 新安全智能版本: 以前的安全智能版本: 1.305.1222.0 更新源: Microsoft 恶意软件防护中心 安全智能类型: 防病毒 更新类型: 完全 用户: NT AUTHORITY\NETWORK SERVICE 当前引擎版本: 上一个引擎版本: 1.1.16500.1 错误代码: 0x8050a003 错误说明: This package does not contain up-to-date definition files for this program. For more information, see Help and Support. CodeIntegrity: =================================== Date: 2019-11-08 14:30:47.924 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2019-11-08 14:30:43.030 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2019-11-08 14:30:38.824 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2019-11-08 14:30:33.367 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2019-11-08 14:30:30.622 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2019-11-08 14:30:17.183 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2019-11-08 14:27:12.556 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2019-11-08 14:24:37.571 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. ==================== Memory info =========================== BIOS: Dell Inc. 1.7.0 05/16/2018 Motherboard: Dell Inc. Processor: Intel(R) Core(TM) i5-6200U CPU @ 2.30GHz Percentage of memory in use: 55% Total physical RAM: 8051.56 MB Available physical RAM: 3593.69 MB Total Virtual: 9331.56 MB Available Virtual: 4099.39 MB ==================== Drives ================================ Drive c: (OS) (Fixed) (Total:453.46 GB) (Free:109.49 GB) NTFS \\?\Volume{d073ac9b-ecb3-4bde-af12-1b2e3e23491c}\ () (Fixed) (Total:0.78 GB) (Free:0.27 GB) NTFS \\?\Volume{44d4e8b1-d2fe-4442-9da2-613efc72da7f}\ (Image) (Fixed) (Total:10.91 GB) (Free:0.66 GB) NTFS \\?\Volume{750bb1bf-a234-4be7-a8cc-56e1e86ce989}\ (ESP) (Fixed) (Total:0.48 GB) (Free:0.45 GB) FAT32 ==================== MBR & Partition Table ==================== ========================================================== Disk: 0 (Size: 465.8 GB) (Disk ID: ACA86A48) Partition: GPT. ==================== End of Addition.txt =======================