Thank you so much for your respond!
Below are the scan results:
1) FRST
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:10-09-2015 01
Ran by John (administrator) on JOHN-PC (11-09-2015 16:20:27)
Running from C:\Users\John\Desktop
Loaded Profiles: John (Available Profiles: John)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 10 (Default browser: Chrome)
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
(Intel® Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
(Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe
(Lenovo (Beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\utility.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
() C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeySupport.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
(Google Inc.) C:\Users\John\AppData\Local\Google\Update\GoogleUpdate.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
() C:\Program Files (x86)\ishop\ishop\1.4.2.4\ishop.exe
(Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Lenovo MuteSync\MuteSync.exe
(CyberLink) C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe
(Lenovo) C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\BTStackServer.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\BluetoothHeadsetProxy.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MpCmdRun.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11775592 2011-01-26] (Realtek Semiconductor)
HKLM\...\Run: [IntelPAN] => C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1935120 2011-09-15] (Intel® Corporation)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2771240 2011-04-21] (Synaptics Incorporated)
HKLM\...\Run: [Lenovo EE Boot Optimizer] => C:\Program Files (x86)\Lenovo\Boot Optimizer\PopWnd.exe [114688 2012-03-05] (Lenovo)
HKLM\...\Run: [OnekeyStudio] => C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe [789920 2012-03-05] (Lenovo)
HKLM\...\Run: [Energy Management] => C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [9745312 2012-03-05] (Lenovo (Beijing) Limited)
HKLM\...\Run: [EnergyUtility] => C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe [5374880 2012-03-05] (Lenovo(beijing) Limited)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1281512 2013-01-27] (Microsoft Corporation)
HKLM-x32\...\Run: [MuteSync] => C:\Program Files (x86)\Lenovo\Lenovo MuteSync\MuteSync.exe [336384 2009-12-28] (Lenovo)
HKLM-x32\...\Run: [YouCam Mirage] => C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe [136488 2010-12-04] (CyberLink)
HKLM-x32\...\Run: [YouCam Tray] => C:\Program Files (x86)\Lenovo\YouCam\YouCam.exe [224352 2010-12-04] (CyberLink Corp.)
HKLM-x32\...\Run: [VeriFaceManager] => C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe [329056 2012-03-05] (Lenovo)
HKLM-x32\...\Run: [UpdateP2GShortCut] => C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [222504 2010-07-26] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdatePRCShortCut] => C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe [222504 2009-05-13] (CyberLink Corp.)
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-19\...\Run: [PPS Accelerator] => D:\PPS.tv\PPStream\\PPSKernel.exe
HKU\S-1-5-20\...\Run: [PPS Accelerator] => D:\PPS.tv\PPStream\\PPSKernel.exe
HKU\S-1-5-21-4069971480-3308628135-3138954169-1001\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [7930136 2015-09-10] (SUPERAntiSpyware)
HKU\S-1-5-21-4069971480-3308628135-3138954169-1001\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2012-03-05] (Google Inc.)
HKU\S-1-5-21-4069971480-3308628135-3138954169-1001\...\Run: [Google Update] => C:\Users\John\AppData\Local\Google\Update\GoogleUpdate.exe [144200 2015-08-30] (Google Inc.)
HKU\S-1-5-21-4069971480-3308628135-3138954169-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [22041192 2014-08-27] (Skype Technologies S.A.)
HKU\S-1-5-21-4069971480-3308628135-3138954169-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7063832 2014-11-21] (Piriform Ltd)
HKU\S-1-5-21-4069971480-3308628135-3138954169-1001\...\Run: [i-Shop] => C:\Program Files (x86)\ishop\ishop\1.4.2.4\ishop.exe [686080 2015-09-10] ()
HKU\S-1-5-18\...\Run: [PPS Accelerator] => D:\PPS.tv\PPStream\\PPSKernel.exe
ShellIconOverlayIdentifiers: [VeriFace Enc] -> {771C7324-DA80-49D3-8017-753B0AF60951} => C:\windows\system32\IcnOvrly.dll [2012-03-05] ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk [2012-03-05]
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Winsock: Catalog9-x64 01 C:\windows\system32\Sendori64.dll No File
Winsock: Catalog9-x64 02 C:\windows\system32\Sendori64.dll No File
Winsock: Catalog9-x64 03 C:\windows\system32\Sendori64.dll No File
Winsock: Catalog9-x64 04 C:\windows\system32\Sendori64.dll No File
Winsock: Catalog9-x64 16 C:\windows\system32\Sendori64.dll No File
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{170F098F-E077-4ADC-AD0F-7E32FA8F39CA}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{97A1B9F0-F80C-4C79-926C-BA055F9F83CC}: [DhcpNameServer] 75.75.75.75 75.75.76.76
Internet Explorer:
==================
HKU\S-1-5-21-4069971480-3308628135-3138954169-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.yahoo.com/
HKU\S-1-5-21-4069971480-3308628135-3138954169-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=LENN&bmod=LENN
URLSearchHook: HKU\S-1-5-21-4069971480-3308628135-3138954169-1001 - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
URLSearchHook: HKU\S-1-5-21-4069971480-3308628135-3138954169-1001 - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=LENDF8&pc=MALN&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=LENDF8&pc=MALN&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-4069971480-3308628135-3138954169-1001 -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7LENN_enUS481
SearchScopes: HKU\S-1-5-21-4069971480-3308628135-3138954169-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-4069971480-3308628135-3138954169-1001 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7LENN_enUS481
SearchScopes: HKU\S-1-5-21-4069971480-3308628135-3138954169-1001 -> {7FFB2E2B-038B-492E-BA02-EF781EA7ECBD} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7LENN_enUS481
SearchScopes: HKU\S-1-5-21-4069971480-3308628135-3138954169-1001 -> {C0C25CA0-78AB-4FCE-AE7B-8C8512083A11} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7LENN_enUS481
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-07-17] (Google Inc.)
BHO: McAfee SiteAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2011-08-11] (McAfee, Inc.)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-07-17] (Google Inc.)
BHO-x32: McAfee SiteAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2011-08-11] (McAfee, Inc.)
BHO-x32: °®ÆæÒÕÖúÊÖ -> {FB4F6285-4C32-49F2-950F-A5998F9CEC6C} -> D:\IQIYI Video\LStyle\Accelerator\IEHelper.dll [2015-08-04] (爱奇艺)
Toolbar: HKLM - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2011-08-11] (McAfee, Inc.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-07-17] (Google Inc.)
Toolbar: HKLM-x32 - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2011-08-11] (McAfee, Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-07-17] (Google Inc.)
Toolbar: HKU\S-1-5-21-4069971480-3308628135-3138954169-1001 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-07-17] (Google Inc.)
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2011-08-11] (McAfee, Inc.)
Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2011-08-11] (McAfee, Inc.)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2011-08-11] (McAfee, Inc.)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2011-08-11] (McAfee, Inc.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
Filter-x32: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-11-27] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-11-27] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-11-27] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-11-27] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-11-27] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-11-27] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-11-27] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-11-27] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-11-27] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-11-27] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-11-27] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-11-27] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-11-27] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-11-27] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-11-27] (Citrix Systems, Inc.)
Filter-x32: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-11-27] (Citrix Systems, Inc.)
FireFox:
========
FF ProfilePath: C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\qcqqjwwq.default
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll [2013-05-13] ( Microsoft Corporation)
FF Plugin: @pps.tv/npWebPlayer -> D:\IQIYI Video\LStyle\npWebPlayer.dll [No File]
FF Plugin-x32: @Citrix.com/npican -> C:\Program Files (x86)\Citrix\ICA Client\npicaN.dll [2014-11-27] (Citrix Systems, Inc.)
FF Plugin-x32: @mcafee.com/SAFFPlugin -> C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll [2011-08-11] (McAfee, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll [2013-05-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-09-22] (Microsoft Corporation)
FF Plugin-x32: @pps.tv/npWebPlayer -> D:\IQIYI Video\LStyle\npWebPlayer.dll [No File]
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.13\npGoogleUpdate3.dll [2015-08-29] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.13\npGoogleUpdate3.dll [2015-08-29] (Google Inc.)
FF Plugin HKU\S-1-5-21-4069971480-3308628135-3138954169-1001: @pps.tv/npWebPlayer -> D:\IQIYI Video\LStyle\npWebPlayer.dll No File
FF Plugin HKU\S-1-5-21-4069971480-3308628135-3138954169-1001: @talk.google.com/GoogleTalkPlugin -> C:\Users\John\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-04-17] (Google)
FF Plugin HKU\S-1-5-21-4069971480-3308628135-3138954169-1001: @talk.google.com/O1DPlugin -> C:\Users\John\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-04-17] (Google)
FF Plugin HKU\S-1-5-21-4069971480-3308628135-3138954169-1001: @tools.google.com/Google Update;version=3 -> C:\Users\John\AppData\Local\Google\Update\1.3.28.13\npGoogleUpdate3.dll [2015-08-30] (Google Inc.)
FF Plugin HKU\S-1-5-21-4069971480-3308628135-3138954169-1001: @tools.google.com/Google Update;version=9 -> C:\Users\John\AppData\Local\Google\Update\1.3.28.13\npGoogleUpdate3.dll [2015-08-30] (Google Inc.)
FF Plugin HKU\S-1-5-21-4069971480-3308628135-3138954169-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\John\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2014-12-05] (Unity Technologies ApS)
FF Plugin ProgramFiles/Appdata: C:\Users\John\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2015-04-17] (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\John\AppData\Roaming\mozilla\plugins\npo1d.dll [2015-04-17] (Google)
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor
FF Extension: McAfee SiteAdvisor - C:\Program Files (x86)\McAfee\SiteAdvisor [2012-03-05]
Chrome:
=======
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR Profile: C:\Users\John\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-09-10]
CHR Extension: (Google Drive) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-09-10]
CHR Extension: (YouTube) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-10]
CHR Extension: (Google Search) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-09-10]
CHR Extension: (SiteAdvisor) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2015-09-10]
CHR Extension: (Google Docs Offline) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-09-10]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-09-10]
CHR Extension: (Chrome Web Store Payments) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-09-10]
CHR Extension: (Gmail) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-09-10]
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2012-04-24]
CHR HKLM-x32\...\Chrome\Extension: [nllafhekklanfkimibokomlmidmcmaoi] - C:\Users\John\AppData\Local\Shopping Sidekick\Chrome\Shopping Sidekick.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [ogccgbmabaphcakpiclgcnmcnimhokcj] - C:\Windows\SysWOW64\jmdp\SweetNT.crx <not found>
==================== Services (Whitelisted) ========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2015-09-10] (SUPERAntiSpyware.com)
R2 btwdins; C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe [953632 2010-12-14] (Broadcom Corporation.)
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe [89840 2015-03-28] (Hewlett-Packard Company)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-06-18] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22056 2013-01-27] (Microsoft Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2011-09-15] ()
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [379360 2013-01-27] (Microsoft Corporation)
S4 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S2 McAfee SiteAdvisor Service; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [X]
===================== Drivers (Whitelisted) ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\windows\system32\drivers\MBAMSwissArmy.sys [113880 2015-09-11] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\windows\system32\drivers\mwac.sys [63704 2015-06-18] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [230320 2013-01-20] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [130008 2013-01-20] (Microsoft Corporation)
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [27520 2007-05-14] (Research In Motion Limited)
R3 rtsuvc; C:\Windows\System32\DRIVERS\rtsuvc.sys [8200552 2010-09-27] (Realtek Semiconductor Corp.)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
U3 BcmSqlStartupSvc; no ImagePath
U2 CLKMSVC10_3A60B698; no ImagePath
U2 CLKMSVC10_C3B3B687; no ImagePath
U2 DriverService; no ImagePath
U2 IAStorDataMgrSvc; no ImagePath
U2 iATAgentService; no ImagePath
U2 idealife Update Service; no ImagePath
U3 IGRS; no ImagePath
U2 IviRegMgr; no ImagePath
U2 nvUpdatusService; no ImagePath
U2 Oasis2Service; no ImagePath
U2 PCCarerService; no ImagePath
U2 ReadyComm.DirectRouter; no ImagePath
U2 RichVideo; no ImagePath
U2 RtLedService; no ImagePath
U2 SeaPort; no ImagePath
U2 SoftwareService; no ImagePath
U3 SQLWriter; no ImagePath
U2 Stereo Service; no ImagePath
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-09-11 16:20 - 2015-09-11 16:20 - 00025854 _____ C:\Users\John\Desktop\FRST.txt
2015-09-11 16:20 - 2015-09-11 16:20 - 00000000 ____D C:\FRST
2015-09-11 16:19 - 2015-09-11 16:19 - 02190848 _____ (Farbar) C:\Users\John\Desktop\FRST64.exe
2015-09-10 22:34 - 2015-09-10 22:34 - 00000336 _____ C:\windows\Tasks\i-Shop Updater.job
2015-09-10 22:27 - 2015-09-10 22:27 - 00002259 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-09-10 22:27 - 2015-09-10 22:27 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-09-10 22:21 - 2015-09-10 22:21 - 00000000 ____D C:\Users\John\AppData\Local\Deployment
2015-09-10 22:21 - 2015-09-10 22:21 - 00000000 ____D C:\Users\John\AppData\Local\Apps\2.0
2015-09-10 21:39 - 2015-09-11 16:05 - 00113880 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2015-09-10 21:39 - 2015-09-10 21:39 - 00001106 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-09-10 21:39 - 2015-09-10 21:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-09-10 21:39 - 2015-09-10 21:39 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-09-10 21:39 - 2015-09-10 21:39 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-09-10 21:39 - 2015-06-18 08:41 - 00109272 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2015-09-10 21:39 - 2015-06-18 08:41 - 00063704 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys
2015-09-10 21:39 - 2015-06-18 08:41 - 00025816 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys
2015-09-10 21:34 - 2015-09-10 21:39 - 24345872 _____ (Malwarebytes Corporation ) C:\Users\John\Downloads\mbam-setup-2.1.8.1057.exe
2015-09-10 20:19 - 2015-09-10 20:19 - 00003542 _____ C:\windows\System32\Tasks\i-Shop Updater
2015-09-10 20:19 - 2015-09-10 20:19 - 00000000 ____D C:\Program Files (x86)\ishop
2015-09-10 20:17 - 2015-09-10 20:28 - 00000000 ____D C:\Users\John\AppData\Local\Mozilla
2015-09-10 20:14 - 2015-09-10 20:14 - 00242752 _____ C:\Users\John\Downloads\Firefox Setup Stub 40.0.3.exe
2015-09-10 19:39 - 2015-09-10 19:39 - 00000000 ____D C:\SUPERDelete
2015-09-10 19:24 - 2015-09-11 16:04 - 00001258 _____ C:\windows\setupact.log
2015-09-10 19:24 - 2015-09-10 19:24 - 00000000 _____ C:\windows\setuperr.log
2015-09-10 18:34 - 2015-09-10 18:34 - 00001363 _____ C:\windows\WindowsUpdate.log
2015-09-03 19:09 - 2015-09-04 17:32 - 00000000 ____D C:\Users\John\AppData\Local\Windows Live
2015-08-29 08:25 - 2015-09-11 02:46 - 00219986 _____ C:\windows\PFRO.log
2015-08-19 22:19 - 2015-08-19 22:19 - 00000000 _____ C:\windows\SysWOW64\sho15A3.tmp
2015-08-14 21:50 - 2015-08-14 21:50 - 01546880 _____ C:\Users\John\Downloads\PCKeeper Installer.exe
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-09-11 16:15 - 2012-10-28 19:41 - 00000000 ____D C:\Users\John\AppData\Roaming\Skype
2015-09-11 16:12 - 2009-07-14 00:45 - 00021280 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-09-11 16:12 - 2009-07-14 00:45 - 00021280 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-09-11 16:10 - 2009-07-14 01:13 - 00780196 _____ C:\windows\system32\PerfStringBackup.INI
2015-09-11 16:05 - 2012-03-05 10:49 - 07682781 _____ C:\FaceProv.log
2015-09-11 16:05 - 2012-03-05 10:49 - 00000000 ____D C:\ProgramData\VeriFace
2015-09-11 16:05 - 2012-03-05 10:43 - 00431316 _____ C:\windows\system32\fastboot.set
2015-09-11 16:04 - 2009-07-14 01:08 - 00032640 _____ C:\windows\Tasks\SCHEDLGU.TXT
2015-09-11 16:04 - 2009-07-14 01:08 - 00000006 ____H C:\windows\Tasks\SA.DAT
2015-09-11 03:26 - 2012-04-24 20:48 - 00000000 ____D C:\Users\John\AppData\Local\Google
2015-09-11 03:19 - 2012-08-26 17:30 - 00000104 _____ C:\ProgramData\SWAPPINFO.ini
2015-09-10 22:27 - 2012-03-05 10:56 - 00000000 ____D C:\Program Files (x86)\Google
2015-09-10 22:23 - 2012-10-28 19:22 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-09-10 22:08 - 2013-10-31 22:17 - 00000000 ____D C:\Users\John\AppData\Local\NativeMessaging
2015-09-10 22:08 - 2012-10-28 19:22 - 00000000 ____D C:\windows\SysWOW64\WNLT
2015-09-10 21:50 - 2013-01-30 07:13 - 00000000 ____D C:\windows\SysWOW64\ARFC
2015-09-10 21:32 - 2014-01-28 20:20 - 00000904 _____ C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4069971480-3308628135-3138954169-1001UA.job
2015-09-10 21:26 - 2012-03-05 10:56 - 00000898 _____ C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-09-10 20:17 - 2012-10-28 19:23 - 00000000 ____D C:\Users\John\AppData\Roaming\mozilla
2015-09-10 20:08 - 2015-03-19 18:58 - 00000000 ____D C:\qycache
2015-09-10 20:08 - 2012-03-05 10:56 - 00000894 _____ C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-09-10 19:54 - 2013-11-16 16:51 - 00000000 ____D C:\Users\John\AppData\Local\WhiteListing
2015-09-10 19:44 - 2014-07-17 14:02 - 00000000 ____D C:\Users\John\AppData\Roaming\PPSGame
2015-09-10 19:44 - 2013-07-14 19:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PPStream
2015-09-10 19:41 - 2012-04-24 20:39 - 00001122 _____ C:\Users\John\Desktop\Cyberlink Power2Go.lnk
2015-09-10 19:29 - 2012-08-22 19:03 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2015-09-09 22:32 - 2014-01-28 20:20 - 00000852 _____ C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4069971480-3308628135-3138954169-1001Core.job
2015-09-08 21:58 - 2012-10-03 15:31 - 00000000 ____D C:\Users\John\Documents\Youcam
2015-09-06 07:17 - 2014-07-13 09:41 - 00000000 ____D C:\Users\John\AppData\Roaming\SoftGrid Client
2015-08-30 22:27 - 2014-01-28 20:20 - 00003876 _____ C:\windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-4069971480-3308628135-3138954169-1001UA
2015-08-30 22:27 - 2014-01-28 20:20 - 00003480 _____ C:\windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-4069971480-3308628135-3138954169-1001Core
2015-08-29 22:21 - 2012-03-05 10:56 - 00003894 _____ C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-08-29 22:21 - 2012-03-05 10:56 - 00003642 _____ C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-08-28 01:42 - 2015-03-17 22:34 - 00001266 _____ C:\Users\John\Desktop\全网影视.lnk
2015-08-28 01:42 - 2014-08-19 20:38 - 00001690 _____ C:\Users\John\Desktop\爱奇艺PPS 影音.lnk
2015-08-28 01:40 - 2014-10-17 15:16 - 00000000 ____D C:\Users\John\AppData\Roaming\ppslog
==================== Files in the root of some directories =======
2013-07-14 19:09 - 2013-07-14 19:09 - 0000037 _____ () C:\Users\John\AppData\Roaming\psnetwork.ini
2013-10-16 05:01 - 2013-10-16 05:01 - 0001567 _____ () C:\Users\John\AppData\Local\PDLSetup.20131016.050141.txt
2013-10-16 05:06 - 2013-10-16 05:06 - 0001567 _____ () C:\Users\John\AppData\Local\PDLSetup.20131016.050636.txt
2014-02-18 21:52 - 2014-02-18 21:52 - 0001541 _____ () C:\Users\John\AppData\Local\PDLSetup.20140218.205241.txt
2014-04-12 20:19 - 2014-04-14 16:44 - 0000298 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
2012-08-26 17:30 - 2015-09-11 03:19 - 0000104 _____ () C:\ProgramData\SWAPPINFO.ini
Some files in TEMP:
====================
C:\Users\John\AppData\Local\Temp\p158_B173.exe
C:\Users\John\AppData\Local\Temp\QYAgent_runxx.dl.dll
C:\Users\John\AppData\Local\Temp\_B173.exe
==================== Bamital & volsnap =================
(There is no automatic fix for files that do not pass verification.)
C:\windows\system32\winlogon.exe => File is digitally signed
C:\windows\system32\wininit.exe => File is digitally signed
C:\windows\SysWOW64\wininit.exe => File is digitally signed
C:\windows\explorer.exe => File is digitally signed
C:\windows\SysWOW64\explorer.exe => File is digitally signed
C:\windows\system32\svchost.exe => File is digitally signed
C:\windows\SysWOW64\svchost.exe => File is digitally signed
C:\windows\system32\services.exe => File is digitally signed
C:\windows\system32\User32.dll => File is digitally signed
C:\windows\SysWOW64\User32.dll => File is digitally signed
C:\windows\system32\userinit.exe => File is digitally signed
C:\windows\SysWOW64\userinit.exe => File is digitally signed
C:\windows\system32\rpcss.dll => File is digitally signed
C:\windows\system32\dnsapi.dll => File is digitally signed
C:\windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-09-06 13:54
==================== End of FRST.txt ============================
1) Addition
Additional scan result of Farbar Recovery Scan Tool (x64) Version:10-09-2015 01
Ran by John (2015-09-11 16:20:51)
Running from C:\Users\John\Desktop
Windows 7 Home Premium Service Pack 1 (X64) (2012-04-25 00:39:17)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-4069971480-3308628135-3138954169-500 - Administrator - Disabled)
Guest (S-1-5-21-4069971480-3308628135-3138954169-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-4069971480-3308628135-3138954169-1002 - Limited - Enabled)
John (S-1-5-21-4069971480-3308628135-3138954169-1001 - Administrator - Enabled) => C:\Users\John
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Microsoft Security Essentials (Enabled - Up to date) {3F839487-C7A2-C958-E30C-E2825BA31FB5}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Microsoft Security Essentials (Enabled - Up to date) {84E27563-E198-C6D6-D9BC-D9F020245508}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
CCleaner (HKLM\...\CCleaner) (Version: 5.00 - Piriform)
Citrix Desktop (HKU\S-1-5-21-4069971480-3308628135-3138954169-1001\...\store-5c0ec3f7@@Citrix.MPS.Desktop.Farm 1.XD FTL Dedicated:Citrix Desktop $P5254) (Version: 1.0 - Delivered by Citrix)
Citrix Receiver (HKLM-x32\...\CitrixOnlinePluginPackWeb) (Version: 14.2.0.10 - Citrix Systems, Inc.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Energy Management (HKLM-x32\...\InstallShield_{D0956C11-0F60-43FE-99AD-524E833471BB}) (Version: 6.0.1.6 - Lenovo)
Energy Management (x32 Version: 6.0.1.6 - Lenovo) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 45.0.2454.85 - Google Inc.)
Google Talk Plugin (HKLM-x32\...\{CA3DD97D-1FD7-37A7-BD5C-FC4430C8B8E6}) (Version: 5.41.2.0 - Google)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.6710.2136 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.28.13 - Google Inc.) Hidden
HP Support Solutions Framework (HKLM-x32\...\{FC3C2B77-6800-48C6-A15D-9D1031130C16}) (Version: 11.51.0049 - Hewlett-Packard Company)
Intel PROSet Wireless (x32 Version: - ) Hidden
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1118 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2538 - Intel Corporation)
Intel® PROSet/Wireless WiFi Software (HKLM\...\{295AEB79-B53A-4F1B-860F-7800BB7E3681}) (Version: 14.2.1000 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.1.5.1001 - Intel Corporation)
Intel® Wireless Display (HKLM\...\{28EF7372-9087-4AC3-9B9F-D9751FCDF830}) (Version: - )
Intel® Wireless Display (HKLM-x32\...\{F84906ED-BB54-4889-B131-FED9C9056FC8}) (Version: 2.0.27.0 - Intel Corporation)
i-Shop (HKU\S-1-5-21-4069971480-3308628135-3138954169-1001\...\ishop) (Version: - ishop)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Lenovo Bluetooth with Enhanced Data Rate Software (HKLM\...\{436E0B79-2CFB-4E5F-9380-E17C1B25D0C5}) (Version: 6.3.0.7400 - Broadcom Corporation)
Lenovo EasyCamera (HKLM-x32\...\{E0A7ED39-8CD6-4351-93C3-69CCA00D12B4}) (Version: 6.1.7600.0083 - Realtek Semiconductor Corp.)
Lenovo EE Boot Optimizer (HKLM\...\Lenovo EE Boot Optimizer) (Version: 0.0.1.5 - Lenovo)
Lenovo Games Console (HKLM-x32\...\Lenovo Games Console) (Version: 1.2.6.436 - Oberon Media Inc.)
Lenovo MuteSync (HKLM-x32\...\InstallShield_{C39EF9B4-0C4F-4D48-8665-8FD45BFF3961}) (Version: 1.0.0.3 - Lenovo)
Lenovo MuteSync (x32 Version: 1.0.0.3 - Lenovo) Hidden
Lenovo OneKey Recovery (HKLM-x32\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 7.0.1628 - CyberLink Corp.)
Lenovo OneKey Recovery (Version: 7.0.1628 - CyberLink Corp.) Hidden
Lenovo YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.1.3603 - CyberLink Corp.)
Lenovo YouCam (x32 Version: 3.1.3603 - CyberLink Corp.) Hidden
Malwarebytes Anti-Malware version 2.1.8.1057 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (HKLM-x32\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Starter 2010 - English (HKLM-x32\...\{90140011-0066-0409-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.2.223.1 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.20513.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Onekey Theater (HKLM-x32\...\InstallShield_{D4B060B9-AD4A-4152-9D99-28B93C615AFE}) (Version: 2.0.2.8 - Lenovo)
Onekey Theater (x32 Version: 2.0.2.8 - Lenovo) Hidden
Online Plug-in (x32 Version: 14.2.0.10 - Citrix Systems, Inc.) Hidden
ooVoo (HKLM-x32\...\{FAA7F8FF-3C05-4A61-8F14-D8A6E9ED6623}) (Version: 2.2.4.25 - ooVoo LLC.)
Power2Go (HKLM-x32\...\{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 5.6.0.7303 - CyberLink Corp.)
Qlik Sense DemoApps (Version: 1.0.1.0 - QlikTech International AB) Hidden
Qlik Sense Desktop (HKU\S-1-5-21-4069971480-3308628135-3138954169-1001\...\{209cb214-bf13-4fbe-ba78-3cb7ae829cc4}) (Version: 1.0.1.0 - QlikTech International AB)
Qlik Sense Desktop (Version: 1.0.1.0 - QlikTech International AB) Hidden
Realtek Ethernet Controller Driver For Windows 7 (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.23.623.2010 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6301 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Reader Driver (HKLM-x32\...\{62BBB2F0-E220-4821-A564-730807D2C34D}) (Version: 6.1.7601.39015 - Realtek Semiconductor Corp.)
Self-service Plug-in (x32 Version: 4.2.0.2495 - Citrix Systems, Inc.) Hidden
Sendori (HKLM-x32\...\Sendori) (Version: 2.0.19 - Sendori, Inc.) <==== ATTENTION
Shopping Sidekick (HKLM-x32\...\Shopping Sidekick) (Version: 1.24.151.151 - 215 Apps)
Skype 6.20 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.20.104 - Skype Technologies S.A.)
SRS Premium Sound Control Panel (HKLM\...\{F3C66EC8-2F33-452D-9CFF-E8C886B3ECC4}) (Version: 1.11.0000 - SRS Labs, Inc.)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 5.5.1012 - SUPERAntiSpyware.com)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.3.2.0 - Synaptics Incorporated)
TurboTax 2013 (HKLM-x32\...\TurboTax 2013) (Version: 2013.0 - Intuit, Inc)
Unity Web Player (HKU\S-1-5-21-4069971480-3308628135-3138954169-1001\...\UnityWebPlayer) (Version: 4.6.1f1 - Unity Technologies ApS)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
UserGuide (HKLM-x32\...\InstallShield_{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}) (Version: 1.0.0.6 - Lenovo)
UserGuide (x32 Version: 1.0.0.6 - Lenovo) Hidden
VeriFace (HKLM-x32\...\VeriFace) (Version: 4.0.1.0126 - Lenovo)
Windows Driver Package - Lenovo (ACPIVPC) System (12/02/2010 6.1.0.1) (HKLM\...\EA12B1FB53CE4E387C31A85236C41EF559B5E392) (Version: 12/02/2010 6.1.0.1 - Lenovo)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3502.0922 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
小蒙恬 (HKLM-x32\...\{F7D53B02-2C51-4CF5-9A51-F7A6D658EA5A}) (Version: 7.2 - 蒙恬科技)
爱奇艺万能播放器 (HKLM-x32\...\GeePlayer) (Version: 1.5.12.1411 - 爱奇艺)
爱奇艺影音 (HKLM-x32\...\IQIYI Video) (Version: - 爱奇艺)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-4069971480-3308628135-3138954169-1001_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\John\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-4069971480-3308628135-3138954169-1001_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\John\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-4069971480-3308628135-3138954169-1001_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\John\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-4069971480-3308628135-3138954169-1001_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Users\John\AppData\Local\Google\Update\1.3.28.1\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-4069971480-3308628135-3138954169-1001_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}\InprocServer32 -> C:\Users\John\AppData\Local\Google\Update\1.3.28.13\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-4069971480-3308628135-3138954169-1001_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\John\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-4069971480-3308628135-3138954169-1001_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\John\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-4069971480-3308628135-3138954169-1001_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\John\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-4069971480-3308628135-3138954169-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\John\AppData\Local\Google\Update\1.3.28.13\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-4069971480-3308628135-3138954169-1001_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\John\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File
==================== Restore Points =========================
01-08-2015 09:35:51 Scheduled Checkpoint
10-08-2015 13:17:35 Scheduled Checkpoint
30-08-2015 11:53:50 Scheduled Checkpoint
06-09-2015 14:01:23 Scheduled Checkpoint
==================== Hosts content: ===============================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-13 22:34 - 2009-06-10 17:00 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {162911A7-2ADD-44A8-A581-E84D09871AA9} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-4069971480-3308628135-3138954169-1001UA => C:\Users\John\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
Task: {1BD69E0A-8BD6-4A72-89B7-C566531BE531} - \Cawlez -> No File <==== ATTENTION
Task: {1D873FBC-402C-4C23-BDEE-41A94CBEC2D9} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {2846A99B-BB37-4F9A-9A94-17F068860B1F} - System32\Tasks\i-Shop Updater => Wscript.exe //B "C:\Program Files (x86)\ishop\ishop\1.4.2.4\..\updt.js"
Task: {544556CB-F1AE-47A7-803B-617321294FA3} - System32\Tasks\MirageAgent => C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe [2010-12-04] (CyberLink)
Task: {5975204B-5414-401F-81A4-D7C5C462B4DC} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {89ED4089-35F6-4021-A3F2-71DD3E72D8A9} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-11-21] (Piriform Ltd)
Task: {A837A95E-C7B5-44F9-9708-2D3D444FDB97} - System32\Tasks\{4A695FDE-7813-44B5-B286-369FF0F9071B} => pcalua.exe -a F:\SETUP.EXE -d F:\
Task: {D395164F-864C-42FD-B2AB-43279A9DC7FC} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-4069971480-3308628135-3138954169-1001Core => C:\Users\John\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
Task: {E6DF26AC-5426-4EE1-B027-136EEF38AE6E} - System32\Tasks\PPSProtect => D:\PPS.tv\PPStream\PPSProtect.exe
Task: {F7F23992-853B-4C8B-9F1B-C3F08DF8A264} - System32\Tasks\MobProtect => D:\IQIYI Video\LStyle\MobProtect.exe
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4069971480-3308628135-3138954169-1001Core.job => C:\Users\John\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4069971480-3308628135-3138954169-1001UA.job => C:\Users\John\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\i-Shop Updater.job => Wscript.exe </B C:\Program Files (x86)\ishop\ishop\1.4.2.4\..\updt.js
==================== Loaded Modules (Whitelisted) ==============
2011-09-15 13:46 - 2011-09-15 13:46 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\Libeay32.dll
2011-02-16 13:56 - 2011-02-16 13:56 - 00202144 _____ () C:\Program Files (x86)\Lenovo\Onekey Theater\ActiveDetect64.dll
2011-02-16 14:01 - 2011-02-16 14:01 - 00156576 _____ () C:\Program Files (x86)\Lenovo\Onekey Theater\WindowsApiHookDll64.dll
2012-03-05 10:49 - 2012-03-05 10:49 - 01508192 _____ () C:\windows\system32\IcnOvrly.dll
2010-12-14 14:05 - 2010-12-14 14:05 - 00173856 _____ () C:\Program Files\Lenovo\Bluetooth Software\btkeyind.dll
2012-03-05 10:49 - 2012-03-05 10:49 - 00628064 _____ () C:\windows\system32\SimpleExt.dll
2011-11-03 01:32 - 2011-09-25 12:36 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2011-09-15 13:46 - 2011-09-15 13:46 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\LIBEAY32.dll
2008-12-19 23:20 - 2012-03-05 11:00 - 00054088 _____ () C:\Program Files (x86)\Lenovo\Energy Management\HookLib.dll
2008-12-19 23:20 - 2012-03-05 11:00 - 00054088 _____ () C:\Program Files (x86)\Lenovo\Energy Management\kbdhook.dll
2012-03-05 10:47 - 2012-03-05 10:47 - 00100256 _____ () C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeySupport.exe
2015-09-10 20:19 - 2015-09-10 20:19 - 00686080 _____ () C:\Program Files (x86)\ishop\ishop\1.4.2.4\ishop.exe
2011-02-16 13:51 - 2011-02-16 13:51 - 00161696 _____ () C:\Program Files (x86)\Lenovo\Onekey Theater\ActiveDetect32.dll
2011-02-16 13:53 - 2011-02-16 13:53 - 00133024 _____ () C:\Program Files (x86)\Lenovo\Onekey Theater\WindowsApiHookDll32.dll
2012-03-05 10:49 - 2012-03-05 10:49 - 00013664 _____ () C:\Program Files (x86)\Lenovo\VeriFace\ChooseLang.dll
2015-09-10 22:27 - 2015-08-27 20:17 - 01501512 _____ () C:\Program Files (x86)\Google\Chrome\Application\45.0.2454.85\libglesv2.dll
2015-09-10 22:27 - 2015-08-27 20:17 - 00081224 _____ () C:\Program Files (x86)\Google\Chrome\Application\45.0.2454.85\libegl.dll
2015-09-10 22:27 - 2015-08-27 20:17 - 16393032 _____ () C:\Program Files (x86)\Google\Chrome\Application\45.0.2454.85\PepperFlash\pepflashplayer.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\sndappv2 => ""="service"
==================== EXE Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-4069971480-3308628135-3138954169-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\John\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 75.75.75.75 - 75.75.76.76
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
MSCONFIG\startupfolder: C:^Users^John^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Citrix Receiver.lnk => C:\windows\pss\Citrix Receiver.lnk.Startup
MSCONFIG\startupfolder: C:^Users^John^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^爱奇艺PPS影音.lnk => C:\windows\pss\爱奇艺PPS影音.lnk.Startup
MSCONFIG\startupreg: CitrixReceiver => "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Citrix\Receiver Updater.lnk"
MSCONFIG\startupreg: ConnectionCenter => "C:\Program Files (x86)\Citrix\ICA Client\concentr.exe" /startup
MSCONFIG\startupreg: HCDNClient => "D:\IQIYI Video\Common\HCDNClient.exe" -shell_start
MSCONFIG\startupreg: PPSDynamicDesktop => D:\PPS.tv\PPSGame\PPSDynamicDesktop.exe
MSCONFIG\startupreg: QyKernel => D:\IQIYI Video\Common\QyKernel.exe
MSCONFIG\startupreg: Redirector => "C:\Program Files (x86)\Citrix\ICA Client\redirector.exe" /startup
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [{2EC7D9F6-F820-48CD-B39E-A7FBC50BC4D0}] => (Allow) C:\Program Files (x86)\Intel Corporation\Intel Wireless Display\WiDiApp.exe
FirewallRules: [{2D07C1ED-B2C6-4657-B081-A3F17033D925}] => (Allow) C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe
FirewallRules: [{D5C94779-D7F8-4CD9-AEE5-C32224C64DA3}] => (Allow) C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe
FirewallRules: [{CBA3FB37-E4DA-4D94-A052-444D8F9C2CE9}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{B5817979-361A-4745-8454-770107BC2106}] => (Allow) LPort=2869
FirewallRules: [{B433CD7E-2515-4EB8-A48E-F996ECD89A86}] => (Allow) LPort=1900
FirewallRules: [{7D6269D5-ADAD-4E31-B23A-E64F4C3100F0}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{7A9D8E52-516D-4A4A-9268-F277C793EC91}] => (Allow) C:\Program Files (x86)\Windows Live\Mesh\MOE.exe
FirewallRules: [TCP Query User{078772BC-6C80-49C7-952C-445F023BB0A6}C:\program files (x86)\oovoo\oovoo.exe] => (Allow) C:\program files (x86)\oovoo\oovoo.exe
FirewallRules: [UDP Query User{DDD00466-1FFE-4082-B3D4-4EE2D4D0FFBA}C:\program files (x86)\oovoo\oovoo.exe] => (Allow) C:\program files (x86)\oovoo\oovoo.exe
FirewallRules: [TCP Query User{790E5BA2-8A75-459B-B554-C616E6EEC58A}C:\program files (x86)\oovoo\oovoo.exe] => (Block) C:\program files (x86)\oovoo\oovoo.exe
FirewallRules: [UDP Query User{EF3073BD-AEBB-4823-9C04-EB2AD0EC0956}C:\program files (x86)\oovoo\oovoo.exe] => (Block) C:\program files (x86)\oovoo\oovoo.exe
FirewallRules: [{6502A973-BCCC-49DE-91AE-EF9939522800}] => (Allow) C:\Windows\System32\dmwu.exe
FirewallRules: [{EDEB2CF8-8244-4777-86E3-3E0EAE51ECBB}] => (Allow) C:\Windows\System32\dmwu.exe
FirewallRules: [{D28AE547-9DB0-4FB2-8D02-3919BF4DE8DF}] => (Allow) C:\Windows\System32\ARFC\wrtc.exe
FirewallRules: [{32D917C7-E24B-4CD0-90CC-F0EA2A992576}] => (Allow) C:\Windows\System32\ARFC\wrtc.exe
FirewallRules: [{19530CCE-5E04-455F-AE81-053A0665588E}] => (Allow) C:\Windows\System32\dmwu.exe
FirewallRules: [{6A56AB65-B8E4-4F21-BFC9-5BBC0F146333}] => (Allow) C:\Windows\System32\dmwu.exe
FirewallRules: [{48DAE4AA-03B7-494A-A6DB-445218C577E2}] => (Allow) C:\Windows\System32\ARFC\wrtc.exe
FirewallRules: [{9F397930-B848-43A0-8FAF-34AA08900838}] => (Allow) C:\Windows\System32\ARFC\wrtc.exe
FirewallRules: [{EEC34A5F-768A-441C-BE36-0611C54010CF}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{D084E6F8-E980-4FAA-8B83-B29A3B375874}] => (Allow) C:\Windows\SysWOW64\ARFC\wrtc.exe
FirewallRules: [{4DF505A5-57D5-4A4F-A681-3C346FFF4327}] => (Allow) C:\Windows\SysWOW64\ARFC\wrtc.exe
FirewallRules: [{037BA245-0CF0-4229-AAF6-642C8D1F309F}] => (Allow) C:\Windows\SysWOW64\ARFC\wrtc.exe
FirewallRules: [{1C1A5DB8-72CC-422E-9552-EF94E9719722}] => (Allow) C:\Windows\SysWOW64\ARFC\wrtc.exe
FirewallRules: [{35646F43-CD2B-4BC8-AE21-860443302BA4}] => (Allow) D:\PPS.tv\PPStream\PPStream.exe
FirewallRules: [{95BDDAF8-412A-4B27-B5EB-83251DDE789E}] => (Allow) D:\PPS.tv\PPStream\PPSKernel.exe
FirewallRules: [{03DFA0DF-E5B1-44F6-8D82-898FFDD92966}] => (Allow) D:\PPS.tv\PPStream\PPSProtect.exe
FirewallRules: [{B53B6376-D30E-4D34-A92A-DF70F93B94DF}] => (Allow) D:\PPS.tv\PPSGame\PPSGame.exe
FirewallRules: [{CCD25C93-E555-40CD-B527-92C1B201775D}] => (Allow) D:\PPS.tv\PPSGame\PPSWebClientGame.exe
FirewallRules: [{AFFFBBD7-601C-47D5-AA10-40D2D706ABA7}] => (Allow) D:\PPS.tv\PPSGame\updatermini.exe
FirewallRules: [TCP Query User{13DBBAF6-C38A-48FC-A2B7-9E35DF1B3412}D:\pps.tv\ppstream\ppskernel.exe] => (Allow) D:\pps.tv\ppstream\ppskernel.exe
FirewallRules: [UDP Query User{CACD0407-4234-4AB4-8EDF-F84FB2BEDB4A}D:\pps.tv\ppstream\ppskernel.exe] => (Allow) D:\pps.tv\ppstream\ppskernel.exe
FirewallRules: [TCP Query User{7ED125F4-6CC8-4C49-A525-80FA3B9B5ADD}D:\pps.tv\ppstream\ppsprotect.exe] => (Block) D:\pps.tv\ppstream\ppsprotect.exe
FirewallRules: [UDP Query User{A155A042-6785-4BDA-9208-29D4E920F92F}D:\pps.tv\ppstream\ppsprotect.exe] => (Block) D:\pps.tv\ppstream\ppsprotect.exe
FirewallRules: [{52ADFB30-107F-4783-A525-0242E7B20E53}] => (Allow) C:\Users\John\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
FirewallRules: [{3E83078F-9D76-40A1-9035-FF60E7D04010}] => (Allow) C:\Users\John\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
FirewallRules: [{319A2879-4D00-4C27-8C84-38F78BAA3589}] => (Allow) D:\PPS.tv\PPSGame\PPSGame.exe
FirewallRules: [{A2FFD172-8F19-4B3C-AB40-972D0B2E34BC}] => (Allow) D:\PPS.tv\PPSGame\PPSWebClientGame.exe
FirewallRules: [{0DB98260-5AF3-4D95-BCFF-0A2A5C212AE6}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdater.exe
FirewallRules: [{1CF48AC2-5351-4C38-9E73-10A3F171CEA4}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{916189F3-596D-4510-B93B-60E86F334D0D}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{0E2B0D2B-7FD4-4AF0-8E0A-507F4CF44494}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{76055F4F-E564-4E66-8BC1-7EC8EA4BCDC5}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{EC3DE66A-1140-4143-AAC6-1997EF07A5A8}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{A9E341B6-4A7D-4B63-8A24-9E975E5DC753}] => (Allow) C:\Users\John\AppData\Roaming\PPStream\ppsupdate.exe
FirewallRules: [{F188961D-25F5-47D5-948E-95D235E7B5F0}] => (Allow) D:\PPS.tv\PPStream\\PPStream.exe
FirewallRules: [{8394A33C-13A4-49E8-AB22-50FD6B97EC94}] => (Allow) D:\PPS.tv\PPStream\\PPSKernel.exe
FirewallRules: [{56A49E2A-31F4-4F73-8882-A93E59521982}] => (Allow) C:\Users\John\AppData\Roaming\PPStream\QyUpdate.exe
FirewallRules: [{226D3927-8087-4FCC-830E-055F0F8E744E}] => (Allow) D:\IQIYI Video\LStyle\QyClient.exe
FirewallRules: [{B4354BE2-29CA-4B87-B299-BC37745A42B1}] => (Allow) D:\IQIYI Video\LStyle\QyKernel.exe
FirewallRules: [{EA280826-B48A-479B-85EF-DD0E28B16EE3}] => (Allow) D:\IQIYI Video\LStyle\MobProtect.exe
FirewallRules: [{E2934432-54A2-4D74-9CED-5CE9F28005B6}] => (Allow) C:\Users\John\AppData\Roaming\PPStream\QyUpdate.exe
FirewallRules: [{503C0B9E-F307-470E-AC3F-E68F5B8E9B5F}] => (Allow) D:\IQIYI Video\LStyle\QyClient.exe
FirewallRules: [{DE6F54C7-528C-4C66-A81B-D0B4C8E718AB}] => (Allow) D:\IQIYI Video\LStyle\QyKernel.exe
FirewallRules: [{CC2612CC-D0B9-43DD-ABC9-3F424513F5AF}] => (Allow) C:\Users\John\AppData\Roaming\PPStream\QyUpdate.exe
FirewallRules: [{74F057E4-FE36-45C6-8F36-87A2E2B7A9AC}] => (Allow) D:\IQIYI Video\LStyle\QyClient.exe
FirewallRules: [{3E9C252A-B8D6-42A8-BEAA-E24E8D4CF99A}] => (Allow) D:\IQIYI Video\LStyle\QyKernel.exe
FirewallRules: [{61835DB6-1271-491E-9D8D-080597CC1EFF}] => (Allow) D:\IQIYI Video\LStyle\MobProtect.exe
FirewallRules: [{7DEF0954-41D0-43BF-8F0E-F4CE3E2BA4B0}] => (Allow) C:\Users\John\AppData\Roaming\PPStream\QyUpdate.exe
FirewallRules: [{38D4EB5D-55BC-4EA2-94A7-FBB3F7A0D6B3}] => (Allow) D:\IQIYI Video\LStyle\QyClient.exe
FirewallRules: [{2A2A9251-4F82-4732-ADBD-39EE252F542C}] => (Allow) D:\IQIYI Video\LStyle\QyKernel.exe
FirewallRules: [{0DAE1329-099C-4760-9DBD-6613BE73729C}] => (Allow) D:\IQIYI Video\LStyle\MobProtect.exe
FirewallRules: [{DAD14BE1-3CA2-4CAE-97CD-0F76F2708886}] => (Allow) C:\Users\John\AppData\Roaming\PPStream\QyUpdate.exe
FirewallRules: [{4936B0C3-A9A3-4B56-ACF0-6EC16F2CF92B}] => (Allow) D:\IQIYI Video\LStyle\QyClient.exe
FirewallRules: [{CAF52348-65DF-4EA2-9B2C-7DE6C428B44D}] => (Allow) D:\IQIYI Video\LStyle\QyKernel.exe
FirewallRules: [{035041DD-4864-4A6A-8DB1-E77B4BE0C6F7}] => (Allow) D:\IQIYI Video\LStyle\MobProtect.exe
FirewallRules: [{603A148C-FD5B-4789-A1BD-01F060FDC8AE}] => (Allow) C:\Users\John\AppData\Roaming\PPStream\QyUpdate.exe
FirewallRules: [{D1E93425-3B60-4191-AA71-4772FA1C1B8B}] => (Allow) D:\IQIYI Video\LStyle\QyClient.exe
FirewallRules: [{237252EB-B9D8-4F86-86B5-2F077623BC91}] => (Allow) D:\IQIYI Video\LStyle\QyKernel.exe
FirewallRules: [{834FAC20-BA91-4493-B173-064098CB5E66}] => (Allow) D:\IQIYI Video\LStyle\MobProtect.exe
FirewallRules: [{D222EC50-4A46-4194-8353-88AC9CE331F0}] => (Allow) C:\Users\John\AppData\Roaming\PPStream\QyUpdate.exe
FirewallRules: [{DA2BEB14-B0CA-48C5-9872-EE325D22F1C3}] => (Allow) D:\IQIYI Video\LStyle\QyClient.exe
FirewallRules: [{48A99A04-1E30-475F-99AE-080FB9CA5EAE}] => (Allow) D:\IQIYI Video\LStyle\QyKernel.exe
FirewallRules: [{D684DF43-41A0-429C-B9E3-3CA65662AAF7}] => (Allow) D:\IQIYI Video\LStyle\MobProtect.exe
FirewallRules: [{91E2B2F0-540D-42AC-9EC4-53EAE625C699}] => (Allow) C:\Users\John\AppData\Roaming\PPStream\QyUpdate.exe
FirewallRules: [{8544F0D7-A388-48F4-86F5-AAA55B47465B}] => (Allow) D:\IQIYI Video\LStyle\QyClient.exe
FirewallRules: [{B5AE15C4-5412-44F2-ACD3-DB1B49221E34}] => (Allow) D:\IQIYI Video\LStyle\QyKernel.exe
FirewallRules: [{AE212C05-F884-439B-B098-113DE2814F53}] => (Allow) D:\IQIYI Video\LStyle\MobProtect.exe
FirewallRules: [{C2F55D6F-4F09-4ED8-B78E-6C40DCAA7E90}] => (Allow) C:\Users\John\AppData\Roaming\PPStream\QyUpdate.exe
FirewallRules: [{53A292CC-C722-4F2F-B2C7-BDEADF26184B}] => (Allow) D:\IQIYI Video\LStyle\QyClient.exe
FirewallRules: [{93F32215-3BF3-4D71-A3EA-D4C9D04FF30D}] => (Allow) D:\IQIYI Video\LStyle\QyKernel.exe
FirewallRules: [{F15414FD-3FF0-4A35-AAF9-B4C6C8C9CA49}] => (Allow) D:\IQIYI Video\LStyle\MobProtect.exe
FirewallRules: [{F2419724-F656-4B43-B6CB-E8F4B359500D}] => (Allow) C:\Users\John\AppData\Roaming\PPStream\QyUpdate.exe
FirewallRules: [{2C962BA7-FEB0-4855-AB50-527B08FBF195}] => (Allow) D:\IQIYI Video\LStyle\QyClient.exe
FirewallRules: [{90CEC9E5-18FF-4B36-B977-84298B6B1825}] => (Allow) D:\IQIYI Video\LStyle\QyKernel.exe
FirewallRules: [{EE49FF0A-425C-4DDC-9F0F-B4C829D754B9}] => (Allow) D:\IQIYI Video\LStyle\MobProtect.exe
FirewallRules: [{F6D742CE-A329-4045-A74D-7A5DDCD77B15}] => (Allow) C:\Users\John\AppData\Roaming\PPStream\QyUpdate.exe
FirewallRules: [{A16DE384-2FCE-4D60-B9B0-F2BFA9CFD1C6}] => (Allow) D:\IQIYI Video\LStyle\QyClient.exe
FirewallRules: [{E738D889-8C82-4979-8BB0-3989ADD33A39}] => (Allow) D:\IQIYI Video\LStyle\QyKernel.exe
FirewallRules: [{C60C37D2-49CA-4BA0-AA77-63F54FDFB331}] => (Allow) D:\IQIYI Video\LStyle\MobProtect.exe
FirewallRules: [{5E88C64C-F581-4191-8553-8BE9B5BF5A42}] => (Allow) C:\Users\John\AppData\Roaming\PPStream\QyUpdate.exe
FirewallRules: [{9FEFC855-E653-4053-A6B0-622896438B61}] => (Allow) D:\IQIYI Video\LStyle\QyClient.exe
FirewallRules: [{3B055A12-854B-4BB1-8576-DC1FFB45908C}] => (Allow) D:\IQIYI Video\LStyle\QyKernel.exe
FirewallRules: [{158BBEDE-081D-4CFF-8A28-DC49DD6D5DEF}] => (Allow) D:\IQIYI Video\LStyle\MobProtect.exe
FirewallRules: [{371F4334-7802-468A-BE32-8BD2E30972A8}] => (Allow) C:\Users\John\AppData\Roaming\PPStream\QyUpdate.exe
FirewallRules: [{3407005D-634C-4ACA-9F4B-CD2E4910F60A}] => (Allow) D:\IQIYI Video\LStyle\QyClient.exe
FirewallRules: [{D5D36159-F5F8-4464-9335-5C649A6C5714}] => (Allow) D:\IQIYI Video\LStyle\QyKernel.exe
FirewallRules: [{E03A3963-8DE7-4BCB-A623-2DDA5B212AC6}] => (Allow) D:\IQIYI Video\LStyle\MobProtect.exe
FirewallRules: [{EA8D27D3-A57E-45AD-93BE-2BA5640F4409}] => (Allow) C:\Users\John\AppData\Roaming\PPStream\QyUpdate.exe
FirewallRules: [{D5482564-CD8C-435F-9058-05EE960F9895}] => (Allow) D:\IQIYI Video\LStyle\QyClient.exe
FirewallRules: [{8305D90C-4C04-4614-A703-CD108551FAC3}] => (Allow) D:\IQIYI Video\LStyle\QyKernel.exe
FirewallRules: [{924C4C6C-2A8C-4FB4-884F-A7F7E4D14B89}] => (Allow) D:\IQIYI Video\LStyle\MobProtect.exe
FirewallRules: [{8E68B901-2942-4D71-A3ED-BF49BBA116CD}] => (Allow) C:\Users\John\AppData\Roaming\PPStream\QyUpdate.exe
FirewallRules: [{14BE879B-4C6E-4E03-A2D0-243417F6FAFC}] => (Allow) D:\IQIYI Video\LStyle\QyClient.exe
FirewallRules: [{ED79B114-280E-4C06-9C55-4D5A882E61E8}] => (Allow) D:\IQIYI Video\LStyle\QyKernel.exe
FirewallRules: [{881AD044-8A21-4914-B5C4-C32401072DEE}] => (Allow) D:\IQIYI Video\LStyle\MobProtect.exe
FirewallRules: [{6B10520C-8A13-4C8F-9987-5A938A9AB9E1}] => (Allow) C:\Users\John\AppData\Roaming\PPStream\QyUpdate.exe
FirewallRules: [{75A72C1E-E3BF-4819-A461-E0E8E3D3CCE5}] => (Allow) D:\IQIYI Video\LStyle\QyClient.exe
FirewallRules: [{7063F544-BF96-44B5-ACF5-FE6DB604763F}] => (Allow) D:\IQIYI Video\LStyle\QyKernel.exe
FirewallRules: [{1F1D670C-F523-4B1B-BCBA-80A5C0E7E354}] => (Allow) D:\IQIYI Video\LStyle\MobProtect.exe
FirewallRules: [{41DEB2AA-A3E1-4B03-AA47-7EABA370353F}] => (Allow) C:\Users\John\AppData\Roaming\PPStream\QyUpdate.exe
FirewallRules: [{2B7086FD-895A-47C3-86C8-7F9937629F68}] => (Allow) D:\IQIYI Video\LStyle\QyClient.exe
FirewallRules: [{F0EDC8CA-0EFA-43E9-8D6A-823DCB12AD2B}] => (Allow) D:\IQIYI Video\LStyle\QyKernel.exe
FirewallRules: [{7129A4A5-2B15-4890-A39C-DBEDB2CF1028}] => (Allow) D:\IQIYI Video\LStyle\MobProtect.exe
FirewallRules: [{CA89DC6D-9DB9-426A-837D-7A4B57857523}] => (Allow) C:\Users\John\AppData\Roaming\PPStream\QyUpdate.exe
FirewallRules: [{2AE8DDFB-3AD3-4A04-A5EC-A41F0F58DACD}] => (Allow) D:\IQIYI Video\LStyle\QyClient.exe
FirewallRules: [{1668C448-7C1F-4C34-8B80-4C30FEA82669}] => (Allow) D:\IQIYI Video\LStyle\QyKernel.exe
FirewallRules: [{13B6892F-0DD0-47AD-9120-1AA4BEE4F94B}] => (Allow) D:\IQIYI Video\LStyle\MobProtect.exe
FirewallRules: [{FD65B8FE-17D0-4236-A28F-0E79BDE1119F}] => (Allow) C:\Users\John\AppData\Roaming\PPStream\QyUpdate.exe
FirewallRules: [{4C916655-174F-4DED-8B54-C799AE799B11}] => (Allow) D:\IQIYI Video\LStyle\QyClient.exe
FirewallRules: [{2EE16ED5-B1B6-4AEC-9818-A8A71F45746D}] => (Allow) D:\IQIYI Video\LStyle\QyKernel.exe
FirewallRules: [{AC073315-C4DC-49CA-B974-0A039D0B8EA8}] => (Allow) D:\IQIYI Video\LStyle\MobProtect.exe
FirewallRules: [{485E71C0-27F0-490B-AC16-C55D8318E11D}] => (Allow) C:\Users\John\AppData\Roaming\PPStream\QyUpdate.exe
FirewallRules: [{45D28550-D153-4D29-8563-10BD8F0518B1}] => (Allow) D:\IQIYI Video\LStyle\QyClient.exe
FirewallRules: [{AA253A7D-052F-4E8F-8B0F-7B9E4C159E19}] => (Allow) D:\IQIYI Video\LStyle\QyKernel.exe
FirewallRules: [{AD4DD67C-6FDA-4727-A62E-3F25407D253E}] => (Allow) D:\IQIYI Video\LStyle\MobProtect.exe
FirewallRules: [{150EA85A-E85C-4DB8-B16C-C80878A0376A}] => (Allow) C:\Users\John\AppData\Roaming\PPStream\QyUpdate.exe
FirewallRules: [{1396FA10-CBEE-4F5F-AFDB-829F926F39DE}] => (Allow) D:\IQIYI Video\LStyle\QyClient.exe
FirewallRules: [{A7E49067-FAFC-4A8D-8237-3B6AD8D59123}] => (Allow) D:\IQIYI Video\LStyle\QyKernel.exe
FirewallRules: [{78ABF01D-2925-4FCF-9E3E-2CBD843B6C5F}] => (Allow) D:\IQIYI Video\LStyle\MobProtect.exe
FirewallRules: [{A22CF6B2-4E35-4DA8-B605-881E8ACD3005}] => (Allow) C:\Users\John\AppData\Roaming\PPStream\QyUpdate.exe
FirewallRules: [{2858C158-63C7-4E72-9E75-2D8152F13DEF}] => (Allow) D:\IQIYI Video\LStyle\QyClient.exe
FirewallRules: [{77CF38C4-36F6-4DC9-B51C-46D441618560}] => (Allow) D:\IQIYI Video\LStyle\QyKernel.exe
FirewallRules: [{24405332-07FC-408D-8E0E-BD32B535A8E6}] => (Allow) D:\IQIYI Video\LStyle\MobProtect.exe
FirewallRules: [{F59B6F2A-FF2C-4C81-994C-7A60674600C9}] => (Allow) C:\Users\John\AppData\Roaming\PPStream\QyUpdate.exe
FirewallRules: [{DFB336E8-C20B-474A-B209-F694094FAB9D}] => (Allow) D:\IQIYI Video\LStyle\QyClient.exe
FirewallRules: [{05F995FF-6C34-4357-9E07-45C2E40D3AD5}] => (Allow) D:\IQIYI Video\LStyle\QyKernel.exe
FirewallRules: [{CC783157-0E7F-4CAB-AE61-EE10C91A2803}] => (Allow) D:\IQIYI Video\LStyle\MobProtect.exe
FirewallRules: [{C65EF9BF-B2D4-481E-81F1-21D86842CE05}] => (Allow) C:\Users\John\AppData\Roaming\PPStream\QyUpdate.exe
FirewallRules: [{D1B2A2C5-E379-4A03-B98F-891ECDE159A6}] => (Allow) D:\IQIYI Video\LStyle\QyClient.exe
FirewallRules: [{7F83F693-22A6-4CB7-B3BC-80ABEDD77A67}] => (Allow) D:\IQIYI Video\LStyle\QyKernel.exe
FirewallRules: [{4A7D8807-2BEC-47A5-9EAC-CA608776CCEA}] => (Allow) D:\IQIYI Video\LStyle\MobProtect.exe
FirewallRules: [{2403F6E0-2A57-425C-AECC-FB21A0F7ED9C}] => (Allow) C:\Users\John\AppData\Roaming\PPStream\QyUpdate.exe
FirewallRules: [{DAE8114F-2F5C-4C24-AEE5-238216084B94}] => (Allow) D:\IQIYI Video\LStyle\QyClient.exe
FirewallRules: [{53E80E42-1A4E-478A-A7FD-803C5A4DB555}] => (Allow) D:\IQIYI Video\LStyle\QyKernel.exe
FirewallRules: [{9FC63176-62D7-4DF9-AD15-3CB11A513ADD}] => (Allow) D:\IQIYI Video\LStyle\MobProtect.exe
FirewallRules: [{56C2309B-BC2F-4003-A209-A5B7999F2AA6}] => (Allow) C:\Users\John\AppData\Roaming\PPStream\QyUpdate.exe
FirewallRules: [{FBA73724-2098-4BDD-9B1F-47842AEC9960}] => (Allow) D:\IQIYI Video\LStyle\QyClient.exe
FirewallRules: [{C0FA35E4-01AF-4C93-B089-EA05879979EA}] => (Allow) D:\IQIYI Video\LStyle\QyKernel.exe
FirewallRules: [{B16E443C-13B4-44A7-9285-685F4D444864}] => (Allow) D:\IQIYI Video\LStyle\MobProtect.exe
FirewallRules: [{87FDCB3E-69FA-42CB-AEB7-F8884701AF0F}] => (Allow) C:\Users\John\AppData\Roaming\IQIYI Video\LStyle\QyUpdate.exe
FirewallRules: [{4676017F-9044-474E-852A-FD1D9A4DA364}] => (Allow) D:\IQIYI Video\LStyle\QyClient.exe
FirewallRules: [{E903CD47-2DD3-4228-8476-E865C8C20FC0}] => (Allow) D:\IQIYI Video\LStyle\QyWebPlayer.exe
FirewallRules: [{820AD292-55EA-4859-AD7A-D8DD6785C293}] => (Allow) D:\IQIYI Video\Common\QyKernel.exe
FirewallRules: [{55692520-A9BC-41C2-ADC3-753027AA0268}] => (Allow) D:\IQIYI Video\LStyle\QyPlayer.exe
FirewallRules: [{2F7975EA-83AF-4BA4-AF44-1DC2AD3A3BDD}] => (Allow) C:\Users\John\AppData\Roaming\IQIYI Video\LStyle\QyUpdate.exe
FirewallRules: [{43457AE7-C298-4366-A141-73FCD10C5BE4}] => (Allow) D:\IQIYI Video\LStyle\QyClient.exe
FirewallRules: [{0F5F066E-997A-42B3-A897-3F83A705B4F7}] => (Allow) D:\IQIYI Video\LStyle\QyWebPlayer.exe
FirewallRules: [{0996FDFB-0FA0-4DF0-A208-A7D6DB07A410}] => (Allow) D:\IQIYI Video\Common\QyKernel.exe
FirewallRules: [{363972CC-D0D5-4CA3-97A4-BB375084E104}] => (Allow) D:\IQIYI Video\LStyle\QyPlayer.exe
FirewallRules: [{C37BFC1E-8EAB-4E4F-BDD6-C07163175775}] => (Allow) D:\IQIYI Video\LStyle\MobProtect.exe
FirewallRules: [{98760E0D-30E6-47DB-BBD1-E2CAFC7BE1BE}] => (Allow) C:\Users\John\AppData\Roaming\IQIYI Video\LStyle\QyUpdate.exe
FirewallRules: [{DDB667BC-64D4-4E1B-904A-B73A409613B0}] => (Allow) D:\IQIYI Video\LStyle\QyClient.exe
FirewallRules: [{CF9DAF48-74BA-4C66-8F78-0E914D889C53}] => (Allow) D:\IQIYI Video\LStyle\QyWebPlayer.exe
FirewallRules: [{25664998-9FA6-4A8B-8AF3-B0EBA5BE8232}] => (Allow) D:\IQIYI Video\Common\QyKernel.exe
FirewallRules: [{A0F58A62-B1EA-4ACD-B7C3-03B6590BD6B8}] => (Allow) D:\IQIYI Video\LStyle\QyPlayer.exe
FirewallRules: [{B8046E98-8E43-4AAC-946E-415663E1FC85}] => (Allow) D:\IQIYI Video\LStyle\MobProtect.exe
FirewallRules: [{9DFD8732-C901-40AD-91FF-C96359D5B40C}] => (Allow) C:\Users\John\AppData\Roaming\IQIYI Video\LStyle\QyUpdate.exe
FirewallRules: [{3AEBA203-F34F-473C-A45F-D566A2AD4DE7}] => (Allow) D:\IQIYI Video\LStyle\QyClient.exe
FirewallRules: [{99E4D4B5-7BDC-41AB-AF11-0674D4158F8E}] => (Allow) D:\IQIYI Video\LStyle\QyWebPlayer.exe
FirewallRules: [{A04758F9-2DDB-493C-8BD7-0F6B5CE6BCF2}] => (Allow) D:\IQIYI Video\Common\QyKernel.exe
FirewallRules: [{AAD2114F-67ED-494B-8749-1E5ED233AA83}] => (Allow) D:\IQIYI Video\LStyle\QyPlayer.exe
FirewallRules: [{86BBBEDA-89CD-44C4-9BBC-81DA4DDAFBC1}] => (Allow) D:\IQIYI Video\LStyle\MobProtect.exe
FirewallRules: [{E922AEF0-1706-466A-9FD0-036583A52A2E}] => (Allow) C:\Users\John\AppData\Roaming\IQIYI Video\LStyle\QyUpdate.exe
FirewallRules: [{1AF6413B-0E66-4492-94CB-6C6923835A62}] => (Allow) D:\IQIYI Video\LStyle\QyClient.exe
FirewallRules: [{9E4B3072-8FD4-4F87-953B-36C24061397D}] => (Allow) D:\IQIYI Video\LStyle\QyWebPlayer.exe
FirewallRules: [{B1C1D295-33DB-401B-BD56-20C42345359F}] => (Allow) D:\IQIYI Video\Common\QyKernel.exe
FirewallRules: [{3932321D-B459-47AB-BACF-0FC3D8F67075}] => (Allow) D:\IQIYI Video\LStyle\QyPlayer.exe
FirewallRules: [{727DEBE1-F8C7-48D7-A5E0-D0EF0CCF0D7F}] => (Allow) D:\IQIYI Video\LStyle\MobProtect.exe
FirewallRules: [{D49D0052-6CB1-4E22-86C8-FB0FAE85A561}] => (Allow) C:\Users\John\AppData\Roaming\IQIYI Video\LStyle\QyUpdate.exe
FirewallRules: [{000BE1C0-1673-44AD-8BD4-D4F86FED3DA9}] => (Allow) D:\IQIYI Video\LStyle\QyClient.exe
FirewallRules: [{85D08086-7572-485C-9FC6-1A4F30275103}] => (Allow) D:\IQIYI Video\LStyle\QyWebPlayer.exe
FirewallRules: [{1B57F466-0157-4A78-94A8-390C592F3314}] => (Allow) D:\IQIYI Video\Common\QyKernel.exe
FirewallRules: [{3B95E759-11CB-47BD-AF0C-0CB5D58A17F4}] => (Allow) D:\IQIYI Video\LStyle\QyPlayer.exe
FirewallRules: [{4168771A-A85D-4279-AC4D-6C72AE792D82}] => (Allow) D:\IQIYI Video\LStyle\MobProtect.exe
FirewallRules: [{A3E189D2-1DB6-4A11-8D31-8F5996C5A844}] => (Allow) C:\Users\John\AppData\Roaming\IQIYI Video\LStyle\QyUpdate.exe
FirewallRules: [{7C304374-E465-426B-997D-4B6E599729B6}] => (Allow) D:\IQIYI Video\LStyle\QyClient.exe
FirewallRules: [{C3BCC41B-599B-41E1-87D9-55B6C6EB8D79}] => (Allow) D:\IQIYI Video\LStyle\QyWebPlayer.exe
FirewallRules: [{58060540-AD83-46AE-A26F-D35E596D775D}] => (Allow) D:\IQIYI Video\Common\QyKernel.exe
FirewallRules: [{5B740099-D281-41C2-B7D5-C3EDA97F2AF2}] => (Allow) D:\IQIYI Video\LStyle\QyPlayer.exe
FirewallRules: [{89F82812-15F3-4F8C-849A-47E9F5A00E5A}] => (Allow) D:\IQIYI Video\LStyle\MobProtect.exe
FirewallRules: [{42EF8361-BA49-4F6A-92B4-A018EC1FC42E}] => (Allow) C:\Users\John\AppData\Roaming\IQIYI Video\LStyle\QyUpdate.exe
FirewallRules: [{B541ABFD-1098-48FA-8195-2BD99214318E}] => (Allow) D:\IQIYI Video\LStyle\QyClient.exe
FirewallRules: [{674D0FE1-3697-43B3-AB1F-CC77B104C0B4}] => (Allow) D:\IQIYI Video\LStyle\QyWebPlayer.exe
FirewallRules: [{8C9EB44B-0343-46DF-A5E6-20AF8B1F8CF3}] => (Allow) D:\IQIYI Video\Common\QyKernel.exe
FirewallRules: [{81C7909A-0C6E-415C-ABA0-3ADA17431684}] => (Allow) D:\IQIYI Video\LStyle\QyPlayer.exe
FirewallRules: [{79F128D5-B8CF-47F5-894A-585E380DA7E6}] => (Allow) D:\IQIYI Video\LStyle\MobProtect.exe
FirewallRules: [{9C522A48-DED9-43B8-92E9-F0FDFC4BFA59}] => (Allow) C:\Users\John\AppData\Roaming\IQIYI Video\LStyle\QyUpdate.exe
FirewallRules: [{ED75B20B-1AC8-4444-895D-D5E566BB6856}] => (Allow) D:\IQIYI Video\LStyle\QyClient.exe
FirewallRules: [{8CF9EABF-978A-451D-83EB-57959E47E7B2}] => (Allow) D:\IQIYI Video\LStyle\QyWebPlayer.exe
FirewallRules: [{BF244DFE-C2BA-435F-ACC1-1CF24C9FA173}] => (Allow) D:\IQIYI Video\Common\QyKernel.exe
FirewallRules: [{AA84BEA5-772C-4CB2-AD5C-1800426B5CD3}] => (Allow) D:\IQIYI Video\LStyle\QyPlayer.exe
FirewallRules: [{6C422165-BF7B-4B07-BC1F-E42071FC86E1}] => (Allow) D:\IQIYI Video\LStyle\MobProtect.exe
FirewallRules: [TCP Query User{E965922E-B76C-40B4-A3AD-B5AD409855F7}C:\users\john\appdata\local\programs\qlik\sense\qliksense.exe] => (Block) C:\users\john\appdata\local\programs\qlik\sense\qliksense.exe
FirewallRules: [UDP Query User{96418A2E-0C81-40F2-8E74-75D100264ACE}C:\users\john\appdata\local\programs\qlik\sense\qliksense.exe] => (Block) C:\users\john\appdata\local\programs\qlik\sense\qliksense.exe
FirewallRules: [{54887585-D538-4783-916D-35918A0E66A6}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
FirewallRules: [TCP Query User{BB3E0874-942C-40B3-BADC-3320B1ED004E}C:\users\john\appdata\local\programs\qlik\sense\qliksense.exe] => (Allow) C:\users\john\appdata\local\programs\qlik\sense\qliksense.exe
FirewallRules: [UDP Query User{888C2C80-401C-43BD-A354-1D4AB784D558}C:\users\john\appdata\local\programs\qlik\sense\qliksense.exe] => (Allow) C:\users\john\appdata\local\programs\qlik\sense\qliksense.exe
FirewallRules: [{FF0A7CF6-693F-4E9A-943D-0608CB773718}] => (Allow) C:\Users\John\AppData\Roaming\IQIYI Video\LStyle\QyUpdate.exe
FirewallRules: [{6F9A393B-AA84-4911-8C37-A9C8CC2FDEE2}] => (Allow) D:\IQIYI Video\LStyle\QyClient.exe
FirewallRules: [{00745610-8EA2-4C5A-A6F1-5F3B08ABDFD9}] => (Allow) D:\IQIYI Video\LStyle\QyWebPlayer.exe
FirewallRules: [{8F547FB2-120F-4624-B674-151B2776C42A}] => (Allow) D:\IQIYI Video\LStyle\GeePlayer.exe
FirewallRules: [{87955361-CFC6-4BD7-836D-588BA96B6B64}] => (Allow) D:\IQIYI Video\Common\HCDNClient.exe
FirewallRules: [{4963C7F1-7B65-4C31-B563-D239F6713E22}] => (Allow) D:\IQIYI Video\Common\QyKernel.exe
FirewallRules: [{343BD42A-54CA-4EB8-8020-D5F519C18FBA}] => (Allow) D:\IQIYI Video\LStyle\QyPlayer.exe
FirewallRules: [{7786E097-ED51-40D7-93F9-21C4E2610A07}] => (Allow) C:\Users\John\AppData\Roaming\IQIYI Video\LStyle\QyUpdate.exe
FirewallRules: [{83AEFDF8-B97F-4C6A-8575-72AD7A49D05F}] => (Allow) D:\IQIYI Video\LStyle\QyClient.exe
FirewallRules: [{7F15C5F2-3674-47E1-88A5-078B24D98E87}] => (Allow) D:\IQIYI Video\LStyle\QyWebPlayer.exe
FirewallRules: [{8B67CC9E-D74E-4625-9657-39D64164DEAC}] => (Allow) D:\IQIYI Video\LStyle\GeePlayer.exe
FirewallRules: [{AAA81385-286C-42A4-B331-D01748BF3345}] => (Allow) D:\IQIYI Video\Common\HCDNClient.exe
FirewallRules: [{91C9A7E0-FFB2-4F40-B587-00CB45199F27}] => (Allow) D:\IQIYI Video\Common\QyKernel.exe
FirewallRules: [{C1B72161-42C3-41F2-84BB-34D671115846}] => (Allow) D:\IQIYI Video\LStyle\QyPlayer.exe
FirewallRules: [{1EB16FEC-53A3-4F11-A4BB-FB98989C98F3}] => (Allow) C:\Users\John\AppData\Roaming\IQIYI Video\LStyle\QyUpdate.exe
FirewallRules: [{C5488953-B319-4521-BC19-CF6FAAD202C5}] => (Allow) D:\IQIYI Video\LStyle\QyClient.exe
FirewallRules: [{165AD64E-0BE6-4B53-AFB5-E0257C9DDF4A}] => (Allow) D:\IQIYI Video\LStyle\QyWebPlayer.exe
FirewallRules: [{897BB750-C528-42B0-A579-6BAB07A588F5}] => (Allow) D:\IQIYI Video\LStyle\GeePlayer.exe
FirewallRules: [{48FD5F8C-086A-4780-A581-15DC321E7820}] => (Allow) D:\IQIYI Video\Common\HCDNClient.exe
FirewallRules: [{5C634982-20AF-425A-B0AA-0616230AFD21}] => (Allow) D:\IQIYI Video\Common\QyKernel.exe
FirewallRules: [{0A9C4696-85B2-42AE-8E88-B86A1883A6C0}] => (Allow) D:\IQIYI Video\LStyle\QyPlayer.exe
FirewallRules: [{D55130F2-1A21-4E15-8C04-3B1FDCA8BB91}] => (Allow) C:\Users\John\AppData\Roaming\IQIYI Video\LStyle\QyUpdate.exe
FirewallRules: [{61B7B01C-38F3-47A4-B5A4-3BD1F51B887C}] => (Allow) D:\IQIYI Video\LStyle\QyClient.exe
FirewallRules: [{3D0BD9B2-1EF1-437B-A47C-BF70DCD21EB7}] => (Allow) D:\IQIYI Video\LStyle\QyWebPlayer.exe
FirewallRules: [{C193FB26-8691-4129-805C-51BEE3E10541}] => (Allow) D:\IQIYI Video\LStyle\GeePlayer.exe
FirewallRules: [{B80555C2-9B31-448C-AD43-0292DAFFC38D}] => (Allow) D:\IQIYI Video\Common\HCDNClient.exe
FirewallRules: [{D2434ED4-7203-4E58-8005-CE61D4A0CE95}] => (Allow) D:\IQIYI Video\Common\QyKernel.exe
FirewallRules: [{686BFADA-AA80-4D49-B697-93078FFF7355}] => (Allow) D:\IQIYI Video\LStyle\QyPlayer.exe
FirewallRules: [{E717C7C8-D8CA-47BA-873C-8C03374473CD}] => (Allow) C:\Users\John\AppData\Roaming\IQIYI Video\LStyle\QyUpdate.exe
FirewallRules: [{97553BD5-A992-4EF9-BA55-ADC938C6251C}] => (Allow) D:\IQIYI Video\LStyle\QyClient.exe
FirewallRules: [{B1501D85-9D2C-4037-98B1-DC227171F825}] => (Allow) D:\IQIYI Video\LStyle\QyWebPlayer.exe
FirewallRules: [{DCB99D09-9AEF-43BF-AF1F-D7A8FFA12ED0}] => (Allow) D:\IQIYI Video\LStyle\GeePlayer.exe
FirewallRules: [{3AC4DB11-B512-457A-9D60-199FF386D473}] => (Allow) D:\IQIYI Video\Common\HCDNClient.exe
FirewallRules: [{0BF6E69B-5AA9-4F16-8239-D0C7CB6E75D7}] => (Allow) D:\IQIYI Video\Common\QyKernel.exe
FirewallRules: [{A2E3050C-17A5-44BA-939E-49B8D24D71E6}] => (Allow) D:\IQIYI Video\LStyle\QyPlayer.exe
FirewallRules: [{315944B2-FCC2-417A-B3FD-99D0321AEC4B}] => (Allow) C:\Users\John\AppData\Roaming\IQIYI Video\LStyle\QyUpdate.exe
FirewallRules: [{3BBEA215-1CE1-4F6E-8336-A0E52DFB81E7}] => (Allow) D:\IQIYI Video\LStyle\QyClient.exe
FirewallRules: [{D1BA8A8A-E1E3-40B1-A200-BBDADE2526BA}] => (Allow) D:\IQIYI Video\LStyle\QyWebPlayer.exe
FirewallRules: [{B14B6BEE-09DD-4610-B216-79FE6429CB65}] => (Allow) D:\IQIYI Video\LStyle\GeePlayer.exe
FirewallRules: [{84391036-FB83-46DF-B24E-BF166B4D2662}] => (Allow) D:\IQIYI Video\Common\HCDNClient.exe
FirewallRules: [{5429C4E0-583E-43C7-9397-963791405432}] => (Allow) D:\IQIYI Video\Common\QyKernel.exe
FirewallRules: [{31F87FAB-FDAF-4C84-9D14-055C08769FCF}] => (Allow) D:\IQIYI Video\LStyle\QyPlayer.exe
FirewallRules: [{9277EFBF-3108-45D3-BF8E-97E920C40D2F}] => (Allow) C:\Users\John\AppData\Roaming\IQIYI Video\LStyle\QyUpdate.exe
FirewallRules: [{89C90EDA-F6D6-4F28-889E-CD826E654BA3}] => (Allow) D:\IQIYI Video\LStyle\QyClient.exe
FirewallRules: [{2FEF9E80-BBF6-4E98-9291-929E1E1EFB79}] => (Allow) D:\IQIYI Video\LStyle\QyWebPlayer.exe
FirewallRules: [{EB4C5E36-F897-40D0-B6C9-02333229B9B7}] => (Allow) D:\IQIYI Video\LStyle\GeePlayer.exe
FirewallRules: [{91B93E8E-2B28-4081-920B-0234B7632C7D}] => (Allow) D:\IQIYI Video\Common\HCDNClient.exe
FirewallRules: [{B38E4BF1-E06E-4BD2-AA24-7D604963EB01}] => (Allow) D:\IQIYI Video\Common\QyKernel.exe
FirewallRules: [{93B0C419-6A95-46C1-A170-DB50C78D4DDF}] => (Allow) D:\IQIYI Video\LStyle\QyPlayer.exe
FirewallRules: [{D847A683-9B02-401A-888E-D4A5A182A8BE}] => (Allow) C:\Users\John\AppData\Roaming\IQIYI Video\LStyle\QyUpdate.exe
FirewallRules: [{AEE8384D-7C0C-4B67-9107-DC635162480D}] => (Allow) D:\IQIYI Video\LStyle\QyClient.exe
FirewallRules: [{F2F7A583-0BEE-434E-9329-6E6D1F40D9A5}] => (Allow) D:\IQIYI Video\LStyle\QyWebPlayer.exe
FirewallRules: [{F4F05C39-890A-456D-882E-2B274E20E78A}] => (Allow) D:\IQIYI Video\LStyle\GeePlayer.exe
FirewallRules: [{C8A0BE83-21E7-497B-BEF6-0B66498FA2A0}] => (Allow) D:\IQIYI Video\Common\HCDNClient.exe
FirewallRules: [{45A9D279-35A3-47D1-9898-736245C2A6F4}] => (Allow) D:\IQIYI Video\Common\QyKernel.exe
FirewallRules: [{39CACAAD-E5B9-4EEF-BA58-964F9F99195B}] => (Allow) D:\IQIYI Video\LStyle\QyPlayer.exe
FirewallRules: [{A08BA0E0-EBD6-4A95-8E8C-6060C6F88465}] => (Allow) C:\Users\John\AppData\Roaming\IQIYI Video\LStyle\QyUpdate.exe
FirewallRules: [{28A5857A-7020-43DD-9E81-B96426EA6C44}] => (Allow) D:\IQIYI Video\LStyle\QyClient.exe
FirewallRules: [{5FFE77DE-8280-4E72-8C62-CBC1925EBFDD}] => (Allow) D:\IQIYI Video\LStyle\QyWebPlayer.exe
FirewallRules: [{03150517-6528-453F-9993-88154F79A55D}] => (Allow) D:\IQIYI Video\LStyle\GeePlayer.exe
FirewallRules: [{45F7BDDE-AB15-4A4F-8956-84665C063515}] => (Allow) D:\IQIYI Video\Common\HCDNClient.exe
FirewallRules: [{D501765F-49D0-4917-A48E-EFE510EA137D}] => (Allow) D:\IQIYI Video\Common\QyKernel.exe
FirewallRules: [{DDD4F073-570A-4A81-ADB9-68703DC7CCEE}] => (Allow) D:\IQIYI Video\LStyle\QyPlayer.exe
FirewallRules: [{CAD55706-A491-4592-8DE7-0873B2B27158}] => (Allow) C:\Users\John\AppData\Roaming\IQIYI Video\LStyle\QyUpdate.exe
FirewallRules: [{BB4CEDDA-F467-402C-B520-4C787F200682}] => (Allow) D:\IQIYI Video\LStyle\QyClient.exe
FirewallRules: [{357B45AF-A107-428E-A4EA-0A705EDB5E5F}] => (Allow) D:\IQIYI Video\LStyle\QyWebPlayer.exe
FirewallRules: [{9FE8D019-5C4A-4180-ADB2-87B5CC6FF530}] => (Allow) D:\IQIYI Video\LStyle\GeePlayer.exe
FirewallRules: [{529329C9-FCEE-4B3E-9E36-94A933F20C33}] => (Allow) D:\IQIYI Video\Common\HCDNClient.exe
FirewallRules: [{DCBFBC40-512D-4DB4-931F-722F21484268}] => (Allow) D:\IQIYI Video\Common\QyKernel.exe
FirewallRules: [{41A8C103-BE63-4112-8EAF-766ED1BCAAD1}] => (Allow) D:\IQIYI Video\LStyle\QyPlayer.exe
FirewallRules: [{08CD902C-EC01-4BF6-921B-50ED835E548E}] => (Allow) C:\Users\John\AppData\Roaming\IQIYI Video\LStyle\QyUpdate.exe
FirewallRules: [{A6EC8B64-4A29-4891-9852-04C035DBBE91}] => (Allow) D:\IQIYI Video\LStyle\QyClient.exe
FirewallRules: [{E3FADE66-D5CA-4042-AA9C-5509919E690E}] => (Allow) D:\IQIYI Video\LStyle\QyWebPlayer.exe
FirewallRules: [{1C01AB2F-C1B2-4974-B433-7631CB7B8FBC}] => (Allow) D:\IQIYI Video\LStyle\GeePlayer.exe
FirewallRules: [{6F0F10EC-A3AD-4B2A-8CA7-000535DE5B83}] => (Allow) D:\IQIYI Video\Common\HCDNClient.exe
FirewallRules: [{927FE9EB-BE45-4E0B-B5A8-389F98087287}] => (Allow) D:\IQIYI Video\Common\QyKernel.exe
FirewallRules: [{D9E6B762-D6D3-4E54-AFC8-190A02CFC05D}] => (Allow) D:\IQIYI Video\LStyle\QyPlayer.exe
FirewallRules: [{9C1FDFAD-039C-4A2B-AAB6-CD0BD841EA59}] => (Allow) C:\Users\John\AppData\Roaming\IQIYI Video\LStyle\QyUpdate.exe
FirewallRules: [{9B777EA2-0F10-4D8F-A2A3-B32F808069EF}] => (Allow) D:\IQIYI Video\LStyle\QyClient.exe
FirewallRules: [{7AD636D6-5C8A-48BA-9634-8B54FE3BAE80}] => (Allow) D:\IQIYI Video\LStyle\QyWebPlayer.exe
FirewallRules: [{84674CEE-CD8F-4131-87A1-D2010C128901}] => (Allow) D:\IQIYI Video\LStyle\GeePlayer.exe
FirewallRules: [{350FCAD8-FEA0-4A04-8EA6-0F626B554177}] => (Allow) D:\IQIYI Video\Common\HCDNClient.exe
FirewallRules: [{E1EBE0D3-169F-4CCB-AB3F-B7DE4C945E32}] => (Allow) D:\IQIYI Video\Common\QyKernel.exe
FirewallRules: [{359702FF-14BD-4C57-B0EC-B5234D214A71}] => (Allow) D:\IQIYI Video\LStyle\QyPlayer.exe
FirewallRules: [{267F256C-7BBE-4B46-AD79-8248037C329D}] => (Allow) C:\Users\John\AppData\Roaming\IQIYI Video\LStyle\QyUpdate.exe
FirewallRules: [{04FC491D-12DC-4DF4-87EA-8F0451074D6E}] => (Allow) D:\IQIYI Video\LStyle\QyClient.exe
FirewallRules: [{F7BF3B96-3A8E-4EAF-A30E-53C88E96FE30}] => (Allow) D:\IQIYI Video\LStyle\QyWebPlayer.exe
FirewallRules: [{EA4138D2-8C1F-4447-9646-4FBB481CFD0E}] => (Allow) D:\IQIYI Video\LStyle\GeePlayer.exe
FirewallRules: [{A600B8B6-7C57-40C6-9BFF-128A43598E6C}] => (Allow) D:\IQIYI Video\Common\HCDNClient.exe
FirewallRules: [{A2DC0E9D-CF98-4ECD-8EA6-22384C16D87A}] => (Allow) D:\IQIYI Video\Common\QyKernel.exe
FirewallRules: [{C7034E21-9173-4148-AC11-8C58FEED2EF9}] => (Allow) D:\IQIYI Video\LStyle\QyPlayer.exe
FirewallRules: [TCP Query User{05E832F0-AB71-4393-AEF4-B6F17AE85C6A}D:\iqiyi video\lstyle\mobprotect.exe] => (Block) D:\iqiyi video\lstyle\mobprotect.exe
FirewallRules: [UDP Query User{05C22438-C1B9-4C67-99BE-0254A9FF1ED6}D:\iqiyi video\lstyle\mobprotect.exe] => (Block) D:\iqiyi video\lstyle\mobprotect.exe
FirewallRules: [{770E7CF2-D677-4F38-8494-79DFEC2F2D1A}] => (Allow) C:\Users\John\AppData\Roaming\IQIYI Video\LStyle\QyUpdate.exe
FirewallRules: [{440AB4A9-B221-4F22-A84B-67D4C6425CD5}] => (Allow) D:\IQIYI Video\LStyle\QyClient.exe
FirewallRules: [{F46B5498-D455-466D-B3C7-E3D0F2B08444}] => (Allow) D:\IQIYI Video\LStyle\QyWebPlayer.exe
FirewallRules: [{81F37FEA-9FC2-4811-BD2B-C1F0ABF74C74}] => (Allow) D:\IQIYI Video\LStyle\GeePlayer.exe
FirewallRules: [{B72502FE-54C4-457B-95A6-5D53C205EFE9}] => (Allow) D:\IQIYI Video\Common\HCDNClient.exe
FirewallRules: [{58067095-87BB-47C8-94B4-F4A59A4CB949}] => (Allow) D:\IQIYI Video\Common\QyKernel.exe
FirewallRules: [{00B92FD7-8A92-4A68-A6EE-701CEFBD13DA}] => (Allow) D:\IQIYI Video\LStyle\QyPlayer.exe
FirewallRules: [{AA74ACB3-14AA-4C87-B4CF-9D338A8452A5}] => (Allow) C:\Users\John\AppData\Roaming\IQIYI Video\LStyle\GpUpdate.exe
FirewallRules: [{BECFA074-41DC-4804-A9B5-0123D6C3FFEB}] => (Allow) D:\IQIYI Video\GeePlayer\GeePlayer.exe
FirewallRules: [{559D8F79-E19A-4551-995A-2AB13B7CB785}] => (Allow) C:\Users\John\AppData\Roaming\IQIYI Video\LStyle\QyUpdate.exe
FirewallRules: [{3ADEE506-69EC-4502-86F8-5E44D2F4CEE9}] => (Allow) D:\IQIYI Video\LStyle\QyClient.exe
FirewallRules: [{4441E2D6-850A-4817-8BC3-D7C22BF4ACA2}] => (Allow) D:\IQIYI Video\LStyle\QyWebPlayer.exe
FirewallRules: [{8238BC37-2487-43B1-96AC-D157A9A5CF47}] => (Allow) D:\IQIYI Video\Common\HCDNClient.exe
FirewallRules: [{FB4DA647-B1BC-42CB-A3D1-CD9BD965FD04}] => (Allow) D:\IQIYI Video\Common\QyKernel.exe
FirewallRules: [{1FE93857-7709-4280-B731-08A7A01A187E}] => (Allow) D:\IQIYI Video\LStyle\QyPlayer.exe
FirewallRules: [{D1D92B4E-6E4C-4F37-B734-63790BF0C1C3}] => (Allow) C:\Users\John\AppData\Roaming\IQIYI Video\LStyle\GpUpdate.exe
FirewallRules: [{77B51056-B2BB-4506-A9A3-DAA521562C92}] => (Allow) D:\IQIYI Video\GeePlayer\GeePlayer.exe
FirewallRules: [{AAD9D627-057E-4A4B-9741-D1396B845389}] => (Allow) C:\Users\John\AppData\Roaming\IQIYI Video\LStyle\QyUpdate.exe
FirewallRules: [{2B9ABD60-4577-4104-A7E3-E2EBB2D43815}] => (Allow) D:\IQIYI Video\LStyle\QyClient.exe
FirewallRules: [{945288B9-DA7E-405C-9A76-2379ED92873B}] => (Allow) D:\IQIYI Video\LStyle\QyWebPlayer.exe
FirewallRules: [{C98DD76D-A24E-466C-B48F-D386CACBD764}] => (Allow) D:\IQIYI Video\Common\HCDNClient.exe
FirewallRules: [{3332FECE-86F2-4A81-87A9-F02670402796}] => (Allow) D:\IQIYI Video\Common\QyKernel.exe
FirewallRules: [{C1994233-9ED9-41E2-9C92-8C52688B41B3}] => (Allow) D:\IQIYI Video\LStyle\QyPlayer.exe
FirewallRules: [{A1BA0C02-2DA7-4C90-A5D5-00E48CBB1D6F}] => (Allow) C:\Users\John\AppData\Roaming\IQIYI Video\LStyle\GpUpdate.exe
FirewallRules: [{87AC920B-4ABD-426C-BB57-A087B78D188D}] => (Allow) D:\IQIYI Video\GeePlayer\GeePlayer.exe
FirewallRules: [{CF2A045A-0AB5-4973-A8E6-16AE63325077}] => (Allow) C:\Users\John\AppData\Roaming\IQIYI Video\LStyle\QyUpdate.exe
FirewallRules: [{29FF5434-8F06-46B5-B257-4D0CEF51DEBD}] => (Allow) D:\IQIYI Video\LStyle\QyClient.exe
FirewallRules: [{E7623A0D-7032-44E4-A635-2CC569CAA811}] => (Allow) D:\IQIYI Video\LStyle\QyWebPlayer.exe
FirewallRules: [{96082AB6-D534-4DE0-B116-B288756F7AE8}] => (Allow) D:\IQIYI Video\Common\QyKernel.exe
FirewallRules: [{24D7F765-FB7E-49C6-BB79-5DF0DD8958E9}] => (Allow) D:\IQIYI Video\LStyle\QyPlayer.exe
FirewallRules: [{DA32121D-C82A-441B-9EB4-36534304ED84}] => (Allow) C:\Users\John\AppData\Roaming\IQIYI Video\LStyle\QyUpdate.exe
FirewallRules: [{4254E157-1AAE-4C94-8ACB-5046AB1B111D}] => (Allow) D:\IQIYI Video\LStyle\QyClient.exe
FirewallRules: [{618DD568-8D91-4ABF-A1D2-C3996A9AD691}] => (Allow) D:\IQIYI Video\LStyle\QyKernel.exe
FirewallRules: [{E185A419-1D56-4240-9EBB-F482616DA29C}] => (Allow) D:\IQIYI Video\LStyle\QyMiniPlayer.exe
FirewallRules: [{BE8F4DDE-5BC9-4609-A002-A4795ABCE61E}] => (Allow) D:\IQIYI Video\LStyle\QyPlayer.exe
FirewallRules: [{A0D0C524-4806-4B6E-8FD3-3FE1AAA3160A}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (09/11/2015 04:16:35 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Information only.
Error: Initialization failed 0x80080005 Type: 88::UnexpectedError.
Error: (09/11/2015 04:04:53 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (09/11/2015 04:04:37 PM) (Source: Schedule) (EventID: 0) (User: )
Description: Schedule error: 10106Initialize call failed, bailing out
Error: (09/11/2015 03:42:46 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (09/11/2015 03:41:37 AM) (Source: Schedule) (EventID: 0) (User: )
Description: Schedule error: 10106Initialize call failed, bailing out
Error: (09/11/2015 02:59:14 AM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Information only.
Error: Initialization failed 0x80080005 Type: 88::UnexpectedError.
Error: (09/11/2015 02:47:26 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (09/11/2015 02:47:04 AM) (Source: Schedule) (EventID: 0) (User: )
Description: Schedule error: 10106Initialize call failed, bailing out
Error: (09/10/2015 10:25:54 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Information only.
Error: Initialization failed 0x80080005 Type: 88::UnexpectedError.
Error: (09/10/2015 10:14:06 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
System errors:
=============
Error: (09/11/2015 04:21:02 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The IPsec Policy Agent service terminated with the following error:
%%10106
Error: (09/11/2015 04:21:01 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The IPsec Policy Agent service terminated with the following error:
%%10106
Error: (09/11/2015 04:20:45 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The IPsec Policy Agent service terminated with the following error:
%%10106
Error: (09/11/2015 04:20:45 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The IPsec Policy Agent service terminated with the following error:
%%10106
Error: (09/11/2015 04:20:32 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The IPsec Policy Agent service terminated with the following error:
%%10106
Error: (09/11/2015 04:20:30 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The IPsec Policy Agent service terminated with the following error:
%%10106
Error: (09/11/2015 04:20:16 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The IPsec Policy Agent service terminated with the following error:
%%10106
Error: (09/11/2015 04:20:15 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The IPsec Policy Agent service terminated with the following error:
%%10106
Error: (09/11/2015 04:20:02 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The IPsec Policy Agent service terminated with the following error:
%%10106
Error: (09/11/2015 04:20:00 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The IPsec Policy Agent service terminated with the following error:
%%10106
Microsoft Office:
=========================
==================== Memory info ===========================
Processor: Intel® Core i5-2450M CPU @ 2.50GHz
Percentage of memory in use: 32%
Total physical RAM: 8096.58 MB
Available physical RAM: 5457.58 MB
Total Virtual: 16191.34 MB
Available Virtual: 13395.45 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:420.33 GB) (Free:362.76 GB) NTFS
Drive d: (LENOVO) (Fixed) (Total:30.48 GB) (Free:27.46 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: F3F6059F)
Partition 1: (Active) - (Size=200 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=420.3 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=30.5 GB) - (Type=OF Extended)
Partition 4: (Not Active) - (Size=14.8 GB) - (Type=12)
==================== End of Addition.txt ============================