Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

My browser hyperlinks are being hijacked


  • Please log in to reply

#1
one8421

one8421

    New Member

  • Member
  • Pip
  • 2 posts

I use Chrome for surfing. When I am surfing some of my favorite websites, upon clicking on the hyperlinks, a new tab opens with content totally unrelated to the hyperlink I clicked and the webpage shown up is random in nature.

 

I have tried AVG to scan it but it couldn't fix anything. Please help me to fix this annoying problem.

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:17-02-2016
Ran by Tommy (administrator) on TOMMY-CYHL (19-02-2016 11:08:17)
Running from C:\Users\Tommy\Desktop
Loaded Profiles: Tommy (Available Profiles: Sales & Mice & Tommy)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: 中文 (繁體,香港特別行政區)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Lenovo.) C:\Windows\System32\ibmpmsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe
(Intel® Corporation) C:\Program Files\Intel\CAM\bin\CAMService.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Lenovo) C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBService.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Phone Tools\CoreCon\11.0\bin\IpOverUsbSvc.exe
() C:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTAgent.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\CamMute.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\lvvsst.exe
(Lenovo Group Limited) C:\Program Files (x86)\Lenovo\QuickControl\QuickControlMasterSvc.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\micmute.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tphkload.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Lenovo Group Limited) C:\Program Files (x86)\Lenovo\QuickControl\QuickControlService.exe
(Lenovo Group Limited) C:\Program Files (x86)\Lenovo\QuickControl\QuickControl.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\virtscrl.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\shtctky.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tpnumlkd.exe
(Lenovo Group Limited) C:\Program Files (x86)\Lenovo\QuickControl\QuickControlInput.exe
(Lenovo Group Limited) C:\Program Files (x86)\Lenovo\QuickControl\QuickControlInput.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\AcDeskBandHlpr.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor Corp.) C:\Windows\RtsCM64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\SvcGuiHlpr.exe
(Lenovo.) C:\Windows\System32\TpShocks.exe
(Sysinternals - www.sysinternals.com) C:\HoFai\User\Downloads\ProcessExplorer\PROCEXP64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\BrYNSvc.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
(Lenovo Group Limited) C:\Program Files (x86)\ThinkPad\Utilities\SCHTASK.EXE
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\btplayerctrl.exe
(Lenovo) C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Message Center Plus\MCPLaunch.exe
(Lenovo) C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RtsCM] => C:\Windows\RTSCM64.EXE [140872 2013-03-21] (Realtek Semiconductor Corp.)
HKLM\...\Run: [BLEServicesCtrl] => C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe [184112 2012-09-17] (Intel Corporation)
HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll",TrayApp
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1337000 2015-04-30] (Microsoft Corporation)
HKLM\...\Run: [AcWin7Hlpr] => C:\Program Files (x86)\Lenovo\Access Connections\AcTBenabler.exe [63728 2015-06-08] (Lenovo)
HKLM\...\Run: [LENOVO.TPKNRRES] => C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe [295664 2014-12-08] (Lenovo Group Limited)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2822896 2014-11-11] (Synaptics Incorporated)
HKLM\...\Run: [TpShocks] => C:\Windows\system32\TpShocks.exe [555760 2015-01-07] (Lenovo.)
HKLM-x32\...\Run: [IMSS] => C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe [134616 2013-05-16] (Intel Corporation)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292848 2013-10-21] (Intel Corporation)
HKLM-x32\...\Run: [ControlCenter4] => C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe [139776 2014-06-16] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [BrStsMon00] => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [4513792 2014-05-22] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [PWMTRV] => rundll32 "C:\Program Files (x86)\ThinkPad\Utilities\PWMTR64V.DLL",PwrMgrBkGndMonitor
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [594992 2016-01-29] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-2358282901-2216686757-310477945-1002\...\Run: [ctfmon] => C:\Windows\system32\ctfmon.exe [9728 2009-07-14] (Microsoft Corporation)
HKU\S-1-5-21-2358282901-2216686757-310477945-1002\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8619224 2016-01-16] (Piriform Ltd)
HKU\S-1-5-21-2358282901-2216686757-310477945-1002\...\MountPoints2: {5a50a3c8-ee77-11e3-8d62-806e6f6e6963} - Q:\LenovoQDrive.exe
IFEO\taskmgr.exe: [Debugger] ""
HKLM\...\AppCertDlls: [x64] -> c:\program files (x86)\settings manager\smdmf\x64\sysapcrt.dll [669200 2014-12-15] ()
HKLM\...\AppCertDlls: [x86] -> c:\program files (x86)\settings manager\smdmf\sysapcrt.dll
ShellIconOverlayIdentifiers: [SugarSyncBackedUp] -> {0C4A258A-3F3B-4FFF-80A7-9B3BEC139472} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll No File
ShellIconOverlayIdentifiers: [SugarSyncPending] -> {62CCD8E3-9C21-41E1-B55E-1E26DFC68511} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll No File
ShellIconOverlayIdentifiers: [SugarSyncRoot] -> {A759AFF6-5851-457D-A540-F4ECED148351} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll No File
ShellIconOverlayIdentifiers: [SugarSyncShared] -> {1574C9EF-7D58-488F-B358-8B78C1538F51} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll No File
Startup: C:\Users\Tommy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PROCEXP64.lnk [2014-07-01]
ShortcutTarget: PROCEXP64.lnk -> C:\HoFai\User\Downloads\ProcessExplorer\PROCEXP64.exe (Sysinternals - www.sysinternals.com)
Startup: C:\Users\Tommy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\傳送至 OneNote.lnk [2015-12-07]
ShortcutTarget: 傳送至 OneNote.lnk -> C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTEM.EXE (Microsoft Corporation)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
ProxyEnable: [.DEFAULT] => Proxy is enabled.
ProxyServer: [.DEFAULT] => http=127.0.0.1:51933;https=127.0.0.1:51933
AutoConfigURL: [S-1-5-21-2358282901-2216686757-310477945-1002] => hxxp://unblockservice.com/wpad.dat?6fd99ebf331b46d89650e010543836265513547
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{719C6539-E8A8-48C3-8133-3AB3AF45091F}: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{D1F75303-6BB9-4D6E-8463-34DFF4183558}: [DhcpNameServer] 192.168.1.1
 
Internet Explorer:
==================
HKU\S-1-5-21-2358282901-2216686757-310477945-1002\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://hk.yahoo.com/?fr=yset_ie_syc_oracle&type=orcl_hpset
HKU\S-1-5-21-2358282901-2216686757-310477945-1002\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://home.lenovo.com
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2476} URL = hxxp://www.default-search.net/search?sid=476&aid=208&itype=a&ver=15005&tm=471&src=ds&p={searchTerms}
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2476} URL = hxxp://www.default-search.net/search?sid=476&aid=208&itype=a&ver=15005&tm=471&src=ds&p={searchTerms}
SearchScopes: HKU\S-1-5-21-2358282901-2216686757-310477945-1002 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-2358282901-2216686757-310477945-1002 -> {453C2588-C72C-4F17-B319-A519AE9CD83C} URL = 
SearchScopes: HKU\S-1-5-21-2358282901-2216686757-310477945-1002 -> {80c554b9-c7f8-4a21-9471-06d606da78a2} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
SearchScopes: HKU\S-1-5-21-2358282901-2216686757-310477945-1002 -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2476} URL = 
SearchScopes: HKU\S-1-5-21-2358282901-2216686757-310477945-1002 -> {9BF6BA7C-CE25-4AC6-B1CF-56023CF1EDD8} URL = hxxps://hk.search.yahoo.com/search?p={searchTerms}&fr=yset_ie_syc_oracle&type=orcl_default
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2016-01-19] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\URLREDIR.DLL [2016-01-18] (Microsoft Corporation)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2016-01-18] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_73\bin\ssv.dll [2016-02-15] (Oracle Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\root\Office16\URLREDIR.DLL [2016-01-18] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_73\bin\jp2ssv.dll [2016-02-15] (Oracle Corporation)
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-01-18] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-01-18] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-01-18] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-01-18] (Microsoft Corporation)
 
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_20_0_0_306.dll [2016-02-15] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [No File]
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_306.dll [2016-02-15] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.5.29 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-05-16] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-05-16] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.73.2 -> C:\Program Files (x86)\Java\jre1.8.0_73\bin\dtplugin\npDeployJava1.dll [2016-02-15] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.73.2 -> C:\Program Files (x86)\Java\jre1.8.0_73\bin\plugin2\npjp2.dll [2016-02-15] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2016-01-18] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-12-18] (Adobe Systems Inc.)
 
Chrome: 
=======
CHR DefaultSearchURL: Default -> hxxps://hk.search.yahoo.com/search?p={searchTerms}&fr=yset_chr_syc_oracle&type=orcl_default
CHR DefaultSearchKeyword: Default -> Yahoo
CHR DefaultSuggestURL: Default -> hxxps://hk.search.yahoo.com/sugg/ie?output=fxjson&command={searchTerms}&nResults=10
CHR Plugin: (Widevine Content Decryption Module) - C:\Users\Tommy\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.8.824\_platform_specific\win_x86\widevinecdmadapter.dll => No File
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\48.0.2564.109\PepperFlash\pepflashplayer.dll ()
CHR Profile: C:\Users\Tommy\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google 文件) - C:\Users\Tommy\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-05]
CHR Extension: (Google 雲端硬碟) - C:\Users\Tommy\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-23]
CHR Extension: (YouTube) - C:\Users\Tommy\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-25]
CHR Extension: (Google Search) - C:\Users\Tommy\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-28]
CHR Extension: (Google 文件離線版) - C:\Users\Tommy\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-11-19]
CHR Extension: (Chrome 線上應用程式商店付款系統) - C:\Users\Tommy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-27]
CHR Extension: (Gmail) - C:\Users\Tommy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-28]
CHR HKLM-x32\...\Chrome\Extension: [eedgghdcpmmmilkmfpnklknlenbiolec] - hxxps://clients2.google.com/service/update2/crx
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [282112 2013-09-25] (Brother Industries, Ltd.) [File not signed]
R2 CAMService; C:\Program Files\Intel\CAM\bin\CAMService.exe [1243344 2014-06-18] (Intel® Corporation)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [2772720 2016-01-17] (Microsoft Corporation)
R2 FastbootService; C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBService.exe [140016 2013-08-15] (Lenovo)
S3 fussvc; C:\Program Files (x86)\Windows Kits\8.1\App Certification Kit\fussvc.exe [142336 2014-02-20] (Microsoft Corporation) [File not signed]
R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [731648 2013-02-14] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [820184 2013-02-14] (Intel® Corporation)
S3 intelsba; C:\Program Files\Intel\Intel® Small Business Advantage\Service\Intel.SmallBusinessAdvantage.WindowsService.exe [48832 2013-04-11] (Intel Corporation)
R2 IpOverUsbSvc; C:\Program Files (x86)\Common Files\Microsoft Shared\Phone Tools\CoreCon\11.0\bin\IpOverUsbSvc.exe [22744 2014-10-15] (Microsoft Corporation)
R2 ISCTAgent; C:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTAgent.exe [182760 2013-04-16] ()
S3 iumsvc; C:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe [178312 2015-09-25] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-05-16] (Intel Corporation)
R2 LENOVO.TVTVCAM; C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe [197360 2014-12-08] (Lenovo Group Limited)
R2 Lenovo.VIRTSCRLSVC; C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe [115184 2014-07-08] (Lenovo Group Limited)
S3 LSCWinService; C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCWinService.exe [272864 2015-12-10] (Lenovo)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23816 2015-04-30] (Microsoft Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [265936 2014-06-18] ()
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [366544 2015-04-30] (Microsoft Corporation)
R2 QuickControlMasterSvc; C:\Program Files (x86)\Lenovo\QuickControl\QuickControlMasterSvc.exe [59384 2013-07-17] (Lenovo Group Limited)
R3 QuickControlService; C:\Program Files (x86)\Lenovo\QuickControl\QuickControlService.exe [138744 2013-07-17] (Lenovo Group Limited)
S3 Te.Service; C:\Program Files (x86)\Windows Kits\8.1\Testing\Runtimes\TAEF\Wex.Services.exe [119808 2013-08-22] (Microsoft Corporation) [File not signed]
S3 VsEtwService120; C:\Program Files\Microsoft Visual Studio 12.0\Common7\Packages\Debugger\Services\VsEtwService.exe [89232 2014-07-22] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2014-06-08] (Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3816656 2014-06-18] (Intel® Corporation)
S4 avgsvc; "C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe" [X]
S4 SmdmFService2; C:\Program Files (x86)\Settings Manager\smdmf\SmdmFService.exe [X]
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 btmaux; C:\Windows\System32\DRIVERS\btmaux.sys [132920 2013-04-24] (Motorola Solutions, Inc.)
S3 btmhsf; C:\Windows\System32\DRIVERS\btmhsf.sys [1385272 2013-08-09] (Motorola Solutions, Inc.)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-11] (Broadcom Corporation)
S3 Fastboot; C:\Windows\System32\DRIVERS\fastboot.sys [54000 2013-08-15] (Windows ® Win 7 DDK provider)
R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28008 2013-08-02] (Intel Corporation)
S3 ibtusb; C:\Windows\System32\DRIVERS\ibtusb.sys [113096 2013-08-20] (Intel Corporation)
R3 ikbevent; C:\Windows\System32\DRIVERS\ikbevent.sys [21048 2013-04-16] ()
R3 imsevent; C:\Windows\System32\DRIVERS\imsevent.sys [21048 2013-04-16] ()
R3 ISCT; C:\Windows\System32\DRIVERS\ISCTD64.sys [46568 2013-04-16] ()
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [280376 2015-03-04] (Microsoft Corporation)
R3 NETwNs64; C:\Windows\System32\DRIVERS\NETwsw02.sys [3437848 2015-03-13] (Intel Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124568 2015-03-04] (Microsoft Corporation)
R3 RTSPER; C:\Windows\System32\DRIVERS\RtsPer.sys [418008 2013-06-24] (Realsil Semiconductor Corporation)
R3 rtsuvc; C:\Windows\System32\DRIVERS\rtsuvc.sys [8243272 2013-03-21] (Realtek Semiconductor Corp.)
R3 SmbDrvI; C:\Windows\System32\DRIVERS\Smb_driver_Intel.sys [33008 2014-11-11] (Synaptics Incorporated)
R3 tvtvcamd; C:\Windows\System32\DRIVERS\tvtvcamd.sys [27432 2011-12-09] (ThinkVantage Communications Utility)
R3 WPRO_41_2001; C:\Windows\System32\drivers\WPRO_41_2001.sys [34752 2016-02-19] ()
S1 F06DEFF2-5B9C-490D-910F-35D3A91196222; \??\C:\Program Files (x86)\Settings Manager\smdmf\x64\smdmfmgrc3.cfg [X]
S3 intaud_WaveExtensible; system32\drivers\intelaud.sys [X]
S3 iwdbus; system32\DRIVERS\iwdbus.sys [X]
S3 usb3Hub; system32\DRIVERS\usb3Hub.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-02-19 11:08 - 2016-02-19 11:09 - 00024483 _____ C:\Users\Tommy\Desktop\FRST.txt
2016-02-19 11:08 - 2016-02-19 11:08 - 00000000 ____D C:\FRST
2016-02-19 11:05 - 2016-02-19 11:06 - 02371072 _____ (Farbar) C:\Users\Tommy\Desktop\FRST64.exe
2016-02-19 10:58 - 2016-02-19 10:58 - 20945480 _____ C:\Users\Tommy\Downloads\RogueKiller.exe
2016-02-19 10:39 - 2016-02-19 10:39 - 00094656 _____ (CACE Technologies) C:\Windows\system32\WPRO_41_2001woem.tmp
2016-02-19 10:35 - 2016-02-19 10:35 - 01897072 _____ (Kaspersky Lab) C:\Users\Tommy\Downloads\kav16.0.0.614en_8368 (2).exe
2016-02-19 10:35 - 2016-02-19 10:35 - 01897072 _____ (Kaspersky Lab) C:\Users\Tommy\Downloads\kav16.0.0.614en_8368 (1).exe
2016-02-19 10:33 - 2016-02-19 10:33 - 01897072 _____ (Kaspersky Lab) C:\Users\Tommy\Downloads\kav16.0.0.614en_8368.exe
2016-02-18 16:01 - 2016-02-18 16:01 - 02670216 _____ C:\Users\Tommy\Downloads\install.exe
2016-02-18 08:55 - 2016-02-18 09:03 - 00292360 _____ C:\Windows\ntbtlog.txt
2016-02-17 12:09 - 2016-02-17 12:09 - 00002464 _____ C:\Windows\System32\Tasks\0116pizUpdateInfo
2016-02-17 12:08 - 2016-02-17 12:10 - 00000346 _____ C:\Windows\Tasks\0116pizUpdateInfo.job
2016-02-17 12:08 - 2016-02-17 12:08 - 00000000 ____D C:\ProgramData\Avg_Update_0116piz
2016-02-17 12:07 - 2016-02-17 12:07 - 00000000 ____D C:\Users\Tommy\AppData\Roaming\AVG
2016-02-17 12:06 - 2016-02-19 10:32 - 00000000 ___HD C:\$AVG
2016-02-17 12:02 - 2016-02-19 10:43 - 00000000 ____D C:\Users\Tommy\AppData\Local\AvgSetupLog
2016-02-17 12:02 - 2016-02-19 10:38 - 00000000 ____D C:\Users\Tommy\AppData\Local\Avg
2016-02-17 12:02 - 2016-02-17 12:02 - 02946424 _____ (AVG Technologies CZ, s.r.o.) C:\Users\Tommy\Downloads\AVG_Protection_Free_698.exe
2016-02-16 16:16 - 2016-02-16 16:16 - 00000000 ____D C:\Users\Tommy\AppData\Local\CEF
2016-02-15 15:43 - 2016-02-16 16:13 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2016-02-15 15:43 - 2016-02-15 15:43 - 00002058 _____ C:\Users\Public\Desktop\Acrobat Reader DC.lnk
2016-02-15 12:54 - 2016-02-15 12:55 - 06828320 _____ (Piriform Ltd) C:\Users\Tommy\Downloads\ccsetup514.exe
2016-02-15 12:14 - 2015-12-17 02:55 - 00069120 _____ (Microsoft Corporation) C:\Windows\system32\nlsbres.dll
2016-02-15 12:14 - 2015-12-17 02:53 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\kbdgeoqw.dll
2016-02-15 12:14 - 2015-12-17 02:53 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDAZEL.DLL
2016-02-15 12:14 - 2015-12-17 02:53 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDAZE.DLL
2016-02-15 12:14 - 2015-12-17 02:48 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDAZE.DLL
2016-02-15 12:14 - 2015-12-17 02:48 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kbdgeoqw.dll
2016-02-15 12:14 - 2015-12-17 02:48 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDAZEL.DLL
2016-02-15 12:14 - 2015-12-17 02:47 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlsbres.dll
2016-02-15 09:05 - 2016-01-08 01:53 - 03211776 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2016-02-15 09:04 - 2016-02-06 18:48 - 25839104 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2016-02-15 09:04 - 2016-02-06 18:32 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2016-02-15 09:04 - 2016-02-06 18:24 - 02887680 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2016-02-15 09:04 - 2016-02-06 18:11 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2016-02-15 09:04 - 2016-02-06 18:10 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2016-02-15 09:04 - 2016-02-06 18:01 - 20366848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2016-02-15 09:04 - 2016-02-06 17:54 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2016-02-15 09:04 - 2016-02-06 17:43 - 02280448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2016-02-15 09:04 - 2016-02-06 17:38 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2016-02-15 09:04 - 2016-02-06 17:37 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2016-02-15 09:04 - 2016-02-06 17:32 - 14458368 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2016-02-15 09:04 - 2016-02-06 17:16 - 12857856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2016-02-15 09:04 - 2016-02-06 17:09 - 01547264 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2016-02-15 09:04 - 2016-02-06 16:54 - 01312256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2016-02-15 09:04 - 2016-01-23 04:31 - 00387784 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2016-02-15 09:04 - 2016-01-23 04:10 - 00341200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2016-02-15 09:04 - 2016-01-22 14:56 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2016-02-15 09:04 - 2016-01-22 14:41 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2016-02-15 09:04 - 2016-01-22 14:40 - 00571904 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2016-02-15 09:04 - 2016-01-22 14:40 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2016-02-15 09:04 - 2016-01-22 14:40 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2016-02-15 09:04 - 2016-01-22 14:40 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2016-02-15 09:04 - 2016-01-22 14:33 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2016-02-15 09:04 - 2016-01-22 14:32 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2016-02-15 09:04 - 2016-01-22 14:29 - 06052352 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2016-02-15 09:04 - 2016-01-22 14:27 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2016-02-15 09:04 - 2016-01-22 14:27 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2016-02-15 09:04 - 2016-01-22 14:27 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2016-02-15 09:04 - 2016-01-22 14:20 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2016-02-15 09:04 - 2016-01-22 14:17 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2016-02-15 09:04 - 2016-01-22 14:09 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2016-02-15 09:04 - 2016-01-22 14:08 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2016-02-15 09:04 - 2016-01-22 14:05 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2016-02-15 09:04 - 2016-01-22 14:04 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2016-02-15 09:04 - 2016-01-22 14:02 - 00496640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2016-02-15 09:04 - 2016-01-22 14:02 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2016-02-15 09:04 - 2016-01-22 14:02 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2016-02-15 09:04 - 2016-01-22 14:01 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2016-02-15 09:04 - 2016-01-22 14:01 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2016-02-15 09:04 - 2016-01-22 14:00 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2016-02-15 09:04 - 2016-01-22 14:00 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2016-02-15 09:04 - 2016-01-22 13:55 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2016-02-15 09:04 - 2016-01-22 13:55 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2016-02-15 09:04 - 2016-01-22 13:51 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2016-02-15 09:04 - 2016-01-22 13:51 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2016-02-15 09:04 - 2016-01-22 13:50 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2016-02-15 09:04 - 2016-01-22 13:48 - 00718336 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2016-02-15 09:04 - 2016-01-22 13:47 - 00798208 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2016-02-15 09:04 - 2016-01-22 13:46 - 02123264 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2016-02-15 09:04 - 2016-01-22 13:46 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2016-02-15 09:04 - 2016-01-22 13:43 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2016-02-15 09:04 - 2016-01-22 13:39 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2016-02-15 09:04 - 2016-01-22 13:38 - 00091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2016-02-15 09:04 - 2016-01-22 13:37 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2016-02-15 09:04 - 2016-01-22 13:35 - 04611072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2016-02-15 09:04 - 2016-01-22 13:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2016-02-15 09:04 - 2016-01-22 13:34 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2016-02-15 09:04 - 2016-01-22 13:33 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2016-02-15 09:04 - 2016-01-22 13:31 - 02597376 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2016-02-15 09:04 - 2016-01-22 13:27 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2016-02-15 09:04 - 2016-01-22 13:25 - 00687104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2016-02-15 09:04 - 2016-01-22 13:24 - 02050560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2016-02-15 09:04 - 2016-01-22 13:24 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2016-02-15 09:04 - 2016-01-22 13:08 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2016-02-15 09:04 - 2016-01-22 13:07 - 02120704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2016-02-15 09:04 - 2016-01-22 13:02 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2016-02-15 09:04 - 2016-01-17 03:06 - 00025024 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2016-02-15 09:04 - 2016-01-17 03:01 - 02085888 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
2016-02-15 09:04 - 2016-01-17 02:54 - 01162240 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2016-02-15 09:04 - 2016-01-12 03:05 - 03169792 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2016-02-15 09:04 - 2016-01-12 03:05 - 00192512 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2016-02-15 09:04 - 2016-01-12 03:05 - 00098816 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2016-02-15 09:04 - 2016-01-12 02:52 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2016-02-15 09:04 - 2016-01-12 02:47 - 00174080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2016-02-15 09:04 - 2016-01-12 02:26 - 02610176 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2016-02-15 09:04 - 2016-01-12 02:24 - 00709120 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2016-02-15 09:04 - 2016-01-12 02:23 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2016-02-15 09:04 - 2016-01-12 02:23 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2016-02-15 09:04 - 2016-01-12 02:23 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2016-02-15 09:04 - 2016-01-12 02:23 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2016-02-15 09:04 - 2016-01-12 02:23 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2016-02-15 09:04 - 2016-01-12 02:14 - 00573440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2016-02-15 09:04 - 2016-01-12 02:14 - 00093696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2016-02-15 09:04 - 2016-01-12 02:14 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2016-02-15 09:04 - 2016-01-12 02:14 - 00030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2016-02-15 09:04 - 2016-01-11 22:08 - 01362944 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2016-02-15 09:04 - 2016-01-11 22:08 - 00696320 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2016-02-15 09:04 - 2016-01-11 22:08 - 00677376 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2016-02-15 09:04 - 2016-01-11 22:08 - 00499200 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2016-02-15 09:04 - 2016-01-11 22:08 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2016-02-15 09:04 - 2016-01-08 01:42 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2016-02-15 09:04 - 2016-01-07 03:02 - 00275456 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll
2016-02-15 09:04 - 2016-01-07 03:02 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\jnwmon.dll
2016-02-15 09:04 - 2016-01-07 02:41 - 00216064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InkEd.dll
2016-02-15 09:04 - 2015-12-21 02:50 - 03180544 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2016-02-15 09:04 - 2015-12-21 02:50 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll
2016-02-15 09:04 - 2015-12-20 22:08 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
2016-02-15 09:03 - 2016-01-22 14:32 - 05552576 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2016-02-15 09:03 - 2016-01-22 14:32 - 00706496 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2016-02-15 09:03 - 2016-01-22 14:32 - 00154560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2016-02-15 09:03 - 2016-01-22 14:32 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2016-02-15 09:03 - 2016-01-22 14:30 - 01733080 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2016-02-15 09:03 - 2016-01-22 14:30 - 00631384 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2016-02-15 09:03 - 2016-01-22 14:28 - 01464832 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2016-02-15 09:03 - 2016-01-22 14:28 - 01213952 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2016-02-15 09:03 - 2016-01-22 14:28 - 01164288 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2016-02-15 09:03 - 2016-01-22 14:28 - 00881152 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2016-02-15 09:03 - 2016-01-22 14:28 - 00731136 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2016-02-15 09:03 - 2016-01-22 14:28 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2016-02-15 09:03 - 2016-01-22 14:28 - 00463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2016-02-15 09:03 - 2016-01-22 14:28 - 00419840 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2016-02-15 09:03 - 2016-01-22 14:28 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2016-02-15 09:03 - 2016-01-22 14:28 - 00344064 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2016-02-15 09:03 - 2016-01-22 14:28 - 00316416 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2016-02-15 09:03 - 2016-01-22 14:28 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2016-02-15 09:03 - 2016-01-22 14:28 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2016-02-15 09:03 - 2016-01-22 14:28 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2016-02-15 09:03 - 2016-01-22 14:28 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2016-02-15 09:03 - 2016-01-22 14:28 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2016-02-15 09:03 - 2016-01-22 14:28 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2016-02-15 09:03 - 2016-01-22 14:28 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2016-02-15 09:03 - 2016-01-22 14:28 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2016-02-15 09:03 - 2016-01-22 14:28 - 00059904 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2016-02-15 09:03 - 2016-01-22 14:28 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2016-02-15 09:03 - 2016-01-22 14:28 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2016-02-15 09:03 - 2016-01-22 14:28 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2016-02-15 09:03 - 2016-01-22 14:28 - 00034816 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2016-02-15 09:03 - 2016-01-22 14:28 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2016-02-15 09:03 - 2016-01-22 14:28 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2016-02-15 09:03 - 2016-01-22 14:28 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2016-02-15 09:03 - 2016-01-22 14:28 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2016-02-15 09:03 - 2016-01-22 14:28 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2016-02-15 09:03 - 2016-01-22 14:27 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2016-02-15 09:03 - 2016-01-22 14:27 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2016-02-15 09:03 - 2016-01-22 14:27 - 00148480 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2016-02-15 09:03 - 2016-01-22 14:27 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2016-02-15 09:03 - 2016-01-22 14:27 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2016-02-15 09:03 - 2016-01-22 14:27 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2016-02-15 09:03 - 2016-01-22 14:27 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2016-02-15 09:03 - 2016-01-22 14:23 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2016-02-15 09:03 - 2016-01-22 14:22 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2016-02-15 09:03 - 2016-01-22 14:18 - 00961024 _____ (Microsoft Corporation) C:\Windows\system32\CPFilters.dll
2016-02-15 09:03 - 2016-01-22 14:18 - 00723968 _____ (Microsoft Corporation) C:\Windows\system32\EncDec.dll
2016-02-15 09:03 - 2016-01-22 14:17 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2016-02-15 09:03 - 2016-01-22 14:17 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\mtxoci.dll
2016-02-15 09:03 - 2016-01-22 14:17 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2016-02-15 09:03 - 2016-01-22 14:17 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2016-02-15 09:03 - 2016-01-22 14:17 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2016-02-15 09:03 - 2016-01-22 14:17 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2016-02-15 09:03 - 2016-01-22 14:17 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2016-02-15 09:03 - 2016-01-22 14:17 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2016-02-15 09:03 - 2016-01-22 14:17 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2016-02-15 09:03 - 2016-01-22 14:17 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2016-02-15 09:03 - 2016-01-22 14:17 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2016-02-15 09:03 - 2016-01-22 14:17 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-02-15 09:03 - 2016-01-22 14:17 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2016-02-15 09:03 - 2016-01-22 14:17 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2016-02-15 09:03 - 2016-01-22 14:17 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2016-02-15 09:03 - 2016-01-22 14:17 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2016-02-15 09:03 - 2016-01-22 14:17 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2016-02-15 09:03 - 2016-01-22 14:17 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2016-02-15 09:03 - 2016-01-22 14:17 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2016-02-15 09:03 - 2016-01-22 14:17 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2016-02-15 09:03 - 2016-01-22 14:17 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2016-02-15 09:03 - 2016-01-22 14:17 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2016-02-15 09:03 - 2016-01-22 14:17 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2016-02-15 09:03 - 2016-01-22 14:17 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2016-02-15 09:03 - 2016-01-22 14:17 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2016-02-15 09:03 - 2016-01-22 14:17 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2016-02-15 09:03 - 2016-01-22 14:17 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2016-02-15 09:03 - 2016-01-22 14:17 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2016-02-15 09:03 - 2016-01-22 14:17 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2016-02-15 09:03 - 2016-01-22 14:17 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2016-02-15 09:03 - 2016-01-22 14:17 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2016-02-15 09:03 - 2016-01-22 14:12 - 03998656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2016-02-15 09:03 - 2016-01-22 14:12 - 03943360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2016-02-15 09:03 - 2016-01-22 14:09 - 01314328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2016-02-15 09:03 - 2016-01-22 14:08 - 00260608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2016-02-15 09:03 - 2016-01-22 14:08 - 00251392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2016-02-15 09:03 - 2016-01-22 14:08 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2016-02-15 09:03 - 2016-01-22 14:08 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2016-02-15 09:03 - 2016-01-22 14:08 - 00141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
2016-02-15 09:03 - 2016-01-22 14:08 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2016-02-15 09:03 - 2016-01-22 14:08 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2016-02-15 09:03 - 2016-01-22 14:08 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2016-02-15 09:03 - 2016-01-22 14:08 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2016-02-15 09:03 - 2016-01-22 14:07 - 00644608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2016-02-15 09:03 - 2016-01-22 14:07 - 00553984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2016-02-15 09:03 - 2016-01-22 14:07 - 00342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2016-02-15 09:03 - 2016-01-22 14:07 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2016-02-15 09:03 - 2016-01-22 14:07 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2016-02-15 09:03 - 2016-01-22 14:07 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2016-02-15 09:03 - 2016-01-22 14:07 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2016-02-15 09:03 - 2016-01-22 14:06 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2016-02-15 09:03 - 2016-01-22 14:06 - 00666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2016-02-15 09:03 - 2016-01-22 14:06 - 00275456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2016-02-15 09:03 - 2016-01-22 14:06 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2016-02-15 09:03 - 2016-01-22 14:06 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2016-02-15 09:03 - 2016-01-22 14:06 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2016-02-15 09:03 - 2016-01-22 14:04 - 00642048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\CPFilters.dll
2016-02-15 09:03 - 2016-01-22 14:04 - 00535040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\EncDec.dll
2016-02-15 09:03 - 2016-01-22 14:03 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2016-02-15 09:03 - 2016-01-22 14:02 - 00176128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msorcl32.dll
2016-02-15 09:03 - 2016-01-22 14:02 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2016-02-15 09:03 - 2016-01-22 14:02 - 00114176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mtxoci.dll
2016-02-15 09:03 - 2016-01-22 13:58 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2016-02-15 09:03 - 2016-01-22 13:58 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2016-02-15 09:03 - 2016-01-22 13:58 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2016-02-15 09:03 - 2016-01-22 13:58 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2016-02-15 09:03 - 2016-01-22 13:58 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2016-02-15 09:03 - 2016-01-22 13:58 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2016-02-15 09:03 - 2016-01-22 13:58 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2016-02-15 09:03 - 2016-01-22 13:58 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2016-02-15 09:03 - 2016-01-22 13:58 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2016-02-15 09:03 - 2016-01-22 13:58 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2016-02-15 09:03 - 2016-01-22 13:58 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2016-02-15 09:03 - 2016-01-22 13:58 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2016-02-15 09:03 - 2016-01-22 13:58 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2016-02-15 09:03 - 2016-01-22 13:58 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2016-02-15 09:03 - 2016-01-22 13:58 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2016-02-15 09:03 - 2016-01-22 13:58 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2016-02-15 09:03 - 2016-01-22 13:58 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-02-15 09:03 - 2016-01-22 13:58 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2016-02-15 09:03 - 2016-01-22 13:58 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2016-02-15 09:03 - 2016-01-22 13:58 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2016-02-15 09:03 - 2016-01-22 13:58 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2016-02-15 09:03 - 2016-01-22 13:58 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2016-02-15 09:03 - 2016-01-22 13:58 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2016-02-15 09:03 - 2016-01-22 13:58 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2016-02-15 09:03 - 2016-01-22 13:58 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2016-02-15 09:03 - 2016-01-22 13:58 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2016-02-15 09:03 - 2016-01-22 13:19 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2016-02-15 09:03 - 2016-01-22 13:03 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2016-02-15 09:03 - 2016-01-22 13:02 - 00291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2016-02-15 09:03 - 2016-01-22 13:02 - 00129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2016-02-15 09:03 - 2016-01-22 12:56 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2016-02-15 09:03 - 2016-01-22 12:56 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2016-02-15 09:03 - 2016-01-22 12:53 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2016-02-15 09:03 - 2016-01-22 12:53 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2016-02-15 09:03 - 2016-01-22 12:53 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2016-02-15 09:03 - 2016-01-22 12:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2016-02-15 09:03 - 2016-01-17 02:36 - 01413632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll
2016-02-15 09:02 - 2016-01-22 14:19 - 14179840 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2016-02-15 09:02 - 2016-01-22 14:15 - 01866752 _____ (Microsoft Corporation) C:\Windows\system32\ExplorerFrame.dll
2016-02-15 09:02 - 2016-01-22 14:12 - 01940992 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2016-02-15 09:02 - 2016-01-22 14:05 - 12877824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2016-02-15 09:02 - 2016-01-22 14:00 - 01498624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ExplorerFrame.dll
2016-02-15 09:02 - 2016-01-22 13:59 - 01805824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2016-02-15 09:02 - 2016-01-22 13:19 - 03231232 _____ (Microsoft Corporation) C:\Windows\explorer.exe
2016-02-15 09:02 - 2016-01-22 13:12 - 02973184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\explorer.exe
2016-02-02 16:46 - 2016-02-02 16:46 - 00000000 ____D C:\Users\Tommy\AppData\Roaming\SimpleFiles
2016-02-02 16:45 - 2016-02-17 13:35 - 00000000 ____D C:\Program Files (x86)\SimpleFiles
2016-01-25 03:45 - 2016-01-25 03:45 - 00170696 _____ (Lenovo.) C:\Windows\system32\ibmpmsvc.exe
2016-01-25 03:45 - 2016-01-25 03:45 - 00081096 _____ (Lenovo.) C:\Windows\system32\ibmpmctl.exe
2016-01-25 03:45 - 2016-01-25 03:45 - 00072808 _____ (Lenovo.) C:\Windows\system32\Drivers\ibmpmdrv.sys
2016-01-25 03:45 - 2016-01-25 03:45 - 00050888 _____ (Lenovo.) C:\Windows\system32\tpinspm.dll
2016-01-21 10:41 - 2016-01-21 10:41 - 00000000 ____D C:\Users\Tommy\AppData\Local\YSearchUtil
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-02-19 11:08 - 2009-07-14 12:45 - 00034432 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-02-19 11:08 - 2009-07-14 12:45 - 00034432 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-02-19 10:43 - 2014-07-03 10:58 - 00000000 ____D C:\ProgramData\AVG
2016-02-19 10:39 - 2014-07-01 12:21 - 00000538 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-02-19 10:39 - 2014-06-08 03:55 - 00034752 _____ C:\Windows\system32\Drivers\WPRO_41_2001.sys
2016-02-19 10:38 - 2014-07-03 10:30 - 00000000 ____D C:\ProgramData\MFAData
2016-02-19 10:38 - 2009-07-14 13:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-02-19 10:24 - 2014-10-10 17:15 - 00000526 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-02-19 10:20 - 2014-07-01 12:21 - 00000542 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-02-18 17:35 - 2014-08-12 11:27 - 00000000 ____D C:\Users\Tommy\AppData\Local\CutePDF Writer
2016-02-18 15:07 - 2009-07-14 11:20 - 00000000 ____D C:\Windows\rescache
2016-02-18 13:11 - 2014-08-19 11:57 - 00000000 ____D C:\Users\Tommy\AppData\LocalLow\SogouPY
2016-02-18 10:08 - 2014-06-08 02:31 - 00392826 _____ C:\Windows\system32\prfh0404.dat
2016-02-18 10:08 - 2014-06-08 02:31 - 00114958 _____ C:\Windows\system32\prfc0404.dat
2016-02-18 10:08 - 2009-07-14 13:13 - 01288506 _____ C:\Windows\system32\PerfStringBackup.INI
2016-02-18 10:08 - 2009-07-14 11:20 - 00000000 ____D C:\Windows\inf
2016-02-18 08:53 - 2016-01-12 09:52 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
2016-02-18 08:53 - 2014-06-21 17:37 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-02-16 16:13 - 2014-12-27 08:39 - 00003886 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2016-02-16 15:29 - 2014-07-01 00:41 - 00000000 ____D C:\Users\Tommy\AppData\Local\Lenovo
2016-02-16 15:29 - 2014-06-08 03:34 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lenovo
2016-02-16 15:29 - 2014-06-08 03:24 - 00000000 ____D C:\Program Files (x86)\Lenovo
2016-02-15 15:49 - 2015-01-16 12:22 - 00000000 ____D C:\ProgramData\Oracle
2016-02-15 15:48 - 2015-01-16 13:51 - 00000000 ____D C:\Program Files (x86)\Java
2016-02-15 15:47 - 2015-11-24 09:29 - 00000000 ____D C:\Users\Tommy\.oracle_jre_usage
2016-02-15 15:47 - 2015-01-16 13:51 - 00097888 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2016-02-15 15:46 - 2014-07-28 14:54 - 00000000 ____D C:\Users\Tommy\AppData\Local\Adobe
2016-02-15 15:46 - 2014-07-01 00:41 - 00000000 ____D C:\Users\Tommy\AppData\Roaming\Adobe
2016-02-15 15:43 - 2014-06-08 03:35 - 00000000 ____D C:\ProgramData\Adobe
2016-02-15 15:43 - 2014-06-08 03:35 - 00000000 ____D C:\Program Files (x86)\Adobe
2016-02-15 12:56 - 2014-08-29 13:40 - 00000833 _____ C:\Users\Public\Desktop\CCleaner.lnk
2016-02-15 12:42 - 2009-07-14 12:45 - 00472992 _____ C:\Windows\system32\FNTCACHE.DAT
2016-02-15 12:39 - 2014-12-10 11:45 - 00000000 ____D C:\Windows\system32\appraiser
2016-02-15 12:39 - 2014-06-21 11:21 - 00000000 ___SD C:\Windows\system32\CompatTel
2016-02-15 12:39 - 2013-02-12 02:28 - 00000000 ____D C:\Program Files\Windows Journal
2016-02-15 12:37 - 2014-07-01 01:32 - 00000000 ____D C:\Windows\system32\MRT
2016-02-15 12:32 - 2014-07-01 01:32 - 146614896 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2016-02-15 12:23 - 2014-06-08 03:20 - 01267996 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2016-02-15 10:49 - 2014-07-01 00:40 - 00000000 ____D C:\Users\Tommy
2016-02-15 10:24 - 2014-10-10 17:15 - 00796864 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-02-15 10:24 - 2014-10-10 17:15 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-02-15 10:24 - 2014-10-10 17:15 - 00003464 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2016-02-15 09:23 - 2014-07-01 12:21 - 00002199 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-02-15 08:41 - 2014-07-23 13:27 - 00003722 _____ C:\Windows\System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473
2016-02-15 08:41 - 2014-07-23 13:27 - 00003476 _____ C:\Windows\System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473-Logon
2016-02-15 08:40 - 2014-07-24 08:48 - 00025262 _____ C:\IFRToolLog.txt
2016-02-02 09:15 - 2014-07-01 12:21 - 00003538 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2016-02-02 09:15 - 2014-07-01 12:21 - 00003286 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2016-01-30 08:55 - 2014-06-08 03:46 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2016-01-30 08:53 - 2014-06-08 03:46 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2016-01-29 09:43 - 2014-10-09 08:46 - 00000000 ____D C:\Users\Tommy\AppData\Roaming\LSC
2016-01-21 10:38 - 2015-01-16 12:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
 
==================== Files in the root of some directories =======
 
2014-07-01 00:41 - 2014-09-01 12:35 - 0003902 _____ () C:\Users\Tommy\AppData\Roaming\AbsoluteReminder.xml
2014-08-12 17:35 - 2014-08-12 17:36 - 0034104 _____ () C:\Users\Tommy\AppData\Local\WiDiSetupLog.20140812.173510.wdl
2015-11-09 08:44 - 2015-11-09 08:44 - 0010332 _____ () C:\Users\Tommy\AppData\Local\WiDiUtilsLog.20151109.084447.wdl
2014-06-08 03:31 - 2014-06-08 03:31 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2014-06-08 03:40 - 2014-06-08 03:40 - 0000107 _____ () C:\ProgramData\{324F76CC-D8DD-4D87-B77D-D4AF5E1AA7B3}.log
2014-06-08 03:37 - 2014-06-08 03:38 - 0000105 _____ () C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log
2014-06-08 03:38 - 2014-06-08 03:39 - 0000110 _____ () C:\ProgramData\{B7A0CE06-068E-11D6-97FD-0050BACBF861}.log
2014-06-08 03:39 - 2014-06-08 03:40 - 0000115 _____ () C:\ProgramData\{D6E853EC-8960-4D44-AF03-7361BB93227C}.log
 
Some files in TEMP:
====================
C:\Users\Sales\AppData\Local\Temp\_isB106.exe
C:\Users\Sales\AppData\Local\Temp\_isC7A1.exe
C:\Users\Sales\AppData\Local\Temp\_isFD61.exe
C:\Users\Tommy\AppData\Local\Temp\uninst1.exe
 
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2016-02-18 14:19
 
==================== End of FRST.txt ============================
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version:17-02-2016
Ran by Tommy (2016-02-19 11:09:42)
Running from C:\Users\Tommy\Desktop
Windows 7 Professional Service Pack 1 (X64) (2014-06-20 16:52:14)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-2358282901-2216686757-310477945-500 - Administrator - Disabled)
Guest (S-1-5-21-2358282901-2216686757-310477945-501 - Limited - Disabled)
Mice (S-1-5-21-2358282901-2216686757-310477945-1001 - Limited - Enabled) => C:\Users\Mice
Sales (S-1-5-21-2358282901-2216686757-310477945-1000 - Administrator - Enabled) => C:\Users\Sales
Tommy (S-1-5-21-2358282901-2216686757-310477945-1002 - Administrator - Enabled) => C:\Users\Tommy
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Microsoft Security Essentials (Enabled - Up to date) {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
AS: Microsoft Security Essentials (Enabled - Up to date) {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Able2Extract Professional 8.0 (HKLM-x32\...\{C894CC24-0DEC-4340-BCC9-DD4310DF3BED}_is1) (Version: 8.0 - Investintech.com Inc.)
Adobe Acrobat Reader DC - Chinese Traditional (HKLM-x32\...\{AC76BA86-7AD7-1028-7B44-AC0F074E4100}) (Version: 15.010.20056 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 20.0.0.233 - Adobe Systems Incorporated)
Adobe Flash Player 20 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 20.0.0.306 - Adobe Systems Incorporated)
Adobe Flash Player 20 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 20.0.0.306 - Adobe Systems Incorporated)
Amazon Kindle (HKU\S-1-5-21-2358282901-2216686757-310477945-1002\...\Amazon Kindle) (Version: 1.14.0.43019 - Amazon)
Application Insights Tools for Visual Studio 2013 (x32 Version: 2.4 - Microsoft Corporation) Hidden
AzureTools.Notifications (x32 Version: 2.1.10731.1602 - Microsoft Corporation) Hidden
Behaviors SDK (Windows Phone) for Visual Studio 2013 (x32 Version: 12.0.50716.0 - Microsoft Corporation) Hidden
Behaviors SDK (Windows) for Visual Studio 2013 (x32 Version: 12.0.50429.0 - Microsoft Corporation) Hidden
Blend for Visual Studio 2013 (x32 Version: 12.0.41002.1 - Microsoft Corporation) Hidden
Blend for Visual Studio 2013 ENU resources (x32 Version: 12.0.41002.1 - Microsoft Corporation) Hidden
Blend for Visual Studio SDK for .NET 4.5 (x32 Version: 3.0.40218.0 - Microsoft Corporation) Hidden
Blend for Visual Studio SDK for Silverlight 5 (x32 Version: 3.0.40218.0 - Microsoft Corporation) Hidden
Bridgemate II USB Server Driver (HKLM\...\{62497BE5-FC35-4EE6-8D5F-1A1D6B97324D}) (Version: 1.7.0 - Bridge Systems BV)
Brother MFL-Pro Suite MFC-7860DW (HKLM-x32\...\{3ACCCFB3-7B17-4E9F-ACB0-46868FCD4487}) (Version: 1.1.3.0 - Brother Industries, Ltd.)
Brother MFL-Pro Suite MFC-L2700DW series (HKLM-x32\...\{F8ECC2FD-CE2B-4ED4-BDCC-90D0D34206FD}) (Version: 1.0.3.0 - Brother Industries, Ltd.)
Build Tools - amd64 (Version: 12.0.31101 - Microsoft Corporation) Hidden
Build Tools - x86 (x32 Version: 12.0.31101 - Microsoft Corporation) Hidden
Build Tools Language Resources - amd64 (Version: 12.0.31101 - Microsoft Corporation) Hidden
Build Tools Language Resources - x86 (x32 Version: 12.0.31101 - Microsoft Corporation) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.14 - Piriform)
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.65.55.62 - Conexant)
Create Recovery Media (HKLM-x32\...\{50DC5136-21E8-48BC-97E5-1AD055F6B0B6}) (Version: 1.20.0.00 - Lenovo Group Limited)
CutePDF Writer 3.0 (HKLM\...\CutePDF Writer Installation) (Version:  3.0 - Acro Software Inc.)
CyberLink PowerDVD 10 (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.5428.52 - CyberLink Corp.)
Dotfuscator and Analytics Community Edition (x32 Version: 5.5.4954.46574 - PreEmptive Solutions) Hidden
Entity Framework 6.1.1 Tools  for Visual Studio 2013 (HKLM-x32\...\{85253F13-EE42-4850-A3A5-79B90E92D7AC}) (Version: 12.0.30610.0 - Microsoft Corporation)
Extended Asian Language font pack for Adobe Reader XI (HKLM-x32\...\{AC76BA86-7AD7-2530-0000-A00000000004}) (Version: 11.0.0 - Adobe Systems Incorporated)
Free RAR Extract Frog (HKLM-x32\...\Free RAR Extract Frog) (Version: 5.20 - Philipp Winterberg)
Google Books Downloader version 2.6 (HKLM-x32\...\{216729B6-014A-F413-814F-F17F74FBA113}_is1) (Version: 2.6 - GBOOKSDOWNLOADER.COM)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 48.0.2564.109 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.29.5 - Google Inc.) Hidden
Icecream PDF Split and Merge version 1.08 (HKLM-x32\...\{95DC4DB4-99FB-4FB2-ADBD-97F194EDEB4D}_is1) (Version: 1.08 - Icecream Apps)
IIS 8.0 Express (HKLM\...\{7BF61FA9-BDFB-4563-98AD-FCB0DA28CCC7}) (Version: 8.0.1557 - Microsoft Corporation)
IIS Express Application Compatibility Database for x64 (HKLM\...\{9f4f4a9b-eec5-4906-92fe-d1f43ccf5c8d}.sdb) (Version:  - )
IIS Express Application Compatibility Database for x86 (HKLM\...\{fdfba1f3-74ae-4255-9c10-a0f552b4610f}.sdb) (Version:  - )
Integrated Camera (HKLM-x32\...\{E0A7ED39-8CD6-4351-93C3-69CCA00D12B4}) (Version: 6.2.9200.10224 - Realtek Semiconductor Corp.)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.0.10.1372 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.18.10.3272 - Intel Corporation)
Intel® PROSet/Wireless Software for Bluetooth® Technology(patch version 3.0.1332.1) (HKLM\...\{302600C1-6BDF-4FD1-1307-148929CC1385}) (Version: 3.1.1307.0366 - Intel Corporation)
Intel® SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 3.0.0.66956 - Intel Corporation)
Intel® Smart Connect Technology 4.1 x64 (HKLM\...\{DBECAE94-4C04-40AC-9AFB-FA9953258EAF}) (Version: 4.1.41.2234 - Intel)
Intel® Update Manager (HKLM-x32\...\{B991A1BC-DE0F-41B3-9037-B2F948F706EC}) (Version: 3.1.1228 - Intel Corporation)
Intel® Update Manager (x32 Version: 1.0.0.36888 - Intel Corporation) Hidden
Intel® USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 2.5.2.32 - Intel Corporation)
Intel® PROSet/無線軟體 (HKLM-x32\...\{12e0ee45-4218-4b40-aa8f-6d86d214bdae}) (Version: 17.1.1 - Intel Corporation)
Java 8 Update 73 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218073F0}) (Version: 8.0.730.2 - Oracle Corporation)
Kit SDK de vérification de Visual Studio 2012 - fra (x32 Version: 12.0.30501 - Microsoft Corporation) Hidden
Lenovo Auto Scroll Utility (HKLM\...\LenovoAutoScrollUtility) (Version: 2.13 - )
Lenovo Communications Utility (HKLM\...\{88C6A6D9-324C-46E8-BA87-563D14021442}_is1) (Version: 3.1.17.0 - Lenovo)
Lenovo Patch Utility (x32 Version: 1.4.0.4 - Lenovo Group Limited) Hidden
Lenovo Patch Utility 64 bit (Version: 1.4.0.4 - Lenovo Group Limited) Hidden
Lenovo Power Management Driver (HKLM\...\Power Management Driver) (Version: 1.67.11.08 - Lenovo)
Lenovo QuickCast (HKLM-x32\...\Lenovo QuickCast_is1) (Version: 2.0.10.0 - Lenovo Group Limited)
Lenovo QuickControl (HKLM-x32\...\{04128C8C-7812-4DCC-816E-9C8AB1D6EECE}) (Version: 2.40 - Lenovo Group Limited)
Lenovo Registration (HKLM-x32\...\{6707C034-ED6B-4B6A-B21F-969B3606FBDE}) (Version: 1.0.3 - Lenovo Inc.)
Lenovo Solution Center (HKLM\...\{4386A5EF-BD23-49F4-9DAD-CD76B4F6A8BF}) (Version: 2.8.006.00 - Lenovo Group Limited)
Lenovo Solutions for Small Business (HKLM-x32\...\{6A6D86CD-B004-46b7-8951-7BB75A776F8C}) (Version: 2.0.32.7350 - Intel® Corporation)
Lenovo Solutions for Small Business Customizations (HKLM-x32\...\{AFD7B869-3B70-40C7-8983-769256BA3BD2}) (Version: 2.0.0005.00 - Lenovo Group Limited)
Lenovo User Guide (HKLM-x32\...\{13F59938-C595-479C-B479-F171AB9AF64F}) (Version: 1.0.0009.00 - Lenovo Group Limited)
Lenovo Warranty Information (HKLM-x32\...\{FD4EC278-C1B1-4496-99ED-C0BE1B0AA521}) (Version: 1.0.0005.00 - Lenovo)
Lenovo Welcome (HKLM-x32\...\{2DC26D10-CC6A-494F-BEA3-B5BC21126D5E}) (Version: 3.1.0022.00 - Lenovo Group Limited)
LocalESPC (x32 Version: 8.59.29989 - Microsoft Corporation) Hidden
LocalESPC Dev12 (x32 Version: 8.100.25984 - Microsoft Corporation) Hidden
LocalESPCui for en-us Dev12 (x32 Version: 8.100.25984 - Microsoft) Hidden
Logitech WebCam Driver (HKLM\...\Logitech WebCam Driver) (Version:  - )
Magic Contest (HKLM-x32\...\{290EAC94-719C-421A-9BA7-5B366F0D79D0}) (Version: 4.10.0 - Brenning Data)
Memory Profiler (x32 Version: 12.0.31101 - Microsoft Corporation) Hidden
Message Center Plus (HKLM\...\{EE4D9822-C7F3-4386-8703-889CDDA22FAA}) (Version: 3.4.0001.00 - Lenovo Group Limited)
Metric Collection SDK (x32 Version: 1.1.0005.00 - Lenovo Group Limited) Hidden
Metric Collection SDK 35 (x32 Version: 1.2.0006.00 - Lenovo Group Limited) Hidden
Microsoft .NET Framework 4.5 Multi-Targeting Pack (HKLM-x32\...\{56E962F0-4FB0-3C67-88DB-9EAA6EEFC493}) (Version: 4.5.50710 - Microsoft Corporation)
Microsoft .NET Framework 4.5 SDK (HKLM-x32\...\{4AE57014-05C4-4864-A13D-86517A7E1BA4}) (Version: 4.5.50710 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (ENU) (HKLM-x32\...\{D3517C62-68A5-37CF-92F7-93C029A89681}) (Version: 4.5.50932 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (HKLM-x32\...\{6A0C6700-EA93-372C-8871-DCCF13D160A4}) (Version: 4.5.50932 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 SDK (HKLM-x32\...\{19A5926D-66E1-46FC-854D-163AA10A52D3}) (Version: 4.5.51641 - Microsoft Corporation)
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Help Viewer 2.1 (HKLM-x32\...\Microsoft Help Viewer 2.1) (Version: 2.1.21005 - Microsoft Corporation)
Microsoft Office 365 - zh-tw (HKLM\...\O365HomePremRetail - zh-tw) (Version: 16.0.6366.2062 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2358282901-2216686757-310477945-1002\...\OneDriveSetup.exe) (Version: 17.3.6201.1019 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.8.204.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41212.0 - Microsoft Corporation)
Microsoft Silverlight 5 SDK (HKLM-x32\...\{E1FBB3D4-ADB0-4949-B101-855DA061C735}) (Version: 5.0.61118.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Command Line Utilities  (HKLM\...\{58FED865-4F13-408D-A5BF-996019C4B936}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Data-Tier App Framework  (HKLM-x32\...\{1B876496-B3A2-4D22-9B12-B608A3FD4B8B}) (Version: 11.1.2902.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Data-Tier App Framework  (x64) (HKLM\...\{A6BA243E-85A3-4635-A269-32949C98AC7F}) (Version: 11.1.2902.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Express LocalDB  (HKLM\...\{6C026A91-640F-4A23-8B68-05D589CC6F18}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Management Objects  (HKLM-x32\...\{2F7DBBE6-8EBC-495C-9041-46A772F4E311}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Management Objects  (x64) (HKLM\...\{43A5C316-9521-49C3-B9B6-FCE5E1005DF0}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Native Client  (HKLM\...\{D411E9C9-CE62-4DBF-9D92-4CB22B750ED5}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Transact-SQL ScriptDom  (HKLM\...\{54C5041B-0E91-4E92-8417-AAA12493C790}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 T-SQL Language Service  (HKLM-x32\...\{04DD7AF4-A6D3-4E30-9BB9-3B3670719234}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2014 Express LocalDB  (HKLM\...\{AB8DE9BA-19E1-446A-BCFA-6B3DA9751E21}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 Management Objects  (HKLM-x32\...\{2774595F-BC2A-4B12-A25B-0C37A37049B0}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 Management Objects  (x64) (HKLM\...\{1F9EB3B6-AED7-4AA7-B8F1-8E314B74B2A5}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 Transact-SQL ScriptDom  (HKLM\...\{020CDFE0-C127-4047-B571-37C82396B662}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 T-SQL Language Service  (HKLM-x32\...\{47D08E7A-92A1-489B-B0BF-415516497BCE}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server Compact 4.0 SP1 x64 ENU (HKLM\...\{78909610-D229-459C-A936-25D92283D3FD}) (Version: 4.0.8876.1 - Microsoft Corporation)
Microsoft SQL Server Data Tools - enu (12.0.41012.0) (HKLM-x32\...\{AC8E0CF4-42A1-4151-B684-97CF6FD726CF}) (Version: 12.0.41012.0 - Microsoft Corporation)
Microsoft SQL Server Data Tools Build Utilities - enu (12.0.30919.1) (HKLM-x32\...\{6781FF9B-E87D-4A03-9373-A55A288B83FA}) (Version: 12.0.30919.1 - Microsoft Corporation)
Microsoft SQL Server System CLR Types (HKLM-x32\...\{A47FD1BF-A815-4A76-BE65-53A15BD5D25D}) (Version: 10.50.1600.1 - Microsoft Corporation)
Microsoft SQL Server System CLR Types (x64) (HKLM\...\{4701DEDE-1888-49E0-BAE5-857875924CA2}) (Version: 10.50.1600.1 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2012 (HKLM-x32\...\{070C38AC-05CE-43DF-9A20-141332F6AB2B}) (Version: 11.1.3366.16 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2012 (x64) (HKLM\...\{05FF8209-C4F1-4C77-BC28-791653156D20}) (Version: 11.1.3366.16 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2014 (HKLM\...\{8C06D6DB-A391-4686-B050-99CC522A7843}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2014 (HKLM-x32\...\{4AEB505C-95E1-4964-9B64-8D27F3186D30}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{86CE1746-9EFF-3C9C-8755-81EA8903AC34}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio Community 2013 with Update 4 (HKLM-x32\...\{96a8b90c-0a91-4e76-ab34-730c23923d11}) (Version: 12.0.31101 - Microsoft Corporation)
Microsoft Web Deploy 3.5 (HKLM\...\{69A998C5-00A9-42CA-AB4E-C31CFFCD9251}) (Version: 3.1237.1763 - Microsoft Corporation)
Microsoft Windows Application Compatibility Database (HKLM\...\{deb7008b-681e-4a4a-8aae-cc833e8216ce}.sdb) (Version:  - )
MozBackup 1.5.1 (HKLM-x32\...\MozBackup) (Version:  - Pavel Cvrcek)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 24.6.0 - Mozilla)
Mozilla Thunderbird 38.6.0 (x86 zh-TW) (HKLM-x32\...\Mozilla Thunderbird 38.6.0 (x86 zh-TW)) (Version: 38.6.0 - Mozilla)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
Office 16 Click-to-Run Extensibility Component (x32 Version: 16.0.6326.1022 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (Version: 16.0.6326.1022 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (x32 Version: 16.0.6326.1022 - Microsoft Corporation) Hidden
On Screen Display (HKLM\...\OnScreenDisplay) (Version: 8.60.00 - )
PDFCreator (HKLM\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 2.1.1 - pdfforge)
piaip AppLocale (HKLM-x32\...\{394BE3D9-7F57-4638-A8D1-1D88671913B7}) (Version: 1.0.0 - MS)
Power Manager (HKLM-x32\...\{DAC01CEE-5BAE-42D5-81FC-B687E84E8405}) (Version: 6.67.5 - Lenovo Group Limited)
PowerDVD Create (HKLM-x32\...\InstallShield_{DE485075-8CD3-4A1E-9ABC-6412EBA44872}) (Version: 10.0 - CyberLink Corp.)
PowerDVD Create 10 (x32 Version: 10.0.1.2704 - CyberLink Corp.) Hidden
PowreShellIntegration.Notifications (x32 Version: 2.5.21003.1603 - Microsoft Corporation) Hidden
PreEmptive Analytics Visual Studio Components (x32 Version: 1.2.3197.1 - PreEmptive Solutions) Hidden
Prerequisites for SSDT  (HKLM-x32\...\{21373064-AD95-48DB-A32E-0D9E08EF7355}) (Version: 12.0.2000.8 - Microsoft Corporation)
Prerequisites for SSDT  (HKLM-x32\...\{35C1D9D6-87C0-46A3-B1B4-EDBCC063221C}) (Version: 11.1.3000.0 - Microsoft Corporation)
Python Tools Redirection Template (x32 Version: 1.3 - Microsoft Corporation) Hidden
RapidBoot HDD Accelerator (HKLM-x32\...\Fastboot) (Version: 1.1.1.1 - Lenovo)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9200.21234 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.73.618.2013 - Realtek)
SDK de comprobación de Visual Studio 2012 - esn (x32 Version: 12.0.30501 - Microsoft Corporation) Hidden
SetupCrystalReportsClientXIR2 (HKLM-x32\...\{A0912B60-2587-457E-8345-0D820EEA6C6F}) (Version: 1.0.0 - Microsoft)
Silicon Laboratories USBXpress Device (Driver Removal) (HKLM-x32\...\SIUSBXP&10C4&EA61) (Version:  - Silicon Laboratories)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 18.0.7.99 - Synaptics Incorporated)
Team Explorer for Microsoft Visual Studio 2013 (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden
ThinkVantage Access Connections (HKLM-x32\...\{8E537894-A559-4D60-B3CB-F4485E3D24E3}) (Version: 6.25.65 - Lenovo)
ThinkVantage Active Protection System (HKLM\...\{46A84694-59EC-48F0-964C-7E76E9F8A2ED}) (Version: 1.80.05.00 - Lenovo)
TypeScript Power Tool (x32 Version: 1.0.5.0 - Microsoft Corporation) Hidden
TypeScript Tools for Microsoft Visual Studio 2013 (x32 Version: 1.0.5.0 - Microsoft Corporation) Hidden
U3Launcher (HKLM-x32\...\{D8E363A7-88B7-446D-B2C0-E26CE4DC8E54}) (Version: 1.0.0 - U3)
Update for  (KB2504637) (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}.KB2504637) (Version: 1 - Microsoft Corporation)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
Visual Studio 2013 Update 4 (KB2829760) (HKLM-x32\...\{53d408db-eb91-43fb-9d8f-167681c19763}) (Version: 12.0.31101 - Microsoft Corporation)
VS Update core components (x32 Version: 12.0.31101 - Microsoft Corporation) Hidden
WaveEditor (x32 Version: 1.0.1.4514 - CyberLink Corp.) Hidden
WCF Data Services 5.6.0 Runtime (x32 Version: 5.6.61587.0 - Microsoft Corporation) Hidden
WCF Data Services Tools for Microsoft Visual Studio 2013 (x32 Version: 5.6.61587.0 - Microsoft Corporation) Hidden
WCF RIA Services V1.0 SP2 (HKLM-x32\...\{5D8DD6A8-C4D7-4554-93F9-F1CC28C72600}) (Version: 4.1.62812.0 - Microsoft Corporation)
Windows Driver Package - FTDI CDM Driver Package - Bus/D2XX Driver (01/18/2013 2.08.28) (HKLM\...\9E24492CE9279512BD465F61DB8523641BB7BBFC) (Version: 01/18/2013 2.08.28 - FTDI)
Windows Driver Package - FTDI CDM Driver Package - VCP Driver (01/18/2013 2.08.28) (HKLM\...\E61B77ECE57113AE1CA028BC7A8AD6C137BD13DD) (Version: 01/18/2013 2.08.28 - FTDI)
Windows Driver Package - Intel Corporation (iaStorA) HDC  (08/01/2013 12.8.0.1016) (HKLM\...\C8A921233C0C441A4E4EAABC2AB08C872FD77A6E) (Version: 08/01/2013 12.8.0.1016 - Intel Corporation)
Windows Driver Package - Lenovo 1.67.04.04 (11/07/2013 1.67.04.04) (HKLM\...\70FB73D983446AEE2932B0ED51A770D1BD1348DA) (Version: 11/07/2013 1.67.04.04 - Lenovo)
Windows 驅動程式封裝 - Microchip Technology, Inc. (usbser) Ports  (11/15/2007 5.1.2600.0) (HKLM\...\0C48B1EC5F3EB051F9D1A26322453AE0C48E5883) (Version: 11/15/2007 5.1.2600.0 - Microchip Technology, Inc.)
Пакет Visual Studio 2012 Verification SDK - rus (x32 Version: 12.0.30501 - Microsoft Corporation) Hidden
搜狗拼音输入法 7.8正式版 (HKLM-x32\...\Sogou Input) (Version: 7.8.0.7088 - Sogou.com)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-2358282901-2216686757-310477945-1002_Classes\CLSID\{162C6FB5-44D3-435B-903D-E613FA093FB5}\InprocServer32 -> C:\Users\Tommy\AppData\Local\Microsoft\OneDrive\17.3.6201.1019\amd64\FileCoAuthLib64.dll ()
CustomCLSID: HKU\S-1-5-21-2358282901-2216686757-310477945-1002_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\Tommy\AppData\Local\Microsoft\OneDrive\17.3.6201.1019\FileCoAuth.exe (Microsoft Corporation)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {30B39D14-3351-4239-A850-BC4ECE2514E5} - System32\Tasks\{693B558E-84D7-47BE-BC71-B94EBAC4FF66} => E:\LaunchU3.exe
Task: {420F6BC9-A0B6-450C-B3A1-016A62E7FF6F} - System32\Tasks\{C844391B-027A-405B-8B05-EFF50217A2E0} => pcalua.exe -a "C:\Users\Tommy\Downloads\Microsoft Piaip Applocale右鍵啟動版\Piaip Applocale.exe" -d "C:\Users\Tommy\Downloads\Microsoft Piaip Applocale右鍵啟動版"
Task: {4A9AB66A-7028-4ACD-B112-8F837EBAE5B4} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-12-13] (Adobe Systems Incorporated)
Task: {4FBEC6EF-8B58-4D1B-88D5-76D802C8712C} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe [2015-09-25] (Intel Corporation)
Task: {5C7687C3-EF6E-44C8-9D00-6D10245AFF2D} - System32\Tasks\ASP => C:\Program Files (x86)\RCP\systweakasp.exe
Task: {66D58E8D-205F-44F9-9ACD-7BFECFF41C4A} - System32\Tasks\Intel® Small Business Advantage\Notifier => C:\Program Files\Intel\Intel® Small Business Advantage\UI\SBA_Notifier.exe [2013-04-11] (Intel Corporation)
Task: {692A6081-1A3E-4696-8B73-AB7AF18FB66E} - System32\Tasks\CLMLSvc => C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe [2013-03-07] (CyberLink)
Task: {6FF133B3-077C-4D1B-A951-7A570E994EA2} - System32\Tasks\Lenovo\LSC\LSCHardwareScanPostpone => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [2015-12-10] (Lenovo)
Task: {7938B8EC-FCB5-4D40-8806-B86771525E08} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473-Logon => C:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe [2015-09-25] (Intel Corporation)
Task: {79397F41-DC82-4293-B05C-0F7A8A8883FA} - System32\Tasks\SogouImeMgr => C:\Program Files (x86)\SogouInput\SogouExe\SogouExe.exe [2015-10-29] (Sogou.com Inc.)
Task: {A9821DF3-5FA9-47E0-A4E7-BBC467477306} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-01-16] (Piriform Ltd)
Task: {ADDD837C-C71A-4961-BD8C-E88A1B61BEF6} - System32\Tasks\0116pizUpdateInfo => C:\ProgramData\Avg_Update_0116piz\0116piz_AVG-Secure-Search-Update.exe [2016-01-10] ()
Task: {AFD88477-4A4C-4ED5-9AC5-0B24BBAE0766} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program => C:\Program Files\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe
Task: {B2938AFB-C1F3-4950-A1DC-3F790F532E43} - System32\Tasks\StartPowerDVDService => C:\PROGRAM FILES (x86)\Cyberlink\PowerDVD10\PDVD10Serv.exe [2013-06-29] (CyberLink Corp.)
Task: {B81FECEE-35EB-4DA5-9476-FBFABFB23E9B} - System32\Tasks\Lenovo\Message Center Plus Launcher => C:\Program Files (x86)\Lenovo\message center plus\mcplaunch.exe [2015-03-23] (Lenovo)
Task: {BC753C6D-BBB5-44BF-BAF2-F20E97E2636B} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-01-17] (Microsoft Corporation)
Task: {C9217737-BD79-403E-B0F7-E5CC8B9D3A90} - System32\Tasks\Lenovo\LSC\Lenovo Solution Center Notifications => C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe [2015-12-10] (Lenovo)
Task: {C9C24C93-CBC3-472A-BD47-42E9DBDF473A} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-02-15] (Adobe Systems Incorporated)
Task: {D22CC301-2EA0-4D14-870F-759E255528CA} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program 64 35 => C:\Program Files (x86)\Lenovo\Customer Feedback Program 35\Lenovo.TVT.CustomerFeedback.Agent35.exe [2015-08-17] (Lenovo)
Task: {D42DCED9-4C49-4618-B5FF-389FAD2C768B} - System32\Tasks\Lenovo\Lenovo Solution Center Launcher => C:\Program Files\lenovo\lenovo solution center\App\LSCService.exe [2015-12-10] (Lenovo)
Task: {D9D0D8B3-2126-4BDB-9768-E5249B764CE4} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {EB98E092-6E75-4B18-A181-995005544394} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-01-17] (Microsoft Corporation)
Task: {EC0F3912-CA02-4BA8-8DD9-69EF94812217} - System32\Tasks\PMTask => C:\Program Files (x86)\ThinkPad\Utilities\PwmIdTsv.exe [2015-04-17] (Lenovo Group Limited)
Task: {ED3742E1-63CB-49BD-B032-9544A44D9D81} - System32\Tasks\Lenovo\LSC\LSCHardwareScan => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [2015-12-10] (Lenovo)
Task: {F86B51E9-EE23-4E29-B447-BEDF8F2372FF} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2016-01-20] (Microsoft Corporation)
Task: {F8DE31AD-440E-4DA7-8F26-3DB5692DF513} - System32\Tasks\DiskUpdate => C:\SWTOOLS\OSFIXES\DISKUPDT\DiskUpdate.exe [2009-02-10] ()
Task: {FFD44EBC-BF34-48F7-A199-6A2373982813} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\0116pizUpdateInfo.job => C:\ProgramData\Avg_Update_0116piz\0116piz_AVG-Secure-Search-Update.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Shortcuts =============================
 
(The entries could be listed to be restored or removed.)
 
==================== Loaded Modules (Whitelisted) ==============
 
2014-09-15 10:27 - 2014-12-15 13:55 - 00669200 _____ () c:\program files (x86)\settings manager\smdmf\x64\sysapcrt.dll
2014-08-12 11:25 - 2013-10-23 14:24 - 00087600 _____ () C:\Windows\System32\cpwmon64.dll
2015-12-07 08:52 - 2016-01-17 14:46 - 00171712 _____ () C:\Program Files\Common Files\Microsoft Shared\ClickToRun\ApiClient.dll
2013-04-16 06:45 - 2013-04-16 06:45 - 00182760 _____ () C:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTAgent.exe
2013-04-16 06:45 - 2013-04-16 06:45 - 00060392 _____ () C:\Program Files\Intel\Intel® Smart Connect Technology Agent\NetworkHeuristic.dll
2014-07-01 11:21 - 2005-04-22 12:36 - 00143360 ____R () C:\Windows\system32\BrSNMP64.dll
2014-06-08 03:33 - 2015-04-17 06:07 - 00075264 ____N () C:\Program Files (x86)\ThinkPad\Utilities\TC\PWMRT64V.DLL
2014-06-08 03:35 - 2011-08-02 20:58 - 02201088 _____ () C:\Program Files\Lenovo\Communications Utility\cxcore210.dll
2014-06-08 03:35 - 2011-08-02 20:58 - 02085888 _____ () C:\Program Files\Lenovo\Communications Utility\cv210.dll
2013-03-07 12:49 - 2013-03-07 12:49 - 00626240 _____ () C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll
2013-03-07 12:52 - 2013-03-07 12:52 - 00015424 _____ () C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll
2014-08-09 15:24 - 2009-02-27 16:38 - 00139264 ____R () C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll
2014-06-08 03:22 - 2013-05-16 16:05 - 01199576 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll
2016-01-12 09:52 - 2016-02-18 08:42 - 00153032 _____ () C:\Program Files (x86)\Mozilla Thunderbird\NSLDAP32V60.dll
2016-01-12 09:52 - 2016-02-18 08:42 - 00022472 _____ () C:\Program Files (x86)\Mozilla Thunderbird\NSLDAPPR32V60.dll
2016-02-15 09:23 - 2016-02-09 19:58 - 01632584 _____ () C:\Program Files (x86)\Google\Chrome\Application\48.0.2564.109\libglesv2.dll
2016-02-15 09:23 - 2016-02-09 19:58 - 00087880 _____ () C:\Program Files (x86)\Google\Chrome\Application\48.0.2564.109\libegl.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\Windows:nlsPreferences
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-14 10:34 - 2009-06-11 05:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-2358282901-2216686757-310477945-1002\Control Panel\Desktop\\Wallpaper -> C:\Users\Tommy\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.2.1 - 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\startupfolder: C:^Users^Tommy^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^LaunchU3.exe.lnk => C:\Windows\pss\LaunchU3.exe.lnk.Startup
MSCONFIG\startupreg: AcWin7Hlpr => C:\Program Files (x86)\Lenovo\Access Connections\AcTBenabler.exe
MSCONFIG\startupreg: Fastboot => "C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBConsole.exe" /analysis
MSCONFIG\startupreg: ForteConfig => C:\Program Files\Conexant\ForteConfig\fmapp.exe
MSCONFIG\startupreg: ImeGuardCom => C:\Program Files (x86)\SogouInput\Components\SGImeGuard\1.0.0.27\SGImeGuard.exe
MSCONFIG\startupreg: Lenovo Registration => C:\Program Files (x86)\Lenovo Registration\LenovoReg.exe /boot
MSCONFIG\startupreg: LENOVO.TPKNRRES => C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe
MSCONFIG\startupreg: PaperPort PTD => "C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe"
MSCONFIG\startupreg: PDF5 Registry Controller => C:\Program Files (x86)\Nuance\PDF Viewer Plus\RegistryController.exe
MSCONFIG\startupreg: PDFHook => C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfpro5hook.exe
MSCONFIG\startupreg: PPort12reminder => "C:\Program Files (x86)\Nuance\PaperPort\Ereg\Ereg.exe" -r "C:\ProgramData\ScanSoft\PaperPort\12\Config\Ereg\Ereg.ini"
MSCONFIG\startupreg: PWMTRV => rundll32 "C:\Program Files (x86)\ThinkPad\Utilities\PWMTR64V.DLL",PwrMgrBkGndMonitor
MSCONFIG\startupreg: TpShocks => TpShocks.exe
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{49055BE2-039A-47C8-9725-BF89D94270F4}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD Cinema\PowerDVDCinema10.exe
FirewallRules: [{9522AD70-7552-4F13-A11C-A4B0E9E3D76E}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD10.EXE
FirewallRules: [{2A84D486-FA56-4C6E-86D8-8DD35AC5E217}] => (Allow) C:\Users\Sales\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
FirewallRules: [{C90E7AE6-D1D2-49CA-A09A-C8A4A3C3FD0D}] => (Allow) C:\Program Files (x86)\Brother\Brmfl10f\FAXRX.exe
FirewallRules: [{331917C5-A304-496C-97CE-DEB96A0E53D3}] => (Allow) C:\Program Files (x86)\Brother\Brmfl10f\FAXRX.exe
FirewallRules: [{73878132-9E8F-4347-A9EA-9832AD01AD6A}] => (Allow) LPort=54925
FirewallRules: [{4DD67DCC-92B8-4DCE-88C8-107C9BB2772E}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
FirewallRules: [{29CB24B8-B527-46AC-B026-09E09664C867}] => (Allow) C:\Program Files (x86)\Microsoft Visual Studio 12.0\Common7\IDE\devenv.exe
FirewallRules: [{99E22CA5-C995-480B-A388-2ACF6573ACE9}] => (Allow) C:\Program Files (x86)\Lenovo\QuickControl\QuickControlService.exe
FirewallRules: [{0C3BA0C6-7D24-4B06-A5F6-B2950D7A40DE}] => (Allow) C:\Program Files (x86)\Lenovo\QuickControl\QuickControlService.exe
FirewallRules: [{EB57369B-6E96-4D72-88A0-EDD7B8D7C111}] => (Allow) C:\Program Files (x86)\SogouInput\7.8.0.7088\SGTool.exe
FirewallRules: [{A1F58DAB-37AC-4DAD-8B29-34052E146CDC}] => (Allow) C:\Program Files (x86)\SogouInput\7.8.0.7088\SGTool.exe
FirewallRules: [{BDFDFFC4-169C-446F-9A90-6E2BDF0AC4DC}] => (Allow) C:\Program Files (x86)\SogouInput\7.8.0.7088\SGTool.exe
FirewallRules: [{EE027C57-7EE8-40D5-997C-7494817ED92E}] => (Allow) C:\Program Files (x86)\SogouInput\7.8.0.7088\SGTool.exe
FirewallRules: [{7C25CAF5-5813-414A-8D26-1E52AFD4E993}] => (Allow) C:\Program Files (x86)\SogouInput\7.8.0.7088\PinyinUp.exe
FirewallRules: [{01D7A44C-C850-44FD-8DD5-F6FCD9FCA994}] => (Allow) C:\Program Files (x86)\SogouInput\7.8.0.7088\PinyinUp.exe
FirewallRules: [{554D2AA6-CACC-4B3A-BEA2-532D42441112}] => (Allow) C:\Program Files (x86)\SogouInput\7.8.0.7088\PinyinUp.exe
FirewallRules: [{37951DF0-79A6-4EA0-94AD-B7C62EFBBF8A}] => (Allow) C:\Program Files (x86)\SogouInput\7.8.0.7088\PinyinUp.exe
FirewallRules: [{EDE00163-7D6C-4BC2-B4AF-874803A0C5A5}] => (Allow) C:\Program Files (x86)\SogouInput\7.8.0.7088\SGDownload.exe
FirewallRules: [{B32BDB44-49ED-403B-ACAB-84E642E8EC97}] => (Allow) C:\Program Files (x86)\SogouInput\7.8.0.7088\SGDownload.exe
FirewallRules: [{FA4D59EA-056C-4904-9471-C0DCE81EF4EC}] => (Allow) C:\Program Files (x86)\SogouInput\7.8.0.7088\SGDownload.exe
FirewallRules: [{B558EF2A-ADC6-4D4D-8BDA-782CD998C4EF}] => (Allow) C:\Program Files (x86)\SogouInput\7.8.0.7088\SGDownload.exe
FirewallRules: [{DAFAA99B-3C92-4B41-BD8C-DA0E2F7FDDF2}] => (Allow) C:\Program Files (x86)\SogouInput\7.8.0.7088\SogouCloud.exe
FirewallRules: [{7DFE35C2-E7A6-48BB-A638-269EC5F74459}] => (Allow) C:\Program Files (x86)\SogouInput\7.8.0.7088\SogouCloud.exe
FirewallRules: [{F17B4EBF-CB41-40AE-A375-04DA653E279B}] => (Allow) C:\Program Files (x86)\SogouInput\7.8.0.7088\SogouCloud.exe
FirewallRules: [{B487987C-E0D8-423D-85C8-0E12C333B128}] => (Allow) C:\Program Files (x86)\SogouInput\7.8.0.7088\SogouCloud.exe
FirewallRules: [{A60A5FB3-93C8-4956-97E0-1770FB373B8F}] => (Allow) C:\Program Files (x86)\SogouInput\Components\SogouComMgr.exe
FirewallRules: [{BFD35C3A-9BC5-4DA3-9CBF-3EA8FAC8DA6C}] => (Allow) C:\Program Files (x86)\SogouInput\Components\SogouComMgr.exe
FirewallRules: [{6A74DF01-37C8-4C49-862E-2671472149B5}] => (Allow) C:\Program Files (x86)\SogouInput\Components\SogouComMgr.exe
FirewallRules: [{AD476C7F-24C6-4A93-B0E8-3122BA79CCAC}] => (Allow) C:\Program Files (x86)\SogouInput\Components\SogouComMgr.exe
FirewallRules: [{5A871073-E818-423C-A0DD-07D14ADA2EA3}] => (Allow) C:\Program Files (x86)\SogouInput\7.8.0.7088\userNetSchedule.exe
FirewallRules: [{4FDAC14F-3287-430B-8E62-18D7F552D73D}] => (Allow) C:\Program Files (x86)\SogouInput\7.8.0.7088\userNetSchedule.exe
FirewallRules: [{CBCA3965-0DC9-4145-BD36-CDF5F7AF5158}] => (Allow) C:\Program Files (x86)\SogouInput\7.8.0.7088\userNetSchedule.exe
FirewallRules: [{64D14251-AF51-45FA-8E05-B3105D09F748}] => (Allow) C:\Program Files (x86)\SogouInput\7.8.0.7088\userNetSchedule.exe
FirewallRules: [{39473F89-0205-4543-9943-18B14C3BD4F9}] => (Allow) C:\Program Files (x86)\SogouInput\7.8.0.7088\SGMedalLoader.exe
FirewallRules: [{011E47FA-2BAF-4194-85F7-FE22EDB80595}] => (Allow) C:\Program Files (x86)\SogouInput\7.8.0.7088\SGMedalLoader.exe
FirewallRules: [{A3D3469A-E533-4C92-8AC0-0885A724FFD8}] => (Allow) C:\Program Files (x86)\SogouInput\7.8.0.7088\SGMedalLoader.exe
FirewallRules: [{257B9EF4-C9D6-409F-BDEF-E2EFCA1805A3}] => (Allow) C:\Program Files (x86)\SogouInput\7.8.0.7088\SGMedalLoader.exe
FirewallRules: [{A98FD507-E97B-4D7F-B90D-976390986E3B}] => (Allow) C:\Users\Public\SogouInput\USBDT\OctopusDownloader.exe
FirewallRules: [{649103F9-3207-4827-BFEB-5433608FC733}] => (Allow) C:\Users\Public\SogouInput\USBDT\OctopusDownloader.exe
FirewallRules: [{B6C920A9-D3A4-4759-B6E4-9B396A28C1EC}] => (Allow) C:\Users\Public\SogouInput\USBDT\OctopusDownloader.exe
FirewallRules: [{54F828D0-FDB7-4A0F-8C50-370206BE968C}] => (Allow) C:\Users\Public\SogouInput\USBDT\OctopusDownloader.exe
FirewallRules: [{C7D55521-59EF-4327-9778-9B137E5D1263}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe
FirewallRules: [{1D7AB939-9E81-45FF-95A0-75D954B20BE3}] => (Allow) C:\Program Files (x86)\Brother\Brmfl14d\FAXRX.EXE
FirewallRules: [{9D9445B1-D209-47AD-BEE4-16C1E100FA67}] => (Allow) LPort=54925
FirewallRules: [{5335868C-6B3D-4176-9A78-08BC7BB41FA5}] => (Allow) C:\Program Files (x86)\SimpleFiles\SimpleFiles.exe
FirewallRules: [{2D5A97C3-040E-4248-A959-DD192D327D27}] => (Allow) C:\Program Files (x86)\SimpleFiles\SimpleFiles.exe
FirewallRules: [{F7D75D7D-C99D-4560-BFA0-27990D0D2BBC}] => (Allow) C:\Program Files (x86)\SimpleFiles\downloader.exe
FirewallRules: [{1E7CEB5C-DCCD-459C-8D71-F17AA397BB71}] => (Allow) C:\Program Files (x86)\SimpleFiles\downloader.exe
FirewallRules: [{F1BA4E99-F6B1-4E44-9DE1-7C0CDF82C23F}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{8923F8B7-06BD-4714-A294-F6DB29B1BEBE}] => (Allow) C:\Program Files (x86)\AVG\Av\avgnsa.exe
FirewallRules: [{72FBCE54-2F62-46D2-B330-464109FE8826}] => (Allow) C:\Program Files (x86)\AVG\Av\avgnsa.exe
FirewallRules: [{F7563187-38B3-46EA-8EF1-4277134183B0}] => (Allow) C:\Program Files (x86)\AVG\Av\avgdiagex.exe
FirewallRules: [{81AD3700-BAC1-4974-B0B9-F586201BEC72}] => (Allow) C:\Program Files (x86)\AVG\Av\avgdiagex.exe
FirewallRules: [{F138DE9E-EEE5-4F08-98AD-1B4A53D608C5}] => (Allow) C:\Program Files (x86)\AVG\Av\avgmfapx.exe
FirewallRules: [{07E9E750-4DF6-4F9B-830F-D15C9F214193}] => (Allow) C:\Program Files (x86)\AVG\Av\avgmfapx.exe
FirewallRules: [{CD21229C-C19D-4505-A236-F40BC3AC1149}] => (Allow) C:\Program Files (x86)\AVG\Av\avgemca.exe
FirewallRules: [{6745A9DF-2DB1-4DD8-8399-240D861CCB1C}] => (Allow) C:\Program Files (x86)\AVG\Av\avgemca.exe
 
==================== Restore Points =========================
 
15-02-2016 08:37:03 Windows Update
15-02-2016 12:15:24 Windows Update
15-02-2016 13:47:15 Removed Adobe Reader XI (11.0.14) - Chinese Traditional.
15-02-2016 13:48:35 Removed Adobe Reader XI (11.0.14) - Chinese Traditional.
16-02-2016 15:11:19 Windows Update
17-02-2016 12:05:01 Installed AVG 2016
17-02-2016 12:05:37 Installed AVG
19-02-2016 10:30:44 Removed AVG
19-02-2016 10:36:07 Removed AVG 2016
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (02/19/2016 10:39:25 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (02/19/2016 10:36:08 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services 處理系統寫入器物件中的 OnIdentity() 呼叫失敗。
 
Details:
AddWin32ServiceFiles: Unable to back up image of service AVGIDSAgent since QueryServiceConfig API failed
 
System Error:
系統找不到指定的檔案。
 
Error: (02/19/2016 10:36:08 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services 處理系統寫入器物件中的 OnIdentity() 呼叫失敗。
 
Details:
AddLegacyDriverFiles: Unable to back up image of binary AVGIDSDriver.
 
System Error:
系統找不到指定的檔案。
 
Error: (02/19/2016 08:44:07 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (02/19/2016 08:42:49 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: 失敗的應用程式名稱: CAMService.exe,版本: 1.0.0.1,時間戳記: 0x53a20132
失敗的模組名稱: ntdll.dll,版本: 6.1.7601.23338,時間戳記: 0x56a1cb4e
例外狀況碼: 0xc0000005
錯誤位移: 0x0000000000048d84
失敗的處理程序識別碼: 0xa6c
失敗的應用程式開始時間: 0xCAMService.exe0
失敗的應用程式路徑: CAMService.exe1
失敗的模組路徑: CAMService.exe2
報告識別碼: CAMService.exe3
 
Error: (02/19/2016 08:34:17 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (02/18/2016 11:21:28 AM) (Source: Office 2016 Licensing Service) (EventID: 0) (User: )
Description: Subscription licensing service failed: -1073418220
 
Error: (02/18/2016 10:03:09 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (02/18/2016 10:01:46 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: 失敗的應用程式名稱: CAMService.exe,版本: 1.0.0.1,時間戳記: 0x53a20132
失敗的模組名稱: ntdll.dll,版本: 6.1.7601.23338,時間戳記: 0x56a1cb4e
例外狀況碼: 0xc0000005
錯誤位移: 0x0000000000048d84
失敗的處理程序識別碼: 0x9d4
失敗的應用程式開始時間: 0xCAMService.exe0
失敗的應用程式路徑: CAMService.exe1
失敗的模組路徑: CAMService.exe2
報告識別碼: CAMService.exe3
 
Error: (02/18/2016 08:57:19 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
 
System errors:
=============
Error: (02/19/2016 10:39:27 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: 下列開機啟動或系統啟動驅動程式無法載入: 
F06DEFF2-5B9C-490D-910F-35D3A91196222
 
Error: (02/19/2016 08:44:15 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: CAM Service 服務意外地終止。已經發生 1 次。
 
Error: (02/19/2016 08:44:14 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: 下列開機啟動或系統啟動驅動程式無法載入: 
F06DEFF2-5B9C-490D-910F-35D3A91196222
 
Error: (02/19/2016 08:43:04 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: 等候 CAMService 服務的交易回應時發生逾時 (30000 毫秒)。
 
Error: (02/18/2016 10:03:12 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: CAM Service 服務意外地終止。已經發生 1 次。
 
Error: (02/18/2016 10:03:12 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: 下列開機啟動或系統啟動驅動程式無法載入: 
F06DEFF2-5B9C-490D-910F-35D3A91196222
 
Error: (02/18/2016 10:02:00 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Windows Presentation Foundation Font Cache 3.0.0.0 服務無法啟動,因為下列錯誤: 
%%1053
 
Error: (02/18/2016 10:02:00 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: 等候 Windows Presentation Foundation Font Cache 3.0.0.0 服務連線時發生逾時 (30000 毫秒)。
 
Error: (02/18/2016 08:56:53 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Network List Service 服務依存的 Network Location Awareness 服務因為發生下列錯誤而無法啟動: 
%%1068
 
Error: (02/18/2016 08:56:18 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Network List Service 服務依存的 Network Location Awareness 服務因為發生下列錯誤而無法啟動: 
%%1068
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i3-4000M CPU @ 2.40GHz
Percentage of memory in use: 55%
Total physical RAM: 3810.48 MB
Available physical RAM: 1681.61 MB
Total Virtual: 7619.15 MB
Available Virtual: 5036.87 MB
 
==================== Drives ================================
 
Drive c: (Windows7_OS) (Fixed) (Total:464.29 GB) (Free:368.98 GB) NTFS ==>[system with boot components (obtained from drive)]
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 90B55C65)
Partition 1: (Active) - (Size=1.5 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=464.3 GB) - (Type=07 NTFS)
 
==================== End of Addition.txt ============================

Edited by one8421, 18 February 2016 - 09:25 PM.

  • 0

Advertisements


#2
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,598 posts
  • MVP
 
Download the attached fixlist.txt to the same location as FRST
 
[attachment=80378:fixlist.txt]
 
Run FRST and press Fix
A fix log will be generated please post that 
 

 
Download : ADWCleaner to your desktop.  Make sure you get the correct Download button.  Sometimes the ads on BleepingComputer will mimic the real Download button which should say: Download Now @BleepingComputer
 
NOTE: If using Internet Explorer and you get an alert that stops the program downloading, click on the warning and allow the download to complete.
 
Close  all programs, pause your anti-virus and run AdwCleaner (Vista or Win 7 => right click and Run As Administrator).
 
scan-results.jpg
 
Click on Scan  and follow the prompts. Let it run unhindered. When done, click on the Clean button, and follow the prompts. Allow the system to reboot. You will then be presented with the report. Copy & Paste this report on your next reply.
 
The report will be saved in the C:\AdwCleaner folder.
 
 
 
Junkware-Removal-Tool
 
Please download Junkware Removal Tool to your desktop.  Make sure you get the correct Download button.  Sometimes the ads on BleepingComputer will mimic the real Download button which should say: Download Now @Author's site
  • Pause your anti-virus.  Close all browsers.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
  •  
    Run FRST again, make sure the Addition.txt box is checked and then hit SCAN.  Post both logs.
     
    Are you still getting the hijacks?
     
     

     


    • 0

    #3
    one8421

    one8421

      New Member

    • Topic Starter
    • Member
    • Pip
    • 2 posts
    Thanks for the help. Problem solved.
     
    After running FRST and chose fix and rebooted the computer as instructed, the symptom has gone and everything back to normal. Seems that other tools are not required. Below is the log from the fixlog.txt
     
     
    Fix result of Farbar Recovery Scan Tool (x64) Version:17-02-2016
    Ran by Tommy (2016-02-19 12:58:52) Run:1
    Running from C:\Users\Tommy\Desktop
    Loaded Profiles: Tommy (Available Profiles: Sales & Mice & Tommy)
    Boot Mode: Normal
    ==============================================
     
    fixlist content:
    *****************
    (HKU\S-1-5-21-2358282901-2216686757-310477945-1002\...\MountPoints2: {5a50a3c8-ee77-11e3-8d62-806e6f6e6963} - Q:\LenovoQDrive.exe
    IFEO\taskmgr.exe: [Debugger] ""
    HKLM\...\AppCertDlls: [x64] -> c:\program files (x86)\settings manager\smdmf\x64\sysapcrt.dll [669200 2014-12-15] ()
    HKLM\...\AppCertDlls: [x86] -> c:\program files (x86)\settings manager\smdmf\sysapcrt.dll
    ShellIconOverlayIdentifiers: [SugarSyncBackedUp] -> {0C4A258A-3F3B-4FFF-80A7-9B3BEC139472} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll No File
    ShellIconOverlayIdentifiers: [SugarSyncPending] -> {62CCD8E3-9C21-41E1-B55E-1E26DFC68511} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll No File
    ShellIconOverlayIdentifiers: [SugarSyncRoot] -> {A759AFF6-5851-457D-A540-F4ECED148351} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll No File
    ShellIconOverlayIdentifiers: [SugarSyncShared] -> {1574C9EF-7D58-488F-B358-8B78C1538F51} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll No File
    ProxyEnable: [.DEFAULT] => Proxy is enabled.
    ProxyServer: [.DEFAULT] => http=127.0.0.1:51933;https=127.0.0.1:51933
    AutoConfigURL: [S-1-5-21-2358282901-2216686757-310477945-1002] => hxxp://unblockservice.com/wpad.dat?6fd99ebf331b46d89650e010543836265513547
    SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
    SearchScopes: HKLM -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2476} URL = hxxp://www.default-search.net/search?sid=476&aid=208&itype=a&ver=15005&tm=471&src=ds&p={searchTerms}
    SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
    SearchScopes: HKLM-x32 -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2476} URL = hxxp://www.default-search.net/search?sid=476&aid=208&itype=a&ver=15005&tm=471&src=ds&p={searchTerms}
    SearchScopes: HKU\S-1-5-21-2358282901-2216686757-310477945-1002 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
    SearchScopes: HKU\S-1-5-21-2358282901-2216686757-310477945-1002 -> {453C2588-C72C-4F17-B319-A519AE9CD83C} URL = 
    SearchScopes: HKU\S-1-5-21-2358282901-2216686757-310477945-1002 -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2476} URL = 
    CHR Plugin: (Widevine Content Decryption Module) - C:\Users\Tommy\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.8.824\_platform_specific\win_x86\widevinecdmadapter.dll => No File
    S4 avgsvc; "C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe" [X]
    S4 SmdmFService2; C:\Program Files (x86)\Settings Manager\smdmf\SmdmFService.exe [X]
    S1 F06DEFF2-5B9C-490D-910F-35D3A91196222; \??\C:\Program Files (x86)\Settings Manager\smdmf\x64\smdmfmgrc3.cfg [X]
    S3 intaud_WaveExtensible; system32\drivers\intelaud.sys [X]
    S3 iwdbus; system32\DRIVERS\iwdbus.sys [X]
    S3 usb3Hub; system32\DRIVERS\usb3Hub.sys [X]
    2016-02-02 16:46 - 2016-02-02 16:46 - 00000000 ____D C:\Users\Tommy\AppData\Roaming\SimpleFiles
    2016-02-02 16:45 - 2016-02-17 13:35 - 00000000 ____D C:\Program Files (x86)\SimpleFiles
    Task: {5C7687C3-EF6E-44C8-9D00-6D10245AFF2D} - System32\Tasks\ASP => C:\Program Files (x86)\RCP\systweakasp.exe
    Task: C:\Windows\Tasks\0116pizUpdateInfo.job => C:\ProgramData\Avg_Update_0116piz\0116piz_AVG-Secure-Search-Update.exe
    2014-09-15 10:27 - 2014-12-15 13:55 - 00669200 _____ () c:\program files (x86)\settings manager\smdmf\x64\sysapcrt.dll
    c:\program files (x86)\settings manager
    FirewallRules: [{5335868C-6B3D-4176-9A78-08BC7BB41FA5}] => (Allow) C:\Program Files (x86)\SimpleFiles\SimpleFiles.exe
    FirewallRules: [{2D5A97C3-040E-4248-A959-DD192D327D27}] => (Allow) C:\Program Files (x86)\SimpleFiles\SimpleFiles.exe
    FirewallRules: [{F7D75D7D-C99D-4560-BFA0-27990D0D2BBC}] => (Allow) C:\Program Files (x86)\SimpleFiles\downloader.exe
    FirewallRules: [{1E7CEB5C-DCCD-459C-8D71-F17AA397BB71}] => (Allow) C:\Program Files (x86)\SimpleFiles\downloader.exe
    FirewallRules: [{8923F8B7-06BD-4714-A294-F6DB29B1BEBE}] => (Allow) C:\Program Files (x86)\AVG\Av\avgnsa.exe
    FirewallRules: [{72FBCE54-2F62-46D2-B330-464109FE8826}] => (Allow) C:\Program Files (x86)\AVG\Av\avgnsa.exe
    FirewallRules: [{F7563187-38B3-46EA-8EF1-4277134183B0}] => (Allow) C:\Program Files (x86)\AVG\Av\avgdiagex.exe
    FirewallRules: [{81AD3700-BAC1-4974-B0B9-F586201BEC72}] => (Allow) C:\Program Files (x86)\AVG\Av\avgdiagex.exe
    FirewallRules: [{F138DE9E-EEE5-4F08-98AD-1B4A53D608C5}] => (Allow) C:\Program Files (x86)\AVG\Av\avgmfapx.exe
    FirewallRules: [{07E9E750-4DF6-4F9B-830F-D15C9F214193}] => (Allow) C:\Program Files (x86)\AVG\Av\avgmfapx.exe
    FirewallRules: [{CD21229C-C19D-4505-A236-F40BC3AC1149}] => (Allow) C:\Program Files (x86)\AVG\Av\avgemca.exe
    FirewallRules: [{6745A9DF-2DB1-4DD8-8399-240D861CCB1C}] => (Allow) C:\Program Files (x86)\AVG\Av\avgemca.exe 
    EmptyTemp:
     
     
     
     
     
     
     
     
    *****************
     
    HKU\(S-1-5-21-2358282901-2216686757-310477945-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5a50a3c8-ee77-11e3-8d62-806e6f6e6963} => key not found. 
    HKCR\CLSID\{5a50a3c8-ee77-11e3-8d62-806e6f6e6963} => key not found. 
    "HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\taskmgr.exe" => key removed successfully
    HKLM\System\CurrentControlSet\Control\Session Manager\AppCertDlls\\x64 => value removed successfully
    HKLM\System\CurrentControlSet\Control\Session Manager\AppCertDlls\\x86 => value removed successfully
    "HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\SugarSyncBackedUp" => key removed successfully
    "HKCR\CLSID\{0C4A258A-3F3B-4FFF-80A7-9B3BEC139472}" => key removed successfully
    "HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\SugarSyncPending" => key removed successfully
    "HKCR\CLSID\{62CCD8E3-9C21-41E1-B55E-1E26DFC68511}" => key removed successfully
    "HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\SugarSyncRoot" => key removed successfully
    "HKCR\CLSID\{A759AFF6-5851-457D-A540-F4ECED148351}" => key removed successfully
    "HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\SugarSyncShared" => key removed successfully
    "HKCR\CLSID\{1574C9EF-7D58-488F-B358-8B78C1538F51}" => key removed successfully
    HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable => value removed successfully
    HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => value removed successfully
    HKU\S-1-5-21-2358282901-2216686757-310477945-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\AutoConfigURL => value removed successfully
    "HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => key removed successfully
    HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found. 
    "HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2476}" => key removed successfully
    HKCR\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2476} => key not found. 
    "HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => key removed successfully
    HKCR\Wow6432Node\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found. 
    "HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2476}" => key removed successfully
    HKCR\Wow6432Node\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2476} => key not found. 
    "HKU\S-1-5-21-2358282901-2216686757-310477945-1002\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => key removed successfully
    HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found. 
    "HKU\S-1-5-21-2358282901-2216686757-310477945-1002\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{453C2588-C72C-4F17-B319-A519AE9CD83C}" => key removed successfully
    HKCR\CLSID\{453C2588-C72C-4F17-B319-A519AE9CD83C} => key not found. 
    "HKU\S-1-5-21-2358282901-2216686757-310477945-1002\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2476}" => key removed successfully
    HKCR\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2476} => key not found. 
    C:\Users\Tommy\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.8.824\_platform_specific\win_x86\widevinecdmadapter.dll => not found.
    avgsvc => service removed successfully
    SmdmFService2 => service removed successfully
    F06DEFF2-5B9C-490D-910F-35D3A91196222 => service removed successfully
    intaud_WaveExtensible => service removed successfully
    iwdbus => service removed successfully
    usb3Hub => service removed successfully
    C:\Users\Tommy\AppData\Roaming\SimpleFiles => moved successfully
    C:\Program Files (x86)\SimpleFiles => moved successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{5C7687C3-EF6E-44C8-9D00-6D10245AFF2D}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5C7687C3-EF6E-44C8-9D00-6D10245AFF2D}" => key removed successfully
    C:\Windows\System32\Tasks\ASP => moved successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ASP" => key removed successfully
    C:\Windows\Tasks\0116pizUpdateInfo.job => moved successfully
    c:\program files (x86)\settings manager\smdmf\x64\sysapcrt.dll => moved successfully
    c:\program files (x86)\settings manager => moved successfully
    HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{5335868C-6B3D-4176-9A78-08BC7BB41FA5} => value removed successfully
    HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{2D5A97C3-040E-4248-A959-DD192D327D27} => value removed successfully
    HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{F7D75D7D-C99D-4560-BFA0-27990D0D2BBC} => value removed successfully
    HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{1E7CEB5C-DCCD-459C-8D71-F17AA397BB71} => value removed successfully
    HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{8923F8B7-06BD-4714-A294-F6DB29B1BEBE} => value removed successfully
    HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{72FBCE54-2F62-46D2-B330-464109FE8826} => value removed successfully
    HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{F7563187-38B3-46EA-8EF1-4277134183B0} => value removed successfully
    HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{81AD3700-BAC1-4974-B0B9-F586201BEC72} => value removed successfully
    HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{F138DE9E-EEE5-4F08-98AD-1B4A53D608C5} => value removed successfully
    HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{07E9E750-4DF6-4F9B-830F-D15C9F214193} => value removed successfully
    HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{CD21229C-C19D-4505-A236-F40BC3AC1149} => value removed successfully
    HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{6745A9DF-2DB1-4DD8-8399-240D861CCB1C} => value removed successfully
    EmptyTemp: => 505.9 MB temporary data Removed.
     
     
    The system needed a reboot.
     
    ==== End of Fixlog 12:59:04 ====

    • 0






    Similar Topics

    0 user(s) are reading this topic

    0 members, 0 guests, 0 anonymous users

    As Featured On:

    Microsoft Yahoo BBC MSN PC Magazine Washington Post HP