Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Laptop infected by QQPCMgr virus

QQPCMgr hao123

  • Please log in to reply

#1
lorangecc

lorangecc

    New Member

  • Member
  • Pip
  • 1 posts

Laptop infected by QQPCMgr virus

Hello guys,I’m a Chinese student seeking for your help with QQPCMgr virus problems.

Recently,my IE explorer has been hijacked by Hao123:the first page been redirected to https://www.hao123.com/?tn=93451208_hao_pg ,a Chinese guiding website.Once I’m connecting to Internetmy laptop will auto download the QQPCMgr(Chinese name“腾讯电脑管家”) a software created by Tencent company.Then the software will install silently without any hint,and it become start up everytime I logged on my laptop.

Uninstall process is extremely hard. Everytime I ran the uninstall process, it was removed me only for the time being.However, the IE main page remained hijacked, Next time I open the computer,it continuously download and install QQPCMgr .

I tried the following ways ,all turned nothing:

(1)remove the registry items regarding to “tencent”, “QQPC”and “hao123”,include deleting the IE start page item changed by hao123

(2)use “EVERYTHING” to search relevant files and delete them (both NORMAL and SAFE MODE tried)

(3)scan the files with AdwCleaner and have the tencent files quarantined,see attached picture

(4)put the “Tencent” certificate into untrusted items

(5)formatting the system C-drive(recover my system to Factory Reset through the HP recovery manger) and Data D-drive. Except the recovery drive E

Yesterday I installed 360safeguard(AKA360安全卫士”)another antivirus in China.360 can forcibly change the IE explorer to blank page, it seemed the auto download and installation was stopped. But as soon as I uninstlled 360safeguard earlier today, the infected symptoms came back normal. Unwillingly I have to reinstall the 360 back for nowT^T

 

Sorry for my lengthy statement,hope you all the best

I searched the forumthe similar problems were listed as follows

a.  http://www.geekstogo.com/forum/topic/361329-my-laptop-is-infected-by-hohosearch-and-tencentqqpcmgr-virus/page-2

b.  http://www.geekstogo.com/forum/topic/361138-unwanted-malware-programmas-tencent/

The log files

1.FRSTscanned with 360

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 03-10-2016

Ran by xiao (administrator) on FOOLISH (04-10-2016 17:45:00)

Running from C:\Users\xiao\Desktop

Loaded Profiles: xiao (Available Profiles: xiao)

Platform: Windows 8.1 China (Update) (X64) Language: 中文(简体,中国)

Internet Explorer Version 11 (Default browser: IE)

Boot Mode: Normal

Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

 

==================== Processes (Whitelisted) =================

 

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

 

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe

(Intel Corporation) C:\Windows\System32\igfxCUIService.exe

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe

(Microsoft Corporation) C:\Windows\System32\wlanext.exe

() D:\3.下载\Free Download Manager\winwfpmonitor.exe

(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe

(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\HidMonitorSvc.exe

() C:\Program Files (x86)\Realtek\REALTEK Bluetooth\BTDevMgr.exe

(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe

(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe

(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe

(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\Apoint.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe

(Microsoft Corporation) C:\Windows\System32\InputMethod\CHS\ChsIME.exe

(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe

(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\ApMsgFwd.exe

(Intel Corporation) C:\Windows\System32\igfxEM.exe

(Intel Corporation) C:\Windows\System32\igfxHK.exe

(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe

(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\hidfind.exe

(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\ApntEx.exe

(Sogou.com Inc.) C:\Windows\SysWOW64\IME\SogouPY\SogouImeBroker.exe

() C:\Program Files\Hewlett-Packard\SimplePass\opvapp.exe

(Sogou.com Inc.) C:\Windows\SysWOW64\IME\SogouPY\SogouImeLoader.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe

(Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBroker.exe

(Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBrokerDsktop.exe

(SHADOWDEFENDER.COM) C:\Program Files\Shadow Defender\DefenderDaemon.exe

(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe

(EJIE Technology) C:\Program Files (x86)\Clover\clover.exe

(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe

() D:\1.杀毒\Everything.exe

() C:\Users\xiao\AppData\Local\Temp\Everything\Everything.exe

(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

(360.cn) C:\Program Files (x86)\360\360Safe\deepscan\ZhuDongFangYu.exe

(Sogou.com Inc.) D:\2.文档\SogouInput\6.8.0.0856\SogouCloud.exe

 

 

==================== Registry (Whitelisted) ====================

 

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

 

HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2473800 2014-09-10] (NVIDIA Corporation)

HKLM\...\Run: [Apoint] => C:\Program Files\Apoint2K\Apoint.exe [704344 2015-02-05] (Alps Electric Co., Ltd.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7636696 2014-09-03] (Realtek Semiconductor)

HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1396592 2014-09-02] (Realtek Semiconductor)

HKLM\...\Run: [SimplePass] => C:\Program Files\Hewlett-Packard\SimplePass\ClientCore.exe [3962936 2014-03-28] (Hewlett-Packard)

HKLM\...\Run: [OPBHOBroker] => C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBroker.exe [415288 2014-03-28] (Hewlett-Packard)

HKLM\...\Run: [OPBHOBrokerDesktop] => C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBrokerDsktop.exe [415288 2014-03-28] (Hewlett-Packard)

HKLM\...\Run: [Shadow Defender Daemon] => C:\Program Files\Shadow Defender\DefenderDaemon.exe [445312 2016-08-19] (SHADOWDEFENDER.COM)

HKLM-x32\...\Run: [HPMessageService] => C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe [507144 2014-09-02] (Hewlett-Packard Development Company, L.P.)

HKLM-x32\...\Run: [360Safetray] => C:\Program Files (x86)\360\360Safe\safemon\360Tray.exe [395688 2016-10-04] (360.cn)

ShellIconOverlayIdentifiers: [       360UDiskGuard Icon Overlay] -> {CC00F81D-5262-450A-B1FA-D6BEE3406263} => C:\Program Files (x86)\360\360Safe\safemon\360UDiskGuard64.dll [2016-10-04] (360.cn)

GroupPolicy: Restriction <======= ATTENTION

 

==================== Internet (Whitelisted) ====================

 

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

 

Tcpip\Parameters: [DhcpNameServer] 10.64.0.10 10.64.101.101

Tcpip\..\Interfaces\{D81BC7C5-435A-4EA2-90C9-162CE92FD9E8}: [DhcpNameServer] 10.64.0.10 10.64.101.101

 

Internet Explorer:

==================

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://hp13.msn.com

HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://hp13.msn.com

HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://hp13.msn.com

HKU\S-1-5-21-733134077-707159484-3497039572-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =

SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://cn.bing.com/search?q={searchTerms}&form=IE11TR&src=IE11TR&pc=CPNTDFJS

SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://cn.bing.com/search?q={searchTerms}&form=IE11TR&src=IE11TR&pc=CPNTDFJS

BHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer64.dll [2016-10-03] (IObit)

BHO: No Name -> {13D67BB7-DB5F-48AA-884D-7A5D94168509} -> No File

BHO: SafeMon Class -> {B69F34DD-F0F9-42DC-9EDD-957187DA688D} -> C:\Program Files (x86)\360\360Safe\safemon\safemon64.dll [2016-10-04] (360.cn)

BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2013-08-28] (Hewlett-Packard)

BHO: ExplorerWatcher Class -> {F8A6CAA2-533D-4AED-9E05-8EB19A4021AB} -> C:\Program Files (x86)\Clover\TabHelper64.dll [2014-01-23] (EJIE Technology)

BHO-x32: No Name -> {13D67BB7-DB5F-48AA-884D-7A5D94168509} -> No File

BHO-x32: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll [2014-07-25] (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)

BHO-x32: SafeMon Class -> {B69F34DD-F0F9-42DC-9EDD-957187DA688D} -> C:\Program Files (x86)\360\360Safe\safemon\safemon.dll [2016-10-04] (360.cn)

BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2013-08-28] (Hewlett-Packard)

Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} -  No File

 

FireFox:

========

FF Plugin-x32: @360.cn/npaxlogin -> C:\Program Files (x86)\360\360Safe\Utils\npaxlogin.dll [2016-10-04] (360.cn)

FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\SysWOW64\Adobe\Director\np32dsw_1204144.dll [2013-09-05] (Adobe Systems, Inc.)

FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2014-06-19] ()

FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2014-06-19] ()

FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.56 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2014-09-03] (Intel Corporation)

FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2014-09-03] (Intel Corporation)

 

==================== Services (Whitelisted) ====================

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

R2 ApHidMonitorService; C:\Program Files\Apoint2K\HidMonitorSvc.exe [87384 2014-07-12] (Alps Electric Co., Ltd.)

R2 BTDevManager; C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTDevMgr.exe [98816 2014-10-11] () [File not signed]

S3 CooCareServiceStarsoftcommeservices; C:\Program Files (x86)\StarSoftComm\CooCare4\eServices\BIN\CooCareService.exe [119144 2014-12-11] ()

R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [93184 2014-08-01] (Hewlett-Packard Company) [File not signed]

R2 HPWMISVC; C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe [509192 2014-09-02] (Hewlett-Packard Development Company, L.P.)

R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [16232 2014-06-25] (Intel Corporation)

R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [328296 2014-11-26] (Intel Corporation)

S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [887256 2014-05-13] (Intel® Corporation)

R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [131544 2014-09-03] (Intel Corporation)

S3 iumsvc; C:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe [174368 2014-04-09] ()

S2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [154584 2014-09-03] (Intel Corporation)

S3 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2153792 2016-10-03] (IObit)

R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1795912 2014-09-10] (NVIDIA Corporation)

R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [19438920 2014-09-10] (NVIDIA Corporation)

S3 omniserv; C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe [88064 2014-03-28] (Softex Inc.) [File not signed]

R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [291032 2014-08-19] (Realtek Semiconductor)

S3 vmicvss; C:\Windows\System32\ICSvc.dll [517120 2013-08-22] (Microsoft Corporation)

R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347880 2014-12-11] (Microsoft Corporation)

S2 WinAppMgmt; C:\ProgramData\WinAppMgmt\WinAppMgmt.exe [692128 2014-09-18] ()

R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2014-12-11] (Microsoft Corporation)

R2 ZhuDongFangYu; C:\Program Files (x86)\360\360Safe\deepscan\ZhuDongFangYu.exe [237168 2016-10-04] (360.cn)

S2 {0CBD4F48-3751-475D-BE88-4F271385B672}; C:\Program Files\Shadow Defender\Service.exe [129744 2016-08-19] (SHADOWDEFENDER.COM)

 

===================== Drivers (Whitelisted) ======================

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

R1 360AntiHacker; C:\Windows\System32\Drivers\360AntiHacker64.sys [151784 2016-10-04] (360.cn)

R1 360Box64; C:\Windows\System32\DRIVERS\360Box64.sys [321616 2016-10-04] (360.cn)

S1 360Camera; C:\Windows\System32\Drivers\360Camera64.sys [40520 2016-10-04] (360.cn)

R1 360FsFlt; C:\Windows\System32\DRIVERS\360FsFlt.sys [405224 2016-10-04] (360.cn)

S4 360Hvm; C:\Windows\System32\Drivers\360Hvm64.sys [255208 2016-10-04] (360安全中心)

R1 360netmon; C:\Windows\System32\DRIVERS\360netmon.sys [90112 2016-10-04] (360.cn)

R1 360qpesv; C:\Windows\System32\DRIVERS\360qpesv64.sys [249064 2016-09-19] (360.cn)

R1 360reskit64; C:\Windows\system32\drivers\360reskit64.sys [68176 2016-10-04] (360.cn)

R1 BAPIDRV; C:\Windows\System32\DRIVERS\BAPIDRV64.sys [188864 2016-10-04] (360.cn)

R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [91912 2013-11-12] (CyberLink)

R0 diskpt; C:\Windows\System32\drivers\diskpt.sys [452336 2016-08-19] (SHADOWDEFENDER.COM)

U0 DsArk; C:\Windows\System32\drivers\DsArk64.sys [165456 2016-10-04] (360.cn)

S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)

S0 Ggmon; C:\Windows\System32\DRIVERS\Ggmon.sys [514560 2016-09-09] (360.cn)

R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [126976 2014-09-03] (Intel Corporation)

R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19272 2014-09-10] (NVIDIA Corporation)

R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [38048 2014-09-05] (NVIDIA Corporation)

R1 ppfsflt; C:\Windows\System32\DRIVERS\ppfsflt.sys [30952 2014-12-11] (StarSoftComm)

S3 RSP2STOR; C:\Windows\system32\DRIVERS\RtsP2Stor.sys [294104 2014-08-20] (Realtek Semiconductor Corp.)

R3 RtkBtFilter; C:\Windows\system32\DRIVERS\RtkBtfilter.sys [580824 2014-09-10] (Realtek Semiconductor Corporation)

R3 RTWlanE; C:\Windows\system32\DRIVERS\rtwlane.sys [3593432 2014-10-08] (Realtek Semiconductor Corporation                           )

S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [35856 2014-12-11] (Microsoft Corporation)

R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [257880 2014-12-11] (Microsoft Corporation)

R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123224 2014-12-11] (Microsoft Corporation)

R3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [20800 2013-07-22] (Hewlett-Packard Development Company, L.P.)

 

==================== NetSvcs (Whitelisted) ===================

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

 

==================== One Month Created files and folders ========

 

(If an entry is included in the fixlist, the file/folder will be moved.)

 

2016-10-04 17:45 - 2016-10-04 17:45 - 00015503 _____ C:\Users\xiao\Desktop\FRST.txt

2016-10-04 17:44 - 2016-10-04 16:36 - 02404864 _____ (Farbar) C:\Users\xiao\Desktop\FRST64.exe

2016-10-04 16:35 - 2016-10-04 16:36 - 02404864 _____ (Farbar) C:\Users\xiao\Downloads\FRST64.exe

2016-10-04 15:57 - 2016-10-04 17:45 - 00000000 ____D C:\FRST

2016-10-04 15:51 - 2016-10-04 15:51 - 00007507 _____ C:\Users\xiao\Downloads\Fixlist.txt

2016-10-04 15:12 - 2016-10-04 15:12 - 06702331 _____ C:\Users\xiao\Downloads\PCHunter.zip

2016-10-04 15:07 - 2016-10-04 15:07 - 01164418 _____ C:\Users\xiao\Downloads\反锁IE主页.rar

2016-10-04 14:52 - 2016-09-19 18:57 - 00249064 _____ (360.cn) C:\Windows\system32\Drivers\360qpesv64.sys

2016-10-04 14:51 - 2016-10-04 14:46 - 00165456 _____ (360.cn) C:\Windows\system32\Drivers\DsArk64.sys

2016-10-04 14:49 - 2016-10-04 14:49 - 00000000 ____D C:\Windows\System32\Tasks\360SuperKiller

2016-10-04 14:47 - 2016-10-04 14:58 - 00000000 ____D C:\Users\xiao\AppData\LocalLow\360WD

2016-10-04 14:47 - 2016-10-04 14:49 - 00188864 _____ (360.cn) C:\Windows\system32\Drivers\BAPIDRV64.SYS

2016-10-04 14:47 - 2016-10-04 14:47 - 00321616 _____ (360.cn) C:\Windows\system32\Drivers\360Box64.sys

2016-10-04 14:47 - 2016-10-04 14:47 - 00255208 _____ (360安全中心) C:\Windows\system32\Drivers\360Hvm64.sys

2016-10-04 14:47 - 2016-10-04 14:47 - 00151784 _____ (360.cn) C:\Windows\system32\Drivers\360AntiHacker64.sys

2016-10-04 14:47 - 2016-10-04 14:47 - 00040520 _____ (360.cn) C:\Windows\system32\Drivers\360Camera64.sys

2016-10-04 14:47 - 2016-10-04 14:47 - 00001104 _____ C:\Users\xiao\Desktop\360安全卫士.lnk

2016-10-04 14:47 - 2016-10-04 14:47 - 00000001 _____ C:\Windows\system32\Drivers\360Hvm64.dat

2016-10-04 14:47 - 2016-10-04 14:47 - 00000000 _RSHD C:\360SANDBOX

2016-10-04 14:47 - 2016-10-04 14:47 - 00000000 ____D C:\Users\xiao\AppData\Roaming\360mobilemgr

2016-10-04 14:47 - 2016-10-04 14:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\360安全中心

2016-10-04 14:47 - 2016-10-04 14:47 - 00000000 ____D C:\ProgramData\360safe

2016-10-04 14:47 - 2016-10-04 14:46 - 00405224 _____ (360.cn) C:\Windows\system32\Drivers\360FsFlt.sys

2016-10-04 14:47 - 2016-10-04 14:46 - 00180336 _____ (360.cn) C:\Windows\SysWOW64\360SoftMgr.cpl

2016-10-04 14:47 - 2016-10-04 14:46 - 00068176 _____ (360.cn) C:\Windows\system32\Drivers\360reskit64.sys

2016-10-04 14:47 - 2016-10-04 14:46 - 00060416 _____ (360.cn) C:\Windows\system32\Drivers\360LanProtect.sys

2016-10-04 14:46 - 2016-10-04 15:58 - 00000000 ____D C:\Users\xiao\AppData\Roaming\360Safe

2016-10-04 14:41 - 2016-10-03 14:57 - 65649056 _____ C:\Users\xiao\Desktop\360安全卫士.exe

2016-10-04 14:37 - 2016-10-04 14:37 - 00000000 ____D C:\Program Files\Common Files\Tencent

2016-10-04 14:36 - 2016-10-04 14:36 - 00000000 ____D C:\Program Files (x86)\Tencent

2016-10-04 14:35 - 2016-10-04 14:41 - 00000000 ____D C:\ProgramData\Tencent

2016-10-04 14:19 - 2016-10-04 14:19 - 02850466 _____ C:\Users\xiao\Downloads\KMSpico v10.2.0 Portable.7z

2016-10-04 14:19 - 2016-10-04 14:19 - 00004608 _____ C:\Windows\SECOH-QAD.exe

2016-10-04 14:19 - 2016-10-04 14:19 - 00003584 _____ C:\Windows\SECOH-QAD.dll

2016-10-04 14:19 - 2016-10-04 14:19 - 00000000 ____D C:\Users\xiao\Downloads\KMSpico Portable

2016-10-04 13:49 - 2016-10-04 14:47 - 00090112 _____ (360.cn) C:\Windows\system32\Drivers\360netmon.sys

2016-10-04 13:49 - 2016-10-04 13:49 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys

2016-10-04 13:49 - 2011-04-02 13:48 - 00056920 _____ (360.cn) C:\Windows\system32\Drivers\360netmon.old

2016-10-04 13:48 - 2016-10-04 13:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware

2016-10-04 13:48 - 2016-03-10 14:09 - 00065408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys

2016-10-04 13:48 - 2016-03-10 14:08 - 00140672 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys

2016-10-04 13:48 - 2016-03-10 14:08 - 00027008 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys

2016-10-04 13:10 - 2016-10-04 13:10 - 00000000 ____D C:\{0D9DB60E-B0EA-4d53-A392-A5D274956846}

2016-10-04 12:12 - 2016-10-04 12:12 - 00000000 ____D C:\Users\xiao\AppData\Roaming\Shadow Defender

2016-10-04 12:10 - 2016-10-04 12:10 - 00000000 ____D C:\ProgramData\Malwarebytes

2016-10-04 12:05 - 2016-10-04 12:05 - 00000000 ____D C:\Users\xiao\AppData\Roaming\CleanAndroid

2016-10-04 12:05 - 2016-10-04 12:05 - 00000000 ____D C:\ProgramData\CleanAndroid

2016-10-04 11:51 - 2016-10-04 12:04 - 00005020 _____ C:\Windows\diskpt.dat

2016-10-04 11:51 - 2016-10-04 11:51 - 00000000 _____ C:\Windows\diskptex.dat

2016-10-04 11:50 - 2016-10-04 11:50 - 00001033 _____ C:\Users\Public\Desktop\Shadow Defender.lnk

2016-10-04 11:50 - 2016-10-04 11:50 - 00000064 _____ C:\Windows\diskpt.crt

2016-10-04 11:50 - 2016-10-04 11:50 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Shadow Defender

2016-10-04 11:50 - 2016-10-04 11:50 - 00000000 ____D C:\Program Files\Shadow Defender

2016-10-04 11:50 - 2016-08-19 21:11 - 00452336 _____ (SHADOWDEFENDER.COM) C:\Windows\system32\Drivers\diskpt.sys

2016-10-04 11:16 - 2016-10-04 11:17 - 00000000 ____D C:\Users\xiao\Downloads\Shadow Defender

2016-10-04 00:09 - 2016-10-04 00:09 - 00000000 ____D C:\Users\xiao\AppData\LocalLow\Thunder Network

2016-10-03 23:52 - 2016-10-03 23:52 - 00000000 ____D C:\Users\xiao\AppData\Roaming\Locktime

2016-10-03 23:33 - 2016-10-03 23:33 - 00000000 ____D C:\Users\xiao\AppData\Roaming\LockHunter

2016-10-03 23:31 - 2016-10-04 11:42 - 00000000 ____D C:\Users\xiao\AppData\Roaming\Locktime Software

2016-10-03 23:31 - 2016-10-04 11:21 - 00000000 ____D C:\ProgramData\Locktime

2016-10-03 23:31 - 2016-10-04 00:01 - 00000000 __SHD C:\Windows\SysWOW64\AI_RecycleBin

2016-10-03 22:44 - 2016-10-03 22:45 - 02313709 _____ C:\Users\xiao\Downloads\360流量监控.rar

2016-10-03 22:21 - 2016-10-03 22:21 - 00000000 ____D C:\Users\xiao\AppData\Roaming\BaiduYunKernel

2016-10-03 22:21 - 2016-10-03 22:21 - 00000000 ____D C:\Users\xiao\AppData\Roaming\BaiduYunGuanjia

2016-10-03 22:11 - 2016-10-03 22:11 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\搜狗拼音输入法

2016-10-03 22:03 - 2016-10-04 17:44 - 00000000 ____D C:\Users\xiao\AppData\LocalLow\SogouPY

2016-10-03 22:03 - 2016-10-03 22:03 - 00000000 ____D C:\Users\xiao\AppData\LocalLow\SogouPY.users

2016-10-03 21:58 - 2016-10-03 21:58 - 00000206 __RSH C:\ProgramData\ntuser.pol

2016-10-03 21:47 - 2016-10-03 21:47 - 00000000 ____D C:\Users\xiao\AppData\Roaming\Macromedia

2016-10-03 21:40 - 2016-10-03 21:42 - 00000000 ____D C:\Users\xiao\Documents\WORLD

2016-10-03 19:12 - 2016-10-03 19:14 - 44877744 _____ C:\Users\xiao\Downloads\360国际版.exe

2016-10-03 18:45 - 2016-10-03 18:45 - 00000889 _____ C:\Users\xiao\Desktop\RegWorkshopX64.lnk

2016-10-03 18:38 - 2016-10-04 17:38 - 00000000 ____D C:\Users\xiao\AppData\Local\shadowsocks-gui

2016-10-03 18:38 - 2016-10-03 18:38 - 01132938 _____ C:\Users\xiao\Downloads\RegistryWorkshop_chs.exe

2016-10-03 18:30 - 2016-10-03 10:38 - 02626201 _____ C:\Users\xiao\Downloads\geek.zip

2016-10-03 18:27 - 2016-10-03 18:27 - 00000768 _____ C:\Users\xiao\Desktop\PowerPnt2016.lnk

2016-10-03 18:27 - 2016-10-03 18:27 - 00000763 _____ C:\Users\xiao\Desktop\Word 2016.lnk

2016-10-03 18:27 - 2016-10-03 18:27 - 00000755 _____ C:\Users\xiao\Desktop\Excel 2016.lnk

2016-10-03 18:27 - 2015-10-30 08:25 - 00026312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FM20CHS.DLL

2016-10-03 18:27 - 2015-10-30 08:21 - 01281192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FM20.DLL

2016-10-03 18:27 - 2015-10-29 16:34 - 00052840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\VEN2232.OLB

2016-10-03 18:27 - 2015-07-18 21:08 - 00901264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ucrtbase.dll

2016-10-03 18:27 - 2015-07-18 21:08 - 00066400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-private-l1-1-0.dll

2016-10-03 18:27 - 2015-07-18 21:08 - 00022368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-math-l1-1-0.dll

2016-10-03 18:27 - 2015-07-18 21:08 - 00019808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-multibyte-l1-1-0.dll

2016-10-03 18:27 - 2015-07-18 21:08 - 00017760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-string-l1-1-0.dll

2016-10-03 18:27 - 2015-07-18 21:08 - 00017760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-stdio-l1-1-0.dll

2016-10-03 18:27 - 2015-07-18 21:08 - 00016224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-runtime-l1-1-0.dll

2016-10-03 18:27 - 2015-07-18 21:08 - 00015712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-convert-l1-1-0.dll

2016-10-03 18:27 - 2015-07-18 21:08 - 00014176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-time-l1-1-0.dll

2016-10-03 18:27 - 2015-07-18 21:08 - 00013664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-filesystem-l1-1-0.dll

2016-10-03 18:27 - 2015-07-18 21:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-process-l1-1-0.dll

2016-10-03 18:27 - 2015-07-18 21:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-heap-l1-1-0.dll

2016-10-03 18:27 - 2015-07-18 21:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-conio-l1-1-0.dll

2016-10-03 18:27 - 2015-07-18 21:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-utility-l1-1-0.dll

2016-10-03 18:27 - 2015-07-18 21:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-locale-l1-1-0.dll

2016-10-03 18:27 - 2015-07-18 21:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-environment-l1-1-0.dll

2016-10-03 18:27 - 2015-06-26 13:34 - 00439608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcp140.dll

2016-10-03 18:27 - 2015-06-26 13:34 - 00085328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vcruntime140.dll

2016-10-03 18:19 - 2016-10-03 18:19 - 00000000 ____D C:\Users\xiao\AppData\Roaming\Foxit Software

2016-10-03 18:14 - 2016-10-03 10:23 - 22851472 _____ (Malwarebytes ) C:\Users\xiao\Downloads\mbam-setup-2.2.1.1043.exe

2016-10-03 18:06 - 2016-10-04 00:24 - 00000000 ____D C:\Users\Public\Thunder Network

2016-10-03 18:06 - 2016-10-04 00:09 - 00000000 ____D C:\ProgramData\Thunder Network

2016-10-03 18:06 - 2016-10-03 18:06 - 00000756 _____ C:\Users\xiao\Desktop\迅雷.lnk

2016-10-03 18:04 - 2016-10-03 18:04 - 00000893 _____ C:\Users\xiao\Desktop\ADWclean.lnk

2016-10-03 17:56 - 2016-10-03 17:56 - 00000845 _____ C:\Users\xiao\Desktop\Everything.lnk

2016-10-03 17:51 - 2016-10-03 17:51 - 00000905 _____ C:\Users\xiao\Desktop\FastStone.lnk

2016-10-03 17:50 - 2016-10-03 17:50 - 00000669 _____ C:\Users\xiao\Desktop\舒克.lnk

2016-10-03 17:50 - 2016-10-03 17:50 - 00000000 ____D C:\Users\xiao\AppData\Roaming\ShokDown

2016-10-03 17:46 - 2016-10-04 11:49 - 00000000 ____D C:\Users\xiao\Downloads\hoarding

2016-10-03 17:44 - 2016-10-03 17:44 - 00001013 _____ C:\Users\xiao\Desktop\干净云.lnk

2016-10-03 17:43 - 2016-10-03 17:43 - 00000919 _____ C:\Users\xiao\Desktop\快速合并.lnk

2016-10-03 17:42 - 2016-10-03 17:42 - 00000000 ____D C:\Users\xiao\AppData\Roaming\flvcd

2016-10-03 17:40 - 2016-10-03 17:40 - 00000000 ____D C:\Users\xiao\AppData\Local\CEF

2016-10-03 17:39 - 2016-10-03 18:20 - 00000000 ____D C:\Users\xiao\AppData\Local\Free Download Manager

2016-10-03 17:39 - 2016-10-03 17:39 - 00002680 _____ C:\Windows\System32\Tasks\FreeDownloadManagerNetworkMonitor

2016-10-03 17:39 - 2016-10-03 17:39 - 00000711 _____ C:\Users\Public\Desktop\FDM5.lnk

2016-10-03 17:39 - 2016-10-03 17:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free Download Manager

2016-10-03 17:37 - 2016-10-03 17:37 - 00000912 _____ C:\Users\xiao\Desktop\Win8管家.lnk

2016-10-03 17:34 - 2016-10-03 17:34 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LockHunter

2016-10-03 17:32 - 2016-10-03 17:32 - 00000000 ____D C:\Users\xiao\Downloads\SS

2016-10-03 17:26 - 2016-10-03 17:26 - 00000331 _____ C:\Users\xiao\Desktop\控制面板.lnk

2016-10-03 15:59 - 2016-10-03 15:59 - 00000392 _____ C:\Users\xiao\Desktop\这台电脑.lnk

2016-10-03 15:55 - 2016-10-04 14:52 - 00000000 __SHD C:\Users\xiao\AppData\Roaming\360Quarant

2016-10-03 15:55 - 2016-10-04 14:52 - 00000000 __SHD C:\$360Section

2016-10-03 15:34 - 2016-10-03 15:34 - 00198568 _____ C:\Windows\SysWOW64\360FixOpHelper.exe

2016-10-03 15:07 - 2016-10-04 14:49 - 00000000 ____D C:\Users\xiao\AppData\Roaming\360SuperKiller

2016-10-03 15:07 - 2016-09-09 16:35 - 00514560 _____ (360.cn) C:\Windows\system32\Drivers\Ggmon.sys

2016-10-03 15:07 - 2016-09-09 16:35 - 00514560 _____ (360.cn) C:\Windows\checkbin.bin

2016-10-03 15:06 - 2016-10-03 15:06 - 00000000 ____D C:\ProgramData\OEM Links

2016-10-03 14:58 - 2016-10-03 14:59 - 00000000 ____D C:\Users\xiao\.android

2016-10-03 14:58 - 2016-10-03 14:58 - 00000000 ____D C:\Users\xiao\AppData\Roaming\360Login

2016-10-03 14:52 - 2016-10-03 14:52 - 00000998 _____ C:\Users\Public\Desktop\Clover.lnk

2016-10-03 14:52 - 2016-10-03 14:52 - 00000000 ____D C:\Users\xiao\AppData\Local\Clover

2016-10-03 14:52 - 2016-10-03 14:52 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Clover

2016-10-03 14:52 - 2016-10-03 14:52 - 00000000 ____D C:\Program Files (x86)\Clover

2016-10-03 14:50 - 2016-10-03 14:50 - 00000000 ____D C:\Users\xiao\AppData\Roaming\WinRAR

2016-10-03 14:50 - 2016-10-03 14:50 - 00000000 ____D C:\Users\xiao\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR

2016-10-03 14:50 - 2016-10-03 14:50 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR

2016-10-03 14:49 - 2016-10-03 14:49 - 00000872 _____ C:\Users\xiao\Desktop\MyChrome - 快捷方式.lnk

2016-10-03 14:47 - 2016-10-03 14:47 - 00002770 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC

2016-10-03 14:47 - 2016-10-03 14:47 - 00000841 _____ C:\Users\Public\Desktop\CCleaner.lnk

2016-10-03 14:47 - 2016-10-03 14:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner

2016-10-03 14:47 - 2016-10-03 14:47 - 00000000 ____D C:\Program Files\CCleaner

2016-10-03 14:44 - 2016-10-04 14:46 - 00000000 ____D C:\Program Files (x86)\360

2016-10-03 14:44 - 2016-09-28 14:52 - 00086248 _____ (360.cn) C:\Windows\SysWOW64\Drivers\360AvFlt.sys

2016-10-03 14:42 - 2016-10-03 22:13 - 00000292 _____ C:\Windows\Tasks\Uninstaller_SkipUac_Administrator.job

2016-10-03 14:42 - 2016-10-03 21:56 - 00002392 _____ C:\Windows\System32\Tasks\Uninstaller_SkipUac_Administrator

2016-10-03 14:42 - 2016-10-03 14:44 - 00000000 ____D C:\ProgramData\IObit

2016-10-03 14:42 - 2016-10-03 14:42 - 00001275 _____ C:\Users\xiao\AppData\Roaming\Microsoft\Windows\Start Menu\Uninstall Programs.lnk

2016-10-03 14:42 - 2016-10-03 14:42 - 00001251 _____ C:\Users\Public\Desktop\IObit Uninstaller.lnk

2016-10-03 14:42 - 2016-10-03 14:42 - 00000000 ____D C:\Users\xiao\AppData\Roaming\IObit

2016-10-03 14:42 - 2016-10-03 14:42 - 00000000 ____D C:\ProgramData\ProductData

2016-10-03 14:42 - 2016-10-03 14:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IObit Uninstaller

2016-10-03 14:42 - 2016-10-03 14:42 - 00000000 ____D C:\Program Files (x86)\IObit

2016-10-03 14:22 - 2016-10-03 14:22 - 00000000 __SHD C:\Users\xiao\AppData\LocalLow\EmieUserList

2016-10-03 13:47 - 2016-10-03 13:47 - 00004020 _____ C:\Windows\System32\Tasks\HPGenoobeReminder

2016-10-03 13:20 - 2016-10-03 13:20 - 00000000 ____D C:\Users\Public\CyberLink

2016-10-03 13:15 - 2016-10-03 13:15 - 00000000 ____D C:\Users\xiao\AppData\Roaming\hpqlog

2016-10-03 13:15 - 2016-10-03 13:15 - 00000000 ____D C:\Users\xiao\AppData\Local\Hewlett-Packard

2016-10-03 13:07 - 2016-10-04 14:44 - 00000000 ____D C:\AdwCleaner

2016-10-03 13:07 - 2016-10-03 13:07 - 00000000 ____D C:\Users\xiao\AppData\Roaming\baiduyun

2016-10-03 13:04 - 2016-10-03 18:14 - 00000000 ____D C:\Users\xiao\Desktop\杀毒

2016-10-03 13:02 - 2016-10-03 13:02 - 00000000 __SHD C:\Users\xiao\AppData\Local\EmieUserList

2016-10-03 13:02 - 2016-10-03 13:02 - 00000000 __SHD C:\Users\xiao\AppData\Local\EmieSiteList

2016-10-03 13:01 - 2016-10-03 14:22 - 00000000 __SHD C:\Users\xiao\AppData\LocalLow\EmieSiteList

2016-10-03 13:00 - 2016-10-04 14:50 - 00003594 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-733134077-707159484-3497039572-1001

2016-10-03 12:58 - 2016-10-03 16:07 - 00000000 ____D C:\Users\xiao\Documents\Youcam

2016-10-03 12:58 - 2016-10-03 13:47 - 00000000 ____D C:\Users\xiao\AppData\Roaming\Hewlett-Packard

2016-10-03 12:58 - 2016-10-03 12:58 - 00000000 ____D C:\Users\xiao\AppData\Local\CyberLink

2016-10-03 12:54 - 2016-10-04 13:51 - 00000000 ____D C:\Users\xiao

2016-10-03 12:54 - 2016-10-04 00:46 - 00000000 ____D C:\Users\xiao\AppData\Local\Packages

2016-10-03 12:54 - 2016-10-03 13:04 - 00000000 __SHD C:\Users\xiao\IntelGraphicsProfiles

2016-10-03 12:54 - 2016-10-03 12:56 - 00000000 ____D C:\Users\xiao\AppData\Local\VirtualStore

2016-10-03 12:54 - 2016-10-03 12:55 - 00000000 ____D C:\Users\xiao\AppData\Local\NVIDIA Corporation

2016-10-03 12:54 - 2016-10-03 12:54 - 00001373 _____ C:\Users\xiao\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk

2016-10-03 12:54 - 2016-10-03 12:54 - 00000182 _____ C:\Windows\insFileSpec

2016-10-03 12:54 - 2016-10-03 12:54 - 00000118 _____ C:\Windows\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat

2016-10-03 12:54 - 2016-10-03 12:54 - 00000020 ___SH C:\Users\xiao\ntuser.ini

2016-10-03 12:54 - 2016-10-03 12:54 - 00000000 _SHDL C:\Users\xiao\My Documents

2016-10-03 12:54 - 2016-10-03 12:54 - 00000000 _SHDL C:\Users\xiao\Documents\My Videos

2016-10-03 12:54 - 2016-10-03 12:54 - 00000000 _SHDL C:\Users\xiao\Documents\My Pictures

2016-10-03 12:54 - 2016-10-03 12:54 - 00000000 _SHDL C:\Users\xiao\Documents\My Music

2016-10-03 12:54 - 2016-10-03 12:54 - 00000000 _SHDL C:\Users\xiao\AppData\Roaming\Microsoft\Windows\Start Menu\程序

2016-10-03 12:54 - 2016-10-03 12:54 - 00000000 _SHDL C:\Users\xiao\「开始」菜单

2016-10-03 12:54 - 2016-10-03 12:54 - 00000000 ____D C:\Users\xiao\AppData\Roaming\Adobe

2016-10-03 12:54 - 2016-10-03 12:54 - 00000000 ____D C:\Users\xiao\AppData\Local\NVIDIA

2016-10-03 12:54 - 2014-12-11 00:19 - 00000000 ___HD C:\Users\xiao\Documents\hp.system.package.metadata

2016-10-03 12:54 - 2014-12-11 00:19 - 00000000 ___HD C:\Users\xiao\Documents\hp.applications.package.appdata

2016-10-03 12:54 - 2014-03-18 17:52 - 00000369 _____ C:\Users\xiao\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pictures.lnk

2016-10-03 12:54 - 2014-03-18 17:52 - 00000369 _____ C:\Users\xiao\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Documents.lnk

2016-10-03 12:50 - 2016-10-03 12:50 - 00000000 __RHD C:\Users\Public\AccountPictures

2016-10-03 12:48 - 2016-10-03 12:48 - 00000000 _SHDL C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\程序

2016-10-03 12:48 - 2016-10-03 12:48 - 00000000 _SHDL C:\Users\Default\「开始」菜单

2016-10-03 12:48 - 2016-10-03 12:48 - 00000000 _SHDL C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\程序

2016-10-03 12:48 - 2016-10-03 12:48 - 00000000 _SHDL C:\ProgramData\桌面

2016-10-03 12:48 - 2016-10-03 12:48 - 00000000 _SHDL C:\ProgramData\Microsoft\Windows\Start Menu\程序

2016-10-03 12:48 - 2016-10-03 12:48 - 00000000 _SHDL C:\ProgramData\「开始」菜单

2016-10-03 12:44 - 2016-10-03 12:44 - 00002384 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-733134077-707159484-3497039572-500

2016-10-03 12:40 - 2015-05-18 21:20 - 00003361 _____ C:\OA3.Trace.xml

 

==================== One Month Modified files and folders ========

 

(If an entry is included in the fixlist, the file/folder will be moved.)

 

2016-10-04 15:14 - 2016-04-10 23:34 - 00000000 ____D C:\Users\xiao\Downloads\PCHunter_free

2016-10-04 14:51 - 2014-03-18 17:50 - 01605104 _____ C:\Windows\system32\PerfStringBackup.INI

2016-10-04 14:51 - 2014-03-18 17:21 - 00479676 _____ C:\Windows\system32\prfh0804.dat

2016-10-04 14:51 - 2014-03-18 17:21 - 00162152 _____ C:\Windows\system32\prfc0804.dat

2016-10-04 14:51 - 2013-08-22 21:36 - 00000000 ____D C:\Windows\Inf

2016-10-04 14:45 - 2013-08-22 22:45 - 00000006 ____H C:\Windows\Tasks\SA.DAT

2016-10-04 00:46 - 2013-08-22 23:36 - 00000000 ____D C:\Windows\AppReadiness

2016-10-03 23:17 - 2013-08-22 23:36 - 00000000 ___HD C:\Windows\system32\GroupPolicy

2016-10-03 22:30 - 2014-12-11 00:31 - 00000000 ____D C:\ProgramData\Hewlett-Packard

2016-10-03 22:03 - 2013-08-22 23:36 - 00000000 ____D C:\Windows\SysWOW64\IME

2016-10-03 22:03 - 2013-08-22 23:36 - 00000000 ____D C:\Windows\system32\IME

2016-10-03 22:02 - 2013-08-22 23:20 - 00000000 ____D C:\Windows\CbsTemp

2016-10-03 21:56 - 2015-05-18 19:21 - 00003814 _____ C:\Windows\System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473

2016-10-03 21:56 - 2015-05-18 19:21 - 00003572 _____ C:\Windows\System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473-Logon

2016-10-03 21:53 - 2013-08-22 23:36 - 00000000 ____D C:\Windows\SysWOW64\GroupPolicy

2016-10-03 19:22 - 2013-08-22 22:44 - 00362600 _____ C:\Windows\system32\FNTCACHE.DAT

2016-10-03 18:19 - 2014-12-11 00:30 - 00000000 ____D C:\Users\Public\Foxit Software

2016-10-03 16:11 - 2015-05-18 19:38 - 00003156 _____ C:\Windows\System32\Tasks\YCMServiceAgent

2016-10-03 15:34 - 2013-08-22 21:25 - 00262144 ___SH C:\Windows\system32\config\BBI

2016-10-03 15:06 - 2013-08-22 23:36 - 00000000 ____D C:\Windows\Resources

2016-10-03 15:02 - 2015-05-18 19:41 - 00000000 ____D C:\Program Files\Common Files\McAfee

2016-10-03 15:01 - 2013-08-22 23:36 - 00000000 ___HD C:\Windows\ELAMBKUP

2016-10-03 15:00 - 2015-05-18 19:41 - 00000000 ____D C:\Program Files\mcafee

2016-10-03 14:48 - 2014-04-03 09:26 - 00000000 ____D C:\Windows\Panther

2016-10-03 14:31 - 2014-12-11 00:25 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Security and Protection

2016-10-03 14:23 - 2015-05-18 19:26 - 00000000 ____D C:\Program Files\Apoint2K

2016-10-03 13:11 - 2014-12-11 00:29 - 00000000 ____D C:\Users\Public\baidu

2016-10-03 13:02 - 2013-08-22 21:25 - 00262144 ___SH C:\Windows\system32\config\ELAM

2016-10-03 12:59 - 2015-05-18 19:20 - 00000000 ____D C:\ProgramData\Intel

2016-10-03 12:57 - 2013-08-22 23:36 - 00000000 ___HD C:\Program Files\WindowsApps

2016-10-03 12:54 - 2015-05-18 19:27 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Music, Photos and Videos

2016-10-03 12:54 - 2014-04-05 07:46 - 00000000 ___HD C:\SYSTEM.SAV

2016-10-03 12:53 - 2013-08-22 21:36 - 00000000 ____D C:\Windows\system32\AdvancedInstallers

2016-10-03 12:49 - 2013-08-22 23:36 - 00000000 ____D C:\Windows\rescache

2016-10-03 12:48 - 2013-08-22 23:36 - 00000000 ____D C:\Program Files\Windows NT

2016-10-03 12:40 - 2013-08-22 23:36 - 00262144 _____ C:\Windows\system32\config\BCD-Template

 

Some files in TEMP:

====================

C:\Users\xiao\AppData\Local\Temp\1f0fb7c2d13cc0c07ff2ca40747bc03e_360tray.exe

C:\Users\xiao\AppData\Local\Temp\1f0fb7c2d13cc0c07ff2ca40747bc03e_SystemCompact.exe

C:\Users\xiao\AppData\Local\Temp\libeay32.dll

C:\Users\xiao\AppData\Local\Temp\msvcr120.dll

C:\Users\xiao\AppData\Local\Temp\sogou_pinyin_8.0.0.8381_unre.exe

C:\Users\xiao\AppData\Local\Temp\sqlite3.dll

 

 

==================== Bamital & volsnap ======================

 

(There is no automatic fix for files that do not pass verification.)

 

C:\Windows\system32\winlogon.exe => File is digitally signed

C:\Windows\system32\wininit.exe => File is digitally signed

C:\Windows\explorer.exe => File is digitally signed

C:\Windows\SysWOW64\explorer.exe => File is digitally signed

C:\Windows\system32\svchost.exe => File is digitally signed

C:\Windows\SysWOW64\svchost.exe => File is digitally signed

C:\Windows\system32\services.exe => File is digitally signed

C:\Windows\system32\User32.dll => File is digitally signed

C:\Windows\SysWOW64\User32.dll => File is digitally signed

C:\Windows\system32\userinit.exe => File is digitally signed

C:\Windows\SysWOW64\userinit.exe => File is digitally signed

C:\Windows\system32\rpcss.dll => File is digitally signed

C:\Windows\system32\dnsapi.dll => File is digitally signed

C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed

C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

 

 

LastRegBack: 2014-04-02 17:28

 

==================== End of FRST.txt ============================

 

 

2.Additional(scanned with 360)

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 03-10-2016

Ran by xiao (04-10-2016 17:45:28)

Running from C:\Users\xiao\Desktop

Windows 8.1 China (Update) (X64) (2016-10-03 04:53:58)

Boot Mode: Normal

==========================================================

 

 

==================== Accounts: =============================

 

Administrator (S-1-5-21-733134077-707159484-3497039572-500 - Administrator - Disabled)

Guest (S-1-5-21-733134077-707159484-3497039572-501 - Limited - Disabled)

xiao (S-1-5-21-733134077-707159484-3497039572-1001 - Administrator - Enabled) => C:\Users\xiao

 

==================== Security Center ========================

 

(If an entry is included in the fixlist, it will be removed.)

 

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

AS: 360安全卫士 (Disabled - Up to date) {90070FFA-C3F2-CD79-5E3F-7527D7EF99C0}

AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

 

==================== Installed Programs ======================

 

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

 

360安全卫士 (HKLM-x32\...\360安全卫士) (Version: 10.3.0.2001 - 360安全中心)

7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)

Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.4.144 - Adobe Systems, Inc.)

ALPS Touch Pad Driver (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 8.1202.1711.102 - Alps Electric)

Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)

CCleaner (HKLM\...\CCleaner) (Version: 4.11 - Piriform)

Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)

Cisco LEAP Module (HKLM-x32\...\{AF312B06-5C5C-468E-89B3-BE6DE2645722}) (Version: 1.0.19 - Cisco Systems, Inc.)

Cisco PEAP Module (HKLM-x32\...\{0A4EF0E6-A912-4CDE-A7F3-6E56E7C13A2F}) (Version: 1.1.6 - Cisco Systems, Inc.)

Clover 3.0 (HKLM-x32\...\Clover) (Version: 3.0 - EJIE Technology)

CyberLink Media Suite 10 (HKLM-x32\...\InstallShield_{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}) (Version: 10.0.8.4420 - CyberLink Corp.)

Cyberlink PhotoDirector (HKLM-x32\...\InstallShield_{5A454EC5-217A-42a5-8CE1-2DDEC4E70E01}) (Version: 5.0.3.5715 - CyberLink Corp.)

Cyberlink PhotoDirector (Version: 5.0.3.5715 - 公司名称) Hidden

CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.8.4316 - CyberLink Corp.)

CyberLink PowerBackup 2.6 (HKLM-x32\...\InstallShield_{ADD5DB49-72CF-11D8-9D75-000129760D75}) (Version: 2.6.1.0903 - CyberLink Corp.)

CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 5.0.5.4523 - CyberLink Corp.)

DisableMSDefender (Version: 1.0.0 - Hewlett-Packard Company) Hidden

Energy Star (HKLM\...\{465CA2B6-98AF-4E77-BE22-A908C34BB9EC}) (Version: 1.0.9 - Hewlett-Packard Company)

Evernote v. 5.5.3 (HKLM-x32\...\{B1A0F908-1448-11E4-8684-00163E98E7D0}) (Version: 5.5.3.4236 - Evernote Corp.)

e管家 (HKLM-x32\...\CooCare4_eServices) (Version: 4.199 - StarSoftComm)

Foxit PhantomPDF (HKLM-x32\...\{89BF1D4D-1D62-451E-9496-B971BDE82720}) (Version: 6.0.33.715 - 福昕企业)

Free Download Manager (HKLM\...\{43781dff-e0df-49ce-a6d2-47da96a485e7}}_is1) (Version: 5.1.17.4597 - FreeDownloadManager.ORG)

Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden

HP Documentation (HKLM-x32\...\{0166934F-40D5-4B60-944A-09857610804E}) (Version: 1.5.0.0 - Hewlett-Packard)

HP Registration Service (HKLM\...\{D1E8F2D7-7794-4245-B286-87ED86C1893C}) (Version: 1.2.7745.4851 - Hewlett-Packard)

HP SimplePass (HKLM-x32\...\InstallShield_{314FAD12-F785-4471-BCE8-AB506642B9A1}) (Version: 8.01.11 - Hewlett-Packard)

HP Support Assistant (HKLM-x32\...\{1E7F409E-E35A-4DF8-BF5C-FE34B74B640E}) (Version: 7.6.31.30 - Hewlett-Packard Company)

HP System Event Utility (HKLM-x32\...\{F12B17AB-FCDA-4380-9D35-E3F871BF1093}) (Version: 1.2.6 - Hewlett-Packard Company)

HP Wireless Button Driver (HKLM-x32\...\{30B2D1D8-0A07-4B71-9553-0710C5D31E35}) (Version: 1.1.2.1 - Hewlett-Packard Company)

Inst5675 (Version: 8.01.11 - Softex Inc.) Hidden

Inst5676 (Version: 8.01.11 - Softex Inc.) Hidden

Intel® Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 10.0.28.1006 - Intel Corporation)

Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.4013 - Intel Corporation)

Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 13.2.0.1016 - Intel Corporation)

Intel® Update Manager (HKLM-x32\...\{84A2B59B-6A7B-4C01-8592-15C9BFE6AC36}) (Version: 2.4.3 - Intel Corporation)

IObit Uninstaller (HKLM-x32\...\IObitUninstall) (Version: 3.2.9.10 - IObit)

LockHunter 3.0, 32/64 bit (HKLM\...\LockHunter_is1) (Version:  - Crystal Rich Ltd)

Malwarebytes Anti-Malware  2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)

Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation)

Microsoft Surface 2.0 Runtime (HKLM-x32\...\{69C2B39D-F060-49AD-8877-01C4144A8424}) (Version: 2.0.21114.00 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)

Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.51106 (HKLM-x32\...\{6e8f74e0-43bd-4dce-8477-6ff6828acc07}) (Version: 11.0.51106.1 - Microsoft Corporation)

NVIDIA GeForce Experience 2.1.2 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.1.2 - NVIDIA Corporation)

NVIDIA PhysX 系统软件 9.14.0702 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.14.0702 - NVIDIA Corporation)

NVIDIA 图形驱动程序 344.24 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 344.24 - NVIDIA Corporation)

PC语点 (HKLM-x32\...\VoiceAssistant) (Version: 1.0.0.1146 - "iFLYTEK Co., Ltd.")

REALTEK Bluetooth Driver (HKLM-x32\...\{9D3D8C60-A5EF-4123-B2B9-172095903AB}) (Version: 1.0.0.24 - REALTEK Semiconductor Corp.)

Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.3.9600.29082 - Realtek Semiconductor Corp.)

Realtek Ethernet Controller All-In-One Windows Driver (HKLM-x32\...\{F7E7F0CB-AA41-4D5A-B6F2-8E6738EB063F}) (Version: 8.35.716.2014 - Realtek)

Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7335 - Realtek Semiconductor Corp.)

REALTEK Wireless LAN Driver (HKLM-x32\...\{A5107464-AA9B-4177-8129-5FF2F42DD322}) (Version: 1.0.0.38 - REALTEK Semiconductor Corp.)

Registry Workshop (HKLM\...\Registry Workshop) (Version:  - )

Shadow Defender (HKLM\...\{93A07A0D-454E-43d1-86A9-5DE9C5F4411A}) (Version: 1.4.0.650 - ShadowDefender.com)

SHIELD Streaming (Version: 3.1.200 - NVIDIA Corporation) Hidden

swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden

舒克高清视频下载器 (HKLM-x32\...\ShokDown) (Version:  - )

搜狗拼音传统版 6.8b (HKLM-x32\...\Sogou Input) (Version: 6.8.0.0856 - 大水牛)

英特尔® 芯片组设备软件 (x32 Version: 10.0.21 - Intel® Corporation) Hidden

 

==================== Custom CLSID (Whitelisted): ==========================

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

 

==================== Scheduled Tasks (Whitelisted) =============

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

Task: {03418F0D-903E-40A2-BD30-CB94CB3F9064} - \360SuperKiller\360SuperKiller -> No File <==== ATTENTION

Task: {0B545118-B563-42FC-8D07-B78F602FCF34} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList

Task: {0E0FAABB-22C4-4223-87D6-C440DE051017} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2014-05-12] (Hewlett-Packard Company)

Task: {3BA0ADA1-3D0E-4B9E-AF44-B7CC24B8BCDA} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2014-08-01] (Hewlett-Packard Company)

Task: {4DEBDD42-AAB6-4123-A9FC-277153EEAA63} - System32\Tasks\FreeDownloadManagerNetworkMonitor => D:\3.下载\Free Download Manager\winwfpmonitor.exe [2016-08-23] ()

Task: {52E22504-DF48-4DB1-9166-3DB34B6D0478} - System32\Tasks\Uninstaller_SkipUac_Administrator => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe [2014-03-13] (IObit)

Task: {6A802E4B-023F-40FC-BC0E-E32E26978842} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2014-08-01] (Hewlett-Packard Company)

Task: {700A0265-44E3-4F9E-A720-6FB8BA7E68E2} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-02-21] (Piriform Ltd)

Task: {70EDC337-8BE2-4A70-A939-3E8109FCCCCE} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2014-03-21] (Hewlett-Packard)

Task: {753B341E-99AA-4E01-9949-F6A180D8ACB4} - System32\Tasks\HPGenoobeReminder => C:\Program Files (x86)\Hewlett-Packard\HP Registration Service\HP GenOOBE\HPGenOOBE.exe [2014-05-15] ()

Task: {7F39AF23-33F6-43D2-9C81-1AB5FD8EB48B} - System32\Tasks\YCMServiceAgent => C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe [2014-09-23] (CyberLink Corp.)

Task: {8FCFD90F-A3BD-42DE-94C9-57F21C04CD8C} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe [2014-04-09] ()

Task: {940C5318-EADF-4BF2-843D-7BA6818974A1} - System32\Tasks\Microsoft\Windows\SetupSQMTask => C:\Windows\SYSTEM32\OOBE\SETUPSQM.EXE [2013-08-22] (Microsoft Corporation)

Task: {E353A098-73B0-4347-B53A-2A808B76BB9B} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473-Logon => C:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe [2014-04-09] ()

 

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

 

Task: C:\Windows\Tasks\Uninstaller_SkipUac_Administrator.job => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe

 

==================== Shortcuts =============================

 

(The entries could be listed to be restored or removed.)

 

==================== Loaded Modules (Whitelisted) ==============

 

2015-05-18 19:24 - 2014-09-27 11:19 - 00118080 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll

2016-10-03 17:39 - 2016-08-23 20:27 - 00848896 _____ () D:\3.下载\Free Download Manager\winwfpmonitor.exe

2016-10-03 17:39 - 2016-08-23 20:24 - 00029696 _____ () D:\3.下载\Free Download Manager\WinDivert.dll

2015-05-18 19:22 - 2014-10-11 10:24 - 00098816 _____ () C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTDevMgr.exe

2014-03-28 13:36 - 2014-03-28 13:36 - 00065024 _____ () C:\Program Files\Hewlett-Packard\SimplePass\opvapp.exe

2014-03-28 13:31 - 2014-03-28 13:31 - 02110464 _____ () C:\Program Files\Hewlett-Packard\SimplePass\autheng.dll

2014-03-28 13:27 - 2014-03-28 13:27 - 00035328 _____ () C:\Program Files\Hewlett-Packard\SimplePass\ssplogon.dll

2014-03-28 13:27 - 2014-03-28 13:27 - 00055296 _____ () C:\Program Files\Hewlett-Packard\SimplePass\RandomPass.dll

2016-10-03 14:51 - 2016-03-24 18:37 - 00459602 _____ () D:\1.杀毒\Everything.exe

2016-10-04 14:47 - 2009-03-13 09:18 - 00602624 ____N () C:\Users\xiao\AppData\Local\Temp\Everything\Everything.exe

2013-11-21 15:45 - 2013-11-21 15:45 - 00051816 _____ () C:\Windows\SYSTEM32\IME\SogouPY\SogouImeBrokerPS.dll

2014-09-03 11:03 - 2014-09-03 11:03 - 01241560 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll

 

==================== Alternate Data Streams (Whitelisted) =========

 

(If an entry is included in the fixlist, only the ADS will be removed.)

 

AlternateDataStreams: C:\Windows\Logs:Defender.log [0]

 

==================== Safe Mode (Whitelisted) ===================

 

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

 

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VAGP ATX Chipset => ""="Driver Group"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{0CBD4F48-3751-475D-BE88-4F271385B672} => ""="Service"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CooCareServiceStarsoftcommeservices => ""="Service"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ppfsflt.sys => ""="Driver"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\VAGP ATX Chipset => ""="Driver Group"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{0CBD4F48-3751-475D-BE88-4F271385B672} => ""="Service"

 

==================== Association (Whitelisted) ===============

 

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

 

 

==================== Internet Explorer trusted/restricted ===============

 

(If an entry is included in the fixlist, it will be removed from the registry.)

 

 

==================== Hosts content: ===============================

 

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

 

2013-08-22 21:25 - 2013-08-22 21:25 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

 

 

==================== Other Areas ============================

 

(Currently there is no automatic fix for this section.)

 

HKU\S-1-5-21-733134077-707159484-3497039572-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Hewlett-Packard Backgrounds\backgroundDefault.jpg

DNS Servers: 10.64.0.10 - 10.64.101.101

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)

Windows Firewall is enabled.

 

==================== MSCONFIG/TASK MANAGER disabled items ==

 

 

==================== FirewallRules (Whitelisted) ===============

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139

FirewallRules: [{BCE96C00-5ACD-4447-BCEA-4238252F06B1}] => (Allow) C:\Program Files (x86)\StarSoftComm\CooCare4\eservices\BIN\CooCare.exe

FirewallRules: [{98C3B789-B844-49CB-A15C-28937A92DCDC}] => (Allow) C:\Program Files (x86)\StarSoftComm\CooCare4\eservices\BIN\CooCare.exe

FirewallRules: [{3EAD252B-DE48-4B7E-8C66-F84CEE4140C2}] => (Allow) C:\Program Files (x86)\StarSoftComm\CooCare4\eservices\BIN\plugin\remotedesk\WinVNC.exe

FirewallRules: [{3F9B0A77-E4C7-4BB7-984D-E409C1A68A05}] => (Allow) C:\Program Files (x86)\StarSoftComm\CooCare4\eservices\BIN\plugin\remotedesk\WinVNC.exe

FirewallRules: [{868CAB1C-43D9-4C84-B34D-25338058F2EE}] => (Allow) C:\Program Files (x86)\StarSoftComm\CooCare4\eservices\BIN\CooChatHost.exe

FirewallRules: [{8162EB48-2311-4D9F-A8C9-01AEA6119041}] => (Allow) C:\Program Files (x86)\StarSoftComm\CooCare4\eservices\BIN\CooChatHost.exe

FirewallRules: [{015FE23D-C107-48B0-B726-99C01A2DE544}] => (Allow) C:\Program Files (x86)\StarSoftComm\CooCare4\eservices\BIN\CooCareService.exe

FirewallRules: [{0D9A3AC3-C72B-4DAA-8AB2-B4D2A7FF026C}] => (Allow) C:\Program Files (x86)\StarSoftComm\CooCare4\eservices\BIN\CooCareService.exe

FirewallRules: [{349A2CBA-517F-4F6C-87F6-F72134577759}] => (Allow) C:\ProgramData\WinAppMgmt\winappmgmt.exe

FirewallRules: [{3FF27C54-FA2D-456D-8E02-FD432F3E4184}] => (Allow) C:\ProgramData\WinAppMgmt\winappmgmt.exe

FirewallRules: [{B083543B-2BCC-4FC8-939A-4455C37C4B5B}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe

FirewallRules: [{D684AF1A-F6EE-4004-A4F6-172CB652F964}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe

FirewallRules: [{5478EAD8-521F-4625-AA04-E50F8505CBD3}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe

FirewallRules: [{90A1C476-D926-49B7-BB8A-AC4F08B4BE4C}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe

FirewallRules: [{402279B6-32AB-4121-94CD-FAA7ECDAE321}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe

FirewallRules: [{DE69CDE2-7980-4F4C-BCEF-B413D31F3300}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe

FirewallRules: [{30317FC8-4B8E-464B-8A58-68A800544D23}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe

FirewallRules: [{8387A2E4-22E1-48ED-A904-5F2A62EE0C1B}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe

FirewallRules: [{DADF221E-9BAD-418C-888C-188CBC879A0B}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe

FirewallRules: [{533DC3FB-9DE7-4286-968C-08BEE9605914}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe

FirewallRules: [{F1A9BE45-9492-4A97-838F-52CE4EA4D207}] => (Allow) C:\Users\xiao\Desktop\杀毒\inst.exe

FirewallRules: [{E7126CAD-D0A2-4BC7-A44B-82E91A1481E0}] => (Allow) C:\Users\xiao\Desktop\杀毒\inst.exe

FirewallRules: [{C1A48BEB-37E2-43AB-8CFB-F70BB9E6465C}] => (Allow) D:\3.下载\Free Download Manager\fdm.exe

FirewallRules: [{39AD0330-B414-4078-8659-65BC93FCAED8}] => (Allow) D:\3.下载\Free Download Manager\fdm.exe

FirewallRules: [TCP Query User{80DF9059-F905-4B05-8A15-91C9C7E2618F}D:\3.下载\百度干净云\baiduyunguanjia.exe] => (Block) D:\3.下载\百度干净云\baiduyunguanjia.exe

FirewallRules: [UDP Query User{D18715AA-D0D3-4048-A11B-5555D0CAFF62}D:\3.下载\百度干净云\baiduyunguanjia.exe] => (Block) D:\3.下载\百度干净云\baiduyunguanjia.exe

FirewallRules: [{7D0181B9-1AC6-4A68-8A3E-6ADE5764743C}] => (Allow) D:\2.文档\SogouInput\6.8.0.0856\PinyinUp.exe

FirewallRules: [{92A1B946-4F1C-4B63-A3CD-3AC52B4D8E52}] => (Allow) D:\2.文档\SogouInput\6.8.0.0856\PinyinUp.exe

FirewallRules: [TCP Query User{7DE424B1-D195-4268-B840-9AB4C7A97E38}D:\3.下载\迅雷.7.9\program\thunderplatform.exe] => (Block) D:\3.下载\迅雷.7.9\program\thunderplatform.exe

FirewallRules: [UDP Query User{BBC005E4-191C-472A-B467-7E0BCF37DF4C}D:\3.下载\迅雷.7.9\program\thunderplatform.exe] => (Block) D:\3.下载\迅雷.7.9\program\thunderplatform.exe

FirewallRules: [{2E5F2EC5-35C8-40BD-BA79-D145AEE9B352}] => (Allow) C:\Program Files (x86)\360\360Safe\mobilemgr\360MobileSrv.exe

FirewallRules: [{187A3B1D-93FA-4695-BA7F-D6F0A9647EB1}] => (Allow) C:\Program Files (x86)\360\360Safe\LiveUpdate360.exe

FirewallRules: [{7DBFCBE6-AC85-4D11-BFB1-710E2966DE28}] => (Allow) C:\Program Files (x86)\360\360Safe\LiveUpdate360.exe

FirewallRules: [{1BEC90B6-EA8F-4106-9C94-B252315CD68F}] => (Allow) C:\Program Files (x86)\360\360Safe\safemon\360Tray.exe

FirewallRules: [{A0A6C2C0-BFB0-4C20-8714-411A7841FFCA}] => (Allow) C:\Program Files (x86)\360\360Safe\safemon\360Tray.exe

 

==================== Restore Points =========================

 

03-10-2016 12:52:42 Windows 模块安装程序

03-10-2016 13:14:21 JRT Pre-Junkware Removal

03-10-2016 18:32:30 流氓之后

03-10-2016 19:25:31 双保护

04-10-2016 12:00:35 试运行之一

 

==================== Faulty Device Manager Devices =============

 

 

==================== Event log errors: =========================

 

Application errors:

==================

Error: (10/04/2016 02:45:35 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: 错误应用程序名称: ClientCore.exe,版本: 8.0.1.11,时间戳: 0x5335c2a0

错误模块名称: autheng.dll,版本: 0.0.0.0,时间戳: 0x5335c015

异常代码: 0xc0000005

错误偏移量: 0x0000000000030517

错误进程 ID: 0x944

错误应用程序启动时间: 0x01d21e0ae8c33167

错误应用程序路径: C:\Program Files\Hewlett-Packard\SimplePass\ClientCore.exe

错误模块路径: C:\Program Files\Hewlett-Packard\SimplePass\autheng.dll

报告 ID: 269f682c-89fe-11e6-826c-d85de2104a1b

错误程序包全名:

错误程序包相对应用程序 ID:

 

Error: (10/04/2016 02:40:01 PM) (Source: System Restore) (EventID: 8200) (User: )

Description: 未能启动系统还原: (试运行之一)

 

Error: (10/04/2016 02:30:17 PM) (Source: Application Hang) (EventID: 1002) (User: )

Description: 程序 Explorer.EXE 版本 6.3.9600.17284 停止与 Windows 交互并关闭。要查看是否有关于该问题的详细信息,请检查操作中心控制面板中的问题历史记录。

 

进程 ID: a50

 

开始时间: 01d21e0899a1fe41

 

终止时间: 0

 

应用程序路径: C:\Windows\Explorer.EXE

 

报告 ID: e593dde8-89fb-11e6-826b-d85de2104a1b

 

错误程序包全名:

 

错误程序包相对应用程序 ID:

 

Error: (10/04/2016 02:21:45 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: 错误应用程序名称: ClientCore.exe,版本: 8.0.1.11,时间戳: 0x5335c2a0

错误模块名称: autheng.dll,版本: 0.0.0.0,时间戳: 0x5335c015

异常代码: 0xc0000005

错误偏移量: 0x0000000000030517

错误进程 ID: 0x504

错误应用程序启动时间: 0x01d21e07949008c7

错误应用程序路径: C:\Program Files\Hewlett-Packard\SimplePass\ClientCore.exe

错误模块路径: C:\Program Files\Hewlett-Packard\SimplePass\autheng.dll

报告 ID: d271046a-89fa-11e6-826a-d85de2104a1b

错误程序包全名:

错误程序包相对应用程序 ID:

 

Error: (10/04/2016 01:56:19 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: 错误应用程序名称: WINWORD.EXE,版本: 16.0.4266.1001,时间戳: 0x55ba16cb

错误模块名称: ucrtbase.DLL,版本: 10.0.10240.16390,时间戳: 0x55a5bf73

异常代码: 0xc0000409

错误偏移量: 0x0007c3a2

错误进程 ID: 0x1270

错误应用程序启动时间: 0x01d21e03a21708e6

错误应用程序路径: D:\2.文档\Office2016\Office16\WINWORD.EXE

错误模块路径: C:\Windows\SYSTEM32\ucrtbase.DLL

报告 ID: 450cf9da-89f7-11e6-8269-480fcf6bd31c

错误程序包全名:

错误程序包相对应用程序 ID:

 

Error: (10/04/2016 01:53:04 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: 错误应用程序名称: ClientCore.exe,版本: 8.0.1.11,时间戳: 0x5335c2a0

错误模块名称: autheng.dll,版本: 0.0.0.0,时间戳: 0x5335c015

异常代码: 0xc0000005

错误偏移量: 0x0000000000030517

错误进程 ID: 0x928

错误应用程序启动时间: 0x01d21e0392d2aa6e

错误应用程序路径: C:\Program Files\Hewlett-Packard\SimplePass\ClientCore.exe

错误模块路径: C:\Program Files\Hewlett-Packard\SimplePass\autheng.dll

报告 ID: d0a56b41-89f6-11e6-8269-d85de2104a1b

错误程序包全名:

错误程序包相对应用程序 ID:

 

Error: (10/04/2016 01:45:56 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: 错误应用程序名称: ClientCore.exe,版本: 8.0.1.11,时间戳: 0x5335c2a0

错误模块名称: autheng.dll,版本: 0.0.0.0,时间戳: 0x5335c015

异常代码: 0xc0000005

错误偏移量: 0x0000000000030517

错误进程 ID: 0xd54

错误应用程序启动时间: 0x01d21e02937df117

错误应用程序路径: C:\Program Files\Hewlett-Packard\SimplePass\ClientCore.exe

错误模块路径: C:\Program Files\Hewlett-Packard\SimplePass\autheng.dll

报告 ID: d17df16f-89f5-11e6-8268-d85de2104a1b

错误程序包全名:

错误程序包相对应用程序 ID:

 

Error: (10/04/2016 12:08:12 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: 错误应用程序名称: ClientCore.exe,版本: 8.0.1.11,时间戳: 0x5335c2a0

错误模块名称: autheng.dll,版本: 0.0.0.0,时间戳: 0x5335c015

异常代码: 0xc0000005

错误偏移量: 0x0000000000030517

错误进程 ID: 0x538

错误应用程序启动时间: 0x01d21df4ec93873d

错误应用程序路径: C:\Program Files\Hewlett-Packard\SimplePass\ClientCore.exe

错误模块路径: C:\Program Files\Hewlett-Packard\SimplePass\autheng.dll

报告 ID: 2a6d9989-89e8-11e6-8266-d85de2104a1b

错误程序包全名:

错误程序包相对应用程序 ID:

 

Error: (10/04/2016 11:57:58 AM) (Source: Application Error) (EventID: 1000) (User: )

Description: 错误应用程序名称: ClientCore.exe,版本: 8.0.1.11,时间戳: 0x5335c2a0

错误模块名称: autheng.dll,版本: 0.0.0.0,时间戳: 0x5335c015

异常代码: 0xc0000005

错误偏移量: 0x0000000000030517

错误进程 ID: 0x116c

错误应用程序启动时间: 0x01d21df37ddfd3ce

错误应用程序路径: C:\Program Files\Hewlett-Packard\SimplePass\ClientCore.exe

错误模块路径: C:\Program Files\Hewlett-Packard\SimplePass\autheng.dll

报告 ID: bbf36bde-89e6-11e6-8265-d85de2104a1b

错误程序包全名:

错误程序包相对应用程序 ID:

 

Error: (10/04/2016 11:55:34 AM) (Source: Application Error) (EventID: 1000) (User: )

Description: 错误应用程序名称: ClientCore.exe,版本: 8.0.1.11,时间戳: 0x5335c2a0

错误模块名称: autheng.dll,版本: 0.0.0.0,时间戳: 0x5335c015

异常代码: 0xc0000005

错误偏移量: 0x0000000000030517

错误进程 ID: 0x11ec

错误应用程序启动时间: 0x01d21df327a957b1

错误应用程序路径: C:\Program Files\Hewlett-Packard\SimplePass\ClientCore.exe

错误模块路径: C:\Program Files\Hewlett-Packard\SimplePass\autheng.dll

报告 ID: 66870ebd-89e6-11e6-8264-d85de2104a1b

错误程序包全名:

错误程序包相对应用程序 ID:

 

 

System errors:

=============

Error: (10/04/2016 02:51:42 PM) (Source: Service Control Manager) (EventID: 7034) (User: )

Description: 服务 Intel® Dynamic Application Loader Host Interface Service 意外停止。这发生了 1 次。

 

Error: (10/04/2016 02:51:41 PM) (Source: Service Control Manager) (EventID: 7031) (User: )

Description: Windows Presentation Foundation Font Cache 3.0.0.0 服务意外地终止,这种情况已经出现了 1 次。以下的修正操作将在 0 毫秒内运行: 重新启动服务。

 

Error: (10/04/2016 02:47:37 PM) (Source: Service Control Manager) (EventID: 7006) (User: )

Description: 由于下列错误,ScRegSetValueExW 调用无法运行 Start:

拒绝访问。

 

Error: (10/04/2016 02:47:37 PM) (Source: Service Control Manager) (EventID: 7006) (User: )

Description: 由于下列错误,ScRegSetValueExW 调用无法运行 Description:

拒绝访问。

 

Error: (10/04/2016 02:44:30 PM) (Source: Service Control Manager) (EventID: 7000) (User: )

Description: 由于下列错误,Windows Search 服务启动失败:

由于登录失败而无法启动服务。

 

Error: (10/04/2016 02:44:30 PM) (Source: Service Control Manager) (EventID: 7038) (User: )

Description: WSearch 服务无法使用当前配置的密码以 NT AUTHORITY\SYSTEM 身份登录,错误原因如下:

不支持该请求。

 

 

要确保服务配置正确,请使用 Microsoft 管理控制台(MMC)中的服务管理单元。

 

Error: (10/04/2016 02:44:28 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)

Description: WLAN 扩展模块已意外停止。

 

模块路径: C:\Windows\system32\Rtlihvs.dll

 

Error: (10/04/2016 02:44:28 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)

Description: WLAN 扩展模块已意外停止。

 

模块路径: C:\Windows\system32\Rtlihvs.dll

 

Error: (10/04/2016 02:44:25 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)

Description: WLAN 扩展模块已意外停止。

 

模块路径: C:\Windows\system32\Rtlihvs.dll

 

Error: (10/04/2016 02:44:01 PM) (Source: Service Control Manager) (EventID: 7031) (User: )

Description: Virtual Disk 服务意外地终止,这种情况已经出现了 1 次。以下的修正操作将在 60000 毫秒内运行: 重新启动服务。

 

 

CodeIntegrity:

===================================

  Date: 2016-10-04 00:28:29.058

  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MpCmdRun.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\360\360safe\safemon\safewrapper.dll that did not meet the Custom 3 / Antimalware signing level requirements.

 

 

==================== Memory info ===========================

 

Processor: Intel® Core™ i5-5200U CPU @ 2.20GHz

Percentage of memory in use: 33%

Total physical RAM: 4011.39 MB

Available physical RAM: 2652.2 MB

Total Virtual: 5419.39 MB

Available Virtual: 3501.82 MB

 

==================== Drives ================================

 

Drive c: (WINDOWS) (Fixed) (Total:184.99 GB) (Free:146.9 GB) NTFS

Drive d: (DATA) (Fixed) (Total:259.75 GB) (Free:257.72 GB) NTFS

Drive e: (RECOVERY) (Fixed) (Total:20.01 GB) (Free:2.25 GB) NTFS ==>[system with boot components (obtained from drive)]

 

==================== MBR & Partition Table ==================

 

========================================================

Disk: 0 (Size: 465.8 GB) (Disk ID: F43E4FE5)

 

Partition: GPT.

 

==================== End of Addition.txt ============================

 

3.Adwcleaner scanned when infected

# AdwCleaner v6.020 - Logfile created 03/10/2016 at 13:08:35

# Updated on 14/09/2016 by ToolsLib

# Database : 2016-09-14.2 [Local]

# Operating System : Windows 8.1 China  (X64)

# Username : xiao - foolish

# Running from : C:\Users\xiao\Desktop\adwcleaner_6.020.exe

# Mode: Scan

# Support : https://toolslib.net/forum

 

 

 

***** [ Services ] *****

 

Service Found:  QQRepair38b

Service Found:  QQRepairFixSVC

Service Found:  QQPCRTP

Service Found:  TAOAccelerator

Service Found:  TSDefenseBt

Service Found:  TSSysKit

Service Found:  QMUdisk

Service Found:  QQSysMonX64

Service Found:  TFsFlt

Service Found:  TAOKernelDriver

Service Found:  softaal

Service Found:  SRepairDrv

Service Found:  tsnethlpx64

 

 

***** [ Folders ] *****

 

Folder Found:  C:\Users\xiao\AppData\Roaming\tencent

Folder Found:  C:\Users\xiao\AppData\Roaming\Tencent

Folder Found:  C:\Users\xiao\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\腾讯软件

Folder Found:  C:\Program Files\Common Files\tencent

Folder Found:  C:\Program Files\Common Files\Tencent

Folder Found:  C:\Users\xiao\AppData\Local\VirtualStore\Program Files (x86)\tencent

Folder Found:  C:\Users\xiao\AppData\Local\VirtualStore\Program Files (x86)\Tencent

Folder Found:  C:\ProgramData\tencent

Folder Found:  C:\ProgramData\TXQMPC

Folder Found:  C:\ProgramData\Tencent

Folder Found:  C:\ProgramData\Application Data\tencent

Folder Found:  C:\ProgramData\Application Data\TXQMPC

Folder Found:  C:\ProgramData\Application Data\Tencent

Folder Found:  C:\Program Files (x86)\tencent

Folder Found:  C:\Program Files (x86)\Tencent

Folder Found:  C:\Program Files (x86)\Common Files\tencent

Folder Found:  C:\Program Files (x86)\Common Files\Tencent

Folder Found:  C:\Users\xiao\AppData\Local\Temp\tencent

Folder Found:  C:\Users\xiao\AppData\Local\Temp\Tencent

Folder Found:  C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\tencent

Folder Found:  C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Tencent

 

 

***** [ Files ] *****

 

File Found:  C:\Users\xiao\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\腾讯软件\电脑管家\电脑管家.lnk

File Found:  C:\Windows\SysNative\drivers\TAOAccelerator64.sys

File Found:  C:\Windows\SysNative\drivers\TFsFltX64.sys

File Found:  C:\Windows\SysNative\drivers\TAOKernelEx64.sys

File Found:  C:\Users\Public\Desktop\电脑管家.lnk

File Found:  C:\Users\Public\Desktop\软件管理.lnk

 

 

***** [ DLL ] *****

 

No malicious DLLs found.

 

 

***** [ WMI ] *****

 

No malicious keys found.

 

 

***** [ Shortcuts ] *****

 

No infected shortcut found.

 

 

***** [ Scheduled Tasks ] *****

 

No malicious task found.

 

 

***** [ Registry ] *****

 

Key Found:  HKLM\SOFTWARE\Classes\metnsd

Key Found:  HKLM\SOFTWARE\Classes\PCMgrRepairIEExtensions

Key Found:  HKLM\SOFTWARE\Classes\qmbfile

Key Found:  HKLM\SOFTWARE\Classes\QMContextScan.QMContextScanMenu

Key Found:  HKLM\SOFTWARE\Classes\QMContextScan.QMContextScanMenu.1

Key Found:  HKLM\SOFTWARE\Classes\QMContextUninstall.QMContextUninstallMenu

Key Found:  HKLM\SOFTWARE\Classes\QMContextUninstall.QMContextUninstallMenu.1

Key Found:  HKLM\SOFTWARE\Classes\qmgcfiles

Key Found:  HKLM\SOFTWARE\Classes\qpakfile

Key Found:  HKLM\SOFTWARE\Classes\QQPCMgr.qbox

Key Found:  [x64] HKLM\SOFTWARE\Classes\metnsd

Key Found:  [x64] HKLM\SOFTWARE\Classes\PCMgrRepairIEExtensions

Key Found:  [x64] HKLM\SOFTWARE\Classes\qmbfile

Key Found:  [x64] HKLM\SOFTWARE\Classes\QMContextScan.QMContextScanMenu

Key Found:  [x64] HKLM\SOFTWARE\Classes\QMContextScan.QMContextScanMenu.1

Key Found:  [x64] HKLM\SOFTWARE\Classes\QMContextUninstall.QMContextUninstallMenu

Key Found:  [x64] HKLM\SOFTWARE\Classes\QMContextUninstall.QMContextUninstallMenu.1

Key Found:  [x64] HKLM\SOFTWARE\Classes\qmgcfiles

Key Found:  [x64] HKLM\SOFTWARE\Classes\qpakfile

Key Found:  [x64] HKLM\SOFTWARE\Classes\QQPCMgr.qbox

Key Found:  HKLM\SOFTWARE\Classes\AppID\{51BEE30D-EEC8-4BA3-930B-298B8E759EB1}

Key Found:  HKLM\SOFTWARE\Classes\AppID\{1E9BD312-7C8C-4422-906D-897F6D7714F2}

Key Found:  HKLM\SOFTWARE\Classes\AppID\{7A30415C-ABEE-4674-B64B-4CA145EEB0CA}

Key Found:  HKLM\SOFTWARE\Classes\CLSID\{70DE12EA-79F4-46BC-9812-86DB50A2FD64}

Key Found:  HKLM\SOFTWARE\Classes\CLSID\{63332668-8CE1-445D-A5EE-25929176714E}

Key Found:  HKLM\SOFTWARE\Classes\CLSID\{29B6CFD5-0064-411A-8C42-9890C83F9921}

Key Found:  HKLM\SOFTWARE\Classes\CLSID\{E52EB753-1F56-4DF7-BE53-2C314AC5F8A1}

Key Found:  HKLM\SOFTWARE\Classes\Interface\{E7270EC6-0113-4A78-B610-E501D0A9E48E}

Key Found:  HKLM\SOFTWARE\Classes\Interface\{D4801E96-E7A1-45F6-B124-7A36DFB40B81}

Key Found:  HKLM\SOFTWARE\Classes\Interface\{E52EB753-1F56-4DF7-BE53-2C314AC5F8A1}

Key Found:  HKLM\SOFTWARE\Classes\TypeLib\{35627C7C-DB28-4772-9A6F-7607FFCBF9FF}

Key Found:  HKLM\SOFTWARE\Classes\TypeLib\{445E3964-15B0-472A-95F4-6242DD2EA066}

Key Found:  HKLM\SOFTWARE\Classes\TypeLib\{593BE60A-1C6A-44F9-946D-A5EAB2D53511}

Key Found:  HKLM\SOFTWARE\Classes\TypeLib\{C049F583-D724-4BAB-8F47-F13BCA41B808}

Key Found:  HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{29B6CFD5-0064-411A-8C42-9890C83F9921}

Value Found:  HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved [{63332668-8CE1-445D-A5EE-25929176714E}]

Key Found:  HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\QQPCMgr

Data Found:  HKU\S-1-5-21-733134077-707159484-3497039572-1001\Software\Microsoft\Internet Explorer\Main [Start Page] - hxxps://www.hao123.com/?tn=93451208_hao_pg

Data Found:  HKCU\Software\Microsoft\Internet Explorer\Main [Start Page] - hxxps://www.hao123.com/?tn=93451208_hao_pg

Data Found:  HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page] - hxxps://www.hao123.com/?tn=93451208_hao_pg

Data Found:  [x64] HKCU\Software\Microsoft\Internet Explorer\Main [Start Page] - hxxps://www.hao123.com/?tn=93451208_hao_pg

Key Found:  HKLM\SOFTWARE\Classes\AppID\DownloadProxy.EXE

Key Found:  HKLM\SOFTWARE\MozillaPlugins\@qq.com/QQPCMgr

Key Found:  HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\QQPCRTP

Key Found:  HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\QQPCRTP

Key Found:  HKEY_CLASSES_ROOT\AllFilesystemObjects\shellex\ContextMenuHandlers\QMContextUninstall

Key Found:  HKEY_CLASSES_ROOT\Folder\ShellEx\ContextMenuHandlers\QMContextUninstall

Key Found:  HKLM\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\QMContextScan

Key Found:  HKLM\SOFTWARE\Classes\AppID\QMContextScan.DLL

Key Found:  HKLM\SOFTWARE\Classes\AppID\QMContextUninstall.DLL

Key Found:  HKLM\SOFTWARE\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers\QMContextScan

Key Found:  HKLM\SOFTWARE\Classes\.qbox

Key Found:  HKLM\SOFTWARE\Classes\lnkfile\shellex\ContextMenuHandlers\QMContextScan

Key Found:  HKLM\SOFTWARE\Classes\lnkfile\shellex\ContextMenuHandlers\QMContextUninstall

Key Found:  HKEY_CLASSES_ROOT\.qmgc

 

 

***** [ Web browsers ] *****

 

No malicious Firefox based browser items found.

No malicious Chromium based browser items found.

 

*************************

 

C:\AdwCleaner\AdwCleaner[S0].txt - [7044 Bytes] - [03/10/2016 13:08:35]

 

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [7117 Bytes] ##########

Attached Thumbnails

  • attachment.png

  • 0

Advertisements







Similar Topics


Also tagged with one or more of these keywords: QQPCMgr, hao123

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP