Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

RegSvr32 Error Win 7 x64

Started by Lucy Messer , Mar 27 2017 12:24 AM

This topic is locked

#1
Lucy Messer

Posted 27 March 2017 - 12:24 AM

New Member

Member
7 posts

the module ...../AppData/Local/YdPack/....... failed to load

How do I make it stop loading this dll ?

I manually deleted this YdPack folder earlier as I believe it's some malware or something, but i just can't get it to stop loading

also, may not be related, I sometimes get black screen with movable cursor and keyboard function after the welcome screen, it is responsive to Cap lock and sleep button, but other functions i can't check. It return to normal after booting in safe mode (no network / command function whatsoever), but if i reboot in safe mode with network it can't fix the issue.

I just checked the event viewer, it showed quite a long list of errors, I hide the warnings and information

Log Name: System

Source: Microsoft-Windows-DNS-Client

Date: 03/27/2017 13:46:36

Event ID: 1014

Task Category: None

Level: Warning

Keywords:

User: NETWORK SERVICE

Computer: Messer-PC

Description:

Name resolution for the name ocos-office365-s2s.msedge.net timed out after none of the configured DNS servers responded.

Event Xml:

<Channel>System</Channel>

<Computer>Messer-PC</Computer>

</System>

<Data Name="QueryName">ocos-office365-s2s.msedge.net</Data>

</EventData>

</Event>

Log Name: System

Source: Microsoft-Windows-WLAN-AutoConfig

Date: 03/27/2017 13:46:09

Event ID: 10000

Task Category: None

Level: Error

Keywords:

User: SYSTEM

Computer: Messer-PC

Description:

WLAN Extensibility Module has failed to start.

Module Path: C:\Windows\system32\Rtlihvs.dll

Error Code: 126

Event Xml:

<Channel>System</Channel>

<Computer>Messer-PC</Computer>

</System>

<Data Name="ExtensibleModulePath">C:\Windows\system32\Rtlihvs.dll</Data>

</EventData>

</Event>

Log Name: System

Source: Service Control Manager

Date: 03/27/2017 13:44:52

Event ID: 7001

Task Category: None

Level: Error

Keywords: Classic

User: N/A

Computer: Messer-PC

Description:

The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:

The dependency service or group failed to start.

Event Xml:

<Channel>System</Channel>

<Computer>Messer-PC</Computer>

</System>

<Data Name="param1">Network List Service</Data>

<Data Name="param2">Network Location Awareness</Data>

</EventData>

</Event>

Log Name: System

Source: Service Control Manager

Date: 03/27/2017 13:44:52

Event ID: 7001

Task Category: None

Level: Error

Keywords: Classic

User: N/A

Computer: Messer-PC

Description:

The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:

The dependency service or group failed to start.

Event Xml:

<Channel>System</Channel>

<Computer>Messer-PC</Computer>

</System>

<Data Name="param1">Network List Service</Data>

<Data Name="param2">Network Location Awareness</Data>

</EventData>

</Event>

Log Name: System

Source: Service Control Manager

Date: 03/27/2017 13:44:50

Event ID: 7001

Task Category: None

Level: Error

Keywords: Classic

User: N/A

Computer: Messer-PC

Description:

The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:

The dependency service or group failed to start.

Event Xml:

<Channel>System</Channel>

<Computer>Messer-PC</Computer>

</System>

<Data Name="param1">Network List Service</Data>

<Data Name="param2">Network Location Awareness</Data>

</EventData>

</Event>

Log Name: System

Source: Microsoft-Windows-DistributedCOM

Date: 03/27/2017 13:42:40

Event ID: 10005

Task Category: None

Level: Error

Keywords: Classic

User: N/A

Computer: Messer-PC

Description:

DCOM got error "1084" attempting to start the service wuauserv with arguments "" in order to run the server:

{E60687F7-01A1-40AA-86AC-DB1CBF673334}

Event Xml:

<Channel>System</Channel>

<Computer>Messer-PC</Computer>

</System>

<Data Name="param2">wuauserv</Data>

</Data>

</EventData>

</Event>

Log Name: System

Source: Service Control Manager

Date: 03/27/2017 13:42:30

Event ID: 7001

Task Category: None

Level: Error

Keywords: Classic

User: N/A

Computer: Messer-PC

Description:

The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:

The dependency service or group failed to start.

Event Xml:

<Channel>System</Channel>

<Computer>Messer-PC</Computer>

</System>

<Data Name="param1">Network List Service</Data>

<Data Name="param2">Network Location Awareness</Data>

</EventData>

</Event>

Log Name: System

Source: Service Control Manager

Date: 03/27/2017 13:42:30

Event ID: 7001

Task Category: None

Level: Error

Keywords: Classic

User: N/A

Computer: Messer-PC

Description:

The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:

The dependency service or group failed to start.

Event Xml:

<Channel>System</Channel>

<Computer>Messer-PC</Computer>

</System>

<Data Name="param1">Network List Service</Data>

<Data Name="param2">Network Location Awareness</Data>

</EventData>

</Event>

Log Name: System

Source: Service Control Manager

Date: 03/27/2017 13:42:22

Event ID: 7001

Task Category: None

Level: Error

Keywords: Classic

User: N/A

Computer: Messer-PC

Description:

The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:

The dependency service or group failed to start.

Event Xml:

<Channel>System</Channel>

<Computer>Messer-PC</Computer>

</System>

<Data Name="param1">Network List Service</Data>

<Data Name="param2">Network Location Awareness</Data>

</EventData>

</Event>

Log Name: System

Source: Service Control Manager

Date: 03/27/2017 13:40:39

Event ID: 7001

Task Category: None

Level: Error

Keywords: Classic

User: N/A

Computer: Messer-PC

Description:

The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:

The dependency service or group failed to start.

Event Xml:

<Channel>System</Channel>

<Computer>Messer-PC</Computer>

</System>

<Data Name="param1">Network List Service</Data>

<Data Name="param2">Network Location Awareness</Data>

</EventData>

</Event>

Log Name: System

Source: Service Control Manager

Date: 03/27/2017 13:40:36

Event ID: 7001

Task Category: None

Level: Error

Keywords: Classic

User: N/A

Computer: Messer-PC

Description:

The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:

The dependency service or group failed to start.

Event Xml:

<Channel>System</Channel>

<Computer>Messer-PC</Computer>

</System>

<Data Name="param1">Network List Service</Data>

<Data Name="param2">Network Location Awareness</Data>

</EventData>

</Event>

Log Name: System

Source: Service Control Manager

Date: 03/27/2017 13:40:11

Event ID: 7001

Task Category: None

Level: Error

Keywords: Classic

User: N/A

Computer: Messer-PC

Description:

The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:

The dependency service or group failed to start.

Event Xml:

<Channel>System</Channel>

<Computer>Messer-PC</Computer>

</System>

<Data Name="param1">Network List Service</Data>

<Data Name="param2">Network Location Awareness</Data>

</EventData>

</Event>

Log Name: System

Source: Service Control Manager

Date: 03/27/2017 13:39:59

Event ID: 7001

Task Category: None

Level: Error

Keywords: Classic

User: N/A

Computer: Messer-PC

Description:

The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:

The dependency service or group failed to start.

Event Xml:

<Channel>System</Channel>

<Computer>Messer-PC</Computer>

</System>

<Data Name="param1">Network List Service</Data>

<Data Name="param2">Network Location Awareness</Data>

</EventData>

</Event>

Log Name: System

Source: Service Control Manager

Date: 03/27/2017 13:39:49

Event ID: 7001

Task Category: None

Level: Error

Keywords: Classic

User: N/A

Computer: Messer-PC

Description:

The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:

The dependency service or group failed to start.

Event Xml:

<Channel>System</Channel>

<Computer>Messer-PC</Computer>

</System>

<Data Name="param1">Network List Service</Data>

<Data Name="param2">Network Location Awareness</Data>

</EventData>

</Event>

Log Name: System

Source: Service Control Manager

Date: 03/27/2017 13:39:49

Event ID: 7001

Task Category: None

Level: Error

Keywords: Classic

User: N/A

Computer: Messer-PC

Description:

The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:

The dependency service or group failed to start.

Event Xml:

<Channel>System</Channel>

<Computer>Messer-PC</Computer>

</System>

<Data Name="param1">Network List Service</Data>

<Data Name="param2">Network Location Awareness</Data>

</EventData>

</Event>

Log Name: System

Source: Service Control Manager

Date: 03/27/2017 13:39:49

Event ID: 7001

Task Category: None

Level: Error

Keywords: Classic

User: N/A

Computer: Messer-PC

Description:

The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:

The dependency service or group failed to start.

Event Xml:

<Channel>System</Channel>

<Computer>Messer-PC</Computer>

</System>

<Data Name="param1">Network List Service</Data>

<Data Name="param2">Network Location Awareness</Data>

</EventData>

</Event>

Log Name: System

Source: Service Control Manager

Date: 03/27/2017 13:39:49

Event ID: 7001

Task Category: None

Level: Error

Keywords: Classic

User: N/A

Computer: Messer-PC

Description:

The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:

The dependency service or group failed to start.

Event Xml:

<Channel>System</Channel>

<Computer>Messer-PC</Computer>

</System>

<Data Name="param1">Network List Service</Data>

<Data Name="param2">Network Location Awareness</Data>

</EventData>

</Event>

Log Name: System

Source: Service Control Manager

Date: 03/27/2017 13:39:49

Event ID: 7001

Task Category: None

Level: Error

Keywords: Classic

User: N/A

Computer: Messer-PC

Description:

The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:

The dependency service or group failed to start.

Event Xml:

<Channel>System</Channel>

<Computer>Messer-PC</Computer>

</System>

<Data Name="param1">Network List Service</Data>

<Data Name="param2">Network Location Awareness</Data>

</EventData>

</Event>

Log Name: System

Source: Service Control Manager

Date: 03/27/2017 13:39:49

Event ID: 7001

Task Category: None

Level: Error

Keywords: Classic

User: N/A

Computer: Messer-PC

Description:

The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:

The dependency service or group failed to start.

Event Xml:

<Channel>System</Channel>

<Computer>Messer-PC</Computer>

</System>

<Data Name="param1">Network List Service</Data>

<Data Name="param2">Network Location Awareness</Data>

</EventData>

</Event>

Log Name: System

Source: Service Control Manager

Date: 03/27/2017 13:39:49

Event ID: 7001

Task Category: None

Level: Error

Keywords: Classic

User: N/A

Computer: Messer-PC

Description:

The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:

The dependency service or group failed to start.

Event Xml:

<Channel>System</Channel>

<Computer>Messer-PC</Computer>

</System>

<Data Name="param1">Network List Service</Data>

<Data Name="param2">Network Location Awareness</Data>

</EventData>

</Event>

Log Name: System

Source: Service Control Manager

Date: 03/27/2017 13:39:49

Event ID: 7001

Task Category: None

Level: Error

Keywords: Classic

User: N/A

Computer: Messer-PC

Description:

The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:

The dependency service or group failed to start.

Event Xml:

<Channel>System</Channel>

<Computer>Messer-PC</Computer>

</System>

<Data Name="param1">Network List Service</Data>

<Data Name="param2">Network Location Awareness</Data>

</EventData>

</Event>

Log Name: System

Source: Microsoft-Windows-DistributedCOM

Date: 03/27/2017 13:39:49

Event ID: 10005

Task Category: None

Level: Error

Keywords: Classic

User: N/A

Computer: Messer-PC

Description:

DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server:

{9E175B6D-F52A-11D8-B9A5-505054503030}

Event Xml:

<Channel>System</Channel>

<Computer>Messer-PC</Computer>

</System>

<Data Name="param2">WSearch</Data>

</Data>

</EventData>

</Event>

Log Name: System

Source: Microsoft-Windows-DistributedCOM

Date: 03/27/2017 13:39:49

Event ID: 10005

Task Category: None

Level: Error

Keywords: Classic

User: N/A

Computer: Messer-PC

Description:

DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server:

{A47979D2-C419-11D9-A5B4-001185AD2B89}

Event Xml:

<Channel>System</Channel>

<Computer>Messer-PC</Computer>

</System>

<Data Name="param2">netprofm</Data>

</Data>

</EventData>

</Event>

Log Name: System

Source: Microsoft-Windows-DistributedCOM

Date: 03/27/2017 13:39:49

Event ID: 10005

Task Category: None

Level: Error

Keywords: Classic

User: N/A

Computer: Messer-PC

Description:

DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server:

{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

Event Xml:

<Channel>System</Channel>

<Computer>Messer-PC</Computer>

</System>

<Data Name="param2">WSearch</Data>

</Data>

</EventData>

</Event>

Log Name: System

Source: Microsoft-Windows-DistributedCOM

Date: 03/27/2017 13:39:49

Event ID: 10005

Task Category: None

Level: Error

Keywords: Classic

User: N/A

Computer: Messer-PC

Description:

DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server:

{BA126AD1-2166-11D1-B1D0-00805FC1270E}

Event Xml:

<Channel>System</Channel>

<Computer>Messer-PC</Computer>

</System>

<Data Name="param2">netman</Data>

</Data>

</EventData>

</Event>

Log Name: System

Source: Microsoft-Windows-DistributedCOM

Date: 03/27/2017 13:39:47

Event ID: 10005

Task Category: None

Level: Error

Keywords: Classic

User: N/A

Computer: Messer-PC

Description:

DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server:

{1BE1F766-5536-11D1-B726-00C04FB926AF}

Event Xml:

<Channel>System</Channel>

<Computer>Messer-PC</Computer>

</System>

<Data Name="param2">EventSystem</Data>

</Data>

</EventData>

</Event>

Log Name: System

Source: Microsoft-Windows-DistributedCOM

Date: 03/27/2017 13:39:39

Event ID: 10005

Task Category: None

Level: Error

Keywords: Classic

User: N/A

Computer: Messer-PC

Description:

DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server:

{DD522ACC-F821-461A-A407-50B198B896DC}

Event Xml:

<Channel>System</Channel>

<Computer>Messer-PC</Computer>

</System>

<Data Name="param2">ShellHWDetection</Data>

</Data>

</EventData>

</Event>

Log Name: System

Source: Service Control Manager

Date: 03/27/2017 13:39:31

Event ID: 7001

Task Category: None

Level: Error

Keywords: Classic

User: N/A

Computer: Messer-PC

Description:

The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:

The dependency service or group failed to start.

Event Xml:

<Channel>System</Channel>

<Computer>Messer-PC</Computer>

</System>

<Data Name="param1">Network List Service</Data>

<Data Name="param2">Network Location Awareness</Data>

</EventData>

</Event>

Log Name: System

Source: Microsoft-Windows-DistributedCOM

Date: 03/27/2017 13:39:31

Event ID: 10005

Task Category: None

Level: Error

Keywords: Classic

User: N/A

Computer: Messer-PC

Description:

DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server:

{A47979D2-C419-11D9-A5B4-001185AD2B89}

Event Xml:

<Channel>System</Channel>

<Computer>Messer-PC</Computer>

</System>

<Data Name="param2">netprofm</Data>

</Data>

</EventData>

</Event>

Log Name: System

Source: Service Control Manager

Date: 03/27/2017 13:39:27

Event ID: 7026

Task Category: None

Level: Error

Keywords: Classic

User: N/A

Computer: Messer-PC

Description:

The following boot-start or system-start driver(s) failed to load:

AFD

CSC

DfsC

discache

MpFilter

NetBIOS

NetBT

nsiproxy

Psched

rdbss

spldr

tdx

vwififlt

Wanarpv6

WfpLwf

XLGuard

Event Xml:

<Channel>System</Channel>

<Computer>Messer-PC</Computer>

</System>

AFD

CSC

DfsC

discache

MpFilter

NetBIOS

NetBT

nsiproxy

Psched

rdbss

spldr

tdx

vwififlt

Wanarpv6

WfpLwf

XLGuard</Data>

</EventData>

</Event>

Log Name: System

Source: Service Control Manager

Date: 03/27/2017 13:39:26

Event ID: 7001

Task Category: None

Level: Error

Keywords: Classic

User: N/A

Computer: Messer-PC

Description:

The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error:

The dependency service or group failed to start.

Event Xml:

<Channel>System</Channel>

<Computer>Messer-PC</Computer>

</System>

<Data Name="param1">Network Location Awareness</Data>

<Data Name="param2">Network Store Interface Service</Data>

</EventData>

</Event>

Log Name: System

Source: Service Control Manager

Date: 03/27/2017 13:39:26

Event ID: 7001

Task Category: None

Level: Error

Keywords: Classic

User: N/A

Computer: Messer-PC

Description:

The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector 包裝函式與引擎 service which failed to start because of the following error:

The dependency service or group failed to start.

Event Xml:

<Channel>System</Channel>

<Computer>Messer-PC</Computer>

</System>

<Data Name="param1">SMB 2.0 MiniRedirector</Data>

<Data Name="param2">SMB MiniRedirector 包裝函式與引擎</Data>

</EventData>

</Event>

Log Name: System

Source: Service Control Manager

Date: 03/27/2017 13:39:26

Event ID: 7001

Task Category: None

Level: Error

Keywords: Classic

User: N/A

Computer: Messer-PC

Description:

The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector 包裝函式與引擎 service which failed to start because of the following error:

The dependency service or group failed to start.

Event Xml:

<Channel>System</Channel>

<Computer>Messer-PC</Computer>

</System>

<Data Name="param1">SMB 1.x MiniRedirector</Data>

<Data Name="param2">SMB MiniRedirector 包裝函式與引擎</Data>

</EventData>

</Event>

Log Name: System

Source: Service Control Manager

Date: 03/27/2017 13:39:26

Event ID: 7001

Task Category: None

Level: Error

Keywords: Classic

User: N/A

Computer: Messer-PC

Description:

The SMB MiniRedirector 包裝函式與引擎 service depends on the 重新導向緩衝子系統 service which failed to start because of the following error:

A device attached to the system is not functioning.

Event Xml:

<Channel>System</Channel>

<Computer>Messer-PC</Computer>

</System>

<Data Name="param1">SMB MiniRedirector 包裝函式與引擎</Data>

<Data Name="param2">重新導向緩衝子系統</Data>

</EventData>

</Event>

Log Name: System

Source: Service Control Manager

Date: 03/27/2017 13:39:26

Event ID: 7001

Task Category: None

Level: Error

Keywords: Classic

User: N/A

Computer: Messer-PC

Description:

The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error:

The dependency service or group failed to start.

Event Xml:

<Channel>System</Channel>

<Computer>Messer-PC</Computer>

</System>

<Data Name="param1">IP Helper</Data>

<Data Name="param2">Network Store Interface Service</Data>

</EventData>

</Event>

Log Name: System

Source: Service Control Manager

Date: 03/27/2017 13:39:26

Event ID: 7001

Task Category: None

Level: Error

Keywords: Classic

User: N/A

Computer: Messer-PC

Description:

The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error:

The dependency service or group failed to start.

Event Xml:

<Channel>System</Channel>

<Computer>Messer-PC</Computer>

</System>

<Data Name="param1">Workstation</Data>

<Data Name="param2">Network Store Interface Service</Data>

</EventData>

</Event>

Log Name: System

Source: Service Control Manager

Date: 03/27/2017 13:39:26

Event ID: 7001

Task Category: None

Level: Error

Keywords: Classic

User: N/A

Computer: Messer-PC

Description:

The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error:

A device attached to the system is not functioning.

Event Xml:

<Channel>System</Channel>

<Computer>Messer-PC</Computer>

</System>

<Data Name="param1">Network Store Interface Service</Data>

<Data Name="param2">NSI proxy service driver.</Data>

</EventData>

</Event>

Log Name: System

Source: Service Control Manager

Date: 03/27/2017 13:39:26

Event ID: 7001

Task Category: None

Level: Error

Keywords: Classic

User: N/A

Computer: Messer-PC

Description:

The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error:

A device attached to the system is not functioning.

Event Xml:

<Channel>System</Channel>

<Computer>Messer-PC</Computer>

</System>

<Data Name="param1">TCP/IP NetBIOS Helper</Data>

<Data Name="param2">Ancillary Function Driver for Winsock</Data>

</EventData>

</Event>

Log Name: System

Source: Service Control Manager

Date: 03/27/2017 13:39:26

Event ID: 7001

Task Category: None

Level: Error

Keywords: Classic

User: N/A

Computer: Messer-PC

Description:

The DNS Client service depends on the NetIO 傳統 TDI 支援驅動程式 service which failed to start because of the following error:

A device attached to the system is not functioning.

Event Xml:

<Channel>System</Channel>

<Computer>Messer-PC</Computer>

</System>

<Data Name="param1">DNS Client</Data>

<Data Name="param2">NetIO 傳統 TDI 支援驅動程式</Data>

</EventData>

</Event>

Log Name: System

Source: Service Control Manager

Date: 03/27/2017 13:39:26

Event ID: 7001

Task Category: None

Level: Error

Keywords: Classic

User: N/A

Computer: Messer-PC

Description:

The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error:

A device attached to the system is not functioning.

Event Xml:

<Channel>System</Channel>

<Computer>Messer-PC</Computer>

</System>

<Data Name="param1">DHCP Client</Data>

<Data Name="param2">Ancillary Function Driver for Winsock</Data>

</EventData>

</Event>

Log Name: System

Source: Microsoft-Windows-Kernel-Power

Date: 03/27/2017 13:39:15

Event ID: 41

Task Category: (63)

Level: Critical

Keywords: (2)

User: SYSTEM

Computer: Messer-PC

Description:

The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

Event Xml:

<Channel>System</Channel>

<Computer>Messer-PC</Computer>

</System>

<Data Name="SleepInProgress">false</Data>

</EventData>

</Event>

Log Name: System

Source: Microsoft Antimalware

Date: 03/27/2017 13:39:27

Event ID: 3002

Task Category: None

Level: Error

Keywords: Classic

User: N/A

Computer: MESSER-PC

Description:

Microsoft Antimalware Real-Time Protection feature has encountered an error and failed.

Feature: On Access

Error Code: 0x8007043c

Error description: 無法在安全模式中啟動這項服務

Reason: Antimalware protection has stopped functioning for an unknown reason. In some instances, restarting the service may resolve the problem.

Event Xml:

<Channel>System</Channel>

<Computer>MESSER-PC</Computer>

</System>

<Data>無法在安全模式中啟動這項服務 </Data>

</EventData>

</Event>

Log Name: System

Source: Microsoft-Windows-WLAN-AutoConfig

Date: 03/27/2017 13:37:58

Event ID: 10000

Task Category: None

Level: Error

Keywords:

User: SYSTEM

Computer: Messer-PC

Description:

WLAN Extensibility Module has failed to start.

Module Path: C:\Windows\system32\Rtlihvs.dll

Error Code: 126

Event Xml:

<Channel>System</Channel>

<Computer>Messer-PC</Computer>

</System>

<Data Name="ExtensibleModulePath">C:\Windows\system32\Rtlihvs.dll</Data>

</EventData>

</Event>

Log Name: System

Source: Microsoft-Windows-Kernel-Power

Date: 03/27/2017 13:37:40

Event ID: 41

Task Category: (63)

Level: Critical

Keywords: (2)

User: SYSTEM

Computer: Messer-PC

Description:

The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

Event Xml:

<Channel>System</Channel>

<Computer>Messer-PC</Computer>

</System>

<Data Name="SleepInProgress">false</Data>

</EventData>

</Event>

Log Name: System

Source: Service Control Manager

Date: 03/27/2017 13:37:03

Event ID: 7000

Task Category: None

Level: Error

Keywords: Classic

User: N/A

Computer: Messer-PC

Description:

The Windows Presentation Foundation Font Cache 3.0.0.0 service failed to start due to the following error:

The service did not respond to the start or control request in a timely fashion.

Event Xml:

<Channel>System</Channel>

<Computer>Messer-PC</Computer>

</System>

<Data Name="param1">Windows Presentation Foundation Font Cache 3.0.0.0</Data>

</EventData>

</Event>

Log Name: System

Source: Service Control Manager

Date: 03/27/2017 13:37:03

Event ID: 7009

Task Category: None

Level: Error

Keywords: Classic

User: N/A

Computer: Messer-PC

Description:

A timeout was reached (30000 milliseconds) while waiting for the Windows Presentation Foundation Font Cache 3.0.0.0 service to connect.

Event Xml:

<Channel>System</Channel>

<Computer>Messer-PC</Computer>

</System>

<Data Name="param2">Windows Presentation Foundation Font Cache 3.0.0.0</Data>

</EventData>

</Event>

Log Name: System

Source: Service Control Manager

Date: 03/27/2017 13:36:33

Event ID: 7001

Task Category: None

Level: Error

Keywords: Classic

User: N/A

Computer: Messer-PC

Description:

The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:

After starting, the service hung in a start-pending state.

Event Xml:

<Channel>System</Channel>

<Computer>Messer-PC</Computer>

</System>

<Data Name="param1">Network List Service</Data>

<Data Name="param2">Network Location Awareness</Data>

</EventData>

</Event>

Log Name: System

Source: Service Control Manager

Date: 03/27/2017 13:36:33

Event ID: 7022

Task Category: None

Level: Error

Keywords: Classic

User: N/A

Computer: Messer-PC

Description:

The Network Location Awareness service hung on starting.

Event Xml:

<Channel>System</Channel>

<Computer>Messer-PC</Computer>

</System>

<Data Name="param1">Network Location Awareness</Data>

</EventData>

</Event>

Log Name: System

Source: Service Control Manager

Date: 03/27/2017 13:35:10

Event ID: 7022

Task Category: None

Level: Error

Keywords: Classic

User: N/A

Computer: Messer-PC

Description:

The Windows Image Acquisition (WIA) service hung on starting.

Event Xml:

<Channel>System</Channel>

<Computer>Messer-PC</Computer>

</System>

<Data Name="param1">Windows Image Acquisition (WIA)</Data>

</EventData>

</Event>

Log Name: System

Source: Service Control Manager

Date: 03/27/2017 13:35:08

Event ID: 7022

Task Category: None

Level: Error

Keywords: Classic

User: N/A

Computer: Messer-PC

Description:

The Network Location Awareness service hung on starting.

Event Xml:

<Channel>System</Channel>

<Computer>Messer-PC</Computer>

</System>

<Data Name="param1">Network Location Awareness</Data>

</EventData>

</Event>

Log Name: System

Source: Service Control Manager

Date: 03/27/2017 13:33:46

Event ID: 7000

Task Category: None

Level: Error

Keywords: Classic

User: N/A

Computer: Messer-PC

Description:

The XLServicePlatform service failed to start due to the following error:

The service did not respond to the start or control request in a timely fashion.

Event Xml:

<Channel>System</Channel>

<Computer>Messer-PC</Computer>

</System>

<Data Name="param1">XLServicePlatform</Data>

</EventData>

</Event>

Log Name: System

Source: Service Control Manager

Date: 03/27/2017 13:33:46

Event ID: 7009

Task Category: None

Level: Error

Keywords: Classic

User: N/A

Computer: Messer-PC

Description:

A timeout was reached (30000 milliseconds) while waiting for the XLServicePlatform service to connect.

Event Xml:

<Channel>System</Channel>

<Computer>Messer-PC</Computer>

</System>

<Data Name="param2">XLServicePlatform</Data>

</EventData>

</Event>

Log Name: System

Source: Microsoft-Windows-WLAN-AutoConfig

Date: 03/27/2017 13:33:04

Event ID: 10000

Task Category: None

Level: Error

Keywords:

User: SYSTEM

Computer: Messer-PC

Description:

WLAN Extensibility Module has failed to start.

Module Path: C:\Windows\system32\Rtlihvs.dll

Error Code: 126

Event Xml:

<Channel>System</Channel>

<Computer>Messer-PC</Computer>

</System>

<Data Name="ExtensibleModulePath">C:\Windows\system32\Rtlihvs.dll</Data>

</EventData>

</Event>

Log Name: System

Source: Microsoft-Windows-WLAN-AutoConfig

Date: 03/27/2017 13:32:34

Event ID: 4001

Task Category: None

Level: Warning

Keywords:

User: SYSTEM

Computer: Messer-PC

Description:

WLAN AutoConfig service has successfully stopped.

Event Xml:

<Channel>System</Channel>

<Computer>Messer-PC</Computer>

</System>

</EventData>

</Event>

Log Name: System

Source: Service Control Manager

Date: 03/27/2017 13:30:27

Event ID: 7001

Task Category: None

Level: Error

Keywords: Classic

User: N/A

Computer: Messer-PC

Description:

The Computer Browser service depends on the Server service which failed to start because of the following error:

The dependency service or group failed to start.

Event Xml:

<Channel>System</Channel>

<Computer>Messer-PC</Computer>

</System>

<Data Name="param1">Computer Browser</Data>

<Data Name="param2">Server</Data>

</EventData>

</Event>

Log Name: System

Source: Service Control Manager

Date: 03/27/2017 13:30:27

Event ID: 7001

Task Category: None

Level: Error

Keywords: Classic

User: N/A

Computer: Messer-PC

Description:

The Computer Browser service depends on the Server service which failed to start because of the following error:

The dependency service or group failed to start.

Event Xml:

<Channel>System</Channel>

<Computer>Messer-PC</Computer>

</System>

<Data Name="param1">Computer Browser</Data>

<Data Name="param2">Server</Data>

</EventData>

</Event>

Log Name: System

Source: Service Control Manager

Date: 03/27/2017 13:30:27

Event ID: 7001

Task Category: None

Level: Error

Keywords: Classic

User: N/A

Computer: Messer-PC

Description:

The Computer Browser service depends on the Server service which failed to start because of the following error:

The dependency service or group failed to start.

Event Xml:

<Channel>System</Channel>

<Computer>Messer-PC</Computer>

</System>

<Data Name="param1">Computer Browser</Data>

<Data Name="param2">Server</Data>

</EventData>

</Event>

Log Name: System

Source: Microsoft-Windows-DistributedCOM

Date: 03/27/2017 13:29:06

Event ID: 10005

Task Category: None

Level: Error

Keywords: Classic

User: N/A

Computer: Messer-PC

Description:

DCOM got error "1068" attempting to start the service BITS with arguments "" in order to run the server:

{4991D34B-80A1-4291-83B6-3328366B9097}

Event Xml:

<Channel>System</Channel>

<Computer>Messer-PC</Computer>

</System>

</Data>

</EventData>

</Event>

Log Name: System

Source: Service Control Manager

Date: 03/27/2017 13:25:27

Event ID: 7001

Task Category: None

Level: Error

Keywords: Classic

User: N/A

Computer: Messer-PC

Description:

The Computer Browser service depends on the Server service which failed to start because of the following error:

The dependency service or group failed to start.

Event Xml:

<Channel>System</Channel>

<Computer>Messer-PC</Computer>

</System>

<Data Name="param1">Computer Browser</Data>

<Data Name="param2">Server</Data>

</EventData>

</Event>

Log Name: System

Source: Service Control Manager

Date: 03/27/2017 13:25:27

Event ID: 7001

Task Category: None

Level: Error

Keywords: Classic

User: N/A

Computer: Messer-PC

Description:

The Computer Browser service depends on the Server service which failed to start because of the following error:

The dependency service or group failed to start.

Event Xml:

<Channel>System</Channel>

<Computer>Messer-PC</Computer>

</System>

<Data Name="param1">Computer Browser</Data>

<Data Name="param2">Server</Data>

</EventData>

</Event>

Log Name: System

Source: Service Control Manager

Date: 03/27/2017 13:25:27

Event ID: 7001

Task Category: None

Level: Error

Keywords: Classic

User: N/A

Computer: Messer-PC

Description:

The Computer Browser service depends on the Server service which failed to start because of the following error:

The dependency service or group failed to start.

Event Xml:

<Channel>System</Channel>

<Computer>Messer-PC</Computer>

</System>

<Data Name="param1">Computer Browser</Data>

<Data Name="param2">Server</Data>

</EventData>

</Event>

Log Name: System

Source: Service Control Manager

Date: 03/27/2017 13:23:19

Event ID: 7001

Task Category: None

Level: Error

Keywords: Classic

User: N/A

Computer: Messer-PC

Description:

The Computer Browser service depends on the Server service which failed to start because of the following error:

The dependency service or group failed to start.

Event Xml:

<Channel>System</Channel>

<Computer>Messer-PC</Computer>

</System>

<Data Name="param1">Computer Browser</Data>

<Data Name="param2">Server</Data>

</EventData>

</Event>

Log Name: System

Source: Service Control Manager

Date: 03/27/2017 13:23:19

Event ID: 7001

Task Category: None

Level: Error

Keywords: Classic

User: N/A

Computer: Messer-PC

Description:

The Computer Browser service depends on the Server service which failed to start because of the following error:

The dependency service or group failed to start.

Event Xml:

<Channel>System</Channel>

<Computer>Messer-PC</Computer>

</System>

<Data Name="param1">Computer Browser</Data>

<Data Name="param2">Server</Data>

</EventData>

</Event>

Log Name: System

Source: Service Control Manager

Date: 03/27/2017 13:23:19

Event ID: 7001

Task Category: None

Level: Error

Keywords: Classic

User: N/A

Computer: Messer-PC

Description:

The Computer Browser service depends on the Server service which failed to start because of the following error:

The dependency service or group failed to start.

Event Xml:

<Channel>System</Channel>

<Computer>Messer-PC</Computer>

</System>

<Data Name="param1">Computer Browser</Data>

<Data Name="param2">Server</Data>

</EventData>

</Event>

Log Name: System

Source: Service Control Manager

Date: 03/27/2017 13:23:15

Event ID: 7001

Task Category: None

Level: Error

Keywords: Classic

User: N/A

Computer: Messer-PC

Description:

The Computer Browser service depends on the Server service which failed to start because of the following error:

The dependency service or group failed to start.

Event Xml:

<Channel>System</Channel>

<Computer>Messer-PC</Computer>

</System>

<Data Name="param1">Computer Browser</Data>

<Data Name="param2">Server</Data>

</EventData>

</Event>

Log Name: System

Source: Service Control Manager

Date: 03/27/2017 13:23:15

Event ID: 7001

Task Category: None

Level: Error

Keywords: Classic

User: N/A

Computer: Messer-PC

Description:

The Computer Browser service depends on the Server service which failed to start because of the following error:

The dependency service or group failed to start.

Event Xml:

<Channel>System</Channel>

<Computer>Messer-PC</Computer>

</System>

<Data Name="param1">Computer Browser</Data>

<Data Name="param2">Server</Data>

</EventData>

</Event>

Log Name: System

Source: Service Control Manager

Date: 03/27/2017 13:23:15

Event ID: 7001

Task Category: None

Level: Error

Keywords: Classic

User: N/A

Computer: Messer-PC

Description:

The Computer Browser service depends on the Server service which failed to start because of the following error:

The dependency service or group failed to start.

Event Xml:

<Channel>System</Channel>

<Computer>Messer-PC</Computer>

</System>

<Data Name="param1">Computer Browser</Data>

<Data Name="param2">Server</Data>

</EventData>

</Event>

Log Name: System

Source: Service Control Manager

Date: 03/27/2017 13:23:13

Event ID: 7001

Task Category: None

Level: Error

Keywords: Classic

User: N/A

Computer: Messer-PC

Description:

The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error:

The dependency service or group failed to start.

Event Xml:

<Channel>System</Channel>

<Computer>Messer-PC</Computer>

</System>

<Data Name="param1">HomeGroup Provider</Data>

<Data Name="param2">Function Discovery Provider Host</Data>

</EventData>

</Event>

Log Name: System

Source: Service Control Manager

Date: 03/27/2017 13:23:11

Event ID: 7001

Task Category: None

Level: Error

Keywords: Classic

User: N/A

Computer: Messer-PC

Description:

The Computer Browser service depends on the Server service which failed to start because of the following error:

The dependency service or group failed to start.

Event Xml:

<Channel>System</Channel>

<Computer>Messer-PC</Computer>

</System>

<Data Name="param1">Computer Browser</Data>

<Data Name="param2">Server</Data>

</EventData>

</Event>

Log Name: System

Source: Service Control Manager

Date: 03/27/2017 13:23:11

Event ID: 7001

Task Category: None

Level: Error

Keywords: Classic

User: N/A

Computer: Messer-PC

Description:

The Computer Browser service depends on the Server service which failed to start because of the following error:

The dependency service or group failed to start.

Event Xml:

<Channel>System</Channel>

<Computer>Messer-PC</Computer>

</System>

<Data Name="param1">Computer Browser</Data>

<Data Name="param2">Server</Data>

</EventData>

</Event>

Log Name: System

Source: Service Control Manager

Date: 03/27/2017 13:23:11

Event ID: 7001

Task Category: None

Level: Error

Keywords: Classic

User: N/A

Computer: Messer-PC

Description:

The Computer Browser service depends on the Server service which failed to start because of the following error:

The dependency service or group failed to start.

Event Xml:

<Channel>System</Channel>

<Computer>Messer-PC</Computer>

</System>

<Data Name="param1">Computer Browser</Data>

<Data Name="param2">Server</Data>

</EventData>

</Event>

Log Name: System

Source: Service Control Manager

Date: 03/27/2017 13:23:11

Event ID: 7001

Task Category: None

Level: Error

Keywords: Classic

User: N/A

Computer: Messer-PC

Description:

The Computer Browser service depends on the Server service which failed to start because of the following error:

The dependency service or group failed to start.

Event Xml:

<Channel>System</Channel>

<Computer>Messer-PC</Computer>

</System>

<Data Name="param1">Computer Browser</Data>

<Data Name="param2">Server</Data>

</EventData>

</Event>

Log Name: System

Source: Service Control Manager

Date: 03/27/2017 13:23:11

Event ID: 7001

Task Category: None

Level: Error

Keywords: Classic

User: N/A

Computer: Messer-PC

Description:

The Computer Browser service depends on the Server service which failed to start because of the following error:

The dependency service or group failed to start.

Event Xml:

<Channel>System</Channel>

<Computer>Messer-PC</Computer>

</System>

<Data Name="param1">Computer Browser</Data>

<Data Name="param2">Server</Data>

</EventData>

</Event>

Log Name: System

Source: Service Control Manager

Date: 03/27/2017 13:23:11

Event ID: 7001

Task Category: None

Level: Error

Keywords: Classic

User: N/A

Computer: Messer-PC

Description:

The Computer Browser service depends on the Server service which failed to start because of the following error:

The dependency service or group failed to start.

Event Xml:

<Channel>System</Channel>

<Computer>Messer-PC</Computer>

</System>

<Data Name="param1">Computer Browser</Data>

<Data Name="param2">Server</Data>

</EventData>

</Event>

Log Name: System

Source: Service Control Manager

Date: 03/27/2017 13:23:09

Event ID: 7001

Task Category: None

Level: Error

Keywords: Classic

User: N/A

Computer: Messer-PC

Description:

The Computer Browser service depends on the Server service which failed to start because of the following error:

The dependency service or group failed to start.

Event Xml:

<Channel>System</Channel>

<Computer>Messer-PC</Computer>

</System>

<Data Name="param1">Computer Browser</Data>

<Data Name="param2">Server</Data>

</EventData>

</Event>

Log Name: System

Source: Service Control Manager

Date: 03/27/2017 13:23:09

Event ID: 7001

Task Category: None

Level: Error

Keywords: Classic

User: N/A

Computer: Messer-PC

Description:

The Computer Browser service depends on the Server service which failed to start because of the following error:

The dependency service or group failed to start.

Event Xml:

<Channel>System</Channel>

<Computer>Messer-PC</Computer>

</System>

<Data Name="param1">Computer Browser</Data>

<Data Name="param2">Server</Data>

</EventData>

</Event>

Log Name: System

Source: Service Control Manager

Date: 03/27/2017 13:23:09

Event ID: 7001

Task Category: None

Level: Error

Keywords: Classic

User: N/A

Computer: Messer-PC

Description:

The Computer Browser service depends on the Server service which failed to start because of the following error:

The dependency service or group failed to start.

Event Xml:

<Channel>System</Channel>

<Computer>Messer-PC</Computer>

</System>

<Data Name="param1">Computer Browser</Data>

<Data Name="param2">Server</Data>

</EventData>

</Event>

Log Name: System

Source: Microsoft-Windows-WLAN-AutoConfig

Date: 03/27/2017 13:23:02

Event ID: 10000

Task Category: None

Level: Error

Keywords:

User: SYSTEM

Computer: Messer-PC

Description:

WLAN Extensibility Module has failed to start.

Module Path: C:\Windows\system32\Rtlihvs.dll

Error Code: 21

Event Xml:

<Channel>System</Channel>

<Computer>Messer-PC</Computer>

</System>

<Data Name="ExtensibleModulePath">C:\Windows\system32\Rtlihvs.dll</Data>

</EventData>

</Event>

Log Name: System

Source: Microsoft-Windows-DistributedCOM

Date: 03/27/2017 13:22:55

Event ID: 10005

Task Category: None

Level: Error

Keywords: Classic

User: N/A

Computer: Messer-PC

Description:

DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server:

{9E175B6D-F52A-11D8-B9A5-505054503030}

Event Xml:

<Channel>System</Channel>

<Computer>Messer-PC</Computer>

</System>

<Data Name="param2">WSearch</Data>

</Data>

</EventData>

</Event>

Log Name: System

Source: Microsoft-Windows-DistributedCOM

Date: 03/27/2017 13:22:55

Event ID: 10005

Task Category: None

Level: Error

Keywords: Classic

User: N/A

Computer: Messer-PC

Description:

DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server:

{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

Event Xml:

<Channel>System</Channel>

<Computer>Messer-PC</Computer>

</System>

<Data Name="param2">WSearch</Data>

</Data>

</EventData>

</Event>

Log Name: System

Source: Microsoft-Windows-DistributedCOM

Date: 03/27/2017 13:22:53

Event ID: 10005

Task Category: None

Level: Error

Keywords: Classic

User: N/A

Computer: Messer-PC

Description:

DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server:

{1BE1F766-5536-11D1-B726-00C04FB926AF}

Event Xml:

<Channel>System</Channel>

<Computer>Messer-PC</Computer>

</System>

<Data Name="param2">EventSystem</Data>

</Data>

</EventData>

</Event>

Log Name: System

Source: Microsoft-Windows-DistributedCOM

Date: 03/27/2017 13:22:47

Event ID: 10005

Task Category: None

Level: Error

Keywords: Classic

User: N/A

Computer: Messer-PC

Description:

DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server:

{DD522ACC-F821-461A-A407-50B198B896DC}

Event Xml:

<Channel>System</Channel>

<Computer>Messer-PC</Computer>

</System>

<Data Name="param2">ShellHWDetection</Data>

</Data>

</EventData>

</Event>

Log Name: System

Source: Service Control Manager

Date: 03/27/2017 13:22:46

Event ID: 7026

Task Category: None

Level: Error

Keywords: Classic

User: N/A

Computer: Messer-PC

Description:

The following boot-start or system-start driver(s) failed to load:

discache

MpFilter

spldr

Wanarpv6

XLGuard

Event Xml:

<Channel>System</Channel>

<Computer>Messer-PC</Computer>

</System>

discache

MpFilter

spldr

Wanarpv6

XLGuard</Data>

</EventData>

</Event>

Log Name: System

Source: Microsoft-Windows-Kernel-Power

Date: 03/27/2017 13:22:29

Event ID: 41

Task Category: (63)

Level: Critical

Keywords: (2)

User: SYSTEM

Computer: Messer-PC

Description:

The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

Event Xml:

<Channel>System</Channel>

<Computer>Messer-PC</Computer>

</System>

<Data Name="SleepInProgress">false</Data>

</EventData>

</Event>

Log Name: System

Source: Service Control Manager

Date: 03/27/2017 13:21:38

Event ID: 7011

Task Category: None

Level: Error

Keywords: Classic

User: N/A

Computer: Messer-PC

Description:

A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Apple Mobile Device Service service.

Event Xml:

<Channel>System</Channel>

<Computer>Messer-PC</Computer>

</System>

<Data Name="param2">Apple Mobile Device Service</Data>

</EventData>

</Event>

Log Name: System

Source: Microsoft-Windows-DNS-Client

Date: 03/27/2017 13:21:26

Event ID: 1014

Task Category: None

Level: Warning

Keywords:

User: NETWORK SERVICE

Computer: Messer-PC

Description:

Name resolution for the name settings-win.data.microsoft.com timed out after none of the configured DNS servers responded.

Event Xml:

<Channel>System</Channel>

<Computer>Messer-PC</Computer>

</System>

<Data Name="QueryName">settings-win.data.microsoft.com</Data>

</EventData>

</Event>

Log Name: System

Source: Service Control Manager

Date: 03/27/2017 13:21:13

Event ID: 7009

Task Category: None

Level: Error

Keywords: Classic

User: N/A

Computer: Messer-PC

Description:

A timeout was reached (30000 milliseconds) while waiting for the Windows Presentation Foundation Font Cache 3.0.0.0 service to connect.

Event Xml:

<Channel>System</Channel>

<Computer>Messer-PC</Computer>

</System>

<Data Name="param2">Windows Presentation Foundation Font Cache 3.0.0.0</Data>

</EventData>

</Event>

Log Name: System

Source: Service Control Manager

Date: 03/27/2017 13:20:42

Event ID: 7022

Task Category: None

Level: Error

Keywords: Classic

User: N/A

Computer: Messer-PC

Description:

The Windows Image Acquisition (WIA) service hung on starting.

Event Xml:

<Channel>System</Channel>

<Computer>Messer-PC</Computer>

</System>

<Data Name="param1">Windows Image Acquisition (WIA)</Data>

</EventData>

</Event>

Log Name: System

Source: Service Control Manager

Date: 03/27/2017 13:20:40

Event ID: 7022

Task Category: None

Level: Error

Keywords: Classic

User: N/A

Computer: Messer-PC

Description:

The Network Location Awareness service hung on starting.

Event Xml:

<Channel>System</Channel>

<Computer>Messer-PC</Computer>

</System>

<Data Name="param1">Network Location Awareness</Data>

</EventData>

</Event>

Log Name: System

Source: Service Control Manager

Date: 03/27/2017 13:19:17

Event ID: 7000

Task Category: None

Level: Error

Keywords: Classic

User: N/A

Computer: Messer-PC

Description:

The XLServicePlatform service failed to start due to the following error:

The service did not respond to the start or control request in a timely fashion.

Event Xml:

<Channel>System</Channel>

<Computer>Messer-PC</Computer>

</System>

<Data Name="param1">XLServicePlatform</Data>

</EventData>

</Event>

Log Name: System

Source: Service Control Manager

Date: 03/27/2017 13:19:17

Event ID: 7009

Task Category: None

Level: Error

Keywords: Classic

User: N/A

Computer: Messer-PC

Description:

A timeout was reached (30000 milliseconds) while waiting for the XLServicePlatform service to connect.

Event Xml:

<Channel>System</Channel>

<Computer>Messer-PC</Computer>

</System>

<Data Name="param2">XLServicePlatform</Data>

</EventData>

</Event>

Log Name: System

Source: Microsoft-Windows-WLAN-AutoConfig

Date: 03/27/2017 13:18:35

Event ID: 10000

Task Category: None

Level: Error

Keywords:

User: SYSTEM

Computer: Messer-PC

Description:

WLAN Extensibility Module has failed to start.

Module Path: C:\Windows\system32\Rtlihvs.dll

Error Code: 126

Event Xml:

<Channel>System</Channel>

<Computer>Messer-PC</Computer>

</System>

<Data Name="ExtensibleModulePath">C:\Windows\system32\Rtlihvs.dll</Data>

</EventData>

</Event>

Log Name: System

Source: Microsoft-Windows-Kernel-PnP

Date: 03/27/2017 13:18:25

Event ID: 219

Task Category: (212)

Level: Warning

Keywords:

User: SYSTEM

Computer: Messer-PC

Description:

The driver \Driver\WUDFRd failed to load for the device USB\VID_04E8&PID_6860&MS_COMP_MTP&SAMSUNG_Android\7&9371286&0&0000.

Event Xml:

<Channel>System</Channel>

<Computer>Messer-PC</Computer>

</System>

<Data Name="DriverName">USB\VID_04E8&PID_6860&MS_COMP_MTP&SAMSUNG_Android\7&9371286&0&0000</Data>

<Data Name="FailureName">\Driver\WUDFRd</Data>

</EventData>

</Event>

Log Name: System

Source: Microsoft-Windows-Kernel-Power

Date: 03/27/2017 13:18:18

Event ID: 41

Task Category: (63)

Level: Critical

Keywords: (2)

User: SYSTEM

Computer: Messer-PC

Description:

The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

Event Xml:

<Channel>System</Channel>

<Computer>Messer-PC</Computer>

</System>

<Data Name="SleepInProgress">false</Data>

</EventData>

</Event>

Log Name: System

Source: Service Control Manager

Date: 03/27/2017 13:17:03

Event ID: 7000

Task Category: None

Level: Error

Keywords: Classic

User: N/A

Computer: Messer-PC

Description:

The XLServicePlatform service failed to start due to the following error:

The service did not respond to the start or control request in a timely fashion.

Event Xml:

<Channel>System</Channel>

<Computer>Messer-PC</Computer>

</System>

<Data Name="param1">XLServicePlatform</Data>

</EventData>

</Event>

Log Name: System

Source: Service Control Manager

Date: 03/27/2017 13:17:03

Event ID: 7009

Task Category: None

Level: Error

Keywords: Classic

User: N/A

Computer: Messer-PC

Description:

A timeout was reached (30000 milliseconds) while waiting for the XLServicePlatform service to connect.

Event Xml:

<Channel>System</Channel>

<Computer>Messer-PC</Computer>

</System>

<Data Name="param2">XLServicePlatform</Data>

</EventData>

</Event>

Log Name: System

Source: Microsoft-Windows-WLAN-AutoConfig

Date: 03/27/2017 13:16:22

Event ID: 10000

Task Category: None

Level: Error

Keywords:

User: SYSTEM

Computer: Messer-PC

Description:

WLAN Extensibility Module has failed to start.

Module Path: C:\Windows\system32\Rtlihvs.dll

Error Code: 126

Event Xml:

<Channel>System</Channel>

<Computer>Messer-PC</Computer>

</System>

<Data Name="ExtensibleModulePath">C:\Windows\system32\Rtlihvs.dll</Data>

</EventData>

</Event>

Log Name: System

Source: Microsoft-Windows-Kernel-PnP

Date: 03/27/2017 13:16:12

Event ID: 219

Task Category: (212)

Level: Warning

Keywords:

User: SYSTEM

Computer: Messer-PC

Description:

The driver \Driver\WUDFRd failed to load for the device USB\VID_04E8&PID_6860&MS_COMP_MTP&SAMSUNG_Android\7&9371286&0&0000.

Event Xml:

<Channel>System</Channel>

<Computer>Messer-PC</Computer>

</System>

<Data Name="DriverName">USB\VID_04E8&PID_6860&MS_COMP_MTP&SAMSUNG_Android\7&9371286&0&0000</Data>

<Data Name="FailureName">\Driver\WUDFRd</Data>

</EventData>

</Event>

#2
Jr0x

Posted 27 March 2017 - 06:48 AM

Malware removal team

Malware Removal
1,830 posts

Hi Lucy Messer,

Welcome to . My name is Jr0x and I'll be helping you with your problem.

Before we get started, there are a few things I need you to take note of.

Please read through the instructions before attempting to follow those procedures. I would recommend printing them out as some of the instructions would requires you to be in safe mode / offline.
If there is anything you are unclear of, please ask before you start the fix.
Do not run any scripts / tools on your own, unsupervised usage may cause more harm than good.
Please stay with me on this thread, do not start another thread in here (Geeks To Go) or any other forum until I've declared you clean and good to go.
There may be delayed response to you as we may live in different timezone.
Inform me of anything that happens unexpectedly during the fix at any point of time.
As much as we like to make this a easy process for you. Malware removal is a complex multi-step process, and things may happen such as data loss or render your machine unbootable. I would recommend that you backup your personal data before we proceed.
Posts that are not replied to in four (4) days will result in the topic being closed. We have not forgotten you; this is just an effort to keep the boards organized and flowing. To continue on your closed topic, please PM me or any Moderator to have the topic reactivated. If, at any time during our working together, I have not responded to you in 2 days (48 hours), then please PM me.
Please do not attach any log files to your replies unless I specifically ask you. Instead please copy and paste so as to include the log in your reply. You can do this in separate posts if it's easier for you.
As we go along please tell me how the computer is running now. Please be as descriptive as possible e.g. I'm still getting web redirects, I am unable to access the internet etc.

Let's get started.

Let's try to ensure that your issue isn't caused by malware of any sort before we move to other your other issue.

Scan with Farbar's Recovery Scan Tool (FRST)

Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
Press Scan button.
It will produce a log called FRST.txt in the same directory the tool is run from.
Please copy and paste log back here.
The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.

#3
Lucy Messer

Posted 27 March 2017 - 07:55 AM

New Member

Topic Starter
Member
7 posts

Addition.txt:

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 15-03-2017

Ran by Messer (27-03-2017 21:53:26)

Running from C:\Setup

Windows 7 Ultimate Service Pack 1 (X64) (2016-09-24 11:57:54)

Boot Mode: Normal

==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-3218008429-776623121-1360039219-500 - Administrator - Disabled)

Guest (S-1-5-21-3218008429-776623121-1360039219-501 - Limited - Disabled)

HomeGroupUser$ (S-1-5-21-3218008429-776623121-1360039219-1002 - Limited - Enabled)

Messer (S-1-5-21-3218008429-776623121-1360039219-1000 - Administrator - Enabled) => C:\Users\Messer

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Up to date) {71A27EC9-3DA6-45FC-60A7-004F623C6189}

AS: Microsoft Security Essentials (Enabled - Up to date) {CAC39F2D-1B9C-4A72-5A17-3B3D19BB2B34}

AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

360云盘 (HKLM-x32\...\360云盘网盘版) (Version: 6.6.0.1301 - 360安全中心)

Adobe Acrobat 7.1.0 Professional - English, Français, Deutsch (HKLM-x32\...\Adobe Acrobat 7.0 Professional - English, Français, Deutsch - V) (Version: 7.1.0 - Adobe Systems)

Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.023.20070 - Adobe Systems Incorporated)

Adobe Audition 3.0 (HKLM-x32\...\Adobe Audition 3.0) (Version: 3.0 - Adobe Systems Incorporated)

Adobe Flash Player 25 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 25.0.0.127 - Adobe Systems Incorporated)

Adobe Flash Player 25 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 25.0.0.127 - Adobe Systems Incorporated)

Adobe Photoshop CS2 (HKLM-x32\...\Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0409-1E257A25E34D}) (Version: 9.0 - Adobe Systems, Inc.)

Apple Application Support (32-bit) (HKLM-x32\...\{05E07D23-91E9-4E70-A4CC-EF505088F967}) (Version: 5.4.1 - Apple Inc.)

Apple Application Support (64-bit) (HKLM\...\{741291DA-2B34-4D44-8FB6-58EDE21261D8}) (Version: 5.4.1 - Apple Inc.)

Apple Mobile Device Support (HKLM\...\{DB18F1C0-846F-46F5-A074-5B97C8AF5C8E}) (Version: 10.3.1.2 - Apple Inc.)

Apple Software Update (HKLM-x32\...\{52D87F32-70E4-4348-8148-C0B9F35B1314}) (Version: 2.3.0.177 - Apple Inc.)

Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)

Easy Subtitles Synchronizer (HKLM-x32\...\{A35461B1-DFFD-48AE-A672-3C96A08B6A96}) (Version: 1.1.0 - ESS)

Google Chrome (HKLM-x32\...\Google Chrome) (Version: 56.0.2924.87 - Google Inc.)

Google Drive (HKLM-x32\...\{A1238426-ECDF-4639-BE2F-8D12A97AE23C}) (Version: 2.34.5075.1619 - Google, Inc.)

Google Update Helper (x32 Version: 1.3.32.7 - Google Inc.) Hidden

HD Video Converter Factory 9.3 (HKLM-x32\...\HD Video Converter Factory) (Version: 9.3 - WonderFox Soft, Inc.)

HP LaserJet 1020 Series (HKLM\...\HP LaserJet 1020 Series) (Version: - )

HP Officejet 6500 E710n-z 基本裝置軟體 (HKLM\...\{12C797B4-60FF-4F75-88AF-0179565A3618}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)

HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)

I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)

Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.14.4264 - Intel Corporation)

Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 14.5.0.1081 - Intel Corporation)

Intel® USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 3.0.0.16 - Intel Corporation)

Intel® 晶片組裝置軟體 (x32 Version: 10.1.1.8 - Intel® Corporation) Hidden

iTunes (HKLM\...\{164600BE-9CEC-44E6-9B38-2B12D5FE2342}) (Version: 12.6.0.100 - Apple Inc.)

Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)

Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)

Microsoft .NET Framework 4.6.1 (简体中文) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 2052) (Version: 4.6.01055 - Microsoft Corporation)

Microsoft .NET Framework 4.6.1 (繁體中文) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1028) (Version: 4.6.01055 - Microsoft Corporation)

Microsoft ASP.NET MVC 2 (HKLM-x32\...\{DD8FF2F3-0D97-4CF3-AF78-FA0E1B242244}) (Version: 2.0.60926.0 - Microsoft Corporation)

Microsoft Office 365 ProPlus - en-us (HKLM\...\O365ProPlusRetail - en-us) (Version: 16.0.7766.2060 - Microsoft Corporation)

Microsoft Office IME 2010 (Traditional Chinese) (HKLM\...\IME14SS.1028) (Version: 14.0.6119.5000 - Microsoft Corporation)

Microsoft OneDrive (HKU\S-1-5-21-3218008429-776623121-1360039219-1000\...\OneDriveSetup.exe) (Version: 17.3.6798.0207 - Microsoft Corporation)

Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.10.209.0 - Microsoft Corporation)

Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50905.0 - Microsoft Corporation)

Office 16 Click-to-Run Extensibility Component (Version: 16.0.7766.2047 - Microsoft Corporation) Hidden

Office 16 Click-to-Run Licensing Component (Version: 16.0.7766.2047 - Microsoft Corporation) Hidden

Office 16 Click-to-Run Localization Component (Version: 16.0.7668.2066 - Microsoft Corporation) Hidden

Opera Stable 43.0.2442.1144 (HKLM-x32\...\Opera 43.0.2442.1144) (Version: 43.0.2442.1144 - Opera Software)

Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.92.115.2015 - Realtek)

TP-LINK USB Printer Controller (HKLM-x32\...\{7C3B2884-0F53-4FBD-AB2A-192BD4FB01A1}) (Version: 1.14.0613 - TP-LINK)

VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.4 - VideoLAN)

百度网盘 (HKLM-x32\...\百度云管家) (Version: 5.5.1 - 百度在线网络技术北京有限公司)

迅雷7 (HKLM-x32\...\thunder_is1) (Version: - 迅雷网络技术有限公司)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-3218008429-776623121-1360039219-1000_Classes\CLSID\{162C6FB5-44D3-435B-903D-E613FA093FB5}\InprocServer32 -> C:\Users\Messer\AppData\Local\Microsoft\OneDrive\17.3.6798.0207\amd64\FileCoAuthLib64.dll (Microsoft Corporation)

CustomCLSID: HKU\S-1-5-21-3218008429-776623121-1360039219-1000_Classes\CLSID\{679F137C-3162-45da-BE3C-2F9C3D093F64}\InprocServer32 -> C:\Windows\system32\shdocvw.dll (Microsoft Corporation)

CustomCLSID: HKU\S-1-5-21-3218008429-776623121-1360039219-1000_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\Windows\system32\igfxEM.exe (Intel Corporation)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {006D6F8A-4F2C-49CC-B8F0-E6B68D557240} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2017-02-18] (Microsoft Corporation)

Task: {12934D5A-33CB-4C52-A22B-50EE74B817EA} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-09-24] (Google Inc.)

Task: {153C592C-B55F-42B9-B9F8-1E06510C957A} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2017-02-14] (Apple Inc.)

Task: {18983CCD-7588-4EEC-9AE7-7C65A04037A5} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2017-02-18] (Microsoft Corporation)

Task: {21125851-0D34-45CF-B4BC-4C217DBF1E14} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-03-16] (Adobe Systems Incorporated)

Task: {2784EA12-3FE6-4DEC-975E-4BF8B1834304} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [2017-02-19] (Microsoft Corporation)

Task: {52D2E17E-30C6-46CE-835C-176DAAE78DEC} - System32\Tasks\Opera scheduled Autoupdate 1474732285 => C:\Program Files (x86)\Opera\launcher.exe [2017-02-27] (Opera Software)

Task: {5CC7C6CD-0D8E-4D52-95B1-B1D9FC316380} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => c:\Program Files\Microsoft Security Client\\MpCmdRun.exe [2016-11-14] (Microsoft Corporation)

Task: {60B2092E-8494-4106-90BA-4F034C5EC295} - System32\Tasks\Bsiwardgogition Provider => C:\Program Files (x86)\Jozerentnibas\remiy.exe

Task: {86725CBA-F1FD-485B-B24C-B3BDBB0BB7E1} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-09-24] (Google Inc.)

Task: {9C63C51C-3BBA-49EF-83A1-EA346A9ABEF5} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonx64\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2017-02-19] (Microsoft Corporation)

Task: {AE6A3962-1231-48CC-BC27-49DC96D5DB6D} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-12-19] (Adobe Systems Incorporated)

Task: {C6C25BD8-4AAD-49DB-B671-F078EAF74600} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [2017-02-19] (Microsoft Corporation)

Task: {E53BCFBE-5B67-4146-9B4C-A90BBF7C93FC} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_25_0_0_127_pepper.exe [2017-03-16] (Adobe Systems Incorporated)

Task: {EBC8CC7E-F1AD-4F09-BDCA-316FE77D30A4} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS\AutoKMS.exe [2016-09-25] ()

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

ShortcutWithArgument: C:\Users\Messer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome 應用程式\Chrome 遠端桌面 (1).lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory="Profile 1" --app-id=gbchcmhmhahfdphkhkmpfmihenigjmpp

ShortcutWithArgument: C:\Users\Messer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome 應用程式\Chrome 遠端桌面.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=gbchcmhmhahfdphkhkmpfmihenigjmpp

ShortcutWithArgument: C:\Users\Messer\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\69639df789022856\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory="Profile 1"

==================== Loaded Modules (Whitelisted) ==============

2016-09-25 00:48 - 2017-01-29 21:55 - 08930504 _____ () C:\Program Files\Microsoft Office\root\Office16\1033\GrooveIntlResource.dll

2016-12-14 16:45 - 2017-03-09 18:33 - 00248864 _____ () C:\Users\Messer\AppData\Roaming\baidu\BaiduYunGuanjia\YunShellExt64.dll

2016-09-26 18:34 - 2012-09-18 15:27 - 00192512 _____ () C:\Windows\System32\zlhp1020.dll

2016-09-26 18:38 - 2012-09-18 15:27 - 00065024 _____ () C:\Windows\system32\spool\PRTPROCS\x64\pphp1020.dll

2016-09-26 18:34 - 2012-09-18 15:27 - 03162624 _____ () C:\Windows\system32\spool\DRIVERS\x64\3\suhp1020.dll

2016-09-26 18:34 - 2012-09-18 15:27 - 01236992 _____ () C:\Windows\system32\spool\DRIVERS\x64\3\gchp1020.dll

2017-03-16 16:08 - 2017-03-16 16:08 - 01354040 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll

2017-01-13 13:56 - 2017-01-13 13:56 - 00092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll

2017-03-22 18:14 - 2017-03-22 18:14 - 01354040 _____ () C:\Program Files\iTunes\libxml2.dll

2017-03-22 18:14 - 2017-03-22 18:14 - 00092472 _____ () C:\Program Files\iTunes\zlib1.dll

2016-09-24 22:12 - 2016-09-24 22:12 - 00021504 _____ () c:\program files (x86)\common files\thunder network\serviceplatform\minizip.dll

2016-09-24 22:12 - 2016-09-24 22:12 - 00684032 _____ () c:\program files (x86)\common files\thunder network\serviceplatform\libexpat.dll

2015-12-15 10:54 - 2015-12-15 10:54 - 00102768 _____ () C:\Program Files (x86)\Common Files\Thunder Network\ServicePlatform\AutoUpdate.dll

2017-03-27 21:07 - 2017-03-27 21:07 - 00098816 ____R () C:\Users\Messer\AppData\Local\Temp\_MEI35802\win32api.pyd

2017-03-27 21:07 - 2017-03-27 21:07 - 00110080 ____R () C:\Users\Messer\AppData\Local\Temp\_MEI35802\pywintypes27.dll

2017-03-27 21:07 - 2017-03-27 21:07 - 00364544 ____R () C:\Users\Messer\AppData\Local\Temp\_MEI35802\pythoncom27.dll

2017-03-27 21:07 - 2017-03-27 21:07 - 00320512 ____R () C:\Users\Messer\AppData\Local\Temp\_MEI35802\win32com.shell.shell.pyd

2017-03-27 21:07 - 2017-03-27 21:07 - 00914432 ____R () C:\Users\Messer\AppData\Local\Temp\_MEI35802\_hashlib.pyd

2017-03-27 21:07 - 2017-03-27 21:07 - 01176576 ____R () C:\Users\Messer\AppData\Local\Temp\_MEI35802\wx._core_.pyd

2017-03-27 21:07 - 2017-03-27 21:07 - 00806400 ____R () C:\Users\Messer\AppData\Local\Temp\_MEI35802\wx._gdi_.pyd

2017-03-27 21:07 - 2017-03-27 21:07 - 00816128 ____R () C:\Users\Messer\AppData\Local\Temp\_MEI35802\wx._windows_.pyd

2017-03-27 21:07 - 2017-03-27 21:07 - 01067008 ____R () C:\Users\Messer\AppData\Local\Temp\_MEI35802\wx._controls_.pyd

2017-03-27 21:07 - 2017-03-27 21:07 - 00733184 ____R () C:\Users\Messer\AppData\Local\Temp\_MEI35802\wx._misc_.pyd

2017-03-27 21:07 - 2017-03-27 21:07 - 00682496 ____R () C:\Users\Messer\AppData\Local\Temp\_MEI35802\pysqlite2._sqlite.pyd

2017-03-27 21:07 - 2017-03-27 21:07 - 00088064 ____R () C:\Users\Messer\AppData\Local\Temp\_MEI35802\_ctypes.pyd

2017-03-27 21:07 - 2017-03-27 21:07 - 00686080 ____R () C:\Users\Messer\AppData\Local\Temp\_MEI35802\unicodedata.pyd

2017-03-27 21:07 - 2017-03-27 21:07 - 00119808 ____R () C:\Users\Messer\AppData\Local\Temp\_MEI35802\win32file.pyd

2017-03-27 21:07 - 2017-03-27 21:07 - 00108544 ____R () C:\Users\Messer\AppData\Local\Temp\_MEI35802\win32security.pyd

2017-03-27 21:07 - 2017-03-27 21:07 - 00007168 ____R () C:\Users\Messer\AppData\Local\Temp\_MEI35802\hashobjs_ext.pyd

2017-03-27 21:07 - 2017-03-27 21:07 - 00017920 ____R () C:\Users\Messer\AppData\Local\Temp\_MEI35802\thumbnails_ext.pyd

2017-03-27 21:07 - 2017-03-27 21:07 - 00088064 ____R () C:\Users\Messer\AppData\Local\Temp\_MEI35802\usb_ext.pyd

2017-03-27 21:07 - 2017-03-27 21:07 - 00012800 ____R () C:\Users\Messer\AppData\Local\Temp\_MEI35802\common.time34.pyd

2017-03-27 21:07 - 2017-03-27 21:07 - 00018432 ____R () C:\Users\Messer\AppData\Local\Temp\_MEI35802\win32event.pyd

2017-03-27 21:07 - 2017-03-27 21:07 - 00167936 ____R () C:\Users\Messer\AppData\Local\Temp\_MEI35802\win32gui.pyd

2017-03-27 21:07 - 2017-03-27 21:07 - 00046080 ____R () C:\Users\Messer\AppData\Local\Temp\_MEI35802\_socket.pyd

2017-03-27 21:07 - 2017-03-27 21:07 - 01303552 ____R () C:\Users\Messer\AppData\Local\Temp\_MEI35802\_ssl.pyd

2017-03-27 21:07 - 2017-03-27 21:07 - 00128512 ____R () C:\Users\Messer\AppData\Local\Temp\_MEI35802\_elementtree.pyd

2017-03-27 21:07 - 2017-03-27 21:07 - 00127488 ____R () C:\Users\Messer\AppData\Local\Temp\_MEI35802\pyexpat.pyd

2017-03-27 21:07 - 2017-03-27 21:07 - 00038912 ____R () C:\Users\Messer\AppData\Local\Temp\_MEI35802\win32inet.pyd

2017-03-27 21:07 - 2017-03-27 21:07 - 00036864 ____R () C:\Users\Messer\AppData\Local\Temp\_MEI35802\_psutil_windows.pyd

2017-03-27 21:07 - 2017-03-27 21:07 - 00524248 ____R () C:\Users\Messer\AppData\Local\Temp\_MEI35802\windows._lib_cacheinvalidation.pyd

2017-03-27 21:07 - 2017-03-27 21:07 - 00011264 ____R () C:\Users\Messer\AppData\Local\Temp\_MEI35802\win32crypt.pyd

2017-03-27 21:07 - 2017-03-27 21:07 - 00123392 ____R () C:\Users\Messer\AppData\Local\Temp\_MEI35802\wx._wizard.pyd

2017-03-27 21:07 - 2017-03-27 21:07 - 00077312 ____R () C:\Users\Messer\AppData\Local\Temp\_MEI35802\wx._html2.pyd

2017-03-27 21:07 - 2017-03-27 21:07 - 00027648 ____R () C:\Users\Messer\AppData\Local\Temp\_MEI35802\_multiprocessing.pyd

2017-03-27 21:07 - 2017-03-27 21:07 - 00020480 ____R () C:\Users\Messer\AppData\Local\Temp\_MEI35802\_yappi.pyd

2017-03-27 21:07 - 2017-03-27 21:07 - 00035840 ____R () C:\Users\Messer\AppData\Local\Temp\_MEI35802\win32process.pyd

2017-03-27 21:07 - 2017-03-27 21:07 - 00078848 ____R () C:\Users\Messer\AppData\Local\Temp\_MEI35802\wx._animate.pyd

2017-03-27 21:07 - 2017-03-27 21:07 - 00024064 ____R () C:\Users\Messer\AppData\Local\Temp\_MEI35802\win32pipe.pyd

2017-03-27 21:07 - 2017-03-27 21:07 - 00010240 ____R () C:\Users\Messer\AppData\Local\Temp\_MEI35802\select.pyd

2017-03-27 21:07 - 2017-03-27 21:07 - 00025600 ____R () C:\Users\Messer\AppData\Local\Temp\_MEI35802\win32pdh.pyd

2017-03-27 21:07 - 2017-03-27 21:07 - 00017408 ____R () C:\Users\Messer\AppData\Local\Temp\_MEI35802\win32profile.pyd

2017-03-27 21:07 - 2017-03-27 21:07 - 00022528 ____R () C:\Users\Messer\AppData\Local\Temp\_MEI35802\win32ts.pyd

2016-09-25 23:18 - 2006-01-12 21:20 - 00019968 _____ () C:\Program Files (x86)\Adobe\Acrobat 7.0\Distillr\acrotray.DEU

2016-09-25 23:18 - 2006-01-12 21:13 - 00019968 _____ () C:\Program Files (x86)\Adobe\Acrobat 7.0\Distillr\acrotray.FRA

2016-09-25 00:50 - 2017-01-29 17:46 - 08929992 _____ () C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\1033\GrooveIntlResource.dll

2017-02-07 20:49 - 2017-02-01 17:01 - 01870168 _____ () C:\Program Files (x86)\Google\Chrome\Application\56.0.2924.87\libglesv2.dll

2017-02-07 20:49 - 2017-02-01 17:01 - 00085848 _____ () C:\Program Files (x86)\Google\Chrome\Application\56.0.2924.87\libegl.dll

2017-03-03 12:57 - 2017-03-03 12:57 - 39821912 _____ () C:\Program Files (x86)\Opera\43.0.2442.1144\opera_browser.dll

2017-03-03 12:57 - 2017-03-03 12:57 - 45842008 _____ () C:\Program Files (x86)\Opera\43.0.2442.1144\opera_child.dll

2017-03-03 12:57 - 2017-03-03 12:57 - 01930328 _____ () C:\Program Files (x86)\Opera\43.0.2442.1144\libglesv2.dll

2017-03-03 12:57 - 2017-03-03 12:57 - 00087640 _____ () C:\Program Files (x86)\Opera\43.0.2442.1144\libegl.dll

2017-03-16 14:33 - 2017-03-16 14:33 - 17784920 _____ () C:\Windows\SysWOW64\Macromed\Flash\pepflashplayer32_25_0_0_127.dll

2016-09-24 22:12 - 2016-09-24 22:12 - 00019968 _____ () c:\program files (x86)\common files\thunder network\tp\ver1\1.1.2.259_1111\minizip.dll

2016-09-24 22:12 - 2016-09-24 22:12 - 00077824 _____ () c:\program files (x86)\common files\thunder network\tp\ver1\1.1.2.259_1111\zlib1.dll

2016-09-24 22:12 - 2016-09-24 22:12 - 00143360 _____ () c:\program files (x86)\common files\thunder network\tp\ver1\1.1.2.259_1111\libexpat.dll

2016-09-24 22:12 - 2016-09-24 22:12 - 00012288 _____ () c:\program files (x86)\common files\thunder network\tp\ver1\1.1.2.259_1111\mini_unzip_dll.dll

2016-09-24 22:12 - 2016-09-24 22:12 - 00018296 _____ () c:\program files (x86)\common files\thunder network\tp\ver1\1.1.2.259_1111\dl_uac_tool.dll

2016-09-24 22:12 - 2016-09-24 22:12 - 00053112 _____ () c:\program files (x86)\common files\thunder network\tp\ver1\1.1.2.259_1111\XLCrypto.dll

2016-09-24 22:12 - 2016-09-24 22:12 - 00534896 _____ () c:\program files (x86)\common files\thunder network\tp\ver1\1.1.2.259_1111\ts.dll

2016-09-24 22:12 - 2016-09-24 22:12 - 01268080 _____ () c:\program files (x86)\common files\thunder network\tp\ver1\1.1.2.259_1111\emule_kernel.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-3218008429-776623121-1360039219-1000\...\sharepoint.com -> hxxps://mailouhkedu-myfiles.sharepoint.com

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 10:34 - 2009-06-11 05:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3218008429-776623121-1360039219-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Messer\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg

DNS Servers: 192.168.0.1

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)

Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

MSCONFIG\Services: BaiduYunUtility => 3

MSCONFIG\Services: bthserv => 3

MSCONFIG\Services: KMSServerService => 2

MSCONFIG\Services: Reerjrycoakerse => 2

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Acrobat Speed Launcher.lnk => C:\Windows\pss\Adobe Acrobat Speed Launcher.lnk.CommonStartup

MSCONFIG\startupreg: (default) =>

MSCONFIG\startupreg: BaiduYunDetect => "C:\Users\Messer\AppData\Roaming\baidu\BaiduYunGuanjia\YunDetectService.exe"

MSCONFIG\startupreg: HP Officejet 6500 E710n-z (NET) => "C:\Program Files\HP\HP Officejet 6500 E710n-z\Bin\ScanToPCActivationApp.exe" -deviceID "CN14J1223G05JW:NW" -scfn "HP Officejet 6500 E710n-z (NET)" -AutoStart 1

MSCONFIG\startupreg: HP Software Update => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe

MSCONFIG\startupreg: updateMgr => C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AdobeUpdateManager.exe AcPro7_0_0 -reboot 1

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{046A185E-E1F9-41EC-A852-31987AEE2306}] => (Allow) C:\Program Files (x86)\TP-LINK\USB Printer Controller\USB Printer Controller.exe

FirewallRules: [{26E7827C-30D9-40FB-B65D-148BCDCF9FD9}] => (Allow) C:\Program Files (x86)\TP-LINK\USB Printer Controller\USB Printer Controller.exe

FirewallRules: [{FF85D5D0-400C-444B-8D44-505B75491CD4}] => (Allow) LPort=7437

FirewallRules: [TCP Query User{2F6B17AE-CD8E-4F11-B9B4-02EA937DE390}C:\program files (x86)\tp-link\usb printer controller\usb printer controller.exe] => (Allow) C:\program files (x86)\tp-link\usb printer controller\usb printer controller.exe

FirewallRules: [UDP Query User{A67C1187-171A-4E49-881E-3821F849DD45}C:\program files (x86)\tp-link\usb printer controller\usb printer controller.exe] => (Allow) C:\program files (x86)\tp-link\usb printer controller\usb printer controller.exe

FirewallRules: [TCP Query User{C3094056-72AF-485C-A3B4-FCCEBC072320}C:\users\messer\appdata\roaming\baidu\baiduyunguanjia\baiduyunguanjia.exe] => (Allow) C:\users\messer\appdata\roaming\baidu\baiduyunguanjia\baiduyunguanjia.exe

FirewallRules: [UDP Query User{DF150B6A-DBC4-49C5-A509-2403EF344458}C:\users\messer\appdata\roaming\baidu\baiduyunguanjia\baiduyunguanjia.exe] => (Allow) C:\users\messer\appdata\roaming\baidu\baiduyunguanjia\baiduyunguanjia.exe

FirewallRules: [{1E5B329A-863C-4D7A-9394-6CF8FDD8C5B3}] => (Allow) C:\Program Files (x86)\Common Files\Thunder Network\TP\Ver1\1.1.2.259_1111\ThunderPlatform.exe

FirewallRules: [{ECE23E3D-20CF-4558-BED6-1C255E52A1F9}] => (Allow) C:\Program Files (x86)\Common Files\Thunder Network\TP\Ver1\1.1.2.259_1111\ThunderPlatform.exe

FirewallRules: [{575C4EE8-EF4B-4B9A-A106-544327FCD0CF}] => (Allow) C:\Program Files (x86)\Common Files\Thunder Network\TP\Ver1\1.1.2.259_1111\ThunderLiveUD.exe

FirewallRules: [{DAB92658-0797-4C43-8CF9-5BB79D4A7581}] => (Allow) C:\Program Files (x86)\Common Files\Thunder Network\TP\Ver1\1.1.2.259_1111\ThunderLiveUD.exe

FirewallRules: [{EC93073C-48BA-4552-8CAE-5D94FD3DCD20}] => (Allow) C:\Program Files (x86)\Common Files\Thunder Network\TP\Ver1\1.1.2.259_1111\XLBugReport.exe

FirewallRules: [{3931F5B1-6628-4A37-A66D-9D9BEAE106A5}] => (Allow) C:\Program Files (x86)\Common Files\Thunder Network\TP\Ver1\1.1.2.259_1111\XLBugReport.exe

FirewallRules: [{175EA0DC-F4C2-4A2C-A1E4-0BF4194F40C4}] => (Allow) C:\Program Files (x86)\Thunder Network\Thunder\Program\ThunderMPServer.exe

FirewallRules: [{549C425B-535E-4104-9FA2-8851D465BF4C}] => (Allow) C:\Program Files (x86)\Thunder Network\Thunder\Program\Thunder.exe

FirewallRules: [{A9437DEC-23BB-4512-9F22-013BF507B4C4}] => (Allow) C:\Program Files (x86)\Thunder Network\Thunder\Program\XLRCSReport.exe

FirewallRules: [{3ADC1181-7373-4CCE-933C-1DF90D8564CE}] => (Allow) C:\Program Files (x86)\Thunder Network\Thunder\Program\ThunderMPServer.exe

FirewallRules: [{83EE29C0-51C6-42E7-8C57-0502ECF15357}] => (Allow) C:\Program Files (x86)\Thunder Network\Thunder\Program\Thunder.exe

FirewallRules: [{E552FA9F-FC99-4933-9249-E6631D5E2D1E}] => (Allow) C:\Program Files (x86)\Thunder Network\Thunder\Program\XLRCSReport.exe

FirewallRules: [{ABF87D11-BC4E-48D5-831A-881BEC45E9C6}] => (Allow) LPort=33674

FirewallRules: [{D4B9BA08-7861-4C44-BF1A-898189EDC13C}] => (Allow) LPort=33673

FirewallRules: [TCP Query User{E5E2F142-98BE-43AF-96C4-517E651A30AD}C:\program files (x86)\qvodplayer\qvodplayer\qvodplayer.exe] => (Block) C:\program files (x86)\qvodplayer\qvodplayer\qvodplayer.exe

FirewallRules: [UDP Query User{A8DC54B8-9F80-4A44-A2AB-F714647B69F5}C:\program files (x86)\qvodplayer\qvodplayer\qvodplayer.exe] => (Block) C:\program files (x86)\qvodplayer\qvodplayer\qvodplayer.exe

FirewallRules: [{FC081B60-3817-4978-A98A-1CD2764782D1}] => (Allow) C:\Program Files\HP\HP Officejet 6500 E710n-z\bin\FaxApplications.exe

FirewallRules: [{3AC2678C-388A-4A29-B68A-22A456687C2D}] => (Allow) C:\Program Files\HP\HP Officejet 6500 E710n-z\bin\DigitalWizards.exe

FirewallRules: [{5A88B361-22D2-4A3A-8138-F1A986BDD9B7}] => (Allow) C:\Program Files\HP\HP Officejet 6500 E710n-z\bin\SendAFax.exe

FirewallRules: [{33ED42FE-6588-41E9-B4AF-49245E5A5590}] => (Allow) C:\Program Files\HP\HP Officejet 6500 E710n-z\Bin\DeviceSetup.exe

FirewallRules: [{26368E8F-001E-4A3A-BFB7-6B0BD3B05994}] => (Allow) C:\Program Files\HP\HP Officejet 6500 E710n-z\Bin\HPNetworkCommunicator.exe

FirewallRules: [{4EB71EE4-F12B-499E-86E2-EAAF334F6937}] => (Allow) C:\Program Files\HP\HP Officejet 6500 E710n-z\Bin\HPNetworkCommunicatorCom.exe

FirewallRules: [{62B15599-26A3-4F61-B4BB-3BB45D31DB45}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\outlook.exe

FirewallRules: [{CDFDAAE3-2C54-402D-839D-96FBEF5916CC}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe

FirewallRules: [{F447D7A9-98A8-45B4-9996-421570F7371E}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe

FirewallRules: [{528088EF-6D3D-4581-9610-4DF82B912D75}] => (Allow) C:\Users\Messer\AppData\Roaming\baidu\BaiduYunGuanjia\YunDetectService.exe

FirewallRules: [{36A811FE-4EC5-4733-86E3-D7850EA09B9C}] => (Allow) C:\Users\Messer\AppData\Roaming\baidu\BaiduYunGuanjia\YunDetectService.exe

FirewallRules: [{C51E58A2-CEF0-479B-A183-050F033376AE}] => (Allow) C:\Users\Messer\AppData\Roaming\baidu\BaiduYunGuanjia\YunDetectService.exe

FirewallRules: [{4145BCC2-DFB4-4AE5-9455-106BCDB8E9C8}] => (Allow) C:\Users\Messer\AppData\Roaming\baidu\BaiduYunGuanjia\YunDetectService.exe

FirewallRules: [TCP Query User{DB1E98FE-2DB0-4285-91BD-5966685B1CBB}C:\program files (x86)\common files\thunder network\tp\ver1\1.1.2.259_1111\thunderplatform.exe] => (Allow) C:\program files (x86)\common files\thunder network\tp\ver1\1.1.2.259_1111\thunderplatform.exe

FirewallRules: [UDP Query User{60E274F3-538A-4BFD-BD0B-B4864B218426}C:\program files (x86)\common files\thunder network\tp\ver1\1.1.2.259_1111\thunderplatform.exe] => (Allow) C:\program files (x86)\common files\thunder network\tp\ver1\1.1.2.259_1111\thunderplatform.exe

FirewallRules: [TCP Query User{28DDCC88-A46B-4CE8-B36C-B8DA50D6AA92}C:\users\messer\appdata\roaming\baidu\baiduyunguanjia\baidunetdisk.exe] => (Allow) C:\users\messer\appdata\roaming\baidu\baiduyunguanjia\baidunetdisk.exe

FirewallRules: [UDP Query User{31E9D890-1876-4FC5-B63B-534F5CC43762}C:\users\messer\appdata\roaming\baidu\baiduyunguanjia\baidunetdisk.exe] => (Allow) C:\users\messer\appdata\roaming\baidu\baiduyunguanjia\baidunetdisk.exe

FirewallRules: [{7D864AA5-FC9C-4AE5-A924-E7E6764849FF}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe

FirewallRules: [{135CAA4D-57CD-411C-B1C0-3DECDB5EE8D4}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe

FirewallRules: [{0A2D9CD0-86D4-4194-B6F4-1D13C00E39EC}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

FirewallRules: [{741BC3EE-C846-4985-9FB2-D5A8FC2D3C4B}] => (Allow) C:\Program Files (x86)\baidu\BDPlayer\5.6.2.16\xUpdate.exe

FirewallRules: [{196E999A-7127-4FDF-930D-A3908CA72885}] => (Allow) C:\Program Files (x86)\baidu\BDPlayer\5.6.2.16\xUpdate.exe

FirewallRules: [{C9A7E1C2-D1DA-4079-91BA-C9FFC9A32872}] => (Allow) C:\Program Files (x86)\baidu\BDPlayer\5.6.2.16\BDPlayer.exe

FirewallRules: [{F8D1395C-5102-4718-8D5A-84DAB1FF23D0}] => (Allow) C:\Program Files (x86)\baidu\BDPlayer\5.6.2.16\BDPlayer.exe

FirewallRules: [{FCA8B8BD-410E-44C3-AA72-F2EDA8571056}] => (Allow) C:\Program Files (x86)\baidu\BDPlayer\5.6.2.16\bdwplayer\BaiduPlayer.exe

FirewallRules: [{6EB34C51-7D92-4349-B98B-6296E6DE025E}] => (Allow) C:\Program Files (x86)\baidu\BDPlayer\5.6.2.16\bdwplayer\BaiduPlayer.exe

FirewallRules: [{8CB69E6D-56EA-4986-B7CB-1FDE45579330}] => (Allow) C:\Program Files (x86)\baidu\BDPlayer\5.6.2.16\bdwplayer\bdyyBrowser.exe

FirewallRules: [{077070BB-9141-44B6-98B0-CF90EDE11362}] => (Allow) C:\Program Files (x86)\baidu\BDPlayer\5.6.2.16\bdwplayer\bdyyBrowser.exe

FirewallRules: [{75776447-C03E-4D96-B19C-6D3FE5B28CD0}] => (Allow) C:\Program Files (x86)\baidu\BDPlayer\5.6.2.16\bdwplayer\bpls.exe

FirewallRules: [{16F0EA42-84EF-42BA-821B-B5113572DEDA}] => (Allow) C:\Program Files (x86)\baidu\BDPlayer\5.6.2.16\bdwplayer\bpls.exe

FirewallRules: [{C6EF2AE5-15B5-42EF-94E6-B67413816080}] => (Allow) C:\Program Files (x86)\baidu\BDPlayer\5.6.2.16\bdwplayer\HttpStatReport.exe

FirewallRules: [{DE21373C-3E64-416E-86A1-E51B356DD8FD}] => (Allow) C:\Program Files (x86)\baidu\BDPlayer\5.6.2.16\bdwplayer\HttpStatReport.exe

FirewallRules: [{F438BD2A-53EB-42DD-AA3D-6C29116318A7}] => (Allow) C:\Program Files (x86)\baidu\BDPlayer\5.6.2.16\bdwplayer\StatReport.exe

FirewallRules: [{3F2D2BD5-A6C7-4F4C-BADC-5FFDF8BBFDD6}] => (Allow) C:\Program Files (x86)\baidu\BDPlayer\5.6.2.16\bdwplayer\StatReport.exe

FirewallRules: [{F566FFDA-0E6A-4059-8A6A-CA58D80229B5}] => (Allow) C:\Program Files (x86)\baidu\BDPlayer\5.6.2.16\BDPlayerService.exe

FirewallRules: [{8D2C374A-8D1E-42E4-96F2-5BF54356D172}] => (Allow) C:\Program Files (x86)\baidu\BDPlayer\5.6.2.16\BDPlayerService.exe

FirewallRules: [{C6B5901D-6E35-496C-BF76-E595F7A9BDCF}] => (Allow) C:\Program Files (x86)\baidu\BDPlayer\5.6.2.16\bdwplayer\StatReport.exe

FirewallRules: [{D6CF2124-D73D-4E68-AAF7-F068B1CCEE58}] => (Allow) C:\Program Files (x86)\baidu\BDPlayer\5.6.2.16\BDPlayer.exe

FirewallRules: [{4FFE468E-AFCE-4E4D-BBF7-B3198D5F2CE9}] => (Allow) C:\Program Files (x86)\baidu\BDPlayer\5.6.2.16\bdwplayer\HttpStatReport.exe

FirewallRules: [{28918803-F0A7-4CD4-A546-5093CDC2CE5C}] => (Allow) C:\Program Files (x86)\baidu\BDPlayer\5.6.2.16\xUpdate.exe

FirewallRules: [{8EC307BE-60AF-4624-B509-AF1BE5038DF3}] => (Allow) C:\Program Files (x86)\baidu\BDPlayer\5.6.2.16\BDPlayerService.exe

FirewallRules: [{C1F3B99E-3FBC-41F5-97A1-9AA6826ECA0F}] => (Allow) C:\Program Files (x86)\baidu\BDPlayer\5.6.2.16\bdwplayer\bdyyBrowser.exe

FirewallRules: [{77623E05-D9D8-438C-A1FA-7E79C32DFEF2}] => (Allow) C:\Program Files (x86)\baidu\BDPlayer\5.6.2.16\bdwplayer\BaiduPlayer.exe

FirewallRules: [{82D577BE-F86F-4C1C-8870-32773F64A133}] => (Allow) C:\Program Files (x86)\baidu\BDPlayer\5.6.2.16\bdwplayer\bpls.exe

FirewallRules: [{DCDDA90A-58AF-4E1E-BD51-0EE63870AC0D}] => (Allow) C:\Program Files (x86)\Opera\43.0.2442.991\opera.exe

FirewallRules: [{D7EAD29C-DED8-4E6A-8F07-0E558EB8C7A3}] => (Allow) C:\Program Files (x86)\Opera\43.0.2442.1144\opera.exe

FirewallRules: [TCP Query User{2EC7465E-9164-4E42-A5DB-AC12CD849DDE}C:\users\messer\appdata\roaming\baidu\baiduyunguanjia\baidunetdisk.exe] => (Allow) C:\users\messer\appdata\roaming\baidu\baiduyunguanjia\baidunetdisk.exe

FirewallRules: [UDP Query User{D338B669-D91A-4B0E-A45C-5E5F95CC4BD0}C:\users\messer\appdata\roaming\baidu\baiduyunguanjia\baidunetdisk.exe] => (Allow) C:\users\messer\appdata\roaming\baidu\baiduyunguanjia\baidunetdisk.exe

FirewallRules: [{6629D9B5-6D23-40CA-A58C-8BA60C2018BE}] => (Allow) C:\Users\Messer\AppData\Local\Temp\nsk1C6E.tmp\QQPCDetector.exe

FirewallRules: [{DE3A90BF-6C0E-4921-AAD3-D929F70D6B5F}] => (Allow) C:\Users\Messer\AppData\Local\Temp\nsk1C6E.tmp\QQPCDetector.exe

FirewallRules: [{AC77A847-68A4-40E1-9779-2A0A86BE5752}] => (Allow) C:\Users\Messer\AppData\Local\Temp\nsn6899.tmp\QQPCDetector.exe

FirewallRules: [{90219C54-0E26-4150-88B3-E5E375CA6D83}] => (Allow) C:\Users\Messer\AppData\Local\Temp\nsn6899.tmp\QQPCDetector.exe

FirewallRules: [{EEE7DBF5-4995-47BF-BECA-65796FE6BB14}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe

FirewallRules: [{38897B9F-9A22-4BED-ABAC-FF2FF586EAB2}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe

FirewallRules: [{FE0FFAB9-392A-4F28-956A-6B17782A3ECF}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe

FirewallRules: [{05A5546A-2C85-4C5E-B376-CBD86A2D6A79}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe

FirewallRules: [{3E269011-5E42-45F4-895F-7EA2BB198382}] => (Allow) C:\Program Files\iTunes\iTunes.exe

==================== Restore Points =========================

15-03-2017 21:00:13 Windows Update

18-03-2017 16:40:19 Installed iTunes

19-03-2017 15:23:51 Windows Update

23-03-2017 13:59:52 Windows Update

26-03-2017 18:14:50 Windows Update

26-03-2017 21:00:10 Windows Update

==================== Faulty Device Manager Devices =============

Name: Realtek PCIe GBE Family Controller

Description: Realtek PCIe GBE Family Controller

Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}

Manufacturer: Realtek

Service: RTL8167

Problem: : This device is disabled. (Code 22)

Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

==================== Event log errors: =========================

Application errors:

==================

Error: (03/27/2017 09:08:32 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application name: AutoKMS.exe, version: 2.5.3.0, time stamp: 0x54c2b458

Faulting module name: KERNELBASE.dll, version: 6.1.7601.23677, time stamp: 0x589c9a27

Exception code: 0xe0434352

Fault offset: 0x000000000001a06d

Faulting process id: 0x6e8

Faulting application start time: 0x01d2a6fb07a71d15

Faulting application path: C:\Windows\AutoKMS\AutoKMS.exe

Faulting module path: C:\Windows\system32\KERNELBASE.dll

Report Id: 7a005167-12ee-11e7-831d-878c132b3bdc

Error: (03/27/2017 09:08:29 PM) (Source: .NET Runtime) (EventID: 1026) (User: )

Description: 應用程式: AutoKMS.exe

Framework 版本: v4.0.30319

描述: 處理序已終止因為有未處理的例外狀況。

例外狀況資訊: System.FormatException

於 System.DateTimeParse.Parse(System.String, System.Globalization.DateTimeFormatInfo, System.Globalization.DateTimeStyles)

於 ..(.)

於 ..()

Error: (03/27/2017 09:07:17 PM) (Source: WinMgmt) (EventID: 10) (User: )

Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (03/27/2017 01:54:38 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application name: AutoKMS.exe, version: 2.5.3.0, time stamp: 0x54c2b458

Faulting module name: KERNELBASE.dll, version: 6.1.7601.23677, time stamp: 0x589c9a27

Exception code: 0xe0434352

Fault offset: 0x000000000001a06d

Faulting process id: 0x5f8

Faulting application start time: 0x01d2a6bd6fe13ff1

Faulting application path: C:\Windows\AutoKMS\AutoKMS.exe

Faulting module path: C:\Windows\system32\KERNELBASE.dll

Report Id: dc71790d-12b1-11e7-9932-9a7765b70ab6

Error: (03/27/2017 01:54:35 PM) (Source: .NET Runtime) (EventID: 1026) (User: )

Description: 應用程式: AutoKMS.exe

Framework 版本: v4.0.30319

描述: 處理序已終止因為有未處理的例外狀況。

例外狀況資訊: System.FormatException

於 System.DateTimeParse.Parse(System.String, System.Globalization.DateTimeFormatInfo, System.Globalization.DateTimeStyles)

於 ..(.)

於 ..()

Error: (03/27/2017 01:46:34 PM) (Source: WinMgmt) (EventID: 10) (User: )

Error: (03/27/2017 01:41:11 PM) (Source: WinMgmt) (EventID: 10) (User: )

Error: (03/27/2017 01:38:12 PM) (Source: WinMgmt) (EventID: 10) (User: )

Error: (03/27/2017 01:33:17 PM) (Source: WinMgmt) (EventID: 10) (User: )

Error: (03/27/2017 01:24:25 PM) (Source: WinMgmt) (EventID: 10) (User: )

System errors:

=============

Error: (03/27/2017 09:07:02 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: NT AUTHORITY)

Description: WLAN Extensibility Module has failed to start.

Module Path: C:\Windows\system32\Rtlihvs.dll

Error Code: 126

Error: (03/27/2017 01:46:09 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: NT AUTHORITY)

Description: WLAN Extensibility Module has failed to start.

Module Path: C:\Windows\system32\Rtlihvs.dll

Error Code: 126

Error: (03/27/2017 01:44:52 PM) (Source: Service Control Manager) (EventID: 7001) (User: )

Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:

The dependency service or group failed to start.

Error: (03/27/2017 01:44:52 PM) (Source: Service Control Manager) (EventID: 7001) (User: )

Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:

The dependency service or group failed to start.

Error: (03/27/2017 01:44:50 PM) (Source: Service Control Manager) (EventID: 7001) (User: )

Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:

The dependency service or group failed to start.

Error: (03/27/2017 01:42:40 PM) (Source: DCOM) (EventID: 10005) (User: )

Description: DCOM got error "1084" attempting to start the service wuauserv with arguments "" in order to run the server:

{E60687F7-01A1-40AA-86AC-DB1CBF673334}

Error: (03/27/2017 01:42:30 PM) (Source: Service Control Manager) (EventID: 7001) (User: )

Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:

The dependency service or group failed to start.

Error: (03/27/2017 01:42:30 PM) (Source: Service Control Manager) (EventID: 7001) (User: )

Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:

The dependency service or group failed to start.

Error: (03/27/2017 01:42:22 PM) (Source: Service Control Manager) (EventID: 7001) (User: )

Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:

The dependency service or group failed to start.

Error: (03/27/2017 01:40:39 PM) (Source: Service Control Manager) (EventID: 7001) (User: )

Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:

The dependency service or group failed to start.

==================== Memory info ===========================

Processor: Intel® Core™ i5-4460 CPU @ 3.20GHz

Percentage of memory in use: 57%

Total physical RAM: 8091.73 MB

Available physical RAM: 3419.51 MB

Total Virtual: 16181.64 MB

Available Virtual: 11180.89 MB

==================== Drives ================================

Drive c: (System) (Fixed) (Total:292.87 GB) (Free:217.78 GB) NTFS

Drive d: (Files) (Fixed) (Total:638.54 GB) (Free:94.69 GB) NTFS

==================== MBR & Partition Table ==================

========================================================

Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 58BC41FC)

Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)

Partition 2: (Not Active) - (Size=292.9 GB) - (Type=07 NTFS)

Partition 3: (Not Active) - (Size=638.5 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

#4
Lucy Messer

Posted 27 March 2017 - 07:55 AM

New Member

Topic Starter
Member
7 posts

FRST.txt (1)

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 15-03-2017

Ran by Messer (administrator) on MESSER-PC (27-03-2017 21:52:46)

Running from C:\Setup

Loaded Profiles: Messer (Available Profiles: Messer)

Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: Chinese (Traditional, Taiwan)

Internet Explorer Version 11 (Default browser: Chrome)

Boot Mode: Normal

Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe

(Intel Corporation) C:\Windows\System32\igfxCUIService.exe

(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe

(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe

(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\IME14\SHARED\IMEDICTUPDATE.EXE

(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe

(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe

(Intel Corporation) C:\Windows\System32\igfxHK.exe

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe

(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe

(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe

(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe

(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe

(TP-LINK) C:\Program Files (x86)\TP-LINK\USB Printer Controller\USB Printer Controller.exe

(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 7.0\Distillr\acrotray.exe

(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Opera Software) C:\Program Files (x86)\Opera\43.0.2442.1144\opera.exe

(Opera Software) C:\Program Files (x86)\Opera\43.0.2442.1144\opera_crashreporter.exe

(Opera Software) C:\Program Files (x86)\Opera\43.0.2442.1144\opera.exe

(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

(Opera Software) C:\Program Files (x86)\Opera\43.0.2442.1144\opera.exe

(深圳市迅雷网络技术有限公司) C:\Program Files (x86)\Common Files\Thunder Network\TP\Ver1\1.1.2.259_1111\ThunderPlatform.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [322472 2015-06-23] (Intel Corporation)

HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch

HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1353680 2016-11-14] (Microsoft Corporation)

HKLM\...\Run: [IME14 CHT Setup] => C:\Program Files\Common Files\Microsoft Shared\IME14\SHARED\IMEKLMG.EXE [110776 2015-10-13] (Microsoft Corporation)

HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [303928 2017-03-22] (Apple Inc.)

HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292848 2014-02-21] (Intel Corporation)

HKLM-x32\...\Run: [TP-LINK USB Printer Controller] => C:\Program Files (x86)\TP-LINK\USB Printer Controller\USB Printer Controller.exe [4265984 2014-06-19] (TP-LINK)

HKLM-x32\...\Run: [] => [X]

HKLM-x32\...\Run: [Acrobat Assistant 7.0] => C:\Program Files (x86)\Adobe\Acrobat 7.0\Distillr\Acrotray.exe [483328 2008-04-23] (Adobe Systems Inc.)

HKLM-x32\...\Run: [IME14 CHT Setup] => C:\Program Files (x86)\Common Files\microsoft shared\IME14\SHARED\IMEKLMG.EXE [81080 2015-10-13] (Microsoft Corporation)

HKU\S-1-5-21-3218008429-776623121-1360039219-1000\...\Run: [Ifsoft] => C:\Windows\SysWOW64\regsvr32.exe C:\Users\Messer\AppData\Local\YdPack\gcnpicnd.dll <===== ATTENTION

HKU\S-1-5-21-3218008429-776623121-1360039219-1000\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [23819304 2017-03-21] (Google)

HKU\S-1-5-21-3218008429-776623121-1360039219-1000\...\RunOnce: [Uninstall C:\Users\Messer\AppData\Local\Microsoft\OneDrive\17.3.6390.0509_1\amd64] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Messer\AppData\Local\Microsoft\OneDrive\17.3.6390.0509_1\amd64"

HKU\S-1-5-21-3218008429-776623121-1360039219-1000\...\MountPoints2: F - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL F:\VoiceClient.exe

HKU\S-1-5-21-3218008429-776623121-1360039219-1000\...\MountPoints2: {4378a824-d16d-11e6-b9b4-8cb8c30611de} - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL F:\VoiceClient.exe

HKU\S-1-5-21-3218008429-776623121-1360039219-1000\...\MountPoints2: {c5426649-824b-11e6-8d27-806e6f6e6963} - E:\Run.exe

HKLM\...\Providers\0h9g0z1f: C:\Users\Messer\AppData\Local\Temp_\local64spl.dll

HKLM\...\Providers\186fto37: D:\Program Files\UDPdp\UDPnp3_\local64spl.dll

HKLM\...\Providers\26183ulv: D:\Program Files\UDPdp\UDPnp4\\local64spl.dll

HKLM\...\Providers\2d5x3ln6: D:\Program Files\UDPdp\UDPnp5\\local64spl.dll

HKLM\...\Providers\49qtx3yg: C:\_\local64spl.dll

HKLM\...\Providers\59zis3lt: D:\Program Files\UDPdp\UDPnp6\\local64spl.dll

HKLM\...\Providers\93c1uqqg: D:\Program Files\UDPdp\UDPnp5_\local64spl.dll

HKLM\...\Providers\atfpgelb: D:\Program Files\UDPdp\UDPnp6_\local64spl.dll

HKLM\...\Providers\cqwgxjvy: C:\Users\Messer\AppData\Local\Temp\local64spl.dll

HKLM\...\Providers\e2cjoxr1: D:\Program Files\UDPdp\UDPnp4_\local64spl.dll

HKLM\...\Providers\glbfv6kz: C:\Users\Messer\AppData\LocalLow\Youtube AdBlock_\local64spl.dll

HKLM\...\Providers\hfvqsm61: C:\Windows\Temp_\local64spl.dll

HKLM\...\Providers\j4c288id: D:\Program Files\UDPdp\UDPnp3\\local64spl.dll

HKLM\...\Providers\jppp1toc: C:\Program Files (x86)\Youtube AdBlock_\local64spl.dll

HKLM\...\Providers\ju2dpod4: C:\Program Files (x86)\Youtube AdBlock\local64spl.dll

HKLM\...\Providers\jwsl6h7m: C:\Users\Messer\AppData\Local\Google\Chrome\User Data_\local64spl.dll

HKLM\...\Providers\l7rnlehs: C:\Windows\Temp\local64spl.dll

HKLM\...\Providers\lj4drtin: C:\\local64spl.dll

HKLM\...\Providers\s1p9kyy7: C:\Users\Messer\AppData\Local\Google\Chrome\User Data\local64spl.dll

HKLM\...\Providers\yw8c84cl: C:\Users\Messer\AppData\LocalLow\Youtube AdBlock\local64spl.dll

ShellIconOverlayIdentifiers: [ GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2017-03-21] (Google)

ShellIconOverlayIdentifiers: [ GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2017-03-21] (Google)

ShellIconOverlayIdentifiers: [ GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2017-03-21] (Google)

Startup: C:\Users\Messer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk [2016-09-25]

ShortcutTarget: Adobe Gamma.lnk -> C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)

GroupPolicy: Restriction - Chrome <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

Tcpip\..\Interfaces\{DD271F8B-093D-40AC-A371-B2C34F247098}: [DhcpNameServer] 192.168.0.1

Internet Explorer:

==================

HKU\S-1-5-21-3218008429-776623121-1360039219-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617911&ResetID=131312063109710949&GUID=7B064038-D230-4F9C-8458-91F0CD7F7191

SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =

BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\Office16\OCHelper.dll [2017-01-29] (Microsoft Corporation)

BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\root\Office16\URLREDIR.DLL [2017-02-18] (Microsoft Corporation)

BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\root\Office16\GROOVEEX.DLL [2017-01-29] (Microsoft Corporation)

BHO-x32: AcroIEHlprObj Class -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -> C:\Program Files (x86)\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2004-12-14] (Adobe Systems Incorporated)

BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2017-01-29] (Microsoft Corporation)

BHO-x32: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [2006-12-18] (Adobe Systems Incorporated)

BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\URLREDIR.DLL [2017-02-18] (Microsoft Corporation)

BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\GROOVEEX.DLL [2017-01-29] (Microsoft Corporation)

BHO-x32: 捃濘狟婥盓厥郪璃 -> {DE05CF4A-7B0A-4775-B5E5-396244938679} -> C:\Program Files (x86)\Thunder Network\Thunder\Thunder BHO Platform\np_tdieplat.dll [2014-04-23] (深圳市迅雷网络技术有限公司)

Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [2006-12-18] (Adobe Systems Incorporated)

Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2017-01-29] (Microsoft Corporation)

Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2017-01-29] (Microsoft Corporation)

Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2017-01-29] (Microsoft Corporation)

Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2017-01-29] (Microsoft Corporation)

Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2017-01-29] (Microsoft Corporation)

Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2017-01-29] (Microsoft Corporation)

Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2017-01-29] (Microsoft Corporation)

Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2017-01-29] (Microsoft Corporation)

FireFox:

========

FF Plugin: @microsoft.com/GENUINE -> disabled [No File]

FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50905.0\npctrl.dll [2017-02-10] ( Microsoft Corporation)

FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2017-01-29] (Microsoft Corporation)

FF Plugin-x32: @baidu.com/YunWebDetectPlugin -> C:\Users\Messer\AppData\Roaming\baidu\BaiduYunGuanjia\npYunWebDetect.dll [2017-03-09] (Baidu.com, Inc.)

FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]

FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2017-01-29] (Microsoft Corporation)

FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50905.0\npctrl.dll [2017-02-10] ( Microsoft Corporation)

FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2017-01-29] (Microsoft Corporation)

FF Plugin-x32: @qq.com/TXSSO -> C:\Program Files (x86)\Common Files\Tencent\TXSSO\1.2.1.94\Bin\npSSOAxCtrlForPTLogin.dll [2013-01-25] (Tencent)

FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-17] (Google Inc.)

FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-17] (Google Inc.)

FF Plugin-x32: @xunlei.com/npxunlei;version=1.0.0.2 -> C:\Program Files (x86)\Thunder Network\Thunder\Data\npxunlei1.0.0.2.dll [2016-09-24] ( )

FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-12-24] (Adobe Systems Inc.)

FF Plugin HKU\S-1-5-21-3218008429-776623121-1360039219-1000: @xunlei.com/npxunlei;version=1.0.0.2 -> C:\Program Files (x86)\Thunder Network\Thunder\Data\npxunlei1.0.0.2.dll [2016-09-24] ( )

Chrome:

=======

CHR DefaultProfile: Profile 1

CHR HomePage: Profile 1 -> hxxp://www.ouhk.edu.hk/wcsprd/Satellite?pagename=OUHK/tcPortalPage2014&lang=eng&dis=6

CHR StartupUrls: Profile 1 -> "hxxp://www.hkpl.gov.hk/isn/cou_major_nt_cic.htm","hxxp://www.ouhk.edu.hk/","hxxp://jcauthproxy.ouhk.edu.hk:8000/lib/","hxxp://www.omniboxes.com/?type=hp&ts=1456756091&z=e0c5bf347411b72f8b28787g7zbwaq1m4wdqce6t0g&from=amt&uid=395049983_1052499_c82b425c","hxxp://www.trotux.com/?z=10ea95e4730423d5fb943cagfz0m7z3m2oecdwat7z&from=isr&uid=WDCXWD10EZEX-08Y20A0_WD-WCC3F7YP222XP222X&type=hp","hxxps://www.hkpl.gov.hk/isn/cou_kpr_cic.htm"

CHR Profile: C:\Users\Messer\AppData\Local\Google\Chrome\User Data\ChromeDefaultData [2016-09-24] <==== ATTENTION

CHR Profile: C:\Users\Messer\AppData\Local\Google\Chrome\User Data\Profile 1 [2017-03-27]

CHR Extension: (Google Slides) - C:\Users\Messer\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-09-24]

CHR Extension: (Tetris Battle) - C:\Users\Messer\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\adjkpghbnknolhdbgpllnfmohekjfjmo [2016-09-24]

CHR Extension: (Google Docs) - C:\Users\Messer\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2016-09-24]

CHR Extension: (Google Drive) - C:\Users\Messer\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-09-24]

CHR Extension: (Skype Calling) - C:\Users\Messer\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blakpkgjpemejpbmfiglncklihnhjkij [2016-09-24]

CHR Extension: (YouTube) - C:\Users\Messer\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-09-24]

CHR Extension: (Adblock for Youtube™) - C:\Users\Messer\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\cmedhionkhpnakcndndgjdbohmhepckk [2016-09-24]

CHR Extension: (Adobe Acrobat) - C:\Users\Messer\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2017-03-04]

CHR Extension: (Google Sheets) - C:\Users\Messer\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-09-24]

CHR Extension: (Chrome Remote Desktop) - C:\Users\Messer\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gbchcmhmhahfdphkhkmpfmihenigjmpp [2017-03-22]

CHR Extension: (Google Docs Offline) - C:\Users\Messer\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-09-24]

CHR Extension: (AdBlock) - C:\Users\Messer\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2017-02-25]

CHR Extension: (Google Calendar (by Google)) - C:\Users\Messer\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gmbgaklkmjakoegficnlkhebmhkjfich [2017-03-01]

CHR Extension: (fbQuickLogin for multiple Facebook™ accounts) - C:\Users\Messer\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ihpcdjelcodenkpfkbaficnkgkmljjbf [2016-09-24]

CHR Extension: (Tardis) - C:\Users\Messer\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\jnpaonbghmoocnkenfjigielilfmaboj [2016-09-24]

CHR Extension: (Grammarly for Chrome) - C:\Users\Messer\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\kbfnbcaeplbcioakkpcpgfkobkghlhen [2017-03-21]

CHR Extension: (Data Selfie) - C:\Users\Messer\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\kjmnobfdkgaclpkgeniccafoennghjnm [2017-03-01]

CHR Extension: (支付宝安全插件) - C:\Users\Messer\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\lapoiohkeidniicbalnfmakkbnpejgbi [2016-09-24]

CHR Extension: (Google Scholar Button) - C:\Users\Messer\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ldipcbpaocekfooobnbcddclnhejkcpn [2017-03-01]

CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\Messer\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2017-03-03]

CHR Extension: (Google Input Tools) - C:\Users\Messer\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\mclkkofklkfljcocdinagocijmpgbhab [2016-09-24]

CHR Extension: (Office Online) - C:\Users\Messer\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ndjpnladcallmjemlbaebfadecfhkepb [2017-03-01]

CHR Extension: (Chrome Web Store Payments) - C:\Users\Messer\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-09]

CHR Extension: (My Chrome Theme) - C:\Users\Messer\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\oehpjpccmlcalbenfhnacjeocbjdonic [2016-09-24]

CHR Extension: (Photo Collage) - C:\Users\Messer\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\oiabhgfgfhoilflkoicbmnejgjjfmhcg [2016-09-24]

CHR Extension: (Gmail) - C:\Users\Messer\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-09-24]

CHR Extension: (Chrome Media Router) - C:\Users\Messer\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-02-09]

CHR Extension: (Photo Grid) - C:\Users\Messer\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\plmekmcgihgjbmlcoddkjbcclbjnfldl [2016-09-24]

CHR HKU\S-1-5-21-3218008429-776623121-1360039219-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx

CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 Adobe LM Service; C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2016-09-25] (Adobe Systems) [File not signed]

R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2017-03-17] (Apple Inc.)

R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [3704520 2017-02-18] (Microsoft Corporation)

R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [18856 2015-06-23] (Intel Corporation)

R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [355232 2015-08-09] (Intel Corporation)

R2 ImeDictUpdateService; C:\Program Files\Common Files\Microsoft Shared\IME14\SHARED\IMEDICTUPDATE.EXE [83312 2010-10-20] (Microsoft Corporation)

R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [119864 2016-11-14] (Microsoft Corporation)

R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [361816 2016-11-14] (Microsoft Corporation)

S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

R2 XLServicePlatform; C:\Program Files (x86)\Common Files\Thunder Network\ServicePlatform\XLSP.dll [180592 2016-09-24] (ShenZhen Xunlei Networking Technologies,LTD)

S4 Reerjrycoakerse; C:\Program Files (x86)\Jozerentnibas\srcCnf.dll [X]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 dg_ssudbus; C:\Windows\System32\DRIVERS\ssudbus.sys [131712 2016-09-05] (Samsung Electronics Co., Ltd.)

R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [31144 2015-06-23] (Intel Corporation)

R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [295000 2016-08-25] (Microsoft Corporation)

R3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [135928 2016-08-25] (Microsoft Corporation)

R3 RtlWlanu; C:\Windows\System32\DRIVERS\rtwlanu.sys [2978520 2015-08-29] (Realtek Semiconductor Corporation )

R3 ssudmdm; C:\Windows\System32\DRIVERS\ssudmdm.sys [165504 2016-09-05] (Samsung Electronics Co., Ltd.)

R3 TPLINKUDSMBus; C:\Windows\System32\drivers\TplinkUDSMBus.sys [116936 2014-05-22] (Windows ® Codename Longhorn DDK provider)

R3 tplinkUDSTcpBus; C:\Windows\System32\drivers\tplinkUDSTcpBus.sys [196296 2014-05-22] (Windows ® Codename Longhorn DDK provider)

R1 XLGuard; C:\Windows\System32\drivers\XLGuard.sys [28432 2015-10-20] (深圳市迅雷网络技术有限公司)

R2 XLWFP; C:\Windows\System32\drivers\xlwfp.sys [56080 2015-08-31] (深圳市迅雷网络技术有限公司)

R3 XtuAcpiDriver; C:\Windows\System32\DRIVERS\XtuAcpiDriver.sys [54344 2016-11-22] (Intel Corporation)

S3 gdrv; \??\C:\Windows\gdrv.sys [X]

S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-03-27 21:51 - 2017-03-27 21:52 - 00000000 ____D C:\FRST

2017-03-26 21:00 - 2017-03-26 21:00 - 00000000 ____D C:\Program Files (x86)\Microsoft ASP.NET

2017-03-26 18:29 - 2017-03-26 18:29 - 00001759 _____ C:\Users\Public\Desktop\iTunes.lnk

2017-03-26 18:29 - 2017-03-26 18:29 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes

2017-03-26 18:28 - 2017-03-26 18:29 - 00000000 ____D C:\Program Files\iTunes

2017-03-26 18:28 - 2017-03-26 18:28 - 00000000 ____D C:\Program Files\iPod

2017-03-26 00:48 - 2017-03-26 00:48 - 00000000 ____D C:\Users\Default\AppData\Local\Google

2017-03-26 00:48 - 2017-03-26 00:48 - 00000000 ____D C:\Users\Default User\AppData\Local\Google

2017-03-23 14:16 - 2017-03-23 14:16 - 00000000 ____D C:\Windows\System32\Tasks\Apple

2017-03-23 14:16 - 2017-03-23 14:16 - 00000000 ____D C:\Program Files (x86)\Apple Software Update

2017-03-21 14:23 - 2017-03-27 13:45 - 00440274 _____ C:\Windows\ntbtlog.txt

2017-03-18 16:41 - 2017-03-18 16:43 - 00000000 ____D C:\Users\Messer\AppData\Roaming\Apple Computer

2017-03-18 16:41 - 2017-03-18 16:41 - 00000000 ____D C:\Users\Messer\AppData\Local\Apple Computer

2017-03-18 16:41 - 2017-03-18 16:41 - 00000000 ____D C:\ProgramData\Apple Computer

2017-03-18 16:40 - 2017-03-23 14:16 - 00002519 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk

2017-03-18 16:40 - 2017-03-18 16:40 - 00000000 ____D C:\Users\Messer\AppData\Local\Apple

2017-03-18 16:39 - 2017-03-23 14:17 - 00000000 ____D C:\Program Files\Common Files\Apple

2017-03-18 16:39 - 2017-03-18 16:40 - 00000000 ____D C:\ProgramData\Apple

2017-03-18 16:39 - 2017-03-18 16:39 - 00000000 ____D C:\Program Files\Bonjour

2017-03-18 16:39 - 2017-03-18 16:39 - 00000000 ____D C:\Program Files (x86)\Bonjour

2017-03-15 14:12 - 2017-03-05 01:24 - 00394448 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll

2017-03-15 14:12 - 2017-03-05 00:39 - 00346320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll

2017-03-15 14:12 - 2017-03-04 16:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb

2017-03-15 14:12 - 2017-03-04 16:20 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll

2017-03-15 14:12 - 2017-03-04 16:02 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll

2017-03-15 14:12 - 2017-03-04 16:01 - 00576512 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll

2017-03-15 14:12 - 2017-03-04 16:01 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec

2017-03-15 14:12 - 2017-03-04 16:01 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll

2017-03-15 14:12 - 2017-03-04 16:01 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll

2017-03-15 14:12 - 2017-03-04 15:59 - 02895360 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll

2017-03-15 14:12 - 2017-03-04 15:52 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll

2017-03-15 14:12 - 2017-03-04 15:51 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll

2017-03-15 14:12 - 2017-03-04 15:48 - 25746944 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll

2017-03-15 14:12 - 2017-03-04 15:46 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll

2017-03-15 14:12 - 2017-03-04 15:45 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll

2017-03-15 14:12 - 2017-03-04 15:45 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe

2017-03-15 14:12 - 2017-03-04 15:45 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe

2017-03-15 14:12 - 2017-03-04 15:44 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll

2017-03-15 14:12 - 2017-03-04 15:36 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe

2017-03-15 14:12 - 2017-03-04 15:32 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll

2017-03-15 14:12 - 2017-03-04 15:31 - 06045696 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll

2017-03-15 14:12 - 2017-03-04 15:23 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll

2017-03-15 14:12 - 2017-03-04 15:21 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll

2017-03-15 14:12 - 2017-03-04 15:16 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll

2017-03-15 14:12 - 2017-03-04 15:16 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll

2017-03-15 14:12 - 2017-03-04 15:13 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll

2017-03-15 14:12 - 2017-03-04 15:11 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll

2017-03-15 14:12 - 2017-03-04 14:57 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll

2017-03-15 14:12 - 2017-03-04 14:55 - 00725504 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe

2017-03-15 14:12 - 2017-03-04 14:54 - 00806912 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll

2017-03-15 14:12 - 2017-03-04 14:52 - 02131456 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl

2017-03-15 14:12 - 2017-03-04 14:52 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll

2017-03-15 14:12 - 2017-03-04 14:26 - 15259648 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll

2017-03-15 14:12 - 2017-03-04 14:25 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll

2017-03-15 14:12 - 2017-03-04 14:12 - 01545728 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll

2017-03-15 14:12 - 2017-03-04 14:02 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll

2017-03-15 14:12 - 2017-03-04 12:18 - 20281856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll

2017-03-15 14:12 - 2017-03-03 02:16 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb

2017-03-15 14:12 - 2017-03-03 02:02 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll

2017-03-15 14:12 - 2017-03-03 02:01 - 00499200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll

2017-03-15 14:12 - 2017-03-03 02:01 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec

2017-03-15 14:12 - 2017-03-03 02:01 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll

2017-03-15 14:12 - 2017-03-03 02:00 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll

2017-03-15 14:12 - 2017-03-03 01:55 - 02287104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll

2017-03-15 14:12 - 2017-03-03 01:54 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll

2017-03-15 14:12 - 2017-03-03 01:53 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll

2017-03-15 14:12 - 2017-03-03 01:51 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll

2017-03-15 14:12 - 2017-03-03 01:50 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe

2017-03-15 14:12 - 2017-03-03 01:49 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll

2017-03-15 14:12 - 2017-03-03 01:49 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll

2017-03-15 14:12 - 2017-03-03 01:41 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll

2017-03-15 14:12 - 2017-03-03 01:36 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll

2017-03-15 14:12 - 2017-03-03 01:35 - 00091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll

2017-03-15 14:12 - 2017-03-03 01:32 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll

2017-03-15 14:12 - 2017-03-03 01:31 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll

2017-03-15 14:12 - 2017-03-03 01:29 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll

2017-03-15 14:12 - 2017-03-03 01:28 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll

2017-03-15 14:12 - 2017-03-03 01:22 - 04604416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll

2017-03-15 14:12 - 2017-03-03 01:21 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll

2017-03-15 14:12 - 2017-03-03 01:19 - 00693248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll

2017-03-15 14:12 - 2017-03-03 01:17 - 02055680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl

2017-03-15 14:12 - 2017-03-03 01:17 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll

2017-03-15 14:12 - 2017-03-03 01:11 - 13654528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll

2017-03-15 14:12 - 2017-03-03 00:53 - 02767360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll

2017-03-15 14:12 - 2017-03-03 00:50 - 01312768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll

2017-03-15 14:12 - 2017-03-03 00:50 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll

2017-03-15 14:12 - 2017-02-11 00:32 - 00803328 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll

2017-03-15 14:12 - 2017-02-10 22:33 - 01251328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll

2017-03-15 14:12 - 2017-02-10 00:36 - 00631176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi

2017-03-15 14:12 - 2017-02-10 00:35 - 05548264 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe

2017-03-15 14:12 - 2017-02-10 00:35 - 00706792 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi

2017-03-15 14:12 - 2017-02-10 00:33 - 01732864 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll

2017-03-15 14:12 - 2017-02-10 00:32 - 01212928 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll

2017-03-15 14:12 - 2017-02-10 00:32 - 00345600 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll

2017-03-15 14:12 - 2017-02-10 00:32 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll

2017-03-15 14:12 - 2017-02-10 00:31 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll

2017-03-15 14:12 - 2017-02-10 00:31 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll

2017-03-15 14:12 - 2017-02-10 00:31 - 00880640 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll

2017-03-15 14:12 - 2017-02-10 00:31 - 00730624 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll

2017-03-15 14:12 - 2017-02-10 00:31 - 00419840 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll

2017-03-15 14:12 - 2017-02-10 00:31 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll

2017-03-15 14:12 - 2017-02-10 00:19 - 04000488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe

2017-03-15 14:12 - 2017-02-10 00:19 - 03945192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe

2017-03-15 14:12 - 2017-02-10 00:16 - 01314112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll

2017-03-15 14:12 - 2017-02-10 00:14 - 00644096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll

2017-03-15 14:12 - 2017-02-10 00:14 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll

2017-03-15 14:12 - 2017-02-10 00:14 - 00261120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll

2017-03-15 14:12 - 2017-02-10 00:14 - 00254464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll

2017-03-15 14:12 - 2017-02-10 00:00 - 03220480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys

2017-03-15 14:12 - 2017-02-09 23:55 - 00291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys

2017-03-15 14:12 - 2017-02-09 22:06 - 01648128 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll

2017-03-15 14:12 - 2017-02-09 22:06 - 01180160 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll

2017-03-15 14:12 - 2017-02-07 00:14 - 00733696 _____ (Microsoft Corporation) C:\Windows\HelpPane.exe

2017-03-15 14:12 - 2017-01-12 02:01 - 01887744 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll

2017-03-15 14:12 - 2017-01-12 01:43 - 01241088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll

2017-03-15 14:12 - 2017-01-07 02:00 - 01574912 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll

2017-03-15 14:11 - 2017-02-23 07:42 - 00084712 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe

2017-03-15 14:11 - 2017-02-23 07:37 - 01285632 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll

2017-03-15 14:11 - 2017-02-18 22:05 - 01609216 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll

2017-03-15 14:11 - 2017-02-18 22:05 - 00646656 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll

2017-03-15 14:11 - 2017-02-11 23:58 - 00462848 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys

2017-03-15 14:11 - 2017-02-11 23:58 - 00405504 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys

2017-03-15 14:11 - 2017-02-11 23:58 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys

2017-03-15 14:11 - 2017-02-11 00:32 - 00405504 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll

2017-03-15 14:11 - 2017-02-11 00:17 - 00628736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll

2017-03-15 14:11 - 2017-02-11 00:17 - 00312832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll

2017-03-15 14:11 - 2017-02-10 00:35 - 00154856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys

2017-03-15 14:11 - 2017-02-10 00:35 - 00095464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys

2017-03-15 14:11 - 2017-02-10 00:32 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll

2017-03-15 14:11 - 2017-02-10 00:32 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll

2017-03-15 14:11 - 2017-02-10 00:32 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll

2017-03-15 14:11 - 2017-02-10 00:32 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll

2017-03-15 14:11 - 2017-02-10 00:32 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll

2017-03-15 14:11 - 2017-02-10 00:32 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll

2017-03-15 14:11 - 2017-02-10 00:32 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll

2017-03-15 14:11 - 2017-02-10 00:32 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll

2017-03-15 14:11 - 2017-02-10 00:32 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll

2017-03-15 14:11 - 2017-02-10 00:32 - 00040960 _____ (Microsoft Corporation) C:\Windows\system32\WcsPlugInService.dll

2017-03-15 14:11 - 2017-02-10 00:32 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll

2017-03-15 14:11 - 2017-02-10 00:32 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll

2017-03-15 14:11 - 2017-02-10 00:32 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll

2017-03-15 14:11 - 2017-02-10 00:32 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll

2017-03-15 14:11 - 2017-02-10 00:31 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll

2017-03-15 14:11 - 2017-02-10 00:31 - 00625664 _____ (Microsoft Corporation) C:\Windows\system32\mscms.dll

2017-03-15 14:11 - 2017-02-10 00:31 - 00463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll

2017-03-15 14:11 - 2017-02-10 00:31 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll

2017-03-15 14:11 - 2017-02-10 00:31 - 00250880 _____ (Microsoft Corporation) C:\Windows\system32\icm32.dll

2017-03-15 14:11 - 2017-02-10 00:31 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll

2017-03-15 14:11 - 2017-02-10 00:31 - 00123904 _____ (Microsoft Corporation) C:\Windows\system32\bcrypt.dll

2017-03-15 14:11 - 2017-02-10 00:31 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll

2017-03-15 14:11 - 2017-02-10 00:31 - 00059904 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll

2017-03-15 14:11 - 2017-02-10 00:31 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll

2017-03-15 14:11 - 2017-02-10 00:31 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll

2017-03-15 14:11 - 2017-02-10 00:31 - 00034816 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll

2017-03-15 14:11 - 2017-02-10 00:31 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll

2017-03-15 14:11 - 2017-02-10 00:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll

2017-03-15 14:11 - 2017-02-10 00:31 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll

2017-03-15 14:11 - 2017-02-10 00:31 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll

2017-03-15 14:11 - 2017-02-10 00:31 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll

2017-03-15 14:11 - 2017-02-10 00:31 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll

2017-03-15 14:11 - 2017-02-10 00:31 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll

2017-03-15 14:11 - 2017-02-10 00:31 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll

2017-03-15 14:11 - 2017-02-10 00:31 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll

2017-03-15 14:11 - 2017-02-10 00:31 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll

2017-03-15 14:11 - 2017-02-10 00:31 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll

2017-03-15 14:11 - 2017-02-10 00:31 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll

2017-03-15 14:11 - 2017-02-10 00:31 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll

2017-03-15 14:11 - 2017-02-10 00:31 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll

2017-03-15 14:11 - 2017-02-10 00:31 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll

2017-03-15 14:11 - 2017-02-10 00:31 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll

2017-03-15 14:11 - 2017-02-10 00:31 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll

2017-03-15 14:11 - 2017-02-10 00:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll

2017-03-15 14:11 - 2017-02-10 00:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll

2017-03-15 14:11 - 2017-02-10 00:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll

2017-03-15 14:11 - 2017-02-10 00:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll

2017-03-15 14:11 - 2017-02-10 00:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll

2017-03-15 14:11 - 2017-02-10 00:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll

2017-03-15 14:11 - 2017-02-10 00:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll

2017-03-15 14:11 - 2017-02-10 00:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll

2017-03-15 14:11 - 2017-02-10 00:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll

2017-03-15 14:11 - 2017-02-10 00:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll

2017-03-15 14:11 - 2017-02-10 00:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll

2017-03-15 14:11 - 2017-02-10 00:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll

2017-03-15 14:11 - 2017-02-10 00:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll

2017-03-15 14:11 - 2017-02-10 00:14 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll

2017-03-15 14:11 - 2017-02-10 00:14 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll

2017-03-15 14:11 - 2017-02-10 00:14 - 00666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll

2017-03-15 14:11 - 2017-02-10 00:14 - 00481792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscms.dll

2017-03-15 14:11 - 2017-02-10 00:14 - 00342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll

2017-03-15 14:11 - 2017-02-10 00:14 - 00275456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll

2017-03-15 14:11 - 2017-02-10 00:14 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll

2017-03-15 14:11 - 2017-02-10 00:14 - 00215040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icm32.dll

2017-03-15 14:11 - 2017-02-10 00:14 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll

2017-03-15 14:11 - 2017-02-10 00:14 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll

2017-03-15 14:11 - 2017-02-10 00:14 - 00141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll

2017-03-15 14:11 - 2017-02-10 00:14 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll

2017-03-15 14:11 - 2017-02-10 00:14 - 00082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcrypt.dll

2017-03-15 14:11 - 2017-02-10 00:14 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll

2017-03-15 14:11 - 2017-02-10 00:14 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll

2017-03-15 14:11 - 2017-02-10 00:14 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll

2017-03-15 14:11 - 2017-02-10 00:14 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll

2017-03-15 14:11 - 2017-02-10 00:14 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll

2017-03-15 14:11 - 2017-02-10 00:14 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll

2017-03-15 14:11 - 2017-02-10 00:14 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll

2017-03-15 14:11 - 2017-02-10 00:14 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll

2017-03-15 14:11 - 2017-02-10 00:14 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll

2017-03-15 14:11 - 2017-02-10 00:14 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll

2017-03-15 14:11 - 2017-02-10 00:14 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll

2017-03-15 14:11 - 2017-02-10 00:14 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll

2017-03-15 14:11 - 2017-02-10 00:14 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll

2017-03-15 14:11 - 2017-02-10 00:14 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll

2017-03-15 14:11 - 2017-02-10 00:14 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll

2017-03-15 14:11 - 2017-02-10 00:14 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll

2017-03-15 14:11 - 2017-02-10 00:14 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll

2017-03-15 14:11 - 2017-02-10 00:14 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll

2017-03-15 14:11 - 2017-02-10 00:14 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll

2017-03-15 14:11 - 2017-02-10 00:14 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll

2017-03-15 14:11 - 2017-02-10 00:14 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll

2017-03-15 14:11 - 2017-02-10 00:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll

2017-03-15 14:11 - 2017-02-10 00:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll

2017-03-15 14:11 - 2017-02-10 00:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll

2017-03-15 14:11 - 2017-02-10 00:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll

2017-03-15 14:11 - 2017-02-10 00:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll

2017-03-15 14:11 - 2017-02-10 00:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll

2017-03-15 14:11 - 2017-02-10 00:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll

2017-03-15 14:11 - 2017-02-10 00:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll

2017-03-15 14:11 - 2017-02-10 00:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll

2017-03-15 14:11 - 2017-02-10 00:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll

2017-03-15 14:11 - 2017-02-10 00:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll

2017-03-15 14:11 - 2017-02-10 00:03 - 00148480 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe

2017-03-15 14:11 - 2017-02-10 00:03 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys

2017-03-15 14:11 - 2017-02-10 00:03 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe

2017-03-15 14:11 - 2017-02-10 00:02 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe

2017-03-15 14:11 - 2017-02-09 23:59 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe

2017-03-15 14:11 - 2017-02-09 23:58 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe

2017-03-15 14:11 - 2017-02-09 23:55 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys

2017-03-15 14:11 - 2017-02-09 23:55 - 00129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys

2017-03-15 14:11 - 2017-02-09 23:54 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe

2017-03-15 14:11 - 2017-02-09 23:54 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe

2017-03-15 14:11 - 2017-02-09 23:53 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe

2017-03-15 14:11 - 2017-02-09 23:51 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WcsPlugInService.dll

2017-03-15 14:11 - 2017-02-09 23:50 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe

2017-03-15 14:11 - 2017-02-09 23:50 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll

2017-03-15 14:11 - 2017-02-09 23:50 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe

2017-03-15 14:11 - 2017-02-09 23:50 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe

2017-03-15 14:11 - 2017-02-09 23:49 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll

2017-03-15 14:11 - 2017-02-09 23:49 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll

2017-03-15 14:11 - 2017-02-09 23:49 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll

2017-03-15 14:11 - 2017-02-09 23:49 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll

2017-03-15 14:11 - 2017-02-09 23:49 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll

2017-03-15 14:11 - 2017-01-14 02:00 - 00976896 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll

2017-03-15 14:11 - 2017-01-14 02:00 - 00084480 _____ (Microsoft Corporation) C:\Windows\system32\INETRES.dll

2017-03-15 14:11 - 2017-01-14 01:45 - 00741888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll

2017-03-15 14:11 - 2017-01-14 01:45 - 00084480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\INETRES.dll

2017-03-15 14:11 - 2017-01-12 02:01 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll

2017-03-15 14:11 - 2017-01-12 01:43 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll

2017-03-15 14:11 - 2017-01-07 01:44 - 01329664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll

2017-03-15 14:11 - 2016-12-31 23:36 - 00556544 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll

2017-03-15 14:11 - 2016-12-31 23:36 - 00335360 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll

2017-03-15 14:11 - 2016-12-31 23:36 - 00293376 _____ (Microsoft Corporation) C:\Windows\system32\centel.dll

2017-03-15 14:11 - 2016-12-31 23:36 - 00233984 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll

2017-03-15 14:11 - 2016-12-31 23:36 - 00133632 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll

2017-03-08 21:02 - 2017-03-08 21:02 - 00000000 ____D C:\Users\Messer\AppData\Local\ESS

2017-03-08 20:24 - 2017-03-08 21:01 - 00000000 ____D C:\Program Files (x86)\Easy Subtitles Synchronizer

2017-03-08 20:24 - 2017-03-08 20:24 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Easy Subtitle Synchronizer

2017-03-08 20:04 - 2017-03-08 20:10 - 00099384 _____ C:\Users\Messer\AppData\Roaming\inst.exe

2017-03-08 20:04 - 2017-03-08 20:10 - 00082816 _____ (VSO Software) C:\Users\Messer\AppData\Roaming\pcouffin.sys

2017-03-08 20:04 - 2017-03-08 20:10 - 00007859 _____ C:\Users\Messer\AppData\Roaming\pcouffin.cat

2017-03-08 20:04 - 2017-03-08 20:10 - 00000000 ____D C:\Users\Messer\AppData\Roaming\VSO

2017-03-08 20:04 - 2017-03-08 20:04 - 00000000 ____D C:\Users\Messer\Documents\PcSetup

2017-03-08 20:04 - 2017-03-08 20:04 - 00000000 ____D C:\ProgramData\VSO

2017-03-05 22:50 - 2017-03-05 22:50 - 00000000 ____D C:\Users\Messer\Documents\WonderFox Soft

2017-03-05 22:45 - 2017-03-05 22:45 - 00001377 _____ C:\Users\Messer\Desktop\HD Video Converter Factory.lnk

2017-03-05 22:45 - 2017-03-05 22:45 - 00000000 ____D C:\Users\Messer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WonderFox Soft

2017-03-05 22:44 - 2017-03-05 22:44 - 00000000 ____D C:\Program Files (x86)\WonderFox Soft

2017-03-05 21:25 - 2017-03-07 00:49 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\腾讯软件

2017-03-05 21:25 - 2017-03-05 21:25 - 00002113 _____ C:\Users\Messer\AppData\Roaming\Microsoft\Windows\Start Menu\QQ旋风.lnk

2017-03-05 21:25 - 2017-03-05 21:25 - 00000000 ____D C:\Users\Messer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\腾讯软件

2017-03-05 21:24 - 2017-03-07 00:49 - 00000000 ____D C:\Program Files (x86)\Tencent

2017-03-05 21:24 - 2017-03-05 21:24 - 00000000 ____D C:\Users\Messer\AppData\Roaming\Tencent

2017-03-05 21:24 - 2017-03-05 21:24 - 00000000 ____D C:\ProgramData\Tencent

2017-03-04 21:10 - 2017-03-27 21:52 - 00000000 ____D C:\Setup

2017-03-03 05:50 - 2017-03-03 05:50 - 00000000 ____D C:\Program Files\Common Files\DESIGNER

2017-03-03 01:13 - 2017-03-26 00:49 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive

2017-03-03 01:05 - 2017-03-03 01:16 - 00001462 _____ C:\Users\Messer\Desktop\Google Drive.lnk

2017-03-03 01:04 - 2017-03-03 01:05 - 00000000 ___RD C:\Google Drive

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-03-27 21:15 - 2009-07-14 12:45 - 00031808 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2017-03-27 21:15 - 2009-07-14 12:45 - 00031808 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2017-03-27 21:07 - 2009-07-14 13:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT

2017-03-27 13:47 - 2016-09-24 21:12 - 00000000 __SHD C:\Users\Messer\IntelGraphicsProfiles

2017-03-27 13:45 - 2017-01-04 13:31 - 00000000 ____D C:\Users\Messer\AppData\Local\ElevatedDiagnostics

2017-03-27 01:30 - 2016-11-16 22:23 - 00000000 ____D C:\Users\Messer\AppData\Roaming\vlc

2017-03-18 16:40 - 2009-07-14 11:20 - 00000000 ____D C:\Windows\inf

2017-03-17 20:56 - 2009-07-14 11:20 - 00000000 ____D C:\Windows\rescache

2017-03-17 19:02 - 2009-07-14 10:34 - 00000433 _____ C:\Windows\win.ini

2017-03-16 23:52 - 2016-09-25 23:31 - 00000000 ____D C:\Users\Messer\Documents\Custom Office Templates

2017-03-16 14:33 - 2016-11-13 11:58 - 00004312 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater

2017-03-16 14:33 - 2016-09-24 23:58 - 00004158 _____ C:\Windows\System32\Tasks\Adobe Flash Player PPAPI Notifier

2017-03-16 14:33 - 2016-09-24 23:57 - 00802904 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe

2017-03-16 14:33 - 2016-09-24 23:57 - 00144472 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

2017-03-16 14:33 - 2016-09-24 23:57 - 00000000 ____D C:\Windows\SysWOW64\Macromed

2017-03-16 14:33 - 2016-09-24 23:57 - 00000000 ____D C:\Windows\system32\Macromed

2017-03-16 14:32 - 2016-09-25 09:17 - 00373802 _____ C:\Windows\system32\prfh0804.dat

2017-03-16 14:32 - 2016-09-25 09:17 - 00119786 _____ C:\Windows\system32\prfc0804.dat

2017-03-16 14:32 - 2011-04-12 22:48 - 00398424 _____ C:\Windows\system32\prfh0404.dat

2017-03-16 14:32 - 2011-04-12 22:48 - 00122338 _____ C:\Windows\system32\prfc0404.dat

2017-03-16 14:32 - 2009-07-14 13:13 - 01797860 _____ C:\Windows\system32\PerfStringBackup.INI

2017-03-16 14:22 - 2016-11-10 16:09 - 00000000 ____D C:\Program Files\Microsoft Silverlight

2017-03-16 14:22 - 2016-11-10 16:09 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight

2017-03-16 14:22 - 2009-07-14 12:45 - 00427776 _____ C:\Windows\system32\FNTCACHE.DAT

2017-03-16 00:17 - 2016-09-25 09:10 - 00000000 ___SD C:\Windows\system32\CompatTel

2017-03-16 00:17 - 2016-09-25 09:10 - 00000000 ____D C:\Windows\system32\appraiser

2017-03-16 00:17 - 2009-07-14 13:32 - 00000000 ____D C:\Program Files\DVD Maker

2017-03-15 21:05 - 2016-09-25 00:38 - 00000000 ____D C:\Windows\system32\MRT

2017-03-15 21:03 - 2016-09-25 00:38 - 138634176 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe

2017-03-15 21:01 - 2016-11-10 16:10 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight

2017-03-07 17:02 - 2016-09-24 23:59 - 00007678 _____ C:\Users\Messer\AppData\Local\Resmon.ResmonCfg

2017-03-07 16:13 - 2016-11-27 15:55 - 00000000 ____D C:\Users\Messer\AppData\Roaming\BaiduYunKongMing

2017-03-03 12:57 - 2016-09-24 23:51 - 00003848 _____ C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1474732285

2017-03-03 12:57 - 2016-09-24 23:47 - 00000000 ____D C:\Program Files (x86)\Opera

2017-03-03 05:50 - 2016-09-25 00:47 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft

2017-03-03 05:50 - 2009-07-14 11:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared

2017-03-03 05:49 - 2016-09-25 00:43 - 00000000 ____D C:\Program Files\Microsoft Office

2017-03-03 01:13 - 2016-09-24 20:26 - 00000000 ____D C:\Users\Messer\AppData\Local\Google

2017-03-03 00:56 - 2016-09-24 20:27 - 00000000 ____D C:\Program Files (x86)\Google

2017-03-01 21:08 - 2017-02-18 21:43 - 00000000 ____D C:\Users\Messer\AppData\LocalLow\Baidu

2017-03-01 21:08 - 2016-09-24 22:10 - 00000000 ____D C:\Users\Messer\AppData\Roaming\baidu

==================== Files in the root of some directories =======

2016-09-24 22:20 - 2016-11-20 22:48 - 0000954 _____ () C:\Users\Messer\AppData\Roaming\coreavc.ini

2017-03-08 20:04 - 2017-03-08 20:10 - 0099384 _____ () C:\Users\Messer\AppData\Roaming\inst.exe

2017-03-08 20:04 - 2017-03-08 20:10 - 0007859 _____ () C:\Users\Messer\AppData\Roaming\pcouffin.cat

2017-03-08 20:04 - 2017-03-08 20:10 - 0001167 _____ () C:\Users\Messer\AppData\Roaming\pcouffin.inf

2017-03-08 20:04 - 2017-03-08 20:10 - 0000055 _____ () C:\Users\Messer\AppData\Roaming\pcouffin.log

2017-03-08 20:04 - 2017-03-08 20:10 - 0082816 _____ (VSO Software) C:\Users\Messer\AppData\Roaming\pcouffin.sys

2016-09-24 22:20 - 2016-09-24 22:20 - 0000016 _____ () C:\Users\Messer\AppData\Roaming\qvd.db

2016-09-24 23:59 - 2017-03-07 17:02 - 0007678 _____ () C:\Users\Messer\AppData\Local\Resmon.ResmonCfg

2016-09-25 00:17 - 2016-09-25 00:17 - 0000057 _____ () C:\ProgramData\Ament.ini

Some files in TEMP:

====================

2016-09-24 20:22 - 2016-09-24 20:22 - 0929792 _____ (Microsoft Corporation) C:\Users\Messer\AppData\Local\Temp\PidGenX.dll

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed

C:\Windows\system32\wininit.exe => File is digitally signed

C:\Windows\SysWOW64\wininit.exe => File is digitally signed

C:\Windows\explorer.exe => File is digitally signed

C:\Windows\SysWOW64\explorer.exe => File is digitally signed

C:\Windows\system32\svchost.exe => File is digitally signed

C:\Windows\SysWOW64\svchost.exe => File is digitally signed

C:\Windows\system32\services.exe => File is digitally signed

C:\Windows\system32\User32.dll => File is digitally signed

C:\Windows\SysWOW64\User32.dll => File is digitally signed

C:\Windows\system32\userinit.exe => File is digitally signed

C:\Windows\SysWOW64\userinit.exe => File is digitally signed

C:\Windows\system32\rpcss.dll => File is digitally signed

C:\Windows\system32\dnsapi.dll => File is digitally signed

C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed

C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-03-24 22:44

==================== End of FRST.txt ============================

#5
Jr0x

Posted 27 March 2017 - 09:23 AM

Malware removal team

Malware Removal
1,830 posts

Hi Lucy Messer,

MGA Diagnostic Tool

Please run the MGA Diagnostic Tool and post back the report it produces:

Download MGADiag to your desktop.
Double-click on MGADiag.exe to launch the program
Click "Continue"
Ensure that the "Windows" tab is selected (it should be by default).
Click the "Copy" button to copy the MGA Diagnostic Report to the Windows clipboard.
Paste the MGA Diagnostic Report back here in your next reply.

CKScanner

Download CKScanner from here

Important : Save it to your desktop.

Double click (Vista and above - right click and run as Administrator) CKScanner.exe and click Search For Files.
After a very short time, when the cursor hourglass disappears, click Save List To File.
A message box will verify that the file is saved.
Double-click the CKFiles.txt icon on your desktop and copy/paste the contents in your next reply.

#6
Lucy Messer

Posted 27 March 2017 - 11:54 PM

New Member

Topic Starter
Member
7 posts

Diagnostic Report (1.9.0027.0):

-----------------------------------------

Windows Validation Data-->

Validation Code: 0

Cached Online Validation Code: 0x0

Windows Product Key: *****-*****-Q6MMK-KYK6X-VKM6G

Windows Product Key Hash: 289NoAWl2ZoVfuieux/315WkDIc=

Windows Product ID: 00426-OEM-8992662-00173

Windows Product ID Type: 2

Windows License Type: OEM SLP

Windows OS version: 6.1.7601.2.00010100.1.0.001

ID: {F78BCC1D-FA59-4E2B-9789-5509F8967A7A}(1)

Is Admin: Yes

TestCab: 0x0

LegitcheckControl ActiveX: N/A, hr = 0x80070002

Signed By: N/A, hr = 0x80070002

Product Name: Windows 7 Ultimate

Architecture: 0x00000009

Build lab: 7601.win7sp1_ldr.170209-0600

TTS Error:

Validation Diagnostic:

Resolution Status: N/A

Vista WgaER Data-->

ThreatID(s): N/A, hr = 0x80070002

Version: N/A, hr = 0x80070002

Windows XP Notifications Data-->

Cached Result: N/A, hr = 0x80070002

File Exists: No

Version: N/A, hr = 0x80070002

WgaTray.exe Signed By: N/A, hr = 0x80070002

WgaLogon.dll Signed By: N/A, hr = 0x80070002

OGA Notifications Data-->

Cached Result: N/A, hr = 0x80070002

Version: N/A, hr = 0x80070002

OGAExec.exe Signed By: N/A, hr = 0x80070002

OGAAddin.dll Signed By: N/A, hr = 0x80070002

OGA Data-->

Office Status: 109 N/A

OGA Version: N/A, 0x80070002

Signed By: N/A, hr = 0x80070002

Office Diagnostics: 025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3

Browser Data-->

Proxy settings: N/A

User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)

Default Browser: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

Download signed ActiveX controls: Prompt

Download unsigned ActiveX controls: Disabled

Run ActiveX controls and plug-ins: Allowed

Initialize and script ActiveX controls not marked as safe: Disabled

Allow scripting of Internet Explorer Webbrowser control: Disabled

Active scripting: Allowed

Script ActiveX controls marked as safe for scripting: Allowed

File Scan Data-->

Other data-->

Office Details: <GenuineResults><MachineData><UGUID>{F78BCC1D-FA59-4E2B-9789-5509F8967A7A}</UGUID><Version>1.9.0027.0</Version><OS>6.1.7601.2.00010100.1.0.001</OS><Architecture>x64</Architecture><PKey>*****-*****-*****-*****-VKM6G</PKey><PID>00426-OEM-8992662-00173</PID><PIDType>2</PIDType><SID>S-1-5-21-3218008429-776623121-1360039219</SID><SYSTEM><Manufacturer>Gigabyte Technology Co., Ltd.</Manufacturer><Model>B85M-D3V-A</Model></SYSTEM><BIOS><Manufacturer>American Megatrends Inc.</Manufacturer><Version>F3</Version><SMBIOSVersion major="2" minor="7"/><Date>20150806000000.000000+000</Date></BIOS><HWID>365E3707018400F4</HWID><UserLCID>0409</UserLCID><SystemLCID>0404</SystemLCID><TimeZone>China Standard Time(GMT+08:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM><OEMID>_ASUS_</OEMID><OEMTableID>Notebook</OEMTableID></OEM><GANotification/></MachineData><Software><Office><Result>109</Result><Products/><Applications/></Office></Software></GenuineResults>

Spsys.log Content: 0x80070002

Licensing Data-->

Software licensing service version: 6.1.7601.17514

Name: Windows® 7, Ultimate edition

Description: Windows Operating System - Windows® 7, OEM_SLP channel

Activation ID: 7cfd4696-69a9-4af7-af36-ff3d12b6b6c8

Application ID: 55c92734-d682-4d71-983e-d6ec3f16059f

Extended PID: 00426-00178-926-600173-02-1028-7601.0000-2692016

Installation ID: 004730074223001082936894641300925282154162619510285906

Processor Certificate URL: http://go.microsoft....k/?LinkID=88338

Machine Certificate URL: http://go.microsoft....k/?LinkID=88339

Use License URL: http://go.microsoft....k/?LinkID=88341

Product Key Certificate URL: http://go.microsoft....k/?LinkID=88340

Partial Product Key: VKM6G

License Status: Licensed

Remaining Windows rearm count: 2

Trusted time: 03/28/2017 13:54:07

Windows Activation Technologies-->

HrOffline: 0x00000000

HrOnline: 0x00000000

HealthStatus: 0x0000000000000000

Event Time Stamp: 1:1:2017 20:54

ActiveX: Registered, Version: 7.1.7600.16395

Admin Service: Registered, Version: 7.1.7600.16395

HealthStatus Bitmask Output:

HWID Data-->

HWID Hash Current: KgAAAAEAAQABAAEAAAABAAAAAQABAAEAln1amehE7GoSRcTe9AHtBsj2

OEM Activation 1.0 Data-->

N/A

OEM Activation 2.0 Data-->

BIOS valid for OA 2.0: yes

Windows marker version: 0x20001

OEMID and OEMTableID Consistent: yes

BIOS Information:

ACPI Table Name OEMID Value OEMTableID Value

APIC ALASKA A M I

FACP ALASKA A M I

HPET ALASKA A M I

MCFG ALASKA A M I

FPDT ALASKA A M I

SSDT PmRef Cpu0Ist

DMAR INTEL HSW

SLIC _ASUS_ Notebook

#7
Lucy Messer

Posted 27 March 2017 - 11:57 PM

New Member

Topic Starter
Member
7 posts

CKScanner 2.5 - Additional Security Risks - These are not necessarily bad

c:\setup\windows loader\windows loader 2.2\keys.ini

c:\setup\windows loader\windows loader 2.2\windows loader.exe

c:\windows\autokms\autokms.exe

scanner sequence 3.CP.11.EBAPWZ

----- EOF -----

#8
Jr0x

Posted 28 March 2017 - 09:29 AM

Malware removal team

Malware Removal
1,830 posts

Hi, I'll get back to you soon.

I am verifying some information regarding your log with my colleagues before we proceed.

#9
Lucy Messer

Posted 28 March 2017 - 10:54 AM

New Member

Topic Starter
Member
7 posts

Hi, I'll get back to you soon.

I am verifying some information regarding your log with my colleagues before we proceed.

thank you, please take all the time you need, I'm in no hurry

#10
Jr0x

Posted 28 March 2017 - 12:00 PM

Malware removal team

Malware Removal
1,830 posts

According to G2G Terms of Use under:

The posting of links or references to warez or any other type of illegal software is strictly forbidden. By doing so you risk having your user account terminated without warning. We will NOT help anyone we suspect of having obtained their software or services illegally.

Your Microsoft Windows seem to be pirated and activated via illegal means. I can no longer continue to provide assistance to you.

#11
Lucy Messer

Posted 29 March 2017 - 12:19 AM

New Member

Topic Starter
Member
7 posts

According to G2G Terms of Use under:

The posting of links or references to warez or any other type of illegal software is strictly forbidden. By doing so you risk having your user account terminated without warning. We will NOT help anyone we suspect of having obtained their software or services illegally.

Your Microsoft Windows seem to be pirated and activated via illegal means. I can no longer continue to provide assistance to you.

ok , i suppose you may close the topic