Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Computer is slow, infected with malware


  • Please log in to reply

#1
tingtingz

tingtingz

    Member

  • Member
  • PipPip
  • 11 posts

Hi

 

My computer starts up slow. I wanted to run a malware scan with Malwarebytes but it won't run. I tried to install a newer verison of Malwarebytes but it would not install because of the outdated Malwarebytes I have on my laptop. I can't uninstall the outdated Malwarebytes because an error pop up saying File C:\Program Files(x86)\Malwarebytes Anti-Malware\unins000.dat does not exist. Cannot uninstall. I downloaded and install Bitdefender antivirus to do a malware scan. 6 threats are found. Three of the threats found are 

 

Adware.Linury.AU. Path: C:\Users\TingTing\AppData\Local\AutoSoftware\AutoSoftware_run.exe. 

Adware.Linury.AM. Path: C:\Users\TingTing\AppData\Local\AutoSoftware\ihfznabx\evwnb.dll, 

Application.Generic.1517753 Path: C:\Users\TingTing\AppData\Local\AutoSoftware\ihfznabx\nbouwe.dll.

 

What should I do with these threats? Sometimes when I restart my laptop I get a pop up at startup asking for access from the file C:\windows\system32\MRT.exe , should I allow it? Thank you.

 

Here are my scan logs

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 14-12-2019
Ran by TingTing (administrator) on WINDOWS-I6D372C (Dell Inc. Inspiron 5547) (15-12-2019 14:04:17)
Running from C:\Users\TingTing\Downloads
Loaded Profiles: TingTing (Available Profiles: TingTing)
Platform: Windows 8.1 (Update) (X64) Language: English (United States)
Default browser: Chrome
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Adobe Inc. -> Adobe Systems) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(Adobe Inc. -> Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe
(Adobe Inc. -> Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(Adobe Systems Incorporated -> Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe
(Andrea Electronics -> Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Bitdefender SRL -> Bitdefender) C:\Program Files\Bitdefender Agent\DiscoverySrv.exe
(Bitdefender SRL -> Bitdefender) C:\Program Files\Bitdefender Agent\ProductAgentService.exe
(Bitdefender SRL -> Bitdefender) C:\Program Files\Bitdefender Antivirus Free\bdagent.exe
(Bitdefender SRL -> Bitdefender) C:\Program Files\Bitdefender Antivirus Free\bdredline.exe
(Bitdefender SRL -> Bitdefender) C:\Program Files\Bitdefender Antivirus Free\updatesrv.exe
(Bitdefender SRL -> Bitdefender) C:\Program Files\Bitdefender Antivirus Free\vsserv.exe
(Bitdefender SRL -> Bitdefender) C:\Program Files\Bitdefender Antivirus Free\vsservppl.exe
(Compal Electronics, Inc. -> Dell Inc.) C:\Program Files\Dell\QuickSet\quickset.exe
(CyberLink Corp. -> CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(CyberLink Corp. -> CyberLink) C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
(Dell Inc. -> SoftThinks SAS) C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe
(Dropbox, Inc -> Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe
(Google Inc -> Google Inc.) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.35.422\GoogleCrashHandler.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.35.422\GoogleCrashHandler64.exe
(Intel Corporation - Intel® Management Engine Firmware -> Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Intel Corporation - Intel® Rapid Storage Technology -> Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation - Software and Firmware Products -> Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation - Software and Firmware Products -> Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Intel Corporation - Software and Firmware Products -> Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation - Software and Firmware Products -> Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation - Software and Firmware Products -> Intel Corporation) C:\Windows\System32\igfxTray.exe
(Intel Corporation-Wireless Connectivity Solutions -> Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Intel Corporation-Wireless Connectivity Solutions -> Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Intel Corporation-Wireless Connectivity Solutions -> Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Intel® Corporation) [File not signed] C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Motorola Mobility Inc. -> Motorola Mobility LLC) C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe
(Motorola Mobility Inc. -> Motorola Mobility LLC) C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe
(Motorola Solutions Inc. -> Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Motorola Solutions Inc. -> Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Motorola) [File not signed] C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe
(Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Samsung Electronics CO., LTD. -> ) C:\Windows\SysWOW64\SecUPDUtilSvc.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
 
==================== Registry (Whitelisted) ===================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7506648 2013-12-27] (Realtek Semiconductor Corp -> Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1374424 2014-01-09] (Realtek Semiconductor Corp -> Realtek Semiconductor)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [287592 2014-02-26] (Intel Corporation - Intel® Rapid Storage Technology -> Intel Corporation)
HKLM\...\Run: [QuickSet] => C:\Program Files\Dell\QuickSet\QuickSet.exe [5789512 2014-01-15] (Compal Electronics, Inc. -> Dell Inc.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508128 2016-07-01] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
HKLM\...\Run: [BTMTrayAgent] => C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll [7825720 2014-03-26] (Motorola Solutions Inc. -> Motorola Solutions, Inc.)
HKLM\...\Run: [AdobeGCInvoker-1.0] => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [2872400 2019-10-08] (Adobe Inc. -> Adobe Systems, Incorporated)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [301880 2018-11-15] (Apple Inc. -> Apple Inc.)
HKLM\...\Run: [MRT] => C:\windows\system32\MRT.exe [128443096 2019-11-17] (Microsoft Windows -> Microsoft Corporation)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe [3499896 2014-05-08] (Adobe Systems, Incorporated -> Adobe Systems Inc.)
HKLM-x32\...\Run: [ControlCenter4] => C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe [139776 2014-06-16] (Brother Industries, Ltd.) [File not signed]
HKLM-x32\...\Run: [BrStsMon00] => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [4513792 2014-05-22] (Brother Industries, Ltd.) [File not signed]
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [6260544 2019-12-04] (Dropbox, Inc -> Dropbox, Inc.)
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2409944 2018-01-30] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-688974935-4124263328-645016171-1001\...\Run: [TouchFreeze] => C:\Users\TingTing\AppData\Local\Programs\TouchFreeze\TouchFreeze.exe [40960 2012-07-24] () [File not signed]
HKU\S-1-5-21-688974935-4124263328-645016171-1001\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [25638872 2018-04-23] (Google Inc -> Google)
HKU\S-1-5-21-688974935-4124263328-645016171-1001\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [67384 2018-12-03] (Apple Inc. -> Apple Inc.)
HKU\S-1-5-21-688974935-4124263328-645016171-1001\Sortware\Policies\...\system: [DisableCMD] 0
HKU\S-1-5-21-688974935-4124263328-645016171-1001\...\MountPoints2: D - "D:\setup.exe" 
HKU\S-1-5-21-688974935-4124263328-645016171-1001\...\MountPoints2: {22fa2faf-8bde-11e7-82e1-3417eb5914a6} - "E:\LaunchU3.exe" -a
HKU\S-1-5-21-688974935-4124263328-645016171-1001\...\MountPoints2: {61380f82-c0c8-11e4-825d-a08869820531} - "D:\setup.exe" 
HKU\S-1-5-21-688974935-4124263328-645016171-1001\...\MountPoints2: {896efc2d-f5b5-11e6-82ce-3417eb5914a6} - "E:\LaunchU3.exe" -a
HKU\S-1-5-18\...\RunOnce: [Application Restart #0] => C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe [372408 2014-11-08] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-18\...\RunOnce: [Application Restart #1] => C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe [372408 2014-11-08] (Microsoft Windows -> Microsoft Corporation)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\79.0.3945.79\Installer\chrmstp.exe [2019-12-15] (Google LLC -> Google LLC)
FF HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
 
==================== Scheduled Tasks (Whitelisted) ============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {0C038BE4-52C3-41DD-B5BD-51C24D8F8AAA} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-04-06] (Dropbox, Inc -> Dropbox, Inc.)
Task: {0F3E797A-6B3E-46A7-88F6-DC1DE3EEE62A} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1240656 2019-09-10] (Adobe Inc. -> Adobe Systems)
Task: {1732AA69-2928-4EBA-899C-516A81AA3506} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [376496 2014-01-23] (Microsoft Corporation -> Microsoft Corporation)
Task: {2C74E863-9DF3-4A95-A19B-5E21449933D9} - System32\Tasks\Bitdefender Agent WatchDog_65D6944A0EF74FDAB96E31112AD39864 => C:\Program Files\Bitdefender Agent\WatchDog.exe [488760 2019-07-15] (Bitdefender SRL -> Bitdefender)
Task: {5209B56C-211A-48FF-8B16-FA8F7961AB32} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-04-06] (Dropbox, Inc -> Dropbox, Inc.)
Task: {5942E666-3F3C-45DA-8CAB-F1B8D27AB421} - System32\Tasks\Motorola Device Manager Initial Update => C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotorolaDeviceManagerUpdate.exe [272176 2014-10-30] (Motorola Mobility Inc. -> )
Task: {5A4EE116-098D-4AA6-90F8-898F6D260D06} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [616320 2018-01-08] (Apple Inc. -> Apple Inc.)
Task: {5A66E741-8261-43C5-8027-1CB7AD0D4734} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2806512 2014-01-16] (Synaptics Incorporated -> Synaptics Incorporated)
Task: {5CDAD16E-0A7F-4C93-ADF4-C4FA586A4D02} - System32\Tasks\AdobeGCInvoker-1.0 => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [2872400 2019-10-08] (Adobe Inc. -> Adobe Systems, Incorporated)
Task: {6E92995C-D2EA-47AD-9D35-786C57AF3ECF} - System32\Tasks\CLVDLauncher => C:\Program Files (x86)\CyberLink\Power2Go8\CLVDLauncher.exe [340440 2013-03-22] (CyberLink Corp. -> CyberLink Corp.)
Task: {923C2E1C-2FBC-4811-ABDB-BB9D627B412A} - System32\Tasks\Motorola Device Manager Update => C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotorolaDeviceManagerUpdate.exe [272176 2014-10-30] (Motorola Mobility Inc. -> )
Task: {968B3171-F356-4241-8378-8C11069595DD} - System32\Tasks\{F11E54FD-9E0C-40D2-B2BC-C39546927883} => C:\windows\system32\pcalua.exe -a C:\Users\TingTing\AppData\Local\Apps\2.0\JANXRR7K.4JB\BLE8T11W.5R4\dell..tion_831211ca63b981c5_0008.0008_b150a6542eb950c1\Uninstaller.exe -c uninstall
Task: {A15EB976-7A15-4C27-8B8A-79EA7350DA03} - System32\Tasks\AliUpdater{6D476752-FA67-4F7A-AE78-088CF5BD18C8} => C:\Program Files (x86)\AliWangWang\AliTask.exe
Task: {A43D367F-FAEB-41A7-9D5C-27C880684A85} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [107848 2015-02-09] (Google Inc -> Google Inc.)
Task: {A6C80B7D-86D1-46D4-8D79-F36C8AE68999} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [376496 2014-01-23] (Microsoft Corporation -> Microsoft Corporation)
Task: {AEE99547-62D3-471C-AE1E-12C94F8054D8} - System32\Tasks\CLMLSvc_P2G8 => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [110144 2013-03-04] (CyberLink Corp. -> CyberLink)
Task: {BB3B081F-73AD-4AE7-A3B5-55E7C9465B3C} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [335416 2019-12-14] (Adobe Inc. -> Adobe)
Task: {CD9384C4-1501-4AD3-8CF9-DAB04B50AF4F} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\windows\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_303_Plugin.exe [1457720 2019-12-14] (Adobe Inc. -> Adobe)
Task: {EF43AF7F-5E29-457A-BBF5-D18F7D16EC5A} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [1626328 2014-01-23] (Microsoft Corporation -> Microsoft Corporation)
Task: {FCD881F4-F2B4-40F7-A2B8-E9E30E8D3978} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [107848 2015-02-09] (Google Inc -> Google Inc.)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\windows\Tasks\AliUpdater{6D476752-FA67-4F7A-AE78-088CF5BD18C8}.job => C:\Program Files (x86)\AliWangWang\AliTask.exe
Task: C:\windows\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\windows\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Winsock: Catalog5 07 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [122128 2015-08-12] (Apple Inc. -> Apple Inc.)
Winsock: Catalog5-x64 07 C:\Program Files\Bonjour\mdnsNSP.dll [133392 2015-08-12] (Apple Inc. -> Apple Inc.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{1D93A623-DC57-476A-A086-3E85E64CB79D}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{99CDAB89-41AD-4E9D-B019-09A1C00B4DDA}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{99CDAB89-41AD-4E9D-B019-09A1C00B4DDA}: [DhcpNameServer] 192.168.1.1
 
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617912&ResetID=132023802582494831&GUID=B557F50C-1250-400C-ACD1-A95B3DDA787B
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617912&ResetID=132023802582797841&GUID=B557F50C-1250-400C-ACD1-A95B3DDA787B
HKU\S-1-5-21-688974935-4124263328-645016171-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKLM-x32 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
SearchScopes: HKU\S-1-5-21-688974935-4124263328-645016171-1001 -> {1A95DC8F-4A6D-4938-B715-50B59B516306} URL = 
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2019-07-18] (Microsoft Corporation -> Microsoft Corporation)
BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2014-05-08] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2018-05-15] (Microsoft Corporation -> Microsoft Corporation)
BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2014-05-08] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2019-07-18] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2014-05-08] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2018-05-15] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2014-05-08] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2014-05-08] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2014-05-08] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2017-08-15] (Microsoft Corporation -> Microsoft Corporation)
 
FireFox:
========
FF DefaultProfile: pecg5pgj.default
FF ProfilePath: C:\Users\TingTing\AppData\Roaming\Mozilla\Firefox\Profiles\pecg5pgj.default [2019-12-14]
FF NetworkProxy: Mozilla\Firefox\Profiles\pecg5pgj.default -> autoconfig_url", "data:text/javascript,var%20_http_map%20%3D%20%7B%0A%20%20'white'%3A%20%7B%0A%20%20%20%20'any'%3A%20%5B%5D%0A%20%20%7D%2C%0A%20%20'proxy'%3A%20%7B%0A%20%20%20%20'any'%3A%20%5B%0A%20%20%20%20%20%20%2F%5E%5B%5E%2F%5D*%5C.cupid%5C.iqiyi%5C.com%5C%2F%2Fi%2C%0A%20%20%20%20%20%20%2F%5E%5B%5E%2F%5D*%5C.dpool%5C.sina%5C.com%5C.cn%5C%2Fiplookup%2Fi%0A%20%20%20%20%5D%2C%0A%20%20%20%20'v.youku.com'%3A%20%5B%0A%20%20%20%20%20%20%2F%5E%5C%2Fplayer%5C%2F%2Fi%2C%0A%20%20%20%20%20%20%2F%5E%5C%2Fv_show%5C%2F%2Fi%0A%20%20%20%20%5D%2C%0A%20%20%20%20'api.youku.com'%3A%20%5B%0A%20%20%20%20%20%20%2F%5E%5C%2Fplayer%5C%2F%2Fi%0A%20%20%20%20%5D%2C%0A%20%20%20%20'play.youku.com'%3A%20%5B%0A%20%20%20%20%20%20%2F%5E%5C%2Fplay%5C%2Fget%5C.json%2Fi%0A%20%20%20%20%5D%2C%0A%20%20%20%20'www.tudou.com'%3A%20%5B%0A%20%20%20%20%20%20%2F%5E%5C%2Fa%5C%2F%2Fi%2C%0A%20%20%20%20%20%20%2F%5E%5C%2Fv%5C%2F%2Fi%2C%0A%20%20%20%20%20%20%2F%5E%5C%2Foutplay%5C%2Fgoto%5C%2F%2Fi%2C%0A%20%20%20%20%20%20%2F%5E%5C%2Ftvp%5C%2Falist%5C.action%2Fi%2C%0A%20%20%20%20%20%20%2F%5E%5C%2Fprograms%5C%2Fview%5C%2F%2Fi%2C%0A%20%20%20%20%20%20%2F%5E%5C%2Falbumplay%5C%2F%2Fi%2C%0A%20%20%20%20%20%20%2F%5E%5C%2Flistplay%5C%2F%2Fi%0A%20%20%20%20%5D%2C%0A%20%20%20%20's.plcloud.music.qq.com'%3A%20%5B%0A%20%20%20%20%20%20%2F%5E%5C%2Ffcgi%5C-bin%5C%2Fp%5C.fcg%2Fi%0A%20%20%20%20%5D%2C%0A%20%20%20%20'i.y.qq.com'%3A%20%5B%0A%20%20%20%20%20%20%2F%5E%5C%2Fs%5C.plcloud%5C%2Ffcgi%5C-bin%5C%2Fp%5C.fcg%2Fi%0A%20%20%20%20%5D%2C%0A%20%20%20%20'hot.vrs.sohu.com'%3A%20%5B%0A%20%20%20%20%20%20%2F%5E%5C%2F%2Fi%0A%20%20%20%20%5D%2C%0A%20%20%20%20'live.tv.sohu.com'%3A%20%5B%0A%20%20%20%20%20%20%2F%5E%5C%2Flive%5C%2Fplayer%2Fi%0A%20%20%20%20%5D%2C%0A%20%20%20%20'pad.tv.sohu.com'%3A%20%5B%0A%20%20%20%20%20%20%2F%5E%5C%2Fplayinfo%2Fi%0A%20%20%20%20%5D%2C%0A%20%20%20%20'my.tv.sohu.com'%3A%20%5B%0A%20%20%20%20%20%20%2F%5E%5C%2Fplay%5C%2Fm3u8version%5C.do%2Fi%0A%20%20%20%20%5D%2C%0A%20%20%20%20'hot.vrs.letv.com'%3A%20%5B%0A%20%20%20%20%20%20%2F%5E%5C%2F%2Fi%0A%20%20%20%20%5D%2C%0A%20%20%20%20'api.le.com'%3A%20%5B%0A%20%20%20%20%20%20%2F%5E%5C%2Fmms%5C%2Fout%5C%2Fvideo%5C%2F%2Fi%0A%20%20%20%20%5D%2C%0A%20%20%20%20'data.video.qiyi.com'%3A%20%5B%0A%20%20%20%20%20%20%2F%5E%5C%2Fv%5C.%2Fi%2C%0A%20%20%20%20%20%20%2F%5E%5C%2Fvideos%5C%2F%2Fi%2C%0A%20%20%20%20%20%20%2F%5E%5C%2F.*%5C%2Fvideos%5C%2F%2Fi%0A%20%20%20%20%5D%2C%0A%20%20%20%20'cache.video.qiyi.com'%3A%20%5B%0A%20%20%20%20%20%20%2F%5E%5C%2Fvms%5C%3F%2Fi%2C%0A%20%20%20%20%20%20%2F%5E%5C%2Fvp%5C%2F.*%5C%2F.*%5C%2F%5C%3Fsrc%3D%2Fi%2C%0A%20%20%20%20%20%20%2F%5E%5C%2Fvps%5C%3F%2Fi%2C%0A%20%20%20%20%20%20%2F%5E%5C%2Fliven%5C%2F%2Fi%0A%20%20%20%20%5D%2C%0A%20%20%20%20'cache.vip.qiyi.com'%3A%20%5B%0A%20%20%20%20%20%20%2F%5E%5C%2Fvms%5C%3F%2Fi%0A%20%20%20%20%5D%2C%0A%20%20%20%20'iplocation.geo.qiyi.com'%3A%20%5B%0A%20%20%20%20%20%20%2F%5E%5C%2Fcityjson%2Fi%0A%20%20%20%20%5D%2C%0A%20%20%20%20'v.api.hunantv.com'%3A%20%5B%0A%20%20%20%20%20%20%2F%5E%5C%2Fplayer%5C%2Fvideo%2Fi%0A%20%20%20%20%5D%2C%0A%20%20%20%20'mobile.api.hunantv.com'%3A%20%5B%0A%20%20%20%20%20%20%2F%5E%5C%2Fv5%5C%2Fvideo%5C%2FgetSource%2Fi%0A%20%20%20%20%5D%2C%0A%20%20%20%20'v.api.mgtv.com'%3A%20%5B%0A%20%20%20%20%20%20%2F%5E%5C%2Fplayer%5C%2Fvideo%2Fi%0A%20%20%20%20%5D%2C%0A%20%20%20%20'acc.music.qq.com'%3A%20%5B%0A%20%20%20%20%20%20%2F%5E%5C%2Fbase%5C%2Ffcgi%5C-bin%5C%2Fgetsession%2Fi%0A%20%20%20%20%5D%2C%0A%20%20%20%20'api.appsdk.soku.com'%3A%20%5B%0A%20%20%20%20%20%20%2F%5E%5C%2Fd%5C%2Fs%5C%3Fkeyword%3D%2Fi%2C%0A%20%20%20%20%20%20%2F%5E%5C%2Fu%5C%2Fs%5C%3Fkeyword%3D%2Fi%0A%20%20%20%20%5D%2C%0A%20%20%20%20'app.bilibili.com'%3A%20%5B%0A%20%20%20%20%20%20%2F%5E%5C%2Fbangumi%5C%2Fuser_season_status%5C%3F%2Fi%0A%20%20%20%20%5D%2C%0A%20%20%20%20'bangumi.bilibili.com'%3A%20%5B%0A%20%20%20%20%20%20%2F%5E%5C%2Fapi%5C%2F%2Fi%0A%20%20%20%20%5D%2C%0A%20%20%20%20'122.72.82.31'%3A%20%5B%0A%20%20%20%20%20%20%2F%5E%5C%2F%2Fi%0A%20%20%20%20%5D%2C%0A%20%20%20%20'vv.video.qq.com'%3A%20%5B%0A%20%20%20%20%20%20%2F%5E%5C%2F%2Fi%2C%0A%20%20%20%20%20%20%2F%5E%5C%2Fgetvinfo%2Fi%2C%0A%20%20%20%20%20%20%2F%5E%5C%2Fgetinfo%2Fi%2C%0A%20%20%20%20%20%20%2F%5E%5C%2Fgeturl%2Fi%0A%20%20%20%20%5D%2C%0A%20%20%20%20'tt.video.qq.com'%3A%20%5B%0A%20%20%20%20%20%20%2F%5E%5C%2Fgetvinfo%2Fi%0A%20%20%20%20%5D%2C%0A%20%20%20%20'ice.video.qq.com'%3A%20%5B%0A%20%20%20%20%20%20%2F%5E%5C%2Fgetvinfo%2Fi%0A%20%20%20%20%5D%2C%0A%20%20%20%20'tjsa.video.qq.com'%3A%20%5B%0A%20%20%20%20%20%20%2F%5E%5C%2Fgetvinfo%2Fi%0A%20%20%20%20%5D%2C%0A%20%20%20%20'a10.video.qq.com'%3A%20%5B%0A%20%20%20%20%20%20%2F%5E%5C%2Fgetvinfo%2Fi%0A%20%20%20%20%5D%2C%0A%20%20%20%20'xyy.video.qq.com'%3A%20%5B%0A%20%20%20%20%20%20%2F%5E%5C%2Fgetvinfo%2Fi%0A%20%20%20%20%5D%2C%0A%20%20%20%20'vcq.video.qq.com'%3A%20%5B%0A%20%20%20%20%20%20%2F%5E%5C%2Fgetvinfo%2Fi%0A%20%20%20%20%5D%2C%0A%20%20%20%20'vsh.video.qq.com'%3A%20%5B%0A%20%20%20%20%20%20%2F%5E%5C%2Fgetvinfo%2Fi%0A%20%20%20%20%5D%2C%0A%20%20%20%20'vbj.video.qq.com'%3A%20%5B%0A%20%20%20%20%20%20%2F%5E%5C%2Fgetvinfo%2Fi%0A%20%20%20%20%5D%2C%0A%20%20%20%20'bobo.video.qq.com'%3A%20%5B%0A%20%20%20%20%20%20%2F%5E%5C%2Fgetvinfo%2Fi%0A%20%20%20%20%5D%2C%0A%20%20%20%20'flvs.video.qq.com'%3A%20%5B%0A%20%20%20%20%20%20%2F%5E%5C%2Fgetvinfo%2Fi%0A%20%20%20%20%5D%2C%0A%20%20%20%20'bkvv.video.qq.com'%3A%20%5B%0A%20%20%20%20%20%20%2F%5E%5C%2Fgetvinfo%2Fi%0A%20%20%20%20%5D%2C%0A%20%20%20%20'info.zb.qq.com'%3A%20%5B%0A%20%20%20%20%20%20%2F%5E%5C%2F%5C%3F%2Fi%0A%20%20%20%20%5D%2C%0A%20%20%20%20'info.zb.video.qq.com'%3A%20%5B%0A%20%20%20%20%20%20%2F%5E%5C%2F%5C%3F%2Fi%0A%20%20%20%20%5D%2C%0A%20%20%20%20'qzs.qq.com'%3A%20%5B%0A%20%20%20%20%20%20%2F%5E%5C%2Ftencentvideo_v1%5C%2F%2Fi%0A%20%20%20%20%5D%2C%0A%20%20%20%20'ac.qq.com'%3A%20%5B%0A%20%20%20%20%20%20%2F%5E%5C%2FComic%5C%2FcomicInfo%5C%2Fid%5C%2F%2Fi%2C%0A%20%20%20%20%20%20%2F%5E%5C%2FComicView%5C%2Findex%5C%2Fid%5C%2F%2Fi%2C%0A%20%20%20%20%20%20%2F%5E%5C%2FJump%2Fi%0A%20%20%20%20%5D%2C%0A%20%20%20%20'dispatcher.video.sina.com.cn'%3A%20%5B%0A%20%20%20%20%20%20%2F%5E%5C%2F%2Fi%0A%20%20%20%20%5D%2C%0A%20%20%20%20'geo.js.kankan.xunlei.com'%3A%20%5B%0A%20%20%20%20%20%20%2F%5E%5C%2F%2Fi%0A%20%20%20%20%5D%2C%0A%20%20%20%20'web-play.pptv.com'%3A%20%5B%0A%20%20%20%20%20%20%2F%5E%5C%2F%2Fi%0A%20%20%20%20%5D%2C%0A%20%20%20%20'web-play.pplive.cn'%3A%20%5B%0A%20%20%20%20%20%20%2F%5E%5C%2F%2Fi%0A%20%20%20%20%5D%2C%0A%20%20%20%20'tools.aplusapi.pptv.com'%3A%20%5B%0A%20%20%20%20%20%20%2F%5E%5C%2Fget_ppi%5C%3F%2Fi%0A%20%20%20%20%5D%2C%0A%20%20%20%20'live.pptv.com'%3A%20%5B%0A%20%20%20%20%20%20%2F%5E%5C%2Fapi%5C%2Fsubject_list%5C%3F%2Fi%0A%20%20%20%20%5D%2C%0A%20%20%20%20'dyn.ugc.pps.tv'%3A%20%5B%0A%20%20%20%20%20%20%2F%5E%5C%2F%2Fi%0A%20%20%20%20%5D%2C%0A%20%20%20%20'v.pps.tv'%3A%20%5B%0A%20%20%20%20%20%20%2F%5E%5C%2Fugc%5C%2Fajax%5C%2Faj_html5_url%5C.php%2Fi%0A%20%20%20%20%5D%2C%0A%20%20%20%20'inner.kandian.com'%3A%20%5B%0A%20%20%20%20%20%20%2F%5E%5C%2F%2Fi%0A%20%20%20%20%5D%2C%0A%20%20%20%20'ipservice.163.com'%3A%20%5B%0A%20%20%20%20%20%20%2F%5E%5C%2F%2Fi%0A%20%20%20%20%5D%2C%0A%20%20%20%20'so.open.163.com'%3A%20%5B%0A%20%20%20%20%20%20%2F%5E%5C%2Fopen%5C%2Finfo%5C.htm%2Fi%0A%20%20%20%20%5D%2C%0A%20%20%20%20'zb.s.qq.com'%3A%20%5B%0A%20%20%20%20%20%20%2F%5E%5C%2F%2Fi%0A%20%20%20%20%5D%2C%0A%20%20%20%20'ip.kankan.xunlei.com'%3A%20%5B%0A%20%20%20%20%20%20%2F%5E%5C%2F%2Fi%0A%20%20%20%20%5D%2C%0A%20%20%20%20'vxml.56.com'%3A%20%5B%0A%20%20%20%20%20%20%2F%5E%5C%2Fjson%5C%2F%2Fi%0A%20%20%20%20%5D%2C%0A%20%20%20%20'music.sina.com.cn'%3A%20%5B%0A%20%20%20%20%20%20%2F%5E%5C%2Fyueku%5C%2Fintro%5C%2F%2Fi%2C%0A%20%20%20%20%20%20%2F%5E%5C%2Fradio%5C%2Fport%5C%2FwebFeatureRadioLimitList%5C.php%2Fi%0A%20%20%20%20%5D%2C%0A%20%20%20%20'play.baidu.com'%3A%20%5B%0A%20%20%20%20%20%20%2F%5E%5C%2Fdata%5C%2Fmusic%5C%2Fsonglink%2Fi%0A%20%20%20%20%5D%2C%0A%20%20%20%20'v.iask.com'%3A%20%5B%0A%20%20%20%20%20%20%2F%5E%5C%2Fv_play%5C.php%2Fi%2C%0A%20%20%20%20%20%20%2F%5E%5C%2Fv_play_ipad%5C.cx%5C.php%2Fi%0A%20%20%20%20%5D%2C%0A%20%20%20%20'tv.weibo.com'%3A%20%5B%0A%20%20%20%20%20%20%2F%5E%5C%2Fplayer%5C%2F%2Fi%0A%20%20%20%20%5D%2C%0A%20%20%20%20'wtv.v.iask.com'%3A%20%5B%0A%20%20%20%20%20%20%2F%5E%5C%2F.*%5C.m3u8%2Fi%2C%0A%20%20%20%20%20%20%2F%5E%5C%2Fmcdn%5C.php%24%2Fi%2C%0A%20%20%20%20%20%20%2F%5E%5C%2Fplayer%5C%2Fovs1_idc_list%5C.php%2Fi%0A%20%20%20%20%5D%2C%0A%20%20%20%20'video.sina.com.cn'%3A%20%5B%0A%20%20%20%20%20%20%2F%5E%5C%2Finterface%5C%2Fl%5C%2Fu%5C%2FgetFocusStatus%5C.php%2Fi%0A%20%20%20%20%5D%2C%0A%20%20%20%20'www.yinyuetai.com'%3A%20%5B%0A%20%20%20%20%20%20%2F%5E%5C%2Finsite%5C%2F%2Fi%2C%0A%20%20%20%20%20%20%2F%5E%5C%2Fmain%5C%2Fget%5C-%2Fi%0A%20%20%20%20%5D%2C%0A%20%20%20%20'www.xiami.com'%3A%20%5B%0A%20%20%20%20%20%20%2F%5E%5C%2Fplay%5C%3F%2Fi%0A%20%20%20%20%5D%2C%0A%20%20%20%20'www.kugou.com'%3A%20%5B%0A%20%20%20%20%20%20%2F%5E%5C%2Finterface%5C%2Fgeoip%5C%2Fcheckip%5C.php%24%2Fi%0A%20%20%20%20%5D%2C%0A%20%20%20%20'www.kuwo.cn'%3A%20%5B%0A%20%20%20%20%20%20%2F%5E%5C%2Fyy%5C%2FPlayCheckIp%5C%3Fcallback%3DcheckIpCallback%26_%3D%2Fi%0A%20%20%20%20%5D%2C%0A%20%20%20%20'antiserver.kuwo.cn'%3A%20%5B%0A%20%20%20%20%20%20%2F%5E%5C%2Fanti%5C.s%5C%3F%2Fi%0A%20%20%20%20%5D%2C%0A%20%20%20%20'api.letv.com'%3A%20%5B%0A%20%20%20%20%20%20%2F%5E%5C%2Fstreamblock%2Fi%2C%0A%20%20%20%20%20%20%2F%5E%5C%2Fmms%5C%2Fout%5C%2Fvideo%5C%2Fplay%2Fi%2C%0A%20%20%20%20%20%20%2F%5E%5C%2Fmms%5C%2Fout%5C%2Fcommon%5C%2Fgeturl%2Fi%2C%0A%20%20%20%20%20%20%2F%5E%5C%2Fgeturl%2Fi%2C%0A%20%20%20%20%20%20%2F%5E%5C%2Fapi%5C%2Fgeturl%2Fi%0A%20%20%20%20%5D%2C%0A%20%20%20%20'api.www.letv.com'%3A%20%5B%0A%20%20%20%20%20%20%2F%5E%5C%2Fmms%5C%2Fout%5C%2Fvideo%5C%2FplayJson%5C%3F%2Fi%0A%20%20%20%20%5D%2C%0A%20%20%20%20'st.live.letv.com'%3A%20%5B%0A%20%20%20%20%20%20%2F%5E%5C%2Flive%5C%2F%2Fi%0A%20%20%20%20%5D%2C%0A%20%20%20%20'live.gslb.letv.com'%3A%20%5B%0A%20%20%20%20%20%20%2F%5E%5C%2Fgslb%5C%3F%2Fi%0A%20%20%20%20%5D%2C%0A%20%20%20%20'live.g3proxy.lecloud.com'%3A%20%5B%0A%20%20%20%20%20%20%2F%5E%5C%2Fgslb%5C%3F%2Fi%0A%20%20%20%20%5D%2C%0A%20%20%20%20'api.live.letv.com'%3A%20%5B%0A%20%20%20%20%20%20%2F%5E%5C%2Fcrossdomain%5C.xml%24%2Fi%0A%20%20%20%20%5D%2C%0A%20%20%20%20'static.itv.letv.com'%3A%20%5B%0A%20%20%20%20%20%20%2F%5E%5C%2Fapi%2Fi%0A%20%20%20%20%5D%2C%0A%20%20%20%20'ip.apps.cntv.cn'%3A%20%5B%0A%20%20%20%20%20%20%2F%5E%5C%2Fjs%5C%2Fplayer%5C.do%2Fi%0A%20%20%20%20%5D%2C%0A%20%20%20%20'vdn.apps.cntv.cn'%3A%20%5B%0A%20%20%20%20%20%20%2F%5E%5C%2Fapi%5C%2Fget%2Fi%0A%20%20%20%20%5D%2C%0A%20%20%20%20'vdn.live.cntv.cn'%3A%20%5B%0A%20%20%20%20%20%20%2F%5E%5C%2Fapi2%5C%2FliveHtml5%5C.do%5C%3Fchannel%3Dpa%3A%5C%2F%5C%2Fcctv_p2p_hdcctv5%2Fi%2C%0A%20%20%20%20%20%20%2F%5E%5C%2Fapi2%5C%2FliveHtml5%5C.do%5C%3Fchannel%3Dpa%3A%5C%2F%5C%2Fcctv_p2p_hdcctv6%2Fi%2C%0A%20%20%20%20%20%20%2F%5E%5C%2Fapi2%5C%2FliveHtml5%5C.do%5C%3Fchannel%3Dpa%3A%5C%2F%5C%2Fcctv_p2p_hdcctv8%2Fi%2C%0A%20%20%20%20%20%20%2F%5E%5C%2Fapi2%5C%2FliveHtml5%5C.do%5C%3Fchannel%3Dpa%3A%5C%2F%5C%2Fcctv_p2p_hdbtv6%2Fi%0A%20%20%20%20%5D%2C%0A%20%20%20%20'vip.sports.cntv.cn'%3A%20%5B%0A%20%20%20%20%20%20%2F%5E%5C%2Fcheck%5C.do%2Fi%2C%0A%20%20%20%20%20%20%2F%5E%5C%2Fplay%5C.do%2Fi%2C%0A%20%20%20%20%20%20%2F%5E%5C%2Fservlets%5C%2Fencryptvideopath%5C.do%2Fi%0A%20%20%20%20%5D%2C%0A%20%20%20%20'211.151.157.15'%3A%20%5B%0A%20%20%20%20%20%20%2F%5E%5C%2F%2Fi%0A%20%20%20%20%5D%2C%0A%20%20%20%20'www.youku.com'%3A%20%5B%0A%20%20%20%20%20%20%2F%5E%5C%2Fshow_page%5C%2F%2Fi%0A%20%20%20%20%5D%2C%0A%20%20%20%20'www.soku.com'%3A%20%5B%0A%20%20%20%20%20%20%2F%5E%5C%2Fsearch_video%5C%2F%2Fi%0A%20%20%20%20%5D%2C%0A%20%20%20%20'douban.fm'%3A%20%5B%0A%20%20%20%20%20%20%2F%5E%5C%2F%2Fi%0A%20%20%20%20%5D%2C%0A%20%20%20%20'lixian.xunlei.com'%3A%20%5B%0A%20%20%20%20%20%20%2F%5E%5C%2F%2Fi%0A%20%20%20%20%5D%2C%0A%20%20%20%20'lixian.vip.xunlei.com'%3A%20%5B%0A%20%20%20%20%20%20%2F%5E%5C%2F%2Fi%0A%20%20%20%20%5D%2C%0A%20%20%20%20'dynamic.cloud.vip.xunlei.com'%3A%20%5B%0A%20%20%20%20%20%20%2F%5E%5C%2F%2Fi%0A%20%20%20%20%5D%2C%0A%20%20%20%20'cloud.vip.xunlei.com'%3A%20%5B%0A%20%20%20%20%20%20%2F%5E%5C%2F%2Fi%0A%20%20%20%20%5D%2C%0A%20%20%20%20'www.iqiyi.com'%3A%20%5B%0A%20%20%20%20%20%20%2F%5E%5C%2Fdongman%5C%2F%24%2Fi%0A%20%20%20%20%5D%2C%0A%20%20%20%20'36.110.222.105'%3A%20%5B%0A%20%20%20%20%20%20%2F%5E%5C%2F%2Fi%0A%20%20%20%20%5D%2C%0A%20%20%20%20'36.110.222.119'%3A%20%5B%0A%20%20%20%20%20%20%2F%5E%5C%2F%2Fi%0A%20%20%20%20%5D%2C%0A%20%20%20%20'36.110.222.146'%3A%20%5B%0A%20%20%20%20%20%20%2F%5E%5C%2F%2Fi%0A%20%20%20%20%5D%2C%0A%20%20%20%20'36.110.222.156'%3A%20%5B%0A%20%20%20%20%20%20%2F%5E%5C%2F%2Fi%0A%20%20%20%20%5D%2C%0A%20%20%20%20'123.125.89.6'%3A%20%5B%0A%20%20%20%20%20%20%2F%5E%5C%2F%2Fi%0A%20%20%20%20%5D%2C%0A%20%20%20%20'123.125.89.101'%3A%20%5B%0A%20%20%20%20%20%20%2F%5E%5C%2F%2Fi%0A%20%20%20%20%5D%2C%0A%20%20%20%20'123.125.89.102'%3A%20%5B%0A%20%20%20%20%20%20%2F%5E%5C%2F%2Fi%0A%20%20%20%20%5D%2C%0A%20%20%20%20'123.125.89.103'%3A%20%5B%0A%20%20%20%20%20%20%2F%5E%5C%2F%2Fi%0A%20%20%20%20%5D%2C%0A%20%20%20%20'123.125.89.157'%3A%20%5B%0A%20%20%20%20%20%20%2F%5E%5C%2F%2Fi%0A%20%20%20%20%5D%2C%0A%20%20%20%20'123.125.89.159'%3A%20%5B%0A%20%20%20%20%20%20%2F%5E%5C%2F%2Fi%0A%20%20%20%20%5D%2C%0A%20%20%20%20'123.126.32.134'%3A%20%5B%0A%20%20%20%20%20%20%2F%5E%5C%2F%2Fi%0A%20%20%20%20%5D%2C%0A%20%20%20%20'123.59.122.75'%3A%20%5B%0A%20%20%20%20%20%20%2F%5E%5C%2F%2Fi%0A%20%20%20%20%5D%2C%0A%20%20%20%20'123.59.122.76'%3A%20%5B%0A%20%20%20%20%20%20%2F%5E%5C%2F%2Fi%0A%20%20%20%20%5D%2C%0A%20%20%20%20'123.59.122.77'%3A%20%5B%0A%20%20%20%20%20%20%2F%5E%5C%2F%2Fi%0A%20%20%20%20%5D%2C%0A%20%20%20%20'123.59.122.104'%3A%20%5B%0A%20%20%20%20%20%20%2F%5E%5C%2F%2Fi%0A%20%20%20%20%5D%2C%0A%20%20%20%20'111.206.208.36'%3A%20%5B%0A%20%20%20%20%20%20%2F%5E%5C%2F%2Fi%0A%20%20%20%20%5D%2C%0A%20%20%20%20'111.206.208.37'%3A%20%5B%0A%20%20%20%20%20%20%2F%5E%5C%2F%2Fi%0A%20%20%20%20%5D%2C%0A%20%20%20%20'111.206.208.38'%3A%20%5B%0A%20%20%20%20%20%20%2F%5E%5C%2F%2Fi%0A%20%20%20%20%5D%2C%0A%20%20%20%20'111.206.208.61'%3A%20%5B%0A%20%20%20%20%20%20%2F%5E%5C%2F%2Fi%0A%20%20%20%20%5D%2C%0A%20%20%20%20'111.206.208.62'%3A%20%5B%0A%20%20%20%20%20%20%2F%5E%5C%2F%2Fi%0A%20%20%20%20%5D%2C%0A%20%20%20%20'111.206.208.163'%3A%20%5B%0A%20%20%20%20%20%20%2F%5E%5C%2F%2Fi%0A%20%20%20%20%5D%2C%0A%20%20%20%20'111.206.208.164'%3A%20%5B%0A%20%20%20%20%20%20%2F%5E%5C%2F%2Fi%0A%20%20%20%20%5D%2C%0A%20%20%20%20'111.206.208.166'%3A%20%5B%0A%20%20%20%20%20%20%2F%5E%5C%2F%2Fi%0A%20%20%20%20%5D%2C%0A%20%20%20%20'111.206.211.145'%3A%20%5B%0A%20%20%20%20%20%20%2F%5E%5C%2F%2Fi%0A%20%20%20%20%5D%2C%0A%20%20%20%20'111.206.211.146'%3A%20%5B%0A%20%20%20%20%20%20%2F%5E%5C%2F%2Fi%0A%20%20%20%20%5D%2C%0A%20%20%20%20'111.206.211.147'%3A%20%5B%0A%20%20%20%20%20%20%2F%5E%5C%2F%2Fi%0A%20%20%20%20%5D%2C%0A%20%20%20%20'111.206.211.148'%3A%20%5B%0A%20%20%20%20%20%20%2F%5E%5C%2F%2Fi%0A%20%20%20%20%5D%2C%0A%20%20%20%20'111.206.211.129'%3A%20%5B%0A%20%20%20%20%20%20%2F%5E%5C%2F%2Fi%0A%20%20%20%20%5D%2C%0A%20%20%20%20'111.206.211.130'%3A%20%5B%0A%20%20%20%20%20%20%2F%5E%5C%2F%2Fi%0A%20%20%20%20%5D%2C%0A%20%20%20%20'111.206.211.131'%3A%20%5B%0A%20%20%20%20%20%20%2F%5E%5C%2F%2Fi%0A%20%20%20%20%5D%2C%0A%20%20%20%20'220.181.153.113'%3A%20%5B%0A%20%20%20%20%20%20%2F%5E%5C%2F%2Fi%0A%20%20%20%20%5D%2C%0A%20%20%20%20'14.152.77.32'%3A%20%5B%0A%20%20%20%20%20%20%2F%5E%5C%2F%2Fi%0A%20%20%20%20%5D%2C%0A%20%20%20%20'14.152.77.26'%3A%20%5B%0A%20%20%20%20%20%20%2F%5E%5C%2F%2Fi%0A%20%20%20%20%5D%2C%0A%20%20%20%20'14.152.77.25'%3A%20%5B%0A%20%20%20%20%20%20%2F%5E%5C%2F%2Fi%0A%20%20%20%20%5D%2C%0A%20%20%20%20'14.152.77.22'%3A%20%5B%0A%20%20%20%20%20%20%2F%5E%5C%2F%2Fi%0A%20%20%20%20%5D%2C%0A%20%20%20%20'183.232.229.22'%3A%20%5B%0A%20%20%20%20%20%20%2F%5E%5C%2F%2Fi%0A%20%20%20%20%5D%2C%0A%20%20%20%20'183.232.229.21'%3A%20%5B%0A%20%20%20%20%20%20%2F%5E%5C%2F%2Fi%0A%20%20%20%20%5D%2C%0A%20%20%20%20'183.232.229.25'%3A%20%5B%0A%20%20%20%20%20%20%2F%5E%5C%2F%2Fi%0A%20%20%20%20%5D%2C%0A%20%20%20%20'183.232.229.32'%3A%20%5B%0A%20%20%20%20%20%20%2F%5E%5C%2F%2Fi%0A%20%20%20%20%5D%2C%0A%20%20%20%20'115.182.200.51'%3A%20%5B%0A%20%20%20%20%20%20%2F%5E%5C%2F%2Fi%0A%20%20%20%20%5D%2C%0A%20%20%20%20'115.182.200.50'%3A%20%5B%0A%20%20%20%20%20%20%2F%5E%5C%2F%2Fi%0A%20%20%20%20%5D%2C%0A%20%20%20%20'115.182.200.54'%3A%20%5B%0A%20%20%20%20%20%20%2F%5E%5C%2F%2Fi%0A%20%20%20%20%5D%2C%0A%20%20%20%20'115.182.200.53'%3A%20%5B%0A%20%20%20%20%20%20%2F%5E%5C%2F%2Fi%0A%20%20%20%20%5D%2C%0A%20%20%20%20'115.182.200.52'%3A%20%5B%0A%20%20%20%20%20%20%2F%5E%5C%2F%2Fi%0A%20%20%20%20%5D%2C%0A%20%20%20%20'115.182.63.51'%3A%20%5B%0A%20%20%20%20%20%20%2F%5E%5C%2F%2Fi%0A%20%20%20%20%5D%2C%0A%20%20%20%20'115.182.63.93'%3A%20%5B%0A%20%20%20%20%20%20%2F%5E%5C%2F%2Fi%0A%20%20%20%20%5D%2C%0A%20%20%20%20'pay.youku.com'%3A%20%5B%0A%20%20%20%20%20%20%2F%5E%5C%2Fbuy%5C%2Fredirect%5C.html%2Fi%0A%20%20%20%20%5D%2C%0A%20%20%20%20'pay.tudou.com'%3A%20%5B%0A%20%20%20%20%20%20%2F%5E%5C%2Fbuy%5C%2Fredirect%5C.html%2Fi%0A%20%20%20%20%5D%2C%0A%20%20%20%20'aid.video.qq.com'%3A%20%5B%0A%20%20%20%20%20%20%2F%5E%5C%2Ffcgi%5C-bin%5C%2Fuserip%5C%3F%2Fi%0A%20%20%20%20%5D%2C%0A%20%20%20%20'aidbak.video.qq.com'%3A%20%5B%0A%20%20%20%20%20%20%2F%5E%5C%2Ffcgi%5C-bin%5C%2Fuserip%5C%3F%2Fi%0A%20%20%20%20%5D%2C%0A%20%20%20%20'pay.video.qq.com'%3A%20%5B%0A%20%20%20%20%20%20%2F%5E%5C%2Ffcgi%5C-bin%5C%2Fpaylimit%2Fi%0A%20%20%20%20%5D%2C%0A%20%20%20%20'paybak.video.qq.com'%3A%20%5B%0A%20%20%20%20%20%20%2F%5E%5C%2Ffcgi%5C-bin%5C%2Fpaylimit%2Fi%0A%20%20%20%20%5D%2C%0A%20%20%20%20'chrome.2345.com'%3A%20%5B%0A%20%20%20%20%20%20%2F%5E%5C%2Fdianhua%5C%2Findex%5C.php%5C%3Fm%3Dcall%26f%3Dcheck%26%2Fi%0A%20%20%20%20%5D%0A%20%20%7D%0A%7D%3B%0Avar%20_https_map%20%3D%20%7B%0A%20%20'white'%3A%20%7B%0A%20%20%20%20'any'%3A%20%5B%5D%0A%20%20%7D%2C%0A%20%20'proxy'%3A%20%7B%0A%20%20%20%20'any'%3A%20%5B%5D%0A%20%20%7D%0A%7D%3B%0Avar%20_proxy_str%20%3D%20'HTTPS%20secure.uku.im%3A993%3B%20HTTPS%20proxy.mainland.io%3A993%3B%20DIRECT%3B'%3B%0A%0Afunction%20_check_regex_list(regex_list%2C%20str)%20%7B%0A%20%20var%20i%3B%0A%20%20for%20(i%20%3D%200%3B%20i%20%3C%20regex_list.length%3B%20i%2B%2B)%0A%20%20%20%20if%20(regex_list%5Bi%5D.test(str))%0A%20%20%20%20%20%20return%20true%3B%0A%20%20return%20false%3B%0A%7D%0A%0Afunction%20_check_patterns(patterns%2C%20hostname%2C%20full_url%2C%20prot_len)%20%7B%0A%20%20if%20(patterns.hasOwnProperty(hostname))%0A%20%20%20%20if%20(_check_regex_list(patterns%5Bhostname%5D%2C%0A%20%20%20%20%20%20%20%20full_url.slice(prot_len%20%2B%20hostname.length)))%0A%20%20%20%20%20%20return%20true%3B%0A%20%20if%20(_check_regex_list(patterns.any%2C%0A%20%20%20%20%20%20full_url.slice(prot_len)))%0A%20%20%20%20return%20true%3B%0A%20%20return%20false%3B%0A%7D%0A%0Afunction%20_find_proxy(url_map%2C%20host%2C%20url%2C%20prot_len)%20%7B%0A%20%20if%20(_check_patterns(url_map.white%2C%20host%2C%20url%2C%20prot_len))%0A%20%20%20%20%20%20return%20'DIRECT'%3B%0A%20%20if%20(_check_patterns(url_map.proxy%2C%20host%2C%20url%2C%20prot_len))%0A%20%20%20%20return%20_proxy_str%3B%0A%20%20return%20'DIRECT'%3B%0A%7D%0A%0Afunction%20FindProxyForURL(url%2C%20host)%20%7B%0A%20%20var%20prot%20%3D%20url.slice(0%2C%206)%3B%0A%20%20if%20(prot%20%3D%3D%3D%20'http%3A%2F')%0A%20%20%20%20return%20_find_proxy(_http_map%2C%20host%2C%20url%2C%207)%3B%0A%20%20else%20if%20(prot%20%3D%3D%3D%20'https%3A')%0A%20%20%20%20return%20_find_proxy(_https_map%2C%20host%2C%20url%2C%208)%3B%0A%20%20return%20'DIRECT'%3B%0A%7D%0A"
FF Extension: (Unblock Youku) - C:\Users\TingTing\AppData\Roaming\Mozilla\Firefox\Profiles\pecg5pgj.default\Extensions\[email protected] [2016-03-08] [Legacy]
FF Extension: (Search Manager) - C:\Users\TingTing\AppData\Roaming\Mozilla\Firefox\Profiles\pecg5pgj.default\Extensions\{24436206-088d-4a1a-8d0e-cf93ca7a2d23} [2019-12-14] [hxxps://qupotomu.com/update?x=restype=ffjson]
FF Extension: (Adblock Plus) - C:\Users\TingTing\AppData\Roaming\Mozilla\Firefox\Profiles\pecg5pgj.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2017-06-12] [Legacy]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: (Adobe Acrobat - Create PDF) - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn [2015-06-25] [Legacy] [not signed]
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_32_0_0_303.dll [2019-12-14] (Adobe Inc. -> )
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2018-01-30] (Adobe Systems Incorporated -> Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_32_0_0_303.dll [2019-12-14] (Adobe Inc. -> )
FF Plugin-x32: @alibaba.com/npwangwang;version=1.0 -> C:\Program Files (x86)\AliWangWang\8.60.00C\npwangwang.dll [No File]
FF Plugin-x32: @alipay.com/NPComBrg701,version=1.0.2011.701 -> C:\windows\system32\itruscert\NPComBrg701.dll [No File]
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-12-18] (Intel® Identity Protection Technology Software -> Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-12-18] (Intel® Identity Protection Technology Software -> Intel Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2016-07-19] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-22] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.35.422\npGoogleUpdate3.dll [2019-12-14] (Google LLC -> Google LLC)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.35.422\npGoogleUpdate3.dll [2019-12-14] (Google LLC -> Google LLC)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll [2014-05-08] (Adobe Systems, Incorporated -> Adobe Systems Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2019-12-02] (Adobe Inc. -> Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2018-01-30] (Adobe Systems Incorporated -> Adobe Systems)
FF Plugin HKU\S-1-5-21-688974935-4124263328-645016171-1001: @alibaba.com/npAliSSOLogin;version=1.0 -> C:\Program Files (x86)\AliWangWang\8.60.00C\npAliSSOLogin.dll [No File]
FF Plugin HKU\S-1-5-21-688974935-4124263328-645016171-1001: @alibaba.com/npwangwang;version=1.0 -> C:\Program Files (x86)\AliWangWang\8.60.00C\npwangwang.dll [No File]
FF Plugin HKU\S-1-5-21-688974935-4124263328-645016171-1001: @citrixonline.com/appdetectorplugin -> C:\Users\TingTing\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2015-03-25] (Citrix Online -> Citrix Online)
 
Chrome: 
=======
CHR DefaultProfile: Default
CHR DefaultSearchURL: Default -> hxxp://www.google.com/search?q={searchTerms}
CHR DefaultSearchKeyword: Default -> google.com_
CHR Notifications: Default -> hxxps://voice.google.com
CHR Profile: C:\Users\TingTing\AppData\Local\Google\Chrome\User Data\Default [2019-12-15]
CHR Extension: (Google Drive) - C:\Users\TingTing\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2019-12-15]
CHR Extension: (Google Docs Offline) - C:\Users\TingTing\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-08-19]
CHR Extension: (AdBlock — best ad blocker) - C:\Users\TingTing\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2019-12-15]
CHR Extension: (Sketchpad) - C:\Users\TingTing\AppData\Local\Google\Chrome\User Data\Default\Extensions\lkllajgbhondgjjnhmmgbjndmogapinp [2015-12-27]
CHR Extension: (InspirARTion - Sketch & Draw!) - C:\Users\TingTing\AppData\Local\Google\Chrome\User Data\Default\Extensions\nhbmpilemgmpbdaniehhmodkkppkelec [2015-12-27]
CHR Extension: (Chrome Web Store Payments) - C:\Users\TingTing\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2019-10-13]
CHR Extension: (Hola - Unlimited Proxy VPN) - C:\Users\TingTing\AppData\Local\Google\Chrome\User Data\Default\Extensions\opalpjjboefohnelaemnhdhlceibbcgl [2016-04-10]
CHR Extension: (Unblock Youku) - C:\Users\TingTing\AppData\Local\Google\Chrome\User Data\Default\Extensions\pdnfnkhpgegpcingjbfihlkjeighnddk [2019-06-02]
CHR Extension: (Chrome Media Router) - C:\Users\TingTing\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-12-15]
CHR HKU\S-1-5-21-688974935-4124263328-645016171-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\TingTing\AppData\Local\Google\Drive\user_default\apdfllckaahabafndbhieahigkjlhalf_live.crx [2016-04-06]
CHR HKU\S-1-5-21-688974935-4124263328-645016171-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCChromeExtn\WCChromeExtn.crx [2014-05-08]
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx <not found>
 
==================== Services (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [818136 2018-01-30] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
R2 AGMService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe [3147344 2019-10-08] (Adobe Inc. -> Adobe Systems, Incorporated)
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2914896 2019-10-08] (Adobe Inc. -> Adobe Systems, Incorporated)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [85304 2018-10-16] (Apple Inc. -> Apple Inc.)
R2 bdredline; C:\Program Files\Bitdefender Antivirus Free\bdredline.exe [2500144 2019-03-27] (Bitdefender SRL -> Bitdefender)
S3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [282112 2013-09-25] (Brother Industries, Ltd.) [File not signed]
S2 CLKMSVC10_99E320F5; C:\Program Files (x86)\CyberLink\PowerDVD12\Common\NavFilter\kmsvc.exe [243464 2013-08-06] (CyberLink Corp. -> CyberLink)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-04-06] (Dropbox, Inc -> Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-04-06] (Dropbox, Inc -> Dropbox, Inc.)
R2 DbxSvc; C:\windows\system32\DbxSvc.exe [51024 2019-12-04] (Dropbox, Inc -> Dropbox, Inc.)
S2 DellDataVault; C:\Program Files\Dell\DellDataVault\DellDataVault.exe [2574168 2015-09-11] (Techporch Incorporated -> Dell Inc.)
R2 igfxCUIService1.0.0.0; C:\windows\system32\igfxCUIService.exe [282096 2014-03-11] (Intel Corporation - Software and Firmware Products -> Intel Corporation)
R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel® Trusted Connect Service -> Intel® Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-12-18] (Intel Corporation - Intel® Management Engine Firmware -> Intel Corporation)
R2 Motorola Device Manager; C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe [137528 2014-04-08] (Motorola Mobility Inc. -> Motorola Mobility LLC)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [268192 2015-03-19] (Intel Corporation-Wireless Connectivity Solutions -> )
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2121736 2017-01-29] (Electronic Arts, Inc. -> Electronic Arts)
S2 Origin Web Helper Service; C:\Program Files (x86)\Origin\OriginWebHelperService.exe [2183696 2017-01-29] (Electronic Arts, Inc. -> Electronic Arts)
R2 ProductAgentService; C:\Program Files\Bitdefender Agent\ProductAgentService.exe [1291888 2019-07-15] (Bitdefender SRL -> Bitdefender)
R2 PST Service; C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe [65657 2011-09-02] (Motorola) [File not signed]
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [253776 2013-07-29] (CyberLink Corp. -> CyberLink)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [290520 2014-01-08] (Realtek Semiconductor Corp -> Realtek Semiconductor)
R2 SamsungUPDUtilSvc; C:\windows\SysWOW64\SecUPDUtilSvc.exe [143664 2015-11-24] (Samsung Electronics CO., LTD. -> )
R2 SftService; C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe [1915408 2013-10-17] (Dell Inc. -> SoftThinks SAS)
R2 updatesrv; C:\Program Files\Bitdefender Antivirus Free\updatesrv.exe [238376 2019-11-22] (Bitdefender SRL -> Bitdefender)
R2 vsserv; C:\Program Files\Bitdefender Antivirus Free\vsserv.exe [238376 2019-11-22] (Bitdefender SRL -> Bitdefender)
R2 vsservppl; C:\Program Files\Bitdefender Antivirus Free\vsservppl.exe [238376 2019-11-22] (Bitdefender SRL -> Bitdefender)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [361824 2017-01-12] (Microsoft Corporation -> Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [119872 2017-01-12] (Microsoft Corporation -> Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3820960 2015-03-19] (Intel Corporation-Wireless Connectivity Solutions -> Intel® Corporation)
S2 Service KMSELDI; C:\Program Files\KMSpico\Service_KMS.exe [X]
S2 TBSecSvc; "C:\Program Files (x86)\TaobaoProtect\TBSecSvc.exe" [X]
S2 wwbizsrv; "C:\Program Files (x86)\Alibaba\wwbizsrv\wwbizsrv.exe" [X]
 
===================== Drivers (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 amdiommu; C:\windows\System32\drivers\amdkiomd.sys [76800 2014-01-10] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
R0 amdkmpfd; C:\windows\System32\drivers\amdkmpfd.sys [36608 2013-12-12] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
R1 atc; C:\windows\System32\DRIVERS\atc.sys [1693368 2019-09-23] (Bitdefender SRL -> Bitdefender S.R.L. Bucharest, ROMANIA)
S3 bcmfn2; C:\windows\System32\drivers\bcmfn2.sys [17624 2013-08-12] (Broadcom Corporation -> Windows ® Win 7 DDK provider)
R2 BdDci; C:\windows\system32\DRIVERS\bddci.sys [739024 2019-11-13] (Bitdefender SRL -> Bitdefender)
S0 bdelam; C:\windows\System32\drivers\bdelam.sys [22960 2019-03-20] (Microsoft Windows Early Launch Anti-malware Publisher -> Bitdefender)
R3 btmaux; C:\windows\system32\DRIVERS\btmaux.sys [140600 2014-03-26] (Motorola Solutions Inc. -> Motorola Solutions, Inc.)
S3 btmhsf; C:\windows\system32\DRIVERS\btmhsf.sys [1424184 2014-04-22] (Motorola Solutions Inc. -> Motorola Solutions, Inc.)
S3 DDDriver; C:\windows\system32\drivers\DDDriver64Dcsa.sys [23760 2015-02-26] (Techporch Incorporated -> Dell Computer Corporation)
S3 DellProf; C:\windows\system32\drivers\DellProf.sys [24240 2015-05-22] (Techporch Incorporated -> Dell Computer Corporation)
R3 DellRbtn; C:\windows\System32\drivers\DellRbtn.sys [10752 2013-01-24] (Microsoft Windows Hardware Compatibility Publisher -> OSR Open Systems Resources, Inc.)
R3 edrsensor; C:\windows\System32\DRIVERS\edrsensor.sys [309144 2019-10-30] (Bitdefender SRL -> BitDefender S.R.L. Bucharest, ROMANIA)
R1 Gemma; C:\windows\System32\DRIVERS\gemma.sys [564136 2019-11-18] (Bitdefender SRL -> BitDefender S.R.L. Bucharest, ROMANIA)
R0 gzflt; C:\windows\System32\drivers\gzflt.sys [188384 2018-11-28] (Bitdefender SRL -> BitDefender LLC)
R3 iaLPSS_GPIO; C:\windows\System32\drivers\iaLPSS_GPIO.sys [24568 2013-10-03] (Intel Corporation - Software and Firmware Products -> Intel Corporation)
R3 iaLPSS_I2C; C:\windows\System32\drivers\iaLPSS_I2C.sys [99320 2013-10-03] (Intel Corporation - Software and Firmware Products -> Intel Corporation)
S3 ibtusb; C:\windows\system32\DRIVERS\ibtusb.sys [199624 2014-06-06] (Intel Corporation-Mobile Wireless Group -> Intel Corporation)
R3 MEIx64; C:\windows\System32\drivers\TeeDriverx64.sys [100824 2013-12-18] (Intel Corporation - Intel® Management Engine Firmware -> Intel Corporation)
S3 Netaapl; C:\windows\system32\DRIVERS\netaapl64.sys [23040 2014-08-15] (Microsoft Windows Hardware Compatibility Publisher -> Apple Inc.)
R3 NETwNb64; C:\windows\system32\DRIVERS\Netwbw02.sys [3497240 2015-03-23] (Intel Corporation-Wireless Connectivity Solutions -> Intel Corporation)
S3 NETwNe64; C:\windows\system32\DRIVERS\NETwew02.sys [3667424 2013-10-14] (Intel Corporation-Mobile Wireless Group -> Intel Corporation)
R3 SynRMIHID; C:\windows\system32\DRIVERS\SynRMIHID.sys [41200 2014-01-16] (Synaptics Incorporated -> Synaptics Incorporated)
R3 tap0901; C:\windows\system32\DRIVERS\tap0901.sys [40664 2013-08-22] (OpenVPN Technologies, Inc. -> The OpenVPN Project)
R2 trufos; C:\windows\System32\drivers\trufos.sys [637112 2019-10-22] (Bitdefender SRL -> Bitdefender)
S3 USBAAPL64; C:\windows\System32\Drivers\usbaapl64.sys [54784 2015-11-05] (Microsoft Windows Hardware Compatibility Publisher -> Apple, Inc.)
S3 WdBoot; C:\windows\system32\drivers\WdBoot.sys [46600 2017-02-10] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\windows\system32\drivers\WdFilter.sys [274776 2017-01-12] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\windows\System32\Drivers\WdNisDrv.sys [117592 2017-01-12] (Microsoft Windows -> Microsoft Corporation)
S3 WinDivert1.1; C:\Program Files\KMSpico\WinDivert.sys [35376 2015-03-05] (Nemea Mjukvaruutveckling AB -> Basil Projects)
S3 andnetadb; \SystemRoot\System32\Drivers\lgandnetadb.sys [X]
S3 dbx; system32\DRIVERS\dbx.sys [X]
S1 noerefua; \??\C:\windows\system32\drivers\noerefua.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One month (created) ===================
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2019-12-15 14:04 - 2019-12-15 14:36 - 000058392 _____ C:\Users\TingTing\Downloads\FRST.txt
2019-12-15 14:01 - 2019-12-15 14:31 - 000000000 ____D C:\FRST
2019-12-15 14:00 - 2019-12-15 14:00 - 002264064 _____ (Farbar) C:\Users\TingTing\Downloads\FRST64.exe
2019-12-15 13:01 - 2019-12-15 13:01 - 000075180 _____ C:\ProgramData\agent.update.1576432854.bdinstall.v2.bin
2019-12-15 01:37 - 2019-12-15 01:37 - 000000000 ____D C:\ProgramData\dbg
2019-12-15 01:32 - 2019-12-15 01:32 - 000001137 _____ C:\Users\TingTing\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bitdefender Antivirus Free.lnk
2019-12-15 01:32 - 2019-03-20 23:12 - 000022960 _____ (Bitdefender) C:\windows\system32\Drivers\bdelam.sys
2019-12-15 01:30 - 2019-12-15 01:30 - 000001152 _____ C:\Users\Public\Desktop\Bitdefender Antivirus Free.lnk
2019-12-15 01:30 - 2019-12-15 01:30 - 000001152 _____ C:\ProgramData\Desktop\Bitdefender Antivirus Free.lnk
2019-12-15 01:30 - 2019-12-15 01:30 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bitdefender Antivirus Free
2019-12-15 01:30 - 2019-12-15 01:30 - 000000000 ____D C:\ProgramData\Bitdefender
2019-12-15 01:30 - 2019-10-30 08:45 - 000309144 _____ (BitDefender S.R.L. Bucharest, ROMANIA) C:\windows\system32\Drivers\edrsensor.sys
2019-12-15 01:30 - 2019-10-22 12:38 - 000637112 _____ (Bitdefender) C:\windows\system32\Drivers\trufos.sys
2019-12-15 01:30 - 2018-11-28 05:45 - 000188384 _____ (BitDefender LLC) C:\windows\system32\Drivers\gzflt.sys
2019-12-15 01:29 - 2019-11-18 19:08 - 000564136 _____ (BitDefender S.R.L. Bucharest, ROMANIA) C:\windows\system32\Drivers\gemma.sys
2019-12-15 01:29 - 2019-11-13 17:32 - 000739024 _____ (Bitdefender) C:\windows\system32\Drivers\bddci.sys
2019-12-15 01:29 - 2019-09-23 09:43 - 001693368 _____ (Bitdefender S.R.L. Bucharest, ROMANIA) C:\windows\system32\Drivers\atc.sys
2019-12-15 01:15 - 2019-12-15 14:41 - 000000000 ____D C:\Program Files\Bitdefender Antivirus Free
2019-12-15 01:15 - 2019-12-15 13:03 - 000003648 _____ C:\windows\system32\Tasks\Bitdefender Agent WatchDog_65D6944A0EF74FDAB96E31112AD39864
2019-12-15 01:13 - 2019-12-15 13:01 - 000000000 ____D C:\Program Files\Bitdefender Agent
2019-12-15 01:13 - 2019-12-15 01:13 - 010527368 _____ C:\Users\TingTing\Downloads\bitdefender_online.exe
2019-12-15 01:13 - 2019-12-15 01:13 - 000103340 _____ C:\ProgramData\agent.1576390404.bdinstall.v2.bin
2019-12-15 01:13 - 2019-12-15 01:13 - 000000000 ____D C:\ProgramData\Bitdefender Agent
2019-12-15 00:28 - 2019-12-15 00:28 - 000000000 ____D C:\Users\TingTing\Downloads\mbam-chameleon-3.1.33.0
2019-12-15 00:26 - 2019-12-15 00:26 - 006705178 _____ C:\Users\TingTing\Downloads\mbam-chameleon-3.1.33.0.zip
2019-12-15 00:24 - 2019-12-15 00:25 - 161071328 _____ (Malwarebytes) C:\Users\TingTing\Downloads\MBSetup-100523.100523 (1).exe
2019-12-14 23:37 - 2019-12-14 23:38 - 161071328 _____ (Malwarebytes) C:\Users\TingTing\Downloads\MBSetup-100523.100523.exe
2019-12-14 19:35 - 2019-12-14 19:35 - 000000000 ____D C:\Users\TingTing\AppData\Local\cache
2019-12-14 19:31 - 2019-12-14 19:31 - 000000000 ____D C:\Program Files\Malwarebytes
2019-12-11 22:23 - 2019-12-11 22:23 - 000000000 ____D C:\Users\TingTing\AppData\Local\mbamtray
2019-12-11 22:23 - 2019-12-11 22:23 - 000000000 ____D C:\Users\TingTing\AppData\Local\mbam
2019-12-11 22:21 - 2019-12-11 22:21 - 000000000 ____D C:\ProgramData\MB2Migration
2019-12-11 21:46 - 2019-12-11 21:46 - 000000000 ____D C:\ProgramData\UniqueId
2019-12-11 21:43 - 2019-12-11 21:43 - 000000000 ____D C:\windows\SysWOW64\htqs
2019-12-11 21:42 - 2019-12-11 21:42 - 000000300 _____ C:\Users\TingTing\d4ac4633ebd6440fa397b84f1bc94a3c.7z
2019-12-11 21:33 - 2019-12-11 21:33 - 000000000 ____D C:\ProgramData\ByteFence
2019-12-11 21:28 - 2019-12-11 21:28 - 000000000 ____D C:\Users\TingTing\Nox_share
2019-12-11 21:27 - 2019-12-11 21:28 - 000000000 ____D C:\Users\TingTing\vmlogs
2019-12-11 21:26 - 2019-12-11 23:23 - 000000000 ____D C:\Users\TingTing\AppData\Local\chromium
2019-12-11 21:26 - 2019-12-11 21:44 - 000000000 ____D C:\Program Files (x86)\Chromium
2019-12-11 21:25 - 2019-12-11 21:43 - 000000000 ____D C:\Program Files (x86)\Nox
2019-12-11 21:22 - 2019-12-14 23:55 - 000000000 ____D C:\Users\TingTing\AppData\Local\Nox
2019-12-11 21:09 - 2019-12-11 21:09 - 010315858 _____ C:\Users\TingTing\Downloads\jingkankna1.9.8_2265.com (1).apk
2019-12-11 21:08 - 2019-12-11 21:08 - 010315858 _____ C:\Users\TingTing\Downloads\jingkankna1.9.8_2265.com.apk
2019-12-11 20:05 - 2019-12-11 21:33 - 000000000 ____D C:\Users\TingTing\AppData\Local\BlueStacks
2019-12-11 20:05 - 2019-12-11 20:07 - 000000000 ____D C:\Users\Public\BlueStacks
2019-12-06 19:57 - 2019-12-06 19:57 - 000920635 _____ C:\Users\TingTing\Downloads\View PDF Statement_2019-03-17 (2).pdf
2019-12-06 19:56 - 2019-12-06 19:56 - 000920634 _____ C:\Users\TingTing\Downloads\View PDF Statement_2019-03-17 (1).pdf
2019-12-06 19:56 - 2019-12-06 19:56 - 000920532 _____ C:\Users\TingTing\Downloads\View PDF Statement_2019-02-17 (1).pdf
2019-12-06 19:53 - 2019-12-06 19:53 - 000915618 _____ C:\Users\TingTing\Downloads\View PDF Statement_2019-10-05.pdf
2019-12-06 19:50 - 2019-12-06 19:50 - 000915393 _____ C:\Users\TingTing\Downloads\View PDF Statement_2019-09-05.pdf
2019-12-06 19:47 - 2019-12-06 19:47 - 000914738 _____ C:\Users\TingTing\Downloads\View PDF Statement_2019-05-05 (1).pdf
2019-12-06 19:34 - 2019-12-06 19:34 - 000914979 _____ C:\Users\TingTing\Downloads\View PDF Statement_2019-08-05.pdf
2019-12-06 19:33 - 2019-12-06 19:33 - 000914892 _____ C:\Users\TingTing\Downloads\View PDF Statement_2019-07-05.pdf
2019-12-06 19:16 - 2019-12-06 19:16 - 000914650 _____ C:\Users\TingTing\Downloads\View PDF Statement_2018-12-05 (1).pdf
2019-12-06 19:14 - 2019-12-06 19:14 - 000914759 _____ C:\Users\TingTing\Downloads\View PDF Statement_2019-03-05 (1).pdf
2019-12-06 19:13 - 2019-12-06 19:13 - 000920071 _____ C:\Users\TingTing\Downloads\View PDF Statement_2019-02-05.pdf
2019-12-06 19:13 - 2019-12-06 19:13 - 000914862 _____ C:\Users\TingTing\Downloads\View PDF Statement_2019-01-05.pdf
2019-12-06 19:09 - 2019-12-06 19:09 - 000914850 _____ C:\Users\TingTing\Downloads\View PDF Statement_2019-12-05.pdf
2019-12-06 19:02 - 2019-12-06 19:02 - 000914805 _____ C:\Users\TingTing\Downloads\View PDF Statement_2019-04-05.pdf
2019-12-06 19:02 - 2019-12-06 19:02 - 000914805 _____ C:\Users\TingTing\Downloads\View PDF Statement_2019-04-05 (1).pdf
2019-12-06 19:02 - 2019-12-06 19:02 - 000914765 _____ C:\Users\TingTing\Downloads\View PDF Statement_2019-03-05.pdf
2019-12-06 19:00 - 2019-12-06 19:00 - 000915508 _____ C:\Users\TingTing\Downloads\View PDF Statement_2019-06-05.pdf
2019-12-06 18:59 - 2019-12-06 18:59 - 000914737 _____ C:\Users\TingTing\Downloads\View PDF Statement_2019-05-05.pdf
2019-12-06 16:46 - 2019-12-06 16:46 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2019-12-04 20:23 - 2019-12-04 20:23 - 000051024 _____ (Dropbox, Inc.) C:\windows\system32\DbxSvc.exe
2019-12-04 20:23 - 2019-12-04 20:23 - 000047600 _____ (Dropbox, Inc.) C:\windows\system32\Drivers\dbx-stable.sys
2019-12-04 20:23 - 2019-12-04 20:23 - 000047600 _____ (Dropbox, Inc.) C:\windows\system32\Drivers\dbx-dev.sys
2019-12-04 20:23 - 2019-12-04 20:23 - 000047600 _____ (Dropbox, Inc.) C:\windows\system32\Drivers\dbx-canary.sys
2019-12-03 01:55 - 2019-12-03 01:55 - 000038833 _____ C:\Users\TingTing\Downloads\120213132301308310 (1).pdf
2019-12-03 01:54 - 2019-12-03 01:54 - 000285878 _____ C:\Users\TingTing\Downloads\120213132301308309.pdf
2019-12-03 01:52 - 2019-12-03 01:52 - 000174772 _____ C:\Users\TingTing\Downloads\120213132301308311 (1).pdf
2019-12-03 01:29 - 2019-12-03 01:29 - 000038833 _____ C:\Users\TingTing\Downloads\120213132301308310.pdf
2019-12-02 23:47 - 2019-12-02 23:47 - 000174772 _____ C:\Users\TingTing\Downloads\120213132301308311.pdf
2019-11-28 01:37 - 2019-11-28 01:37 - 000920367 _____ C:\Users\TingTing\Downloads\View PDF Statement_2019-11-17.pdf
2019-11-21 20:06 - 2019-11-21 20:06 - 006127856 _____ C:\Users\TingTing\Downloads\IMG_2814 (1).mov
2019-11-17 22:09 - 2019-11-17 22:09 - 006127856 _____ C:\Users\TingTing\Downloads\IMG_2814.mov
2019-11-15 18:20 - 2019-11-15 18:20 - 000915661 _____ C:\Users\TingTing\Downloads\View PDF Statement_2019-11-05.pdf
2019-11-15 16:24 - 2019-10-27 22:20 - 000121040 _____ (Microsoft Corporation) C:\windows\system32\userenv.dll
2019-11-15 16:24 - 2019-10-27 21:40 - 000098296 _____ (Microsoft Corporation) C:\windows\SysWOW64\userenv.dll
2019-11-15 16:24 - 2019-10-25 02:54 - 001208320 ____C (Microsoft Corporation) C:\windows\system32\Drivers\bthport.sys
2019-11-15 16:24 - 2019-10-23 23:07 - 025753088 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2019-11-15 16:24 - 2019-10-23 22:43 - 002910720 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2019-11-15 16:24 - 2019-10-23 22:41 - 000580096 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2019-11-15 16:24 - 2019-10-23 22:30 - 000797184 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2019-11-15 16:24 - 2019-10-23 22:29 - 005500928 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2019-11-15 16:24 - 2019-10-23 22:23 - 020290048 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2019-11-15 16:24 - 2019-10-23 22:08 - 000496640 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2019-11-15 16:24 - 2019-10-23 22:04 - 002304000 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2019-11-15 16:24 - 2019-10-23 22:01 - 001033216 _____ (Microsoft Corporation) C:\windows\system32\inetcomm.dll
2019-11-15 16:24 - 2019-10-23 21:58 - 000662528 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll
2019-11-15 16:24 - 2019-10-23 21:55 - 000262144 _____ (Microsoft Corporation) C:\windows\system32\webcheck.dll
2019-11-15 16:24 - 2019-10-23 21:53 - 000809472 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2019-11-15 16:24 - 2019-10-23 21:53 - 000728064 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2019-11-15 16:24 - 2019-10-23 21:53 - 000381952 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2019-11-15 16:24 - 2019-10-23 21:51 - 002132992 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2019-11-15 16:24 - 2019-10-23 21:47 - 015445504 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2019-11-15 16:24 - 2019-10-23 21:39 - 004859392 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2019-11-15 16:24 - 2019-10-23 21:37 - 000880640 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcomm.dll
2019-11-15 16:24 - 2019-10-23 21:35 - 004112384 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2019-11-15 16:24 - 2019-10-23 21:33 - 000230400 _____ (Microsoft Corporation) C:\windows\SysWOW64\webcheck.dll
2019-11-15 16:24 - 2019-10-23 21:32 - 002058752 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2019-11-15 16:24 - 2019-10-23 21:32 - 000696320 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2019-11-15 16:24 - 2019-10-23 21:32 - 000333312 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
2019-11-15 16:24 - 2019-10-23 21:28 - 001566720 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2019-11-15 16:24 - 2019-10-23 21:27 - 013838336 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2019-11-15 16:24 - 2019-10-23 21:17 - 000800768 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2019-11-15 16:24 - 2019-10-23 21:13 - 004387840 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2019-11-15 16:24 - 2019-10-23 21:10 - 001331712 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2019-11-15 16:24 - 2019-10-23 21:09 - 000710144 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2019-11-15 16:24 - 2019-10-21 23:29 - 001541352 _____ (Microsoft Corporation) C:\windows\system32\user32.dll
2019-11-15 16:24 - 2019-10-21 19:42 - 001376768 _____ (Microsoft Corporation) C:\windows\SysWOW64\user32.dll
2019-11-15 16:24 - 2019-10-16 21:43 - 001368800 _____ (Microsoft Corporation) C:\windows\system32\gdi32.dll
2019-11-15 16:24 - 2019-10-16 19:53 - 001085440 _____ (Microsoft Corporation) C:\windows\SysWOW64\gdi32.dll
2019-11-15 16:24 - 2019-10-15 04:03 - 001311768 _____ (Microsoft Corporation) C:\windows\system32\kernel32.dll
2019-11-15 16:24 - 2019-10-15 01:15 - 007363536 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe
2019-11-15 16:24 - 2019-10-15 00:55 - 001308256 _____ (Microsoft Corporation) C:\windows\system32\rpcrt4.dll
2019-11-15 16:24 - 2019-10-15 00:54 - 000355576 _____ (Microsoft Corporation) C:\windows\system32\Drivers\msrpc.sys
2019-11-15 16:24 - 2019-10-14 22:48 - 004169216 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2019-11-15 16:24 - 2019-10-14 22:24 - 000129024 _____ (Microsoft Corporation) C:\windows\splwow64.exe
2019-11-15 16:24 - 2019-10-14 22:08 - 001040384 _____ (Microsoft Corporation) C:\windows\SysWOW64\kernel32.dll
2019-11-15 16:24 - 2019-10-14 21:56 - 001994240 _____ (Microsoft Corporation) C:\windows\system32\DWrite.dll
2019-11-15 16:24 - 2019-10-14 21:47 - 001384960 _____ (Microsoft Corporation) C:\windows\system32\FntCache.dll
2019-11-15 16:24 - 2019-10-14 21:28 - 001560064 _____ (Microsoft Corporation) C:\windows\SysWOW64\DWrite.dll
2019-11-15 16:24 - 2019-10-14 21:27 - 000747520 _____ (Microsoft Corporation) C:\windows\SysWOW64\rpcrt4.dll
2019-11-15 16:24 - 2019-10-14 21:17 - 000827392 _____ (Microsoft Corporation) C:\windows\system32\spoolsv.exe
2019-11-15 16:24 - 2019-10-11 11:29 - 000024576 _____ (Microsoft Corporation) C:\windows\system32\upnpcont.exe
2019-11-15 16:24 - 2019-10-11 11:17 - 000067584 _____ (Microsoft Corporation) C:\windows\system32\udhisapi.dll
2019-11-15 16:24 - 2019-10-11 10:45 - 000022528 _____ (Microsoft Corporation) C:\windows\SysWOW64\upnpcont.exe
2019-11-15 16:24 - 2019-10-11 10:37 - 000058880 _____ (Microsoft Corporation) C:\windows\SysWOW64\udhisapi.dll
2019-11-15 16:24 - 2019-10-11 10:17 - 000458752 _____ (Microsoft Corporation) C:\windows\system32\upnphost.dll
2019-11-15 16:24 - 2019-10-11 09:59 - 000332288 _____ (Microsoft Corporation) C:\windows\SysWOW64\upnphost.dll
2019-11-15 16:24 - 2019-10-10 23:53 - 000430840 _____ (Microsoft Corporation) C:\windows\system32\msv1_0.dll
2019-11-15 16:24 - 2019-10-10 22:56 - 000320248 _____ (Microsoft Corporation) C:\windows\SysWOW64\msv1_0.dll
2019-11-15 16:24 - 2019-10-10 21:36 - 000445440 _____ (Microsoft Corporation) C:\windows\system32\certcli.dll
2019-11-15 16:24 - 2019-10-10 21:08 - 000324096 _____ (Microsoft Corporation) C:\windows\SysWOW64\certcli.dll
2019-11-15 16:24 - 2019-10-10 21:02 - 000840704 _____ (Microsoft Corporation) C:\windows\system32\netlogon.dll
2019-11-15 16:24 - 2019-10-10 20:44 - 000697344 _____ (Microsoft Corporation) C:\windows\SysWOW64\netlogon.dll
2019-11-15 16:24 - 2019-10-10 20:28 - 000605184 _____ (Microsoft Corporation) C:\windows\system32\cryptui.dll
2019-11-15 16:24 - 2019-10-10 20:23 - 000565760 _____ (Microsoft Corporation) C:\windows\SysWOW64\cryptui.dll
2019-11-15 16:24 - 2019-10-10 17:35 - 000374000 _____ (Adobe Systems Incorporated) C:\windows\system32\atmfd.dll
2019-11-15 16:24 - 2019-10-10 17:32 - 000316144 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\atmfd.dll
2019-11-15 16:24 - 2019-10-10 11:20 - 000044032 _____ (Adobe Systems) C:\windows\system32\atmlib.dll
2019-11-15 16:24 - 2019-10-10 10:50 - 000035840 _____ (Adobe Systems) C:\windows\SysWOW64\atmlib.dll
2019-11-15 16:24 - 2019-10-09 14:38 - 000470256 _____ (Microsoft Corporation) C:\windows\system32\Drivers\netio.sys
2019-11-15 16:24 - 2019-10-09 08:35 - 000111616 _____ (Microsoft Corporation) C:\windows\system32\AxInstSv.dll
2019-11-15 16:24 - 2019-10-04 08:35 - 000929280 _____ (Microsoft Corporation) C:\windows\system32\iphlpsvc.dll
2019-11-15 16:24 - 2019-10-04 08:18 - 001312256 _____ (Microsoft Corporation) C:\windows\SysWOW64\msjet40.dll
2019-11-15 16:24 - 2019-09-27 12:53 - 003325440 _____ (Microsoft Corporation) C:\windows\system32\msi.dll
2019-11-15 16:24 - 2019-09-27 11:52 - 002779648 _____ (Microsoft Corporation) C:\windows\system32\authui.dll
2019-11-15 16:24 - 2019-09-27 11:50 - 003619328 _____ (Microsoft Corporation) C:\windows\SysWOW64\msi.dll
2019-11-15 16:24 - 2019-09-27 11:07 - 002464256 _____ (Microsoft Corporation) C:\windows\SysWOW64\authui.dll
2019-11-15 16:24 - 2019-09-25 07:34 - 000162392 _____ (Microsoft Corporation) C:\windows\system32\CompatTelRunner.exe
2019-11-15 16:24 - 2019-09-24 23:18 - 002863104 _____ (Microsoft Corporation) C:\windows\system32\aitstatic.exe
2019-11-15 16:24 - 2019-09-24 23:18 - 001717760 _____ (Microsoft Corporation) C:\windows\system32\appraiser.dll
2019-11-15 16:24 - 2019-09-24 23:18 - 000802816 _____ (Microsoft Corporation) C:\windows\system32\generaltel.dll
2019-11-15 16:24 - 2019-09-24 23:18 - 000738816 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
2019-11-15 16:24 - 2019-09-24 23:18 - 000634368 _____ (Microsoft Corporation) C:\windows\system32\devinv.dll
2019-11-15 16:24 - 2019-09-24 23:18 - 000503808 _____ (Microsoft Corporation) C:\windows\system32\centel.dll
2019-11-15 16:24 - 2019-09-24 23:18 - 000456704 _____ (Microsoft Corporation) C:\windows\system32\invagent.dll
2019-11-15 16:24 - 2019-09-24 23:18 - 000315904 _____ (Microsoft Corporation) C:\windows\system32\acmigration.dll
2019-11-15 16:24 - 2019-09-24 23:18 - 000257024 _____ (Microsoft Corporation) C:\windows\system32\aepic.dll
2019-11-15 16:24 - 2019-09-19 01:21 - 000098304 _____ (Microsoft Corporation) C:\windows\system32\setupcl.exe
2019-11-15 16:24 - 2019-09-19 01:11 - 000229888 _____ (Microsoft Corporation) C:\windows\system32\ActionQueue.dll
2019-11-15 16:24 - 2019-09-19 01:10 - 000020992 _____ (Microsoft Corporation) C:\windows\system32\spopk.dll
2019-11-15 16:24 - 2019-09-19 01:00 - 000169472 _____ (Microsoft Corporation) C:\windows\system32\uxlib.dll
2019-11-15 16:24 - 2019-09-19 00:59 - 000246784 _____ (Microsoft Corporation) C:\windows\system32\unattend.dll
2019-11-15 16:24 - 2019-09-19 00:48 - 000475648 _____ (Microsoft Corporation) C:\windows\system32\spwizeng.dll
2019-11-15 16:24 - 2019-09-19 00:26 - 000848896 _____ (Microsoft Corporation) C:\windows\system32\samsrv.dll
2019-11-15 16:24 - 2019-09-19 00:20 - 000333312 _____ (Microsoft Corporation) C:\windows\system32\winsku.dll
2019-11-15 16:24 - 2019-09-19 00:16 - 000712192 _____ (Microsoft Corporation) C:\windows\system32\DismApi.dll
2019-11-15 16:24 - 2019-09-18 22:26 - 000469504 _____ (Microsoft Corporation) C:\windows\SysWOW64\DismApi.dll
2019-11-15 16:24 - 2019-09-18 22:26 - 000279040 _____ (Microsoft Corporation) C:\windows\SysWOW64\winsku.dll
2019-11-15 16:24 - 2019-09-12 17:46 - 000017920 _____ (Microsoft Corporation) C:\windows\SysWOW64\spopk.dll
2019-11-15 16:24 - 2019-09-12 17:36 - 000126464 _____ (Microsoft Corporation) C:\windows\SysWOW64\uxlib.dll
2019-11-15 16:24 - 2019-09-12 17:25 - 000380928 _____ (Microsoft Corporation) C:\windows\SysWOW64\spwizeng.dll
2019-11-15 16:24 - 2019-09-10 16:34 - 000354544 _____ (Microsoft Corporation) C:\windows\system32\Drivers\fltMgr.sys
2019-11-15 16:24 - 2019-09-07 10:18 - 015441408 _____ (Microsoft Corporation) C:\windows\system32\wmp.dll
2019-11-15 16:24 - 2019-09-07 10:09 - 013321728 _____ (Microsoft Corporation) C:\windows\SysWOW64\wmp.dll
2019-11-15 16:24 - 2019-09-06 08:17 - 000249856 _____ (Gracenote, Inc.) C:\windows\SysWOW64\gnsdk_fp.dll
 
==================== One month (modified) ==================
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2019-12-15 14:43 - 2016-04-06 17:56 - 000000944 _____ C:\windows\Tasks\DropboxUpdateTaskMachineUA.job
2019-12-15 14:31 - 2013-08-22 10:20 - 000000000 ____D C:\windows\CbsTemp
2019-12-15 14:00 - 2013-08-22 08:25 - 000262144 ___SH C:\windows\system32\config\ELAM
2019-12-15 13:55 - 2016-05-25 17:44 - 000000510 _____ C:\windows\Tasks\AliUpdater{6D476752-FA67-4F7A-AE78-088CF5BD18C8}.job
2019-12-15 13:22 - 2015-05-01 20:37 - 000000000 ____D C:\Users\TingTing\AppData\Local\AutoSoftware
2019-12-15 13:05 - 2014-12-09 11:39 - 000003594 _____ C:\windows\system32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-688974935-4124263328-645016171-1001
2019-12-15 13:02 - 2014-12-14 03:03 - 000000000 ___DO C:\Users\TingTing\OneDrive
2019-12-15 13:02 - 2014-12-03 13:28 - 000000000 ____D C:\Program Files (x86)\Dell Backup and Recovery
2019-12-15 13:00 - 2016-04-06 17:56 - 000000940 _____ C:\windows\Tasks\DropboxUpdateTaskMachineCore.job
2019-12-15 13:00 - 2014-12-03 13:29 - 000000000 ____D C:\Temp
2019-12-15 12:59 - 2014-12-09 11:32 - 000000000 ____D C:\Users\TingTing
2019-12-15 12:56 - 2013-08-22 09:45 - 000000006 ____H C:\windows\Tasks\SA.DAT
2019-12-15 12:54 - 2014-12-09 11:36 - 000003966 _____ C:\windows\system32\Tasks\User_Feed_Synchronization-{9A7551FE-9855-4686-A2BC-4B9D5579A332}
2019-12-15 12:52 - 2015-03-03 01:36 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2019-12-15 01:32 - 2013-08-22 10:36 - 000000000 ___HD C:\windows\ELAMBKUP
2019-12-15 01:17 - 2013-08-22 08:36 - 000000000 ____D C:\windows\Inf
2019-12-15 01:10 - 2018-06-19 18:58 - 000000000 ____D C:\Users\TingTing\AppData\Local\AVAST Software
2019-12-15 01:02 - 2013-08-22 09:44 - 005151896 _____ C:\windows\system32\FNTCACHE.DAT
2019-12-15 00:59 - 2015-05-01 22:32 - 000140672 _____ (Malwarebytes) C:\windows\system32\Drivers\mbamchameleon.sys
2019-12-15 00:54 - 2013-08-22 08:25 - 000262144 ___SH C:\windows\system32\config\BBI
2019-12-15 00:21 - 2015-02-09 09:54 - 000002318 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2019-12-15 00:21 - 2015-02-09 09:54 - 000002277 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2019-12-15 00:21 - 2015-02-09 09:54 - 000002277 _____ C:\ProgramData\Desktop\Google Chrome.lnk
2019-12-14 23:57 - 2014-12-03 12:54 - 000866884 _____ C:\windows\system32\PerfStringBackup.INI
2019-12-14 23:55 - 2015-05-01 22:32 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2019-12-14 23:55 - 2015-05-01 22:32 - 000000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2019-12-14 23:55 - 2014-12-16 01:54 - 000000000 ___SD C:\windows\system32\CompatTel
2019-12-14 23:55 - 2014-12-03 13:14 - 000000000 ___HD C:\windows\system32\WLANProfiles
2019-12-14 23:55 - 2013-08-22 10:36 - 000000000 __RSD C:\windows\Media
2019-12-14 23:55 - 2013-08-22 10:36 - 000000000 ____D C:\windows\rescache
2019-12-14 23:55 - 2013-08-22 10:36 - 000000000 ____D C:\windows\PolicyDefinitions
2019-12-14 23:53 - 2013-08-22 10:36 - 000000000 ___HD C:\Program Files\WindowsApps
2019-12-14 23:51 - 2013-08-22 10:36 - 000000000 ____D C:\windows\registration
2019-12-14 23:50 - 2013-08-22 08:36 - 000000000 ____D C:\windows\system32\Sysprep
2019-12-14 23:48 - 2015-05-01 22:32 - 000000000 ____D C:\ProgramData\Malwarebytes
2019-12-14 23:47 - 2015-03-03 01:32 - 000000000 ____D C:\Program Files\Microsoft Office
2019-12-14 23:44 - 2015-03-03 01:32 - 000000000 __RHD C:\MSOCache
2019-12-14 23:17 - 2019-09-20 13:07 - 000000000 ____D C:\Users\TingTing\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ClockworkMod
2019-12-14 23:17 - 2019-09-20 13:06 - 000000000 ____D C:\Users\TingTing\AppData\Local\Vysor
2019-12-14 23:16 - 2015-05-21 06:45 - 000002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2019-12-14 23:15 - 2019-09-20 06:24 - 000000000 ____D C:\Program Files (x86)\LG Electronics
2019-12-14 23:13 - 2014-12-09 11:41 - 000000000 ____D C:\ProgramData\AVAST Software
2019-12-14 23:10 - 2015-02-09 09:52 - 000003334 _____ C:\windows\system32\Tasks\GoogleUpdateTaskMachineUA
2019-12-14 23:10 - 2015-02-09 09:52 - 000003206 _____ C:\windows\system32\Tasks\GoogleUpdateTaskMachineCore
2019-12-14 23:05 - 2018-03-13 06:05 - 000004482 _____ C:\windows\system32\Tasks\Adobe Flash Player NPAPI Notifier
2019-12-14 23:05 - 2014-12-14 03:50 - 000004288 _____ C:\windows\system32\Tasks\Adobe Flash Player Updater
2019-12-14 23:05 - 2013-08-22 10:36 - 000000000 ____D C:\windows\SysWOW64\Macromed
2019-12-14 23:05 - 2013-08-22 10:36 - 000000000 ____D C:\windows\system32\Macromed
2019-12-12 01:15 - 2016-11-16 14:34 - 000000000 ____D C:\Users\TingTing\Saved Documents
2019-12-10 21:14 - 2019-10-01 15:55 - 000000000 ___HD C:\Users\Public\Documents\AdobeGCData
2019-12-10 21:14 - 2019-10-01 15:55 - 000000000 ___HD C:\ProgramData\Documents\AdobeGCData
2019-12-08 23:25 - 2019-10-01 15:55 - 000003446 _____ C:\windows\system32\Tasks\AdobeGCInvoker-1.0
2019-12-08 23:25 - 2018-02-20 18:59 - 000003492 _____ C:\windows\system32\Tasks\Motorola Device Manager Update
2019-12-08 23:25 - 2018-02-20 18:59 - 000003300 _____ C:\windows\system32\Tasks\Motorola Device Manager Initial Update
2019-12-08 23:25 - 2017-09-25 02:47 - 000003314 _____ C:\windows\system32\Tasks\{F11E54FD-9E0C-40D2-B2BC-C39546927883}
2019-12-08 23:25 - 2016-05-25 17:44 - 000003578 _____ C:\windows\system32\Tasks\AliUpdater{6D476752-FA67-4F7A-AE78-088CF5BD18C8}
2019-12-08 23:25 - 2016-04-06 17:56 - 000003916 _____ C:\windows\system32\Tasks\DropboxUpdateTaskMachineUA
2019-12-08 23:25 - 2016-04-06 17:56 - 000003680 _____ C:\windows\system32\Tasks\DropboxUpdateTaskMachineCore
2019-12-08 23:25 - 2015-05-21 06:46 - 000004476 _____ C:\windows\system32\Tasks\Adobe Acrobat Update Task
2019-12-08 23:25 - 2015-04-23 16:32 - 000002990 _____ C:\windows\system32\Tasks\Synaptics TouchPad Enhancements
2019-12-08 23:25 - 2014-12-03 13:22 - 000003160 _____ C:\windows\system32\Tasks\CLVDLauncher
2019-12-08 23:25 - 2014-12-03 13:22 - 000003160 _____ C:\windows\system32\Tasks\CLMLSvc_P2G8
2019-12-08 23:25 - 2014-12-03 12:53 - 000003592 _____ C:\windows\system32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-688974935-4124263328-645016171-500
2019-12-06 16:46 - 2016-04-06 17:56 - 000000000 ____D C:\Program Files (x86)\Dropbox
2019-12-06 03:26 - 2014-12-09 11:33 - 000000000 ____D C:\Users\TingTing\AppData\Local\Packages
2019-11-18 23:25 - 2014-12-16 01:54 - 000000000 ____D C:\windows\system32\appraiser
2019-11-18 23:25 - 2013-08-22 08:36 - 000000000 ____D C:\windows\SysWOW64\Dism
2019-11-18 23:25 - 2013-08-22 08:36 - 000000000 ____D C:\windows\system32\oobe
2019-11-18 23:25 - 2013-08-22 08:36 - 000000000 ____D C:\windows\system32\Dism
2019-11-17 01:06 - 2014-12-12 14:02 - 000000000 ____D C:\windows\system32\MRT
2019-11-17 00:58 - 2014-12-12 14:02 - 128443096 ____C (Microsoft Corporation) C:\windows\system32\MRT.exe
 
==================== Files in the root of some directories ========
 
2018-10-03 14:04 - 2018-10-03 14:04 - 000000000 _____ () C:\Users\TingTing\AppData\Local\oobelibMkey.log
 
==================== SigCheck ============================
 
(There is no automatic fix for files that do not pass verification.)
 
 
LastRegBack: 2019-12-06 04:33
==================== End of FRST.txt ========================
 
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 14-12-2019
Ran by TingTing (15-12-2019 14:50:56)
Running from C:\Users\TingTing\Downloads
Windows 8.1 (Update) (X64) (2014-12-09 16:33:09)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-688974935-4124263328-645016171-500 - Administrator - Disabled)
Guest (S-1-5-21-688974935-4124263328-645016171-501 - Limited - Disabled)
TingTing (S-1-5-21-688974935-4124263328-645016171-1001 - Administrator - Enabled) => C:\Users\TingTing
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Bitdefender Antivirus Free Antimalware (Enabled - Up to date) {EA21BCE8-A461-99C3-3A0D-4C964E75494E}
AS: Bitdefender Antivirus Free Antimalware (Enabled - Up to date) {51405D0C-825B-964D-00BD-77E435F203F3}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
µTorrent (HKU\S-1-5-21-688974935-4124263328-645016171-1001\...\uTorrent) (Version: 3.5.0.44090 - BitTorrent Inc.)
7-Zip 9.38 beta (HKLM-x32\...\7-Zip) (Version:  - )
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 19.021.20058 - Adobe Systems Incorporated)
Adobe Acrobat XI Pro (HKLM-x32\...\{AC76BA86-1033-FFFF-7760-000000000006}) (Version: 11.0.07 - Adobe Systems)
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 4.4.0.294 - Adobe Systems Incorporated)
Adobe Digital Editions 4.0 (HKLM-x32\...\Adobe Digital Editions 4.0) (Version: 4.0.3 - Adobe Systems Incorporated)
Adobe Flash Player 32 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 32.0.0.303 - Adobe)
Adobe Photoshop CC 2017 (HKLM-x32\...\PHSP_18_0) (Version: 18.0.0 - Adobe Systems Incorporated)
Adobe Premiere Pro CC 2017 (HKLM-x32\...\PPRO_11_0_2) (Version: 11.0.2 - Adobe Systems Incorporated)
Amazon Send to Kindle (HKLM-x32\...\SendToKindle) (Version: 1.1.0.243 - Amazon)
Apple Application Support (32-bit) (HKLM-x32\...\{5A659BE5-849B-484E-A83B-DCB78407F3A4}) (Version: 7.3 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{F8060941-C0AB-4BCE-88AC-F2FDA2E9F286}) (Version: 7.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{5FA8C4BE-8C74-4B9C-9B49-EBF759230189}) (Version: 12.1.0.25 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{A30EA700-5515-48F0-88B0-9E99DC356B88}) (Version: 2.6.0.1 - Apple Inc.)
ASIO4ALL (HKLM-x32\...\ASIO4ALL) (Version: 2.10 - Michael Tippach)
Bitdefender Agent (HKLM\...\Bitdefender Agent) (Version: 1.0.1 - Bitdefender)
Bitdefender Antivirus Free (HKLM\...\{1FCCF41D-5F00-4FE2-9653-162D0486C8B4}) (Version: 1.0.16.146 - Bitdefender)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Brother MFL-Pro Suite DCP-L2540DW series (HKLM-x32\...\{F8ECC2FD-CE2B-4ED4-BDCC-90D0D34206FD}) (Version: 1.0.2.0 - Brother Industries, Ltd.)
calibre (HKLM-x32\...\{8FAFEF8C-295D-4D71-95FC-91D9B7D75F3E}) (Version: 2.13.0 - Kovid Goyal)
cloudLibrary 2.3 (HKLM-x32\...\cloudLibrary) (Version: 2.3 - Bibliotheca)
CyberLink Media Suite Essentials (HKLM-x32\...\InstallShield_{8F14AA37-5193-4A14-BD5B-BDF9B361AEF7}) (Version: 10.0 - CyberLink Corp.)
Dell Backup and Recovery - Support Software (HKLM-x32\...\{A9668246-FB70-4103-A1E3-66C9BC2EFB49}) (Version: 1.6.1.2 - Dell Inc.)
Dell Backup and Recovery (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 1.6.1.2 - Dell Inc.)
Dell Data Vault (HKLM\...\{2E55EEFD-2162-4A7D-9158-EDB0305603A6}) (Version: 4.3.5.1 - Dell Inc.) Hidden
Dell Touchpad (HKLM\...\SynTPDeinstKey) (Version: 18.0.5.4 - Synaptics Incorporated)
Dropbox (HKLM-x32\...\Dropbox) (Version: 86.4.146 - Dropbox, Inc.)
Dropbox Update Helper (HKLM-x32\...\{099218A5-A723-43DC-8DB5-6173656A1E94}) (Version: 1.3.241.1 - Dropbox, Inc.) Hidden
Express Scribe Transcription Software (HKLM-x32\...\Scribe) (Version: 6.10 - NCH Software)
Extended Asian Language font pack for Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-2530-0000-AC0F074E4100}) (Version: 15.007.20033 - Adobe Systems Incorporated)
FL Studio 10 (HKLM-x32\...\FL Studio 10) (Version:  - Image-Line)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 79.0.3945.79 - Google LLC)
Google Drive (HKLM-x32\...\{A8DC81F2-D365-4248-892A-FA3B5951F731}) (Version: 2.34.9392.7803 - Google, Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.35.421 - Google LLC) Hidden
iCloud (HKLM\...\{05D97028-FD26-4A3D-BADC-D1CA2E9F1214}) (Version: 7.10.0.9 - Apple Inc.)
IL Download Manager (HKLM-x32\...\IL Download Manager) (Version:  - Image-Line)
Intel® Driver Update Utility 2.0 (HKLM-x32\...\{59DB38EB-F864-4E10-841D-38CFBCF864B0}) (Version: 2.0.0.29 - Intel) Hidden
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.22.1760 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3496 - Intel Corporation)
Intel® PROSet/Wireless Software for Bluetooth® Technology(patch version 17.0.1423.2) (HKLM\...\{302600C1-6BDF-4FD1-1405-148929CC1385}) (Version: 17.0.1405.0464 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 13.0.0.1098 - Intel Corporation)
Intel® Serial IO (HKLM\...\{9FD91C5C-44AE-4D9D-85BE-AE52816B0294}) (Version: 1.1.165.1 - Intel Corporation)
Intel® Driver Update Utility (HKLM-x32\...\{8409c4f7-2340-4933-a304-5d37db4fb48b}) (Version: 2.0.0.29 - Intel)
Intel® PROSet/Wireless Software (HKLM-x32\...\{6535d76a-59fb-4935-b2c5-cd61917c4a4b}) (Version: 17.16.0 - Intel Corporation)
iTunes (HKLM\...\{A9921EE9-86E5-402C-A934-4A8DBAD99E24}) (Version: 12.9.2.6 - Apple Inc.)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUSR) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x64) - 14.12.25810 (HKLM-x32\...\{e2ee15e2-a480-4bc5-bfb7-e9803d1d9823}) (Version: 14.12.25810.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x86) - 14.12.25810 (HKLM-x32\...\{56e11d69-7cc9-40a5-a4f9-8f6190c4d84d}) (Version: 14.12.25810.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Motorola Device Manager (HKLM-x32\...\{28DB8373-C1BB-444F-A427-A55585A12ED7}) (Version: 2.5.4 - Motorola Mobility)
Motorola Device Software Update (HKLM-x32\...\{894AB83D-A9AF-4E54-BFF3-A7262A0A6C13}) (Version: 13.09.3001 - Motorola Mobility) Hidden
Motorola Mobile Drivers Installation 6.4.0 (HKLM\...\{27986EDD-C9EC-4B52-B92F-06D073F0AA52}) (Version: 6.4.0 - Motorola Mobility LLC)
Mozilla Firefox 47.0.2 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 47.0.2 (x86 en-US)) (Version: 47.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 47.0.2.6148 - Mozilla)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
Origin (HKLM-x32\...\Origin) (Version: 10.4.2.12697 - Electronic Arts, Inc.)
Outils de vérification linguistique 2013 de Microsoft Office - Français (HKLM\...\{90150000-001F-040C-1000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Premiere Pro (HKLM\...\{3DF5A448-80E1-43C1-8428-984429451989}) (Version: 1.0.0000 - Adobe Systems Incorporated) Hidden
Quickset64 (HKLM\...\{87CF757E-C1F1-4D22-865C-00C6950B5258}) (Version: 10.16.007 - Dell Inc.)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9600.39054 - Realtek Semiconductor Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7152 - Realtek Semiconductor Corp.)
Samsung Printer Center (HKLM-x32\...\Samsung Printer Center) (Version: 1.0.0.21 - Samsung Electronics Co., Ltd.)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{91150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{D82063A8-7C8C-4C3B-A9BB-95138CA55D26}) (Version:  - Microsoft)
TAP-Windows 9.9.2 (HKLM\...\TAP-Windows) (Version: 9.9.2 - )
The Sims 4: City Living (HKLM\...\dGhlc2ltczRjaXR5bGl2aW5n_is1) (Version: 1 - )
The Sims™ 3 (HKLM-x32\...\{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}) (Version: 1.69.43.024017 - Electronic Arts Inc.)
The Sims™ 3 High-End Loft Stuff (HKLM-x32\...\{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}_The Sims 3 High-End Loft Stuff) (Version: 1.0.0.0 - Electronic Arts Inc.)
The Sims™ 3 Late Night (HKLM-x32\...\{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}_The Sims 3 Late Night) (Version: 1.0.0.0 - Electronic Arts Inc.)
The Sims™ 4 (HKLM-x32\...\{48EBEBBF-B9F8-4520-A3CF-89A730721917}) (Version: 1.25.136.1020 - Electronic Arts Inc.)
TouchFreeze (HKLM-x32\...\{9C9744E5-2BB7-4042-BD1C-8A339480A08C}) (Version: 1.1.0 - Ivan Zhakov)
Uninstall Samsung Printer Software (HKLM-x32\...\TotalUninstaller) (Version: 4.0.0.13 - Samsung Electronics CO., LTD.)
Update for Japanese Microsoft IME Postal Code Dictionary (HKLM-x32\...\{15015752-9990-4516-A2B1-93823281FB8E}) (Version: 15.0.1759 - Microsoft Corporation)
Update for Japanese Microsoft IME Standard Dictionary (HKLM-x32\...\{7DB71278-9AD7-4480-AB08-8649C5010B17}) (Version: 15.0.1215 - Microsoft Corporation)
Update for Japanese Microsoft IME Standard Extended Dictionary (HKLM-x32\...\{78CE66A9-85AF-4BD8-8FB7-35B5F3846C00}) (Version: 15.0.1215 - Microsoft Corporation)
Update for Skype for Business 2015 (KB4475564) 64-Bit Edition (HKLM\...\{90150000-00C1-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{CD0EE05F-11E6-46FA-BB7B-D2A28C47A4F3}) (Version:  - Microsoft)
Update for Skype for Business 2015 (KB4475564) 64-Bit Edition (HKLM\...\{90150000-012B-0409-1000-0000000FF1CE}_Office15.PROPLUSR_{CD0EE05F-11E6-46FA-BB7B-D2A28C47A4F3}) (Version:  - Microsoft)
Update for Skype for Business 2015 (KB4475564) 64-Bit Edition (HKLM\...\{91150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{CD0EE05F-11E6-46FA-BB7B-D2A28C47A4F3}) (Version:  - Microsoft)
Windows 7 USB/DVD Download Tool (HKLM-x32\...\{CCF298AF-9CE1-4B26-B251-486E98A34789}) (Version: 1.0.30 - Microsoft Corporation)
 
Packages:
=========
Games -> C:\Program Files\WindowsApps\Microsoft.XboxLIVEGames_2.0.139.0_x64__8wekyb3d8bbwe [2014-12-09] (Microsoft Corporation) [MS Ad]
MSN Food & Drink -> C:\Program Files\WindowsApps\Microsoft.BingFoodAndDrink_3.0.4.336_x64__8wekyb3d8bbwe [2015-07-14] (Microsoft Corporation) [MS Ad]
MSN Health & Fitness -> C:\Program Files\WindowsApps\Microsoft.BingHealthAndFitness_3.0.4.336_x64__8wekyb3d8bbwe [2015-07-14] (Microsoft Corporation) [MS Ad]
MSN Money -> C:\Program Files\WindowsApps\Microsoft.BingFinance_3.0.4.344_x64__8wekyb3d8bbwe [2016-04-27] (Microsoft Corporation) [MS Ad]
MSN News -> C:\Program Files\WindowsApps\Microsoft.BingNews_3.0.4.344_x64__8wekyb3d8bbwe [2016-04-27] (Microsoft Corporation) [MS Ad]
MSN Sports -> C:\Program Files\WindowsApps\Microsoft.BingSports_3.0.4.345_x64__8wekyb3d8bbwe [2016-04-29] (Microsoft Corporation) [MS Ad]
MSN Travel -> C:\Program Files\WindowsApps\Microsoft.BingTravel_3.0.4.336_x64__8wekyb3d8bbwe [2015-07-14] (Microsoft Corporation) [MS Ad]
MSN Weather -> C:\Program Files\WindowsApps\Microsoft.BingWeather_3.0.4.350_x64__8wekyb3d8bbwe [2016-11-23] (Microsoft Corporation) [MS Ad]
Music -> C:\Program Files\WindowsApps\Microsoft.ZuneMusic_2.6.672.0_x64__8wekyb3d8bbwe [2015-03-14] (Microsoft Corporation) [MS Ad]
Samsung Printer Experience -> C:\Program Files\WindowsApps\SAMSUNGELECTRONICSCO.LTD.SamsungPrinterExperience_1.3.15.0_x64__3c1yjt4zspk6g [2016-04-01] (Samsung Electronics Co. Ltd.)
Skype -> C:\Program Files\WindowsApps\Microsoft.SkypeApp_3.1.0.1016_x86__kzf8qxf38zg5c [2015-06-21] (Skype) [MS Ad]
Video -> C:\Program Files\WindowsApps\Microsoft.ZuneVideo_2.6.446.0_x64__8wekyb3d8bbwe [2015-11-06] (Microsoft Corporation) [MS Ad]
Windows Phone -> C:\Program Files\WindowsApps\Microsoft.WindowsPhone_1.42.1701.1_x64__8wekyb3d8bbwe [2016-09-21] (Microsoft Corporation)
阿里旺旺 -> C:\Program Files\WindowsApps\E1354D8C.Win8_1.0.0.122_x64__97d7ef5pp7jwp [2017-11-09] (淘宝(中国)软件有限公司)
 
==================== Custom CLSID (Whitelisted): ==============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-688974935-4124263328-645016171-1001_Classes\CLSID\{5D09DD40-CDC4-4C56-B615-0D1E3B357C2B}\InprocServer32 -> C:\Program Files (x86)\AliWangWang\8.60.00C\AliIMX_64.dll => No File
CustomCLSID: HKU\S-1-5-21-688974935-4124263328-645016171-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\windows\system32\igfxEM.exe (Intel Corporation - Software and Firmware Products -> Intel Corporation)
CustomCLSID: HKU\S-1-5-21-688974935-4124263328-645016171-1001_Classes\CLSID\{e8c77137-e224-5791-b6e9-ff0305797a13}\InprocServer32 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems Incorporated -> Adobe Systems)
ShellIconOverlayIdentifiers: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [  GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2018-04-23] (Google Inc -> Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2018-04-23] (Google Inc -> Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2018-04-23] (Google Inc -> Google)
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2017-09-26] (Adobe Systems Incorporated -> )
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2017-09-26] (Adobe Systems Incorporated -> )
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2017-09-26] (Adobe Systems Incorporated -> )
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ShellIconOverlayIdentifiers: [DBARFileBackuped] -> {831cebdd-6baf-4432-be76-9e0989c14aef} => C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBROverlayIcon.DLL [2013-08-19] (SoftThinks -> )
ShellIconOverlayIdentifiers: [DBARFileNotBackuped] -> {275e4fd7-21ef-45cf-a836-832e5d2cc1b3} => C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBROverlayNotBackuped.DLL [2013-08-19] (SoftThinks -> )
ShellIconOverlayIdentifiers-x32: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ContextMenuHandlers1-x32: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files (x86)\7-Zip\7-zip.dll [2015-01-03] (Igor Pavlov) [File not signed]
ContextMenuHandlers1: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2017-09-26] (Adobe Systems Incorporated -> )
ContextMenuHandlers1: [Adobe.Acrobat.ContextMenu] -> {A6595CD1-BF77-430A-A452-18696685F7C7} => C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat Elements\ContextMenuShim64.dll [2012-09-23] (Adobe Systems, Incorporated -> Adobe Systems Inc.)
ContextMenuHandlers1: [CLVDShellExt] -> {3E2A0A32-6E14-4BAD-AA87-BBB6A75EBFF2} => C:\Program Files (x86)\Common Files\CyberLink\ShellExtComponent\CLVDShellExt.dll [2013-08-06] (CyberLink Corp. -> Cyberlink)
ContextMenuHandlers1: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ContextMenuHandlers1: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files (x86)\Google\Drive\contextmenu64.dll [2018-04-23] (Google Inc -> Google)
ContextMenuHandlers1: [PhotoStreamsExt] -> {89D984B3-813B-406A-8298-118AFA3A22AE} => C:\Program Files\Common Files\Apple\Internet Services\ShellStreams64.dll [2019-01-15] (Apple Inc. -> Apple Inc.)
ContextMenuHandlers2: [CLVDShellExt] -> {3E2A0A32-6E14-4BAD-AA87-BBB6A75EBFF2} => C:\Program Files (x86)\Common Files\CyberLink\ShellExtComponent\CLVDShellExt.dll [2013-08-06] (CyberLink Corp. -> Cyberlink)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamext.dll [2016-03-10] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers3: [STKContextMenu] -> {90DD7445-E924-4c6e-92AC-01F8C3A7E0C7} => C:\Program Files (x86)\Amazon\SendToKindle\stkContextMenu_243.dll [2016-04-06] (Amazon Services LLC -> Amazon.com, Inc.)
ContextMenuHandlers4-x32: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files (x86)\7-Zip\7-zip.dll [2015-01-03] (Igor Pavlov) [File not signed]
ContextMenuHandlers4: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ContextMenuHandlers4: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files (x86)\Google\Drive\contextmenu64.dll [2018-04-23] (Google Inc -> Google)
ContextMenuHandlers5: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\windows\system32\igfxpph.dll -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\windows\system32\igfxDTCM.dll [2014-03-07] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers5: [igfxOSP] -> {FA507C3F-30C6-4DCA-9EE5-2656072EEC14} => C:\windows\system32\igfxOSP.dll [2014-03-07] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers6-x32: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files (x86)\7-Zip\7-zip.dll [2015-01-03] (Igor Pavlov) [File not signed]
ContextMenuHandlers6: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2017-09-26] (Adobe Systems Incorporated -> )
ContextMenuHandlers6: [Adobe.Acrobat.ContextMenu] -> {A6595CD1-BF77-430A-A452-18696685F7C7} => C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat Elements\ContextMenuShim64.dll [2012-09-23] (Adobe Systems, Incorporated -> Adobe Systems Inc.)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamext.dll [2016-03-10] (Malwarebytes Corporation -> Malwarebytes)
 
==================== Codecs (Whitelisted) ====================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Drivers32: [vidc.VP60] => C:\windows\SysWOW64\vp6vfw.dll [447752 2014-09-16] (Electronic Arts -> On2.com)
HKLM\...\Drivers32: [vidc.VP61] => C:\windows\SysWOW64\vp6vfw.dll [447752 2014-09-16] (Electronic Arts -> On2.com)
HKLM\...\Drivers32: [msacm.vorbis] => C:\Windows\SysWOW64\vorbis.acm [1554944 2009-09-15] (HMS hxxp://hp.vector.co.jp/authors/VA012897/) [File not signed]
 
==================== Shortcuts & WMI ========================
 
(The entries could be listed to be restored or removed.)
 
Shortcut: C:\Users\TingTing\Favorites\NCH Software Download Site.lnk -> hxxp://www.nch.com.au/index.htm
Shortcut: C:\Users\TingTing\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Image-Line\FL Studio 10\Image-Line website.lnk -> hxxp://www.image-line.com
Shortcut: C:\Users\TingTing\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Image-Line\FL Studio 10\Advanced\Diagnostic.lnk -> hxxp://www.image-line.com/diagnosti
Shortcut: C:\Users\TingTing\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Image-Line\FL Studio 10\Additional\Download Deckadance.lnk -> hxxp://www.deckadance.com
Shortcut: C:\Users\TingTing\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Image-Line\FL Studio 10\Additional\SynthMaker website.lnk -> hxxp://www.synthmaker.co.uk
 
==================== Loaded Modules (Whitelisted) =============
 
2014-04-07 09:31 - 2014-04-07 09:31 - 000172032 _____ () [File not signed] C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\css_core.dll
2015-11-30 03:59 - 2005-04-21 23:36 - 000143360 _____ () [File not signed] C:\windows\system32\BrSNMP64.dll
2015-11-30 03:59 - 2013-03-08 01:44 - 000087040 _____ (Brother Industries, Ltd.) [File not signed] C:\windows\system32\BrNetSti.dll
2014-02-26 10:11 - 2014-02-26 10:11 - 000523264 _____ (Intel Corporation) [File not signed] C:\Program Files\Intel\Intel® Rapid Storage Technology\ISDI2.dll
2014-02-26 10:11 - 2014-02-26 10:11 - 000297984 _____ (Intel Corporation) [File not signed] C:\Program Files\Intel\Intel® Rapid Storage Technology\PsiData.dll
2014-12-03 13:27 - 2014-12-03 13:27 - 001101824 _____ (Microsoft Corporation) [File not signed] C:\windows\WinSxS\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.6195_none_cbf5e994470a1a8f\MFC80.DLL
2014-12-03 13:27 - 2014-12-03 13:27 - 000057344 _____ (Microsoft Corporation) [File not signed] C:\windows\WinSxS\x86_microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.6195_none_03ce2c72205943d3\MFC80ENU.DLL
 
==================== Alternate Data Streams (Whitelisted) ========
 
==================== Safe Mode (Whitelisted) ==================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PAexec => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PAexec => ""="Service"
 
==================== Association (Whitelisted) =================
 
==================== Internet Explorer trusted/restricted ==========
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
IE trusted site: HKU\S-1-5-21-688974935-4124263328-645016171-1001\...\alipay.com -> hxxps://alipay.com
IE trusted site: HKU\S-1-5-21-688974935-4124263328-645016171-1001\...\alipay.com -> hxxp://alipay.com
IE trusted site: HKU\S-1-5-21-688974935-4124263328-645016171-1001\...\alisoft.com -> hxxps://alisoft.com
IE trusted site: HKU\S-1-5-21-688974935-4124263328-645016171-1001\...\alisoft.com -> hxxp://alisoft.com
IE trusted site: HKU\S-1-5-21-688974935-4124263328-645016171-1001\...\dell.com -> dell.com
IE trusted site: HKU\S-1-5-21-688974935-4124263328-645016171-1001\...\taobao.com -> hxxps://taobao.com
IE trusted site: HKU\S-1-5-21-688974935-4124263328-645016171-1001\...\taobao.com -> hxxp://taobao.com
 
==================== Hosts content: =========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2013-08-22 08:25 - 2019-04-21 18:53 - 000000954 _____ C:\windows\system32\drivers\etc\hosts
127.0.0.1       localhost
127.0.0.1 activate.adobe.com
127.0.0.1 practivate.adobe.com
127.0.0.1 lmlicenses.wip4.adobe.com
127.0.0.1 lm.licenses.adobe.com
127.0.0.1 na1r.services.adobe.com
127.0.0.1 hlrcv.stage.adobe.com
 
2019-09-07 21:43 - 2019-09-07 21:45 - 000000505 _____ C:\windows\system32\drivers\etc\hosts.ics
192.168.173.102 LGwebOSTV.mshome.net # 2019 9 0 15 2 45 27 275
192.168.173.1 WINDOWS-I6D372C.mshome.net # 2024 9 5 6 2 45 27 275
 
==================== Other Areas ===========================
 
(Currently there is no automatic fix for this section.)
 
HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Calibre2\;C:\Program Files\Intel\Intel® Management Engine Components\DAL;C:\Program Files\Intel\Intel® Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT;C:\Program Files\Intel\WiFi\bin\;C:\Program Files\Common Files\Intel\WirelessCommon\
HKU\S-1-5-21-688974935-4124263328-645016171-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\TingTing\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
DNS Servers: 8.8.8.8 - 8.8.4.4
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Off)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(If an entry is included in the fixlist, it will be removed.)
 
HKLM\...\StartupApproved\StartupFolder: => "Samsung Network PC Fax.lnk"
HKLM\...\StartupApproved\Run: => "BTMTrayAgent"
HKLM\...\StartupApproved\Run: => "IAStorIcon"
HKLM\...\StartupApproved\Run: => "AdobeAAMUpdater-1.0"
HKLM\...\StartupApproved\Run: => "iTunesHelper"
HKLM\...\StartupApproved\Run: => "AdobeGCInvoker-1.0"
HKLM\...\StartupApproved\Run: => "MRT"
HKLM\...\StartupApproved\Run32: => "Adobe ARM"
HKLM\...\StartupApproved\Run32: => "Acrobat Assistant 8.0"
HKLM\...\StartupApproved\Run32: => "tvncontrol"
HKLM\...\StartupApproved\Run32: => "ControlCenter4"
HKLM\...\StartupApproved\Run32: => "BrStsMon00"
HKLM\...\StartupApproved\Run32: => "Dropbox"
HKLM\...\StartupApproved\Run32: => "Adobe Creative Cloud"
HKU\S-1-5-21-688974935-4124263328-645016171-1001\...\StartupApproved\Run: => "TouchFreeze"
HKU\S-1-5-21-688974935-4124263328-645016171-1001\...\StartupApproved\Run: => "GoogleDriveSync"
HKU\S-1-5-21-688974935-4124263328-645016171-1001\...\StartupApproved\Run: => "AvastBrowserAutoLaunch_6107A7CB8A14159DCCA158AAEFDFA448"
HKU\S-1-5-21-688974935-4124263328-645016171-1001\...\StartupApproved\Run: => "iCloudServices"
 
==================== FirewallRules (Whitelisted) ================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{49D90B04-64A3-41F6-A70F-ED16FF3D6CA4}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDirector10\PDR10.EXE (CyberLink Corp. -> CyberLink Corp.)
FirewallRules: [{B68D3207-EC40-4C54-8C3B-718AE104F278}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Movie\PowerDVD Cinema\PowerDVDCinema12.exe (CyberLink Corp. -> CyberLink Corp.)
FirewallRules: [{BBCB6CD5-3509-42A8-9918-62BEE4209C94}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{1FE8FD99-83E6-4129-8773-5F20E308FAC0}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [TCP Query User{C4367F37-E76B-4941-8FC0-FC5CEED10BE8}C:\users\tingting\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\tingting\appdata\roaming\utorrent\utorrent.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [UDP Query User{6638E8B8-1036-4031-8B6F-650CAB70D1FD}C:\users\tingting\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\tingting\appdata\roaming\utorrent\utorrent.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [{E31E9C85-873F-4D0C-83CE-FA94AA349B3D}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{4089887D-33B8-4A2A-8A3C-C0F228BDBCDE}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{F9BFF5F3-7122-4FF1-9CE1-AD76D141061A}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{104D209A-8D3D-4132-9978-9CA7743B80F2}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{66D9F0F6-5B44-4AE3-9356-9FD6DC569137}] => (Allow) C:\Program Files\KMSpico\KMSELDI.exe No File
FirewallRules: [{918F0954-EF53-41E1-80D8-BC191F503554}] => (Allow) C:\Program Files\KMSpico\KMSELDI.exe No File
FirewallRules: [{B13A5F35-12DA-4A0F-B000-208E6A10DE80}] => (Allow) LPort=1689
FirewallRules: [{0B0F34E3-5368-4608-BD47-EF1D1A093D52}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{0EF7C036-CDF7-44C6-B577-B03AF114B31A}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{18F36E45-D382-49E5-A899-5AA417770778}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{D4ED90D7-9406-4B73-9EFF-EF740F6B22DF}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{EF2716B0-FD60-4384-9B9B-E6819DBFEBE0}] => (Allow) C:\windows\downloader.exe No File
FirewallRules: [TCP Query User{74B7F942-FBE0-4230-93F8-476DD1E2C9AD}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [UDP Query User{553C75ED-F846-4462-B18D-B0782772C64C}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{693B36B2-FF91-457B-AD50-2C1B467BFCAF}] => (Allow) C:\windows\downloader.exe No File
FirewallRules: [{956A7DE6-C628-4A4C-8DDE-0150522EEB5F}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe (Intel Corporation-Wireless Connectivity Solutions -> )
FirewallRules: [{F7E089A2-9916-4A34-816F-C795D515B5A7}] => (Allow) C:\Program Files (x86)\Samsung\Samsung Printer Center\SamsungPrinterCenter.exe (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.)
FirewallRules: [{45681DC8-8907-47A7-910D-D3668F26FB69}] => (Allow) C:\Windows\twain_32\Samsung\SLM288x\ScanCDLM\ScanCDLM.exe No File
FirewallRules: [{C18E7762-B9FC-4ACF-BBE9-E74A4705BED1}] => (Allow) C:\Windows\twain_32\Samsung\SLM288x\ScanCDLM\ScanCDLM.exe No File
FirewallRules: [{AFFB9AF7-2C9A-4AEF-8A9D-2D3288CC7BEC}] => (Allow) C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe No File
FirewallRules: [{BFA314FA-CCB4-4054-89CF-29881ECBBA8C}] => (Allow) C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe No File
FirewallRules: [{FCA6E85D-9087-4D55-B57D-5ED3EBBB0922}] => (Allow) C:\Program Files (x86)\Samsung\Easy Document Creator\EDC.exe No File
FirewallRules: [{A80788E9-EF9B-4BFF-A898-A4E130211A8D}] => (Allow) C:\Program Files (x86)\Samsung\Easy Document Creator\EDC.exe No File
FirewallRules: [{79E13EB7-1031-4971-8AF8-39A787587685}] => (Allow) C:\Windows\twain_32\Samsung\SCX3400\SCNSearch\USDAgent.exe No File
FirewallRules: [{7DE37AAF-2AE6-4B93-A127-D696D2E1FE69}] => (Allow) C:\Windows\twain_32\Samsung\SCX3400\SCNSearch\USDAgent.exe No File
FirewallRules: [{24ADB8DA-9C1E-4F7B-A59F-F643752BC580}] => (Allow) C:\Program Files (x86)\Samsung\Samsung Universal Scan Driver\ICCUpdater.exe No File
FirewallRules: [{3B4E993C-0FF0-457B-BBBF-180F616E26E2}] => (Allow) C:\Program Files (x86)\Samsung\Samsung Universal Scan Driver\ICCUpdater.exe No File
FirewallRules: [{9012D8B5-6223-4E39-972B-4D731725060A}] => (Allow) C:\Program Files (x86)\Samsung\Samsung Universal Scan Driver\ScanCDLM.exe No File
FirewallRules: [{6BBFA05F-8294-43DF-AF55-939C70401380}] => (Allow) C:\Program Files (x86)\Samsung\Samsung Universal Scan Driver\ScanCDLM.exe No File
FirewallRules: [{88DC5A35-4978-44BC-9326-C5B034383470}] => (Allow) LPort=1689
FirewallRules: [{384983BB-5071-4C74-82CD-F4B4CF0EF961}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{D5AF5BC9-97F1-4638-B737-05362A4E05D0}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{907E0216-27DB-407B-AE75-696DE11F8A54}] => (Allow) LPort=54925
FirewallRules: [{6DD70BA7-1083-469B-A766-604500BD643E}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe No File
FirewallRules: [{42DC6C5E-AF62-4097-B6B8-296DE8C07163}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe No File
FirewallRules: [{11311FF4-7DE6-47F6-87B7-011FA26A5711}] => (Allow) C:\Program Files (x86)\AliWangWang\AliIM.exe No File
FirewallRules: [{A3D7C7C9-12F4-46E2-8B40-A70237FF9183}] => (Allow) C:\Program Files (x86)\AliWangWang\AliIM.exe No File
FirewallRules: [{9D8C616E-441C-4251-9B5B-C031BFE6FDC3}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{EA7E19AC-E0BF-48E1-8FEB-BE0B385BDA73}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{EE6EBDD5-24A0-44BE-9A89-4C3CB760BDEE}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{84B667A0-7CD9-47CE-BFB7-8E926F66F69D}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{95326A45-F842-4689-B457-EBCD1C72EEE1}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{23E563BA-9FAD-4923-92A4-CFF19A24EF36}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{1E87FD3B-A442-4A6C-AE0C-B3FFE8D52B53}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{B4891DB9-CE90-47C6-B12D-931B899D8AF2}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [TCP Query User{576A8F9D-FB9E-4EA6-9D41-0DD6F9C42DF1}C:\users\tingting\appdata\roaming\utorrent\utorrent.exe] => (Block) C:\users\tingting\appdata\roaming\utorrent\utorrent.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [UDP Query User{F127DE4B-845A-46D2-930B-7756F43E7BE1}C:\users\tingting\appdata\roaming\utorrent\utorrent.exe] => (Block) C:\users\tingting\appdata\roaming\utorrent\utorrent.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [{53F55195-7D3B-4260-B3F3-1368A343F77F}] => (Allow) C:\Program Files (x86)\The Sims 4 City Living\Game\Bin\TS4.exe (Electronic Arts Inc.) [File not signed]
FirewallRules: [{AD42F5F4-F3A5-46E3-9CFD-F26EDED5AC3F}] => (Allow) C:\Program Files (x86)\The Sims 4 City Living\Game\Bin\TS4.exe (Electronic Arts Inc.) [File not signed]
FirewallRules: [{32C3E2C5-C22F-479E-A797-E2439204088A}] => (Allow) C:\Program Files (x86)\The Sims 4 City Living\Game\Bin\TS4_x64.exe (Electronic Arts Inc.) [File not signed]
FirewallRules: [{9391D705-A70F-4DC0-A416-7AE8A11ED497}] => (Allow) C:\Program Files (x86)\The Sims 4 City Living\Game\Bin\TS4_x64.exe (Electronic Arts Inc.) [File not signed]
FirewallRules: [{588F2F55-2701-4BC1-95C8-00DF7CA4AE50}] => (Allow) C:\Program Files (x86)\Samsung\Samsung Printer Center\SamsungPrinterCenter.exe (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.)
FirewallRules: [{286A4846-157D-4689-B11D-5C2079080FF6}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{FD11D334-EEEE-4EEF-A300-527143F38446}] => (Allow) C:\Program Files\iTunes\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [TCP Query User{D181722F-FBA2-42D9-8D01-632D40ACAB8B}C:\users\tingting\appdata\local\vysor\app-2.1.2\vysor.exe] => (Block) C:\users\tingting\appdata\local\vysor\app-2.1.2\vysor.exe (ClockworkMod) [File not signed]
FirewallRules: [UDP Query User{CB2F021C-B93B-4E86-8D85-D81C99103321}C:\users\tingting\appdata\local\vysor\app-2.1.2\vysor.exe] => (Block) C:\users\tingting\appdata\local\vysor\app-2.1.2\vysor.exe (ClockworkMod) [File not signed]
FirewallRules: [TCP Query User{0795448A-A114-4F79-8FD4-9F206F657D15}C:\program files (x86)\airdroid\airdroid.exe] => (Allow) C:\program files (x86)\airdroid\airdroid.exe No File
FirewallRules: [UDP Query User{151C48F0-CAB9-4E41-B7FE-B0BD50141C44}C:\program files (x86)\airdroid\airdroid.exe] => (Allow) C:\program files (x86)\airdroid\airdroid.exe No File
FirewallRules: [{C967309A-0DF1-4868-83D9-82E2D65B6B07}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe (Dropbox, Inc -> Dropbox, Inc.)
FirewallRules: [{43C467D7-4CE2-429A-BD8F-4D919A9C2A47}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
 
==================== Restore Points =========================
 
23-11-2019 19:14:31 Scheduled Checkpoint
30-11-2019 23:04:35 Scheduled Checkpoint
08-12-2019 23:42:27 Scheduled Checkpoint
11-12-2019 21:59:33 Removed WinZip 24.0.
14-12-2019 23:13:37 Removed LG United Mobile Drivers.
 
==================== Faulty Device Manager Devices ============
 
 
==================== Event log errors: ========================
 
Application errors:
==================
Error: (12/15/2019 02:31:55 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program LiveComm.exe version 17.5.9600.22013 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: dfc
 
Start Time: 01d5b37d97bc4272
 
Termination Time: 4294967295
 
Application Path: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.22013_x64__8wekyb3d8bbwe\LiveComm.exe
 
Report Id: 8cb84ad8-1f71-11ea-8335-6057185e76ac
 
Faulting package full name: microsoft.windowscommunicationsapps_17.5.9600.22013_x64__8wekyb3d8bbwe
 
Faulting package-relative application ID: ppleae38af2e007f4358a809ac99a64a67c1
 
Error: (12/15/2019 02:16:17 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program LiveComm.exe version 17.5.9600.22013 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 1190
 
Start Time: 01d5b37b6bab5c30
 
Termination Time: 4294967295
 
Application Path: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.22013_x64__8wekyb3d8bbwe\LiveComm.exe
 
Report Id: 5c7283e4-1f6f-11ea-8335-6057185e76ac
 
Faulting package full name: microsoft.windowscommunicationsapps_17.5.9600.22013_x64__8wekyb3d8bbwe
 
Faulting package-relative application ID: ppleae38af2e007f4358a809ac99a64a67c1
 
Error: (12/15/2019 02:02:07 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program LiveComm.exe version 17.5.9600.22013 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 1444
 
Start Time: 01d5b379637a1abc
 
Termination Time: 4294967295
 
Application Path: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.22013_x64__8wekyb3d8bbwe\LiveComm.exe
 
Report Id: 58592bb1-1f6d-11ea-8335-6057185e76ac
 
Faulting package full name: microsoft.windowscommunicationsapps_17.5.9600.22013_x64__8wekyb3d8bbwe
 
Faulting package-relative application ID: ppleae38af2e007f4358a809ac99a64a67c1
 
Error: (12/15/2019 12:47:18 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Explorer.EXE, version: 6.3.9600.18460, time stamp: 0x57c1b8c1
Faulting module name: ContextualComm.dll, version: 1.0.16.145, time stamp: 0x5df134b5
Exception code: 0xc0000005
Fault offset: 0x00000000000052f3
Faulting process id: 0x884
Faulting application start time: 0x01d5b3105399ca6c
Faulting application path: C:\windows\Explorer.EXE
Faulting module path: C:\Program Files\Bitdefender Antivirus Free\ContextualComm.dll
Report Id: ef841489-1f62-11ea-8334-6057185e76ac
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (12/15/2019 04:46:01 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 2609
 
Error: (12/15/2019 04:46:01 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 2609
 
Error: (12/15/2019 04:46:01 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (12/15/2019 04:45:59 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1281
 
 
System errors:
=============
Error: (12/15/2019 12:57:59 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The wwbizsrv service failed to start due to the following error: 
The system cannot find the file specified.
 
Error: (12/15/2019 12:57:57 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The TBSecSvc service failed to start due to the following error: 
The system cannot find the file specified.
 
Error: (12/15/2019 12:57:57 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Service KMSELDI service failed to start due to the following error: 
The system cannot find the file specified.
 
Error: (12/15/2019 12:57:54 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Origin Web Helper Service service failed to start due to the following error: 
The service did not respond to the start or control request in a timely fashion.
 
Error: (12/15/2019 12:57:54 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Origin Web Helper Service service to connect.
 
Error: (12/15/2019 12:56:44 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 6:07:09 AM on ‎12/‎15/‎2019 was unexpected.
 
Error: (12/15/2019 01:25:18 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The wwbizsrv service failed to start due to the following error: 
The system cannot find the file specified.
 
Error: (12/15/2019 01:25:18 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The TBSecSvc service failed to start due to the following error: 
The system cannot find the file specified.
 
 
Windows Defender:
===================================
Date: 2015-04-22 13:28:05.791
Description: 
Windows Defender Real-Time Protection feature has encountered an error and failed.
Feature: Network Inspection System
Error Code: 0x80004005
Error description: Unspecified error 
Reason: Antimalware protection has stopped functioning for an unknown reason. In some instances, restarting the service may resolve the problem.
 
Date: 2015-04-22 13:23:20.424
Description: 
Windows Defender Real-Time Protection feature has encountered an error and failed.
Feature: Network Inspection System
Error Code: 0x80070002
Error description: The system cannot find the file specified. 
Reason: The system is missing updates that are required for running Network Inspection System.  Install the required updates and restart the computer.
 
CodeIntegrity:
===================================
 
Date: 2018-10-02 19:44:44.333
Description: 
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\wow64.dll because the set of per-page image hashes could not be found on the system.
 
Date: 2018-10-02 19:44:43.849
Description: 
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\wow64.dll because the set of per-page image hashes could not be found on the system.
 
Date: 2018-10-02 19:44:43.404
Description: 
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\wow64.dll because the set of per-page image hashes could not be found on the system.
 
Date: 2018-10-02 19:44:42.924
Description: 
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\wow64.dll because the set of per-page image hashes could not be found on the system.
 
Date: 2018-10-02 19:44:42.337
Description: 
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\wow64.dll because the set of per-page image hashes could not be found on the system.
 
Date: 2018-10-02 19:44:41.836
Description: 
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\wow64.dll because the set of per-page image hashes could not be found on the system.
 
Date: 2018-10-02 19:44:41.488
Description: 
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\wow64.dll because the set of per-page image hashes could not be found on the system.
 
Date: 2018-10-02 19:44:41.105
Description: 
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\wow64.dll because the set of per-page image hashes could not be found on the system.
 
==================== Memory info =========================== 
 
BIOS: Dell Inc. A07 01/23/2015
Motherboard: Dell Inc. 0598GM
Processor: Intel® Core™ i5-4210U CPU @ 1.70GHz
Percentage of memory in use: 50%
Total physical RAM: 12168.96 MB
Available physical RAM: 6052.91 MB
Total Virtual: 19592.96 MB
Available Virtual: 13194.75 MB
 
==================== Drives ================================
 
Drive c: (OS) (Fixed) (Total:921.48 GB) (Free:578.55 GB) NTFS
Drive d: (The Sims 4 City Living) (CDROM) (Total:18.56 GB) (Free:0 GB) UDF
 
\\?\Volume{f8349059-91f3-41a1-a3a9-aa990f6a5539}\ (WINRETOOLS) (Fixed) (Total:1 GB) (Free:0.67 GB) NTFS
\\?\Volume{75a2b2bc-6d13-4e6b-81ec-52364e5e5b9e}\ (PBR Image) (Fixed) (Total:8.42 GB) (Free:0.74 GB) NTFS
 
==================== MBR & Partition Table ====================
 
==========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 05FA846C)
 
Partition: GPT.
 
==================== End of Addition.txt =======================
 

  • 0

Advertisements


#2
RKinner

RKinner

    Malware Expert

  • Expert
  • 22,272 posts
  • MVP

Download the attached fixlist.txt to the same location as FRST

Attached File  fixlist.txt   50.2KB   18 downloads

Run FRST and press Fix
A fix log will be generated please post that

Reboot if the fix doesn't reboot it for you

Run FRST again as before.  Make sure Addition.txt is checked and hit Scan.  Post both logs.


Get Process Explorer

https://live.sysinte...com/procexp.exe

Save it to your desktop then run it (Vista or Win7+ - right click and Run As Administrator).  

View, Select Column, check Verified Signer, OK
Options, Verify Image Signatures


Click twice on the CPU column header  to sort things by CPU usage with the big hitters at the top.  

Wait a full minute then:

File, Save As, Save.  Note the file name.   Open the file  on your desktop and copy and paste the text to a reply.


Copy the next 2 lines:

TASKLIST /SVC  > \junk.txt
notepad \junk.txt

Open an Elevated Command Prompt:
Win 7: Start, All Programs, Accessories then right click on Command Prompt and Run as Administrator
Win 8: http://www.eightforu...indows-8-a.html
win 10: http://www.howtogeek...-in-windows-10/

Right click and Paste (or Edit then Paste) and the copied lines should appear.
Hit Enter if notepad does not open.  Copy and paste the text from notepad into a reply.


Get the free version of Speccy:

http://www.filehippo...ownload_speccy/ 

(Look in the upper right for the Download
Latest Version button  - Do NOT press the large Start Download button on the upper left!)  
Download, Save and Install it.  Tell it you do not need CCLEANER.    Run Speccy.  When it finishes (the little icon in the bottom left will stop moving),
File, Save as Text File,  (to your desktop) note the name it gives. OK.  Open the file in notepad and delete the line that gives the serial number of your Operating System.  
(It will be near the top,  10-20  lines down.) Save the file.  Attach the file to your next post.  Attaching the log is the best option as it is too big for the forum.  Attaching is a multi step process.

First click on More Reply Options
Then scroll down to where you see
Choose File and click on it.  Point it at the file and hit Open.
Now click on Attach this file.

Latency Monitor:

Go to

http://www.resplendence.com/downloads

Scroll down to

System Monitoring Tools

and then find

LatencyMon 6.70 (or it may be a higher number if they update)

Click on Download free home edition

Save it then right click and Run As Admin.  It will install and then start the program.  
It will tell you to click on the Start button but there isn't one.  
Instead click on the green arrowhead (looks like a Play button).   Let it run for at least 20 seconds.  Then hit the red box to stop it.

Edit, Copy Report text to Clipboard then move to a REPLY and Ctrl + v to paste the text into a reply. 

 


  • 0

#3
tingtingz

tingtingz

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
Fix result of Farbar Recovery Scan Tool (x64) Version: 14-12-2019
Ran by TingTing (17-12-2019 17:44:45) Run:1
Running from C:\Users\TingTing\Downloads
Loaded Profiles: TingTing (Available Profiles: TingTing)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
HKU\S-1-5-21-688974935-4124263328-645016171-1001\Sortware\Policies\...\system: [DisableCMD] 0
Task: {968B3171-F356-4241-8378-8C11069595DD} - System32\Tasks\{F11E54FD-9E0C-40D2-B2BC-C39546927883} => C:\windows\system32\pcalua.exe -a C:\Users\TingTing\AppData\Local\Apps\2.0\JANXRR7K.4JB\BLE8T11W.5R4\dell..tion_831211ca63b981c5_0008.0008_b150a6542eb950c1\Uninstaller.exe -c uninstall
Task: C:\windows\Tasks\AliUpdater{6D476752-FA67-4F7A-AE78-088CF5BD18C8}.job => C:\Program Files (x86)\AliWangWang\AliTask.exe
Task: C:\windows\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\windows\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
FF NetworkProxy: Mozilla\Firefox\Profiles\pecg5pgj.default -> autoconfig_url", "data:text/javascript,var%20_http_map%20%3D%20%7B%0A%20%20'white'%3A%20%7B%0A%20%20%20%20'any'%3A%20%5B%5D%0A%20%20%7D%2C%0A%20%20'proxy'%3A%20%7B%0A%20%20%20%20'any'%3A%20%5B%0A%20%20%20%20%20%20%2F%5E%5B%5E%2F%5D*%5C.cupid%5C.iqiyi%5C.com%5C%2F%2Fi%2C%0A%20%20%20%20%20%20%2F%5E%5B%5E%2F%5D*%5C.dpool%5C.sina%5C.com%5C.cn%5C%2Fiplookup%2Fi%0A%20%20%20%20%5D%2C%0A%20%20%20%20'v.youku.com'%3A%20%5B%0A%20%20%20%20%20%20%2F%5E%5C%2Fplayer%5C%2F%2Fi%2C%0A%20%20%20%20%20%20%2F%5E%5C%2Fv_show%5C%2F%2Fi%0A%20%20%20%20%5D%2C%0A%20%20%20%20'api.youku.com'%3A%20%5B%0A%20%20%20%20%20%20%2F%5E%5C%2Fplayer%5C%2F%2Fi%0A%20%20%20%20%5D%2C%0A%20%20%20%20'play.youku.com'%3A%20%5B%0A%20%20%20%20%20%20%2F%5E%5C%2Fplay%5C%2Fget%5C.json%2Fi%0A%20%20%20%20%5D%2C%0A%20%20%20%20'www.tudou.com'%3A%20%5B%0A%20%20%20%20%20%20%2F%5E%5C%2Fa%5C%2F%2Fi%2C%0A%20%20%20%20%20%20%2F%5E%5C%2Fv%5C%2F%2Fi%2C%0A%20%20%20%20%20%20%2F%5E%5C%2Foutplay%5C%2Fgoto%5C%2F%2Fi%2C%0A%20%20%20%20%20%20%2F%5E%5C%2Ftvp%5C%2Falist%5C.action%2Fi%2C%0A%20%20%20%20%20%20%2F%5E%5C%2Fprograms%5C%2Fview%5C%2F%2Fi%2C%0A%20%20%20%20%20%20%2F%5E%5C%2Falbumplay%5C%2F%2Fi%2C%0A%20%20%20%20%20%20%2F%5E%5C%2Flistplay%5C%2F%2Fi%0A%20%20%20%20%5D%2C%0A%20%20%20%20's.plcloud.music.qq.com'%3A%20%5B%0A%20%20%20%20%20%20%2F%5E%5C%2Ffcgi%5C-bin%5C%2Fp%5C.fcg%2Fi%0A%20%20%20%20%5D%2C%0A%20%20%20%20'i.y.qq.com'%3A%20%5B%0A%20%20%20%20%20%20%2F%5E%5C%2Fs%5C.plcloud%5C%2Ffcgi%5C-bin%5C%2Fp%5C.fcg%2Fi%0A%20%20%20%20%5D%2C%0A%20%20%20%20'hot.vrs.sohu.com'%3A%20%5B%0A%20%20%20%20%20%20%2F%5E%5C%2F%2Fi%0A%20%20%20%20%5D%2C%0A%20%20%20%20'live.tv.sohu.com'%3A%20%5B%0A%20%20%20%20%20%20%2F%5E%5C%2Flive%5C%2Fplayer%2Fi%0A%20%20%20%20%5D%2C%0A%20%20%20%20'pad.tv.sohu.com'%3A%20%5B%0A%20%20%20%20%20%20%2F%5E%5C%2Fplayinfo%2Fi%0A%20%20%20%20%5D%2C%0A%20%20%20%20'my.tv.sohu.com'%3A%20%5B%0A%20%20%20%20%20%20%2F%5E%5C%2Fplay%5C%2Fm3u8version%5C.do%2Fi%0A%20%20%20%20%5D%2C%0A%20%20%20%20'hot.vrs.letv.com'%3A%20%5B%0A%20%20%20%20%20%20%2F%5E%5C%2F%2Fi%0A%20%20%20%20%5D%2C%0A%20%20%20%20'api.le.com'%3A%20%5B%0A%20%20%20%20%20%20%2F%5E%5C%2Fmms%5C%2Fout%5C%2Fvideo%5C%2F%2Fi%0A%20%20%20%20%5D%2C%0A%20%20%20%20'data.video.qiyi.com'%3A%20%5B%0A%20%20%20%20%20%20%2F%5E%5C%2Fv%5C.%2Fi%2C%0A%20%20%20%20%20%20%2F%5E%5C%2Fvideos%5C%2F%2Fi%2C%0A%20%20%20%20%20%20%2F%5E%5C%2F.*%5C%2Fvideos%5C%2F%2Fi%0A%20%20%20%20%5D%2C%0A%20%20%20%20'cache.video.qiyi.com'%3A%20%5B%0A%20%20%20%20%20%20%2F%5E%5C%2Fvms%5C%3F%2Fi%2C%0A%20%20%20%20%20%20%2F%5E%5C%2Fvp%5C%2F.*%5C%2F.*%5C%2F%5C%3Fsrc%3D%2Fi%2C%0A%20%20%20%20%20%20%2F%5E%5C%2Fvps%5C%3F%2Fi%2C%0A%20%20%20%20%20%20%2F%5E%5C%2Fliven%5C%2F%2Fi%0A%20%20%20%20%5D%2C%0A%20%20%20%20'cache.vip.qiyi.com'%3A%20%5B%0A%20%20%20%20%20%20%2F%5E%5C%2Fvms%5C%3F%2Fi%0A%20%20%20%20%5D%2C%0A%20%20%20%20'iplocation.geo.qiyi.com'%3A%20%5B%0A%20%20%20%20%20%20%2F%5E%5C%2Fcityjson%2Fi%0A%20%20%20%20%5D%2C%0A%20%20%20%20'v.api.hunantv.com'%3A%20%5B%0A%20%20%20%20%20%20%2F%5E%5C%2Fplayer%5C%2Fvideo%2Fi%0A%20%20%20%20%5D%2C%0A%20%20%20%20'mobile.api.hunantv.com'%3A%20%5B%0A%20%20%20%20%20%20%2F%5E%5C%2Fv5%5C%2Fvideo%5C%2FgetSource%2Fi%0A%20%20%20%20%5D%2C%0A%20%20%20%20'v.api.mgtv.com'%3A%20%5B%0A%20%20%20%20%20%20%2F%5E%5C%2Fplayer%5C%2Fvideo%2Fi%0A%20%20%20%20%5D%2C%0A%20%20%20%20'acc.music.qq.com'%3A%20%5B%0A%20%20%20%20%20%20%2F%5E%5C%2Fbase%5C%2Ffcgi%5C-bin%5C%2Fgetsession%2Fi%0A%20%20%20%20%5D%2C%0A%20%20%20%20'api.appsdk.soku.com'%3A%20%5B%0A%20%20%20%20%20%20%2F%5E%5C%2Fd%5C%2Fs%5C%3Fkeyword%3D%2Fi%2C%0A%20%20%20%20%20%20%2F%5E%5C%2Fu%5C%2Fs%5C%3Fkeyword%3D%2Fi%0A%20%20%20%20%5D%2C%0A%20%20%20%20'app.bilibili.com'%3A%20%5B%0A%20%20%20%20%20%20%2F%5E%5C%2Fbangumi%5C%2Fuser_season_status%5C%3F%2Fi%0A%20%20%20%20%5D%2C%0A%20%20%20%20'bangumi.bilibili.com'%3A%20%5B%0A%20%20%20%20%20%20%2F%5E%5C%2Fapi%5C%2F%2Fi%0A%20%20%20%20%5D%2C%0A%20%20%20%20'122.72.82.31'%3A%20%5B%0A%20%20%20%20%20%20%2F%5E%5C%2F%2Fi%0A%20%20%20%20%5D%2C%0A%20%20%20%20'vv.video.qq.com'%3A%20%5B%0A%20%20%20%20%20%20%2F%5E%5C%2F%2Fi%2C%0A%20%20%20%20%20%20%2F%5E%5C%2Fgetvinfo%2Fi%2C%0A%20%20%20%20%20%20%2F%5E%5C%2Fgetinfo%2Fi%2C%0A%20%20%20%20%20%20%2F%5E%5C%2Fgeturl%2Fi%0A%20%20%20%20%5D%2C%0A%20%20%20%20'tt.video.qq.com'%3A%20%5B%0A%20%20%20%20%20%20%2F%5E%5C%2Fgetvinfo%2Fi%0A%20%20%20%20%5D%2C%0A%20%20%20%20'ice.video.qq.com'%3A%20%5B%0A%20%20%20%20%20%20%2F%5E%5C%2Fgetvinfo%2Fi%0A%20%20%20%20%5D%2C%0A%20%20%20%20'tjsa.video.qq.com'%3A%20%5B%0A%20%20%20%20%20%20%2F%5E%5C%2Fgetvinfo%2Fi%0A%20%20%20%20%5D%2C%0A%20%20%20%20'a10.video.qq.com'%3A%20%5B%0A%20%20%20%20%20%20%2F%5E%5C%2Fgetvinfo%2Fi%0A%20%20%20%20%5D%2C%0A%20%20%20%20'xyy.video.qq.com'%3A%20%5B%0A%20%20%20%20%20%20%2F%5E%5C%2Fgetvinfo%2Fi%0A%20%20%20%20%5D%2C%0A%20%20%20%20'vcq.video.qq.com'%3A%20%5B%0A%20%20%20%20%20%20%2F%5E%5C%2Fgetvinfo%2Fi%0A%20%20%20%20%5D%2C%0A%20%20%20%20'vsh.video.qq.com'%3A%20%5B%0A%20%20%20%20%20%20%2F%5E%5C%2Fgetvinfo%2Fi%0A%20%20%20%20%5D%2C%0A%20%20%20%20'vbj.video.qq.com'%3A%20%5B%0A%20%20%20%20%20%20%2F%5E%5C%2Fgetvinfo%2Fi%0A%20%20%20%20%5D%2C%0A%20%20%20%20'bobo.video.qq.com'%3A%20%5B%0A%20%20%20%20%20%20%2F%5E%5C%2Fgetvinfo%2Fi%0A%20%20%20%20%5D%2C%0A%20%20%20%20'flvs.video.qq.com'%3A%20%5B%0A%20%20%20%20%20%20%2F%5E%5C%2Fgetvinfo%2Fi%0A%20%20%20%20%5D%2C%0A%20%20%20%20'bkvv.video.qq.com'%3A%20%5B%0A%20%20%20%20%20%20%2F%5E%5C%2Fgetvinfo%2Fi%0A%20%20%20%20%5D%2C%0A%20%20%20%20'info.zb.qq.com'%3A%20%5B%0A%20%20%20%20%20%20%2F%5E%5C%2F%5C%3F%2Fi%0A%20%20%20%20%5D%2C%0A%20%20%20%20'info.zb.video.qq.com'%3A%20%5B%0A%20%20%20%20%20%20%2F%5E%5C%2F%5C%3F%2Fi%0A%20%20%20%20%5D%2C%0A%20%20%20%20'qzs.qq.com'%3A%20%5B%0A%20%20%20%20%20%20%2F%5E%5C%2Ftencentvideo_v1%5C%2F%2Fi%0A%20%20%20%20%5D%2C%0A%20%20%20%20'ac.qq.com'%3A%20%5B%0A%20%20%20%20%20%20%2F%5E%5C%2FComic%5C%2FcomicInfo%5C%2Fid%5C%2F%2Fi%2C%0A%20%20%20%20%20%20%2F%5E%5C%2FComicView%5C%2Findex%5C%2Fid%5C%2F%2Fi%2C%0A%20%20%20%20%20%20%2F%5E%5C%2FJump%2Fi%0A%20%20%20%20%5D%2C%0A%20%20%20%20'dispatcher.video.sina.com.cn'%3A%20%5B%0A%20%20%20%20%20%20%2F%5E%5C%2F%2Fi%0A%20%20%20%20%5D%2C%0A%20%20%20%20'geo.js.kankan.xunlei.com'%3A%20%5B%0A%20%20%20%20%20%20%2F%5E%5C%2F%2Fi%0A%20%20%20%20%5D%2C%0A%20%20%20%20'web-play.pptv.com'%3A%20%5B%0A%20%20%20%20%20%20%2F%5E%5C%2F%2Fi%0A%20%20%20%20%5D%2C%0A%20%20%20%20'web-play.pplive.cn'%3A%20%5B%0A%20%20%20%20%20%20%2F%5E%5C%2F%2Fi%0A%20%20%20%20%5D%2C%0A%20%20%20%20'tools.aplusapi.pptv.com'%3A%20%5B%0A%20%20%20%20%20%20%2F%5E%5C%2Fget_ppi%5C%3F%2Fi%0A%20%20%20%20%5D%2C%0A%20%20%20%20'live.pptv.com'%3A%20%5B%0A%20%20%20%20%20%20%2F%5E%5C%2Fapi%5C%2Fsubject_list%5C%3F%2Fi%0A%20%20%20%20%5D%2C%0A%20%20%20%20'dyn.ugc.pps.tv'%3A%20%5B%0A%20%20%20%20%20%20%2F%5E%5C%2F%2Fi%0A%20%20%20%20%5D%2C%0A%20%20%20%20'v.pps.tv'%3A%20%5B%0A%20%20%20%20%20%20%2F%5E%5C%2Fugc%5C%2Fajax%5C%2Faj_html5_url%5C.php%2Fi%0A%20%20%20%20%5D%2C%0A%20%20%20%20'inner.kandian.com'%3A%20%5B%0A%20%20%20%20%20%20%2F%5E%5C%2F%2Fi%0A%20%20%20%20%5D%2C%0A%20%20%20%20'ipservice.163.com'%3A%20%5B%0A%20%20%20%20%20%20%2F%5E%5C%2F%2Fi%0A%20%20%20%20%5D%2C%0A%20%20%20%20'so.open.163.com'%3A%20%5B%0A%20%20%20%20%20%20%2F%5E%5C%2Fopen%5C%2Finfo%5C.htm%2Fi%0A%20%20%20%20%5D%2C%0A%20%20%20%20'zb.s.qq.com'%3A%20%5B%0A%20%20%20%20%20%20%2F%5E%5C%2F%2Fi%0A%20%20%20%20%5D%2C%0A%20%20%20%20'ip.kankan.xunlei.com'%3A%20%5B%0A%20%20%20%20%20%20%2F%5E%5C%2F%2Fi%0A%20%20%20%20%5D%2C%0A%20%20%20%20'vxml.56.com'%3A%20%5B%0A%20%20%20%20%20%20%2F%5E%5C%2Fjson%5C%2F%2Fi%0A%20%20%20%20%5D%2C%0A%20%20%20%20'music.sina.com.cn'%3A%20%5B%0A%20%20%20%20%20%20%2F%5E%5C%2Fyueku%5C%2Fintro%5C%2F%2Fi%2C%0A%20%20%20%20%20%20%2F%5E%5C%2Fradio%5C%2Fport%5C%2FwebFeatureRadioLimitList%5C.php%2Fi%0A%20%20%20%20%5D%2C%0A%20%20%20%20'play.baidu.com'%3A%20%5B%0A%20%20%20%20%20%20%2F%5E%5C%2Fdata%5C%2Fmusic%5C%2Fsonglink%2Fi%0A%20%20%20%20%5D%2C%0A%20%20%20%20'v.iask.com'%3A%20%5B%0A%20%20%20%20%20%20%2F%5E%5C%2Fv_play%5C.php%2Fi%2C%0A%20%20%20%20%20%20%2F%5E%5C%2Fv_play_ipad%5C.cx%5C.php%2Fi%0A%20%20%20%20%5D%2C%0A%20%20%20%20'tv.weibo.com'%3A%20%5B%0A%20%20%20%20%20%20%2F%5E%5C%2Fplayer%5C%2F%2Fi%0A%20%20%20%20%5D%2C%0A%20%20%20%20'wtv.v.iask.com'%3A%20%5B%0A%20%20%20%20%20%20%2F%5E%5C%2F.*%5C.m3u8%2Fi%2C%0A%20%20%20%20%20%20%2F%5E%5C%2Fmcdn%5C.php%24%2Fi%2C%0A%20%20%20%20%20%20%2F%5E%5C%2Fplayer%5C%2Fovs1_idc_list%5C.php%2Fi%0A%20%20%20%20%5D%2C%0A%20%20%20%20'video.sina.com.cn'%3A%20%5B%0A%20%20%20%20%20%20%2F%5E%5C%2Finterface%5C%2Fl%5C%2Fu%5C%2FgetFocusStatus%5C.php%2Fi%0A%20%20%20%20%5D%2C%0A%20%20%20%20'www.yinyuetai.com'%3A%20%5B%0A%20%20%20%20%20%20%2F%5E%5C%2Finsite%5C%2F%2Fi%2C%0A%20%20%20%20%20%20%2F%5E%5C%2Fmain%5C%2Fget%5C-%2Fi%0A%20%20%20%20%5D%2C%0A%20%20%20%20'www.xiami.com'%3A%20%5B%0A%20%20%20%20%20%20%2F%5E%5C%2Fplay%5C%3F%2Fi%0A%20%20%20%20%5D%2C%0A%20%20%20%20'www.kugou.com'%3A%20%5B%0A%20%20%20%20%20%20%2F%5E%5C%2Finterface%5C%2Fgeoip%5C%2Fcheckip%5C.php%24%2Fi%0A%20%20%20%20%5D%2C%0A%20%20%20%20'www.kuwo.cn'%3A%20%5B%0A%20%20%20%20%20%20%2F%5E%5C%2Fyy%5C%2FPlayCheckIp%5C%3Fcallback%3DcheckIpCallback%26_%3D%2Fi%0A%20%20%20%20%5D%2C%0A%20%20%20%20'antiserver.kuwo.cn'%3A%20%5B%0A%20%20%20%20%20%20%2F%5E%5C%2Fanti%5C.s%5C%3F%2Fi%0A%20%20%20%20%5D%2C%0A%20%20%20%20'api.letv.com'%3A%20%5B%0A%20%20%20%20%20%20%2F%5E%5C%2Fstreamblock%2Fi%2C%0A%20%20%20%20%20%20%2F%5E%5C%2Fmms%5C%2Fout%5C%2Fvideo%5C%2Fplay%2Fi%2C%0A%20%20%20%20%20%20%2F%5E%5C%2Fmms%5C%2Fout%5C%2Fcommon%5C%2Fgeturl%2Fi%2C%0A%20%20%20%20%20%20%2F%5E%5C%2Fgeturl%2Fi%2C%0A%20%20%20%20%20%20%2F%5E%5C%2Fapi%5C%2Fgeturl%2Fi%0A%20%20%20%20%5D%2C%0A%20%20%20%20'api.www.letv.com'%3A%20%5B%0A%20%20%20%20%20%20%2F%5E%5C%2Fmms%5C%2Fout%5C%2Fvideo%5C%2FplayJson%5C%3F%2Fi%0A%20%20%20%20%5D%2C%0A%20%20%20%20'st.live.letv.com'%3A%20%5B%0A%20%20%20%20%20%20%2F%5E%5C%2Flive%5C%2F%2Fi%0A%20%20%20%20%5D%2C%0A%20%20%20%20'live.gslb.letv.com'%3A%20%5B%0A%20%20%20%20%20%20%2F%5E%5C%2Fgslb%5C%3F%2Fi%0A%20%20%20%20%5D%2C%0A%20%20%20%20'live.g3proxy.lecloud.com'%3A%20%5B%0A%20%20%20%20%20%20%2F%5E%5C%2Fgslb%5C%3F%2Fi%0A%20%20%20%20%5D%2C%0A%20%20%20%20'api.live.letv.com'%3A%20%5B%0A%20%20%20%20%20%20%2F%5E%5C%2Fcrossdomain%5C.xml%24%2Fi%0A%20%20%20%20%5D%2C%0A%20%20%20%20'static.itv.letv.com'%3A%20%5B%0A%20%20%20%20%20%20%2F%5E%5C%2Fapi%2Fi%0A%20%20%20%20%5D%2C%0A%20%20%20%20'ip.apps.cntv.cn'%3A%20%5B%0A%20%20%20%20%20%20%2F%5E%5C%2Fjs%5C%2Fplayer%5C.do%2Fi%0A%20%20%20%20%5D%2C%0A%20%20%20%20'vdn.apps.cntv.cn'%3A%20%5B%0A%20%20%20%20%20%20%2F%5E%5C%2Fapi%5C%2Fget%2Fi%0A%20%20%20%20%5D%2C%0A%20%20%20%20'vdn.live.cntv.cn'%3A%20%5B%0A%20%20%20%20%20%20%2F%5E%5C%2Fapi2%5C%2FliveHtml5%5C.do%5C%3Fchannel%3Dpa%3A%5C%2F%5C%2Fcctv_p2p_hdcctv5%2Fi%2C%0A%20%20%20%20%20%20%2F%5E%5C%2Fapi2%5C%2FliveHtml5%5C.do%5C%3Fchannel%3Dpa%3A%5C%2F%5C%2Fcctv_p2p_hdcctv6%2Fi%2C%0A%20%20%20%20%20%20%2F%5E%5C%2Fapi2%5C%2FliveHtml5%5C.do%5C%3Fchannel%3Dpa%3A%5C%2F%5C%2Fcctv_p2p_hdcctv8%2Fi%2C%0A%20%20%20%20%20%20%2F%5E%5C%2Fapi2%5C%2FliveHtml5%5C.do%5C%3Fchannel%3Dpa%3A%5C%2F%5C%2Fcctv_p2p_hdbtv6%2Fi%0A%20%20%20%20%5D%2C%0A%20%20%20%20'vip.sports.cntv.cn'%3A%20%5B%0A%20%20%20%20%20%20%2F%5E%5C%2Fcheck%5C.do%2Fi%2C%0A%20%20%20%20%20%20%2F%5E%5C%2Fplay%5C.do%2Fi%2C%0A%20%20%20%20%20%20%2F%5E%5C%2Fservlets%5C%2Fencryptvideopath%5C.do%2Fi%0A%20%20%20%20%5D%2C%0A%20%20%20%20'211.151.157.15'%3A%20%5B%0A%20%20%20%20%20%20%2F%5E%5C%2F%2Fi%0A%20%20%20%20%5D%2C%0A%20%20%20%20'www.youku.com'%3A%20%5B%0A%20%20%20%20%20%20%2F%5E%5C%2Fshow_page%5C%2F%2Fi%0A%20%20%20%20%5D%2C%0A%20%20%20%20'www.soku.com'%3A%20%5B%0A%20%20%20%20%20%20%2F%5E%5C%2Fsearch_video%5C%2F%2Fi%0A%20%20%20%20%5D%2C%0A%20%20%20%20'douban.fm'%3A%20%5B%0A%20%20%20%20%20%20%2F%5E%5C%2F%2Fi%0A%20%20%20%20%5D%2C%0A%20%20%20%20'lixian.xunlei.com'%3A%20%5B%0A%20%20%20%20%20%20%2F%5E%5C%2F%2Fi%0A%20%20%20%20%5D%2C%0A%20%20%20%20'lixian.vip.xunlei.com'%3A%20%5B%0A%20%20%20%20%20%20%2F%5E%5C%2F%2Fi%0A%20%20%20%20%5D%2C%0A%20%20%20%20'dynamic.cloud.vip.xunlei.com'%3A%20%5B%0A%20%20%20%20%20%20%2F%5E%5C%2F%2Fi%0A%20%20%20%20%5D%2C%0A%20%20%20%20'cloud.vip.xunlei.com'%3A%20%5B%0A%20%20%20%20%20%20%2F%5E%5C%2F%2Fi%0A%20%20%20%20%5D%2C%0A%20%20%20%20'www.iqiyi.com'%3A%20%5B%0A%20%20%20%20%20%20%2F%5E%5C%2Fdongman%5C%2F%24%2Fi%0A%20%20%20%20%5D%2C%0A%20%20%20%20'36.110.222.105'%3A%20%5B%0A%20%20%20%20%20%20%2F%5E%5C%2F%2Fi%0A%20%20%20%20%5D%2C%0A%20%20%20%20'36.110.222.119'%3A%20%5B%0A%20%20%20%20%20%20%2F%5E%5C%2F%2Fi%0A%20%20%20%20%5D%2C%0A%20%20%20%20'36.110.222.146'%3A%20%5B%0A%20%20%20%20%20%20%2F%5E%5C%2F%2Fi%0A%20%20%20%20%5D%2C%0A%20%20%20%20'36.110.222.156'%3A%20%5B%0A%20%20%20%20%20%20%2F%5E%5C%2F%2Fi%0A%20%20%20%20%5D%2C%0A%20%20%20%20'123.125.89.6'%3A%20%5B%0A%20%20%20%20%20%20%2F%5E%5C%2F%2Fi%0A%20%20%20%20%5D%2C%0A%20%20%20%20'123.125.89.101'%3A%20%5B%0A%20%20%20%20%20%20%2F%5E%5C%2F%2Fi%0A%20%20%20%20%5D%2C%0A%20%20%20%20'123.125.89.102'%3A%20%5B%0A%20%20%20%20%20%20%2F%5E%5C%2F%2Fi%0A%20%20%20%20%5D%2C%0A%20%20%20%20'123.125.89.103'%3A%20%5B%0A%20%20%20%20%20%20%2F%5E%5C%2F%2Fi%0A%20%20%20%20%5D%2C%0A%20%20%20%20'123.125.89.157'%3A%20%5B%0A%20%20%20%20%20%20%2F%5E%5C%2F%2Fi%0A%20%20%20%20%5D%2C%0A%20%20%20%20'123.125.89.159'%3A%20%5B%0A%20%20%20%20%20%20%2F%5E%5C%2F%2Fi%0A%20%20%20%20%5D%2C%0A%20%20%20%20'123.126.32.134'%3A%20%5B%0A%20%20%20%20%20%20%2F%5E%5C%2F%2Fi%0A%20%20%20%20%5D%2C%0A%20%20%20%20'123.59.122.75'%3A%20%5B%0A%20%20%20%20%20%20%2F%5E%5C%2F%2Fi%0A%20%20%20%20%5D%2C%0A%20%20%20%20'123.59.122.76'%3A%20%5B%0A%20%20%20%20%20%20%2F%5E%5C%2F%2Fi%0A%20%20%20%20%5D%2C%0A%20%20%20%20'123.59.122.77'%3A%20%5B%0A%20%20%20%20%20%20%2F%5E%5C%2F%2Fi%0A%20%20%20%20%5D%2C%0A%20%20%20%20'123.59.122.104'%3A%20%5B%0A%20%20%20%20%20%20%2F%5E%5C%2F%2Fi%0A%20%20%20%20%5D%2C%0A%20%20%20%20'111.206.208.36'%3A%20%5B%0A%20%20%20%20%20%20%2F%5E%5C%2F%2Fi%0A%20%20%20%20%5D%2C%0A%20%20%20%20'111.206.208.37'%3A%20%5B%0A%20%20%20%20%20%20%2F%5E%5C%2F%2Fi%0A%20%20%20%20%5D%2C%0A%20%20%20%20'111.206.208.38'%3A%20%5B%0A%20%20%20%20%20%20%2F%5E%5C%2F%2Fi%0A%20%20%20%20%5D%2C%0A%20%20%20%20'111.206.208.61'%3A%20%5B%0A%20%20%20%20%20%20%2F%5E%5C%2F%2Fi%0A%20%20%20%20%5D%2C%0A%20%20%20%20'111.206.208.62'%3A%20%5B%0A%20%20%20%20%20%20%2F%5E%5C%2F%2Fi%0A%20%20%20%20%5D%2C%0A%20%20%20%20'111.206.208.163'%3A%20%5B%0A%20%20%20%20%20%20%2F%5E%5C%2F%2Fi%0A%20%20%20%20%5D%2C%0A%20%20%20%20'111.206.208.164'%3A%20%5B%0A%20%20%20%20%20%20%2F%5E%5C%2F%2Fi%0A%20%20%20%20%5D%2C%0A%20%20%20%20'111.206.208.166'%3A%20%5B%0A%20%20%20%20%20%20%2F%5E%5C%2F%2Fi%0A%20%20%20%20%5D%2C%0A%20%20%20%20'111.206.211.145'%3A%20%5B%0A%20%20%20%20%20%20%2F%5E%5C%2F%2Fi%0A%20%20%20%20%5D%2C%0A%20%20%20%20'111.206.211.146'%3A%20%5B%0A%20%20%20%20%20%20%2F%5E%5C%2F%2Fi%0A%20%20%20%20%5D%2C%0A%20%20%20%20'111.206.211.147'%3A%20%5B%0A%20%20%20%20%20%20%2F%5E%5C%2F%2Fi%0A%20%20%20%20%5D%2C%0A%20%20%20%20'111.206.211.148'%3A%20%5B%0A%20%20%20%20%20%20%2F%5E%5C%2F%2Fi%0A%20%20%20%20%5D%2C%0A%20%20%20%20'111.206.211.129'%3A%20%5B%0A%20%20%20%20%20%20%2F%5E%5C%2F%2Fi%0A%20%20%20%20%5D%2C%0A%20%20%20%20'111.206.211.130'%3A%20%5B%0A%20%20%20%20%20%20%2F%5E%5C%2F%2Fi%0A%20%20%20%20%5D%2C%0A%20%20%20%20'111.206.211.131'%3A%20%5B%0A%20%20%20%20%20%20%2F%5E%5C%2F%2Fi%0A%20%20%20%20%5D%2C%0A%20%20%20%20'220.181.153.113'%3A%20%5B%0A%20%20%20%20%20%20%2F%5E%5C%2F%2Fi%0A%20%20%20%20%5D%2C%0A%20%20%20%20'14.152.77.32'%3A%20%5B%0A%20%20%20%20%20%20%2F%5E%5C%2F%2Fi%0A%20%20%20%20%5D%2C%0A%20%20%20%20'14.152.77.26'%3A%20%5B%0A%20%20%20%20%20%20%2F%5E%5C%2F%2Fi%0A%20%20%20%20%5D%2C%0A%20%20%20%20'14.152.77.25'%3A%20%5B%0A%20%20%20%20%20%20%2F%5E%5C%2F%2Fi%0A%20%20%20%20%5D%2C%0A%20%20%20%20'14.152.77.22'%3A%20%5B%0A%20%20%20%20%20%20%2F%5E%5C%2F%2Fi%0A%20%20%20%20%5D%2C%0A%20%20%20%20'183.232.229.22'%3A%20%5B%0A%20%20%20%20%20%20%2F%5E%5C%2F%2Fi%0A%20%20%20%20%5D%2C%0A%20%20%20%20'183.232.229.21'%3A%20%5B%0A%20%20%20%20%20%20%2F%5E%5C%2F%2Fi%0A%20%20%20%20%5D%2C%0A%20%20%20%20'183.232.229.25'%3A%20%5B%0A%20%20%20%20%20%20%2F%5E%5C%2F%2Fi%0A%20%20%20%20%5D%2C%0A%20%20%20%20'183.232.229.32'%3A%20%5B%0A%20%20%20%20%20%20%2F%5E%5C%2F%2Fi%0A%20%20%20%20%5D%2C%0A%20%20%20%20'115.182.200.51'%3A%20%5B%0A%20%20%20%20%20%20%2F%5E%5C%2F%2Fi%0A%20%20%20%20%5D%2C%0A%20%20%20%20'115.182.200.50'%3A%20%5B%0A%20%20%20%20%20%20%2F%5E%5C%2F%2Fi%0A%20%20%20%20%5D%2C%0A%20%20%20%20'115.182.200.54'%3A%20%5B%0A%20%20%20%20%20%20%2F%5E%5C%2F%2Fi%0A%20%20%20%20%5D%2C%0A%20%20%20%20'115.182.200.53'%3A%20%5B%0A%20%20%20%20%20%20%2F%5E%5C%2F%2Fi%0A%20%20%20%20%5D%2C%0A%20%20%20%20'115.182.200.52'%3A%20%5B%0A%20%20%20%20%20%20%2F%5E%5C%2F%2Fi%0A%20%20%20%20%5D%2C%0A%20%20%20%20'115.182.63.51'%3A%20%5B%0A%20%20%20%20%20%20%2F%5E%5C%2F%2Fi%0A%20%20%20%20%5D%2C%0A%20%20%20%20'115.182.63.93'%3A%20%5B%0A%20%20%20%20%20%20%2F%5E%5C%2F%2Fi%0A%20%20%20%20%5D%2C%0A%20%20%20%20'pay.youku.com'%3A%20%5B%0A%20%20%20%20%20%20%2F%5E%5C%2Fbuy%5C%2Fredirect%5C.html%2Fi%0A%20%20%20%20%5D%2C%0A%20%20%20%20'pay.tudou.com'%3A%20%5B%0A%20%20%20%20%20%20%2F%5E%5C%2Fbuy%5C%2Fredirect%5C.html%2Fi%0A%20%20%20%20%5D%2C%0A%20%20%20%20'aid.video.qq.com'%3A%20%5B%0A%20%20%20%20%20%20%2F%5E%5C%2Ffcgi%5C-bin%5C%2Fuserip%5C%3F%2Fi%0A%20%20%20%20%5D%2C%0A%20%20%20%20'aidbak.video.qq.com'%3A%20%5B%0A%20%20%20%20%20%20%2F%5E%5C%2Ffcgi%5C-bin%5C%2Fuserip%5C%3F%2Fi%0A%20%20%20%20%5D%2C%0A%20%20%20%20'pay.video.qq.com'%3A%20%5B%0A%20%20%20%20%20%20%2F%5E%5C%2Ffcgi%5C-bin%5C%2Fpaylimit%2Fi%0A%20%20%20%20%5D%2C%0A%20%20%20%20'paybak.video.qq.com'%3A%20%5B%0A%20%20%20%20%20%20%2F%5E%5C%2Ffcgi%5C-bin%5C%2Fpaylimit%2Fi%0A%20%20%20%20%5D%2C%0A%20%20%20%20'chrome.2345.com'%3A%20%5B%0A%20%20%20%20%20%20%2F%5E%5C%2Fdianhua%5C%2Findex%5C.php%5C%3Fm%3Dcall%26f%3Dcheck%26%2Fi%0A%20%20%20%20%5D%0A%20%20%7D%0A%7D%3B%0Avar%20_https_map%20%3D%20%7B%0A%20%20'white'%3A%20%7B%0A%20%20%20%20'any'%3A%20%5B%5D%0A%20%20%7D%2C%0A%20%20'proxy'%3A%20%7B%0A%20%20%20%20'any'%3A%20%5B%5D%0A%20%20%7D%0A%7D%3B%0Avar%20_proxy_str%20%3D%20'HTTPS%20secure.uku.im%3A993%3B%20HTTPS%20proxy.mainland.io%3A993%3B%20DIRECT%3B'%3B%0A%0Afunction%20_check_regex_list(regex_list%2C%20str)%20%7B%0A%20%20var%20i%3B%0A%20%20for%20(i%20%3D%200%3B%20i%20%3C%20regex_list.length%3B%20i%2B%2B)%0A%20%20%20%20if%20(regex_list%5Bi%5D.test(str))%0A%20%20%20%20%20%20return%20true%3B%0A%20%20return%20false%3B%0A%7D%0A%0Afunction%20_check_patterns(patterns%2C%20hostname%2C%20full_url%2C%20prot_len)%20%7B%0A%20%20if%20(patterns.hasOwnProperty(hostname))%0A%20%20%20%20if%20(_check_regex_list(patterns%5Bhostname%5D%2C%0A%20%20%20%20%20%20%20%20full_url.slice(prot_len%20%2B%20hostname.length)))%0A%20%20%20%20%20%20return%20true%3B%0A%20%20if%20(_check_regex_list(patterns.any%2C%0A%20%20%20%20%20%20full_url.slice(prot_len)))%0A%20%20%20%20return%20true%3B%0A%20%20return%20false%3B%0A%7D%0A%0Afunction%20_find_proxy(url_map%2C%20host%2C%20url%2C%20prot_len)%20%7B%0A%20%20if%20(_check_patterns(url_map.white%2C%20host%2C%20url%2C%20prot_len))%0A%20%20%20%20%20%20return%20'DIRECT'%3B%0A%20%20if%20(_check_patterns(url_map.proxy%2C%20host%2C%20url%2C%20prot_len))%0A%20%20%20%20return%20_proxy_str%3B%0A%20%20return%20'DIRECT'%3B%0A%7D%0A%0Afunction%20FindProxyForURL(url%2C%20host)%20%7B%0A%20%20var%20prot%20%3D%20url.slice(0%2C%206)%3B%0A%20%20if%20(prot%20%3D%3D%3D%20'http%3A%2F')%0A%20%20%20%20return%20_find_proxy(_http_map%2C%20host%2C%20url%2C%207)%3B%0A%20%20else%20if%20(prot%20%3D%3D%3D%20'https%3A')%0A%20%20%20%20return%20_find_proxy(_https_map%2C%20host%2C%20url%2C%208)%3B%0A%20%20return%20'DIRECT'%3B%0A%7D%0A"
FF Extension: (Search Manager) - C:\Users\TingTing\AppData\Roaming\Mozilla\Firefox\Profiles\pecg5pgj.default\Extensions\{24436206-088d-4a1a-8d0e-cf93ca7a2d23} [2019-12-14] [hxxps://qupotomu.com/update?x=restype=ffjson]
FF Plugin HKU\S-1-5-21-688974935-4124263328-645016171-1001: @alibaba.com/npAliSSOLogin;version=1.0 -> C:\Program Files (x86)\AliWangWang\8.60.00C\npAliSSOLogin.dll [No File]
FF Plugin HKU\S-1-5-21-688974935-4124263328-645016171-1001: @alibaba.com/npwangwang;version=1.0 -> C:\Program Files (x86)\AliWangWang\8.60.00C\npwangwang.dll [No File]
FF Plugin HKU\S-1-5-21-688974935-4124263328-645016171-1001: @citrixonline.com/appdetectorplugin -> C:\Users\TingTing\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2015-03-25] 
FF Plugin-x32: @alibaba.com/npwangwang;version=1.0 -> C:\Program Files (x86)\AliWangWang\8.60.00C\npwangwang.dll [No File]
FF Plugin-x32: @alipay.com/NPComBrg701,version=1.0.2011.701 -> C:\windows\system32\itruscert\NPComBrg701.dll [No File]
C:\Users\TingTing\AppData\Local\AutoSoftware
File: C:\Windows\System32\wow64.dll 
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx <not found>
S2 Service KMSELDI; C:\Program Files\KMSpico\Service_KMS.exe [X]
S2 TBSecSvc; "C:\Program Files (x86)\TaobaoProtect\TBSecSvc.exe" [X]
S2 wwbizsrv; "C:\Program Files (x86)\Alibaba\wwbizsrv\wwbizsrv.exe" [X]
S3 WinDivert1.1; C:\Program Files\KMSpico\WinDivert.sys [35376 2015-03-05] (Nemea Mjukvaruutveckling AB -> Basil Projects)
S3 andnetadb; \SystemRoot\System32\Drivers\lgandnetadb.sys [X]
S3 dbx; system32\DRIVERS\dbx.sys [X]
S1 noerefua; \??\C:\windows\system32\drivers\noerefua.sys [X]
CustomCLSID: HKU\S-1-5-21-688974935-4124263328-645016171-1001_Classes\CLSID\{5D09DD40-CDC4-4C56-B615-0D1E3B357C2B}\InprocServer32 -> C:\Program Files (x86)\AliWangWang\8.60.00C\AliIMX_64.dll => No File
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
.)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\windows\system32\igfxpph.dll -> No File
FirewallRules: [{66D9F0F6-5B44-4AE3-9356-9FD6DC569137}] => (Allow) C:\Program Files\KMSpico\KMSELDI.exe No File
FirewallRules: [{918F0954-EF53-41E1-80D8-BC191F503554}] => (Allow) C:\Program Files\KMSpico\KMSELDI.exe No File
FirewallRules: [{EF2716B0-FD60-4384-9B9B-E6819DBFEBE0}] => (Allow) C:\windows\downloader.exe No File
FirewallRules: [{693B36B2-FF91-457B-AD50-2C1B467BFCAF}] => (Allow) C:\windows\downloader.exe No File
 FirewallRules: [{45681DC8-8907-47A7-910D-D3668F26FB69}] => (Allow) C:\Windows\twain_32\Samsung\SLM288x\ScanCDLM\ScanCDLM.exe No File
FirewallRules: [{C18E7762-B9FC-4ACF-BBE9-E74A4705BED1}] => (Allow) C:\Windows\twain_32\Samsung\SLM288x\ScanCDLM\ScanCDLM.exe No File
FirewallRules: [{AFFB9AF7-2C9A-4AEF-8A9D-2D3288CC7BEC}] => (Allow) C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe No File
FirewallRules: [{BFA314FA-CCB4-4054-89CF-29881ECBBA8C}] => (Allow) C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe No File
FirewallRules: [{FCA6E85D-9087-4D55-B57D-5ED3EBBB0922}] => (Allow) C:\Program Files (x86)\Samsung\Easy Document Creator\EDC.exe No File
FirewallRules: [{A80788E9-EF9B-4BFF-A898-A4E130211A8D}] => (Allow) C:\Program Files (x86)\Samsung\Easy Document Creator\EDC.exe No File
FirewallRules: [{79E13EB7-1031-4971-8AF8-39A787587685}] => (Allow) C:\Windows\twain_32\Samsung\SCX3400\SCNSearch\USDAgent.exe No File
FirewallRules: [{7DE37AAF-2AE6-4B93-A127-D696D2E1FE69}] => (Allow) C:\Windows\twain_32\Samsung\SCX3400\SCNSearch\USDAgent.exe No File
FirewallRules: [{24ADB8DA-9C1E-4F7B-A59F-F643752BC580}] => (Allow) C:\Program Files (x86)\Samsung\Samsung Universal Scan Driver\ICCUpdater.exe No File
FirewallRules: [{3B4E993C-0FF0-457B-BBBF-180F616E26E2}] => (Allow) C:\Program Files (x86)\Samsung\Samsung Universal Scan Driver\ICCUpdater.exe No File
FirewallRules: [{9012D8B5-6223-4E39-972B-4D731725060A}] => (Allow) C:\Program Files (x86)\Samsung\Samsung Universal Scan Driver\ScanCDLM.exe No File
FirewallRules: [{6BBFA05F-8294-43DF-AF55-939C70401380}] => (Allow) C:\Program Files (x86)\Samsung\Samsung Universal Scan Driver\ScanCDLM.exe No File
FirewallRules: [{6DD70BA7-1083-469B-A766-604500BD643E}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe No File
FirewallRules: [{42DC6C5E-AF62-4097-B6B8-296DE8C07163}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe No File
FirewallRules: [{11311FF4-7DE6-47F6-87B7-011FA26A5711}] => (Allow) C:\Program Files (x86)\AliWangWang\AliIM.exe No File
FirewallRules: [{A3D7C7C9-12F4-46E2-8B40-A70237FF9183}] => (Allow) C:\Program Files (x86)\AliWangWang\AliIM.exe No File
FirewallRules: [TCP Query User{0795448A-A114-4F79-8FD4-9F206F657D15}C:\program files (x86)\airdroid\airdroid.exe] => (Allow) C:\program files (x86)\airdroid\airdroid.exe No File
FirewallRules: [UDP Query User{151C48F0-CAB9-4E41-B7FE-B0BD50141C44}C:\program files (x86)\airdroid\airdroid.exe] => (Allow) C:\program files (x86)\airdroid\airdroid.exe No File
C:\Users\TingTing\AppData\Local\AutoSoftware
CMD: FOR /F "usebackq delims==" %i IN (`wevtutil el`) DO wevtutil cl "%i"
Reboot:
 
 
*****************
 
"HKU\S-1-5-21-688974935-4124263328-645016171-1001\Software\Policies\Microsoft\Windows\System\\DisableCMD" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{968B3171-F356-4241-8378-8C11069595DD}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{968B3171-F356-4241-8378-8C11069595DD}" => removed successfully
C:\windows\System32\Tasks\{F11E54FD-9E0C-40D2-B2BC-C39546927883} => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{F11E54FD-9E0C-40D2-B2BC-C39546927883}" => removed successfully
C:\windows\Tasks\AliUpdater{6D476752-FA67-4F7A-AE78-088CF5BD18C8}.job => moved successfully
C:\windows\Tasks\DropboxUpdateTaskMachineCore.job => moved successfully
C:\windows\Tasks\DropboxUpdateTaskMachineUA.job => moved successfully
Firefox Proxy settings were reset.
C:\Users\TingTing\AppData\Roaming\Mozilla\Firefox\Profiles\pecg5pgj.default\Extensions\{24436206-088d-4a1a-8d0e-cf93ca7a2d23} => moved successfully
HKU\S-1-5-21-688974935-4124263328-645016171-1001\Software\MozillaPlugins\@alibaba.com/npAliSSOLogin;version=1.0 => removed successfully
"C:\Program Files (x86)\AliWangWang\8.60.00C\npAliSSOLogin.dll" => not found
HKU\S-1-5-21-688974935-4124263328-645016171-1001\Software\MozillaPlugins\@alibaba.com/npwangwang;version=1.0 => removed successfully
"C:\Program Files (x86)\AliWangWang\8.60.00C\npwangwang.dll" => not found
HKU\S-1-5-21-688974935-4124263328-645016171-1001\Software\MozillaPlugins\@citrixonline.com/appdetectorplugin => removed successfully
C:\Users\TingTing\AppData\Local\Citrix\Plugins\104\npappdetector.dll => moved successfully
HKLM\Software\Wow6432Node\MozillaPlugins\@alibaba.com/npwangwang;version=1.0 => removed successfully
HKLM\Software\Wow6432Node\MozillaPlugins\@alipay.com/NPComBrg701,version=1.0.2011.701 => removed successfully
C:\Users\TingTing\AppData\Local\AutoSoftware => moved successfully
 
========================= File: C:\Windows\System32\wow64.dll ========================
 
C:\Windows\System32\wow64.dll
Catalog: C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_717_for_KB4520005~31bf3856ad364e35~amd64~~6.3.1.11.cat
File is digitally signed
MD5: 757525DB00E5466407495863326F2720
Creation and modification date: 2019-10-09 20:57 - 2019-08-31 11:50
Size: 000284160
Attributes: ----A
Company Name: Microsoft Windows -> Microsoft Corporation
Internal Name: wow64
Original Name: wow64.dll
Product: Microsoft® Windows® Operating System
Description: Win32 Emulation on NT64
File Version: 6.3.9600.19478 (winblue_ltsb.190831-0600)
Product Version: 6.3.9600.19478
Copyright: © Microsoft Corporation. All rights reserved.
 
====== End 1 File: ======
 
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\eofcbnmajmjmplflapaojjnihcjkigck => removed successfully
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\gomekmidlodglbbmalcneegieacbdmki => removed successfully
HKLM\System\CurrentControlSet\Services\Service KMSELDI => removed successfully
Service KMSELDI => service removed successfully
HKLM\System\CurrentControlSet\Services\TBSecSvc => removed successfully
TBSecSvc => service removed successfully
HKLM\System\CurrentControlSet\Services\wwbizsrv => removed successfully
wwbizsrv => service removed successfully
HKLM\System\CurrentControlSet\Services\WinDivert1.1 => removed successfully
WinDivert1.1 => service removed successfully
HKLM\System\CurrentControlSet\Services\andnetadb => removed successfully
andnetadb => service removed successfully
HKLM\System\CurrentControlSet\Services\dbx => removed successfully
dbx => service removed successfully
HKLM\System\CurrentControlSet\Services\noerefua => removed successfully
noerefua => service removed successfully
HKU\S-1-5-21-688974935-4124263328-645016171-1001_Classes\CLSID\{5D09DD40-CDC4-4C56-B615-0D1E3B357C2B} => removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00asw => removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00avast => removed successfully
.) => Error: No automatic fix found for this entry.
HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\igfxcui => removed successfully
HKLM\Software\Classes\CLSID\{3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{66D9F0F6-5B44-4AE3-9356-9FD6DC569137}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{918F0954-EF53-41E1-80D8-BC191F503554}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{EF2716B0-FD60-4384-9B9B-E6819DBFEBE0}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{693B36B2-FF91-457B-AD50-2C1B467BFCAF}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{45681DC8-8907-47A7-910D-D3668F26FB69}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{C18E7762-B9FC-4ACF-BBE9-E74A4705BED1}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{AFFB9AF7-2C9A-4AEF-8A9D-2D3288CC7BEC}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{BFA314FA-CCB4-4054-89CF-29881ECBBA8C}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{FCA6E85D-9087-4D55-B57D-5ED3EBBB0922}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{A80788E9-EF9B-4BFF-A898-A4E130211A8D}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{79E13EB7-1031-4971-8AF8-39A787587685}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{7DE37AAF-2AE6-4B93-A127-D696D2E1FE69}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{24ADB8DA-9C1E-4F7B-A59F-F643752BC580}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{3B4E993C-0FF0-457B-BBBF-180F616E26E2}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{9012D8B5-6223-4E39-972B-4D731725060A}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{6BBFA05F-8294-43DF-AF55-939C70401380}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{6DD70BA7-1083-469B-A766-604500BD643E}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{42DC6C5E-AF62-4097-B6B8-296DE8C07163}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{11311FF4-7DE6-47F6-87B7-011FA26A5711}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{A3D7C7C9-12F4-46E2-8B40-A70237FF9183}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{0795448A-A114-4F79-8FD4-9F206F657D15}C:\program files (x86)\airdroid\airdroid.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{151C48F0-CAB9-4E41-B7FE-B0BD50141C44}C:\program files (x86)\airdroid\airdroid.exe" => removed successfully
"C:\Users\TingTing\AppData\Local\AutoSoftware" => not found
 
========= FOR /F "usebackq delims==" %i IN (`wevtutil el`) DO wevtutil cl "%i" =========
 
Failed to clear log DebugChannel. The requested operation cannot be performed over an enabled direct channel. The channel must first be disabled before performing the requested operation.
Failed to clear log Microsoft-RMS-MSIPC/Debug. The requested operation cannot be performed over an enabled direct channel. The channel must first be disabled before performing the requested operation.
Failed to clear log Microsoft-Windows-USBVideo/Analytic. The instance name passed was not recognized as valid by a WMI data provider.
 
========= End 1 CMD: =========
 
 
 
The system needed a reboot.
 
==== End 1 Fixlog 17:50:51 ====
 
 
 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 14-12-2019
Ran by TingTing (administrator) on WINDOWS-I6D372C (Dell Inc. Inspiron 5547) (17-12-2019 20:36:21)
Running from C:\Users\TingTing\Downloads
Loaded Profiles: TingTing (Available Profiles: TingTing)
Platform: Windows 8.1 (Update) (X64) Language: English (United States)
Default browser: Chrome
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Adobe Inc. -> Adobe Systems) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(Adobe Inc. -> Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe
(Adobe Inc. -> Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(Adobe Systems Incorporated -> Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe
(Andrea Electronics -> Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Bitdefender SRL -> Bitdefender) C:\Program Files\Bitdefender Agent\DiscoverySrv.exe
(Bitdefender SRL -> Bitdefender) C:\Program Files\Bitdefender Agent\ProductAgentService.exe
(Bitdefender SRL -> Bitdefender) C:\Program Files\Bitdefender Antivirus Free\bdagent.exe
(Bitdefender SRL -> Bitdefender) C:\Program Files\Bitdefender Antivirus Free\bdredline.exe
(Bitdefender SRL -> Bitdefender) C:\Program Files\Bitdefender Antivirus Free\updatesrv.exe
(Bitdefender SRL -> Bitdefender) C:\Program Files\Bitdefender Antivirus Free\vsserv.exe
(Bitdefender SRL -> Bitdefender) C:\Program Files\Bitdefender Antivirus Free\vsservppl.exe
(Compal Electronics, Inc. -> Dell Inc.) C:\Program Files\Dell\QuickSet\quickset.exe
(CyberLink Corp. -> CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(CyberLink Corp. -> CyberLink) C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
(Daniel Terhell -> Resplendence Software Projects Sp.) C:\Program Files\LatencyMon\LatMon.exe
(Dell Inc. -> SoftThinks SAS) C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe
(Dropbox, Inc -> Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
(Dropbox, Inc -> Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.35.422\GoogleCrashHandler.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.35.422\GoogleCrashHandler64.exe
(Intel Corporation - Intel® Management Engine Firmware -> Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Intel Corporation - Intel® Rapid Storage Technology -> Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation - Software and Firmware Products -> Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation - Software and Firmware Products -> Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Intel Corporation - Software and Firmware Products -> Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation - Software and Firmware Products -> Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation - Software and Firmware Products -> Intel Corporation) C:\Windows\System32\igfxTray.exe
(Intel Corporation-Wireless Connectivity Solutions -> Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Intel Corporation-Wireless Connectivity Solutions -> Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Intel Corporation-Wireless Connectivity Solutions -> Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Intel® Corporation) [File not signed] C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation -> Sysinternals - www.sysinternals.com) C:\Users\TingTing\AppData\Local\Temp\procexp64.exe
(Microsoft Corporation -> Sysinternals - www.sysinternals.com) C:\Users\TingTing\Desktop\procexp.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\cmd.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Motorola Mobility Inc. -> Motorola Mobility LLC) C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe
(Motorola Mobility Inc. -> Motorola Mobility LLC) C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe
(Motorola Solutions Inc. -> Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Motorola Solutions Inc. -> Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Motorola) [File not signed] C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe
(Piriform Ltd -> Piriform Ltd) C:\Program Files\Speccy\Speccy64.exe
(Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Samsung Electronics CO., LTD. -> ) C:\Windows\SysWOW64\SecUPDUtilSvc.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
 
==================== Registry (Whitelisted) ===================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7506648 2013-12-27] (Realtek Semiconductor Corp -> Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1374424 2014-01-09] (Realtek Semiconductor Corp -> Realtek Semiconductor)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [287592 2014-02-26] (Intel Corporation - Intel® Rapid Storage Technology -> Intel Corporation)
HKLM\...\Run: [QuickSet] => C:\Program Files\Dell\QuickSet\QuickSet.exe [5789512 2014-01-15] (Compal Electronics, Inc. -> Dell Inc.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508128 2016-07-01] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
HKLM\...\Run: [BTMTrayAgent] => C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll [7825720 2014-03-26] (Motorola Solutions Inc. -> Motorola Solutions, Inc.)
HKLM\...\Run: [AdobeGCInvoker-1.0] => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [2872400 2019-10-08] (Adobe Inc. -> Adobe Systems, Incorporated)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [301880 2018-11-15] (Apple Inc. -> Apple Inc.)
HKLM\...\Run: [MRT] => C:\windows\system32\MRT.exe [129221664 2019-12-15] (Microsoft Windows -> Microsoft Corporation)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe [3499896 2014-05-08] (Adobe Systems, Incorporated -> Adobe Systems Inc.)
HKLM-x32\...\Run: [ControlCenter4] => C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe [139776 2014-06-16] (Brother Industries, Ltd.) [File not signed]
HKLM-x32\...\Run: [BrStsMon00] => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [4513792 2014-05-22] (Brother Industries, Ltd.) [File not signed]
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [6260544 2019-12-04] (Dropbox, Inc -> Dropbox, Inc.)
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2409944 2018-01-30] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-688974935-4124263328-645016171-1001\...\Run: [TouchFreeze] => C:\Users\TingTing\AppData\Local\Programs\TouchFreeze\TouchFreeze.exe [40960 2012-07-24] () [File not signed]
HKU\S-1-5-21-688974935-4124263328-645016171-1001\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [25638872 2018-04-23] (Google Inc -> Google)
HKU\S-1-5-21-688974935-4124263328-645016171-1001\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [67384 2018-12-03] (Apple Inc. -> Apple Inc.)
HKU\S-1-5-21-688974935-4124263328-645016171-1001\...\MountPoints2: D - "D:\setup.exe" 
HKU\S-1-5-21-688974935-4124263328-645016171-1001\...\MountPoints2: {22fa2faf-8bde-11e7-82e1-3417eb5914a6} - "E:\LaunchU3.exe" -a
HKU\S-1-5-21-688974935-4124263328-645016171-1001\...\MountPoints2: {61380f82-c0c8-11e4-825d-a08869820531} - "D:\setup.exe" 
HKU\S-1-5-21-688974935-4124263328-645016171-1001\...\MountPoints2: {896efc2d-f5b5-11e6-82ce-3417eb5914a6} - "E:\LaunchU3.exe" -a
HKU\S-1-5-18\...\RunOnce: [Application Restart #0] => C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe [372408 2014-11-08] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-18\...\RunOnce: [Application Restart #1] => C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe [372408 2014-11-08] (Microsoft Windows -> Microsoft Corporation)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\79.0.3945.79\Installer\chrmstp.exe [2019-12-15] (Google LLC -> Google LLC)
FF HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
 
==================== Scheduled Tasks (Whitelisted) ============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {0C038BE4-52C3-41DD-B5BD-51C24D8F8AAA} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-04-06] (Dropbox, Inc -> Dropbox, Inc.)
Task: {0F3E797A-6B3E-46A7-88F6-DC1DE3EEE62A} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1240656 2019-09-10] (Adobe Inc. -> Adobe Systems)
Task: {1732AA69-2928-4EBA-899C-516A81AA3506} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [376496 2014-01-23] (Microsoft Corporation -> Microsoft Corporation)
Task: {2C74E863-9DF3-4A95-A19B-5E21449933D9} - System32\Tasks\Bitdefender Agent WatchDog_65D6944A0EF74FDAB96E31112AD39864 => C:\Program Files\Bitdefender Agent\WatchDog.exe [488760 2019-07-15] (Bitdefender SRL -> Bitdefender)
Task: {5209B56C-211A-48FF-8B16-FA8F7961AB32} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-04-06] (Dropbox, Inc -> Dropbox, Inc.)
Task: {5942E666-3F3C-45DA-8CAB-F1B8D27AB421} - System32\Tasks\Motorola Device Manager Initial Update => C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotorolaDeviceManagerUpdate.exe [272176 2014-10-30] (Motorola Mobility Inc. -> )
Task: {5A4EE116-098D-4AA6-90F8-898F6D260D06} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [616320 2018-01-08] (Apple Inc. -> Apple Inc.)
Task: {5A66E741-8261-43C5-8027-1CB7AD0D4734} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2806512 2014-01-16] (Synaptics Incorporated -> Synaptics Incorporated)
Task: {5CDAD16E-0A7F-4C93-ADF4-C4FA586A4D02} - System32\Tasks\AdobeGCInvoker-1.0 => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [2872400 2019-10-08] (Adobe Inc. -> Adobe Systems, Incorporated)
Task: {6E92995C-D2EA-47AD-9D35-786C57AF3ECF} - System32\Tasks\CLVDLauncher => C:\Program Files (x86)\CyberLink\Power2Go8\CLVDLauncher.exe [340440 2013-03-22] (CyberLink Corp. -> CyberLink Corp.)
Task: {923C2E1C-2FBC-4811-ABDB-BB9D627B412A} - System32\Tasks\Motorola Device Manager Update => C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotorolaDeviceManagerUpdate.exe [272176 2014-10-30] (Motorola Mobility Inc. -> )
Task: {A15EB976-7A15-4C27-8B8A-79EA7350DA03} - System32\Tasks\AliUpdater{6D476752-FA67-4F7A-AE78-088CF5BD18C8} => C:\Program Files (x86)\AliWangWang\AliTask.exe
Task: {A43D367F-FAEB-41A7-9D5C-27C880684A85} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [107848 2015-02-09] (Google Inc -> Google Inc.)
Task: {A6C80B7D-86D1-46D4-8D79-F36C8AE68999} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [376496 2014-01-23] (Microsoft Corporation -> Microsoft Corporation)
Task: {AEE99547-62D3-471C-AE1E-12C94F8054D8} - System32\Tasks\CLMLSvc_P2G8 => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [110144 2013-03-04] (CyberLink Corp. -> CyberLink)
Task: {BB3B081F-73AD-4AE7-A3B5-55E7C9465B3C} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [335416 2019-12-14] (Adobe Inc. -> Adobe)
Task: {CD9384C4-1501-4AD3-8CF9-DAB04B50AF4F} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\windows\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_303_Plugin.exe [1457720 2019-12-14] (Adobe Inc. -> Adobe)
Task: {EF43AF7F-5E29-457A-BBF5-D18F7D16EC5A} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [1626328 2014-01-23] (Microsoft Corporation -> Microsoft Corporation)
Task: {FCD881F4-F2B4-40F7-A2B8-E9E30E8D3978} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [107848 2015-02-09] (Google Inc -> Google Inc.)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Winsock: Catalog5 07 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [122128 2015-08-12] (Apple Inc. -> Apple Inc.)
Winsock: Catalog5-x64 07 C:\Program Files\Bonjour\mdnsNSP.dll [133392 2015-08-12] (Apple Inc. -> Apple Inc.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{1D93A623-DC57-476A-A086-3E85E64CB79D}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{99CDAB89-41AD-4E9D-B019-09A1C00B4DDA}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{99CDAB89-41AD-4E9D-B019-09A1C00B4DDA}: [DhcpNameServer] 192.168.1.1
 
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617912&ResetID=132023802582494831&GUID=B557F50C-1250-400C-ACD1-A95B3DDA787B
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617912&ResetID=132023802582797841&GUID=B557F50C-1250-400C-ACD1-A95B3DDA787B
HKU\S-1-5-21-688974935-4124263328-645016171-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKLM-x32 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
SearchScopes: HKU\S-1-5-21-688974935-4124263328-645016171-1001 -> {1A95DC8F-4A6D-4938-B715-50B59B516306} URL = 
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2019-07-18] (Microsoft Corporation -> Microsoft Corporation)
BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2014-05-08] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2018-05-15] (Microsoft Corporation -> Microsoft Corporation)
BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2014-05-08] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2019-07-18] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2014-05-08] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2018-05-15] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2014-05-08] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2014-05-08] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2014-05-08] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2017-08-15] (Microsoft Corporation -> Microsoft Corporation)
 
FireFox:
========
FF DefaultProfile: pecg5pgj.default
FF ProfilePath: C:\Users\TingTing\AppData\Roaming\Mozilla\Firefox\Profiles\pecg5pgj.default [2019-12-17]
FF Extension: (Unblock Youku) - C:\Users\TingTing\AppData\Roaming\Mozilla\Firefox\Profiles\pecg5pgj.default\Extensions\[email protected] [2016-03-08] [Legacy]
FF Extension: (Adblock Plus) - C:\Users\TingTing\AppData\Roaming\Mozilla\Firefox\Profiles\pecg5pgj.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2017-06-12] [Legacy]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: (Adobe Acrobat - Create PDF) - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn [2015-06-25] [Legacy] [not signed]
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_32_0_0_303.dll [2019-12-14] (Adobe Inc. -> )
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2018-01-30] (Adobe Systems Incorporated -> Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_32_0_0_303.dll [2019-12-14] (Adobe Inc. -> )
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-12-18] (Intel® Identity Protection Technology Software -> Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-12-18] (Intel® Identity Protection Technology Software -> Intel Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2016-07-19] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-22] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.35.422\npGoogleUpdate3.dll [2019-12-14] (Google LLC -> Google LLC)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.35.422\npGoogleUpdate3.dll [2019-12-14] (Google LLC -> Google LLC)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll [2014-05-08] (Adobe Systems, Incorporated -> Adobe Systems Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2019-12-02] (Adobe Inc. -> Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2018-01-30] (Adobe Systems Incorporated -> Adobe Systems)
 
Chrome: 
=======
CHR DefaultProfile: Default
CHR DefaultSearchURL: Default -> hxxp://www.google.com/search?q={searchTerms}
CHR DefaultSearchKeyword: Default -> google.com_
CHR Notifications: Default -> hxxps://voice.google.com
CHR Profile: C:\Users\TingTing\AppData\Local\Google\Chrome\User Data\Default [2019-12-17]
CHR Extension: (Google Drive) - C:\Users\TingTing\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2019-12-15]
CHR Extension: (Google Docs Offline) - C:\Users\TingTing\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-08-19]
CHR Extension: (AdBlock — best ad blocker) - C:\Users\TingTing\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2019-12-15]
CHR Extension: (Sketchpad) - C:\Users\TingTing\AppData\Local\Google\Chrome\User Data\Default\Extensions\lkllajgbhondgjjnhmmgbjndmogapinp [2015-12-27]
CHR Extension: (InspirARTion - Sketch & Draw!) - C:\Users\TingTing\AppData\Local\Google\Chrome\User Data\Default\Extensions\nhbmpilemgmpbdaniehhmodkkppkelec [2015-12-27]
CHR Extension: (Chrome Web Store Payments) - C:\Users\TingTing\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2019-10-13]
CHR Extension: (Hola - Unlimited Proxy VPN) - C:\Users\TingTing\AppData\Local\Google\Chrome\User Data\Default\Extensions\opalpjjboefohnelaemnhdhlceibbcgl [2016-04-10]
CHR Extension: (Unblock Youku) - C:\Users\TingTing\AppData\Local\Google\Chrome\User Data\Default\Extensions\pdnfnkhpgegpcingjbfihlkjeighnddk [2019-06-02]
CHR Extension: (Chrome Media Router) - C:\Users\TingTing\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-12-15]
CHR HKU\S-1-5-21-688974935-4124263328-645016171-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\TingTing\AppData\Local\Google\Drive\user_default\apdfllckaahabafndbhieahigkjlhalf_live.crx [2016-04-06]
CHR HKU\S-1-5-21-688974935-4124263328-645016171-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCChromeExtn\WCChromeExtn.crx [2014-05-08]
 
==================== Services (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [818136 2018-01-30] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
R2 AGMService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe [3147344 2019-10-08] (Adobe Inc. -> Adobe Systems, Incorporated)
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2914896 2019-10-08] (Adobe Inc. -> Adobe Systems, Incorporated)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [85304 2018-10-16] (Apple Inc. -> Apple Inc.)
R2 bdredline; C:\Program Files\Bitdefender Antivirus Free\bdredline.exe [2500144 2019-03-27] (Bitdefender SRL -> Bitdefender)
S3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [282112 2013-09-25] (Brother Industries, Ltd.) [File not signed]
S2 CLKMSVC10_99E320F5; C:\Program Files (x86)\CyberLink\PowerDVD12\Common\NavFilter\kmsvc.exe [243464 2013-08-06] (CyberLink Corp. -> CyberLink)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-04-06] (Dropbox, Inc -> Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-04-06] (Dropbox, Inc -> Dropbox, Inc.)
R2 DbxSvc; C:\windows\system32\DbxSvc.exe [51024 2019-12-04] (Dropbox, Inc -> Dropbox, Inc.)
S2 DellDataVault; C:\Program Files\Dell\DellDataVault\DellDataVault.exe [2574168 2015-09-11] (Techporch Incorporated -> Dell Inc.)
R2 igfxCUIService1.0.0.0; C:\windows\system32\igfxCUIService.exe [282096 2014-03-11] (Intel Corporation - Software and Firmware Products -> Intel Corporation)
R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel® Trusted Connect Service -> Intel® Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-12-18] (Intel Corporation - Intel® Management Engine Firmware -> Intel Corporation)
R2 Motorola Device Manager; C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe [137528 2014-04-08] (Motorola Mobility Inc. -> Motorola Mobility LLC)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [268192 2015-03-19] (Intel Corporation-Wireless Connectivity Solutions -> )
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2121736 2017-01-29] (Electronic Arts, Inc. -> Electronic Arts)
S2 Origin Web Helper Service; C:\Program Files (x86)\Origin\OriginWebHelperService.exe [2183696 2017-01-29] (Electronic Arts, Inc. -> Electronic Arts)
R2 ProductAgentService; C:\Program Files\Bitdefender Agent\ProductAgentService.exe [1291888 2019-07-15] (Bitdefender SRL -> Bitdefender)
R2 PST Service; C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe [65657 2011-09-02] (Motorola) [File not signed]
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [253776 2013-07-29] (CyberLink Corp. -> CyberLink)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [290520 2014-01-08] (Realtek Semiconductor Corp -> Realtek Semiconductor)
R2 SamsungUPDUtilSvc; C:\windows\SysWOW64\SecUPDUtilSvc.exe [143664 2015-11-24] (Samsung Electronics CO., LTD. -> )
R2 SftService; C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe [1915408 2013-10-17] (Dell Inc. -> SoftThinks SAS)
R2 updatesrv; C:\Program Files\Bitdefender Antivirus Free\updatesrv.exe [238376 2019-11-22] (Bitdefender SRL -> Bitdefender)
R2 vsserv; C:\Program Files\Bitdefender Antivirus Free\vsserv.exe [238376 2019-11-22] (Bitdefender SRL -> Bitdefender)
R2 vsservppl; C:\Program Files\Bitdefender Antivirus Free\vsservppl.exe [238376 2019-11-22] (Bitdefender SRL -> Bitdefender)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [361824 2017-01-12] (Microsoft Corporation -> Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [119872 2017-01-12] (Microsoft Corporation -> Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3820960 2015-03-19] (Intel Corporation-Wireless Connectivity Solutions -> Intel® Corporation)
 
===================== Drivers (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 amdiommu; C:\windows\System32\drivers\amdkiomd.sys [76800 2014-01-10] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
R0 amdkmpfd; C:\windows\System32\drivers\amdkmpfd.sys [36608 2013-12-12] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
R1 atc; C:\windows\System32\DRIVERS\atc.sys [1693368 2019-09-23] (Bitdefender SRL -> Bitdefender S.R.L. Bucharest, ROMANIA)
S3 bcmfn2; C:\windows\System32\drivers\bcmfn2.sys [17624 2013-08-12] (Broadcom Corporation -> Windows ® Win 7 DDK provider)
R2 BdDci; C:\windows\system32\DRIVERS\bddci.sys [739024 2019-11-13] (Bitdefender SRL -> Bitdefender)
S0 bdelam; C:\windows\System32\drivers\bdelam.sys [22960 2019-03-20] (Microsoft Windows Early Launch Anti-malware Publisher -> Bitdefender)
R3 btmaux; C:\windows\system32\DRIVERS\btmaux.sys [140600 2014-03-26] (Motorola Solutions Inc. -> Motorola Solutions, Inc.)
S3 btmhsf; C:\windows\system32\DRIVERS\btmhsf.sys [1424184 2014-04-22] (Motorola Solutions Inc. -> Motorola Solutions, Inc.)
R3 cpuz143; C:\Users\TingTing\AppData\Local\Temp\cpuz143\cpuz143_x64.sys [48952 2019-12-17] (CPUID -> CPUID) <==== ATTENTION
S3 DDDriver; C:\windows\system32\drivers\DDDriver64Dcsa.sys [23760 2015-02-26] (Techporch Incorporated -> Dell Computer Corporation)
S3 DellProf; C:\windows\system32\drivers\DellProf.sys [24240 2015-05-22] (Techporch Incorporated -> Dell Computer Corporation)
R3 DellRbtn; C:\windows\System32\drivers\DellRbtn.sys [10752 2013-01-24] (Microsoft Windows Hardware Compatibility Publisher -> OSR Open Systems Resources, Inc.)
R3 edrsensor; C:\windows\System32\DRIVERS\edrsensor.sys [309144 2019-10-30] (Bitdefender SRL -> BitDefender S.R.L. Bucharest, ROMANIA)
R1 Gemma; C:\windows\System32\DRIVERS\gemma.sys [564136 2019-11-18] (Bitdefender SRL -> BitDefender S.R.L. Bucharest, ROMANIA)
R0 gzflt; C:\windows\System32\drivers\gzflt.sys [188384 2018-11-28] (Bitdefender SRL -> BitDefender LLC)
R3 iaLPSS_GPIO; C:\windows\System32\drivers\iaLPSS_GPIO.sys [24568 2013-10-03] (Intel Corporation - Software and Firmware Products -> Intel Corporation)
R3 iaLPSS_I2C; C:\windows\System32\drivers\iaLPSS_I2C.sys [99320 2013-10-03] (Intel Corporation - Software and Firmware Products -> Intel Corporation)
S3 ibtusb; C:\windows\system32\DRIVERS\ibtusb.sys [199624 2014-06-06] (Intel Corporation-Mobile Wireless Group -> Intel Corporation)
R3 MEIx64; C:\windows\System32\drivers\TeeDriverx64.sys [100824 2013-12-18] (Intel Corporation - Intel® Management Engine Firmware -> Intel Corporation)
S3 Netaapl; C:\windows\system32\DRIVERS\netaapl64.sys [23040 2014-08-15] (Microsoft Windows Hardware Compatibility Publisher -> Apple Inc.)
R3 NETwNb64; C:\windows\system32\DRIVERS\Netwbw02.sys [3497240 2015-03-23] (Intel Corporation-Wireless Connectivity Solutions -> Intel Corporation)
S3 NETwNe64; C:\windows\system32\DRIVERS\NETwew02.sys [3667424 2013-10-14] (Intel Corporation-Mobile Wireless Group -> Intel Corporation)
R3 rspLLL; C:\windows\System32\DRIVERS\rspLLL64.sys [26368 2015-07-13] (Daniel Terhell -> Resplendence Software Projects Sp.)
R3 SynRMIHID; C:\windows\system32\DRIVERS\SynRMIHID.sys [41200 2014-01-16] (Synaptics Incorporated -> Synaptics Incorporated)
R3 tap0901; C:\windows\system32\DRIVERS\tap0901.sys [40664 2013-08-22] (OpenVPN Technologies, Inc. -> The OpenVPN Project)
R2 trufos; C:\windows\System32\drivers\trufos.sys [637112 2019-10-22] (Bitdefender SRL -> Bitdefender)
S3 USBAAPL64; C:\windows\System32\Drivers\usbaapl64.sys [54784 2015-11-05] (Microsoft Windows Hardware Compatibility Publisher -> Apple, Inc.)
S3 WdBoot; C:\windows\system32\drivers\WdBoot.sys [46600 2017-02-10] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\windows\system32\drivers\WdFilter.sys [274776 2017-01-12] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\windows\System32\Drivers\WdNisDrv.sys [117592 2017-01-12] (Microsoft Windows -> Microsoft Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One month (created) ===================
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2019-12-17 20:44 - 2019-12-17 20:44 - 000000000 ___HD C:\Users\Public\Documents\AdobeGC
2019-12-17 20:44 - 2019-12-17 20:44 - 000000000 ___HD C:\ProgramData\Documents\AdobeGC
2019-12-17 20:29 - 2019-12-17 20:29 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LatencyMon
2019-12-17 20:29 - 2019-12-17 20:29 - 000000000 ____D C:\Program Files\LatencyMon
2019-12-17 20:29 - 2015-07-13 11:16 - 000026368 _____ (Resplendence Software Projects Sp.) C:\windows\system32\Drivers\rspLLL64.sys
2019-12-17 20:20 - 2019-12-17 20:20 - 002323432 _____ (Resplendence Software Projects Sp. ) C:\Users\TingTing\Downloads\LatencyMon.exe
2019-12-17 20:20 - 2019-12-17 20:20 - 002323432 _____ (Resplendence Software Projects Sp. ) C:\Users\TingTing\Downloads\LatencyMon (1).exe
2019-12-17 19:57 - 2019-12-17 19:59 - 000737495 _____ C:\Users\TingTing\Desktop\WINDOWS-I6D372C.txt
2019-12-17 19:55 - 2019-12-17 19:55 - 000000810 _____ C:\Users\Public\Desktop\Speccy.lnk
2019-12-17 19:55 - 2019-12-17 19:55 - 000000810 _____ C:\ProgramData\Desktop\Speccy.lnk
2019-12-17 19:55 - 2019-12-17 19:55 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Speccy
2019-12-17 19:55 - 2019-12-17 19:55 - 000000000 ____D C:\Program Files\Speccy
2019-12-17 19:53 - 2019-12-17 19:53 - 006889184 _____ (Piriform Ltd) C:\Users\TingTing\Downloads\spsetup132.exe
2019-12-17 19:50 - 2019-12-17 19:50 - 000010856 _____ C:\junk.txt
2019-12-17 19:45 - 2019-12-17 19:45 - 000011142 _____ C:\Users\TingTing\Desktop\System Idle Process.txt
2019-12-17 19:19 - 2019-12-17 19:19 - 002794360 _____ (Sysinternals - www.sysinternals.com) C:\Users\TingTing\Desktop\procexp.exe
2019-12-17 17:44 - 2019-12-17 17:50 - 000035016 _____ C:\Users\TingTing\Downloads\Fixlog.txt
2019-12-15 15:10 - 2019-11-27 23:03 - 001085440 _____ (Microsoft Corporation) C:\windows\SysWOW64\gdi32.dll
2019-12-15 15:10 - 2019-11-20 21:16 - 000496640 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2019-12-15 15:10 - 2019-11-19 03:17 - 020290048 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2019-12-15 15:10 - 2019-11-19 02:49 - 000662528 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll
2019-12-15 15:10 - 2019-11-19 02:28 - 000880640 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcomm.dll
2019-12-15 15:10 - 2019-11-19 02:26 - 004112384 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2019-12-15 15:10 - 2019-11-19 02:23 - 000696320 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2019-12-15 15:10 - 2019-11-19 02:20 - 013838336 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2019-12-15 15:10 - 2019-11-19 02:05 - 004387840 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2019-12-15 15:10 - 2019-11-19 02:01 - 001331712 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2019-12-15 15:10 - 2019-11-19 02:00 - 000710144 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2019-12-15 15:10 - 2019-11-15 10:40 - 001492992 _____ (Microsoft Corporation) C:\windows\SysWOW64\GdiPlus.dll
2019-12-15 15:10 - 2019-11-13 00:52 - 000113664 _____ (Microsoft Corporation) C:\windows\SysWOW64\t2embed.dll
2019-12-15 15:10 - 2019-11-13 00:52 - 000078336 _____ (Microsoft Corporation) C:\windows\SysWOW64\fontsub.dll
2019-12-15 15:10 - 2019-11-04 19:03 - 000611432 _____ (Microsoft Corporation) C:\windows\SysWOW64\oleaut32.dll
2019-12-15 15:07 - 2019-11-28 05:26 - 001368072 _____ (Microsoft Corporation) C:\windows\system32\gdi32.dll
2019-12-15 15:07 - 2019-11-28 00:20 - 004171264 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2019-12-15 15:07 - 2019-11-28 00:20 - 000432128 _____ (Microsoft Corporation) C:\windows\system32\wow64win.dll
2019-12-15 15:07 - 2019-11-20 21:16 - 000580096 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2019-12-15 15:07 - 2019-11-19 15:56 - 025753088 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2019-12-15 15:07 - 2019-11-19 15:18 - 000797184 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2019-12-15 15:07 - 2019-11-19 15:17 - 005500928 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2019-12-15 15:07 - 2019-11-19 14:49 - 001033216 _____ (Microsoft Corporation) C:\windows\system32\inetcomm.dll
2019-12-15 15:07 - 2019-11-19 14:41 - 000809472 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2019-12-15 15:07 - 2019-11-19 14:36 - 015445504 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2019-12-15 15:07 - 2019-11-19 14:26 - 004859392 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2019-12-15 15:07 - 2019-11-19 14:15 - 001566720 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2019-12-15 15:07 - 2019-11-19 14:04 - 000800768 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2019-12-15 15:07 - 2019-11-15 10:54 - 001756672 _____ (Microsoft Corporation) C:\windows\system32\GdiPlus.dll
2019-12-15 15:07 - 2019-11-13 00:54 - 000148992 _____ (Microsoft Corporation) C:\windows\system32\t2embed.dll
2019-12-15 15:07 - 2019-11-13 00:54 - 000096768 _____ (Microsoft Corporation) C:\windows\system32\fontsub.dll
2019-12-15 15:07 - 2019-11-11 15:15 - 000046080 _____ (Microsoft Corporation) C:\windows\system32\printfilterpipelineprxy.dll
2019-12-15 15:07 - 2019-11-11 14:37 - 000881152 _____ (Microsoft Corporation) C:\windows\system32\printfilterpipelinesvc.exe
2019-12-15 15:07 - 2019-11-09 03:49 - 000409728 _____ (Microsoft Corporation) C:\windows\system32\services.exe
2019-12-15 15:07 - 2019-11-08 20:12 - 003551232 _____ (Microsoft Corporation) C:\windows\system32\rdpcorets.dll
2019-12-15 15:07 - 2019-11-04 23:21 - 000162392 _____ (Microsoft Corporation) C:\windows\system32\CompatTelRunner.exe
2019-12-15 15:07 - 2019-11-04 19:06 - 000805376 _____ (Microsoft Corporation) C:\windows\system32\oleaut32.dll
2019-12-15 15:07 - 2019-10-26 18:17 - 001717760 _____ (Microsoft Corporation) C:\windows\system32\appraiser.dll
2019-12-15 14:50 - 2019-12-15 15:02 - 000053616 _____ C:\Users\TingTing\Downloads\Addition.txt
2019-12-15 14:04 - 2019-12-17 20:41 - 000037104 _____ C:\Users\TingTing\Downloads\FRST.txt
2019-12-15 14:01 - 2019-12-17 20:41 - 000000000 ____D C:\FRST
2019-12-15 14:00 - 2019-12-15 14:00 - 002264064 _____ (Farbar) C:\Users\TingTing\Downloads\FRST64.exe
2019-12-15 13:01 - 2019-12-15 13:01 - 000075180 _____ C:\ProgramData\agent.update.1576432854.bdinstall.v2.bin
2019-12-15 01:37 - 2019-12-15 01:37 - 000000000 ____D C:\ProgramData\dbg
2019-12-15 01:32 - 2019-12-15 01:32 - 000001137 _____ C:\Users\TingTing\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bitdefender Antivirus Free.lnk
2019-12-15 01:32 - 2019-03-20 23:12 - 000022960 _____ (Bitdefender) C:\windows\system32\Drivers\bdelam.sys
2019-12-15 01:30 - 2019-12-15 01:30 - 000001152 _____ C:\Users\Public\Desktop\Bitdefender Antivirus Free.lnk
2019-12-15 01:30 - 2019-12-15 01:30 - 000001152 _____ C:\ProgramData\Desktop\Bitdefender Antivirus Free.lnk
2019-12-15 01:30 - 2019-12-15 01:30 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bitdefender Antivirus Free
2019-12-15 01:30 - 2019-12-15 01:30 - 000000000 ____D C:\ProgramData\Bitdefender
2019-12-15 01:30 - 2019-10-30 08:45 - 000309144 _____ (BitDefender S.R.L. Bucharest, ROMANIA) C:\windows\system32\Drivers\edrsensor.sys
2019-12-15 01:30 - 2019-10-22 12:38 - 000637112 _____ (Bitdefender) C:\windows\system32\Drivers\trufos.sys
2019-12-15 01:30 - 2018-11-28 05:45 - 000188384 _____ (BitDefender LLC) C:\windows\system32\Drivers\gzflt.sys
2019-12-15 01:29 - 2019-11-18 19:08 - 000564136 _____ (BitDefender S.R.L. Bucharest, ROMANIA) C:\windows\system32\Drivers\gemma.sys
2019-12-15 01:29 - 2019-11-13 17:32 - 000739024 _____ (Bitdefender) C:\windows\system32\Drivers\bddci.sys
2019-12-15 01:29 - 2019-09-23 09:43 - 001693368 _____ (Bitdefender S.R.L. Bucharest, ROMANIA) C:\windows\system32\Drivers\atc.sys
2019-12-15 01:15 - 2019-12-17 20:29 - 000000000 ____D C:\Program Files\Bitdefender Antivirus Free
2019-12-15 01:15 - 2019-12-17 18:23 - 000003648 _____ C:\windows\system32\Tasks\Bitdefender Agent WatchDog_65D6944A0EF74FDAB96E31112AD39864
2019-12-15 01:13 - 2019-12-15 13:01 - 000000000 ____D C:\Program Files\Bitdefender Agent
2019-12-15 01:13 - 2019-12-15 01:13 - 010527368 _____ C:\Users\TingTing\Downloads\bitdefender_online.exe
2019-12-15 01:13 - 2019-12-15 01:13 - 000103340 _____ C:\ProgramData\agent.1576390404.bdinstall.v2.bin
2019-12-15 01:13 - 2019-12-15 01:13 - 000000000 ____D C:\ProgramData\Bitdefender Agent
2019-12-15 00:28 - 2019-12-15 00:28 - 000000000 ____D C:\Users\TingTing\Downloads\mbam-chameleon-3.1.33.0
2019-12-15 00:26 - 2019-12-15 00:26 - 006705178 _____ C:\Users\TingTing\Downloads\mbam-chameleon-3.1.33.0.zip
2019-12-15 00:24 - 2019-12-15 00:25 - 161071328 _____ (Malwarebytes) C:\Users\TingTing\Downloads\MBSetup-100523.100523 (1).exe
2019-12-14 23:37 - 2019-12-14 23:38 - 161071328 _____ (Malwarebytes) C:\Users\TingTing\Downloads\MBSetup-100523.100523.exe
2019-12-14 19:35 - 2019-12-14 19:35 - 000000000 ____D C:\Users\TingTing\AppData\Local\cache
2019-12-14 19:31 - 2019-12-14 19:31 - 000000000 ____D C:\Program Files\Malwarebytes
2019-12-11 22:23 - 2019-12-11 22:23 - 000000000 ____D C:\Users\TingTing\AppData\Local\mbamtray
2019-12-11 22:23 - 2019-12-11 22:23 - 000000000 ____D C:\Users\TingTing\AppData\Local\mbam
2019-12-11 22:21 - 2019-12-11 22:21 - 000000000 ____D C:\ProgramData\MB2Migration
2019-12-11 21:46 - 2019-12-11 21:46 - 000000000 ____D C:\ProgramData\UniqueId
2019-12-11 21:43 - 2019-12-11 21:43 - 000000000 ____D C:\windows\SysWOW64\htqs
2019-12-11 21:42 - 2019-12-11 21:42 - 000000300 _____ C:\Users\TingTing\d4ac4633ebd6440fa397b84f1bc94a3c.7z
2019-12-11 21:33 - 2019-12-11 21:33 - 000000000 ____D C:\ProgramData\ByteFence
2019-12-11 21:28 - 2019-12-11 21:28 - 000000000 ____D C:\Users\TingTing\Nox_share
2019-12-11 21:27 - 2019-12-11 21:28 - 000000000 ____D C:\Users\TingTing\vmlogs
2019-12-11 21:26 - 2019-12-11 23:23 - 000000000 ____D C:\Users\TingTing\AppData\Local\chromium
2019-12-11 21:26 - 2019-12-11 21:44 - 000000000 ____D C:\Program Files (x86)\Chromium
2019-12-11 21:25 - 2019-12-11 21:43 - 000000000 ____D C:\Program Files (x86)\Nox
2019-12-11 21:22 - 2019-12-14 23:55 - 000000000 ____D C:\Users\TingTing\AppData\Local\Nox
2019-12-11 21:09 - 2019-12-11 21:09 - 010315858 _____ C:\Users\TingTing\Downloads\jingkankna1.9.8_2265.com (1).apk
2019-12-11 21:08 - 2019-12-11 21:08 - 010315858 _____ C:\Users\TingTing\Downloads\jingkankna1.9.8_2265.com.apk
2019-12-11 20:05 - 2019-12-11 21:33 - 000000000 ____D C:\Users\TingTing\AppData\Local\BlueStacks
2019-12-11 20:05 - 2019-12-11 20:07 - 000000000 ____D C:\Users\Public\BlueStacks
2019-12-06 19:57 - 2019-12-06 19:57 - 000920635 _____ C:\Users\TingTing\Downloads\View PDF Statement_2019-03-17 (2).pdf
2019-12-06 19:56 - 2019-12-06 19:56 - 000920634 _____ C:\Users\TingTing\Downloads\View PDF Statement_2019-03-17 (1).pdf
2019-12-06 19:56 - 2019-12-06 19:56 - 000920532 _____ C:\Users\TingTing\Downloads\View PDF Statement_2019-02-17 (1).pdf
2019-12-06 19:53 - 2019-12-06 19:53 - 000915618 _____ C:\Users\TingTing\Downloads\View PDF Statement_2019-10-05.pdf
2019-12-06 19:50 - 2019-12-06 19:50 - 000915393 _____ C:\Users\TingTing\Downloads\View PDF Statement_2019-09-05.pdf
2019-12-06 19:47 - 2019-12-06 19:47 - 000914738 _____ C:\Users\TingTing\Downloads\View PDF Statement_2019-05-05 (1).pdf
2019-12-06 19:34 - 2019-12-06 19:34 - 000914979 _____ C:\Users\TingTing\Downloads\View PDF Statement_2019-08-05.pdf
2019-12-06 19:33 - 2019-12-06 19:33 - 000914892 _____ C:\Users\TingTing\Downloads\View PDF Statement_2019-07-05.pdf
2019-12-06 19:16 - 2019-12-06 19:16 - 000914650 _____ C:\Users\TingTing\Downloads\View PDF Statement_2018-12-05 (1).pdf
2019-12-06 19:14 - 2019-12-06 19:14 - 000914759 _____ C:\Users\TingTing\Downloads\View PDF Statement_2019-03-05 (1).pdf
2019-12-06 19:13 - 2019-12-06 19:13 - 000920071 _____ C:\Users\TingTing\Downloads\View PDF Statement_2019-02-05.pdf
2019-12-06 19:13 - 2019-12-06 19:13 - 000914862 _____ C:\Users\TingTing\Downloads\View PDF Statement_2019-01-05.pdf
2019-12-06 19:09 - 2019-12-06 19:09 - 000914850 _____ C:\Users\TingTing\Downloads\View PDF Statement_2019-12-05.pdf
2019-12-06 19:02 - 2019-12-06 19:02 - 000914805 _____ C:\Users\TingTing\Downloads\View PDF Statement_2019-04-05.pdf
2019-12-06 19:02 - 2019-12-06 19:02 - 000914805 _____ C:\Users\TingTing\Downloads\View PDF Statement_2019-04-05 (1).pdf
2019-12-06 19:02 - 2019-12-06 19:02 - 000914765 _____ C:\Users\TingTing\Downloads\View PDF Statement_2019-03-05.pdf
2019-12-06 19:00 - 2019-12-06 19:00 - 000915508 _____ C:\Users\TingTing\Downloads\View PDF Statement_2019-06-05.pdf
2019-12-06 18:59 - 2019-12-06 18:59 - 000914737 _____ C:\Users\TingTing\Downloads\View PDF Statement_2019-05-05.pdf
2019-12-06 16:46 - 2019-12-06 16:46 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2019-12-04 20:23 - 2019-12-04 20:23 - 000051024 _____ (Dropbox, Inc.) C:\windows\system32\DbxSvc.exe
2019-12-04 20:23 - 2019-12-04 20:23 - 000047600 _____ (Dropbox, Inc.) C:\windows\system32\Drivers\dbx-stable.sys
2019-12-04 20:23 - 2019-12-04 20:23 - 000047600 _____ (Dropbox, Inc.) C:\windows\system32\Drivers\dbx-dev.sys
2019-12-04 20:23 - 2019-12-04 20:23 - 000047600 _____ (Dropbox, Inc.) C:\windows\system32\Drivers\dbx-canary.sys
2019-12-03 01:55 - 2019-12-03 01:55 - 000038833 _____ C:\Users\TingTing\Downloads\120213132301308310 (1).pdf
2019-12-03 01:54 - 2019-12-03 01:54 - 000285878 _____ C:\Users\TingTing\Downloads\120213132301308309.pdf
2019-12-03 01:52 - 2019-12-03 01:52 - 000174772 _____ C:\Users\TingTing\Downloads\120213132301308311 (1).pdf
2019-12-03 01:29 - 2019-12-03 01:29 - 000038833 _____ C:\Users\TingTing\Downloads\120213132301308310.pdf
2019-12-02 23:47 - 2019-12-02 23:47 - 000174772 _____ C:\Users\TingTing\Downloads\120213132301308311.pdf
2019-11-28 01:37 - 2019-11-28 01:37 - 000920367 _____ C:\Users\TingTing\Downloads\View PDF Statement_2019-11-17.pdf
2019-11-21 20:06 - 2019-11-21 20:06 - 006127856 _____ C:\Users\TingTing\Downloads\IMG_2814 (1).mov
2019-11-17 22:09 - 2019-11-17 22:09 - 006127856 _____ C:\Users\TingTing\Downloads\IMG_2814.mov
 
==================== One month (modified) ==================
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2019-12-17 19:23 - 2013-08-22 08:25 - 000262144 ___SH C:\windows\system32\config\ELAM
2019-12-17 18:23 - 2014-12-03 13:28 - 000000000 ____D C:\Program Files (x86)\Dell Backup and Recovery
2019-12-17 18:22 - 2014-12-14 03:03 - 000000000 ___DO C:\Users\TingTing\OneDrive
2019-12-17 18:21 - 2014-12-03 13:29 - 000000000 ____D C:\Temp
2019-12-17 18:19 - 2013-08-22 09:45 - 000000006 ____H C:\windows\Tasks\SA.DAT
2019-12-17 18:19 - 2013-08-22 09:44 - 005151896 _____ C:\windows\system32\FNTCACHE.DAT
2019-12-17 18:18 - 2013-08-22 08:25 - 000262144 ___SH C:\windows\system32\config\BBI
2019-12-17 18:10 - 2014-12-09 11:32 - 000000000 ____D C:\Users\TingTing
2019-12-17 16:56 - 2014-12-09 11:36 - 000003966 _____ C:\windows\system32\Tasks\User_Feed_Synchronization-{9A7551FE-9855-4686-A2BC-4B9D5579A332}
2019-12-15 18:11 - 2014-12-09 11:39 - 000003596 _____ C:\windows\system32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-688974935-4124263328-645016171-1001
2019-12-15 17:41 - 2014-12-12 14:02 - 000000000 ____D C:\windows\system32\MRT
2019-12-15 17:35 - 2014-12-12 14:02 - 129221664 ____C (Microsoft Corporation) C:\windows\system32\MRT.exe
2019-12-15 17:34 - 2015-03-03 01:36 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2019-12-15 17:24 - 2013-08-22 10:20 - 000000000 ____D C:\windows\CbsTemp
2019-12-15 01:32 - 2013-08-22 10:36 - 000000000 ___HD C:\windows\ELAMBKUP
2019-12-15 01:17 - 2013-08-22 08:36 - 000000000 ____D C:\windows\Inf
2019-12-15 01:10 - 2018-06-19 18:58 - 000000000 ____D C:\Users\TingTing\AppData\Local\AVAST Software
2019-12-15 00:59 - 2015-05-01 22:32 - 000140672 _____ (Malwarebytes) C:\windows\system32\Drivers\mbamchameleon.sys
2019-12-15 00:21 - 2015-02-09 09:54 - 000002318 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2019-12-15 00:21 - 2015-02-09 09:54 - 000002277 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2019-12-15 00:21 - 2015-02-09 09:54 - 000002277 _____ C:\ProgramData\Desktop\Google Chrome.lnk
2019-12-14 23:57 - 2014-12-03 12:54 - 000866884 _____ C:\windows\system32\PerfStringBackup.INI
2019-12-14 23:55 - 2015-05-01 22:32 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2019-12-14 23:55 - 2015-05-01 22:32 - 000000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2019-12-14 23:55 - 2014-12-16 01:54 - 000000000 ___SD C:\windows\system32\CompatTel
2019-12-14 23:55 - 2014-12-03 13:14 - 000000000 ___HD C:\windows\system32\WLANProfiles
2019-12-14 23:55 - 2013-08-22 10:36 - 000000000 __RSD C:\windows\Media
2019-12-14 23:55 - 2013-08-22 10:36 - 000000000 ____D C:\windows\rescache
2019-12-14 23:55 - 2013-08-22 10:36 - 000000000 ____D C:\windows\PolicyDefinitions
2019-12-14 23:53 - 2013-08-22 10:36 - 000000000 ___HD C:\Program Files\WindowsApps
2019-12-14 23:51 - 2013-08-22 10:36 - 000000000 ____D C:\windows\registration
2019-12-14 23:50 - 2013-08-22 08:36 - 000000000 ____D C:\windows\system32\Sysprep
2019-12-14 23:48 - 2015-05-01 22:32 - 000000000 ____D C:\ProgramData\Malwarebytes
2019-12-14 23:47 - 2015-03-03 01:32 - 000000000 ____D C:\Program Files\Microsoft Office
2019-12-14 23:44 - 2015-03-03 01:32 - 000000000 __RHD C:\MSOCache
2019-12-14 23:17 - 2019-09-20 13:07 - 000000000 ____D C:\Users\TingTing\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ClockworkMod
2019-12-14 23:17 - 2019-09-20 13:06 - 000000000 ____D C:\Users\TingTing\AppData\Local\Vysor
2019-12-14 23:16 - 2015-05-21 06:45 - 000002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2019-12-14 23:15 - 2019-09-20 06:24 - 000000000 ____D C:\Program Files (x86)\LG Electronics
2019-12-14 23:13 - 2014-12-09 11:41 - 000000000 ____D C:\ProgramData\AVAST Software
2019-12-14 23:10 - 2015-02-09 09:52 - 000003334 _____ C:\windows\system32\Tasks\GoogleUpdateTaskMachineUA
2019-12-14 23:10 - 2015-02-09 09:52 - 000003206 _____ C:\windows\system32\Tasks\GoogleUpdateTaskMachineCore
2019-12-14 23:05 - 2018-03-13 06:05 - 000004482 _____ C:\windows\system32\Tasks\Adobe Flash Player NPAPI Notifier
2019-12-14 23:05 - 2014-12-14 03:50 - 000004288 _____ C:\windows\system32\Tasks\Adobe Flash Player Updater
2019-12-14 23:05 - 2013-08-22 10:36 - 000000000 ____D C:\windows\SysWOW64\Macromed
2019-12-14 23:05 - 2013-08-22 10:36 - 000000000 ____D C:\windows\system32\Macromed
2019-12-12 01:15 - 2016-11-16 14:34 - 000000000 ____D C:\Users\TingTing\Saved Documents
2019-12-10 21:14 - 2019-10-01 15:55 - 000000000 ___HD C:\Users\Public\Documents\AdobeGCData
2019-12-10 21:14 - 2019-10-01 15:55 - 000000000 ___HD C:\ProgramData\Documents\AdobeGCData
2019-12-08 23:25 - 2019-10-01 15:55 - 000003446 _____ C:\windows\system32\Tasks\AdobeGCInvoker-1.0
2019-12-08 23:25 - 2018-02-20 18:59 - 000003492 _____ C:\windows\system32\Tasks\Motorola Device Manager Update
2019-12-08 23:25 - 2018-02-20 18:59 - 000003300 _____ C:\windows\system32\Tasks\Motorola Device Manager Initial Update
2019-12-08 23:25 - 2016-05-25 17:44 - 000003578 _____ C:\windows\system32\Tasks\AliUpdater{6D476752-FA67-4F7A-AE78-088CF5BD18C8}
2019-12-08 23:25 - 2016-04-06 17:56 - 000003916 _____ C:\windows\system32\Tasks\DropboxUpdateTaskMachineUA
2019-12-08 23:25 - 2016-04-06 17:56 - 000003680 _____ C:\windows\system32\Tasks\DropboxUpdateTaskMachineCore
2019-12-08 23:25 - 2015-05-21 06:46 - 000004476 _____ C:\windows\system32\Tasks\Adobe Acrobat Update Task
2019-12-08 23:25 - 2015-04-23 16:32 - 000002990 _____ C:\windows\system32\Tasks\Synaptics TouchPad Enhancements
2019-12-08 23:25 - 2014-12-03 13:22 - 000003160 _____ C:\windows\system32\Tasks\CLVDLauncher
2019-12-08 23:25 - 2014-12-03 13:22 - 000003160 _____ C:\windows\system32\Tasks\CLMLSvc_P2G8
2019-12-08 23:25 - 2014-12-03 12:53 - 000003592 _____ C:\windows\system32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-688974935-4124263328-645016171-500
2019-12-06 16:46 - 2016-04-06 17:56 - 000000000 ____D C:\Program Files (x86)\Dropbox
2019-12-06 03:26 - 2014-12-09 11:33 - 000000000 ____D C:\Users\TingTing\AppData\Local\Packages
2019-11-18 23:25 - 2014-12-16 01:54 - 000000000 ____D C:\windows\system32\appraiser
2019-11-18 23:25 - 2013-08-22 08:36 - 000000000 ____D C:\windows\SysWOW64\Dism
2019-11-18 23:25 - 2013-08-22 08:36 - 000000000 ____D C:\windows\system32\oobe
2019-11-18 23:25 - 2013-08-22 08:36 - 000000000 ____D C:\windows\system32\Dism
 
==================== Files in the root of some directories ========
 
2018-10-03 14:04 - 2018-10-03 14:04 - 000000000 _____ () C:\Users\TingTing\AppData\Local\oobelibMkey.log
 
==================== SigCheck ============================
 
(There is no automatic fix for files that do not pass verification.)
 
 
LastRegBack: 2019-12-16 13:15
==================== End of FRST.txt ========================
 
 
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 14-12-2019
Ran by TingTing (17-12-2019 20:44:51)
Running from C:\Users\TingTing\Downloads
Windows 8.1 (Update) (X64) (2014-12-09 16:33:09)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-688974935-4124263328-645016171-500 - Administrator - Disabled)
Guest (S-1-5-21-688974935-4124263328-645016171-501 - Limited - Disabled)
TingTing (S-1-5-21-688974935-4124263328-645016171-1001 - Administrator - Enabled) => C:\Users\TingTing
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Bitdefender Antivirus Free Antimalware (Enabled - Up to date) {EA21BCE8-A461-99C3-3A0D-4C964E75494E}
AS: Bitdefender Antivirus Free Antimalware (Enabled - Up to date) {51405D0C-825B-964D-00BD-77E435F203F3}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
µTorrent (HKU\S-1-5-21-688974935-4124263328-645016171-1001\...\uTorrent) (Version: 3.5.0.44090 - BitTorrent Inc.)
7-Zip 9.38 beta (HKLM-x32\...\7-Zip) (Version:  - )
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 19.021.20058 - Adobe Systems Incorporated)
Adobe Acrobat XI Pro (HKLM-x32\...\{AC76BA86-1033-FFFF-7760-000000000006}) (Version: 11.0.07 - Adobe Systems)
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 4.4.0.294 - Adobe Systems Incorporated)
Adobe Digital Editions 4.0 (HKLM-x32\...\Adobe Digital Editions 4.0) (Version: 4.0.3 - Adobe Systems Incorporated)
Adobe Flash Player 32 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 32.0.0.303 - Adobe)
Adobe Photoshop CC 2017 (HKLM-x32\...\PHSP_18_0) (Version: 18.0.0 - Adobe Systems Incorporated)
Adobe Premiere Pro CC 2017 (HKLM-x32\...\PPRO_11_0_2) (Version: 11.0.2 - Adobe Systems Incorporated)
Amazon Send to Kindle (HKLM-x32\...\SendToKindle) (Version: 1.1.0.243 - Amazon)
Apple Application Support (32-bit) (HKLM-x32\...\{5A659BE5-849B-484E-A83B-DCB78407F3A4}) (Version: 7.3 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{F8060941-C0AB-4BCE-88AC-F2FDA2E9F286}) (Version: 7.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{5FA8C4BE-8C74-4B9C-9B49-EBF759230189}) (Version: 12.1.0.25 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{A30EA700-5515-48F0-88B0-9E99DC356B88}) (Version: 2.6.0.1 - Apple Inc.)
ASIO4ALL (HKLM-x32\...\ASIO4ALL) (Version: 2.10 - Michael Tippach)
Bitdefender Agent (HKLM\...\Bitdefender Agent) (Version: 1.0.1 - Bitdefender)
Bitdefender Antivirus Free (HKLM\...\{1FCCF41D-5F00-4FE2-9653-162D0486C8B4}) (Version: 1.0.16.146 - Bitdefender)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Brother MFL-Pro Suite DCP-L2540DW series (HKLM-x32\...\{F8ECC2FD-CE2B-4ED4-BDCC-90D0D34206FD}) (Version: 1.0.2.0 - Brother Industries, Ltd.)
calibre (HKLM-x32\...\{8FAFEF8C-295D-4D71-95FC-91D9B7D75F3E}) (Version: 2.13.0 - Kovid Goyal)
cloudLibrary 2.3 (HKLM-x32\...\cloudLibrary) (Version: 2.3 - Bibliotheca)
CyberLink Media Suite Essentials (HKLM-x32\...\InstallShield_{8F14AA37-5193-4A14-BD5B-BDF9B361AEF7}) (Version: 10.0 - CyberLink Corp.)
Dell Backup and Recovery - Support Software (HKLM-x32\...\{A9668246-FB70-4103-A1E3-66C9BC2EFB49}) (Version: 1.6.1.2 - Dell Inc.)
Dell Backup and Recovery (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 1.6.1.2 - Dell Inc.)
Dell Data Vault (HKLM\...\{2E55EEFD-2162-4A7D-9158-EDB0305603A6}) (Version: 4.3.5.1 - Dell Inc.) Hidden
Dell Touchpad (HKLM\...\SynTPDeinstKey) (Version: 18.0.5.4 - Synaptics Incorporated)
Dropbox (HKLM-x32\...\Dropbox) (Version: 86.4.146 - Dropbox, Inc.)
Dropbox Update Helper (HKLM-x32\...\{099218A5-A723-43DC-8DB5-6173656A1E94}) (Version: 1.3.241.1 - Dropbox, Inc.) Hidden
Express Scribe Transcription Software (HKLM-x32\...\Scribe) (Version: 6.10 - NCH Software)
Extended Asian Language font pack for Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-2530-0000-AC0F074E4100}) (Version: 15.007.20033 - Adobe Systems Incorporated)
FL Studio 10 (HKLM-x32\...\FL Studio 10) (Version:  - Image-Line)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 79.0.3945.79 - Google LLC)
Google Drive (HKLM-x32\...\{A8DC81F2-D365-4248-892A-FA3B5951F731}) (Version: 2.34.9392.7803 - Google, Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.35.421 - Google LLC) Hidden
iCloud (HKLM\...\{05D97028-FD26-4A3D-BADC-D1CA2E9F1214}) (Version: 7.10.0.9 - Apple Inc.)
IL Download Manager (HKLM-x32\...\IL Download Manager) (Version:  - Image-Line)
Intel® Driver Update Utility 2.0 (HKLM-x32\...\{59DB38EB-F864-4E10-841D-38CFBCF864B0}) (Version: 2.0.0.29 - Intel) Hidden
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.22.1760 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3496 - Intel Corporation)
Intel® PROSet/Wireless Software for Bluetooth® Technology(patch version 17.0.1423.2) (HKLM\...\{302600C1-6BDF-4FD1-1405-148929CC1385}) (Version: 17.0.1405.0464 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 13.0.0.1098 - Intel Corporation)
Intel® Serial IO (HKLM\...\{9FD91C5C-44AE-4D9D-85BE-AE52816B0294}) (Version: 1.1.165.1 - Intel Corporation)
Intel® Driver Update Utility (HKLM-x32\...\{8409c4f7-2340-4933-a304-5d37db4fb48b}) (Version: 2.0.0.29 - Intel)
Intel® PROSet/Wireless Software (HKLM-x32\...\{6535d76a-59fb-4935-b2c5-cd61917c4a4b}) (Version: 17.16.0 - Intel Corporation)
iTunes (HKLM\...\{A9921EE9-86E5-402C-A934-4A8DBAD99E24}) (Version: 12.9.2.6 - Apple Inc.)
LatencyMon 6.71 (HKLM\...\LatencyMon_is1) (Version:  - Resplendence Software Projects Sp.)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUSR) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x64) - 14.12.25810 (HKLM-x32\...\{e2ee15e2-a480-4bc5-bfb7-e9803d1d9823}) (Version: 14.12.25810.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x86) - 14.12.25810 (HKLM-x32\...\{56e11d69-7cc9-40a5-a4f9-8f6190c4d84d}) (Version: 14.12.25810.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Motorola Device Manager (HKLM-x32\...\{28DB8373-C1BB-444F-A427-A55585A12ED7}) (Version: 2.5.4 - Motorola Mobility)
Motorola Device Software Update (HKLM-x32\...\{894AB83D-A9AF-4E54-BFF3-A7262A0A6C13}) (Version: 13.09.3001 - Motorola Mobility) Hidden
Motorola Mobile Drivers Installation 6.4.0 (HKLM\...\{27986EDD-C9EC-4B52-B92F-06D073F0AA52}) (Version: 6.4.0 - Motorola Mobility LLC)
Mozilla Firefox 47.0.2 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 47.0.2 (x86 en-US)) (Version: 47.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 47.0.2.6148 - Mozilla)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
Origin (HKLM-x32\...\Origin) (Version: 10.4.2.12697 - Electronic Arts, Inc.)
Outils de vérification linguistique 2013 de Microsoft Office - Français (HKLM\...\{90150000-001F-040C-1000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Premiere Pro (HKLM\...\{3DF5A448-80E1-43C1-8428-984429451989}) (Version: 1.0.0000 - Adobe Systems Incorporated) Hidden
Quickset64 (HKLM\...\{87CF757E-C1F1-4D22-865C-00C6950B5258}) (Version: 10.16.007 - Dell Inc.)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9600.39054 - Realtek Semiconductor Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7152 - Realtek Semiconductor Corp.)
Samsung Printer Center (HKLM-x32\...\Samsung Printer Center) (Version: 1.0.0.21 - Samsung Electronics Co., Ltd.)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{91150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{D82063A8-7C8C-4C3B-A9BB-95138CA55D26}) (Version:  - Microsoft)
Speccy (HKLM\...\Speccy) (Version: 1.32 - Piriform)
TAP-Windows 9.9.2 (HKLM\...\TAP-Windows) (Version: 9.9.2 - )
The Sims 4: City Living (HKLM\...\dGhlc2ltczRjaXR5bGl2aW5n_is1) (Version: 1 - )
The Sims™ 3 (HKLM-x32\...\{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}) (Version: 1.69.43.024017 - Electronic Arts Inc.)
The Sims™ 3 High-End Loft Stuff (HKLM-x32\...\{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}_The Sims 3 High-End Loft Stuff) (Version: 1.0.0.0 - Electronic Arts Inc.)
The Sims™ 3 Late Night (HKLM-x32\...\{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}_The Sims 3 Late Night) (Version: 1.0.0.0 - Electronic Arts Inc.)
The Sims™ 4 (HKLM-x32\...\{48EBEBBF-B9F8-4520-A3CF-89A730721917}) (Version: 1.25.136.1020 - Electronic Arts Inc.)
TouchFreeze (HKLM-x32\...\{9C9744E5-2BB7-4042-BD1C-8A339480A08C}) (Version: 1.1.0 - Ivan Zhakov)
Uninstall Samsung Printer Software (HKLM-x32\...\TotalUninstaller) (Version: 4.0.0.13 - Samsung Electronics CO., LTD.)
Update for Japanese Microsoft IME Postal Code Dictionary (HKLM-x32\...\{15015752-9990-4516-A2B1-93823281FB8E}) (Version: 15.0.1759 - Microsoft Corporation)
Update for Japanese Microsoft IME Standard Dictionary (HKLM-x32\...\{7DB71278-9AD7-4480-AB08-8649C5010B17}) (Version: 15.0.1215 - Microsoft Corporation)
Update for Japanese Microsoft IME Standard Extended Dictionary (HKLM-x32\...\{78CE66A9-85AF-4BD8-8FB7-35B5F3846C00}) (Version: 15.0.1215 - Microsoft Corporation)
Update for Skype for Business 2015 (KB4475564) 64-Bit Edition (HKLM\...\{90150000-00C1-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{CD0EE05F-11E6-46FA-BB7B-D2A28C47A4F3}) (Version:  - Microsoft)
Update for Skype for Business 2015 (KB4475564) 64-Bit Edition (HKLM\...\{90150000-012B-0409-1000-0000000FF1CE}_Office15.PROPLUSR_{CD0EE05F-11E6-46FA-BB7B-D2A28C47A4F3}) (Version:  - Microsoft)
Update for Skype for Business 2015 (KB4475564) 64-Bit Edition (HKLM\...\{91150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{CD0EE05F-11E6-46FA-BB7B-D2A28C47A4F3}) (Version:  - Microsoft)
Windows 7 USB/DVD Download Tool (HKLM-x32\...\{CCF298AF-9CE1-4B26-B251-486E98A34789}) (Version: 1.0.30 - Microsoft Corporation)
 
Packages:
=========
Games -> C:\Program Files\WindowsApps\Microsoft.XboxLIVEGames_2.0.139.0_x64__8wekyb3d8bbwe [2014-12-09] (Microsoft Corporation) [MS Ad]
MSN Food & Drink -> C:\Program Files\WindowsApps\Microsoft.BingFoodAndDrink_3.0.4.336_x64__8wekyb3d8bbwe [2015-07-14] (Microsoft Corporation) [MS Ad]
MSN Health & Fitness -> C:\Program Files\WindowsApps\Microsoft.BingHealthAndFitness_3.0.4.336_x64__8wekyb3d8bbwe [2015-07-14] (Microsoft Corporation) [MS Ad]
MSN Money -> C:\Program Files\WindowsApps\Microsoft.BingFinance_3.0.4.344_x64__8wekyb3d8bbwe [2016-04-27] (Microsoft Corporation) [MS Ad]
MSN News -> C:\Program Files\WindowsApps\Microsoft.BingNews_3.0.4.344_x64__8wekyb3d8bbwe [2016-04-27] (Microsoft Corporation) [MS Ad]
MSN Sports -> C:\Program Files\WindowsApps\Microsoft.BingSports_3.0.4.345_x64__8wekyb3d8bbwe [2016-04-29] (Microsoft Corporation) [MS Ad]
MSN Travel -> C:\Program Files\WindowsApps\Microsoft.BingTravel_3.0.4.336_x64__8wekyb3d8bbwe [2015-07-14] (Microsoft Corporation) [MS Ad]
MSN Weather -> C:\Program Files\WindowsApps\Microsoft.BingWeather_3.0.4.350_x64__8wekyb3d8bbwe [2016-11-23] (Microsoft Corporation) [MS Ad]
Music -> C:\Program Files\WindowsApps\Microsoft.ZuneMusic_2.6.672.0_x64__8wekyb3d8bbwe [2015-03-14] (Microsoft Corporation) [MS Ad]
Samsung Printer Experience -> C:\Program Files\WindowsApps\SAMSUNGELECTRONICSCO.LTD.SamsungPrinterExperience_1.3.15.0_x64__3c1yjt4zspk6g [2016-04-01] (Samsung Electronics Co. Ltd.)
Skype -> C:\Program Files\WindowsApps\Microsoft.SkypeApp_3.1.0.1016_x86__kzf8qxf38zg5c [2015-06-21] (Skype) [MS Ad]
Video -> C:\Program Files\WindowsApps\Microsoft.ZuneVideo_2.6.446.0_x64__8wekyb3d8bbwe [2015-11-06] (Microsoft Corporation) [MS Ad]
Windows Phone -> C:\Program Files\WindowsApps\Microsoft.WindowsPhone_1.42.1701.1_x64__8wekyb3d8bbwe [2016-09-21] (Microsoft Corporation)
阿里旺旺 -> C:\Program Files\WindowsApps\E1354D8C.Win8_1.0.0.122_x64__97d7ef5pp7jwp [2017-11-09] (淘宝(中国)软件有限公司)
 
==================== Custom CLSID (Whitelisted): ==============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-688974935-4124263328-645016171-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\windows\system32\igfxEM.exe (Intel Corporation - Software and Firmware Products -> Intel Corporation)
CustomCLSID: HKU\S-1-5-21-688974935-4124263328-645016171-1001_Classes\CLSID\{e8c77137-e224-5791-b6e9-ff0305797a13}\InprocServer32 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems Incorporated -> Adobe Systems)
ShellIconOverlayIdentifiers: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [  GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2018-04-23] (Google Inc -> Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2018-04-23] (Google Inc -> Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2018-04-23] (Google Inc -> Google)
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2017-09-26] (Adobe Systems Incorporated -> )
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2017-09-26] (Adobe Systems Incorporated -> )
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2017-09-26] (Adobe Systems Incorporated -> )
ShellIconOverlayIdentifiers: [DBARFileBackuped] -> {831cebdd-6baf-4432-be76-9e0989c14aef} => C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBROverlayIcon.DLL [2013-08-19] (SoftThinks -> )
ShellIconOverlayIdentifiers: [DBARFileNotBackuped] -> {275e4fd7-21ef-45cf-a836-832e5d2cc1b3} => C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBROverlayNotBackuped.DLL [2013-08-19] (SoftThinks -> )
ShellIconOverlayIdentifiers-x32: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ContextMenuHandlers1-x32: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files (x86)\7-Zip\7-zip.dll [2015-01-03] (Igor Pavlov) [File not signed]
ContextMenuHandlers1: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2017-09-26] (Adobe Systems Incorporated -> )
ContextMenuHandlers1: [Adobe.Acrobat.ContextMenu] -> {A6595CD1-BF77-430A-A452-18696685F7C7} => C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat Elements\ContextMenuShim64.dll [2012-09-23] (Adobe Systems, Incorporated -> Adobe Systems Inc.)
ContextMenuHandlers1: [CLVDShellExt] -> {3E2A0A32-6E14-4BAD-AA87-BBB6A75EBFF2} => C:\Program Files (x86)\Common Files\CyberLink\ShellExtComponent\CLVDShellExt.dll [2013-08-06] (CyberLink Corp. -> Cyberlink)
ContextMenuHandlers1: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ContextMenuHandlers1: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files (x86)\Google\Drive\contextmenu64.dll [2018-04-23] (Google Inc -> Google)
ContextMenuHandlers1: [PhotoStreamsExt] -> {89D984B3-813B-406A-8298-118AFA3A22AE} => C:\Program Files\Common Files\Apple\Internet Services\ShellStreams64.dll [2019-01-15] (Apple Inc. -> Apple Inc.)
ContextMenuHandlers2: [CLVDShellExt] -> {3E2A0A32-6E14-4BAD-AA87-BBB6A75EBFF2} => C:\Program Files (x86)\Common Files\CyberLink\ShellExtComponent\CLVDShellExt.dll [2013-08-06] (CyberLink Corp. -> Cyberlink)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamext.dll [2016-03-10] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers3: [STKContextMenu] -> {90DD7445-E924-4c6e-92AC-01F8C3A7E0C7} => C:\Program Files (x86)\Amazon\SendToKindle\stkContextMenu_243.dll [2016-04-06] (Amazon Services LLC -> Amazon.com, Inc.)
ContextMenuHandlers4-x32: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files (x86)\7-Zip\7-zip.dll [2015-01-03] (Igor Pavlov) [File not signed]
ContextMenuHandlers4: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ContextMenuHandlers4: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files (x86)\Google\Drive\contextmenu64.dll [2018-04-23] (Google Inc -> Google)
ContextMenuHandlers5: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\windows\system32\igfxDTCM.dll [2014-03-07] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers5: [igfxOSP] -> {FA507C3F-30C6-4DCA-9EE5-2656072EEC14} => C:\windows\system32\igfxOSP.dll [2014-03-07] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers6-x32: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files (x86)\7-Zip\7-zip.dll [2015-01-03] (Igor Pavlov) [File not signed]
ContextMenuHandlers6: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2017-09-26] (Adobe Systems Incorporated -> )
ContextMenuHandlers6: [Adobe.Acrobat.ContextMenu] -> {A6595CD1-BF77-430A-A452-18696685F7C7} => C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat Elements\ContextMenuShim64.dll [2012-09-23] (Adobe Systems, Incorporated -> Adobe Systems Inc.)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamext.dll [2016-03-10] (Malwarebytes Corporation -> Malwarebytes)
 
==================== Codecs (Whitelisted) ====================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Drivers32: [vidc.VP60] => C:\windows\SysWOW64\vp6vfw.dll [447752 2014-09-16] (Electronic Arts -> On2.com)
HKLM\...\Drivers32: [vidc.VP61] => C:\windows\SysWOW64\vp6vfw.dll [447752 2014-09-16] (Electronic Arts -> On2.com)
HKLM\...\Drivers32: [msacm.vorbis] => C:\Windows\SysWOW64\vorbis.acm [1554944 2009-09-15] (HMS hxxp://hp.vector.co.jp/authors/VA012897/) [File not signed]
 
==================== Shortcuts & WMI ========================
 
(The entries could be listed to be restored or removed.)
 
Shortcut: C:\Users\TingTing\Favorites\NCH Software Download Site.lnk -> hxxp://www.nch.com.au/index.htm
Shortcut: C:\Users\TingTing\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Image-Line\FL Studio 10\Image-Line website.lnk -> hxxp://www.image-line.com
Shortcut: C:\Users\TingTing\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Image-Line\FL Studio 10\Advanced\Diagnostic.lnk -> hxxp://www.image-line.com/diagnosti
Shortcut: C:\Users\TingTing\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Image-Line\FL Studio 10\Additional\Download Deckadance.lnk -> hxxp://www.deckadance.com
Shortcut: C:\Users\TingTing\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Image-Line\FL Studio 10\Additional\SynthMaker website.lnk -> hxxp://www.synthmaker.co.uk
 
==================== Loaded Modules (Whitelisted) =============
 
2014-04-07 09:31 - 2014-04-07 09:31 - 000172032 _____ () [File not signed] C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\css_core.dll
2015-11-30 03:59 - 2005-04-21 23:36 - 000143360 _____ () [File not signed] C:\windows\system32\BrSNMP64.dll
2015-11-30 03:59 - 2013-03-08 01:44 - 000087040 _____ (Brother Industries, Ltd.) [File not signed] C:\windows\system32\BrNetSti.dll
2014-02-26 10:11 - 2014-02-26 10:11 - 000523264 _____ (Intel Corporation) [File not signed] C:\Program Files\Intel\Intel® Rapid Storage Technology\ISDI2.dll
2014-02-26 10:11 - 2014-02-26 10:11 - 000297984 _____ (Intel Corporation) [File not signed] C:\Program Files\Intel\Intel® Rapid Storage Technology\PsiData.dll
2014-12-03 13:27 - 2014-12-03 13:27 - 001101824 _____ (Microsoft Corporation) [File not signed] C:\windows\WinSxS\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.6195_none_cbf5e994470a1a8f\MFC80.DLL
2014-12-03 13:27 - 2014-12-03 13:27 - 000057344 _____ (Microsoft Corporation) [File not signed] C:\windows\WinSxS\x86_microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.6195_none_03ce2c72205943d3\MFC80ENU.DLL
 
==================== Alternate Data Streams (Whitelisted) ========
 
==================== Safe Mode (Whitelisted) ==================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PAexec => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PAexec => ""="Service"
 
==================== Association (Whitelisted) =================
 
==================== Internet Explorer trusted/restricted ==========
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
IE trusted site: HKU\S-1-5-21-688974935-4124263328-645016171-1001\...\alipay.com -> hxxps://alipay.com
IE trusted site: HKU\S-1-5-21-688974935-4124263328-645016171-1001\...\alipay.com -> hxxp://alipay.com
IE trusted site: HKU\S-1-5-21-688974935-4124263328-645016171-1001\...\alisoft.com -> hxxps://alisoft.com
IE trusted site: HKU\S-1-5-21-688974935-4124263328-645016171-1001\...\alisoft.com -> hxxp://alisoft.com
IE trusted site: HKU\S-1-5-21-688974935-4124263328-645016171-1001\...\dell.com -> dell.com
IE trusted site: HKU\S-1-5-21-688974935-4124263328-645016171-1001\...\taobao.com -> hxxps://taobao.com
IE trusted site: HKU\S-1-5-21-688974935-4124263328-645016171-1001\...\taobao.com -> hxxp://taobao.com
 
==================== Hosts content: =========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2013-08-22 08:25 - 2019-04-21 18:53 - 000000954 _____ C:\windows\system32\drivers\etc\hosts
127.0.0.1       localhost
127.0.0.1 activate.adobe.com
127.0.0.1 practivate.adobe.com
127.0.0.1 lmlicenses.wip4.adobe.com
127.0.0.1 lm.licenses.adobe.com
127.0.0.1 na1r.services.adobe.com
127.0.0.1 hlrcv.stage.adobe.com
 
2019-09-07 21:43 - 2019-09-07 21:45 - 000000505 _____ C:\windows\system32\drivers\etc\hosts.ics
192.168.173.102 LGwebOSTV.mshome.net # 2019 9 0 15 2 45 27 275
192.168.173.1 WINDOWS-I6D372C.mshome.net # 2024 9 5 6 2 45 27 275
 
==================== Other Areas ===========================
 
(Currently there is no automatic fix for this section.)
 
HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Calibre2\;C:\Program Files\Intel\Intel® Management Engine Components\DAL;C:\Program Files\Intel\Intel® Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT;C:\Program Files\Intel\WiFi\bin\;C:\Program Files\Common Files\Intel\WirelessCommon\
HKU\S-1-5-21-688974935-4124263328-645016171-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\TingTing\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
DNS Servers: 8.8.8.8 - 8.8.4.4
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Off)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(If an entry is included in the fixlist, it will be removed.)
 
HKLM\...\StartupApproved\StartupFolder: => "Samsung Network PC Fax.lnk"
HKLM\...\StartupApproved\Run: => "BTMTrayAgent"
HKLM\...\StartupApproved\Run: => "IAStorIcon"
HKLM\...\StartupApproved\Run: => "AdobeAAMUpdater-1.0"
HKLM\...\StartupApproved\Run: => "iTunesHelper"
HKLM\...\StartupApproved\Run: => "AdobeGCInvoker-1.0"
HKLM\...\StartupApproved\Run: => "MRT"
HKLM\...\StartupApproved\Run32: => "Adobe ARM"
HKLM\...\StartupApproved\Run32: => "Acrobat Assistant 8.0"
HKLM\...\StartupApproved\Run32: => "tvncontrol"
HKLM\...\StartupApproved\Run32: => "ControlCenter4"
HKLM\...\StartupApproved\Run32: => "BrStsMon00"
HKLM\...\StartupApproved\Run32: => "Dropbox"
HKLM\...\StartupApproved\Run32: => "Adobe Creative Cloud"
HKU\S-1-5-21-688974935-4124263328-645016171-1001\...\StartupApproved\Run: => "TouchFreeze"
HKU\S-1-5-21-688974935-4124263328-645016171-1001\...\StartupApproved\Run: => "GoogleDriveSync"
HKU\S-1-5-21-688974935-4124263328-645016171-1001\...\StartupApproved\Run: => "AvastBrowserAutoLaunch_6107A7CB8A14159DCCA158AAEFDFA448"
HKU\S-1-5-21-688974935-4124263328-645016171-1001\...\StartupApproved\Run: => "iCloudServices"
 
==================== FirewallRules (Whitelisted) ================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{49D90B04-64A3-41F6-A70F-ED16FF3D6CA4}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDirector10\PDR10.EXE (CyberLink Corp. -> CyberLink Corp.)
FirewallRules: [{B68D3207-EC40-4C54-8C3B-718AE104F278}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Movie\PowerDVD Cinema\PowerDVDCinema12.exe (CyberLink Corp. -> CyberLink Corp.)
FirewallRules: [{BBCB6CD5-3509-42A8-9918-62BEE4209C94}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{1FE8FD99-83E6-4129-8773-5F20E308FAC0}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [TCP Query User{C4367F37-E76B-4941-8FC0-FC5CEED10BE8}C:\users\tingting\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\tingting\appdata\roaming\utorrent\utorrent.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [UDP Query User{6638E8B8-1036-4031-8B6F-650CAB70D1FD}C:\users\tingting\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\tingting\appdata\roaming\utorrent\utorrent.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [{E31E9C85-873F-4D0C-83CE-FA94AA349B3D}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{4089887D-33B8-4A2A-8A3C-C0F228BDBCDE}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{F9BFF5F3-7122-4FF1-9CE1-AD76D141061A}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{104D209A-8D3D-4132-9978-9CA7743B80F2}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{B13A5F35-12DA-4A0F-B000-208E6A10DE80}] => (Allow) LPort=1689
FirewallRules: [{0B0F34E3-5368-4608-BD47-EF1D1A093D52}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{0EF7C036-CDF7-44C6-B577-B03AF114B31A}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{18F36E45-D382-49E5-A899-5AA417770778}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{D4ED90D7-9406-4B73-9EFF-EF740F6B22DF}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [TCP Query User{74B7F942-FBE0-4230-93F8-476DD1E2C9AD}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [UDP Query User{553C75ED-F846-4462-B18D-B0782772C64C}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{956A7DE6-C628-4A4C-8DDE-0150522EEB5F}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe (Intel Corporation-Wireless Connectivity Solutions -> )
FirewallRules: [{F7E089A2-9916-4A34-816F-C795D515B5A7}] => (Allow) C:\Program Files (x86)\Samsung\Samsung Printer Center\SamsungPrinterCenter.exe (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.)
FirewallRules: [{88DC5A35-4978-44BC-9326-C5B034383470}] => (Allow) LPort=1689
FirewallRules: [{384983BB-5071-4C74-82CD-F4B4CF0EF961}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{D5AF5BC9-97F1-4638-B737-05362A4E05D0}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{907E0216-27DB-407B-AE75-696DE11F8A54}] => (Allow) LPort=54925
FirewallRules: [{9D8C616E-441C-4251-9B5B-C031BFE6FDC3}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{EA7E19AC-E0BF-48E1-8FEB-BE0B385BDA73}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{EE6EBDD5-24A0-44BE-9A89-4C3CB760BDEE}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{84B667A0-7CD9-47CE-BFB7-8E926F66F69D}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{95326A45-F842-4689-B457-EBCD1C72EEE1}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{23E563BA-9FAD-4923-92A4-CFF19A24EF36}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{1E87FD3B-A442-4A6C-AE0C-B3FFE8D52B53}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{B4891DB9-CE90-47C6-B12D-931B899D8AF2}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [TCP Query User{576A8F9D-FB9E-4EA6-9D41-0DD6F9C42DF1}C:\users\tingting\appdata\roaming\utorrent\utorrent.exe] => (Block) C:\users\tingting\appdata\roaming\utorrent\utorrent.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [UDP Query User{F127DE4B-845A-46D2-930B-7756F43E7BE1}C:\users\tingting\appdata\roaming\utorrent\utorrent.exe] => (Block) C:\users\tingting\appdata\roaming\utorrent\utorrent.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [{53F55195-7D3B-4260-B3F3-1368A343F77F}] => (Allow) C:\Program Files (x86)\The Sims 4 City Living\Game\Bin\TS4.exe (Electronic Arts Inc.) [File not signed]
FirewallRules: [{AD42F5F4-F3A5-46E3-9CFD-F26EDED5AC3F}] => (Allow) C:\Program Files (x86)\The Sims 4 City Living\Game\Bin\TS4.exe (Electronic Arts Inc.) [File not signed]
FirewallRules: [{32C3E2C5-C22F-479E-A797-E2439204088A}] => (Allow) C:\Program Files (x86)\The Sims 4 City Living\Game\Bin\TS4_x64.exe (Electronic Arts Inc.) [File not signed]
FirewallRules: [{9391D705-A70F-4DC0-A416-7AE8A11ED497}] => (Allow) C:\Program Files (x86)\The Sims 4 City Living\Game\Bin\TS4_x64.exe (Electronic Arts Inc.) [File not signed]
FirewallRules: [{588F2F55-2701-4BC1-95C8-00DF7CA4AE50}] => (Allow) C:\Program Files (x86)\Samsung\Samsung Printer Center\SamsungPrinterCenter.exe (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.)
FirewallRules: [{286A4846-157D-4689-B11D-5C2079080FF6}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{FD11D334-EEEE-4EEF-A300-527143F38446}] => (Allow) C:\Program Files\iTunes\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [TCP Query User{D181722F-FBA2-42D9-8D01-632D40ACAB8B}C:\users\tingting\appdata\local\vysor\app-2.1.2\vysor.exe] => (Block) C:\users\tingting\appdata\local\vysor\app-2.1.2\vysor.exe (ClockworkMod) [File not signed]
FirewallRules: [UDP Query User{CB2F021C-B93B-4E86-8D85-D81C99103321}C:\users\tingting\appdata\local\vysor\app-2.1.2\vysor.exe] => (Block) C:\users\tingting\appdata\local\vysor\app-2.1.2\vysor.exe (ClockworkMod) [File not signed]
FirewallRules: [{C967309A-0DF1-4868-83D9-82E2D65B6B07}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe (Dropbox, Inc -> Dropbox, Inc.)
FirewallRules: [{43C467D7-4CE2-429A-BD8F-4D919A9C2A47}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
 
==================== Restore Points =========================
 
23-11-2019 19:14:31 Scheduled Checkpoint
30-11-2019 23:04:35 Scheduled Checkpoint
08-12-2019 23:42:27 Scheduled Checkpoint
11-12-2019 21:59:33 Removed WinZip 24.0.
14-12-2019 23:13:37 Removed LG United Mobile Drivers.
 
==================== Faulty Device Manager Devices ============
 
 
==================== Event log errors: ========================
 
Application errors:
==================
Error: (12/17/2019 07:22:56 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: The Open Procedure for service ".NETFramework" in DLL "C:\windows\system32\mscoree.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.
 
 
System errors:
=============
Error: (12/17/2019 06:20:07 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Origin Web Helper Service service failed to start due to the following error: 
The service did not respond to the start or control request in a timely fashion.
 
Error: (12/17/2019 06:20:07 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Origin Web Helper Service service to connect.
 
Error: (12/17/2019 06:11:27 PM) (Source: Service Control Manager) (EventID: 7043) (User: )
Description: The Windows Update service did not shut down properly after receiving a preshutdown control.
 
Error: (12/17/2019 06:10:52 PM) (Source: DCOM) (EventID: 10010) (User: WINDOWS-I6D372C)
Description: The server {9BA05972-F6A8-11CF-A442-00A0C90A8F39} did not register with DCOM within the required timeout.
 
Error: (12/17/2019 06:10:52 PM) (Source: DCOM) (EventID: 10010) (User: WINDOWS-I6D372C)
Description: The server {9BA05972-F6A8-11CF-A442-00A0C90A8F39} did not register with DCOM within the required timeout.
 
 
==================== Memory info =========================== 
 
BIOS: Dell Inc. A07 01/23/2015
Motherboard: Dell Inc. 0598GM
Processor: Intel® Core™ i5-4210U CPU @ 1.70GHz
Percentage of memory in use: 48%
Total physical RAM: 12168.96 MB
Available physical RAM: 6287.31 MB
Total Virtual: 19592.96 MB
Available Virtual: 12937.43 MB
 
==================== Drives ================================
 
Drive c: (OS) (Fixed) (Total:921.48 GB) (Free:571.17 GB) NTFS
Drive d: (The Sims 4 City Living) (CDROM) (Total:18.56 GB) (Free:0 GB) UDF
 
\\?\Volume{f8349059-91f3-41a1-a3a9-aa990f6a5539}\ (WINRETOOLS) (Fixed) (Total:1 GB) (Free:0.67 GB) NTFS
\\?\Volume{75a2b2bc-6d13-4e6b-81ec-52364e5e5b9e}\ (PBR Image) (Fixed) (Total:8.42 GB) (Free:0.74 GB) NTFS
 
==================== MBR & Partition Table ====================
 
==========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 05FA846C)
 
Partition: GPT.
 
==================== End of Addition.txt =======================
 
 
 
 
 
 
Process Explorer 
 
Process CPU Private Bytes Working Set PID Description Company Name Verified Signer
System Idle Process 95.05 0 K 4 K 0
procexp64.exe 1.93 27,660 K 52,572 K 5980 Sysinternals Process Explorer Sysinternals - www.sysinternals.com (Verified) Microsoft Corporation
chrome.exe 0.44 187,856 K 292,164 K 1912 Google Chrome Google LLC (Verified) Google LLC
chrome.exe 0.37 318,080 K 335,148 K 3692 Google Chrome Google LLC (Verified) Google LLC
chrome.exe 0.33 35,276 K 50,288 K 6440 Google Chrome Google LLC (Verified) Google LLC
Interrupts 0.22 0 K 0 K n/a Hardware Interrupts and DPCs
chrome.exe 0.21 63,508 K 93,768 K 6848 Google Chrome Google LLC (Verified) Google LLC
System 0.19 132 K 12,148 K 4
svchost.exe 0.19 31,156 K 38,460 K 468 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
chrome.exe 0.18 50,140 K 69,192 K 4092 Google Chrome Google LLC (Verified) Google LLC
dwm.exe 0.12 34,196 K 32,956 K 964
WmiPrvSE.exe 0.11 9,484 K 17,288 K 2088
chrome.exe 0.08 310,948 K 337,604 K 4468 Google Chrome Google LLC (Verified) Google LLC
chrome.exe 0.07 139,840 K 169,776 K 6760 Google Chrome Google LLC (Verified) Google LLC
chrome.exe 0.07 352,896 K 383,656 K 5868 Google Chrome Google LLC (Verified) Google LLC
csrss.exe 0.07 2,620 K 50,876 K 656
chrome.exe 0.07 156,244 K 203,148 K 5136 Google Chrome Google LLC (Verified) Google LLC
chrome.exe 0.05 43,480 K 61,748 K 6568 Google Chrome Google LLC (Verified) Google LLC
vsserv.exe 0.04 560,112 K 374,872 K 2600 Bitdefender Security Service Bitdefender (Verified) Bitdefender SRL
explorer.exe 0.04 89,032 K 135,952 K 4236 Windows Explorer Microsoft Corporation (Verified) Microsoft Windows
chrome.exe 0.03 249,820 K 288,152 K 4732 Google Chrome Google LLC (Verified) Google LLC
svchost.exe 0.02 6,768 K 9,992 K 6292 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
chrome.exe 0.02 56,420 K 86,204 K 6264 Google Chrome Google LLC (Verified) Google LLC
quickset.exe 0.02 6,376 K 15,624 K 5312 QuickSet Dell Inc. (Verified) Compal Electronics, Inc.
svchost.exe 0.01 11,764 K 17,672 K 796 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
chrome.exe 0.01 135,860 K 173,056 K 2280 Google Chrome Google LLC (Verified) Google LLC
AppleMobileDeviceService.exe 0.01 3,072 K 10,272 K 1796 MobileDeviceService Apple Inc. (Verified) Apple Inc.
AGMService.exe 0.01 2,088 K 7,496 K 1756 Adobe Genuine Software Service Adobe Systems, Incorporated (Verified) Adobe Inc.
CLMLSvc_P2G8.exe 0.01 2,944 K 1,020 K 5488 CyberLink MediaLibray Service CyberLink (Verified) CyberLink Corp.
SynTPEnh.exe < 0.01 6,340 K 4,988 K 2504 Synaptics TouchPad 64-bit Enhancements Synaptics Incorporated (Verified) Synaptics Incorporated
AdobeUpdateService.exe < 0.01 1,124 K 4,476 K 1720 Adobe Update Service Adobe Systems Incorporated (Verified) Adobe Systems Incorporated
svchost.exe < 0.01 24,108 K 29,584 K 300 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
SkyDrive.exe < 0.01 10,528 K 17,204 K 488 OneDrive Sync Engine Microsoft Corporation (Verified) Microsoft Windows
updatesrv.exe < 0.01 6,420 K 6,772 K 2576 Bitdefender Update Service Bitdefender (Verified) Bitdefender SRL
vsservppl.exe < 0.01 4,852 K 6,236 K 2692 Bitdefender Correlation Service Bitdefender (Verified) Bitdefender SRL
bdagent.exe < 0.01 16,464 K 24,752 K 5412 bdagent.exe Bitdefender (Verified) Bitdefender SRL
spoolsv.exe < 0.01 4,808 K 13,200 K 1472 Spooler SubSystem App Microsoft Corporation (Verified) Microsoft Windows
EvtEng.exe < 0.01 4,156 K 11,132 K 1116 Intel® PROSet/Wireless Event Log Service Intel® Corporation (Verified) Intel Corporation-Wireless Connectivity Solutions
ZeroConfigService.exe 8,652 K 18,976 K 2748 Intel® PROSet/Wireless Zero Configure Service Intel® Corporation (Verified) Intel Corporation-Wireless Connectivity Solutions
WUDFHost.exe 5,684 K 12,744 K 5720
wlanext.exe 4,740 K 14,112 K 1356
winlogon.exe 1,428 K 8,268 K 700
wininit.exe 816 K 3,936 K 640
unsecapp.exe 1,092 K 4,832 K 3000
taskhostex.exe 21,748 K 27,276 K 1852 Host Process for Windows Tasks Microsoft Corporation (Verified) Microsoft Windows
taskhost.exe 15,228 K 23,280 K 2760
taskeng.exe 2,748 K 5,652 K 3304
TabTip32.exe 1,564 K 4,572 K 3724
TabTip.exe 4,932 K 15,428 K 2836
SynTPHelper.exe 2,244 K 564 K 5792
svchost.exe 4,776 K 8,356 K 868 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 91,196 K 95,864 K 1044 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 4,848 K 13,352 K 2016 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 8,152 K 16,648 K 1196 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 4,856 K 11,600 K 828 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 16,112 K 24,076 K 1532 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 4,772 K 13,308 K 3368 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 1,708 K 4,800 K 3552 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
smss.exe 276 K 928 K 432
SftService.exe 1,868 K 7,668 K 2408 SoftThinks Agent Service SoftThinks SAS (Verified) Dell Inc.
SettingSyncHost.exe 5,216 K 4,432 K 4660 Host Process for Setting Synchronization Microsoft Corporation (Verified) Microsoft Windows
services.exe 3,980 K 7,256 K 748
SecUPDUtilSvc.exe 932 K 3,824 K 2532 SecUPDUtil Service (Verified) Samsung Electronics CO., LTD.
SearchIndexer.exe 21,692 K 22,540 K 5096 Microsoft Windows Search Indexer Microsoft Corporation (Verified) Microsoft Windows
RuntimeBroker.exe 5,332 K 14,744 K 1700 Runtime Broker Microsoft Corporation (Verified) Microsoft Windows
RtkNGUI64.exe 6,236 K 11,236 K 5180 Realtek HD Audio Manager Realtek Semiconductor (Verified) Realtek Semiconductor Corp
RtkAudioService64.exe 1,312 K 5,040 K 1144 Realtek Audio Service Realtek Semiconductor (Verified) Realtek Semiconductor Corp
RichVideo.exe 1,924 K 5,300 K 7132 RichVideo Module CyberLink (Verified) CyberLink Corp.
RegSrvc.exe 1,552 K 6,604 K 2512 Intel® PROSet/Wireless Registry Service Intel® Corporation (Verified) Intel Corporation-Wireless Connectivity Solutions
RAVBg64.exe 8,656 K 12,140 K 5244 HD Audio Background Process Realtek Semiconductor (Verified) Realtek Semiconductor Corp
RAVBg64.exe 5,392 K 10,356 K 1172
ProductAgentService.exe 6,168 K 13,436 K 2464 Bitdefender Agent Bitdefender (Verified) Bitdefender SRL
procexp.exe 2,384 K 7,764 K 6708 Sysinternals Process Explorer Sysinternals - www.sysinternals.com (Verified) Microsoft Corporation
PresentationFontCache.exe 26,704 K 17,348 K 3156 PresentationFontCache.exe Microsoft Corporation (Verified) Microsoft Corporation
obexsrv.exe 3,320 K 7,224 K 5940 Bluetooth OBEX Service Motorola Solutions, Inc. (Verified) Motorola Solutions Inc.
notepad.exe 3,184 K 9,044 K 4908 Notepad Microsoft Corporation (Verified) Microsoft Windows
notepad.exe 2,996 K 7,736 K 5876 Notepad Microsoft Corporation (Verified) Microsoft Windows
MotoHelperService.exe 2,424 K 8,200 K 1672 MotoHelper Service Motorola Mobility LLC (Verified) Motorola Mobility Inc.
MotoHelperAgent.exe 3,240 K 9,332 K 3748 MotoHelperAgent Motorola Mobility LLC (Verified) Motorola Mobility Inc.
mDNSResponder.exe 1,432 K 5,032 K 1860 Bonjour Service Apple Inc. (Verified) Apple Inc.
lsass.exe 4,996 K 13,368 K 756 Local Security Authority Process Microsoft Corporation (Verified) Microsoft Windows Publisher
LMS.exe 3,956 K 10,308 K 7052 Intel® Local Management Service Intel Corporation (Verified) Intel Corporation - Software and Firmware Products
jhi_service.exe 1,844 K 5,168 K 5204 Intel® Dynamic Application Loader Host Interface Intel Corporation (Verified) Intel Corporation - Intel® Management Engine Firmware
igfxTray.exe 3,820 K 10,212 K 4792 igfxTray Module Intel Corporation (Verified) Intel Corporation - Software and Firmware Products
igfxHK.exe 2,808 K 9,092 K 4412 igfxHK Module Intel Corporation (Verified) Intel Corporation - Software and Firmware Products
igfxEM.exe 4,372 K 11,848 K 3164 igfxEM Module Intel Corporation (Verified) Intel Corporation - Software and Firmware Products
igfxCUIService.exe 1,260 K 5,480 K 912 igfxCUIService Module Intel Corporation (Verified) Intel Corporation - Software and Firmware Products
IAStorDataMgrSvc.exe 25,628 K 48,720 K 6104 IAStorDataSvc Intel Corporation (Verified) Intel Corporation - Intel® Rapid Storage Technology
HeciServer.exe 1,224 K 5,260 K 1208 Intel® Capability Licensing Service Interface Intel® Corporation (No signature was present in the subject) Intel® Corporation
GoogleCrashHandler64.exe 2,572 K 136 K 6340
GoogleCrashHandler.exe 2,004 K 192 K 7080
ForwardDaemon.exe 1,236 K 4,424 K 2484 ForwardDemon Motorola (No signature was present in the subject) Motorola
DropboxUpdate.exe 1,848 K 264 K 4140
DiscoverySrv.exe 3,604 K 9,588 K 4292
devmonsrv.exe 3,744 K 8,308 K 5896 Bluetooth Device Monitor Motorola Solutions, Inc. (Verified) Motorola Solutions Inc.
DbxSvc.exe 1,984 K 4,168 K 1896 Dropbox Service Dropbox, Inc. (Verified) Dropbox, Inc
dasHost.exe 2,128 K 6,828 K 2040
csrss.exe 1,936 K 4,608 K 596
conhost.exe 636 K 2,820 K 1368
chrome.exe 66,492 K 104,316 K 4304 Google Chrome Google LLC (Verified) Google LLC
chrome.exe 109,820 K 119,724 K 5360 Google Chrome Google LLC (Verified) Google LLC
chrome.exe 5,636 K 12,236 K 6700 Google Chrome Google LLC (Verified) Google LLC
chrome.exe 45,160 K 72,804 K 456 Google Chrome Google LLC (Verified) Google LLC
chrome.exe 12,644 K 19,156 K 3924 Google Chrome Google LLC (Verified) Google LLC
chrome.exe 118,388 K 138,688 K 5952 Google Chrome Google LLC (Verified) Google LLC
chrome.exe 9,976 K 16,484 K 6228 Google Chrome Google LLC (Verified) Google LLC
chrome.exe 25,652 K 40,344 K 6840 Google Chrome Google LLC (Verified) Google LLC
chrome.exe 20,388 K 35,480 K 4756 Google Chrome Google LLC (Verified) Google LLC
chrome.exe 1,540 K 6,428 K 2460 Google Chrome Google LLC (Verified) Google LLC
chrome.exe 1,432 K 5,280 K 5200 Google Chrome Google LLC (Verified) Google LLC
bdredline.exe 2,480 K 6,112 K 1844 Bitdefender redline update Bitdefender (Verified) Bitdefender SRL
armsvc.exe 1,076 K 4,264 K 1632 Adobe Acrobat Update Service Adobe Systems (Verified) Adobe Inc.
AGSService.exe 1,712 K 7,920 K 1776 Adobe Genuine Software Integrity Service Adobe Systems, Incorporated (Verified) Adobe Inc.
AERTSr64.exe 512 K 2,480 K 1740 Andrea filters APO access service (64-bit) Andrea Electronics Corporation (Verified) Andrea Electronics
 
 
 
junk.txt
 
Image Name                     PID Services                                    
========================= ======== ============================================
System Idle Process              0 N/A                                         
System                           4 N/A                                         
smss.exe                       432 N/A                                         
csrss.exe                      596 N/A                                         
wininit.exe                    640 N/A                                         
csrss.exe                      656 N/A                                         
winlogon.exe                   700 N/A                                         
services.exe                   748 N/A                                         
lsass.exe                      756 EFS, SamSs, VaultSvc                        
svchost.exe                    828 BrokerInfrastructure, DcomLaunch, LSM,      
                                   PlugPlay, Power, SystemEventsBroker         
svchost.exe                    868 RpcEptMapper, RpcSs                         
dwm.exe                        964 N/A                                         
svchost.exe                    300 Audiosrv, Dhcp, EventLog, lmhosts, Wcmsvc,  
                                   wscsvc                                      
svchost.exe                    468 AeLookupSvc, Appinfo, BITS, Browser,        
                                   iphlpsvc, LanmanServer, MMCSS, ProfSvc,     
                                   Schedule, SENS, ShellHWDetection, Themes,   
                                   Winmgmt                                     
svchost.exe                    796 bthserv, EventSystem, FontCache, netprofm,  
                                   nsi, WdiServiceHost, WinHttpAutoProxySvc    
igfxCUIService.exe             912 igfxCUIService1.0.0.0                       
svchost.exe                   1044 AudioEndpointBuilder,                       
                                   DeviceAssociationService, NcbService,       
                                   PcaSvc, SysMain, TabletInputService,        
                                   TrkWks, WlanSvc, wudfsvc                    
RtkAudioService64.exe         1144 RtkAudioService                             
RAVBg64.exe                   1172 N/A                                         
svchost.exe                   1196 CryptSvc, Dnscache, LanmanWorkstation,      
                                   NlaSvc                                      
wlanext.exe                   1356 N/A                                         
conhost.exe                   1368 N/A                                         
spoolsv.exe                   1472 Spooler                                     
svchost.exe                   1532 BFE, DPS, MpsSvc                            
armsvc.exe                    1632 AdobeARMservice                             
AdobeUpdateService.exe        1720 AdobeUpdateService                          
AERTSr64.exe                  1740 AERTFilters                                 
AGMService.exe                1756 AGMService                                  
AGSService.exe                1776 AGSService                                  
AppleMobileDeviceService.     1796 Apple Mobile Device Service                 
bdredline.exe                 1844 bdredline                                   
mDNSResponder.exe             1860 Bonjour Service                             
DbxSvc.exe                    1896 DbxSvc                                      
svchost.exe                   2016 DiagTrack                                   
dasHost.exe                   2040 N/A                                         
EvtEng.exe                    1116 EvtEng                                      
HeciServer.exe                1208 Intel® Capability Licensing Service Interf
                                   ace                                         
MotoHelperService.exe         1672 Motorola Device Manager                     
ProductAgentService.exe       2464 ProductAgentService                         
ForwardDaemon.exe             2484 PST Service                                 
RegSrvc.exe                   2512 RegSrvc                                     
SecUPDUtilSvc.exe             2532 SamsungUPDUtilSvc                           
updatesrv.exe                 2576 updatesrv                                   
vsserv.exe                    2600 vsserv                                      
vsservppl.exe                 2692 vsservppl                                   
ZeroConfigService.exe         2748 ZeroConfigService                           
unsecapp.exe                  3000 N/A                                         
WmiPrvSE.exe                  2088 N/A                                         
svchost.exe                   3368 BthHFSrv, QWAVE, SensrSvc, SSDPSRV,         
                                   TimeBroker, upnphost                        
svchost.exe                   3552 PolicyAgent                                 
PresentationFontCache.exe     3156 FontCache3.0.0.0                            
MotoHelperAgent.exe           3748 N/A                                         
taskeng.exe                   3304 N/A                                         
taskhostex.exe                1852 N/A                                         
SynTPEnh.exe                  2504 N/A                                         
DropboxUpdate.exe             4140 N/A                                         
explorer.exe                  4236 N/A                                         
DiscoverySrv.exe              4292 N/A                                         
SearchIndexer.exe             5096 WSearch                                     
igfxEM.exe                    3164 N/A                                         
igfxHK.exe                    4412 N/A                                         
igfxTray.exe                  4792 N/A                                         
TabTip.exe                    2836 N/A                                         
TabTip32.exe                  3724 N/A                                         
RuntimeBroker.exe             1700 N/A                                         
SkyDrive.exe                   488 N/A                                         
RtkNGUI64.exe                 5180 N/A                                         
RAVBg64.exe                   5244 N/A                                         
quickset.exe                  5312 N/A                                         
bdagent.exe                   5412 N/A                                         
CLMLSvc_P2G8.exe              5488 N/A                                         
SynTPHelper.exe               5792 N/A                                         
devmonsrv.exe                 5896 Bluetooth Device Monitor                    
obexsrv.exe                   5940 Bluetooth OBEX Service                      
IAStorDataMgrSvc.exe          6104 IAStorDataMgrSvc                            
chrome.exe                    1912 N/A                                         
jhi_service.exe               5204 jhi_service                                 
chrome.exe                    5200 N/A                                         
chrome.exe                    2460 N/A                                         
chrome.exe                    3692 N/A                                         
chrome.exe                    4092 N/A                                         
chrome.exe                    5952 N/A                                         
chrome.exe                    4756 N/A                                         
chrome.exe                    6228 N/A                                         
LMS.exe                       7052 LMS                                         
GoogleCrashHandler.exe        7080 N/A                                         
RichVideo.exe                 7132 RichVideo                                   
SftService.exe                2408 SftService                                  
svchost.exe                   6292 stisvc                                      
GoogleCrashHandler64.exe      6340 N/A                                         
SettingSyncHost.exe           4660 N/A                                         
chrome.exe                    4468 N/A                                         
chrome.exe                    6568 N/A                                         
chrome.exe                    6264 N/A                                         
chrome.exe                    6700 N/A                                         
chrome.exe                    6760 N/A                                         
chrome.exe                    5360 N/A                                         
chrome.exe                    5136 N/A                                         
taskhost.exe                  2760 N/A                                         
chrome.exe                    4732 N/A                                         
chrome.exe                    5868 N/A                                         
chrome.exe                    2280 N/A                                         
chrome.exe                    4304 N/A                                         
chrome.exe                    6848 N/A                                         
chrome.exe                    6440 N/A                                         
chrome.exe                    6840 N/A                                         
procexp.exe                   6708 N/A                                         
procexp64.exe                 5980 N/A                                         
chrome.exe                     456 N/A                                         
notepad.exe                   5876 N/A                                         
notepad.exe                   4908 N/A                                         
notepad.exe                   4400 N/A                                         
chrome.exe                    5600 N/A                                         
chrome.exe                    3864 N/A                                         
audiodg.exe                   5768 N/A                                         
livecomm.exe                  6604 N/A                                         
cmd.exe                       2756 N/A                                         
conhost.exe                   5152 N/A                                         
tasklist.exe                  5424 N/A                                         
WmiPrvSE.exe                  5092 N/A                                         
 
 
 
 
Latency Monitor
 
_________________________________________________________________________________________________________
CONCLUSION
_________________________________________________________________________________________________________
Your system seems to be having difficulty handling real-time audio and other tasks. You may experience drop outs, clicks or pops due to buffer underruns. One problem may be related to power management, disable CPU throttling settings in Control Panel and BIOS setup. Check for BIOS updates. 
LatencyMon has been analyzing your system for  0:01:23  (h:mm:ss) on all processors.
 
 
_________________________________________________________________________________________________________
SYSTEM INFORMATION
_________________________________________________________________________________________________________
Computer name:                                        WINDOWS-I6D372C
OS version:                                           Windows 8.1 , 6.3, build: 9600 (x64)
Hardware:                                             Inspiron 5547, Dell Inc., 0598GM
CPU:                                                  GenuineIntel Intel® Core™ i5-4210U CPU @ 1.70GHz
Logical processors:                                   4
Processor groups:                                     1
RAM:                                                  12168 MB total
 
 
_________________________________________________________________________________________________________
CPU SPEED
_________________________________________________________________________________________________________
Reported CPU speed:                                   2394 MHz
 
Note: reported execution times may be calculated based on a fixed reported CPU speed. Disable variable speed settings like Intel Speed Step and AMD Cool N Quiet in the BIOS setup for more accurate results.
 
 
_________________________________________________________________________________________________________
MEASURED INTERRUPT TO USER PROCESS LATENCIES
_________________________________________________________________________________________________________
The interrupt to process latency reflects the measured interval that a usermode process needed to respond to a hardware request from the moment the interrupt service routine started execution. This includes the scheduling and execution of a DPC routine, the signaling of an event and the waking up of a usermode thread from an idle wait state in response to that event.
 
Highest measured interrupt to process latency (µs):   1581.465126
Average measured interrupt to process latency (µs):   11.371664
 
Highest measured interrupt to DPC latency (µs):       1577.188584
Average measured interrupt to DPC latency (µs):       1.905085
 
 
_________________________________________________________________________________________________________
 REPORTED ISRs
_________________________________________________________________________________________________________
Interrupt service routines are routines installed by the OS and device drivers that execute in response to a hardware interrupt signal.
 
Highest ISR routine execution time (µs):              49.037594
Driver with highest ISR routine execution time:       HDAudBus.sys - High Definition Audio Bus Driver, Microsoft Corporation
 
Highest reported total ISR routine time (%):          0.002774
Driver with highest ISR total time:                   USBPORT.SYS - USB 1.1 & 2.0 Port Driver, Microsoft Corporation
 
Total time spent in ISRs (%)                          0.006727
 
ISR count (execution time <250 µs):                   1918
ISR count (execution time 250-500 µs):                0
ISR count (execution time 500-999 µs):                0
ISR count (execution time 1000-1999 µs):              0
ISR count (execution time 2000-3999 µs):              0
ISR count (execution time >=4000 µs):                 0
 
 
_________________________________________________________________________________________________________
REPORTED DPCs
_________________________________________________________________________________________________________
DPC routines are part of the interrupt servicing dispatch mechanism and disable the possibility for a process to utilize the CPU while it is interrupted until the DPC has finished execution.
 
Highest DPC routine execution time (µs):              485.142857
Driver with highest DPC routine execution time:       ndis.sys - Network Driver Interface Specification (NDIS), Microsoft Corporation
 
Highest reported total DPC routine time (%):          0.057801
Driver with highest DPC total execution time:         rspLLL64.sys - Resplendence Latency Monitoring and Auxiliary Kernel Library, Resplendence Software Projects Sp.
 
Total time spent in DPCs (%)                          0.118436
 
DPC count (execution time <250 µs):                   134209
DPC count (execution time 250-500 µs):                0
DPC count (execution time 500-999 µs):                10
DPC count (execution time 1000-1999 µs):              0
DPC count (execution time 2000-3999 µs):              0
DPC count (execution time >=4000 µs):                 0
 
 
_________________________________________________________________________________________________________
 REPORTED HARD PAGEFAULTS
_________________________________________________________________________________________________________
Hard pagefaults are events that get triggered by making use of virtual memory that is not resident in RAM but backed by a memory mapped file on disk. The process of resolving the hard pagefault requires reading in the memory from disk while the process is interrupted and blocked from execution.
 
NOTE: some processes were hit by hard pagefaults. If these were programs producing audio, they are likely to interrupt the audio stream resulting in dropouts, clicks and pops. Check the Processes tab to see which programs were hit.
 
Process with highest pagefault count:                 rundll32.exe
 
Total number of hard pagefaults                       57
Hard pagefault count of hardest hit process:          27
Number of processes hit:                              7
 
 
_________________________________________________________________________________________________________
 PER CPU DATA
_________________________________________________________________________________________________________
CPU 0 Interrupt cycle time (s):                       1.278690
CPU 0 ISR highest execution time (µs):                49.037594
CPU 0 ISR total execution time (s):                   0.005465
CPU 0 ISR count:                                      512
CPU 0 DPC highest execution time (µs):                485.142857
CPU 0 DPC total execution time (s):                   0.260921
CPU 0 DPC count:                                      125390
_________________________________________________________________________________________________________
CPU 1 Interrupt cycle time (s):                       1.898371
CPU 1 ISR highest execution time (µs):                45.097744
CPU 1 ISR total execution time (s):                   0.014120
CPU 1 ISR count:                                      1155
CPU 1 DPC highest execution time (µs):                421.022974
CPU 1 DPC total execution time (s):                   0.084288
CPU 1 DPC count:                                      6020
_________________________________________________________________________________________________________
CPU 2 Interrupt cycle time (s):                       0.750923
CPU 2 ISR highest execution time (µs):                48.656642
CPU 2 ISR total execution time (s):                   0.001602
CPU 2 ISR count:                                      141
CPU 2 DPC highest execution time (µs):                203.834586
CPU 2 DPC total execution time (s):                   0.035802
CPU 2 DPC count:                                      1950
_________________________________________________________________________________________________________
CPU 3 Interrupt cycle time (s):                       1.488749
CPU 3 ISR highest execution time (µs):                32.971178
CPU 3 ISR total execution time (s):                   0.001156
CPU 3 ISR count:                                      110
CPU 3 DPC highest execution time (µs):                219.157895
CPU 3 DPC total execution time (s):                   0.012342
CPU 3 DPC count:                                      859
_________________________________________________________________________________________________________
 

Attached Files


  • 0

#4
RKinner

RKinner

    Malware Expert

  • Expert
  • 22,272 posts
  • MVP

Can you go into msconfig, Startup and

check"IAStorIcon"  Not sure about Win 8 but you may need to go to Task Manager and Enable it.

 

Open an elevated command prompt:

http://www.howtogeek...-in-windows-10/
http://www.eightforu...indows-8-a.html

(If you open an elevated Command Prompt properly it will say Administrator: Command Prompt in the margin at the top of the window)


Once you have an elevated command prompt:

Type:

 DISM  /Online  /Cleanup-Image  /RestoreHealth

 (I use two spaces so you can be sure to see where one space goes.)
Hit Enter.  This will take a while (10-20 minutes) to complete.  Once the prompt returns:

Reboot.  Open an elevated Command Prompt again and type (with an Enter after the line):
 

sfc  /scannow

This will also take a few minutes.  

When it finishes it will say one of the following:

Windows did not find any integrity violations (a good thing)
Windows Resource Protection found corrupt files and repaired them (a good thing)
Windows Resource Protection found corrupt files but was unable to fix some (or all) of them (not a good thing)

If you get the last result then type:

findstr  /c:"[SR]"  \windows\logs\cbs\cbs.log  >  %UserProfile%\desktop\junk.txt

Hit Enter.  Then type::

notepad %UserProfile%\desktop\junk.txt

Hit Enter.

 Copy the text from notepad and paste it into a reply.


After you finish SFC, regardless of the result:



1. Please download the Event Viewer Tool by Vino Rosso
http://images.malwar...om/vino/VEW.exe
and save it to your Desktop:
2. Right-click VEW.exe and Run AS Administrator
3. Under 'Select log to query', select:

* System
4. Under 'Select type to list', select:
* Error
* Warning


Then use the 'Number of events' as follows:


1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.


Please post the Output log in your next reply then repeat but select Application.  (Each time you run VEW it overwrites the log so copy the first one to a Reply or rename it before running it a second time.)


 

Go to

chrome://settings/


Find:

On Startup

 Click on

Open The New Tab Page.


Find:

Search engine
Search engine used in the address bar - change to Google


Click on Manage search engines

For each search engine except Google under Default Search Engines, click on the three bars and select Remove From List.




Scroll to the bottom and click on Advanced.

 

Now scroll to where it says System and turn off

 

Continue running background apps when Google Chrome is closed
 

Under

Privacy and security

 

turn off:

 

Preload pages for faster browsing and searching

 

Restart Chrome.

 

Rerun Latency Monitor.  Please let it run for only 20-25 seconds.  Then copy the Report again.  Also click on the Processes tab and then click once or twice on the Hard Pagefaults column header until the processes with pagefaults are at the top.  Then take a screenshot of the page, save it as a .jpg and attach it to a Reply.  Then on the Drivers tab, click on DPC Count to get the drivers with highest DPC Count at the top then take another screenshot.

 

Speccy says your laptop is running a bit hot.  Sometimes Speccy is wrong so let's get a second opinion.

Run Speedfan to monitor your temps in real time:



http://www.filehippo...nload_speedfan/

Download, save and Install it (Win 7+ or Vista right click and Run As Admin.) then run it (Win 7+ or Vista right click and Run As Admin.).

It will tell you your temps in real time tho the default is to show the hard drive temp in the systray.  You can change it:  Hit Configure then click on the highest temp and check Show in tray.  With no other programs running what is the highest temp you see?  Run an anti-virus scan, play one of your games or watch a video for at least 5 minutes.  What is the highest temp now?
 

We don't really want it to go over about 65 under load.  If it does it usually means either the fan is defective (speedfan should tell you your fan speed so you can see if it is running) or (most likely) the interface between the fan and the heatsink is clogged with dust. The best fix for a clogged heatsink is to remove the fan (not the heatsink or heatpipe) and vacuum out the heatsink.  However on some PCs this is major surgery.  Sometimes you can blow air backwards through the exhaust vent while vacuuming at the input vent and if you are lucky it may clear the heatsink.  Don't do it too long as the fan may overrev.

 


  • 0

#5
tingtingz

tingtingz

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
Vino's Event Viewer v01c run on Windows 7 in English
Report run at 19/12/2019 4:21:32 AM
 
Note: All dates below are in the format dd/mm/yyyy
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 19/12/2019 6:38:25 AM
Type: Error Category: 0
Event: 7000 Source: Service Control Manager
The Origin Web Helper Service service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
 
Log: 'System' Date/Time: 19/12/2019 6:38:25 AM
Type: Error Category: 0
Event: 7009 Source: Service Control Manager
A timeout was reached (30000 milliseconds) while waiting for the Origin Web Helper Service service to connect.
 
Log: 'System' Date/Time: 17/12/2019 11:20:07 PM
Type: Error Category: 0
Event: 7000 Source: Service Control Manager
The Origin Web Helper Service service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
 
Log: 'System' Date/Time: 17/12/2019 11:20:07 PM
Type: Error Category: 0
Event: 7009 Source: Service Control Manager
A timeout was reached (30000 milliseconds) while waiting for the Origin Web Helper Service service to connect.
 
Log: 'System' Date/Time: 17/12/2019 11:11:27 PM
Type: Error Category: 0
Event: 7043 Source: Service Control Manager
The Windows Update service did not shut down properly after receiving a preshutdown control.
 
Log: 'System' Date/Time: 17/12/2019 11:10:52 PM
Type: Error Category: 0
Event: 10010 Source: Microsoft-Windows-DistributedCOM
The server {9BA05972-F6A8-11CF-A442-00A0C90A8F39} did not register with DCOM within the required timeout.
 
Log: 'System' Date/Time: 17/12/2019 11:10:52 PM
Type: Error Category: 0
Event: 10010 Source: Microsoft-Windows-DistributedCOM
The server {9BA05972-F6A8-11CF-A442-00A0C90A8F39} did not register with DCOM within the required timeout.
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 19/12/2019 9:15:24 AM
Type: Warning Category: 0
Event: 1 Source: RTL8168
Realtek PCIe FE Family Controller is disconnected from network.
 
Log: 'System' Date/Time: 19/12/2019 7:09:48 AM
Type: Warning Category: 0
Event: 1 Source: RTL8168
Realtek PCIe FE Family Controller is disconnected from network.
 
Log: 'System' Date/Time: 19/12/2019 6:38:24 AM
Type: Warning Category: 7
Event: 37 Source: Microsoft-Windows-Kernel-Processor-Power
The speed of processor 0 in group 0 is being limited by system firmware. The processor has been in this reduced performance state for 71 seconds since the last report.
 
Log: 'System' Date/Time: 19/12/2019 6:38:24 AM
Type: Warning Category: 7
Event: 37 Source: Microsoft-Windows-Kernel-Processor-Power
The speed of processor 2 in group 0 is being limited by system firmware. The processor has been in this reduced performance state for 71 seconds since the last report.
 
Log: 'System' Date/Time: 19/12/2019 6:38:24 AM
Type: Warning Category: 7
Event: 37 Source: Microsoft-Windows-Kernel-Processor-Power
The speed of processor 3 in group 0 is being limited by system firmware. The processor has been in this reduced performance state for 71 seconds since the last report.
 
Log: 'System' Date/Time: 19/12/2019 6:38:24 AM
Type: Warning Category: 7
Event: 37 Source: Microsoft-Windows-Kernel-Processor-Power
The speed of processor 1 in group 0 is being limited by system firmware. The processor has been in this reduced performance state for 71 seconds since the last report.
 
Log: 'System' Date/Time: 19/12/2019 6:37:31 AM
Type: Warning Category: 0
Event: 11 Source: Microsoft-Windows-Wininit
Custom dynamic link libraries are being loaded for every application. The system administrator should review the list of libraries to ensure they are related to trusted applications. Please visit http://support.microsoft.com/kb/197571for more information.
 
Log: 'System' Date/Time: 19/12/2019 6:37:13 AM
Type: Warning Category: 0
Event: 1 Source: RTL8168
Realtek PCIe FE Family Controller is disconnected from network.
 
Log: 'System' Date/Time: 19/12/2019 6:36:23 AM
Type: Warning Category: 0
Event: 10002 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN Extensibility Module has stopped.  Module Path: C:\windows\System32\IWMSSvc.dll 
 
Log: 'System' Date/Time: 19/12/2019 3:23:46 AM
Type: Warning Category: 0
Event: 1 Source: RTL8168
Realtek PCIe FE Family Controller is disconnected from network.
 
Log: 'System' Date/Time: 19/12/2019 1:27:09 AM
Type: Warning Category: 0
Event: 1 Source: RTL8168
Realtek PCIe FE Family Controller is disconnected from network.
 
Log: 'System' Date/Time: 18/12/2019 9:23:35 PM
Type: Warning Category: 0
Event: 1 Source: RTL8168
Realtek PCIe FE Family Controller is disconnected from network.
 
Log: 'System' Date/Time: 18/12/2019 7:45:39 PM
Type: Warning Category: 0
Event: 1 Source: RTL8168
Realtek PCIe FE Family Controller is disconnected from network.
 
Log: 'System' Date/Time: 18/12/2019 2:41:34 PM
Type: Warning Category: 0
Event: 1 Source: RTL8168
Realtek PCIe FE Family Controller is disconnected from network.
 
Log: 'System' Date/Time: 18/12/2019 8:01:38 AM
Type: Warning Category: 0
Event: 1 Source: RTL8168
Realtek PCIe FE Family Controller is disconnected from network.
 
Log: 'System' Date/Time: 18/12/2019 4:53:26 AM
Type: Warning Category: 0
Event: 1 Source: RTL8168
Realtek PCIe FE Family Controller is disconnected from network.
 
Log: 'System' Date/Time: 18/12/2019 3:43:57 AM
Type: Warning Category: 0
Event: 1 Source: RTL8168
Realtek PCIe FE Family Controller is disconnected from network.
 
Log: 'System' Date/Time: 18/12/2019 12:43:34 AM
Type: Warning Category: 212
Event: 219 Source: Microsoft-Windows-Kernel-PnP
The driver \Driver\WudfRd failed to load for the device SWD\SensorsAndLocationEnum\LPSensorSWDevice.
 
Log: 'System' Date/Time: 17/12/2019 11:19:38 PM
Type: Warning Category: 7
Event: 37 Source: Microsoft-Windows-Kernel-Processor-Power
The speed of processor 2 in group 0 is being limited by system firmware. The processor has been in this reduced performance state for 71 seconds since the last report.
 
Log: 'System' Date/Time: 17/12/2019 11:19:38 PM
Type: Warning Category: 7
Event: 37 Source: Microsoft-Windows-Kernel-Processor-Power
The speed of processor 3 in group 0 is being limited by system firmware. The processor has been in this reduced performance state for 71 seconds since the last report.
 
 
 
 
 
Vino's Event Viewer v01c run on Windows 7 in English
Report run at 19/12/2019 4:22:44 AM
 
Note: All dates below are in the format dd/mm/yyyy
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 19/12/2019 6:47:46 AM
Type: Error Category: 0
Event: 0 Source: Office 2013 Licensing Service
The event description cannot be found.
 
Log: 'Application' Date/Time: 19/12/2019 4:40:09 AM
Type: Error Category: 1
Event: 2006 Source: Microsoft-Windows-LocationProvider
There was an error with the Windows Location Provider database
 
Log: 'Application' Date/Time: 18/12/2019 9:26:50 PM
Type: Error Category: 4
Event: 281 Source: DbxSvc
CertFindCertificateInStore failed with: (-2146885628) Cannot find object or property. 
 
Log: 'Application' Date/Time: 18/12/2019 9:26:50 PM
Type: Error Category: 4
Event: 281 Source: DbxSvc
CertFindCertificateInStore failed with: (-2146885628) Cannot find object or property. 
 
Log: 'Application' Date/Time: 18/12/2019 2:41:58 PM
Type: Error Category: 0
Event: 100 Source: Bonjour Service
Task Scheduling Error: m->NextScheduledSPRetry 17687
 
Log: 'Application' Date/Time: 18/12/2019 2:41:58 PM
Type: Error Category: 0
Event: 100 Source: Bonjour Service
Task Scheduling Error: m->NextScheduledEvent 17687
 
Log: 'Application' Date/Time: 18/12/2019 2:41:58 PM
Type: Error Category: 0
Event: 100 Source: Bonjour Service
Task Scheduling Error: Continuously busy for more than a second
 
Log: 'Application' Date/Time: 18/12/2019 2:41:57 PM
Type: Error Category: 0
Event: 100 Source: Bonjour Service
Task Scheduling Error: m->NextScheduledSPRetry 16468
 
Log: 'Application' Date/Time: 18/12/2019 2:41:57 PM
Type: Error Category: 0
Event: 100 Source: Bonjour Service
Task Scheduling Error: m->NextScheduledEvent 16468
 
Log: 'Application' Date/Time: 18/12/2019 2:41:57 PM
Type: Error Category: 0
Event: 100 Source: Bonjour Service
Task Scheduling Error: Continuously busy for more than a second
 
Log: 'Application' Date/Time: 18/12/2019 2:41:56 PM
Type: Error Category: 0
Event: 100 Source: Bonjour Service
Task Scheduling Error: m->NextScheduledSPRetry 15250
 
Log: 'Application' Date/Time: 18/12/2019 2:41:56 PM
Type: Error Category: 0
Event: 100 Source: Bonjour Service
Task Scheduling Error: m->NextScheduledEvent 15250
 
Log: 'Application' Date/Time: 18/12/2019 2:41:56 PM
Type: Error Category: 0
Event: 100 Source: Bonjour Service
Task Scheduling Error: Continuously busy for more than a second
 
Log: 'Application' Date/Time: 18/12/2019 2:41:55 PM
Type: Error Category: 0
Event: 100 Source: Bonjour Service
Task Scheduling Error: m->NextScheduledSPRetry 13984
 
Log: 'Application' Date/Time: 18/12/2019 2:41:55 PM
Type: Error Category: 0
Event: 100 Source: Bonjour Service
Task Scheduling Error: m->NextScheduledEvent 13984
 
Log: 'Application' Date/Time: 18/12/2019 2:41:55 PM
Type: Error Category: 0
Event: 100 Source: Bonjour Service
Task Scheduling Error: Continuously busy for more than a second
 
Log: 'Application' Date/Time: 18/12/2019 2:41:53 PM
Type: Error Category: 0
Event: 100 Source: Bonjour Service
Task Scheduling Error: m->NextScheduledSPRetry 12718
 
Log: 'Application' Date/Time: 18/12/2019 2:41:53 PM
Type: Error Category: 0
Event: 100 Source: Bonjour Service
Task Scheduling Error: m->NextScheduledEvent 12718
 
Log: 'Application' Date/Time: 18/12/2019 2:41:53 PM
Type: Error Category: 0
Event: 100 Source: Bonjour Service
Task Scheduling Error: Continuously busy for more than a second
 
Log: 'Application' Date/Time: 18/12/2019 2:41:52 PM
Type: Error Category: 0
Event: 100 Source: Bonjour Service
Task Scheduling Error: m->NextScheduledSPRetry 11484
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 19/12/2019 9:15:33 AM
Type: Warning Category: 0
Event: 8233 Source: Microsoft-Windows-Security-SPP
The rules engine reported a failed VL activation attempt. Reason:0xC004F074 AppId = 0ff1ce15-a989-479d-af46-f275c6370663, SkuId = b322da9c-a2e2-4058-9e4e-f59a6970bd69 Trigger=NetworkAvailable
 
Log: 'Application' Date/Time: 19/12/2019 7:10:01 AM
Type: Warning Category: 0
Event: 8233 Source: Microsoft-Windows-Security-SPP
The rules engine reported a failed VL activation attempt. Reason:0xC004F074 AppId = 0ff1ce15-a989-479d-af46-f275c6370663, SkuId = b322da9c-a2e2-4058-9e4e-f59a6970bd69 Trigger=UserLogon(1)
 
Log: 'Application' Date/Time: 19/12/2019 7:09:54 AM
Type: Warning Category: 0
Event: 8233 Source: Microsoft-Windows-Security-SPP
The rules engine reported a failed VL activation attempt. Reason:0xC004F074 AppId = 0ff1ce15-a989-479d-af46-f275c6370663, SkuId = b322da9c-a2e2-4058-9e4e-f59a6970bd69 Trigger=NetworkAvailable
 
Log: 'Application' Date/Time: 19/12/2019 6:39:20 AM
Type: Warning Category: 0
Event: 8233 Source: Microsoft-Windows-Security-SPP
The rules engine reported a failed VL activation attempt. Reason:0xC004F074 AppId = 0ff1ce15-a989-479d-af46-f275c6370663, SkuId = b322da9c-a2e2-4058-9e4e-f59a6970bd69 Trigger=NetworkAvailable
 
Log: 'Application' Date/Time: 19/12/2019 3:28:56 AM
Type: Warning Category: 0
Event: 8233 Source: Microsoft-Windows-Security-SPP
The rules engine reported a failed VL activation attempt. Reason:0xC004F074 AppId = 0ff1ce15-a989-479d-af46-f275c6370663, SkuId = b322da9c-a2e2-4058-9e4e-f59a6970bd69 Trigger=NetworkQuarantineRetry
 
Log: 'Application' Date/Time: 19/12/2019 3:24:12 AM
Type: Warning Category: 0
Event: 8233 Source: Microsoft-Windows-Security-SPP
The rules engine reported a failed VL activation attempt. Reason:0xC004F074 AppId = 0ff1ce15-a989-479d-af46-f275c6370663, SkuId = b322da9c-a2e2-4058-9e4e-f59a6970bd69 Trigger=NetworkAvailable
 
Log: 'Application' Date/Time: 19/12/2019 1:32:19 AM
Type: Warning Category: 0
Event: 8233 Source: Microsoft-Windows-Security-SPP
The rules engine reported a failed VL activation attempt. Reason:0xC004F074 AppId = 0ff1ce15-a989-479d-af46-f275c6370663, SkuId = b322da9c-a2e2-4058-9e4e-f59a6970bd69 Trigger=NetworkQuarantineRetry
 
Log: 'Application' Date/Time: 19/12/2019 1:27:19 AM
Type: Warning Category: 0
Event: 8233 Source: Microsoft-Windows-Security-SPP
The rules engine reported a failed VL activation attempt. Reason:0xC004F074 AppId = 0ff1ce15-a989-479d-af46-f275c6370663, SkuId = b322da9c-a2e2-4058-9e4e-f59a6970bd69 Trigger=NetworkAvailable
 
Log: 'Application' Date/Time: 19/12/2019 1:27:17 AM
Type: Warning Category: 3
Event: 472 Source: ESENT
LiveComm (6760) C:\Users\TingTing\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\6dc0c0cbbbe88ea0\120712-0049\: The shadow header page of file C:\Users\TingTing\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\6dc0c0cbbbe88ea0\120712-0049\DBStore\edb.chk was damaged. The primary header page (4096 bytes) was used instead.
 
Log: 'Application' Date/Time: 18/12/2019 9:28:42 PM
Type: Warning Category: 0
Event: 8233 Source: Microsoft-Windows-Security-SPP
The rules engine reported a failed VL activation attempt. Reason:0xC004F074 AppId = 0ff1ce15-a989-479d-af46-f275c6370663, SkuId = b322da9c-a2e2-4058-9e4e-f59a6970bd69 Trigger=NetworkQuarantineRetry
 
Log: 'Application' Date/Time: 18/12/2019 9:23:42 PM
Type: Warning Category: 0
Event: 8233 Source: Microsoft-Windows-Security-SPP
The rules engine reported a failed VL activation attempt. Reason:0xC004F074 AppId = 0ff1ce15-a989-479d-af46-f275c6370663, SkuId = b322da9c-a2e2-4058-9e4e-f59a6970bd69 Trigger=NetworkAvailable
 
Log: 'Application' Date/Time: 18/12/2019 7:50:59 PM
Type: Warning Category: 0
Event: 8233 Source: Microsoft-Windows-Security-SPP
The rules engine reported a failed VL activation attempt. Reason:0xC004F074 AppId = 0ff1ce15-a989-479d-af46-f275c6370663, SkuId = b322da9c-a2e2-4058-9e4e-f59a6970bd69 Trigger=NetworkQuarantineRetry
 
Log: 'Application' Date/Time: 18/12/2019 7:46:05 PM
Type: Warning Category: 0
Event: 8233 Source: Microsoft-Windows-Security-SPP
The rules engine reported a failed VL activation attempt. Reason:0xC004F074 AppId = 0ff1ce15-a989-479d-af46-f275c6370663, SkuId = b322da9c-a2e2-4058-9e4e-f59a6970bd69 Trigger=NetworkAvailable
 
Log: 'Application' Date/Time: 18/12/2019 7:45:59 PM
Type: Warning Category: 0
Event: 8233 Source: Microsoft-Windows-Security-SPP
The rules engine reported a failed VL activation attempt. Reason:0xC004F074 AppId = 0ff1ce15-a989-479d-af46-f275c6370663, SkuId = b322da9c-a2e2-4058-9e4e-f59a6970bd69 Trigger=NetworkAvailable
 
Log: 'Application' Date/Time: 18/12/2019 2:41:56 PM
Type: Warning Category: 0
Event: 8233 Source: Microsoft-Windows-Security-SPP
The rules engine reported a failed VL activation attempt. Reason:0xC004F074 AppId = 0ff1ce15-a989-479d-af46-f275c6370663, SkuId = b322da9c-a2e2-4058-9e4e-f59a6970bd69 Trigger=NetworkAvailable
 
Log: 'Application' Date/Time: 18/12/2019 8:06:45 AM
Type: Warning Category: 0
Event: 8233 Source: Microsoft-Windows-Security-SPP
The rules engine reported a failed VL activation attempt. Reason:0xC004F074 AppId = 0ff1ce15-a989-479d-af46-f275c6370663, SkuId = b322da9c-a2e2-4058-9e4e-f59a6970bd69 Trigger=NetworkQuarantineRetry
 
Log: 'Application' Date/Time: 18/12/2019 8:01:45 AM
Type: Warning Category: 0
Event: 8233 Source: Microsoft-Windows-Security-SPP
The rules engine reported a failed VL activation attempt. Reason:0xC004F074 AppId = 0ff1ce15-a989-479d-af46-f275c6370663, SkuId = b322da9c-a2e2-4058-9e4e-f59a6970bd69 Trigger=NetworkAvailable
 
Log: 'Application' Date/Time: 18/12/2019 4:53:34 AM
Type: Warning Category: 0
Event: 8233 Source: Microsoft-Windows-Security-SPP
The rules engine reported a failed VL activation attempt. Reason:0xC004F074 AppId = 0ff1ce15-a989-479d-af46-f275c6370663, SkuId = b322da9c-a2e2-4058-9e4e-f59a6970bd69 Trigger=NetworkAvailable
 
Log: 'Application' Date/Time: 18/12/2019 3:44:05 AM
Type: Warning Category: 0
Event: 8233 Source: Microsoft-Windows-Security-SPP
The rules engine reported a failed VL activation attempt. Reason:0xC004F074 AppId = 0ff1ce15-a989-479d-af46-f275c6370663, SkuId = b322da9c-a2e2-4058-9e4e-f59a6970bd69 Trigger=NetworkAvailable
 
Log: 'Application' Date/Time: 17/12/2019 11:21:47 PM
Type: Warning Category: 0
Event: 8233 Source: Microsoft-Windows-Security-SPP
The rules engine reported a failed VL activation attempt. Reason:0xC004F074 AppId = 0ff1ce15-a989-479d-af46-f275c6370663, SkuId = b322da9c-a2e2-4058-9e4e-f59a6970bd69 Trigger=UserLogon(1)
 
 
 
 
LatencyMon report
 
 
_________________________________________________________________________________________________________
CONCLUSION
_________________________________________________________________________________________________________
Your system appears to be suitable for handling real-time audio and other tasks without dropouts. 
LatencyMon has been analyzing your system for  0:00:23  (h:mm:ss) on all processors.
 
 
_________________________________________________________________________________________________________
SYSTEM INFORMATION
_________________________________________________________________________________________________________
Computer name:                                        WINDOWS-I6D372C
OS version:                                           Windows 8.1 , 6.3, build: 9600 (x64)
Hardware:                                             Inspiron 5547, Dell Inc., 0598GM
CPU:                                                  GenuineIntel Intel® Core™ i5-4210U CPU @ 1.70GHz
Logical processors:                                   4
Processor groups:                                     1
RAM:                                                  12168 MB total
 
 
_________________________________________________________________________________________________________
CPU SPEED
_________________________________________________________________________________________________________
Reported CPU speed:                                   2394 MHz
 
Note: reported execution times may be calculated based on a fixed reported CPU speed. Disable variable speed settings like Intel Speed Step and AMD Cool N Quiet in the BIOS setup for more accurate results.
 
 
_________________________________________________________________________________________________________
MEASURED INTERRUPT TO USER PROCESS LATENCIES
_________________________________________________________________________________________________________
The interrupt to process latency reflects the measured interval that a usermode process needed to respond to a hardware request from the moment the interrupt service routine started execution. This includes the scheduling and execution of a DPC routine, the signaling of an event and the waking up of a usermode thread from an idle wait state in response to that event.
 
Highest measured interrupt to process latency (µs):   201.425029
Average measured interrupt to process latency (µs):   14.346836
 
Highest measured interrupt to DPC latency (µs):       193.727257
Average measured interrupt to DPC latency (µs):       2.313879
 
 
_________________________________________________________________________________________________________
 REPORTED ISRs
_________________________________________________________________________________________________________
Interrupt service routines are routines installed by the OS and device drivers that execute in response to a hardware interrupt signal.
 
Highest ISR routine execution time (µs):              49.102757
Driver with highest ISR routine execution time:       HDAudBus.sys - High Definition Audio Bus Driver, Microsoft Corporation
 
Highest reported total ISR routine time (%):          0.010667
Driver with highest ISR total time:                   Wdf01000.sys - Kernel Mode Driver Framework Runtime, Microsoft Corporation
 
Total time spent in ISRs (%)                          0.012776
 
ISR count (execution time <250 µs):                   1095
ISR count (execution time 250-500 µs):                0
ISR count (execution time 500-999 µs):                0
ISR count (execution time 1000-1999 µs):              0
ISR count (execution time 2000-3999 µs):              0
ISR count (execution time >=4000 µs):                 0
 
 
_________________________________________________________________________________________________________
REPORTED DPCs
_________________________________________________________________________________________________________
DPC routines are part of the interrupt servicing dispatch mechanism and disable the possibility for a process to utilize the CPU while it is interrupted until the DPC has finished execution.
 
Highest DPC routine execution time (µs):              272.685046
Driver with highest DPC routine execution time:       Wdf01000.sys - Kernel Mode Driver Framework Runtime, Microsoft Corporation
 
Highest reported total DPC routine time (%):          0.075657
Driver with highest DPC total execution time:         Wdf01000.sys - Kernel Mode Driver Framework Runtime, Microsoft Corporation
 
Total time spent in DPCs (%)                          0.225543
 
DPC count (execution time <250 µs):                   29718
DPC count (execution time 250-500 µs):                0
DPC count (execution time 500-999 µs):                1
DPC count (execution time 1000-1999 µs):              0
DPC count (execution time 2000-3999 µs):              0
DPC count (execution time >=4000 µs):                 0
 
 
_________________________________________________________________________________________________________
 REPORTED HARD PAGEFAULTS
_________________________________________________________________________________________________________
Hard pagefaults are events that get triggered by making use of virtual memory that is not resident in RAM but backed by a memory mapped file on disk. The process of resolving the hard pagefault requires reading in the memory from disk while the process is interrupted and blocked from execution.
 
NOTE: some processes were hit by hard pagefaults. If these were programs producing audio, they are likely to interrupt the audio stream resulting in dropouts, clicks and pops. Check the Processes tab to see which programs were hit.
 
Process with highest pagefault count:                 vsserv.exe
 
Total number of hard pagefaults                       458
Hard pagefault count of hardest hit process:          448
Number of processes hit:                              1
 
 
_________________________________________________________________________________________________________
 PER CPU DATA
_________________________________________________________________________________________________________
CPU 0 Interrupt cycle time (s):                       0.441637
CPU 0 ISR highest execution time (µs):                49.102757
CPU 0 ISR total execution time (s):                   0.003612
CPU 0 ISR count:                                      329
CPU 0 DPC highest execution time (µs):                205.077694
CPU 0 DPC total execution time (s):                   0.105630
CPU 0 DPC count:                                      26744
_________________________________________________________________________________________________________
CPU 1 Interrupt cycle time (s):                       0.412656
CPU 1 ISR highest execution time (µs):                28.699248
CPU 1 ISR total execution time (s):                   0.001899
CPU 1 ISR count:                                      163
CPU 1 DPC highest execution time (µs):                128.885129
CPU 1 DPC total execution time (s):                   0.012841
CPU 1 DPC count:                                      489
_________________________________________________________________________________________________________
CPU 2 Interrupt cycle time (s):                       0.349232
CPU 2 ISR highest execution time (µs):                21.573935
CPU 2 ISR total execution time (s):                   0.001684
CPU 2 ISR count:                                      165
CPU 2 DPC highest execution time (µs):                216.416040
CPU 2 DPC total execution time (s):                   0.047335
CPU 2 DPC count:                                      1140
_________________________________________________________________________________________________________
CPU 3 Interrupt cycle time (s):                       0.436491
CPU 3 ISR highest execution time (µs):                44.401003
CPU 3 ISR total execution time (s):                   0.004631
CPU 3 ISR count:                                      438
CPU 3 DPC highest execution time (µs):                272.685046
CPU 3 DPC total execution time (s):                   0.042965
CPU 3 DPC count:                                      1346
_________________________________________________________________________________________________________
 
 
The fan's highest temperature for the HD0 30c Core0 33C Core1 33C with no application running
The fan's highest temperature for the HD0 43C Core0 53C Core1 52C with antivirus scan and watching a video for more than 5 minutes
 

Attached Thumbnails

  • LatencyMon Processes 12.18.19.jpg
  • LatencyMon Drivers 12.18.19.jpg

  • 0

#6
RKinner

RKinner

    Malware Expert

  • Expert
  • 22,272 posts
  • MVP

Errors often slow things down so let's try to get rid of as many as we can:

 

You have 4 programs causing most of your errors:

 

Office 2013

Dropbox

Bonjour

Origin

 

Office is complaining about a license issue so perhaps your license has expired.  If you no longer use Office I would uninstall it.

 

Dropbox is missing files so if you use it (I think you need to pay for it) it needs to be reinstalled.  If you got it as foistware and don't use it then just uninstall it.

 

Bonjour is used to detect Apple products on your local network.  You can probably live without it.   found this on downloading it if you feel you need it.

 
Allen H. Porter September 28, 2017 09:08

Download the iTunes installer (from Apple) for Windows.

Use an archive program like  7zip (http://www.7-zip.org/download.html)  to open the installer file you just downloaded.

Inside the iTunes installer you will find Bonjour64.msi (or Bonjour32.msi).  Use that MSI file to install Bonjour on your PC.

 

If you installed the entire iTunes package you have it also.

 

 

 

Origin is not starting so needs to be reinstalled.

https://www.origin.c.../store/download

 

Reboot and rerun VEW when done.


  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP