Hi
My computer starts up slow. I wanted to run a malware scan with Malwarebytes but it won't run. I tried to install a newer verison of Malwarebytes but it would not install because of the outdated Malwarebytes I have on my laptop. I can't uninstall the outdated Malwarebytes because an error pop up saying File C:\Program Files(x86)\Malwarebytes Anti-Malware\unins000.dat does not exist. Cannot uninstall. I downloaded and install Bitdefender antivirus to do a malware scan. 6 threats are found. Three of the threats found are
Adware.Linury.AU. Path: C:\Users\TingTing\AppData\Local\AutoSoftware\AutoSoftware_run.exe.
Adware.Linury.AM. Path: C:\Users\TingTing\AppData\Local\AutoSoftware\ihfznabx\evwnb.dll,
Application.Generic.1517753 Path: C:\Users\TingTing\AppData\Local\AutoSoftware\ihfznabx\nbouwe.dll.
What should I do with these threats? Sometimes when I restart my laptop I get a pop up at startup asking for access from the file C:\windows\system32\MRT.exe , should I allow it? Thank you.
Here are my scan logs
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 14-12-2019
Ran by TingTing (administrator) on WINDOWS-I6D372C (Dell Inc. Inspiron 5547) (15-12-2019 14:04:17)
Running from C:\Users\TingTing\Downloads
Loaded Profiles: TingTing (Available Profiles: TingTing)
Platform: Windows 8.1 (Update) (X64) Language: English (United States)
Default browser: Chrome
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Adobe Inc. -> Adobe Systems) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(Adobe Inc. -> Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe
(Adobe Inc. -> Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(Adobe Systems Incorporated -> Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe
(Andrea Electronics -> Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Bitdefender SRL -> Bitdefender) C:\Program Files\Bitdefender Agent\DiscoverySrv.exe
(Bitdefender SRL -> Bitdefender) C:\Program Files\Bitdefender Agent\ProductAgentService.exe
(Bitdefender SRL -> Bitdefender) C:\Program Files\Bitdefender Antivirus Free\bdagent.exe
(Bitdefender SRL -> Bitdefender) C:\Program Files\Bitdefender Antivirus Free\bdredline.exe
(Bitdefender SRL -> Bitdefender) C:\Program Files\Bitdefender Antivirus Free\updatesrv.exe
(Bitdefender SRL -> Bitdefender) C:\Program Files\Bitdefender Antivirus Free\vsserv.exe
(Bitdefender SRL -> Bitdefender) C:\Program Files\Bitdefender Antivirus Free\vsservppl.exe
(Compal Electronics, Inc. -> Dell Inc.) C:\Program Files\Dell\QuickSet\quickset.exe
(CyberLink Corp. -> CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(CyberLink Corp. -> CyberLink) C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
(Dell Inc. -> SoftThinks SAS) C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe
(Dropbox, Inc -> Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe
(Google Inc -> Google Inc.) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.35.422\GoogleCrashHandler.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.35.422\GoogleCrashHandler64.exe
(Intel Corporation - Intel® Management Engine Firmware -> Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Intel Corporation - Intel® Rapid Storage Technology -> Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation - Software and Firmware Products -> Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation - Software and Firmware Products -> Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Intel Corporation - Software and Firmware Products -> Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation - Software and Firmware Products -> Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation - Software and Firmware Products -> Intel Corporation) C:\Windows\System32\igfxTray.exe
(Intel Corporation-Wireless Connectivity Solutions -> Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Intel Corporation-Wireless Connectivity Solutions -> Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Intel Corporation-Wireless Connectivity Solutions -> Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Intel® Corporation) [File not signed] C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Motorola Mobility Inc. -> Motorola Mobility LLC) C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe
(Motorola Mobility Inc. -> Motorola Mobility LLC) C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe
(Motorola Solutions Inc. -> Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Motorola Solutions Inc. -> Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Motorola) [File not signed] C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe
(Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Samsung Electronics CO., LTD. -> ) C:\Windows\SysWOW64\SecUPDUtilSvc.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
==================== Registry (Whitelisted) ===================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7506648 2013-12-27] (Realtek Semiconductor Corp -> Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1374424 2014-01-09] (Realtek Semiconductor Corp -> Realtek Semiconductor)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [287592 2014-02-26] (Intel Corporation - Intel® Rapid Storage Technology -> Intel Corporation)
HKLM\...\Run: [QuickSet] => C:\Program Files\Dell\QuickSet\QuickSet.exe [5789512 2014-01-15] (Compal Electronics, Inc. -> Dell Inc.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508128 2016-07-01] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
HKLM\...\Run: [BTMTrayAgent] => C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll [7825720 2014-03-26] (Motorola Solutions Inc. -> Motorola Solutions, Inc.)
HKLM\...\Run: [AdobeGCInvoker-1.0] => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [2872400 2019-10-08] (Adobe Inc. -> Adobe Systems, Incorporated)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [301880 2018-11-15] (Apple Inc. -> Apple Inc.)
HKLM\...\Run: [MRT] => C:\windows\system32\MRT.exe [128443096 2019-11-17] (Microsoft Windows -> Microsoft Corporation)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe [3499896 2014-05-08] (Adobe Systems, Incorporated -> Adobe Systems Inc.)
HKLM-x32\...\Run: [ControlCenter4] => C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe [139776 2014-06-16] (Brother Industries, Ltd.) [File not signed]
HKLM-x32\...\Run: [BrStsMon00] => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [4513792 2014-05-22] (Brother Industries, Ltd.) [File not signed]
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [6260544 2019-12-04] (Dropbox, Inc -> Dropbox, Inc.)
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2409944 2018-01-30] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-688974935-4124263328-645016171-1001\...\Run: [TouchFreeze] => C:\Users\TingTing\AppData\Local\Programs\TouchFreeze\TouchFreeze.exe [40960 2012-07-24] () [File not signed]
HKU\S-1-5-21-688974935-4124263328-645016171-1001\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [25638872 2018-04-23] (Google Inc -> Google)
HKU\S-1-5-21-688974935-4124263328-645016171-1001\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [67384 2018-12-03] (Apple Inc. -> Apple Inc.)
HKU\S-1-5-21-688974935-4124263328-645016171-1001\Sortware\Policies\...\system: [DisableCMD] 0
HKU\S-1-5-21-688974935-4124263328-645016171-1001\...\MountPoints2: D - "D:\setup.exe"
HKU\S-1-5-21-688974935-4124263328-645016171-1001\...\MountPoints2: {22fa2faf-8bde-11e7-82e1-3417eb5914a6} - "E:\LaunchU3.exe" -a
HKU\S-1-5-21-688974935-4124263328-645016171-1001\...\MountPoints2: {61380f82-c0c8-11e4-825d-a08869820531} - "D:\setup.exe"
HKU\S-1-5-21-688974935-4124263328-645016171-1001\...\MountPoints2: {896efc2d-f5b5-11e6-82ce-3417eb5914a6} - "E:\LaunchU3.exe" -a
HKU\S-1-5-18\...\RunOnce: [Application Restart #0] => C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe [372408 2014-11-08] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-18\...\RunOnce: [Application Restart #1] => C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe [372408 2014-11-08] (Microsoft Windows -> Microsoft Corporation)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\79.0.3945.79\Installer\chrmstp.exe [2019-12-15] (Google LLC -> Google LLC)
FF HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
==================== Scheduled Tasks (Whitelisted) ============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {0C038BE4-52C3-41DD-B5BD-51C24D8F8AAA} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-04-06] (Dropbox, Inc -> Dropbox, Inc.)
Task: {0F3E797A-6B3E-46A7-88F6-DC1DE3EEE62A} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1240656 2019-09-10] (Adobe Inc. -> Adobe Systems)
Task: {1732AA69-2928-4EBA-899C-516A81AA3506} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [376496 2014-01-23] (Microsoft Corporation -> Microsoft Corporation)
Task: {2C74E863-9DF3-4A95-A19B-5E21449933D9} - System32\Tasks\Bitdefender Agent WatchDog_65D6944A0EF74FDAB96E31112AD39864 => C:\Program Files\Bitdefender Agent\WatchDog.exe [488760 2019-07-15] (Bitdefender SRL -> Bitdefender)
Task: {5209B56C-211A-48FF-8B16-FA8F7961AB32} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-04-06] (Dropbox, Inc -> Dropbox, Inc.)
Task: {5942E666-3F3C-45DA-8CAB-F1B8D27AB421} - System32\Tasks\Motorola Device Manager Initial Update => C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotorolaDeviceManagerUpdate.exe [272176 2014-10-30] (Motorola Mobility Inc. -> )
Task: {5A4EE116-098D-4AA6-90F8-898F6D260D06} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [616320 2018-01-08] (Apple Inc. -> Apple Inc.)
Task: {5A66E741-8261-43C5-8027-1CB7AD0D4734} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2806512 2014-01-16] (Synaptics Incorporated -> Synaptics Incorporated)
Task: {5CDAD16E-0A7F-4C93-ADF4-C4FA586A4D02} - System32\Tasks\AdobeGCInvoker-1.0 => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [2872400 2019-10-08] (Adobe Inc. -> Adobe Systems, Incorporated)
Task: {6E92995C-D2EA-47AD-9D35-786C57AF3ECF} - System32\Tasks\CLVDLauncher => C:\Program Files (x86)\CyberLink\Power2Go8\CLVDLauncher.exe [340440 2013-03-22] (CyberLink Corp. -> CyberLink Corp.)
Task: {923C2E1C-2FBC-4811-ABDB-BB9D627B412A} - System32\Tasks\Motorola Device Manager Update => C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotorolaDeviceManagerUpdate.exe [272176 2014-10-30] (Motorola Mobility Inc. -> )
Task: {968B3171-F356-4241-8378-8C11069595DD} - System32\Tasks\{F11E54FD-9E0C-40D2-B2BC-C39546927883} => C:\windows\system32\pcalua.exe -a C:\Users\TingTing\AppData\Local\Apps\2.0\JANXRR7K.4JB\BLE8T11W.5R4\dell..tion_831211ca63b981c5_0008.0008_b150a6542eb950c1\Uninstaller.exe -c uninstall
Task: {A15EB976-7A15-4C27-8B8A-79EA7350DA03} - System32\Tasks\AliUpdater{6D476752-FA67-4F7A-AE78-088CF5BD18C8} => C:\Program Files (x86)\AliWangWang\AliTask.exe
Task: {A43D367F-FAEB-41A7-9D5C-27C880684A85} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [107848 2015-02-09] (Google Inc -> Google Inc.)
Task: {A6C80B7D-86D1-46D4-8D79-F36C8AE68999} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [376496 2014-01-23] (Microsoft Corporation -> Microsoft Corporation)
Task: {AEE99547-62D3-471C-AE1E-12C94F8054D8} - System32\Tasks\CLMLSvc_P2G8 => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [110144 2013-03-04] (CyberLink Corp. -> CyberLink)
Task: {BB3B081F-73AD-4AE7-A3B5-55E7C9465B3C} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [335416 2019-12-14] (Adobe Inc. -> Adobe)
Task: {CD9384C4-1501-4AD3-8CF9-DAB04B50AF4F} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\windows\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_303_Plugin.exe [1457720 2019-12-14] (Adobe Inc. -> Adobe)
Task: {EF43AF7F-5E29-457A-BBF5-D18F7D16EC5A} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [1626328 2014-01-23] (Microsoft Corporation -> Microsoft Corporation)
Task: {FCD881F4-F2B4-40F7-A2B8-E9E30E8D3978} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [107848 2015-02-09] (Google Inc -> Google Inc.)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\windows\Tasks\AliUpdater{6D476752-FA67-4F7A-AE78-088CF5BD18C8}.job => C:\Program Files (x86)\AliWangWang\AliTask.exe
Task: C:\windows\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\windows\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Winsock: Catalog5 07 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [122128 2015-08-12] (Apple Inc. -> Apple Inc.)
Winsock: Catalog5-x64 07 C:\Program Files\Bonjour\mdnsNSP.dll [133392 2015-08-12] (Apple Inc. -> Apple Inc.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{1D93A623-DC57-476A-A086-3E85E64CB79D}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{99CDAB89-41AD-4E9D-B019-09A1C00B4DDA}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{99CDAB89-41AD-4E9D-B019-09A1C00B4DDA}: [DhcpNameServer] 192.168.1.1
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617912&ResetID=132023802582494831&GUID=B557F50C-1250-400C-ACD1-A95B3DDA787B
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617912&ResetID=132023802582797841&GUID=B557F50C-1250-400C-ACD1-A95B3DDA787B
HKU\S-1-5-21-688974935-4124263328-645016171-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKLM-x32 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
SearchScopes: HKU\S-1-5-21-688974935-4124263328-645016171-1001 -> {1A95DC8F-4A6D-4938-B715-50B59B516306} URL =
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2019-07-18] (Microsoft Corporation -> Microsoft Corporation)
BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2014-05-08] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2018-05-15] (Microsoft Corporation -> Microsoft Corporation)
BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2014-05-08] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2019-07-18] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2014-05-08] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2018-05-15] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2014-05-08] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2014-05-08] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2014-05-08] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2017-08-15] (Microsoft Corporation -> Microsoft Corporation)
FireFox:
========
FF DefaultProfile: pecg5pgj.default
FF ProfilePath: C:\Users\TingTing\AppData\Roaming\Mozilla\Firefox\Profiles\pecg5pgj.default [2019-12-14]
FF NetworkProxy: Mozilla\Firefox\Profiles\pecg5pgj.default -> autoconfig_url", "data:text/javascript,var%20_http_map%20%3D%20%7B%0A%20%20'white'%3A%20%7B%0A%20%20%20%20'any'%3A%20%5B%5D%0A%20%20%7D%2C%0A%20%20'proxy'%3A%20%7B%0A%20%20%20%20'any'%3A%20%5B%0A%20%20%20%20%20%20%2F%5E%5B%5E%2F%5D*%5C.cupid%5C.iqiyi%5C.com%5C%2F%2Fi%2C%0A%20%20%20%20%20%20%2F%5E%5B%5E%2F%5D*%5C.dpool%5C.sina%5C.com%5C.cn%5C%2Fiplookup%2Fi%0A%20%20%20%20%5D%2C%0A%20%20%20%20'v.youku.com'%3A%20%5B%0A%20%20%20%20%20%20%2F%5E%5C%2Fplayer%5C%2F%2Fi%2C%0A%20%20%20%20%20%20%2F%5E%5C%2Fv_show%5C%2F%2Fi%0A%20%20%20%20%5D%2C%0A%20%20%20%20'api.youku.com'%3A%20%5B%0A%20%20%20%20%20%20%2F%5E%5C%2Fplayer%5C%2F%2Fi%0A%20%20%20%20%5D%2C%0A%20%20%20%20'play.youku.com'%3A%20%5B%0A%20%20%20%20%20%20%2F%5E%5C%2Fplay%5C%2Fget%5C.json%2Fi%0A%20%20%20%20%5D%2C%0A%20%20%20%20'www.tudou.com'%3A%20%5B%0A%20%20%20%20%20%20%2F%5E%5C%2Fa%5C%2F%2Fi%2C%0A%20%20%20%20%20%20%2F%5E%5C%2Fv%5C%2F%2Fi%2C%0A%20%20%20%20%20%20%2F%5E%5C%2Foutplay%5C%2Fgoto%5C%2F%2Fi%2C%0A%20%20%20%20%20%20%2F%5E%5C%2Ftvp%5C%2Falist%5C.action%2Fi%2C%0A%20%20%20%20%20%20%2F%5E%5C%2Fprograms%5C%2Fview%5C%2F%2Fi%2C%0A%20%20%20%20%20%20%2F%5E%5C%2Falbumplay%5C%2F%2Fi%2C%0A%20%20%20%20%20%20%2F%5E%5C%2Flistplay%5C%2F%2Fi%0A%20%20%20%20%5D%2C%0A%20%20%20%20's.plcloud.music.qq.com'%3A%20%5B%0A%20%20%20%20%20%20%2F%5E%5C%2Ffcgi%5C-bin%5C%2Fp%5C.fcg%2Fi%0A%20%20%20%20%5D%2C%0A%20%20%20%20'i.y.qq.com'%3A%20%5B%0A%20%20%20%20%20%20%2F%5E%5C%2Fs%5C.plcloud%5C%2Ffcgi%5C-bin%5C%2Fp%5C.fcg%2Fi%0A%20%20%20%20%5D%2C%0A%20%20%20%20'hot.vrs.sohu.com'%3A%20%5B%0A%20%20%20%20%20%20%2F%5E%5C%2F%2Fi%0A%20%20%20%20%5D%2C%0A%20%20%20%20'live.tv.sohu.com'%3A%20%5B%0A%20%20%20%20%20%20%2F%5E%5C%2Flive%5C%2Fplayer%2Fi%0A%20%20%20%20%5D%2C%0A%20%20%20%20'pad.tv.sohu.com'%3A%20%5B%0A%20%20%20%20%20%20%2F%5E%5C%2Fplayinfo%2Fi%0A%20%20%20%20%5D%2C%0A%20%20%20%20'my.tv.sohu.com'%3A%20%5B%0A%20%20%20%20%20%20%2F%5E%5C%2Fplay%5C%2Fm3u8version%5C.do%2Fi%0A%20%20%20%20%5D%2C%0A%20%20%20%20'hot.vrs.letv.com'%3A%20%5B%0A%20%20%20%20%20%20%2F%5E%5C%2F%2Fi%0A%20%20%20%20%5D%2C%0A%20%20%20%20'api.le.com'%3A%20%5B%0A%20%20%20%20%20%20%2F%5E%5C%2Fmms%5C%2Fout%5C%2Fvideo%5C%2F%2Fi%0A%20%20%20%20%5D%2C%0A%20%20%20%20'data.video.qiyi.com'%3A%20%5B%0A%20%20%20%20%20%20%2F%5E%5C%2Fv%5C.%2Fi%2C%0A%20%20%20%20%20%20%2F%5E%5C%2Fvideos%5C%2F%2Fi%2C%0A%20%20%20%20%20%20%2F%5E%5C%2F.*%5C%2Fvideos%5C%2F%2Fi%0A%20%20%20%20%5D%2C%0A%20%20%20%20'cache.video.qiyi.com'%3A%20%5B%0A%20%20%20%20%20%20%2F%5E%5C%2Fvms%5C%3F%2Fi%2C%0A%20%20%20%20%20%20%2F%5E%5C%2Fvp%5C%2F.*%5C%2F.*%5C%2F%5C%3Fsrc%3D%2Fi%2C%0A%20%20%20%20%20%20%2F%5E%5C%2Fvps%5C%3F%2Fi%2C%0A%20%20%20%20%20%20%2F%5E%5C%2Fliven%5C%2F%2Fi%0A%20%20%20%20%5D%2C%0A%20%20%20%20'cache.vip.qiyi.com'%3A%20%5B%0A%20%20%20%20%20%20%2F%5E%5C%2Fvms%5C%3F%2Fi%0A%20%20%20%20%5D%2C%0A%20%20%20%20'iplocation.geo.qiyi.com'%3A%20%5B%0A%20%20%20%20%20%20%2F%5E%5C%2Fcityjson%2Fi%0A%20%20%20%20%5D%2C%0A%20%20%20%20'v.api.hunantv.com'%3A%20%5B%0A%20%20%20%20%20%20%2F%5E%5C%2Fplayer%5C%2Fvideo%2Fi%0A%20%20%20%20%5D%2C%0A%20%20%20%20'mobile.api.hunantv.com'%3A%20%5B%0A%20%20%20%20%20%20%2F%5E%5C%2Fv5%5C%2Fvideo%5C%2FgetSource%2Fi%0A%20%20%20%20%5D%2C%0A%20%20%20%20'v.api.mgtv.com'%3A%20%5B%0A%20%20%20%20%20%20%2F%5E%5C%2Fplayer%5C%2Fvideo%2Fi%0A%20%20%20%20%5D%2C%0A%20%20%20%20'acc.music.qq.com'%3A%20%5B%0A%20%20%20%20%20%20%2F%5E%5C%2Fbase%5C%2Ffcgi%5C-bin%5C%2Fgetsession%2Fi%0A%20%20%20%20%5D%2C%0A%20%20%20%20'api.appsdk.soku.com'%3A%20%5B%0A%20%20%20%20%20%20%2F%5E%5C%2Fd%5C%2Fs%5C%3Fkeyword%3D%2Fi%2C%0A%20%20%20%20%20%20%2F%5E%5C%2Fu%5C%2Fs%5C%3Fkeyword%3D%2Fi%0A%20%20%20%20%5D%2C%0A%20%20%20%20'app.bilibili.com'%3A%20%5B%0A%20%20%20%20%20%20%2F%5E%5C%2Fbangumi%5C%2Fuser_season_status%5C%3F%2Fi%0A%20%20%20%20%5D%2C%0A%20%20%20%20'bangumi.bilibili.com'%3A%20%5B%0A%20%20%20%20%20%20%2F%5E%5C%2Fapi%5C%2F%2Fi%0A%20%20%20%20%5D%2C%0A%20%20%20%20'122.72.82.31'%3A%20%5B%0A%20%20%20%20%20%20%2F%5E%5C%2F%2Fi%0A%20%20%20%20%5D%2C%0A%20%20%20%20'vv.video.qq.com'%3A%20%5B%0A%20%20%20%20%20%20%2F%5E%5C%2F%2Fi%2C%0A%20%20%20%20%20%20%2F%5E%5C%2Fgetvinfo%2Fi%2C%0A%20%20%20%20%20%20%2F%5E%5C%2Fgetinfo%2Fi%2C%0A%20%20%20%20%20%20%2F%5E%5C%2Fgeturl%2Fi%0A%20%20%20%20%5D%2C%0A%20%20%20%20'tt.video.qq.com'%3A%20%5B%0A%20%20%20%20%20%20%2F%5E%5C%2Fgetvinfo%2Fi%0A%20%20%20%20%5D%2C%0A%20%20%20%20'ice.video.qq.com'%3A%20%5B%0A%20%20%20%20%20%20%2F%5E%5C%2Fgetvinfo%2Fi%0A%20%20%20%20%5D%2C%0A%20%20%20%20'tjsa.video.qq.com'%3A%20%5B%0A%20%20%20%20%20%20%2F%5E%5C%2Fgetvinfo%2Fi%0A%20%20%20%20%5D%2C%0A%20%20%20%20'a10.video.qq.com'%3A%20%5B%0A%20%20%20%20%20%20%2F%5E%5C%2Fgetvinfo%2Fi%0A%20%20%20%20%5D%2C%0A%20%20%20%20'xyy.video.qq.com'%3A%20%5B%0A%20%20%20%20%20%20%2F%5E%5C%2Fgetvinfo%2Fi%0A%20%20%20%20%5D%2C%0A%20%20%20%20'vcq.video.qq.com'%3A%20%5B%0A%20%20%20%20%20%20%2F%5E%5C%2Fgetvinfo%2Fi%0A%20%20%20%20%5D%2C%0A%20%20%20%20'vsh.video.qq.com'%3A%20%5B%0A%20%20%20%20%20%20%2F%5E%5C%2Fgetvinfo%2Fi%0A%20%20%20%20%5D%2C%0A%20%20%20%20'vbj.video.qq.com'%3A%20%5B%0A%20%20%20%20%20%20%2F%5E%5C%2Fgetvinfo%2Fi%0A%20%20%20%20%5D%2C%0A%20%20%20%20'bobo.video.qq.com'%3A%20%5B%0A%20%20%20%20%20%20%2F%5E%5C%2Fgetvinfo%2Fi%0A%20%20%20%20%5D%2C%0A%20%20%20%20'flvs.video.qq.com'%3A%20%5B%0A%20%20%20%20%20%20%2F%5E%5C%2Fgetvinfo%2Fi%0A%20%20%20%20%5D%2C%0A%20%20%20%20'bkvv.video.qq.com'%3A%20%5B%0A%20%20%20%20%20%20%2F%5E%5C%2Fgetvinfo%2Fi%0A%20%20%20%20%5D%2C%0A%20%20%20%20'info.zb.qq.com'%3A%20%5B%0A%20%20%20%20%20%20%2F%5E%5C%2F%5C%3F%2Fi%0A%20%20%20%20%5D%2C%0A%20%20%20%20'info.zb.video.qq.com'%3A%20%5B%0A%20%20%20%20%20%20%2F%5E%5C%2F%5C%3F%2Fi%0A%20%20%20%20%5D%2C%0A%20%20%20%20'qzs.qq.com'%3A%20%5B%0A%20%20%20%20%20%20%2F%5E%5C%2Ftencentvideo_v1%5C%2F%2Fi%0A%20%20%20%20%5D%2C%0A%20%20%20%20'ac.qq.com'%3A%20%5B%0A%20%20%20%20%20%20%2F%5E%5C%2FComic%5C%2FcomicInfo%5C%2Fid%5C%2F%2Fi%2C%0A%20%20%20%20%20%20%2F%5E%5C%2FComicView%5C%2Findex%5C%2Fid%5C%2F%2Fi%2C%0A%20%20%20%20%20%20%2F%5E%5C%2FJump%2Fi%0A%20%20%20%20%5D%2C%0A%20%20%20%20'dispatcher.video.sina.com.cn'%3A%20%5B%0A%20%20%20%20%20%20%2F%5E%5C%2F%2Fi%0A%20%20%20%20%5D%2C%0A%20%20%20%20'geo.js.kankan.xunlei.com'%3A%20%5B%0A%20%20%20%20%20%20%2F%5E%5C%2F%2Fi%0A%20%20%20%20%5D%2C%0A%20%20%20%20'web-play.pptv.com'%3A%20%5B%0A%20%20%20%20%20%20%2F%5E%5C%2F%2Fi%0A%20%20%20%20%5D%2C%0A%20%20%20%20'web-play.pplive.cn'%3A%20%5B%0A%20%20%20%20%20%20%2F%5E%5C%2F%2Fi%0A%20%20%20%20%5D%2C%0A%20%20%20%20'tools.aplusapi.pptv.com'%3A%20%5B%0A%20%20%20%20%20%20%2F%5E%5C%2Fget_ppi%5C%3F%2Fi%0A%20%20%20%20%5D%2C%0A%20%20%20%20'live.pptv.com'%3A%20%5B%0A%20%20%20%20%20%20%2F%5E%5C%2Fapi%5C%2Fsubject_list%5C%3F%2Fi%0A%20%20%20%20%5D%2C%0A%20%20%20%20'dyn.ugc.pps.tv'%3A%20%5B%0A%20%20%20%20%20%20%2F%5E%5C%2F%2Fi%0A%20%20%20%20%5D%2C%0A%20%20%20%20'v.pps.tv'%3A%20%5B%0A%20%20%20%20%20%20%2F%5E%5C%2Fugc%5C%2Fajax%5C%2Faj_html5_url%5C.php%2Fi%0A%20%20%20%20%5D%2C%0A%20%20%20%20'inner.kandian.com'%3A%20%5B%0A%20%20%20%20%20%20%2F%5E%5C%2F%2Fi%0A%20%20%20%20%5D%2C%0A%20%20%20%20'ipservice.163.com'%3A%20%5B%0A%20%20%20%20%20%20%2F%5E%5C%2F%2Fi%0A%20%20%20%20%5D%2C%0A%20%20%20%20'so.open.163.com'%3A%20%5B%0A%20%20%20%20%20%20%2F%5E%5C%2Fopen%5C%2Finfo%5C.htm%2Fi%0A%20%20%20%20%5D%2C%0A%20%20%20%20'zb.s.qq.com'%3A%20%5B%0A%20%20%20%20%20%20%2F%5E%5C%2F%2Fi%0A%20%20%20%20%5D%2C%0A%20%20%20%20'ip.kankan.xunlei.com'%3A%20%5B%0A%20%20%20%20%20%20%2F%5E%5C%2F%2Fi%0A%20%20%20%20%5D%2C%0A%20%20%20%20'vxml.56.com'%3A%20%5B%0A%20%20%20%20%20%20%2F%5E%5C%2Fjson%5C%2F%2Fi%0A%20%20%20%20%5D%2C%0A%20%20%20%20'music.sina.com.cn'%3A%20%5B%0A%20%20%20%20%20%20%2F%5E%5C%2Fyueku%5C%2Fintro%5C%2F%2Fi%2C%0A%20%20%20%20%20%20%2F%5E%5C%2Fradio%5C%2Fport%5C%2FwebFeatureRadioLimitList%5C.php%2Fi%0A%20%20%20%20%5D%2C%0A%20%20%20%20'play.baidu.com'%3A%20%5B%0A%20%20%20%20%20%20%2F%5E%5C%2Fdata%5C%2Fmusic%5C%2Fsonglink%2Fi%0A%20%20%20%20%5D%2C%0A%20%20%20%20'v.iask.com'%3A%20%5B%0A%20%20%20%20%20%20%2F%5E%5C%2Fv_play%5C.php%2Fi%2C%0A%20%20%20%20%20%20%2F%5E%5C%2Fv_play_ipad%5C.cx%5C.php%2Fi%0A%20%20%20%20%5D%2C%0A%20%20%20%20'tv.weibo.com'%3A%20%5B%0A%20%20%20%20%20%20%2F%5E%5C%2Fplayer%5C%2F%2Fi%0A%20%20%20%20%5D%2C%0A%20%20%20%20'wtv.v.iask.com'%3A%20%5B%0A%20%20%20%20%20%20%2F%5E%5C%2F.*%5C.m3u8%2Fi%2C%0A%20%20%20%20%20%20%2F%5E%5C%2Fmcdn%5C.php%24%2Fi%2C%0A%20%20%20%20%20%20%2F%5E%5C%2Fplayer%5C%2Fovs1_idc_list%5C.php%2Fi%0A%20%20%20%20%5D%2C%0A%20%20%20%20'video.sina.com.cn'%3A%20%5B%0A%20%20%20%20%20%20%2F%5E%5C%2Finterface%5C%2Fl%5C%2Fu%5C%2FgetFocusStatus%5C.php%2Fi%0A%20%20%20%20%5D%2C%0A%20%20%20%20'www.yinyuetai.com'%3A%20%5B%0A%20%20%20%20%20%20%2F%5E%5C%2Finsite%5C%2F%2Fi%2C%0A%20%20%20%20%20%20%2F%5E%5C%2Fmain%5C%2Fget%5C-%2Fi%0A%20%20%20%20%5D%2C%0A%20%20%20%20'www.xiami.com'%3A%20%5B%0A%20%20%20%20%20%20%2F%5E%5C%2Fplay%5C%3F%2Fi%0A%20%20%20%20%5D%2C%0A%20%20%20%20'www.kugou.com'%3A%20%5B%0A%20%20%20%20%20%20%2F%5E%5C%2Finterface%5C%2Fgeoip%5C%2Fcheckip%5C.php%24%2Fi%0A%20%20%20%20%5D%2C%0A%20%20%20%20'www.kuwo.cn'%3A%20%5B%0A%20%20%20%20%20%20%2F%5E%5C%2Fyy%5C%2FPlayCheckIp%5C%3Fcallback%3DcheckIpCallback%26_%3D%2Fi%0A%20%20%20%20%5D%2C%0A%20%20%20%20'antiserver.kuwo.cn'%3A%20%5B%0A%20%20%20%20%20%20%2F%5E%5C%2Fanti%5C.s%5C%3F%2Fi%0A%20%20%20%20%5D%2C%0A%20%20%20%20'api.letv.com'%3A%20%5B%0A%20%20%20%20%20%20%2F%5E%5C%2Fstreamblock%2Fi%2C%0A%20%20%20%20%20%20%2F%5E%5C%2Fmms%5C%2Fout%5C%2Fvideo%5C%2Fplay%2Fi%2C%0A%20%20%20%20%20%20%2F%5E%5C%2Fmms%5C%2Fout%5C%2Fcommon%5C%2Fgeturl%2Fi%2C%0A%20%20%20%20%20%20%2F%5E%5C%2Fgeturl%2Fi%2C%0A%20%20%20%20%20%20%2F%5E%5C%2Fapi%5C%2Fgeturl%2Fi%0A%20%20%20%20%5D%2C%0A%20%20%20%20'api.www.letv.com'%3A%20%5B%0A%20%20%20%20%20%20%2F%5E%5C%2Fmms%5C%2Fout%5C%2Fvideo%5C%2FplayJson%5C%3F%2Fi%0A%20%20%20%20%5D%2C%0A%20%20%20%20'st.live.letv.com'%3A%20%5B%0A%20%20%20%20%20%20%2F%5E%5C%2Flive%5C%2F%2Fi%0A%20%20%20%20%5D%2C%0A%20%20%20%20'live.gslb.letv.com'%3A%20%5B%0A%20%20%20%20%20%20%2F%5E%5C%2Fgslb%5C%3F%2Fi%0A%20%20%20%20%5D%2C%0A%20%20%20%20'live.g3proxy.lecloud.com'%3A%20%5B%0A%20%20%20%20%20%20%2F%5E%5C%2Fgslb%5C%3F%2Fi%0A%20%20%20%20%5D%2C%0A%20%20%20%20'api.live.letv.com'%3A%20%5B%0A%20%20%20%20%20%20%2F%5E%5C%2Fcrossdomain%5C.xml%24%2Fi%0A%20%20%20%20%5D%2C%0A%20%20%20%20'static.itv.letv.com'%3A%20%5B%0A%20%20%20%20%20%20%2F%5E%5C%2Fapi%2Fi%0A%20%20%20%20%5D%2C%0A%20%20%20%20'ip.apps.cntv.cn'%3A%20%5B%0A%20%20%20%20%20%20%2F%5E%5C%2Fjs%5C%2Fplayer%5C.do%2Fi%0A%20%20%20%20%5D%2C%0A%20%20%20%20'vdn.apps.cntv.cn'%3A%20%5B%0A%20%20%20%20%20%20%2F%5E%5C%2Fapi%5C%2Fget%2Fi%0A%20%20%20%20%5D%2C%0A%20%20%20%20'vdn.live.cntv.cn'%3A%20%5B%0A%20%20%20%20%20%20%2F%5E%5C%2Fapi2%5C%2FliveHtml5%5C.do%5C%3Fchannel%3Dpa%3A%5C%2F%5C%2Fcctv_p2p_hdcctv5%2Fi%2C%0A%20%20%20%20%20%20%2F%5E%5C%2Fapi2%5C%2FliveHtml5%5C.do%5C%3Fchannel%3Dpa%3A%5C%2F%5C%2Fcctv_p2p_hdcctv6%2Fi%2C%0A%20%20%20%20%20%20%2F%5E%5C%2Fapi2%5C%2FliveHtml5%5C.do%5C%3Fchannel%3Dpa%3A%5C%2F%5C%2Fcctv_p2p_hdcctv8%2Fi%2C%0A%20%20%20%20%20%20%2F%5E%5C%2Fapi2%5C%2FliveHtml5%5C.do%5C%3Fchannel%3Dpa%3A%5C%2F%5C%2Fcctv_p2p_hdbtv6%2Fi%0A%20%20%20%20%5D%2C%0A%20%20%20%20'vip.sports.cntv.cn'%3A%20%5B%0A%20%20%20%20%20%20%2F%5E%5C%2Fcheck%5C.do%2Fi%2C%0A%20%20%20%20%20%20%2F%5E%5C%2Fplay%5C.do%2Fi%2C%0A%20%20%20%20%20%20%2F%5E%5C%2Fservlets%5C%2Fencryptvideopath%5C.do%2Fi%0A%20%20%20%20%5D%2C%0A%20%20%20%20'211.151.157.15'%3A%20%5B%0A%20%20%20%20%20%20%2F%5E%5C%2F%2Fi%0A%20%20%20%20%5D%2C%0A%20%20%20%20'www.youku.com'%3A%20%5B%0A%20%20%20%20%20%20%2F%5E%5C%2Fshow_page%5C%2F%2Fi%0A%20%20%20%20%5D%2C%0A%20%20%20%20'www.soku.com'%3A%20%5B%0A%20%20%20%20%20%20%2F%5E%5C%2Fsearch_video%5C%2F%2Fi%0A%20%20%20%20%5D%2C%0A%20%20%20%20'douban.fm'%3A%20%5B%0A%20%20%20%20%20%20%2F%5E%5C%2F%2Fi%0A%20%20%20%20%5D%2C%0A%20%20%20%20'lixian.xunlei.com'%3A%20%5B%0A%20%20%20%20%20%20%2F%5E%5C%2F%2Fi%0A%20%20%20%20%5D%2C%0A%20%20%20%20'lixian.vip.xunlei.com'%3A%20%5B%0A%20%20%20%20%20%20%2F%5E%5C%2F%2Fi%0A%20%20%20%20%5D%2C%0A%20%20%20%20'dynamic.cloud.vip.xunlei.com'%3A%20%5B%0A%20%20%20%20%20%20%2F%5E%5C%2F%2Fi%0A%20%20%20%20%5D%2C%0A%20%20%20%20'cloud.vip.xunlei.com'%3A%20%5B%0A%20%20%20%20%20%20%2F%5E%5C%2F%2Fi%0A%20%20%20%20%5D%2C%0A%20%20%20%20'www.iqiyi.com'%3A%20%5B%0A%20%20%20%20%20%20%2F%5E%5C%2Fdongman%5C%2F%24%2Fi%0A%20%20%20%20%5D%2C%0A%20%20%20%20'36.110.222.105'%3A%20%5B%0A%20%20%20%20%20%20%2F%5E%5C%2F%2Fi%0A%20%20%20%20%5D%2C%0A%20%20%20%20'36.110.222.119'%3A%20%5B%0A%20%20%20%20%20%20%2F%5E%5C%2F%2Fi%0A%20%20%20%20%5D%2C%0A%20%20%20%20'36.110.222.146'%3A%20%5B%0A%20%20%20%20%20%20%2F%5E%5C%2F%2Fi%0A%20%20%20%20%5D%2C%0A%20%20%20%20'36.110.222.156'%3A%20%5B%0A%20%20%20%20%20%20%2F%5E%5C%2F%2Fi%0A%20%20%20%20%5D%2C%0A%20%20%20%20'123.125.89.6'%3A%20%5B%0A%20%20%20%20%20%20%2F%5E%5C%2F%2Fi%0A%20%20%20%20%5D%2C%0A%20%20%20%20'123.125.89.101'%3A%20%5B%0A%20%20%20%20%20%20%2F%5E%5C%2F%2Fi%0A%20%20%20%20%5D%2C%0A%20%20%20%20'123.125.89.102'%3A%20%5B%0A%20%20%20%20%20%20%2F%5E%5C%2F%2Fi%0A%20%20%20%20%5D%2C%0A%20%20%20%20'123.125.89.103'%3A%20%5B%0A%20%20%20%20%20%20%2F%5E%5C%2F%2Fi%0A%20%20%20%20%5D%2C%0A%20%20%20%20'123.125.89.157'%3A%20%5B%0A%20%20%20%20%20%20%2F%5E%5C%2F%2Fi%0A%20%20%20%20%5D%2C%0A%20%20%20%20'123.125.89.159'%3A%20%5B%0A%20%20%20%20%20%20%2F%5E%5C%2F%2Fi%0A%20%20%20%20%5D%2C%0A%20%20%20%20'123.126.32.134'%3A%20%5B%0A%20%20%20%20%20%20%2F%5E%5C%2F%2Fi%0A%20%20%20%20%5D%2C%0A%20%20%20%20'123.59.122.75'%3A%20%5B%0A%20%20%20%20%20%20%2F%5E%5C%2F%2Fi%0A%20%20%20%20%5D%2C%0A%20%20%20%20'123.59.122.76'%3A%20%5B%0A%20%20%20%20%20%20%2F%5E%5C%2F%2Fi%0A%20%20%20%20%5D%2C%0A%20%20%20%20'123.59.122.77'%3A%20%5B%0A%20%20%20%20%20%20%2F%5E%5C%2F%2Fi%0A%20%20%20%20%5D%2C%0A%20%20%20%20'123.59.122.104'%3A%20%5B%0A%20%20%20%20%20%20%2F%5E%5C%2F%2Fi%0A%20%20%20%20%5D%2C%0A%20%20%20%20'111.206.208.36'%3A%20%5B%0A%20%20%20%20%20%20%2F%5E%5C%2F%2Fi%0A%20%20%20%20%5D%2C%0A%20%20%20%20'111.206.208.37'%3A%20%5B%0A%20%20%20%20%20%20%2F%5E%5C%2F%2Fi%0A%20%20%20%20%5D%2C%0A%20%20%20%20'111.206.208.38'%3A%20%5B%0A%20%20%20%20%20%20%2F%5E%5C%2F%2Fi%0A%20%20%20%20%5D%2C%0A%20%20%20%20'111.206.208.61'%3A%20%5B%0A%20%20%20%20%20%20%2F%5E%5C%2F%2Fi%0A%20%20%20%20%5D%2C%0A%20%20%20%20'111.206.208.62'%3A%20%5B%0A%20%20%20%20%20%20%2F%5E%5C%2F%2Fi%0A%20%20%20%20%5D%2C%0A%20%20%20%20'111.206.208.163'%3A%20%5B%0A%20%20%20%20%20%20%2F%5E%5C%2F%2Fi%0A%20%20%20%20%5D%2C%0A%20%20%20%20'111.206.208.164'%3A%20%5B%0A%20%20%20%20%20%20%2F%5E%5C%2F%2Fi%0A%20%20%20%20%5D%2C%0A%20%20%20%20'111.206.208.166'%3A%20%5B%0A%20%20%20%20%20%20%2F%5E%5C%2F%2Fi%0A%20%20%20%20%5D%2C%0A%20%20%20%20'111.206.211.145'%3A%20%5B%0A%20%20%20%20%20%20%2F%5E%5C%2F%2Fi%0A%20%20%20%20%5D%2C%0A%20%20%20%20'111.206.211.146'%3A%20%5B%0A%20%20%20%20%20%20%2F%5E%5C%2F%2Fi%0A%20%20%20%20%5D%2C%0A%20%20%20%20'111.206.211.147'%3A%20%5B%0A%20%20%20%20%20%20%2F%5E%5C%2F%2Fi%0A%20%20%20%20%5D%2C%0A%20%20%20%20'111.206.211.148'%3A%20%5B%0A%20%20%20%20%20%20%2F%5E%5C%2F%2Fi%0A%20%20%20%20%5D%2C%0A%20%20%20%20'111.206.211.129'%3A%20%5B%0A%20%20%20%20%20%20%2F%5E%5C%2F%2Fi%0A%20%20%20%20%5D%2C%0A%20%20%20%20'111.206.211.130'%3A%20%5B%0A%20%20%20%20%20%20%2F%5E%5C%2F%2Fi%0A%20%20%20%20%5D%2C%0A%20%20%20%20'111.206.211.131'%3A%20%5B%0A%20%20%20%20%20%20%2F%5E%5C%2F%2Fi%0A%20%20%20%20%5D%2C%0A%20%20%20%20'220.181.153.113'%3A%20%5B%0A%20%20%20%20%20%20%2F%5E%5C%2F%2Fi%0A%20%20%20%20%5D%2C%0A%20%20%20%20'14.152.77.32'%3A%20%5B%0A%20%20%20%20%20%20%2F%5E%5C%2F%2Fi%0A%20%20%20%20%5D%2C%0A%20%20%20%20'14.152.77.26'%3A%20%5B%0A%20%20%20%20%20%20%2F%5E%5C%2F%2Fi%0A%20%20%20%20%5D%2C%0A%20%20%20%20'14.152.77.25'%3A%20%5B%0A%20%20%20%20%20%20%2F%5E%5C%2F%2Fi%0A%20%20%20%20%5D%2C%0A%20%20%20%20'14.152.77.22'%3A%20%5B%0A%20%20%20%20%20%20%2F%5E%5C%2F%2Fi%0A%20%20%20%20%5D%2C%0A%20%20%20%20'183.232.229.22'%3A%20%5B%0A%20%20%20%20%20%20%2F%5E%5C%2F%2Fi%0A%20%20%20%20%5D%2C%0A%20%20%20%20'183.232.229.21'%3A%20%5B%0A%20%20%20%20%20%20%2F%5E%5C%2F%2Fi%0A%20%20%20%20%5D%2C%0A%20%20%20%20'183.232.229.25'%3A%20%5B%0A%20%20%20%20%20%20%2F%5E%5C%2F%2Fi%0A%20%20%20%20%5D%2C%0A%20%20%20%20'183.232.229.32'%3A%20%5B%0A%20%20%20%20%20%20%2F%5E%5C%2F%2Fi%0A%20%20%20%20%5D%2C%0A%20%20%20%20'115.182.200.51'%3A%20%5B%0A%20%20%20%20%20%20%2F%5E%5C%2F%2Fi%0A%20%20%20%20%5D%2C%0A%20%20%20%20'115.182.200.50'%3A%20%5B%0A%20%20%20%20%20%20%2F%5E%5C%2F%2Fi%0A%20%20%20%20%5D%2C%0A%20%20%20%20'115.182.200.54'%3A%20%5B%0A%20%20%20%20%20%20%2F%5E%5C%2F%2Fi%0A%20%20%20%20%5D%2C%0A%20%20%20%20'115.182.200.53'%3A%20%5B%0A%20%20%20%20%20%20%2F%5E%5C%2F%2Fi%0A%20%20%20%20%5D%2C%0A%20%20%20%20'115.182.200.52'%3A%20%5B%0A%20%20%20%20%20%20%2F%5E%5C%2F%2Fi%0A%20%20%20%20%5D%2C%0A%20%20%20%20'115.182.63.51'%3A%20%5B%0A%20%20%20%20%20%20%2F%5E%5C%2F%2Fi%0A%20%20%20%20%5D%2C%0A%20%20%20%20'115.182.63.93'%3A%20%5B%0A%20%20%20%20%20%20%2F%5E%5C%2F%2Fi%0A%20%20%20%20%5D%2C%0A%20%20%20%20'pay.youku.com'%3A%20%5B%0A%20%20%20%20%20%20%2F%5E%5C%2Fbuy%5C%2Fredirect%5C.html%2Fi%0A%20%20%20%20%5D%2C%0A%20%20%20%20'pay.tudou.com'%3A%20%5B%0A%20%20%20%20%20%20%2F%5E%5C%2Fbuy%5C%2Fredirect%5C.html%2Fi%0A%20%20%20%20%5D%2C%0A%20%20%20%20'aid.video.qq.com'%3A%20%5B%0A%20%20%20%20%20%20%2F%5E%5C%2Ffcgi%5C-bin%5C%2Fuserip%5C%3F%2Fi%0A%20%20%20%20%5D%2C%0A%20%20%20%20'aidbak.video.qq.com'%3A%20%5B%0A%20%20%20%20%20%20%2F%5E%5C%2Ffcgi%5C-bin%5C%2Fuserip%5C%3F%2Fi%0A%20%20%20%20%5D%2C%0A%20%20%20%20'pay.video.qq.com'%3A%20%5B%0A%20%20%20%20%20%20%2F%5E%5C%2Ffcgi%5C-bin%5C%2Fpaylimit%2Fi%0A%20%20%20%20%5D%2C%0A%20%20%20%20'paybak.video.qq.com'%3A%20%5B%0A%20%20%20%20%20%20%2F%5E%5C%2Ffcgi%5C-bin%5C%2Fpaylimit%2Fi%0A%20%20%20%20%5D%2C%0A%20%20%20%20'chrome.2345.com'%3A%20%5B%0A%20%20%20%20%20%20%2F%5E%5C%2Fdianhua%5C%2Findex%5C.php%5C%3Fm%3Dcall%26f%3Dcheck%26%2Fi%0A%20%20%20%20%5D%0A%20%20%7D%0A%7D%3B%0Avar%20_https_map%20%3D%20%7B%0A%20%20'white'%3A%20%7B%0A%20%20%20%20'any'%3A%20%5B%5D%0A%20%20%7D%2C%0A%20%20'proxy'%3A%20%7B%0A%20%20%20%20'any'%3A%20%5B%5D%0A%20%20%7D%0A%7D%3B%0Avar%20_proxy_str%20%3D%20'HTTPS%20secure.uku.im%3A993%3B%20HTTPS%20proxy.mainland.io%3A993%3B%20DIRECT%3B'%3B%0A%0Afunction%20_check_regex_list(regex_list%2C%20str)%20%7B%0A%20%20var%20i%3B%0A%20%20for%20(i%20%3D%200%3B%20i%20%3C%20regex_list.length%3B%20i%2B%2B)%0A%20%20%20%20if%20(regex_list%5Bi%5D.test(str))%0A%20%20%20%20%20%20return%20true%3B%0A%20%20return%20false%3B%0A%7D%0A%0Afunction%20_check_patterns(patterns%2C%20hostname%2C%20full_url%2C%20prot_len)%20%7B%0A%20%20if%20(patterns.hasOwnProperty(hostname))%0A%20%20%20%20if%20(_check_regex_list(patterns%5Bhostname%5D%2C%0A%20%20%20%20%20%20%20%20full_url.slice(prot_len%20%2B%20hostname.length)))%0A%20%20%20%20%20%20return%20true%3B%0A%20%20if%20(_check_regex_list(patterns.any%2C%0A%20%20%20%20%20%20full_url.slice(prot_len)))%0A%20%20%20%20return%20true%3B%0A%20%20return%20false%3B%0A%7D%0A%0Afunction%20_find_proxy(url_map%2C%20host%2C%20url%2C%20prot_len)%20%7B%0A%20%20if%20(_check_patterns(url_map.white%2C%20host%2C%20url%2C%20prot_len))%0A%20%20%20%20%20%20return%20'DIRECT'%3B%0A%20%20if%20(_check_patterns(url_map.proxy%2C%20host%2C%20url%2C%20prot_len))%0A%20%20%20%20return%20_proxy_str%3B%0A%20%20return%20'DIRECT'%3B%0A%7D%0A%0Afunction%20FindProxyForURL(url%2C%20host)%20%7B%0A%20%20var%20prot%20%3D%20url.slice(0%2C%206)%3B%0A%20%20if%20(prot%20%3D%3D%3D%20'http%3A%2F')%0A%20%20%20%20return%20_find_proxy(_http_map%2C%20host%2C%20url%2C%207)%3B%0A%20%20else%20if%20(prot%20%3D%3D%3D%20'https%3A')%0A%20%20%20%20return%20_find_proxy(_https_map%2C%20host%2C%20url%2C%208)%3B%0A%20%20return%20'DIRECT'%3B%0A%7D%0A"
FF Extension: (Unblock Youku) - C:\Users\TingTing\AppData\Roaming\Mozilla\Firefox\Profiles\pecg5pgj.default\Extensions\
[email protected] [2016-03-08] [Legacy]
FF Extension: (Search Manager) - C:\Users\TingTing\AppData\Roaming\Mozilla\Firefox\Profiles\pecg5pgj.default\Extensions\{24436206-088d-4a1a-8d0e-cf93ca7a2d23} [2019-12-14] [hxxps://qupotomu.com/update?x=restype=ffjson]
FF Extension: (Adblock Plus) - C:\Users\TingTing\AppData\Roaming\Mozilla\Firefox\Profiles\pecg5pgj.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2017-06-12] [Legacy]
FF HKLM-x32\...\Firefox\Extensions: [
[email protected]] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: (Adobe Acrobat - Create PDF) - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn [2015-06-25] [Legacy] [not signed]
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_32_0_0_303.dll [2019-12-14] (Adobe Inc. -> )
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2018-01-30] (Adobe Systems Incorporated -> Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_32_0_0_303.dll [2019-12-14] (Adobe Inc. -> )
FF Plugin-x32: @alibaba.com/npwangwang;version=1.0 -> C:\Program Files (x86)\AliWangWang\8.60.00C\npwangwang.dll [No File]
FF Plugin-x32: @alipay.com/NPComBrg701,version=1.0.2011.701 -> C:\windows\system32\itruscert\NPComBrg701.dll [No File]
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-12-18] (Intel® Identity Protection Technology Software -> Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-12-18] (Intel® Identity Protection Technology Software -> Intel Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2016-07-19] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-22] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.35.422\npGoogleUpdate3.dll [2019-12-14] (Google LLC -> Google LLC)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.35.422\npGoogleUpdate3.dll [2019-12-14] (Google LLC -> Google LLC)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll [2014-05-08] (Adobe Systems, Incorporated -> Adobe Systems Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2019-12-02] (Adobe Inc. -> Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2018-01-30] (Adobe Systems Incorporated -> Adobe Systems)
FF Plugin HKU\S-1-5-21-688974935-4124263328-645016171-1001: @alibaba.com/npAliSSOLogin;version=1.0 -> C:\Program Files (x86)\AliWangWang\8.60.00C\npAliSSOLogin.dll [No File]
FF Plugin HKU\S-1-5-21-688974935-4124263328-645016171-1001: @alibaba.com/npwangwang;version=1.0 -> C:\Program Files (x86)\AliWangWang\8.60.00C\npwangwang.dll [No File]
FF Plugin HKU\S-1-5-21-688974935-4124263328-645016171-1001: @citrixonline.com/appdetectorplugin -> C:\Users\TingTing\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2015-03-25] (Citrix Online -> Citrix Online)
Chrome:
=======
CHR DefaultProfile: Default
CHR DefaultSearchURL: Default -> hxxp://www.google.com/search?q={searchTerms}
CHR DefaultSearchKeyword: Default -> google.com_
CHR Notifications: Default -> hxxps://voice.google.com
CHR Profile: C:\Users\TingTing\AppData\Local\Google\Chrome\User Data\Default [2019-12-15]
CHR Extension: (Google Drive) - C:\Users\TingTing\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2019-12-15]
CHR Extension: (Google Docs Offline) - C:\Users\TingTing\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-08-19]
CHR Extension: (AdBlock — best ad blocker) - C:\Users\TingTing\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2019-12-15]
CHR Extension: (Sketchpad) - C:\Users\TingTing\AppData\Local\Google\Chrome\User Data\Default\Extensions\lkllajgbhondgjjnhmmgbjndmogapinp [2015-12-27]
CHR Extension: (InspirARTion - Sketch & Draw!) - C:\Users\TingTing\AppData\Local\Google\Chrome\User Data\Default\Extensions\nhbmpilemgmpbdaniehhmodkkppkelec [2015-12-27]
CHR Extension: (Chrome Web Store Payments) - C:\Users\TingTing\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2019-10-13]
CHR Extension: (Hola - Unlimited Proxy VPN) - C:\Users\TingTing\AppData\Local\Google\Chrome\User Data\Default\Extensions\opalpjjboefohnelaemnhdhlceibbcgl [2016-04-10]
CHR Extension: (Unblock Youku) - C:\Users\TingTing\AppData\Local\Google\Chrome\User Data\Default\Extensions\pdnfnkhpgegpcingjbfihlkjeighnddk [2019-06-02]
CHR Extension: (Chrome Media Router) - C:\Users\TingTing\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-12-15]
CHR HKU\S-1-5-21-688974935-4124263328-645016171-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\TingTing\AppData\Local\Google\Drive\user_default\apdfllckaahabafndbhieahigkjlhalf_live.crx [2016-04-06]
CHR HKU\S-1-5-21-688974935-4124263328-645016171-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCChromeExtn\WCChromeExtn.crx [2014-05-08]
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx <not found>
==================== Services (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [818136 2018-01-30] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
R2 AGMService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe [3147344 2019-10-08] (Adobe Inc. -> Adobe Systems, Incorporated)
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2914896 2019-10-08] (Adobe Inc. -> Adobe Systems, Incorporated)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [85304 2018-10-16] (Apple Inc. -> Apple Inc.)
R2 bdredline; C:\Program Files\Bitdefender Antivirus Free\bdredline.exe [2500144 2019-03-27] (Bitdefender SRL -> Bitdefender)
S3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [282112 2013-09-25] (Brother Industries, Ltd.) [File not signed]
S2 CLKMSVC10_99E320F5; C:\Program Files (x86)\CyberLink\PowerDVD12\Common\NavFilter\kmsvc.exe [243464 2013-08-06] (CyberLink Corp. -> CyberLink)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-04-06] (Dropbox, Inc -> Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-04-06] (Dropbox, Inc -> Dropbox, Inc.)
R2 DbxSvc; C:\windows\system32\DbxSvc.exe [51024 2019-12-04] (Dropbox, Inc -> Dropbox, Inc.)
S2 DellDataVault; C:\Program Files\Dell\DellDataVault\DellDataVault.exe [2574168 2015-09-11] (Techporch Incorporated -> Dell Inc.)
R2 igfxCUIService1.0.0.0; C:\windows\system32\igfxCUIService.exe [282096 2014-03-11] (Intel Corporation - Software and Firmware Products -> Intel Corporation)
R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel® Trusted Connect Service -> Intel® Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-12-18] (Intel Corporation - Intel® Management Engine Firmware -> Intel Corporation)
R2 Motorola Device Manager; C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe [137528 2014-04-08] (Motorola Mobility Inc. -> Motorola Mobility LLC)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [268192 2015-03-19] (Intel Corporation-Wireless Connectivity Solutions -> )
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2121736 2017-01-29] (Electronic Arts, Inc. -> Electronic Arts)
S2 Origin Web Helper Service; C:\Program Files (x86)\Origin\OriginWebHelperService.exe [2183696 2017-01-29] (Electronic Arts, Inc. -> Electronic Arts)
R2 ProductAgentService; C:\Program Files\Bitdefender Agent\ProductAgentService.exe [1291888 2019-07-15] (Bitdefender SRL -> Bitdefender)
R2 PST Service; C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe [65657 2011-09-02] (Motorola) [File not signed]
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [253776 2013-07-29] (CyberLink Corp. -> CyberLink)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [290520 2014-01-08] (Realtek Semiconductor Corp -> Realtek Semiconductor)
R2 SamsungUPDUtilSvc; C:\windows\SysWOW64\SecUPDUtilSvc.exe [143664 2015-11-24] (Samsung Electronics CO., LTD. -> )
R2 SftService; C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe [1915408 2013-10-17] (Dell Inc. -> SoftThinks SAS)
R2 updatesrv; C:\Program Files\Bitdefender Antivirus Free\updatesrv.exe [238376 2019-11-22] (Bitdefender SRL -> Bitdefender)
R2 vsserv; C:\Program Files\Bitdefender Antivirus Free\vsserv.exe [238376 2019-11-22] (Bitdefender SRL -> Bitdefender)
R2 vsservppl; C:\Program Files\Bitdefender Antivirus Free\vsservppl.exe [238376 2019-11-22] (Bitdefender SRL -> Bitdefender)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [361824 2017-01-12] (Microsoft Corporation -> Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [119872 2017-01-12] (Microsoft Corporation -> Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3820960 2015-03-19] (Intel Corporation-Wireless Connectivity Solutions -> Intel® Corporation)
S2 Service KMSELDI; C:\Program Files\KMSpico\Service_KMS.exe [X]
S2 TBSecSvc; "C:\Program Files (x86)\TaobaoProtect\TBSecSvc.exe" [X]
S2 wwbizsrv; "C:\Program Files (x86)\Alibaba\wwbizsrv\wwbizsrv.exe" [X]
===================== Drivers (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 amdiommu; C:\windows\System32\drivers\amdkiomd.sys [76800 2014-01-10] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
R0 amdkmpfd; C:\windows\System32\drivers\amdkmpfd.sys [36608 2013-12-12] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
R1 atc; C:\windows\System32\DRIVERS\atc.sys [1693368 2019-09-23] (Bitdefender SRL -> Bitdefender S.R.L. Bucharest, ROMANIA)
S3 bcmfn2; C:\windows\System32\drivers\bcmfn2.sys [17624 2013-08-12] (Broadcom Corporation -> Windows ® Win 7 DDK provider)
R2 BdDci; C:\windows\system32\DRIVERS\bddci.sys [739024 2019-11-13] (Bitdefender SRL -> Bitdefender)
S0 bdelam; C:\windows\System32\drivers\bdelam.sys [22960 2019-03-20] (Microsoft Windows Early Launch Anti-malware Publisher -> Bitdefender)
R3 btmaux; C:\windows\system32\DRIVERS\btmaux.sys [140600 2014-03-26] (Motorola Solutions Inc. -> Motorola Solutions, Inc.)
S3 btmhsf; C:\windows\system32\DRIVERS\btmhsf.sys [1424184 2014-04-22] (Motorola Solutions Inc. -> Motorola Solutions, Inc.)
S3 DDDriver; C:\windows\system32\drivers\DDDriver64Dcsa.sys [23760 2015-02-26] (Techporch Incorporated -> Dell Computer Corporation)
S3 DellProf; C:\windows\system32\drivers\DellProf.sys [24240 2015-05-22] (Techporch Incorporated -> Dell Computer Corporation)
R3 DellRbtn; C:\windows\System32\drivers\DellRbtn.sys [10752 2013-01-24] (Microsoft Windows Hardware Compatibility Publisher -> OSR Open Systems Resources, Inc.)
R3 edrsensor; C:\windows\System32\DRIVERS\edrsensor.sys [309144 2019-10-30] (Bitdefender SRL -> BitDefender S.R.L. Bucharest, ROMANIA)
R1 Gemma; C:\windows\System32\DRIVERS\gemma.sys [564136 2019-11-18] (Bitdefender SRL -> BitDefender S.R.L. Bucharest, ROMANIA)
R0 gzflt; C:\windows\System32\drivers\gzflt.sys [188384 2018-11-28] (Bitdefender SRL -> BitDefender LLC)
R3 iaLPSS_GPIO; C:\windows\System32\drivers\iaLPSS_GPIO.sys [24568 2013-10-03] (Intel Corporation - Software and Firmware Products -> Intel Corporation)
R3 iaLPSS_I2C; C:\windows\System32\drivers\iaLPSS_I2C.sys [99320 2013-10-03] (Intel Corporation - Software and Firmware Products -> Intel Corporation)
S3 ibtusb; C:\windows\system32\DRIVERS\ibtusb.sys [199624 2014-06-06] (Intel Corporation-Mobile Wireless Group -> Intel Corporation)
R3 MEIx64; C:\windows\System32\drivers\TeeDriverx64.sys [100824 2013-12-18] (Intel Corporation - Intel® Management Engine Firmware -> Intel Corporation)
S3 Netaapl; C:\windows\system32\DRIVERS\netaapl64.sys [23040 2014-08-15] (Microsoft Windows Hardware Compatibility Publisher -> Apple Inc.)
R3 NETwNb64; C:\windows\system32\DRIVERS\Netwbw02.sys [3497240 2015-03-23] (Intel Corporation-Wireless Connectivity Solutions -> Intel Corporation)
S3 NETwNe64; C:\windows\system32\DRIVERS\NETwew02.sys [3667424 2013-10-14] (Intel Corporation-Mobile Wireless Group -> Intel Corporation)
R3 SynRMIHID; C:\windows\system32\DRIVERS\SynRMIHID.sys [41200 2014-01-16] (Synaptics Incorporated -> Synaptics Incorporated)
R3 tap0901; C:\windows\system32\DRIVERS\tap0901.sys [40664 2013-08-22] (OpenVPN Technologies, Inc. -> The OpenVPN Project)
R2 trufos; C:\windows\System32\drivers\trufos.sys [637112 2019-10-22] (Bitdefender SRL -> Bitdefender)
S3 USBAAPL64; C:\windows\System32\Drivers\usbaapl64.sys [54784 2015-11-05] (Microsoft Windows Hardware Compatibility Publisher -> Apple, Inc.)
S3 WdBoot; C:\windows\system32\drivers\WdBoot.sys [46600 2017-02-10] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\windows\system32\drivers\WdFilter.sys [274776 2017-01-12] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\windows\System32\Drivers\WdNisDrv.sys [117592 2017-01-12] (Microsoft Windows -> Microsoft Corporation)
S3 WinDivert1.1; C:\Program Files\KMSpico\WinDivert.sys [35376 2015-03-05] (Nemea Mjukvaruutveckling AB -> Basil Projects)
S3 andnetadb; \SystemRoot\System32\Drivers\lgandnetadb.sys [X]
S3 dbx; system32\DRIVERS\dbx.sys [X]
S1 noerefua; \??\C:\windows\system32\drivers\noerefua.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One month (created) ===================
(If an entry is included in the fixlist, the file/folder will be moved.)
2019-12-15 14:04 - 2019-12-15 14:36 - 000058392 _____ C:\Users\TingTing\Downloads\FRST.txt
2019-12-15 14:01 - 2019-12-15 14:31 - 000000000 ____D C:\FRST
2019-12-15 14:00 - 2019-12-15 14:00 - 002264064 _____ (Farbar) C:\Users\TingTing\Downloads\FRST64.exe
2019-12-15 13:01 - 2019-12-15 13:01 - 000075180 _____ C:\ProgramData\agent.update.1576432854.bdinstall.v2.bin
2019-12-15 01:37 - 2019-12-15 01:37 - 000000000 ____D C:\ProgramData\dbg
2019-12-15 01:32 - 2019-12-15 01:32 - 000001137 _____ C:\Users\TingTing\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bitdefender Antivirus Free.lnk
2019-12-15 01:32 - 2019-03-20 23:12 - 000022960 _____ (Bitdefender) C:\windows\system32\Drivers\bdelam.sys
2019-12-15 01:30 - 2019-12-15 01:30 - 000001152 _____ C:\Users\Public\Desktop\Bitdefender Antivirus Free.lnk
2019-12-15 01:30 - 2019-12-15 01:30 - 000001152 _____ C:\ProgramData\Desktop\Bitdefender Antivirus Free.lnk
2019-12-15 01:30 - 2019-12-15 01:30 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bitdefender Antivirus Free
2019-12-15 01:30 - 2019-12-15 01:30 - 000000000 ____D C:\ProgramData\Bitdefender
2019-12-15 01:30 - 2019-10-30 08:45 - 000309144 _____ (BitDefender S.R.L. Bucharest, ROMANIA) C:\windows\system32\Drivers\edrsensor.sys
2019-12-15 01:30 - 2019-10-22 12:38 - 000637112 _____ (Bitdefender) C:\windows\system32\Drivers\trufos.sys
2019-12-15 01:30 - 2018-11-28 05:45 - 000188384 _____ (BitDefender LLC) C:\windows\system32\Drivers\gzflt.sys
2019-12-15 01:29 - 2019-11-18 19:08 - 000564136 _____ (BitDefender S.R.L. Bucharest, ROMANIA) C:\windows\system32\Drivers\gemma.sys
2019-12-15 01:29 - 2019-11-13 17:32 - 000739024 _____ (Bitdefender) C:\windows\system32\Drivers\bddci.sys
2019-12-15 01:29 - 2019-09-23 09:43 - 001693368 _____ (Bitdefender S.R.L. Bucharest, ROMANIA) C:\windows\system32\Drivers\atc.sys
2019-12-15 01:15 - 2019-12-15 14:41 - 000000000 ____D C:\Program Files\Bitdefender Antivirus Free
2019-12-15 01:15 - 2019-12-15 13:03 - 000003648 _____ C:\windows\system32\Tasks\Bitdefender Agent WatchDog_65D6944A0EF74FDAB96E31112AD39864
2019-12-15 01:13 - 2019-12-15 13:01 - 000000000 ____D C:\Program Files\Bitdefender Agent
2019-12-15 01:13 - 2019-12-15 01:13 - 010527368 _____ C:\Users\TingTing\Downloads\bitdefender_online.exe
2019-12-15 01:13 - 2019-12-15 01:13 - 000103340 _____ C:\ProgramData\agent.1576390404.bdinstall.v2.bin
2019-12-15 01:13 - 2019-12-15 01:13 - 000000000 ____D C:\ProgramData\Bitdefender Agent
2019-12-15 00:28 - 2019-12-15 00:28 - 000000000 ____D C:\Users\TingTing\Downloads\mbam-chameleon-3.1.33.0
2019-12-15 00:26 - 2019-12-15 00:26 - 006705178 _____ C:\Users\TingTing\Downloads\mbam-chameleon-3.1.33.0.zip
2019-12-15 00:24 - 2019-12-15 00:25 - 161071328 _____ (Malwarebytes) C:\Users\TingTing\Downloads\MBSetup-100523.100523 (1).exe
2019-12-14 23:37 - 2019-12-14 23:38 - 161071328 _____ (Malwarebytes) C:\Users\TingTing\Downloads\MBSetup-100523.100523.exe
2019-12-14 19:35 - 2019-12-14 19:35 - 000000000 ____D C:\Users\TingTing\AppData\Local\cache
2019-12-14 19:31 - 2019-12-14 19:31 - 000000000 ____D C:\Program Files\Malwarebytes
2019-12-11 22:23 - 2019-12-11 22:23 - 000000000 ____D C:\Users\TingTing\AppData\Local\mbamtray
2019-12-11 22:23 - 2019-12-11 22:23 - 000000000 ____D C:\Users\TingTing\AppData\Local\mbam
2019-12-11 22:21 - 2019-12-11 22:21 - 000000000 ____D C:\ProgramData\MB2Migration
2019-12-11 21:46 - 2019-12-11 21:46 - 000000000 ____D C:\ProgramData\UniqueId
2019-12-11 21:43 - 2019-12-11 21:43 - 000000000 ____D C:\windows\SysWOW64\htqs
2019-12-11 21:42 - 2019-12-11 21:42 - 000000300 _____ C:\Users\TingTing\d4ac4633ebd6440fa397b84f1bc94a3c.7z
2019-12-11 21:33 - 2019-12-11 21:33 - 000000000 ____D C:\ProgramData\ByteFence
2019-12-11 21:28 - 2019-12-11 21:28 - 000000000 ____D C:\Users\TingTing\Nox_share
2019-12-11 21:27 - 2019-12-11 21:28 - 000000000 ____D C:\Users\TingTing\vmlogs
2019-12-11 21:26 - 2019-12-11 23:23 - 000000000 ____D C:\Users\TingTing\AppData\Local\chromium
2019-12-11 21:26 - 2019-12-11 21:44 - 000000000 ____D C:\Program Files (x86)\Chromium
2019-12-11 21:25 - 2019-12-11 21:43 - 000000000 ____D C:\Program Files (x86)\Nox
2019-12-11 21:22 - 2019-12-14 23:55 - 000000000 ____D C:\Users\TingTing\AppData\Local\Nox
2019-12-11 21:09 - 2019-12-11 21:09 - 010315858 _____ C:\Users\TingTing\Downloads\jingkankna1.9.8_2265.com (1).apk
2019-12-11 21:08 - 2019-12-11 21:08 - 010315858 _____ C:\Users\TingTing\Downloads\jingkankna1.9.8_2265.com.apk
2019-12-11 20:05 - 2019-12-11 21:33 - 000000000 ____D C:\Users\TingTing\AppData\Local\BlueStacks
2019-12-11 20:05 - 2019-12-11 20:07 - 000000000 ____D C:\Users\Public\BlueStacks
2019-12-06 19:57 - 2019-12-06 19:57 - 000920635 _____ C:\Users\TingTing\Downloads\View PDF Statement_2019-03-17 (2).pdf
2019-12-06 19:56 - 2019-12-06 19:56 - 000920634 _____ C:\Users\TingTing\Downloads\View PDF Statement_2019-03-17 (1).pdf
2019-12-06 19:56 - 2019-12-06 19:56 - 000920532 _____ C:\Users\TingTing\Downloads\View PDF Statement_2019-02-17 (1).pdf
2019-12-06 19:53 - 2019-12-06 19:53 - 000915618 _____ C:\Users\TingTing\Downloads\View PDF Statement_2019-10-05.pdf
2019-12-06 19:50 - 2019-12-06 19:50 - 000915393 _____ C:\Users\TingTing\Downloads\View PDF Statement_2019-09-05.pdf
2019-12-06 19:47 - 2019-12-06 19:47 - 000914738 _____ C:\Users\TingTing\Downloads\View PDF Statement_2019-05-05 (1).pdf
2019-12-06 19:34 - 2019-12-06 19:34 - 000914979 _____ C:\Users\TingTing\Downloads\View PDF Statement_2019-08-05.pdf
2019-12-06 19:33 - 2019-12-06 19:33 - 000914892 _____ C:\Users\TingTing\Downloads\View PDF Statement_2019-07-05.pdf
2019-12-06 19:16 - 2019-12-06 19:16 - 000914650 _____ C:\Users\TingTing\Downloads\View PDF Statement_2018-12-05 (1).pdf
2019-12-06 19:14 - 2019-12-06 19:14 - 000914759 _____ C:\Users\TingTing\Downloads\View PDF Statement_2019-03-05 (1).pdf
2019-12-06 19:13 - 2019-12-06 19:13 - 000920071 _____ C:\Users\TingTing\Downloads\View PDF Statement_2019-02-05.pdf
2019-12-06 19:13 - 2019-12-06 19:13 - 000914862 _____ C:\Users\TingTing\Downloads\View PDF Statement_2019-01-05.pdf
2019-12-06 19:09 - 2019-12-06 19:09 - 000914850 _____ C:\Users\TingTing\Downloads\View PDF Statement_2019-12-05.pdf
2019-12-06 19:02 - 2019-12-06 19:02 - 000914805 _____ C:\Users\TingTing\Downloads\View PDF Statement_2019-04-05.pdf
2019-12-06 19:02 - 2019-12-06 19:02 - 000914805 _____ C:\Users\TingTing\Downloads\View PDF Statement_2019-04-05 (1).pdf
2019-12-06 19:02 - 2019-12-06 19:02 - 000914765 _____ C:\Users\TingTing\Downloads\View PDF Statement_2019-03-05.pdf
2019-12-06 19:00 - 2019-12-06 19:00 - 000915508 _____ C:\Users\TingTing\Downloads\View PDF Statement_2019-06-05.pdf
2019-12-06 18:59 - 2019-12-06 18:59 - 000914737 _____ C:\Users\TingTing\Downloads\View PDF Statement_2019-05-05.pdf
2019-12-06 16:46 - 2019-12-06 16:46 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2019-12-04 20:23 - 2019-12-04 20:23 - 000051024 _____ (Dropbox, Inc.) C:\windows\system32\DbxSvc.exe
2019-12-04 20:23 - 2019-12-04 20:23 - 000047600 _____ (Dropbox, Inc.) C:\windows\system32\Drivers\dbx-stable.sys
2019-12-04 20:23 - 2019-12-04 20:23 - 000047600 _____ (Dropbox, Inc.) C:\windows\system32\Drivers\dbx-dev.sys
2019-12-04 20:23 - 2019-12-04 20:23 - 000047600 _____ (Dropbox, Inc.) C:\windows\system32\Drivers\dbx-canary.sys
2019-12-03 01:55 - 2019-12-03 01:55 - 000038833 _____ C:\Users\TingTing\Downloads\120213132301308310 (1).pdf
2019-12-03 01:54 - 2019-12-03 01:54 - 000285878 _____ C:\Users\TingTing\Downloads\120213132301308309.pdf
2019-12-03 01:52 - 2019-12-03 01:52 - 000174772 _____ C:\Users\TingTing\Downloads\120213132301308311 (1).pdf
2019-12-03 01:29 - 2019-12-03 01:29 - 000038833 _____ C:\Users\TingTing\Downloads\120213132301308310.pdf
2019-12-02 23:47 - 2019-12-02 23:47 - 000174772 _____ C:\Users\TingTing\Downloads\120213132301308311.pdf
2019-11-28 01:37 - 2019-11-28 01:37 - 000920367 _____ C:\Users\TingTing\Downloads\View PDF Statement_2019-11-17.pdf
2019-11-21 20:06 - 2019-11-21 20:06 - 006127856 _____ C:\Users\TingTing\Downloads\IMG_2814 (1).mov
2019-11-17 22:09 - 2019-11-17 22:09 - 006127856 _____ C:\Users\TingTing\Downloads\IMG_2814.mov
2019-11-15 18:20 - 2019-11-15 18:20 - 000915661 _____ C:\Users\TingTing\Downloads\View PDF Statement_2019-11-05.pdf
2019-11-15 16:24 - 2019-10-27 22:20 - 000121040 _____ (Microsoft Corporation) C:\windows\system32\userenv.dll
2019-11-15 16:24 - 2019-10-27 21:40 - 000098296 _____ (Microsoft Corporation) C:\windows\SysWOW64\userenv.dll
2019-11-15 16:24 - 2019-10-25 02:54 - 001208320 ____C (Microsoft Corporation) C:\windows\system32\Drivers\bthport.sys
2019-11-15 16:24 - 2019-10-23 23:07 - 025753088 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2019-11-15 16:24 - 2019-10-23 22:43 - 002910720 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2019-11-15 16:24 - 2019-10-23 22:41 - 000580096 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2019-11-15 16:24 - 2019-10-23 22:30 - 000797184 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2019-11-15 16:24 - 2019-10-23 22:29 - 005500928 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2019-11-15 16:24 - 2019-10-23 22:23 - 020290048 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2019-11-15 16:24 - 2019-10-23 22:08 - 000496640 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2019-11-15 16:24 - 2019-10-23 22:04 - 002304000 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2019-11-15 16:24 - 2019-10-23 22:01 - 001033216 _____ (Microsoft Corporation) C:\windows\system32\inetcomm.dll
2019-11-15 16:24 - 2019-10-23 21:58 - 000662528 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll
2019-11-15 16:24 - 2019-10-23 21:55 - 000262144 _____ (Microsoft Corporation) C:\windows\system32\webcheck.dll
2019-11-15 16:24 - 2019-10-23 21:53 - 000809472 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2019-11-15 16:24 - 2019-10-23 21:53 - 000728064 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2019-11-15 16:24 - 2019-10-23 21:53 - 000381952 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2019-11-15 16:24 - 2019-10-23 21:51 - 002132992 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2019-11-15 16:24 - 2019-10-23 21:47 - 015445504 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2019-11-15 16:24 - 2019-10-23 21:39 - 004859392 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2019-11-15 16:24 - 2019-10-23 21:37 - 000880640 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcomm.dll
2019-11-15 16:24 - 2019-10-23 21:35 - 004112384 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2019-11-15 16:24 - 2019-10-23 21:33 - 000230400 _____ (Microsoft Corporation) C:\windows\SysWOW64\webcheck.dll
2019-11-15 16:24 - 2019-10-23 21:32 - 002058752 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2019-11-15 16:24 - 2019-10-23 21:32 - 000696320 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2019-11-15 16:24 - 2019-10-23 21:32 - 000333312 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
2019-11-15 16:24 - 2019-10-23 21:28 - 001566720 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2019-11-15 16:24 - 2019-10-23 21:27 - 013838336 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2019-11-15 16:24 - 2019-10-23 21:17 - 000800768 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2019-11-15 16:24 - 2019-10-23 21:13 - 004387840 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2019-11-15 16:24 - 2019-10-23 21:10 - 001331712 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2019-11-15 16:24 - 2019-10-23 21:09 - 000710144 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2019-11-15 16:24 - 2019-10-21 23:29 - 001541352 _____ (Microsoft Corporation) C:\windows\system32\user32.dll
2019-11-15 16:24 - 2019-10-21 19:42 - 001376768 _____ (Microsoft Corporation) C:\windows\SysWOW64\user32.dll
2019-11-15 16:24 - 2019-10-16 21:43 - 001368800 _____ (Microsoft Corporation) C:\windows\system32\gdi32.dll
2019-11-15 16:24 - 2019-10-16 19:53 - 001085440 _____ (Microsoft Corporation) C:\windows\SysWOW64\gdi32.dll
2019-11-15 16:24 - 2019-10-15 04:03 - 001311768 _____ (Microsoft Corporation) C:\windows\system32\kernel32.dll
2019-11-15 16:24 - 2019-10-15 01:15 - 007363536 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe
2019-11-15 16:24 - 2019-10-15 00:55 - 001308256 _____ (Microsoft Corporation) C:\windows\system32\rpcrt4.dll
2019-11-15 16:24 - 2019-10-15 00:54 - 000355576 _____ (Microsoft Corporation) C:\windows\system32\Drivers\msrpc.sys
2019-11-15 16:24 - 2019-10-14 22:48 - 004169216 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2019-11-15 16:24 - 2019-10-14 22:24 - 000129024 _____ (Microsoft Corporation) C:\windows\splwow64.exe
2019-11-15 16:24 - 2019-10-14 22:08 - 001040384 _____ (Microsoft Corporation) C:\windows\SysWOW64\kernel32.dll
2019-11-15 16:24 - 2019-10-14 21:56 - 001994240 _____ (Microsoft Corporation) C:\windows\system32\DWrite.dll
2019-11-15 16:24 - 2019-10-14 21:47 - 001384960 _____ (Microsoft Corporation) C:\windows\system32\FntCache.dll
2019-11-15 16:24 - 2019-10-14 21:28 - 001560064 _____ (Microsoft Corporation) C:\windows\SysWOW64\DWrite.dll
2019-11-15 16:24 - 2019-10-14 21:27 - 000747520 _____ (Microsoft Corporation) C:\windows\SysWOW64\rpcrt4.dll
2019-11-15 16:24 - 2019-10-14 21:17 - 000827392 _____ (Microsoft Corporation) C:\windows\system32\spoolsv.exe
2019-11-15 16:24 - 2019-10-11 11:29 - 000024576 _____ (Microsoft Corporation) C:\windows\system32\upnpcont.exe
2019-11-15 16:24 - 2019-10-11 11:17 - 000067584 _____ (Microsoft Corporation) C:\windows\system32\udhisapi.dll
2019-11-15 16:24 - 2019-10-11 10:45 - 000022528 _____ (Microsoft Corporation) C:\windows\SysWOW64\upnpcont.exe
2019-11-15 16:24 - 2019-10-11 10:37 - 000058880 _____ (Microsoft Corporation) C:\windows\SysWOW64\udhisapi.dll
2019-11-15 16:24 - 2019-10-11 10:17 - 000458752 _____ (Microsoft Corporation) C:\windows\system32\upnphost.dll
2019-11-15 16:24 - 2019-10-11 09:59 - 000332288 _____ (Microsoft Corporation) C:\windows\SysWOW64\upnphost.dll
2019-11-15 16:24 - 2019-10-10 23:53 - 000430840 _____ (Microsoft Corporation) C:\windows\system32\msv1_0.dll
2019-11-15 16:24 - 2019-10-10 22:56 - 000320248 _____ (Microsoft Corporation) C:\windows\SysWOW64\msv1_0.dll
2019-11-15 16:24 - 2019-10-10 21:36 - 000445440 _____ (Microsoft Corporation) C:\windows\system32\certcli.dll
2019-11-15 16:24 - 2019-10-10 21:08 - 000324096 _____ (Microsoft Corporation) C:\windows\SysWOW64\certcli.dll
2019-11-15 16:24 - 2019-10-10 21:02 - 000840704 _____ (Microsoft Corporation) C:\windows\system32\netlogon.dll
2019-11-15 16:24 - 2019-10-10 20:44 - 000697344 _____ (Microsoft Corporation) C:\windows\SysWOW64\netlogon.dll
2019-11-15 16:24 - 2019-10-10 20:28 - 000605184 _____ (Microsoft Corporation) C:\windows\system32\cryptui.dll
2019-11-15 16:24 - 2019-10-10 20:23 - 000565760 _____ (Microsoft Corporation) C:\windows\SysWOW64\cryptui.dll
2019-11-15 16:24 - 2019-10-10 17:35 - 000374000 _____ (Adobe Systems Incorporated) C:\windows\system32\atmfd.dll
2019-11-15 16:24 - 2019-10-10 17:32 - 000316144 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\atmfd.dll
2019-11-15 16:24 - 2019-10-10 11:20 - 000044032 _____ (Adobe Systems) C:\windows\system32\atmlib.dll
2019-11-15 16:24 - 2019-10-10 10:50 - 000035840 _____ (Adobe Systems) C:\windows\SysWOW64\atmlib.dll
2019-11-15 16:24 - 2019-10-09 14:38 - 000470256 _____ (Microsoft Corporation) C:\windows\system32\Drivers\netio.sys
2019-11-15 16:24 - 2019-10-09 08:35 - 000111616 _____ (Microsoft Corporation) C:\windows\system32\AxInstSv.dll
2019-11-15 16:24 - 2019-10-04 08:35 - 000929280 _____ (Microsoft Corporation) C:\windows\system32\iphlpsvc.dll
2019-11-15 16:24 - 2019-10-04 08:18 - 001312256 _____ (Microsoft Corporation) C:\windows\SysWOW64\msjet40.dll
2019-11-15 16:24 - 2019-09-27 12:53 - 003325440 _____ (Microsoft Corporation) C:\windows\system32\msi.dll
2019-11-15 16:24 - 2019-09-27 11:52 - 002779648 _____ (Microsoft Corporation) C:\windows\system32\authui.dll
2019-11-15 16:24 - 2019-09-27 11:50 - 003619328 _____ (Microsoft Corporation) C:\windows\SysWOW64\msi.dll
2019-11-15 16:24 - 2019-09-27 11:07 - 002464256 _____ (Microsoft Corporation) C:\windows\SysWOW64\authui.dll
2019-11-15 16:24 - 2019-09-25 07:34 - 000162392 _____ (Microsoft Corporation) C:\windows\system32\CompatTelRunner.exe
2019-11-15 16:24 - 2019-09-24 23:18 - 002863104 _____ (Microsoft Corporation) C:\windows\system32\aitstatic.exe
2019-11-15 16:24 - 2019-09-24 23:18 - 001717760 _____ (Microsoft Corporation) C:\windows\system32\appraiser.dll
2019-11-15 16:24 - 2019-09-24 23:18 - 000802816 _____ (Microsoft Corporation) C:\windows\system32\generaltel.dll
2019-11-15 16:24 - 2019-09-24 23:18 - 000738816 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
2019-11-15 16:24 - 2019-09-24 23:18 - 000634368 _____ (Microsoft Corporation) C:\windows\system32\devinv.dll
2019-11-15 16:24 - 2019-09-24 23:18 - 000503808 _____ (Microsoft Corporation) C:\windows\system32\centel.dll
2019-11-15 16:24 - 2019-09-24 23:18 - 000456704 _____ (Microsoft Corporation) C:\windows\system32\invagent.dll
2019-11-15 16:24 - 2019-09-24 23:18 - 000315904 _____ (Microsoft Corporation) C:\windows\system32\acmigration.dll
2019-11-15 16:24 - 2019-09-24 23:18 - 000257024 _____ (Microsoft Corporation) C:\windows\system32\aepic.dll
2019-11-15 16:24 - 2019-09-19 01:21 - 000098304 _____ (Microsoft Corporation) C:\windows\system32\setupcl.exe
2019-11-15 16:24 - 2019-09-19 01:11 - 000229888 _____ (Microsoft Corporation) C:\windows\system32\ActionQueue.dll
2019-11-15 16:24 - 2019-09-19 01:10 - 000020992 _____ (Microsoft Corporation) C:\windows\system32\spopk.dll
2019-11-15 16:24 - 2019-09-19 01:00 - 000169472 _____ (Microsoft Corporation) C:\windows\system32\uxlib.dll
2019-11-15 16:24 - 2019-09-19 00:59 - 000246784 _____ (Microsoft Corporation) C:\windows\system32\unattend.dll
2019-11-15 16:24 - 2019-09-19 00:48 - 000475648 _____ (Microsoft Corporation) C:\windows\system32\spwizeng.dll
2019-11-15 16:24 - 2019-09-19 00:26 - 000848896 _____ (Microsoft Corporation) C:\windows\system32\samsrv.dll
2019-11-15 16:24 - 2019-09-19 00:20 - 000333312 _____ (Microsoft Corporation) C:\windows\system32\winsku.dll
2019-11-15 16:24 - 2019-09-19 00:16 - 000712192 _____ (Microsoft Corporation) C:\windows\system32\DismApi.dll
2019-11-15 16:24 - 2019-09-18 22:26 - 000469504 _____ (Microsoft Corporation) C:\windows\SysWOW64\DismApi.dll
2019-11-15 16:24 - 2019-09-18 22:26 - 000279040 _____ (Microsoft Corporation) C:\windows\SysWOW64\winsku.dll
2019-11-15 16:24 - 2019-09-12 17:46 - 000017920 _____ (Microsoft Corporation) C:\windows\SysWOW64\spopk.dll
2019-11-15 16:24 - 2019-09-12 17:36 - 000126464 _____ (Microsoft Corporation) C:\windows\SysWOW64\uxlib.dll
2019-11-15 16:24 - 2019-09-12 17:25 - 000380928 _____ (Microsoft Corporation) C:\windows\SysWOW64\spwizeng.dll
2019-11-15 16:24 - 2019-09-10 16:34 - 000354544 _____ (Microsoft Corporation) C:\windows\system32\Drivers\fltMgr.sys
2019-11-15 16:24 - 2019-09-07 10:18 - 015441408 _____ (Microsoft Corporation) C:\windows\system32\wmp.dll
2019-11-15 16:24 - 2019-09-07 10:09 - 013321728 _____ (Microsoft Corporation) C:\windows\SysWOW64\wmp.dll
2019-11-15 16:24 - 2019-09-06 08:17 - 000249856 _____ (Gracenote, Inc.) C:\windows\SysWOW64\gnsdk_fp.dll
==================== One month (modified) ==================
(If an entry is included in the fixlist, the file/folder will be moved.)
2019-12-15 14:43 - 2016-04-06 17:56 - 000000944 _____ C:\windows\Tasks\DropboxUpdateTaskMachineUA.job
2019-12-15 14:31 - 2013-08-22 10:20 - 000000000 ____D C:\windows\CbsTemp
2019-12-15 14:00 - 2013-08-22 08:25 - 000262144 ___SH C:\windows\system32\config\ELAM
2019-12-15 13:55 - 2016-05-25 17:44 - 000000510 _____ C:\windows\Tasks\AliUpdater{6D476752-FA67-4F7A-AE78-088CF5BD18C8}.job
2019-12-15 13:22 - 2015-05-01 20:37 - 000000000 ____D C:\Users\TingTing\AppData\Local\AutoSoftware
2019-12-15 13:05 - 2014-12-09 11:39 - 000003594 _____ C:\windows\system32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-688974935-4124263328-645016171-1001
2019-12-15 13:02 - 2014-12-14 03:03 - 000000000 ___DO C:\Users\TingTing\OneDrive
2019-12-15 13:02 - 2014-12-03 13:28 - 000000000 ____D C:\Program Files (x86)\Dell Backup and Recovery
2019-12-15 13:00 - 2016-04-06 17:56 - 000000940 _____ C:\windows\Tasks\DropboxUpdateTaskMachineCore.job
2019-12-15 13:00 - 2014-12-03 13:29 - 000000000 ____D C:\Temp
2019-12-15 12:59 - 2014-12-09 11:32 - 000000000 ____D C:\Users\TingTing
2019-12-15 12:56 - 2013-08-22 09:45 - 000000006 ____H C:\windows\Tasks\SA.DAT
2019-12-15 12:54 - 2014-12-09 11:36 - 000003966 _____ C:\windows\system32\Tasks\User_Feed_Synchronization-{9A7551FE-9855-4686-A2BC-4B9D5579A332}
2019-12-15 12:52 - 2015-03-03 01:36 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2019-12-15 01:32 - 2013-08-22 10:36 - 000000000 ___HD C:\windows\ELAMBKUP
2019-12-15 01:17 - 2013-08-22 08:36 - 000000000 ____D C:\windows\Inf
2019-12-15 01:10 - 2018-06-19 18:58 - 000000000 ____D C:\Users\TingTing\AppData\Local\AVAST Software
2019-12-15 01:02 - 2013-08-22 09:44 - 005151896 _____ C:\windows\system32\FNTCACHE.DAT
2019-12-15 00:59 - 2015-05-01 22:32 - 000140672 _____ (Malwarebytes) C:\windows\system32\Drivers\mbamchameleon.sys
2019-12-15 00:54 - 2013-08-22 08:25 - 000262144 ___SH C:\windows\system32\config\BBI
2019-12-15 00:21 - 2015-02-09 09:54 - 000002318 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2019-12-15 00:21 - 2015-02-09 09:54 - 000002277 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2019-12-15 00:21 - 2015-02-09 09:54 - 000002277 _____ C:\ProgramData\Desktop\Google Chrome.lnk
2019-12-14 23:57 - 2014-12-03 12:54 - 000866884 _____ C:\windows\system32\PerfStringBackup.INI
2019-12-14 23:55 - 2015-05-01 22:32 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2019-12-14 23:55 - 2015-05-01 22:32 - 000000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2019-12-14 23:55 - 2014-12-16 01:54 - 000000000 ___SD C:\windows\system32\CompatTel
2019-12-14 23:55 - 2014-12-03 13:14 - 000000000 ___HD C:\windows\system32\WLANProfiles
2019-12-14 23:55 - 2013-08-22 10:36 - 000000000 __RSD C:\windows\Media
2019-12-14 23:55 - 2013-08-22 10:36 - 000000000 ____D C:\windows\rescache
2019-12-14 23:55 - 2013-08-22 10:36 - 000000000 ____D C:\windows\PolicyDefinitions
2019-12-14 23:53 - 2013-08-22 10:36 - 000000000 ___HD C:\Program Files\WindowsApps
2019-12-14 23:51 - 2013-08-22 10:36 - 000000000 ____D C:\windows\registration
2019-12-14 23:50 - 2013-08-22 08:36 - 000000000 ____D C:\windows\system32\Sysprep
2019-12-14 23:48 - 2015-05-01 22:32 - 000000000 ____D C:\ProgramData\Malwarebytes
2019-12-14 23:47 - 2015-03-03 01:32 - 000000000 ____D C:\Program Files\Microsoft Office
2019-12-14 23:44 - 2015-03-03 01:32 - 000000000 __RHD C:\MSOCache
2019-12-14 23:17 - 2019-09-20 13:07 - 000000000 ____D C:\Users\TingTing\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ClockworkMod
2019-12-14 23:17 - 2019-09-20 13:06 - 000000000 ____D C:\Users\TingTing\AppData\Local\Vysor
2019-12-14 23:16 - 2015-05-21 06:45 - 000002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2019-12-14 23:15 - 2019-09-20 06:24 - 000000000 ____D C:\Program Files (x86)\LG Electronics
2019-12-14 23:13 - 2014-12-09 11:41 - 000000000 ____D C:\ProgramData\AVAST Software
2019-12-14 23:10 - 2015-02-09 09:52 - 000003334 _____ C:\windows\system32\Tasks\GoogleUpdateTaskMachineUA
2019-12-14 23:10 - 2015-02-09 09:52 - 000003206 _____ C:\windows\system32\Tasks\GoogleUpdateTaskMachineCore
2019-12-14 23:05 - 2018-03-13 06:05 - 000004482 _____ C:\windows\system32\Tasks\Adobe Flash Player NPAPI Notifier
2019-12-14 23:05 - 2014-12-14 03:50 - 000004288 _____ C:\windows\system32\Tasks\Adobe Flash Player Updater
2019-12-14 23:05 - 2013-08-22 10:36 - 000000000 ____D C:\windows\SysWOW64\Macromed
2019-12-14 23:05 - 2013-08-22 10:36 - 000000000 ____D C:\windows\system32\Macromed
2019-12-12 01:15 - 2016-11-16 14:34 - 000000000 ____D C:\Users\TingTing\Saved Documents
2019-12-10 21:14 - 2019-10-01 15:55 - 000000000 ___HD C:\Users\Public\Documents\AdobeGCData
2019-12-10 21:14 - 2019-10-01 15:55 - 000000000 ___HD C:\ProgramData\Documents\AdobeGCData
2019-12-08 23:25 - 2019-10-01 15:55 - 000003446 _____ C:\windows\system32\Tasks\AdobeGCInvoker-1.0
2019-12-08 23:25 - 2018-02-20 18:59 - 000003492 _____ C:\windows\system32\Tasks\Motorola Device Manager Update
2019-12-08 23:25 - 2018-02-20 18:59 - 000003300 _____ C:\windows\system32\Tasks\Motorola Device Manager Initial Update
2019-12-08 23:25 - 2017-09-25 02:47 - 000003314 _____ C:\windows\system32\Tasks\{F11E54FD-9E0C-40D2-B2BC-C39546927883}
2019-12-08 23:25 - 2016-05-25 17:44 - 000003578 _____ C:\windows\system32\Tasks\AliUpdater{6D476752-FA67-4F7A-AE78-088CF5BD18C8}
2019-12-08 23:25 - 2016-04-06 17:56 - 000003916 _____ C:\windows\system32\Tasks\DropboxUpdateTaskMachineUA
2019-12-08 23:25 - 2016-04-06 17:56 - 000003680 _____ C:\windows\system32\Tasks\DropboxUpdateTaskMachineCore
2019-12-08 23:25 - 2015-05-21 06:46 - 000004476 _____ C:\windows\system32\Tasks\Adobe Acrobat Update Task
2019-12-08 23:25 - 2015-04-23 16:32 - 000002990 _____ C:\windows\system32\Tasks\Synaptics TouchPad Enhancements
2019-12-08 23:25 - 2014-12-03 13:22 - 000003160 _____ C:\windows\system32\Tasks\CLVDLauncher
2019-12-08 23:25 - 2014-12-03 13:22 - 000003160 _____ C:\windows\system32\Tasks\CLMLSvc_P2G8
2019-12-08 23:25 - 2014-12-03 12:53 - 000003592 _____ C:\windows\system32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-688974935-4124263328-645016171-500
2019-12-06 16:46 - 2016-04-06 17:56 - 000000000 ____D C:\Program Files (x86)\Dropbox
2019-12-06 03:26 - 2014-12-09 11:33 - 000000000 ____D C:\Users\TingTing\AppData\Local\Packages
2019-11-18 23:25 - 2014-12-16 01:54 - 000000000 ____D C:\windows\system32\appraiser
2019-11-18 23:25 - 2013-08-22 08:36 - 000000000 ____D C:\windows\SysWOW64\Dism
2019-11-18 23:25 - 2013-08-22 08:36 - 000000000 ____D C:\windows\system32\oobe
2019-11-18 23:25 - 2013-08-22 08:36 - 000000000 ____D C:\windows\system32\Dism
2019-11-17 01:06 - 2014-12-12 14:02 - 000000000 ____D C:\windows\system32\MRT
2019-11-17 00:58 - 2014-12-12 14:02 - 128443096 ____C (Microsoft Corporation) C:\windows\system32\MRT.exe
==================== Files in the root of some directories ========
2018-10-03 14:04 - 2018-10-03 14:04 - 000000000 _____ () C:\Users\TingTing\AppData\Local\oobelibMkey.log
==================== SigCheck ============================
(There is no automatic fix for files that do not pass verification.)
LastRegBack: 2019-12-06 04:33
==================== End of FRST.txt ========================
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 14-12-2019
Ran by TingTing (15-12-2019 14:50:56)
Running from C:\Users\TingTing\Downloads
Windows 8.1 (Update) (X64) (2014-12-09 16:33:09)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-688974935-4124263328-645016171-500 - Administrator - Disabled)
Guest (S-1-5-21-688974935-4124263328-645016171-501 - Limited - Disabled)
TingTing (S-1-5-21-688974935-4124263328-645016171-1001 - Administrator - Enabled) => C:\Users\TingTing
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Bitdefender Antivirus Free Antimalware (Enabled - Up to date) {EA21BCE8-A461-99C3-3A0D-4C964E75494E}
AS: Bitdefender Antivirus Free Antimalware (Enabled - Up to date) {51405D0C-825B-964D-00BD-77E435F203F3}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
µTorrent (HKU\S-1-5-21-688974935-4124263328-645016171-1001\...\uTorrent) (Version: 3.5.0.44090 - BitTorrent Inc.)
7-Zip 9.38 beta (HKLM-x32\...\7-Zip) (Version: - )
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 19.021.20058 - Adobe Systems Incorporated)
Adobe Acrobat XI Pro (HKLM-x32\...\{AC76BA86-1033-FFFF-7760-000000000006}) (Version: 11.0.07 - Adobe Systems)
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 4.4.0.294 - Adobe Systems Incorporated)
Adobe Digital Editions 4.0 (HKLM-x32\...\Adobe Digital Editions 4.0) (Version: 4.0.3 - Adobe Systems Incorporated)
Adobe Flash Player 32 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 32.0.0.303 - Adobe)
Adobe Photoshop CC 2017 (HKLM-x32\...\PHSP_18_0) (Version: 18.0.0 - Adobe Systems Incorporated)
Adobe Premiere Pro CC 2017 (HKLM-x32\...\PPRO_11_0_2) (Version: 11.0.2 - Adobe Systems Incorporated)
Amazon Send to Kindle (HKLM-x32\...\SendToKindle) (Version: 1.1.0.243 - Amazon)
Apple Application Support (32-bit) (HKLM-x32\...\{5A659BE5-849B-484E-A83B-DCB78407F3A4}) (Version: 7.3 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{F8060941-C0AB-4BCE-88AC-F2FDA2E9F286}) (Version: 7.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{5FA8C4BE-8C74-4B9C-9B49-EBF759230189}) (Version: 12.1.0.25 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{A30EA700-5515-48F0-88B0-9E99DC356B88}) (Version: 2.6.0.1 - Apple Inc.)
ASIO4ALL (HKLM-x32\...\ASIO4ALL) (Version: 2.10 - Michael Tippach)
Bitdefender Agent (HKLM\...\Bitdefender Agent) (Version: 1.0.1 - Bitdefender)
Bitdefender Antivirus Free (HKLM\...\{1FCCF41D-5F00-4FE2-9653-162D0486C8B4}) (Version: 1.0.16.146 - Bitdefender)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Brother MFL-Pro Suite DCP-L2540DW series (HKLM-x32\...\{F8ECC2FD-CE2B-4ED4-BDCC-90D0D34206FD}) (Version: 1.0.2.0 - Brother Industries, Ltd.)
calibre (HKLM-x32\...\{8FAFEF8C-295D-4D71-95FC-91D9B7D75F3E}) (Version: 2.13.0 - Kovid Goyal)
cloudLibrary 2.3 (HKLM-x32\...\cloudLibrary) (Version: 2.3 - Bibliotheca)
CyberLink Media Suite Essentials (HKLM-x32\...\InstallShield_{8F14AA37-5193-4A14-BD5B-BDF9B361AEF7}) (Version: 10.0 - CyberLink Corp.)
Dell Backup and Recovery - Support Software (HKLM-x32\...\{A9668246-FB70-4103-A1E3-66C9BC2EFB49}) (Version: 1.6.1.2 - Dell Inc.)
Dell Backup and Recovery (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 1.6.1.2 - Dell Inc.)
Dell Data Vault (HKLM\...\{2E55EEFD-2162-4A7D-9158-EDB0305603A6}) (Version: 4.3.5.1 - Dell Inc.) Hidden
Dell Touchpad (HKLM\...\SynTPDeinstKey) (Version: 18.0.5.4 - Synaptics Incorporated)
Dropbox (HKLM-x32\...\Dropbox) (Version: 86.4.146 - Dropbox, Inc.)
Dropbox Update Helper (HKLM-x32\...\{099218A5-A723-43DC-8DB5-6173656A1E94}) (Version: 1.3.241.1 - Dropbox, Inc.) Hidden
Express Scribe Transcription Software (HKLM-x32\...\Scribe) (Version: 6.10 - NCH Software)
Extended Asian Language font pack for Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-2530-0000-AC0F074E4100}) (Version: 15.007.20033 - Adobe Systems Incorporated)
FL Studio 10 (HKLM-x32\...\FL Studio 10) (Version: - Image-Line)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 79.0.3945.79 - Google LLC)
Google Drive (HKLM-x32\...\{A8DC81F2-D365-4248-892A-FA3B5951F731}) (Version: 2.34.9392.7803 - Google, Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.35.421 - Google LLC) Hidden
iCloud (HKLM\...\{05D97028-FD26-4A3D-BADC-D1CA2E9F1214}) (Version: 7.10.0.9 - Apple Inc.)
IL Download Manager (HKLM-x32\...\IL Download Manager) (Version: - Image-Line)
Intel® Driver Update Utility 2.0 (HKLM-x32\...\{59DB38EB-F864-4E10-841D-38CFBCF864B0}) (Version: 2.0.0.29 - Intel) Hidden
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.22.1760 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3496 - Intel Corporation)
Intel® PROSet/Wireless Software for Bluetooth® Technology(patch version 17.0.1423.2) (HKLM\...\{302600C1-6BDF-4FD1-1405-148929CC1385}) (Version: 17.0.1405.0464 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 13.0.0.1098 - Intel Corporation)
Intel® Serial IO (HKLM\...\{9FD91C5C-44AE-4D9D-85BE-AE52816B0294}) (Version: 1.1.165.1 - Intel Corporation)
Intel® Driver Update Utility (HKLM-x32\...\{8409c4f7-2340-4933-a304-5d37db4fb48b}) (Version: 2.0.0.29 - Intel)
Intel® PROSet/Wireless Software (HKLM-x32\...\{6535d76a-59fb-4935-b2c5-cd61917c4a4b}) (Version: 17.16.0 - Intel Corporation)
iTunes (HKLM\...\{A9921EE9-86E5-402C-A934-4A8DBAD99E24}) (Version: 12.9.2.6 - Apple Inc.)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUSR) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x64) - 14.12.25810 (HKLM-x32\...\{e2ee15e2-a480-4bc5-bfb7-e9803d1d9823}) (Version: 14.12.25810.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x86) - 14.12.25810 (HKLM-x32\...\{56e11d69-7cc9-40a5-a4f9-8f6190c4d84d}) (Version: 14.12.25810.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Motorola Device Manager (HKLM-x32\...\{28DB8373-C1BB-444F-A427-A55585A12ED7}) (Version: 2.5.4 - Motorola Mobility)
Motorola Device Software Update (HKLM-x32\...\{894AB83D-A9AF-4E54-BFF3-A7262A0A6C13}) (Version: 13.09.3001 - Motorola Mobility) Hidden
Motorola Mobile Drivers Installation 6.4.0 (HKLM\...\{27986EDD-C9EC-4B52-B92F-06D073F0AA52}) (Version: 6.4.0 - Motorola Mobility LLC)
Mozilla Firefox 47.0.2 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 47.0.2 (x86 en-US)) (Version: 47.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 47.0.2.6148 - Mozilla)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
Origin (HKLM-x32\...\Origin) (Version: 10.4.2.12697 - Electronic Arts, Inc.)
Outils de vérification linguistique 2013 de Microsoft Office - Français (HKLM\...\{90150000-001F-040C-1000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Premiere Pro (HKLM\...\{3DF5A448-80E1-43C1-8428-984429451989}) (Version: 1.0.0000 - Adobe Systems Incorporated) Hidden
Quickset64 (HKLM\...\{87CF757E-C1F1-4D22-865C-00C6950B5258}) (Version: 10.16.007 - Dell Inc.)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9600.39054 - Realtek Semiconductor Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7152 - Realtek Semiconductor Corp.)
Samsung Printer Center (HKLM-x32\...\Samsung Printer Center) (Version: 1.0.0.21 - Samsung Electronics Co., Ltd.)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{91150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{D82063A8-7C8C-4C3B-A9BB-95138CA55D26}) (Version: - Microsoft)
TAP-Windows 9.9.2 (HKLM\...\TAP-Windows) (Version: 9.9.2 - )
The Sims 4: City Living (HKLM\...\dGhlc2ltczRjaXR5bGl2aW5n_is1) (Version: 1 - )
The Sims™ 3 (HKLM-x32\...\{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}) (Version: 1.69.43.024017 - Electronic Arts Inc.)
The Sims™ 3 High-End Loft Stuff (HKLM-x32\...\{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}_The Sims 3 High-End Loft Stuff) (Version: 1.0.0.0 - Electronic Arts Inc.)
The Sims™ 3 Late Night (HKLM-x32\...\{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}_The Sims 3 Late Night) (Version: 1.0.0.0 - Electronic Arts Inc.)
The Sims™ 4 (HKLM-x32\...\{48EBEBBF-B9F8-4520-A3CF-89A730721917}) (Version: 1.25.136.1020 - Electronic Arts Inc.)
TouchFreeze (HKLM-x32\...\{9C9744E5-2BB7-4042-BD1C-8A339480A08C}) (Version: 1.1.0 - Ivan Zhakov)
Uninstall Samsung Printer Software (HKLM-x32\...\TotalUninstaller) (Version: 4.0.0.13 - Samsung Electronics CO., LTD.)
Update for Japanese Microsoft IME Postal Code Dictionary (HKLM-x32\...\{15015752-9990-4516-A2B1-93823281FB8E}) (Version: 15.0.1759 - Microsoft Corporation)
Update for Japanese Microsoft IME Standard Dictionary (HKLM-x32\...\{7DB71278-9AD7-4480-AB08-8649C5010B17}) (Version: 15.0.1215 - Microsoft Corporation)
Update for Japanese Microsoft IME Standard Extended Dictionary (HKLM-x32\...\{78CE66A9-85AF-4BD8-8FB7-35B5F3846C00}) (Version: 15.0.1215 - Microsoft Corporation)
Update for Skype for Business 2015 (KB4475564) 64-Bit Edition (HKLM\...\{90150000-00C1-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{CD0EE05F-11E6-46FA-BB7B-D2A28C47A4F3}) (Version: - Microsoft)
Update for Skype for Business 2015 (KB4475564) 64-Bit Edition (HKLM\...\{90150000-012B-0409-1000-0000000FF1CE}_Office15.PROPLUSR_{CD0EE05F-11E6-46FA-BB7B-D2A28C47A4F3}) (Version: - Microsoft)
Update for Skype for Business 2015 (KB4475564) 64-Bit Edition (HKLM\...\{91150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{CD0EE05F-11E6-46FA-BB7B-D2A28C47A4F3}) (Version: - Microsoft)
Windows 7 USB/DVD Download Tool (HKLM-x32\...\{CCF298AF-9CE1-4B26-B251-486E98A34789}) (Version: 1.0.30 - Microsoft Corporation)
Packages:
=========
Games -> C:\Program Files\WindowsApps\Microsoft.XboxLIVEGames_2.0.139.0_x64__8wekyb3d8bbwe [2014-12-09] (Microsoft Corporation) [MS Ad]
MSN Food & Drink -> C:\Program Files\WindowsApps\Microsoft.BingFoodAndDrink_3.0.4.336_x64__8wekyb3d8bbwe [2015-07-14] (Microsoft Corporation) [MS Ad]
MSN Health & Fitness -> C:\Program Files\WindowsApps\Microsoft.BingHealthAndFitness_3.0.4.336_x64__8wekyb3d8bbwe [2015-07-14] (Microsoft Corporation) [MS Ad]
MSN Money -> C:\Program Files\WindowsApps\Microsoft.BingFinance_3.0.4.344_x64__8wekyb3d8bbwe [2016-04-27] (Microsoft Corporation) [MS Ad]
MSN News -> C:\Program Files\WindowsApps\Microsoft.BingNews_3.0.4.344_x64__8wekyb3d8bbwe [2016-04-27] (Microsoft Corporation) [MS Ad]
MSN Sports -> C:\Program Files\WindowsApps\Microsoft.BingSports_3.0.4.345_x64__8wekyb3d8bbwe [2016-04-29] (Microsoft Corporation) [MS Ad]
MSN Travel -> C:\Program Files\WindowsApps\Microsoft.BingTravel_3.0.4.336_x64__8wekyb3d8bbwe [2015-07-14] (Microsoft Corporation) [MS Ad]
MSN Weather -> C:\Program Files\WindowsApps\Microsoft.BingWeather_3.0.4.350_x64__8wekyb3d8bbwe [2016-11-23] (Microsoft Corporation) [MS Ad]
Music -> C:\Program Files\WindowsApps\Microsoft.ZuneMusic_2.6.672.0_x64__8wekyb3d8bbwe [2015-03-14] (Microsoft Corporation) [MS Ad]
Samsung Printer Experience -> C:\Program Files\WindowsApps\SAMSUNGELECTRONICSCO.LTD.SamsungPrinterExperience_1.3.15.0_x64__3c1yjt4zspk6g [2016-04-01] (Samsung Electronics Co. Ltd.)
Skype -> C:\Program Files\WindowsApps\Microsoft.SkypeApp_3.1.0.1016_x86__kzf8qxf38zg5c [2015-06-21] (Skype) [MS Ad]
Video -> C:\Program Files\WindowsApps\Microsoft.ZuneVideo_2.6.446.0_x64__8wekyb3d8bbwe [2015-11-06] (Microsoft Corporation) [MS Ad]
Windows Phone -> C:\Program Files\WindowsApps\Microsoft.WindowsPhone_1.42.1701.1_x64__8wekyb3d8bbwe [2016-09-21] (Microsoft Corporation)
阿里旺旺 -> C:\Program Files\WindowsApps\E1354D8C.Win8_1.0.0.122_x64__97d7ef5pp7jwp [2017-11-09] (淘宝(中国)软件有限公司)
==================== Custom CLSID (Whitelisted): ==============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-688974935-4124263328-645016171-1001_Classes\CLSID\{5D09DD40-CDC4-4C56-B615-0D1E3B357C2B}\InprocServer32 -> C:\Program Files (x86)\AliWangWang\8.60.00C\AliIMX_64.dll => No File
CustomCLSID: HKU\S-1-5-21-688974935-4124263328-645016171-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\windows\system32\igfxEM.exe (Intel Corporation - Software and Firmware Products -> Intel Corporation)
CustomCLSID: HKU\S-1-5-21-688974935-4124263328-645016171-1001_Classes\CLSID\{e8c77137-e224-5791-b6e9-ff0305797a13}\InprocServer32 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems Incorporated -> Adobe Systems)
ShellIconOverlayIdentifiers: [ DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2018-04-23] (Google Inc -> Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2018-04-23] (Google Inc -> Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2018-04-23] (Google Inc -> Google)
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2017-09-26] (Adobe Systems Incorporated -> )
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2017-09-26] (Adobe Systems Incorporated -> )
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2017-09-26] (Adobe Systems Incorporated -> )
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ShellIconOverlayIdentifiers: [DBARFileBackuped] -> {831cebdd-6baf-4432-be76-9e0989c14aef} => C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBROverlayIcon.DLL [2013-08-19] (SoftThinks -> )
ShellIconOverlayIdentifiers: [DBARFileNotBackuped] -> {275e4fd7-21ef-45cf-a836-832e5d2cc1b3} => C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBROverlayNotBackuped.DLL [2013-08-19] (SoftThinks -> )
ShellIconOverlayIdentifiers-x32: [ DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ContextMenuHandlers1-x32: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files (x86)\7-Zip\7-zip.dll [2015-01-03] (Igor Pavlov) [File not signed]
ContextMenuHandlers1: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2017-09-26] (Adobe Systems Incorporated -> )
ContextMenuHandlers1: [Adobe.Acrobat.ContextMenu] -> {A6595CD1-BF77-430A-A452-18696685F7C7} => C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat Elements\ContextMenuShim64.dll [2012-09-23] (Adobe Systems, Incorporated -> Adobe Systems Inc.)
ContextMenuHandlers1: [CLVDShellExt] -> {3E2A0A32-6E14-4BAD-AA87-BBB6A75EBFF2} => C:\Program Files (x86)\Common Files\CyberLink\ShellExtComponent\CLVDShellExt.dll [2013-08-06] (CyberLink Corp. -> Cyberlink)
ContextMenuHandlers1: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ContextMenuHandlers1: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files (x86)\Google\Drive\contextmenu64.dll [2018-04-23] (Google Inc -> Google)
ContextMenuHandlers1: [PhotoStreamsExt] -> {89D984B3-813B-406A-8298-118AFA3A22AE} => C:\Program Files\Common Files\Apple\Internet Services\ShellStreams64.dll [2019-01-15] (Apple Inc. -> Apple Inc.)
ContextMenuHandlers2: [CLVDShellExt] -> {3E2A0A32-6E14-4BAD-AA87-BBB6A75EBFF2} => C:\Program Files (x86)\Common Files\CyberLink\ShellExtComponent\CLVDShellExt.dll [2013-08-06] (CyberLink Corp. -> Cyberlink)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamext.dll [2016-03-10] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers3: [STKContextMenu] -> {90DD7445-E924-4c6e-92AC-01F8C3A7E0C7} => C:\Program Files (x86)\Amazon\SendToKindle\stkContextMenu_243.dll [2016-04-06] (Amazon Services LLC -> Amazon.com, Inc.)
ContextMenuHandlers4-x32: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files (x86)\7-Zip\7-zip.dll [2015-01-03] (Igor Pavlov) [File not signed]
ContextMenuHandlers4: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ContextMenuHandlers4: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files (x86)\Google\Drive\contextmenu64.dll [2018-04-23] (Google Inc -> Google)
ContextMenuHandlers5: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\windows\system32\igfxpph.dll -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\windows\system32\igfxDTCM.dll [2014-03-07] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers5: [igfxOSP] -> {FA507C3F-30C6-4DCA-9EE5-2656072EEC14} => C:\windows\system32\igfxOSP.dll [2014-03-07] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers6-x32: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files (x86)\7-Zip\7-zip.dll [2015-01-03] (Igor Pavlov) [File not signed]
ContextMenuHandlers6: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2017-09-26] (Adobe Systems Incorporated -> )
ContextMenuHandlers6: [Adobe.Acrobat.ContextMenu] -> {A6595CD1-BF77-430A-A452-18696685F7C7} => C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat Elements\ContextMenuShim64.dll [2012-09-23] (Adobe Systems, Incorporated -> Adobe Systems Inc.)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamext.dll [2016-03-10] (Malwarebytes Corporation -> Malwarebytes)
==================== Codecs (Whitelisted) ====================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Drivers32: [vidc.VP60] => C:\windows\SysWOW64\vp6vfw.dll [447752 2014-09-16] (Electronic Arts -> On2.com)
HKLM\...\Drivers32: [vidc.VP61] => C:\windows\SysWOW64\vp6vfw.dll [447752 2014-09-16] (Electronic Arts -> On2.com)
HKLM\...\Drivers32: [msacm.vorbis] => C:\Windows\SysWOW64\vorbis.acm [1554944 2009-09-15] (HMS hxxp://hp.vector.co.jp/authors/VA012897/) [File not signed]
==================== Shortcuts & WMI ========================
(The entries could be listed to be restored or removed.)
Shortcut: C:\Users\TingTing\Favorites\NCH Software Download Site.lnk -> hxxp://www.nch.com.au/index.htm
Shortcut: C:\Users\TingTing\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Image-Line\FL Studio 10\Image-Line website.lnk -> hxxp://www.image-line.com
Shortcut: C:\Users\TingTing\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Image-Line\FL Studio 10\Advanced\Diagnostic.lnk -> hxxp://www.image-line.com/diagnosti
Shortcut: C:\Users\TingTing\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Image-Line\FL Studio 10\Additional\Download Deckadance.lnk -> hxxp://www.deckadance.com
Shortcut: C:\Users\TingTing\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Image-Line\FL Studio 10\Additional\SynthMaker website.lnk -> hxxp://www.synthmaker.co.uk
==================== Loaded Modules (Whitelisted) =============
2014-04-07 09:31 - 2014-04-07 09:31 - 000172032 _____ () [File not signed] C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\css_core.dll
2015-11-30 03:59 - 2005-04-21 23:36 - 000143360 _____ () [File not signed] C:\windows\system32\BrSNMP64.dll
2015-11-30 03:59 - 2013-03-08 01:44 - 000087040 _____ (Brother Industries, Ltd.) [File not signed] C:\windows\system32\BrNetSti.dll
2014-02-26 10:11 - 2014-02-26 10:11 - 000523264 _____ (Intel Corporation) [File not signed] C:\Program Files\Intel\Intel® Rapid Storage Technology\ISDI2.dll
2014-02-26 10:11 - 2014-02-26 10:11 - 000297984 _____ (Intel Corporation) [File not signed] C:\Program Files\Intel\Intel® Rapid Storage Technology\PsiData.dll
2014-12-03 13:27 - 2014-12-03 13:27 - 001101824 _____ (Microsoft Corporation) [File not signed] C:\windows\WinSxS\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.6195_none_cbf5e994470a1a8f\MFC80.DLL
2014-12-03 13:27 - 2014-12-03 13:27 - 000057344 _____ (Microsoft Corporation) [File not signed] C:\windows\WinSxS\x86_microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.6195_none_03ce2c72205943d3\MFC80ENU.DLL
==================== Alternate Data Streams (Whitelisted) ========
==================== Safe Mode (Whitelisted) ==================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PAexec => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PAexec => ""="Service"
==================== Association (Whitelisted) =================
==================== Internet Explorer trusted/restricted ==========
(If an entry is included in the fixlist, it will be removed from the registry.)
IE trusted site: HKU\S-1-5-21-688974935-4124263328-645016171-1001\...\alipay.com -> hxxps://alipay.com
IE trusted site: HKU\S-1-5-21-688974935-4124263328-645016171-1001\...\alipay.com -> hxxp://alipay.com
IE trusted site: HKU\S-1-5-21-688974935-4124263328-645016171-1001\...\alisoft.com -> hxxps://alisoft.com
IE trusted site: HKU\S-1-5-21-688974935-4124263328-645016171-1001\...\alisoft.com -> hxxp://alisoft.com
IE trusted site: HKU\S-1-5-21-688974935-4124263328-645016171-1001\...\dell.com -> dell.com
IE trusted site: HKU\S-1-5-21-688974935-4124263328-645016171-1001\...\taobao.com -> hxxps://taobao.com
IE trusted site: HKU\S-1-5-21-688974935-4124263328-645016171-1001\...\taobao.com -> hxxp://taobao.com
==================== Hosts content: =========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2013-08-22 08:25 - 2019-04-21 18:53 - 000000954 _____ C:\windows\system32\drivers\etc\hosts
127.0.0.1 localhost
127.0.0.1 activate.adobe.com
127.0.0.1 practivate.adobe.com
127.0.0.1 lmlicenses.wip4.adobe.com
127.0.0.1 lm.licenses.adobe.com
127.0.0.1 na1r.services.adobe.com
127.0.0.1 hlrcv.stage.adobe.com
2019-09-07 21:43 - 2019-09-07 21:45 - 000000505 _____ C:\windows\system32\drivers\etc\hosts.ics
192.168.173.102 LGwebOSTV.mshome.net # 2019 9 0 15 2 45 27 275
192.168.173.1 WINDOWS-I6D372C.mshome.net # 2024 9 5 6 2 45 27 275
==================== Other Areas ===========================
(Currently there is no automatic fix for this section.)
HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Calibre2\;C:\Program Files\Intel\Intel® Management Engine Components\DAL;C:\Program Files\Intel\Intel® Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT;C:\Program Files\Intel\WiFi\bin\;C:\Program Files\Common Files\Intel\WirelessCommon\
HKU\S-1-5-21-688974935-4124263328-645016171-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\TingTing\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
DNS Servers: 8.8.8.8 - 8.8.4.4
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Off)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
(If an entry is included in the fixlist, it will be removed.)
HKLM\...\StartupApproved\StartupFolder: => "Samsung Network PC Fax.lnk"
HKLM\...\StartupApproved\Run: => "BTMTrayAgent"
HKLM\...\StartupApproved\Run: => "IAStorIcon"
HKLM\...\StartupApproved\Run: => "AdobeAAMUpdater-1.0"
HKLM\...\StartupApproved\Run: => "iTunesHelper"
HKLM\...\StartupApproved\Run: => "AdobeGCInvoker-1.0"
HKLM\...\StartupApproved\Run: => "MRT"
HKLM\...\StartupApproved\Run32: => "Adobe ARM"
HKLM\...\StartupApproved\Run32: => "Acrobat Assistant 8.0"
HKLM\...\StartupApproved\Run32: => "tvncontrol"
HKLM\...\StartupApproved\Run32: => "ControlCenter4"
HKLM\...\StartupApproved\Run32: => "BrStsMon00"
HKLM\...\StartupApproved\Run32: => "Dropbox"
HKLM\...\StartupApproved\Run32: => "Adobe Creative Cloud"
HKU\S-1-5-21-688974935-4124263328-645016171-1001\...\StartupApproved\Run: => "TouchFreeze"
HKU\S-1-5-21-688974935-4124263328-645016171-1001\...\StartupApproved\Run: => "GoogleDriveSync"
HKU\S-1-5-21-688974935-4124263328-645016171-1001\...\StartupApproved\Run: => "AvastBrowserAutoLaunch_6107A7CB8A14159DCCA158AAEFDFA448"
HKU\S-1-5-21-688974935-4124263328-645016171-1001\...\StartupApproved\Run: => "iCloudServices"
==================== FirewallRules (Whitelisted) ================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [{49D90B04-64A3-41F6-A70F-ED16FF3D6CA4}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDirector10\PDR10.EXE (CyberLink Corp. -> CyberLink Corp.)
FirewallRules: [{B68D3207-EC40-4C54-8C3B-718AE104F278}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Movie\PowerDVD Cinema\PowerDVDCinema12.exe (CyberLink Corp. -> CyberLink Corp.)
FirewallRules: [{BBCB6CD5-3509-42A8-9918-62BEE4209C94}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{1FE8FD99-83E6-4129-8773-5F20E308FAC0}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [TCP Query User{C4367F37-E76B-4941-8FC0-FC5CEED10BE8}C:\users\tingting\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\tingting\appdata\roaming\utorrent\utorrent.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [UDP Query User{6638E8B8-1036-4031-8B6F-650CAB70D1FD}C:\users\tingting\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\tingting\appdata\roaming\utorrent\utorrent.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [{E31E9C85-873F-4D0C-83CE-FA94AA349B3D}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{4089887D-33B8-4A2A-8A3C-C0F228BDBCDE}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{F9BFF5F3-7122-4FF1-9CE1-AD76D141061A}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{104D209A-8D3D-4132-9978-9CA7743B80F2}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{66D9F0F6-5B44-4AE3-9356-9FD6DC569137}] => (Allow) C:\Program Files\KMSpico\KMSELDI.exe No File
FirewallRules: [{918F0954-EF53-41E1-80D8-BC191F503554}] => (Allow) C:\Program Files\KMSpico\KMSELDI.exe No File
FirewallRules: [{B13A5F35-12DA-4A0F-B000-208E6A10DE80}] => (Allow) LPort=1689
FirewallRules: [{0B0F34E3-5368-4608-BD47-EF1D1A093D52}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{0EF7C036-CDF7-44C6-B577-B03AF114B31A}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{18F36E45-D382-49E5-A899-5AA417770778}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{D4ED90D7-9406-4B73-9EFF-EF740F6B22DF}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{EF2716B0-FD60-4384-9B9B-E6819DBFEBE0}] => (Allow) C:\windows\downloader.exe No File
FirewallRules: [TCP Query User{74B7F942-FBE0-4230-93F8-476DD1E2C9AD}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [UDP Query User{553C75ED-F846-4462-B18D-B0782772C64C}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{693B36B2-FF91-457B-AD50-2C1B467BFCAF}] => (Allow) C:\windows\downloader.exe No File
FirewallRules: [{956A7DE6-C628-4A4C-8DDE-0150522EEB5F}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe (Intel Corporation-Wireless Connectivity Solutions -> )
FirewallRules: [{F7E089A2-9916-4A34-816F-C795D515B5A7}] => (Allow) C:\Program Files (x86)\Samsung\Samsung Printer Center\SamsungPrinterCenter.exe (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.)
FirewallRules: [{45681DC8-8907-47A7-910D-D3668F26FB69}] => (Allow) C:\Windows\twain_32\Samsung\SLM288x\ScanCDLM\ScanCDLM.exe No File
FirewallRules: [{C18E7762-B9FC-4ACF-BBE9-E74A4705BED1}] => (Allow) C:\Windows\twain_32\Samsung\SLM288x\ScanCDLM\ScanCDLM.exe No File
FirewallRules: [{AFFB9AF7-2C9A-4AEF-8A9D-2D3288CC7BEC}] => (Allow) C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe No File
FirewallRules: [{BFA314FA-CCB4-4054-89CF-29881ECBBA8C}] => (Allow) C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe No File
FirewallRules: [{FCA6E85D-9087-4D55-B57D-5ED3EBBB0922}] => (Allow) C:\Program Files (x86)\Samsung\Easy Document Creator\EDC.exe No File
FirewallRules: [{A80788E9-EF9B-4BFF-A898-A4E130211A8D}] => (Allow) C:\Program Files (x86)\Samsung\Easy Document Creator\EDC.exe No File
FirewallRules: [{79E13EB7-1031-4971-8AF8-39A787587685}] => (Allow) C:\Windows\twain_32\Samsung\SCX3400\SCNSearch\USDAgent.exe No File
FirewallRules: [{7DE37AAF-2AE6-4B93-A127-D696D2E1FE69}] => (Allow) C:\Windows\twain_32\Samsung\SCX3400\SCNSearch\USDAgent.exe No File
FirewallRules: [{24ADB8DA-9C1E-4F7B-A59F-F643752BC580}] => (Allow) C:\Program Files (x86)\Samsung\Samsung Universal Scan Driver\ICCUpdater.exe No File
FirewallRules: [{3B4E993C-0FF0-457B-BBBF-180F616E26E2}] => (Allow) C:\Program Files (x86)\Samsung\Samsung Universal Scan Driver\ICCUpdater.exe No File
FirewallRules: [{9012D8B5-6223-4E39-972B-4D731725060A}] => (Allow) C:\Program Files (x86)\Samsung\Samsung Universal Scan Driver\ScanCDLM.exe No File
FirewallRules: [{6BBFA05F-8294-43DF-AF55-939C70401380}] => (Allow) C:\Program Files (x86)\Samsung\Samsung Universal Scan Driver\ScanCDLM.exe No File
FirewallRules: [{88DC5A35-4978-44BC-9326-C5B034383470}] => (Allow) LPort=1689
FirewallRules: [{384983BB-5071-4C74-82CD-F4B4CF0EF961}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{D5AF5BC9-97F1-4638-B737-05362A4E05D0}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{907E0216-27DB-407B-AE75-696DE11F8A54}] => (Allow) LPort=54925
FirewallRules: [{6DD70BA7-1083-469B-A766-604500BD643E}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe No File
FirewallRules: [{42DC6C5E-AF62-4097-B6B8-296DE8C07163}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe No File
FirewallRules: [{11311FF4-7DE6-47F6-87B7-011FA26A5711}] => (Allow) C:\Program Files (x86)\AliWangWang\AliIM.exe No File
FirewallRules: [{A3D7C7C9-12F4-46E2-8B40-A70237FF9183}] => (Allow) C:\Program Files (x86)\AliWangWang\AliIM.exe No File
FirewallRules: [{9D8C616E-441C-4251-9B5B-C031BFE6FDC3}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{EA7E19AC-E0BF-48E1-8FEB-BE0B385BDA73}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{EE6EBDD5-24A0-44BE-9A89-4C3CB760BDEE}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{84B667A0-7CD9-47CE-BFB7-8E926F66F69D}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{95326A45-F842-4689-B457-EBCD1C72EEE1}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{23E563BA-9FAD-4923-92A4-CFF19A24EF36}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{1E87FD3B-A442-4A6C-AE0C-B3FFE8D52B53}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{B4891DB9-CE90-47C6-B12D-931B899D8AF2}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [TCP Query User{576A8F9D-FB9E-4EA6-9D41-0DD6F9C42DF1}C:\users\tingting\appdata\roaming\utorrent\utorrent.exe] => (Block) C:\users\tingting\appdata\roaming\utorrent\utorrent.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [UDP Query User{F127DE4B-845A-46D2-930B-7756F43E7BE1}C:\users\tingting\appdata\roaming\utorrent\utorrent.exe] => (Block) C:\users\tingting\appdata\roaming\utorrent\utorrent.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [{53F55195-7D3B-4260-B3F3-1368A343F77F}] => (Allow) C:\Program Files (x86)\The Sims 4 City Living\Game\Bin\TS4.exe (Electronic Arts Inc.) [File not signed]
FirewallRules: [{AD42F5F4-F3A5-46E3-9CFD-F26EDED5AC3F}] => (Allow) C:\Program Files (x86)\The Sims 4 City Living\Game\Bin\TS4.exe (Electronic Arts Inc.) [File not signed]
FirewallRules: [{32C3E2C5-C22F-479E-A797-E2439204088A}] => (Allow) C:\Program Files (x86)\The Sims 4 City Living\Game\Bin\TS4_x64.exe (Electronic Arts Inc.) [File not signed]
FirewallRules: [{9391D705-A70F-4DC0-A416-7AE8A11ED497}] => (Allow) C:\Program Files (x86)\The Sims 4 City Living\Game\Bin\TS4_x64.exe (Electronic Arts Inc.) [File not signed]
FirewallRules: [{588F2F55-2701-4BC1-95C8-00DF7CA4AE50}] => (Allow) C:\Program Files (x86)\Samsung\Samsung Printer Center\SamsungPrinterCenter.exe (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.)
FirewallRules: [{286A4846-157D-4689-B11D-5C2079080FF6}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{FD11D334-EEEE-4EEF-A300-527143F38446}] => (Allow) C:\Program Files\iTunes\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [TCP Query User{D181722F-FBA2-42D9-8D01-632D40ACAB8B}C:\users\tingting\appdata\local\vysor\app-2.1.2\vysor.exe] => (Block) C:\users\tingting\appdata\local\vysor\app-2.1.2\vysor.exe (ClockworkMod) [File not signed]
FirewallRules: [UDP Query User{CB2F021C-B93B-4E86-8D85-D81C99103321}C:\users\tingting\appdata\local\vysor\app-2.1.2\vysor.exe] => (Block) C:\users\tingting\appdata\local\vysor\app-2.1.2\vysor.exe (ClockworkMod) [File not signed]
FirewallRules: [TCP Query User{0795448A-A114-4F79-8FD4-9F206F657D15}C:\program files (x86)\airdroid\airdroid.exe] => (Allow) C:\program files (x86)\airdroid\airdroid.exe No File
FirewallRules: [UDP Query User{151C48F0-CAB9-4E41-B7FE-B0BD50141C44}C:\program files (x86)\airdroid\airdroid.exe] => (Allow) C:\program files (x86)\airdroid\airdroid.exe No File
FirewallRules: [{C967309A-0DF1-4868-83D9-82E2D65B6B07}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe (Dropbox, Inc -> Dropbox, Inc.)
FirewallRules: [{43C467D7-4CE2-429A-BD8F-4D919A9C2A47}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
==================== Restore Points =========================
23-11-2019 19:14:31 Scheduled Checkpoint
30-11-2019 23:04:35 Scheduled Checkpoint
08-12-2019 23:42:27 Scheduled Checkpoint
11-12-2019 21:59:33 Removed WinZip 24.0.
14-12-2019 23:13:37 Removed LG United Mobile Drivers.
==================== Faulty Device Manager Devices ============
==================== Event log errors: ========================
Application errors:
==================
Error: (12/15/2019 02:31:55 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program LiveComm.exe version 17.5.9600.22013 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
Process ID: dfc
Start Time: 01d5b37d97bc4272
Termination Time: 4294967295
Application Path: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.22013_x64__8wekyb3d8bbwe\LiveComm.exe
Report Id: 8cb84ad8-1f71-11ea-8335-6057185e76ac
Faulting package full name: microsoft.windowscommunicationsapps_17.5.9600.22013_x64__8wekyb3d8bbwe
Faulting package-relative application ID: ppleae38af2e007f4358a809ac99a64a67c1
Error: (12/15/2019 02:16:17 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program LiveComm.exe version 17.5.9600.22013 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
Process ID: 1190
Start Time: 01d5b37b6bab5c30
Termination Time: 4294967295
Application Path: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.22013_x64__8wekyb3d8bbwe\LiveComm.exe
Report Id: 5c7283e4-1f6f-11ea-8335-6057185e76ac
Faulting package full name: microsoft.windowscommunicationsapps_17.5.9600.22013_x64__8wekyb3d8bbwe
Faulting package-relative application ID: ppleae38af2e007f4358a809ac99a64a67c1
Error: (12/15/2019 02:02:07 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program LiveComm.exe version 17.5.9600.22013 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
Process ID: 1444
Start Time: 01d5b379637a1abc
Termination Time: 4294967295
Application Path: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.22013_x64__8wekyb3d8bbwe\LiveComm.exe
Report Id: 58592bb1-1f6d-11ea-8335-6057185e76ac
Faulting package full name: microsoft.windowscommunicationsapps_17.5.9600.22013_x64__8wekyb3d8bbwe
Faulting package-relative application ID: ppleae38af2e007f4358a809ac99a64a67c1
Error: (12/15/2019 12:47:18 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Explorer.EXE, version: 6.3.9600.18460, time stamp: 0x57c1b8c1
Faulting module name: ContextualComm.dll, version: 1.0.16.145, time stamp: 0x5df134b5
Exception code: 0xc0000005
Fault offset: 0x00000000000052f3
Faulting process id: 0x884
Faulting application start time: 0x01d5b3105399ca6c
Faulting application path: C:\windows\Explorer.EXE
Faulting module path: C:\Program Files\Bitdefender Antivirus Free\ContextualComm.dll
Report Id: ef841489-1f62-11ea-8334-6057185e76ac
Faulting package full name:
Faulting package-relative application ID:
Error: (12/15/2019 04:46:01 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 2609
Error: (12/15/2019 04:46:01 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 2609
Error: (12/15/2019 04:46:01 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (12/15/2019 04:45:59 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1281
System errors:
=============
Error: (12/15/2019 12:57:59 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The wwbizsrv service failed to start due to the following error:
The system cannot find the file specified.
Error: (12/15/2019 12:57:57 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The TBSecSvc service failed to start due to the following error:
The system cannot find the file specified.
Error: (12/15/2019 12:57:57 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Service KMSELDI service failed to start due to the following error:
The system cannot find the file specified.
Error: (12/15/2019 12:57:54 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Origin Web Helper Service service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.
Error: (12/15/2019 12:57:54 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Origin Web Helper Service service to connect.
Error: (12/15/2019 12:56:44 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 6:07:09 AM on 12/15/2019 was unexpected.
Error: (12/15/2019 01:25:18 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The wwbizsrv service failed to start due to the following error:
The system cannot find the file specified.
Error: (12/15/2019 01:25:18 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The TBSecSvc service failed to start due to the following error:
The system cannot find the file specified.
Windows Defender:
===================================
Date: 2015-04-22 13:28:05.791
Description:
Windows Defender Real-Time Protection feature has encountered an error and failed.
Feature: Network Inspection System
Error Code: 0x80004005
Error description: Unspecified error
Reason: Antimalware protection has stopped functioning for an unknown reason. In some instances, restarting the service may resolve the problem.
Date: 2015-04-22 13:23:20.424
Description:
Windows Defender Real-Time Protection feature has encountered an error and failed.
Feature: Network Inspection System
Error Code: 0x80070002
Error description: The system cannot find the file specified.
Reason: The system is missing updates that are required for running Network Inspection System. Install the required updates and restart the computer.
CodeIntegrity:
===================================
Date: 2018-10-02 19:44:44.333
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\wow64.dll because the set of per-page image hashes could not be found on the system.
Date: 2018-10-02 19:44:43.849
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\wow64.dll because the set of per-page image hashes could not be found on the system.
Date: 2018-10-02 19:44:43.404
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\wow64.dll because the set of per-page image hashes could not be found on the system.
Date: 2018-10-02 19:44:42.924
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\wow64.dll because the set of per-page image hashes could not be found on the system.
Date: 2018-10-02 19:44:42.337
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\wow64.dll because the set of per-page image hashes could not be found on the system.
Date: 2018-10-02 19:44:41.836
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\wow64.dll because the set of per-page image hashes could not be found on the system.
Date: 2018-10-02 19:44:41.488
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\wow64.dll because the set of per-page image hashes could not be found on the system.
Date: 2018-10-02 19:44:41.105
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\wow64.dll because the set of per-page image hashes could not be found on the system.
==================== Memory info ===========================
BIOS: Dell Inc. A07 01/23/2015
Motherboard: Dell Inc. 0598GM
Processor: Intel® Core i5-4210U CPU @ 1.70GHz
Percentage of memory in use: 50%
Total physical RAM: 12168.96 MB
Available physical RAM: 6052.91 MB
Total Virtual: 19592.96 MB
Available Virtual: 13194.75 MB
==================== Drives ================================
Drive c: (OS) (Fixed) (Total:921.48 GB) (Free:578.55 GB) NTFS
Drive d: (The Sims 4 City Living) (CDROM) (Total:18.56 GB) (Free:0 GB) UDF
\\?\Volume{f8349059-91f3-41a1-a3a9-aa990f6a5539}\ (WINRETOOLS) (Fixed) (Total:1 GB) (Free:0.67 GB) NTFS
\\?\Volume{75a2b2bc-6d13-4e6b-81ec-52364e5e5b9e}\ (PBR Image) (Fixed) (Total:8.42 GB) (Free:0.74 GB) NTFS
==================== MBR & Partition Table ====================
==========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 05FA846C)
Partition: GPT.
==================== End of Addition.txt =======================