Jump to content

weilunt0219

Members
  • Posts

    14
  • Joined

  • Last visited

Everything posted by weilunt0219

  1. Hi Mr Charlie, Thank you for all your help, but within these last two days, my cousin had come to America and is looking to stay. He was also looking for a computer to game on and I sold him my laptop. Thank you so much for sticking with me though.
  2. Lol, I have tried installing that as well. It also insists another application is using it and refuses to make changes.
  3. I have tried in safe-mode as well... Honestly, thanks to that video, I think my antivirus might be the cause of it. I'll keep you in touch about what I find there. Unfortunately, there is no "file exclusion" option with "WebRoot" so I'll snoop around for something else.
  4. HOSTS permissions reset did not work... and the video assumed that I used Windows Defender, which I do not. When I clicked into Windows Defender, it said it was disabled because I had another antivirus monitoring my computer. In light of this, I humored myself and tried disabling my antivirus "WebRoot" to see if it worked, but the host file still will not edit or be replaced because it says some other process is using it.
  5. Thank you, but I've tried that as well, only it won't replace either.
  6. I have run a scan with malwarebytes, and just now I have downloaded and run the fixlist you gave me. Here's the new fixlog Fixlog.txt
  7. Thank you MrCharlie, I have finished doing as I was told, and everything that was required in the post are also attached. Fixlog.txt FRST.txt Addition.txt AdwCleanerS0.txt JRT.txt
  8. Hi there, Recently, I had just received help in solving some malware issues that went undetected by my antivirus, malwarebytes, hitman pro, and adware cleaner. I was very satisfied with the help I have received. Now, I decided since I got such excellent help, I would also ask if someone would check out my laptop as well. It has been doing this for some time now, but I usually just ignore it. I cannot edit my HOSTS file because whenever I try to save it, it says that another program is using it. The internet suggests that I might have spyware or malware locking it. Also, my trackpad makes the windows error sound every time I try to make a two finger scroll. Could this truly be something to do with malware? I thank everyone for taking their time to help me. Garfield Addition.txt FRST.txt
  9. Thank you so much TwinHeadedEagle I will certainly take measures to be safer in the future!
  10. So far, the usually aggressive ads have disappeared from my webpages! Which is definitely a good sign, and I thank you TwinHeadedEagle! The reason I remain skeptical is only because when I tried to solve the issue myself, the ads always disappeared for a day or two before coming back. As of currently though, I do not have any ads and I appreciate your help!
  11. Also (sorry... I don't see an edit button for my posts) I forgot to mention that I have also just reinstalled Google Chrome.
  12. Alright, TwinHeadedEagle, here's the fixlog Fixlog.txt
  13. Thank you for your quick reply TwinHeaded Eagle, I've attached the new files. Addition.txt FRST.txt
  14. Hello Malwarebytes, I would like to start off by saying I love your work. I'm new to the forums so I haven't had a chance to express that. Unfortunately, this is not my first run-in with adware problems, but I have always used your helpful guides to quickly and efficiently remove the spam! Today does not seem to be the case though. I had downloaded a few of my files off a filesharing site... regrettably, I had forgotten to uncheck the box labeled, "Download with our download manager" or something to that extent. Before I knew it, the thing was installing (as I had it set to autorun downloads) and I couldn't stop the installation from installing a bunch of crap to my computer on time. The first appearance of the adware was called, "Red Adblocker" and despite its name, has been putting ads on web pages that originally do not have ads. I uninstalled all the applications I thought to be part of the problem, reset google chrome, then ran Hitmanpro, Adware Cleaner, and malwarebytes, but to no avail. "Red Adblocker" still persisted to create ads and I had given up and ignored it at this point. Now, "Red Adblocker" seems to have been replaced with a more aggressive adware called, "AdFreeApp." I need help to remove this, there doesn't seem to be an extension in Chrome, but the ads keep popping up, there are no apps installed anymore that I do not trust, Hitmanpro, Adware Cleaner, and Malwarebytes no longer detect anything, and the problem is still there. I cannot factory reset this computer either... Can I get some help? FRST.txtScan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 11-07-2015Ran by Admin (administrator) on ADMIN-PC on 11-07-2015 13:18:40Running from C:\Users\Admin\DownloadsLoaded Profiles: Admin (Available Profiles: Admin)Platform: Microsoft Windows 7 Professional Service Pack 1 (X86) OS Language: English (United States)Internet Explorer Version 11 (Default browser: Chrome)Boot Mode: NormalTutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/==================== Processes (Whitelisted) =================(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)(Webroot) C:\Program Files\Webroot\WRSA.exe(Intel Corporation) C:\Windows\System32\igfxCUIService.exe(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService.exe(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe(Webroot) C:\Program Files\Webroot\WRSA.exe(Microsoft Corporation) C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe(Microsoft Corporation) C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\DTS\Binn\MsDtsSrvr.exe(Intel Corporation) C:\Program Files\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI.exe(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\msftesql.exe(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL.2\OLAP\bin\msmdsrv.exe(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe(Intel Corporation) C:\Windows\System32\igfxEM.exe(Intel Corporation) C:\Windows\System32\igfxHK.exe() C:\Windows\System32\igfxTray.exe(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe(LD_POS) C:\Program Files\LD_POS\LDPos\LD_Dinner.exe(Intel Corporation) C:\Program Files\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe(Intel Corporation) C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe(Intel Corporation) C:\Program Files\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe(Microsoft Corporation) C:\Windows\System32\dllhost.exe==================== Registry (Whitelisted) ==================(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)HKLM\...\Run: [IMSS] => C:\Program Files\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe [134616 2013-12-10] (Intel Corporation)HKLM\...\Run: [USB3MON] => C:\Program Files\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292848 2014-02-20] (Intel Corporation)HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI.exe [6336216 2013-11-04] (Realtek Semiconductor)HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe [1003224 2013-11-05] (Realtek Semiconductor)HKLM\...\Run: [WRSVC] => C:\Program Files\Webroot\WRSA.exe [823720 2015-07-01] (Webroot)HKLM\...\Run: [RtHDVBg_PushButton] => C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe [1003224 2013-11-05] (Realtek Semiconductor)Winlogon\Notify\igfxcui: igfxdev.dll [X]HKLM\...\Policies\Explorer: [NoFolderOptions] 0HKLM\...\Policies\Explorer: [NoViewOnDrive] 0HKLM\...\Policies\Explorer: [NoControlPanel] 0HKLM\...\Policies\Explorer: [DisableLocalMachineRun] 0HKLM\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0HKLM\...\Policies\Explorer: [DisableCurrentUserRun] 0HKLM\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0HKLM\...\Policies\Explorer: [NoViewContextMenu] 0HKLM\...\Policies\Explorer: [NoShellSearchButton] 0HKLM\...\Policies\Explorer: [NoFind] 0HKLM\...\Policies\Explorer: [NoFile] 0HKLM\...\Policies\Explorer: [HideClock] 0HKLM\...\Policies\Explorer: [NoTrayContextMenu] 0HKLM\...\Policies\Explorer: [NoTrayItemsDisplay] 0HKLM\...\Policies\Explorer: [NoSetFolders] 0HKLM\...\Policies\Explorer: [NoDevMgrUpdate] 0HKLM\...\Policies\Explorer: [NoSetTaskbar] 0HKLM\...\Policies\Explorer: [NoDeletePrinter] 0HKLM\...\Policies\Explorer: [NoDFSTab] 0HKLM\...\Policies\Explorer: [NoChangeStartMenu] 0HKLM\...\Policies\Explorer: [NoLogoff] 0HKLM\...\Policies\Explorer: [NoWindowsUpdate] 0HKLM\...\Policies\Explorer: [NoEncryptOnMove] 0HKLM\...\Policies\Explorer: [NoRunasInstallPrompt] 0HKLM\...\Policies\Explorer: [NoResolveSearch] 0HKLM\...\Policies\Explorer: [NoSaveSettings] 0HKLM\...\Policies\Explorer: [NoHardwareTab] 0HKLM\...\Policies\Explorer: [NoStartMenuSubFolders] 0HKLM\...\Policies\Explorer: [NoDesktop] 0HKU\S-1-5-21-1026416997-2916169332-1528636737-1000\...\Run: [ctfmon] => C:\Windows\system32\ctfmon.exe [8704 2009-07-13] (Microsoft Corporation)HKU\S-1-5-21-1026416997-2916169332-1528636737-1000\...\MountPoints2: {164d9f13-4cb3-11e4-87dd-3c77e66f3474} - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL F:\splash.htaHKU\S-1-5-21-1026416997-2916169332-1528636737-1000\...\MountPoints2: {618e27e8-2892-11e4-8d85-3c77e66f3474} - F:\dvdrun.exeHKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [280576 2015-04-13] (Microsoft Corporation)CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION==================== Internet (Whitelisted) ====================(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)HKU\S-1-5-21-1026416997-2916169332-1528636737-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=MSSEHKU\S-1-5-21-1026416997-2916169332-1528636737-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.earthlink.netSearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-1026416997-2916169332-1528636737-1000 -> {65A95FBF-F5AC-44fa-8112-5C493C4DE412} URL = http://eimg.net/sw/toolbar/4/2/rd601.html?area=earthlink-ws-altsearchbox&q={searchTerms}BHO: Accelerator Plugin -> {656EC4B7-072B-4698-B504-2A414C1F0037} -> C:\Program Files\EarthLink Accelerated\prpl_IePopupBlocker.dll [2009-06-25] (Propel Software Corporation)BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-05-01] (Microsoft Corporation)BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-01-16] (Microsoft Corporation)BHO: Webroot Filtering Extension -> {C9C42510-9B41-42c1-9DCD-7282A2D07C61} -> C:\Program Files\Webroot\WRData\PKG\Vistax86\wrflt.dll [2015-06-15] (Webroot)BHO: QQMiniDL Helper Class -> {C9C7334B-5657-41e1-8F79-F6AACECA05F4} -> C:\Program Files\Common Files\Tencent\QQMiniDL\60\Browser\QQIEHelper01.dll No FileDPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cabHandler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL [2008-07-24] (Microsoft Corporation)Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-05-01] (Microsoft Corporation)Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 205.171.2.25Tcpip\..\Interfaces\{43331579-241D-4F89-9816-5785D253341E}: [DhcpNameServer] 192.168.0.1 205.171.2.25FireFox:========FF ProfilePath: C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zlty4eu4.defaultFF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw_1218158.dll [2015-04-27] (Adobe Systems, Inc.)FF Plugin: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-12-10] (Intel Corporation)FF Plugin: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-12-10] (Intel Corporation)FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL [2010-01-09] (Microsoft Corporation)FF Plugin: @qq.com/npOpenPlatform -> C:\Program Files\Common Files\Tencent\OpenPlatform\3.0.0.3201\npQPMWebGamePlugin.dll No FileFF Plugin: @qq.com/QQPhotoDrawEx -> C:\Program Files\Tencent\Qzone\npQQPhotoDrawEx.dll No FileFF Plugin: @qq.com/QzoneMusic -> C:\Program Files\Tencent\QQMusic\QzoneMusic\npQzoneMusic.dll No FileFF Plugin: @tencent.com/npQQMailWebKit,version=1.0.0.1 -> C:\Program Files\QQMailPlugin\npQQMailWebKit.dll [2013-04-25] (Tencent)FF Plugin: @tencent.com/nptxftnWebKit,version=1.0.0.1 -> C:\Program Files\QQMailPlugin\nptxftnWebKit.dll [2013-04-08] (Tencent Technology (Shenzhen) Company Limited)FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-16] (Google Inc.)FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-16] (Google Inc.)FF Plugin HKU\S-1-5-21-1026416997-2916169332-1528636737-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Admin\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2015-01-26] (Unity Technologies ApS)FF HKLM\...\Firefox\Extensions: [webrootsecure@webroot.com] - C:\ProgramData\WRData\PKG\FIREFOX\WebrootSecure_SocketServerFF Extension: Webroot Filtering Extension - C:\ProgramData\WRData\PKG\FIREFOX\WebrootSecure_SocketServer [2015-06-15]Chrome: =======CHR dev: Chrome dev build detected! <======= ATTENTIONCHR Profile: C:\Users\Admin\AppData\Local\Google\Chrome\User Data\DefaultCHR Extension: (Google Slides) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-07-11]CHR Extension: (Google Docs) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-07-11]CHR Extension: (Google Drive) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-07-11]CHR Extension: (YouTube) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-07-11]CHR Extension: (Google Search) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-07-11]CHR Extension: (Google Sheets) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-07-11]CHR Extension: (Webroot Filtering Extension) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjeghcllfecehndceplomkocgfbklffd [2015-07-11]CHR Extension: (Skype Click to Call) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2015-07-11]CHR Extension: (Gmail) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-07-11]CHR HKLM\...\Chrome\Extension: [kjeghcllfecehndceplomkocgfbklffd] - C:\ProgramData\WRData\PKG\CHROME\CHROME_1.1.0.59.crx [2015-06-15]CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2015-05-01]========================== Services (Whitelisted) =================(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)R2 c2cautoupdatesvc; C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1394816 2015-05-01] (Microsoft Corporation)R2 c2cpnrsvc; C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1772672 2015-05-01] (Microsoft Corporation)S3 cphs; C:\Windows\system32\IntelCpHeciSvc.exe [280840 2015-03-19] (Intel Corporation)R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [293128 2015-03-19] (Intel Corporation)R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [595968 2013-08-27] (Intel(R) Corporation) [File not signed]S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [642520 2013-08-27] (Intel(R) Corporation)R2 jhi_service; C:\Program Files\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-12-10] (Intel Corporation)R2 MsDtsServer; C:\Program Files\Microsoft SQL Server\90\DTS\Binn\MsDtsSrvr.exe [202592 2011-03-25] (Microsoft Corporation)R2 msftesql; C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\msftesql.exe [91992 2010-03-26] (Microsoft Corporation)R2 MSSQLSERVER; C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [29294432 2011-03-25] (Microsoft Corporation)S4 MSSQLServerADHelper; C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [44384 2010-12-10] (Microsoft Corporation)R2 MSSQLServerOLAPService; C:\Program Files\Microsoft SQL Server\MSSQL.2\OLAP\bin\msmdsrv.exe [14955360 2011-03-25] (Microsoft Corporation)S4 msvsmon80; C:\Program Files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe [2808664 2007-02-14] (Microsoft Corporation)R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService.exe [250072 2013-10-16] (Realtek Semiconductor)S3 SQLSERVERAGENT; C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\SQLAGENT90.EXE [346976 2010-12-10] (Microsoft Corporation)R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-26] (Microsoft Corporation)R2 WRSVC; C:\Program Files\Webroot\WRSA.exe [823720 2015-07-01] (Webroot)S2 gupdate; "C:\Program Files\Google\Update\GoogleUpdate.exe" /svc [X]S3 gupdatem; "C:\Program Files\Google\Update\GoogleUpdate.exe" /medsvc [X]==================== Drivers (Whitelisted) ====================(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)R3 athr; C:\Windows\System32\DRIVERS\athr.sys [3234304 2013-08-25] (Qualcomm Atheros Communications, Inc.)R1 ISODrive; C:\Program Files\UltraISO\drivers\ISODrive.sys [82168 2013-11-21] (EZB Systems, Inc.)R0 iusb3hcs; C:\Windows\System32\DRIVERS\iusb3hcs.sys [16880 2014-02-20] (Intel Corporation)R3 iusb3hub; C:\Windows\System32\DRIVERS\iusb3hub.sys [364528 2014-02-20] (Intel Corporation)R3 iusb3xhc; C:\Windows\System32\DRIVERS\iusb3xhc.sys [800240 2014-02-20] (Intel Corporation)R3 MEI; C:\Windows\System32\DRIVERS\TeeDriver.sys [86488 2013-12-10] (Intel Corporation)R3 mf; C:\Windows\System32\DRIVERS\mf.sys [114176 2009-07-13] (Microsoft Corporation)R1 PCIESER; C:\Windows\System32\drivers\PCIESER.sys [67584 2013-07-22] (www.winchiphead.com)S4 RsFx0105; C:\Windows\System32\DRIVERS\RsFx0105.sys [238696 2011-09-22] (Microsoft Corporation)S3 VSPerfDrv100; C:\Program Files\Microsoft Visual Studio 10.0\Team Tools\Performance Tools\VSPerfDrv100.sys [54144 2011-01-18] (Microsoft Corporation)R0 WRkrn; C:\Windows\System32\drivers\WRkrn.sys [119288 2015-07-01] (Webroot)S3 wrUrlFlt; C:\Windows\system32\DRIVERS\wrUrlFlt.sys [37432 2015-06-15] (Webroot)S3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X]U0 SR; No ImagePathU2 srservice; No ImagePath==================== NetSvcs (Whitelisted) ===================(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)==================== One Month Created files and folders ========(If an entry is included in the fixlist, the file/folder will be moved.)2015-07-11 13:18 - 2015-07-11 13:19 - 00017587 _____ C:\Users\Admin\Downloads\FRST.txt2015-07-11 13:18 - 2015-07-11 13:18 - 01634816 _____ (Farbar) C:\Users\Admin\Downloads\FRST.exe2015-07-11 13:18 - 2015-07-11 13:18 - 00000000 ____D C:\FRST2015-07-11 11:52 - 2015-07-11 11:52 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Tencent2015-07-11 11:46 - 2015-07-11 11:47 - 02248704 _____ C:\Users\Admin\Downloads\adwcleaner_4.208.exe2015-06-29 20:00 - 2015-06-29 20:00 - 00001231 _____ C:\Users\Admin\Desktop\Should I Remove It.lnk2015-06-29 20:00 - 2015-06-29 20:00 - 00000000 __SHD C:\Windows\system32\AI_RecycleBin2015-06-29 20:00 - 2015-06-29 20:00 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Should I Remove It2015-06-29 20:00 - 2015-06-29 20:00 - 00000000 ____D C:\Program Files\Reason2015-06-29 11:55 - 2015-06-29 11:55 - 02178872 _____ (Reason Software Company Inc.) C:\Users\Admin\Downloads\ShouldIRemoveIt_Setup.exe2015-06-29 11:40 - 2015-06-29 11:40 - 00000000 ____D C:\Windows\pss2015-06-26 15:58 - 2015-06-26 15:59 - 00105970 _____ C:\Users\Admin\Downloads\Asian Cuisine Best Two.pptx2015-06-18 21:02 - 2011-09-22 17:18 - 00089960 _____ (Microsoft Corporation) C:\Windows\system32\SQSRVRES.DLL2015-06-18 21:02 - 2011-09-22 17:18 - 00073064 _____ (Microsoft Corporation) C:\Windows\system32\perf-MSSQL$SQLEXPRESS-sqlctr10.3.5500.0.dll2015-06-18 20:55 - 2015-05-09 12:09 - 00715200 _____ (Microsoft Corporation) C:\Windows\system32\mcupdate_GenuineIntel.dll2015-06-18 20:55 - 2015-04-27 13:05 - 00179200 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll2015-06-18 20:55 - 2015-04-27 13:04 - 01174528 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll2015-06-18 20:55 - 2015-04-27 13:04 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll2015-06-18 20:55 - 2015-04-27 13:04 - 00103936 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll2015-06-18 20:54 - 2015-05-08 21:14 - 02937344 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll2015-06-18 20:54 - 2015-05-08 21:14 - 02045952 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll2015-06-18 20:54 - 2015-05-08 21:14 - 00566784 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll2015-06-18 20:54 - 2015-05-08 21:14 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll2015-06-18 20:54 - 2015-05-08 21:14 - 00092672 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll2015-06-18 20:54 - 2015-05-08 21:14 - 00035840 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll2015-06-18 20:54 - 2015-05-08 21:14 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll2015-06-18 20:54 - 2015-05-08 21:13 - 00131584 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe2015-06-18 20:54 - 2015-05-08 21:13 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll2015-06-18 20:54 - 2015-05-08 21:13 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe2015-06-18 20:54 - 2015-05-08 21:13 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll2015-06-18 20:46 - 2015-06-19 10:25 - 00000401 _____ C:\Windows\system32\{F33C3B9B-72AF-418A-B3FD-560646F7CDA2}.bat2015-06-15 18:45 - 2015-07-01 11:07 - 00167632 _____ (Webroot) C:\Windows\system32\WRusr.dll2015-06-15 18:45 - 2015-07-01 11:07 - 00119288 _____ (Webroot) C:\Windows\system32\Drivers\WRkrn.sys2015-06-15 18:45 - 2015-06-28 09:41 - 00000000 ____D C:\Program Files\Webroot2015-06-15 18:45 - 2015-06-15 18:45 - 00037432 ____T (Webroot) C:\Windows\system32\Drivers\wrUrlFlt.sys2015-06-15 18:45 - 2015-06-15 18:45 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Webroot SecureAnywhere2015-06-13 15:02 - 2015-06-13 15:02 - 00002350 _____ C:\Windows\system32\.crusader2015-06-13 14:53 - 2015-06-13 15:04 - 00000000 ____D C:\ProgramData\HitmanPro2015-06-13 14:52 - 2015-06-18 20:47 - 10113976 _____ (SurfRight B.V.) C:\Users\Admin\Downloads\HitmanPro.exe2015-06-13 14:35 - 2015-06-13 14:35 - 00000000 ____D C:\ProgramData\Malwarebytes2015-06-13 14:24 - 2015-07-11 11:53 - 00000000 ____D C:\AdwCleaner2015-06-13 14:18 - 2015-06-13 14:18 - 00721454 _____ C:\Users\Admin\Downloads\ttp08.rar2015-06-13 14:05 - 2015-07-10 21:36 - 00000000 ____D C:\ProgramData\WRData2015-06-13 13:59 - 2015-06-13 13:59 - 00000000 ____D C:\Windows\system32\appmgmt2015-06-11 20:40 - 2015-07-10 12:45 - 00000024 _____ C:\Users\Admin\AppData\Roaming\appdataFr25.bin==================== One Month Modified files and folders ========(If an entry is included in the fixlist, the file/folder will be moved.)2015-07-11 14:53 - 2009-07-13 20:37 - 00000000 ____D C:\Windows\system32\LogFiles2015-07-11 13:15 - 2014-09-12 17:15 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job2015-07-11 13:04 - 2009-07-13 22:34 - 00014032 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A02015-07-11 13:04 - 2009-07-13 22:34 - 00014032 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A02015-07-11 13:00 - 2014-08-18 06:25 - 01026066 _____ C:\Windows\system32\PerfStringBackup.INI2015-07-11 12:59 - 2014-08-18 06:17 - 01910396 _____ C:\Windows\WindowsUpdate.log2015-07-11 12:56 - 2009-07-13 22:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT2015-07-11 12:56 - 2009-07-13 22:39 - 00044647 _____ C:\Windows\setupact.log2015-07-11 10:39 - 2015-06-07 12:53 - 00000340 _____ C:\Windows\Tasks\Bidaily Synchronize Task[973b].job2015-06-23 13:27 - 2014-08-28 20:54 - 00246952 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe2015-06-19 14:04 - 2009-07-13 20:37 - 00000000 ____D C:\Windows\Microsoft.NET2015-06-19 14:00 - 2014-08-20 11:52 - 00000000 ____D C:\Program Files\Microsoft SQL Server2015-06-19 11:04 - 2009-07-13 20:37 - 00000000 ____D C:\Windows\rescache2015-06-18 21:04 - 2014-08-20 11:31 - 00000000 ____D C:\Program Files\Intel2015-06-18 21:02 - 2015-06-07 14:23 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft SQL Server 20082015-06-18 20:44 - 2014-08-20 11:36 - 00000000 ____D C:\Program Files\Common Files\Intel2015-06-15 22:03 - 2014-08-20 13:02 - 00099722 _____ C:\Windows\PFRO.log2015-06-15 18:52 - 2015-04-25 13:28 - 00001945 _____ C:\Windows\epplauncher.mif2015-06-12 14:09 - 2015-04-25 14:27 - 00000000 ____D C:\Windows\system32\MRT2015-06-12 14:00 - 2015-04-25 14:27 - 136900096 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe==================== Files in the root of some directories =======2015-06-11 20:40 - 2015-07-10 12:45 - 0000024 _____ () C:\Users\Admin\AppData\Roaming\appdataFr25.bin2014-08-20 03:59 - 2014-08-20 03:59 - 0000017 _____ () C:\Users\Admin\AppData\Local\resmon.resmoncfg2015-06-07 13:06 - 2015-06-07 13:06 - 0000000 _____ () C:\Users\Admin\AppData\Local\Temp.datSome files in TEMP:====================C:\Users\Admin\AppData\Local\Temp\Quarantine.exeC:\Users\Admin\AppData\Local\Temp\sqlite3.dll==================== Bamital & volsnap Check =================(There is no automatic fix for files that do not pass verification.)C:\Windows\explorer.exe => File is digitally signedC:\Windows\system32\winlogon.exe => File is digitally signedC:\Windows\system32\wininit.exe => File is digitally signedC:\Windows\system32\svchost.exe => File is digitally signedC:\Windows\system32\services.exe => File is digitally signedC:\Windows\system32\User32.dll => File is digitally signedC:\Windows\system32\userinit.exe => File is digitally signedC:\Windows\system32\rpcss.dll => File is digitally signedC:\Windows\system32\Drivers\volsnap.sys => File is digitally signedLastRegBack: 2015-07-06 10:37==================== End of log ============================Addition.txtAdditional scan result of Farbar Recovery Scan Tool (x86) Version: 11-07-2015Ran by Admin at 2015-07-11 13:19:09Running from C:\Users\Admin\DownloadsBoot Mode: Normal============================================================================== Accounts: =============================Admin (S-1-5-21-1026416997-2916169332-1528636737-1000 - Administrator - Enabled) => C:\Users\AdminAdministrator (S-1-5-21-1026416997-2916169332-1528636737-500 - Administrator - Disabled)Guest (S-1-5-21-1026416997-2916169332-1528636737-501 - Limited - Disabled)HomeGroupUser$ (S-1-5-21-1026416997-2916169332-1528636737-1010 - Limited - Enabled)==================== Security Center ========================(If an entry is included in the fixlist, it will be removed.)AV: Webroot SecureAnywhere (Enabled - Up to date) {66A6FE14-08CB-F415-3742-517201416109}AS: Webroot SecureAnywhere (Enabled - Up to date) {DDC71FF0-2EF1-FB9B-0DF2-6A007AC62BB4}AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}==================== Installed Programs ======================(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)Adobe Flash Player 17 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 17.0.0.188 - Adobe Systems Incorporated)Adobe Shockwave Player 12.1 (HKLM\...\Adobe Shockwave Player) (Version: 12.1.8.158 - Adobe Systems, Inc.)Crystal Reports for Visual Studio (Version: 12.51.0.240 - SAP) HiddenDotfuscator Software Services - Community Edition (HKLM\...\{1AA5BD63-6614-44B2-88A7-605191EDB835}) (Version: 5.0.2500.0 - PreEmptive Solutions)EarthLink Access Software (HKLM\...\EarthLink Online) (Version: - EarthLink, Inc)GDR 5057 for SQL Server Analysis Services 2005 ENU (KB2494120) (HKLM\...\KB2494120_OLAP9) (Version: 9.4.5057 - Microsoft Corporation)GDR 5057 for SQL Server Database Services 2005 ENU (KB2494120) (HKLM\...\KB2494120_SQL9) (Version: 9.4.5057 - Microsoft Corporation)GDR 5057 for SQL Server Integration Services 2005 ENU (KB2494120) (HKLM\...\KB2494120_DTS9) (Version: 9.4.5057 - Microsoft Corporation)GDR 5057 for SQL Server Notification Services 2005 ENU (KB2494120) (HKLM\...\KB2494120_NS9) (Version: 9.4.5057 - Microsoft Corporation)GDR 5057 for SQL Server Tools and Workstation Components 2005 ENU (KB2494120) (HKLM\...\KB2494120_SQLTools9) (Version: 9.4.5057 - Microsoft Corporation)GDR 5520 for SQL Server 2008 (KB2977321) (HKLM\...\KB2977321) (Version: 10.3.5520.0 - Microsoft Corporation)Google Chrome (HKLM\...\Google Chrome) (Version: 43.0.2357.81 - Google Inc.)Google Update Helper (Version: 1.3.25.11 - Google Inc.) HiddenGoogle Update Helper (Version: 1.3.27.5 - Google Inc.) HiddenIntel(R) Management Engine Components (HKLM\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.23.1766 - Intel Corporation)Intel(R) Processor Graphics (HKLM\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.14.4170 - Intel Corporation)Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 3.0.0.16 - Intel Corporation)LDPos (HKLM\...\{039C84DC-7EE5-487C-AB8F-AA4525146C55}) (Version: 1.0.0 - LD_POS)Microsoft .NET Framework 4 Multi-Targeting Pack (HKLM\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}) (Version: 4.0.30319 - Microsoft Corporation)Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)Microsoft ASP.NET MVC 2 - Visual Studio 2010 Tools (HKLM\...\{40416836-56CC-4C0E-A6AF-5C34BADCE483}) (Version: 2.0.50217.0 - Microsoft Corporation)Microsoft ASP.NET MVC 2 (HKLM\...\{DD8FF2F3-0D97-4CF3-AF78-FA0E1B242244}) (Version: 2.0.60926.0 - Microsoft Corporation)Microsoft Help Viewer 1.1 (HKLM\...\Microsoft Help Viewer 1.1) (Version: 1.1.40219 - Microsoft Corporation)Microsoft MapPoint North America 2009 (HKLM\...\{C82185E8-C27B-4EF4-2009-1111BC2C2B6D}) (Version: 16.0.19.1500 - Microsoft Corporation)Microsoft Office 2003 Web Components (HKLM\...\{90A40804-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)Microsoft Office Access database engine 2007 (English) (HKLM\...\{90120000-00D1-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUS) (Version: 14.0.4734.1000 - Microsoft Corporation)Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation)Microsoft Silverlight 3 SDK (HKLM\...\{2012098D-EEE9-4769-8DD3-B038050854D4}) (Version: 3.0.40818.0 - Microsoft Corporation)Microsoft Silverlight 4 SDK (HKLM\...\{05855322-BE43-41FE-B583-D3AE0C326D58}) (Version: 4.0.50826.0 - Microsoft Corporation)Microsoft SQL Server 2005 (HKLM\...\Microsoft SQL Server 2005) (Version: - Microsoft Corporation)Microsoft SQL Server 2005 向后兼容 (HKLM\...\{91608993-2560-48D3-8F1C-9AC1A0586380}) (Version: 8.05.2312 - Microsoft Corporation)Microsoft SQL Server 2005 联机丛书(简体中文)(2007 年 9 月) (HKLM\...\{BB1B836A-2A30-498E-A5A6-B6513F88DC05}) (Version: 9.00.3108 - Microsoft Corporation)Microsoft SQL Server 2008 (HKLM\...\Microsoft SQL Server 10 Release) (Version: - Microsoft Corporation)Microsoft SQL Server 2008 Browser (HKLM\...\{C688457E-03FD-4941-923B-A27F4D42A7DD}) (Version: 10.3.5500.0 - Microsoft Corporation)Microsoft SQL Server 2008 Native Client (HKLM\...\{83298573-A6B6-42AB-A234-FE91CA2859C0}) (Version: 10.3.5500.0 - Microsoft Corporation)Microsoft SQL Server 2008 R2 Data-Tier Application Framework (HKLM\...\{BC537AE0-88AF-47ED-B762-33B0D62B5188}) (Version: 10.50.1750.9 - Microsoft Corporation)Microsoft SQL Server 2008 R2 Data-Tier Application Project (HKLM\...\{7A56D81D-6406-40E7-9184-8AC1769C4D69}) (Version: 10.50.1750.9 - Microsoft Corporation)Microsoft SQL Server 2008 R2 Management Objects (HKLM\...\{77F1F8AD-51B8-4490-AEEC-BF480073E0FC}) (Version: 10.50.1750.9 - Microsoft Corporation)Microsoft SQL Server 2008 R2 Transact-SQL Language Service (HKLM\...\{09C52940-A4D1-4409-A7CC-1AAE630CF578}) (Version: 10.50.1750.9 - Microsoft Corporation)Microsoft SQL Server 2008 Setup Support Files (HKLM\...\{5D60AB1A-2409-4829-83D4-0972856D885A}) (Version: 10.3.5520.0 - Microsoft Corporation)Microsoft SQL Server Compact 3.5 SP2 ENU (HKLM\...\{3A9FC03D-C685-4831-94CF-4EDFD3749497}) (Version: 3.5.8080.0 - Microsoft Corporation)Microsoft SQL Server Database Publishing Wizard 1.4 (HKLM\...\{ACE28263-76A4-4BF5-B6F4-8BD719595969}) (Version: 10.1.2512.8 - Microsoft Corporation)Microsoft SQL Server Native Client (HKLM\...\{DFF48630-4D13-43EC-8D7A-88A180E3A41C}) (Version: 9.00.5000.00 - Microsoft Corporation)Microsoft SQL Server System CLR Types (HKLM\...\{877B76B2-F83F-4F5A-B28D-3F398641ADB6}) (Version: 10.50.1750.9 - Microsoft Corporation)Microsoft SQL Server VSS Writer (HKLM\...\{B857D868-F8B0-43EE-BC2B-D9E5ED21F237}) (Version: 10.3.5500.0 - Microsoft Corporation)Microsoft SQL Server 安装程序支持文件(英语) (HKLM\...\{17B9F0CD-E8D3-4094-A72C-B886F409D793}) (Version: 9.00.5000.00 - Microsoft Corporation)Microsoft Sync Framework Runtime v1.0 SP1 (x86) (HKLM\...\{C6DD625F-4B61-4561-8286-87CA0275CEA1}) (Version: 1.0.3010.0 - Microsoft Corporation)Microsoft Sync Framework SDK v1.0 SP1 (HKLM\...\{97CE8B73-AA5A-4987-A1BE-50DD1A187478}) (Version: 1.0.3010.0 - Microsoft Corporation)Microsoft Sync Framework Services v1.0 SP1 (x86) (HKLM\...\{F990B526-8F7C-46E0-B1F1-6C893A8B478F}) (Version: 1.0.3010.0 - Microsoft Corporation)Microsoft Sync Services for ADO.NET v2.0 SP1 (x86) (HKLM\...\{DC3D6AFB-78B4-489F-81D7-30B66E0C2417}) (Version: 2.0.3010.0 - Microsoft Corporation)Microsoft Team Foundation Server 2010 Object Model - ENU (HKLM\...\Microsoft Team Foundation Server 2010 Object Model - ENU) (Version: 10.0.40219 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974 (HKLM\...\{B7E38540-E355-3503-AFD7-635B2F2F76E1}) (Version: 9.0.30729.4974 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)Microsoft Visual C++ 2010 x86 Runtime - 10.0.40219 (HKLM\...\{5D9ED403-94DE-3BA0-B1D6-71F4BDA412E6}) (Version: 10.0.40219 - Microsoft Corporation)Microsoft Visual F# 2.0 Runtime (HKLM\...\{85467CBC-7A39-33C9-8940-D72D9269B84F}) (Version: 10.0.40219 - Microsoft Corporation)Microsoft Visual Studio 2005 Premier Partner Edition - CHS (HKLM\...\{A96609C2-BEF7-49FA-B743-CEE6A4D81435}) (Version: 8.0.50728 - Microsoft Corporation)Microsoft Visual Studio 2005 首选合作伙伴版 - 简体中文 Service Pack 1 (KB926604) (HKLM\...\KB926604.T2_160ToU263_160) (Version: 1 - Microsoft Corporation)Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools (HKLM\...\{14DD7530-CCD2-3798-B37D-3839ED6A441C}) (Version: 10.0.40219 - Microsoft Corporation)Microsoft Visual Studio 2010 Premium - ENU (HKLM\...\Microsoft Visual Studio 2010 Premium - ENU) (Version: 10.0.30319 - Microsoft Corporation)Microsoft Visual Studio 2010 Service Pack 1 (HKLM\...\Microsoft Visual Studio 2010 Service Pack 1) (Version: 10.0.40219 - Microsoft Corporation)Microsoft Visual Studio 2010 Tools for Office Runtime (x86) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x86)) (Version: 10.0.50903 - Microsoft Corporation)Microsoft Visual Studio Macro Tools (HKLM\...\Microsoft Visual Studio Macro Tools) (Version: 9.0.30729 - Microsoft Corporation)Mozilla Firefox 38.0.1 (x86 en-US) (HKLM\...\Mozilla Firefox 38.0.1 (x86 en-US)) (Version: 38.0.1 - Mozilla)Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 38.0.1 - Mozilla)QQ输入法纯净版1.2 (HKLM\...\QQ输入法纯净版) (Version: 1.2 - 腾讯公司)Realtek Ethernet Controller Driver (HKLM\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.82.317.2014 - Realtek)Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7083 - Realtek Semiconductor Corp.)Service Pack 3 for SQL Server 2008 (KB2546951) (HKLM\...\KB2546951) (Version: 10.3.5500.0 - Microsoft Corporation)Should I Remove It (HKU\S-1-5-21-1026416997-2916169332-1528636737-1000\...\Should I Remove It 1.0.4) (Version: 1.0.4 - Reason Software Company Inc.)Should I Remove It (Version: 1.0.4 - Reason Software Company Inc.) HiddenSkype Click to Call (HKLM\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.4.0.9058 - Microsoft Corporation)Skype(TM) 7.0 (HKLM\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)SQL Server Analysis Services 2005 Service Pack 4 CHS (KB2463332) (HKLM\...\KB2463332_OLAP9) (Version: 9.4.5000 - Microsoft Corporation)Sql Server Customer Experience Improvement Program (Version: 10.3.5500.0 - Microsoft Corporation) HiddenSQL Server Database Services 2005 Service Pack 4 CHS (KB2463332) (HKLM\...\KB2463332_SQL9) (Version: 9.4.5000 - Microsoft Corporation)SQL Server Integration Services 2005 Service Pack 4 CHS (KB2463332) (HKLM\...\KB2463332_DTS9) (Version: 9.4.5000 - Microsoft Corporation)SQL Server Notification Services 2005 Service Pack 4 CHS (KB2463332) (HKLM\...\KB2463332_NS9) (Version: 9.4.5000 - Microsoft Corporation)SQL Server Tools and Workstation Components 2005 Service Pack 4 CHS (KB2463332) (HKLM\...\KB2463332_SQLTools9) (Version: 9.4.5000 - Microsoft Corporation)SQLXML4 (HKLM\...\{A3561A1B-C233-4D59-ACC3-8A7AAC9C3618}) (Version: 9.00.5000.00 - Microsoft Corporation)swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) HiddenTencent QQMail Plugin (HKLM\...\QQMailPlugin) (Version: - )UltraISO Premium V9.62 (HKLM\...\UltraISO_is1) (Version: - )Unity Web Player (HKU\S-1-5-21-1026416997-2916169332-1528636737-1000\...\UnityWebPlayer) (Version: 4.6.2f1 - Unity Technologies ApS)Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU (HKLM\...\{112C23F2-C036-4D40-BED4-0CB47BF5555C}) (Version: 4.0.8080.0 - Microsoft Corporation)WCF RIA Services V1.0 SP1 (HKLM\...\{D9E6001A-5DC3-4620-AF7A-80B6CD48645D}) (Version: 4.1.60114.0 - Microsoft Corporation)Web Deployment Tool (HKLM\...\{0F37D969-1260-419E-B308-EF7D29ABDE20}) (Version: 1.1.0618 - Microsoft Corporation)Webroot SecureAnywhere (HKLM\...\WRUNINST) (Version: 9.0.0.64 - Webroot)Windows Driver Package - Atheros Communications Inc. (athr) Net (08/25/2013 10.0.0.263) (HKLM\...\6FEFE5F09E19F74D9333681CD0D0E0D8FBB90720) (Version: 08/25/2013 10.0.0.263 - Atheros Communications Inc.)Windows Driver Package - Realtek (RSUSBSTOR) USB (11/21/2013 6.2.9600.30171) (HKLM\...\22741B5A0738796D11506334EFBD44BCED3BD680) (Version: 11/21/2013 6.2.9600.30171 - Realtek)WinRAR 5.01 (32-bit) (HKLM\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)搜狗壁纸 (HKU\S-1-5-21-1026416997-2916169332-1528636737-1000\...\SogouWallPaper) (Version: - Sogou.com)用于 Microsoft Visual Studio 2005 首选合作伙伴版 - 简体中文 的 Hotfix (KB2938803) (HKLM\...\KB2938803.T369_160ToU880_160) (Version: 1 - Microsoft Corporation)用于 Microsoft Visual Studio 2005 首选合作伙伴版 - 简体中文 的 Security Update (KB2251481) (HKLM\...\KB2251481.T369_160ToU865_160) (Version: 3 - Microsoft Corporation)用于 Microsoft Visual Studio 2005 首选合作伙伴版 - 简体中文 的 Update (KB932230) (HKLM\...\KB932230.T369_160ToU407_160) (Version: 1 - Microsoft Corporation)==================== Custom CLSID (Whitelisted): ==========================(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)CustomCLSID: HKU\S-1-5-21-1026416997-2916169332-1528636737-1000_Classes\CLSID\{0002DF01-0000-0000-C000-000000000046}\localserver32 -> C:\Users\Admin\AppData\Local\SogouExplorer\SogouExplorer.exe No FileCustomCLSID: HKU\S-1-5-21-1026416997-2916169332-1528636737-1000_Classes\CLSID\{444785F1-DE89-4295-863A-D46C3A781394}\InprocServer32 -> C:\Users\Admin\AppData\LocalLow\Unity\WebPlayer\loader\UnityWebPluginAX.ocx (Unity Technologies ApS)CustomCLSID: HKU\S-1-5-21-1026416997-2916169332-1528636737-1000_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\Windows\system32\igfxEM.exe (Intel Corporation)==================== Restore Points =========================18-06-2015 20:59:52 Windows Update18-06-2015 21:13:59 Checkpoint by HitmanPro19-06-2015 14:00:12 Windows Update23-06-2015 10:50:29 Windows Update29-06-2015 20:00:14 Installed Should I Remove It30-06-2015 10:14:12 Windows Update06-07-2015 10:18:52 Windows Update10-07-2015 10:22:11 Windows Update==================== Hosts content: ==========================(If needed Hosts: directive could be included in the fixlist to reset Hosts.)2015-06-13 14:13 - 2015-06-15 18:43 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts==================== Scheduled Tasks (Whitelisted) =============(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)Task: {34449ED7-0447-413B-8BA5-452D68109CD7} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-06-09] (Adobe Systems Incorporated)Task: {A2DBA70B-3AF7-40D6-A895-7D3A0FEF9B6A} - \Bidaily Synchronize Task[973b] No Task File <==== ATTENTION(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exeTask: C:\Windows\Tasks\Bidaily Synchronize Task[973b].job => c:\programdata\{a2f26df3-2857-0b34-a2f2-26df3285b7cc}\uiso9.6.2.rar.exe <==== ATTENTION==================== Loaded Modules (Whitelisted) ==============2015-03-31 19:00 - 2015-03-19 21:00 - 00414472 _____ () C:\Windows\system32\igfxTray.exe2013-03-13 18:50 - 2013-03-13 18:50 - 00034304 _____ () C:\Program Files\LD_POS\LDPos\LD_Common.dll2013-04-11 19:33 - 2013-04-11 19:33 - 00075264 _____ () C:\Program Files\LD_POS\LDPos\LD_BLL.dll2013-04-11 19:33 - 2013-04-11 19:33 - 00213504 _____ () C:\Program Files\LD_POS\LDPos\LD_DAL.dll2011-12-03 18:26 - 2011-12-03 18:26 - 00056832 _____ () C:\Program Files\LD_POS\LDPos\LD_Model.dll2014-08-20 11:33 - 2013-12-10 00:27 - 01242584 _____ () C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\ACE.dll2015-05-25 13:35 - 2015-05-22 14:22 - 01281864 _____ () C:\Program Files\Google\Chrome\Application\43.0.2357.81\libglesv2.dll2015-05-25 13:35 - 2015-05-22 14:22 - 00080712 _____ () C:\Program Files\Google\Chrome\Application\43.0.2357.81\libegl.dll2015-05-25 13:35 - 2015-05-22 14:22 - 14982472 _____ () C:\Program Files\Google\Chrome\Application\43.0.2357.81\PepperFlash\pepflashplayer.dll==================== Alternate Data Streams (Whitelisted) =========(If an entry is included in the fixlist, only the ADS will be removed.)==================== Safe Mode (Whitelisted) ===================(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WRkrn => ""="Driver"HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WRSVC => ""="Service"==================== EXE Association (Whitelisted) ===============(If an entry is included in the fixlist, the registry item will be restored to default or removed.)HKU\.DEFAULT\Software\Classes\.exe: exefile => "%1" %* <===== ATTENTION!HKU\.DEFAULT\Software\Classes\exefile: "%1" %* <===== ATTENTION!HKU\S-1-5-19\Software\Classes\.exe: exefile => "%1" %* <===== ATTENTION!HKU\S-1-5-19\Software\Classes\exefile: "%1" %* <===== ATTENTION!HKU\S-1-5-20\Software\Classes\.exe: exefile => "%1" %* <===== ATTENTION!HKU\S-1-5-20\Software\Classes\exefile: "%1" %* <===== ATTENTION!HKU\S-1-5-21-1026416997-2916169332-1528636737-1000\Software\Classes\.exe: exefile => "%1" %* <===== ATTENTION!HKU\S-1-5-21-1026416997-2916169332-1528636737-1000\Software\Classes\exefile: "%1" %* <===== ATTENTION!==================== Internet Explorer trusted/restricted ===============(If an entry is included in the fixlist, it will be removed from the registry.)==================== Other Areas ============================(Currently there is no automatic fix for this section.)HKU\S-1-5-21-1026416997-2916169332-1528636737-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Admin\AppData\LocalLow\SogouWP\Net\WallPaper\1091938.jpgDNS Servers: 192.168.0.1 - 205.171.2.25==================== MSCONFIG/TASK MANAGER disabled items ==(Currently there is no automatic fix for this section.)MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3MSCONFIG\Services: AERTFilters => 2MSCONFIG\Services: MozillaMaintenance => 3MSCONFIG\Services: SkypeUpdate => 2MSCONFIG\startupreg: Bart Station => C:\Program Files\EarthLink\ISP\ISP8130\BIN\PPCOLink.exe -STATIONMSCONFIG\startupreg: HotKeysCmds => "C:\Windows\system32\hkcmd.exe"MSCONFIG\startupreg: IgfxTray => "C:\Windows\system32\igfxtray.exe"MSCONFIG\startupreg: Persistence => "C:\Windows\system32\igfxpers.exe"MSCONFIG\startupreg: Skype => "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrunMSCONFIG\startupreg: winsogouqzgaoqing => "C:\Users\Admin\AppData\Roaming\SogouWP\Boot\winsogouqzgaoqing.exe" -a -SGWallPaperMSCONFIG\startupreg: **����)**�� => ==================== FirewallRules (Whitelisted) ===============(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exeFirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exeFirewallRules: [{3C5CA8DD-14DF-4E29-A4E4-33BE52AFF435}] => (Allow) C:\Users\Admin\AppData\Roaming\Tencent\QQ\STemp\SetupEx0\QQSetupEx.exeFirewallRules: [{2E01CD63-F370-4940-8053-AA68BE70FC6B}] => (Allow) C:\Program Files\Tencent\QQ\QQProtect\Bin\QQProtect.exeFirewallRules: [{7435F2D5-4317-4EF2-8F32-8BB224E5E8C5}] => (Allow) C:\Program Files\Tencent\QQ\Bin\QQ.exeFirewallRules: [{92EEF71B-D255-47D2-9706-DCD93F4D9AC1}] => (Allow) C:\Program Files\Tencent\QQ\Bin\auclt.exeFirewallRules: [{A04A65F4-2170-4489-B41F-44F9D7B9CEA3}] => (Allow) C:\Program Files\Tencent\QQ\Bin\txupd.exeFirewallRules: [{C9BBB3F7-C863-4519-9549-49765F6B54F2}] => (Allow) C:\Program Files\Tencent\QQ\Bin\SetupEx\SetupEx.exeFirewallRules: [{3FC9C058-67BC-4EA6-8865-0593403D4118}] => (Allow) C:\Program Files\Tencent\QQ\Bin\maLauncher.exeFirewallRules: [{78B7B1CE-1782-45F4-934D-3039D47DE5BC}] => (Allow) C:\Program Files\Tencent\QQ\Bin\maUpdat.exeFirewallRules: [{56F865F2-1254-4B87-9307-0452E1D8B29C}] => (Allow) C:\program files\common files\tencent\qqdownload\128\bugreport_xf.exeFirewallRules: [{3FA38379-0FC5-43B8-A24E-F86C1A6412CE}] => (Allow) C:\program files\common files\tencent\qqdownload\128\tencentdl.exeFirewallRules: [{66CECCF0-881E-410B-A10D-6A0871838D3E}] => (Allow) C:\Program Files\Tencent\QQMusic\QzoneMusic\QzoneMusic.exeFirewallRules: [{B7154D12-A4D8-48F9-AEB1-8FC504107083}] => (Allow) C:\Program Files\Tencent\QQMusic\QzoneMusic\QzoneMusic.exeFirewallRules: [{0990C712-A5FB-4D6D-8599-78C57B6D7ADA}] => (Allow) C:\program files\common files\tencent\qqminidl\60\QQMiniDLUI.exeFirewallRules: [{84E2F51A-05C1-43D0-A8C2-E8A23E2A7494}] => (Allow) C:\program files\common files\tencent\qqminidl\60\QQGameUpUI.exeFirewallRules: [{2E419048-5345-44DB-9F90-18579F7B25FE}] => (Allow) C:\program files\common files\tencent\qqminidl\60\qqminidl.exeFirewallRules: [{34E288F3-9196-4374-A4E4-7FD91425981B}] => (Allow) C:\Users\Public\Documents\Tencent\QQGameMicro\IEProc.exeFirewallRules: [{4FA20489-6FAF-46F0-9F17-5D6C8ED22E1D}] => (Allow) C:\Users\Public\Documents\Tencent\QQGameMicro\QQGameMicro.exeFirewallRules: [{62A98A61-65F5-4EE6-8E9E-094A529D8D6E}] => (Allow) C:\Program Files\Tencent\QQPinyin\1.2.1264.400\QQPYConfig.exeFirewallRules: [{0C04CAFB-19D5-4848-8F7A-F03F3706DEEA}] => (Allow) C:\Program Files\Tencent\QQPinyin\1.2.1264.400\QQPYConfig.exeFirewallRules: [{08EA28D6-A8CC-477C-AA69-C715FE3B6070}] => (Allow) C:\Program Files\Tencent\QQPinyin\1.2.1264.400\QQPYConfig.exeFirewallRules: [{DA9CBE54-ECDD-4E1C-AED6-62D4B10C74F0}] => (Allow) C:\Program Files\Tencent\QQPinyin\1.2.1264.400\QQPYConfig.exeFirewallRules: [{EC551885-835B-425C-9485-3C6BD41FD8D9}] => (Allow) C:\Program Files\Tencent\QQPinyin\1.2.1264.400\QQPYConfig.exeFirewallRules: [{B4BABE12-2FCF-44A4-9F83-35C799994BE1}] => (Allow) C:\Program Files\Tencent\QQPinyin\1.2.1264.400\QQPYConfig.exeFirewallRules: [{298786DF-3107-4692-A97D-98BAECF1C360}] => (Allow) C:\Program Files\Tencent\QQPinyin\1.2.1264.400\QQPYLiveup.exeFirewallRules: [{3ADB3992-4EF9-4941-A456-2ABBF7F87F60}] => (Allow) C:\Program Files\Tencent\QQPinyin\1.2.1264.400\QQPYLiveup.exeFirewallRules: [{648FD7CB-1CE1-49FD-9036-5196111AF718}] => (Allow) C:\Program Files\Tencent\QQPinyin\1.2.1264.400\QQPYLiveup.exeFirewallRules: [{7A4E99F6-7CF3-403D-A6F3-E17D6DEDB3FD}] => (Allow) C:\Program Files\Tencent\QQPinyin\1.2.1264.400\QQPYLiveup.exeFirewallRules: [{6C24DECB-3D58-4489-A50D-53035A4B149B}] => (Allow) C:\Program Files\Tencent\QQPinyin\1.2.1264.400\QQPYLiveup.exeFirewallRules: [{005C7427-70AD-4FC8-A15E-B24C749DE2B0}] => (Allow) C:\Program Files\Tencent\QQPinyin\1.2.1264.400\QQPYLiveup.exeFirewallRules: [{ADB11F2F-DDCB-4B5F-AFC8-CA7D13C07202}] => (Allow) C:\Program Files\Tencent\QQPinyin\1.2.1264.400\QQPYLevel.exeFirewallRules: [{8C57DE5F-7BE3-430C-AC35-96B1D6EB9F0A}] => (Allow) C:\Program Files\Tencent\QQPinyin\1.2.1264.400\QQPYLevel.exeFirewallRules: [{3E3CE379-C45D-4ED1-8FB8-7CA048FF3BE9}] => (Allow) C:\Program Files\Tencent\QQPinyin\1.2.1264.400\QQPYLevel.exeFirewallRules: [{8CB44F73-1D8B-40BE-AEF9-A87F4EB7D7FE}] => (Allow) C:\Program Files\Tencent\QQPinyin\1.2.1264.400\QQPYLevel.exeFirewallRules: [{8C2DC174-6355-4154-B2FA-71F1F94B5DA2}] => (Allow) C:\Program Files\Tencent\QQPinyin\1.2.1264.400\QQPYLevel.exeFirewallRules: [{87B5EFAC-5B09-4B7F-B9F6-E28CC0CB3038}] => (Allow) C:\Program Files\Tencent\QQPinyin\1.2.1264.400\QQPYLevel.exeFirewallRules: [{0A32A2BE-8221-4133-9023-004DBF679993}] => (Allow) C:\Program Files\Tencent\QQPinyin\1.2.1264.400\QQImeRegDict.exeFirewallRules: [{7F413299-0BA2-4377-AD51-8F2A61B6BC08}] => (Allow) C:\Program Files\Tencent\QQPinyin\1.2.1264.400\QQImeRegDict.exeFirewallRules: [{806213DD-8978-401E-8645-C739BE862A6A}] => (Allow) C:\Program Files\Tencent\QQPinyin\1.2.1264.400\QQImeRegDict.exeFirewallRules: [{883DF379-75EF-4B59-AE7E-0DAF52AF64BA}] => (Allow) C:\Program Files\Tencent\QQPinyin\1.2.1264.400\QQImeRegDict.exeFirewallRules: [{0C4775B7-9B59-4190-A2B5-16D7E0F26D16}] => (Allow) C:\Program Files\Tencent\QQPinyin\1.2.1264.400\QQImeRegDict.exeFirewallRules: [{CCD4F383-3782-420B-83EC-F9EBD745E71A}] => (Allow) C:\Program Files\Tencent\QQPinyin\1.2.1264.400\QQImeRegDict.exeFirewallRules: [{969C0EB7-7338-4305-8D98-AC97897E576B}] => (Allow) C:\Program Files\Tencent\QQPinyin\1.2.1264.400\QQImeRegSkin.exeFirewallRules: [{95329979-9544-4325-861C-9FB74C24C28E}] => (Allow) C:\Program Files\Tencent\QQPinyin\1.2.1264.400\QQImeRegSkin.exeFirewallRules: [{12A5394C-62F9-43BE-B33E-63ED70547B34}] => (Allow) C:\Program Files\Tencent\QQPinyin\1.2.1264.400\QQImeRegSkin.exeFirewallRules: [{BBD13487-EDAB-4655-95D2-E0520D915C7C}] => (Allow) C:\Program Files\Tencent\QQPinyin\1.2.1264.400\QQImeRegSkin.exeFirewallRules: [{965536E9-09EC-4A2D-BE71-65D1A54EC954}] => (Allow) C:\Program Files\Tencent\QQPinyin\1.2.1264.400\QQImeRegSkin.exeFirewallRules: [{91B96A34-95AB-4B4D-89AC-99268215F02A}] => (Allow) C:\Program Files\Tencent\QQPinyin\1.2.1264.400\QQImeRegSkin.exeFirewallRules: [{0A5C2F6B-D12C-43FC-B1BB-B6756A2F490B}] => (Allow) C:\Program Files\Tencent\QQPinyin\1.2.1264.400\QQImeDownload.exeFirewallRules: [{CAD36F82-BC98-4550-9DA7-8D032465539C}] => (Allow) C:\Program Files\Tencent\QQPinyin\1.2.1264.400\QQImeDownload.exeFirewallRules: [{B99E3D71-8BB9-4CA0-BBC1-75AB90807CC0}] => (Allow) C:\Program Files\Tencent\QQPinyin\1.2.1264.400\QQImeDownload.exeFirewallRules: [{CBABA4F5-4E5A-4BE9-8DDC-93148533462C}] => (Allow) C:\Program Files\Tencent\QQPinyin\1.2.1264.400\QQImeDownload.exeFirewallRules: [{2A8DD632-9F8B-4002-80DF-1A00BB3049F2}] => (Allow) C:\Program Files\Tencent\QQPinyin\1.2.1264.400\QQImeDownload.exeFirewallRules: [{887A5BDE-A3EB-43B7-B427-89E3814E3922}] => (Allow) C:\Program Files\Tencent\QQPinyin\1.2.1264.400\QQImeDownload.exeFirewallRules: [{4FBBD227-DA64-4A36-BDE2-FF4242749F99}] => (Allow) C:\Program Files\Tencent\QQPinyin\1.2.1264.400\QQPYCloud.exeFirewallRules: [{39605CA5-A991-4434-BBBF-C89F886AEF08}] => (Allow) C:\Program Files\Tencent\QQPinyin\1.2.1264.400\QQPYCloud.exeFirewallRules: [{69E84C70-14EF-48AA-A06E-9F172C92AEB1}] => (Allow) C:\Program Files\Tencent\QQPinyin\1.2.1264.400\QQPYCloud.exeFirewallRules: [{27189E55-ADC4-46F1-9F0E-FED1E8A0DDDB}] => (Allow) C:\Program Files\Tencent\QQPinyin\1.2.1264.400\QQPYCloud.exeFirewallRules: [{78A8AB8D-F5C5-4BC5-AF90-7CB25AFC3AED}] => (Allow) C:\Program Files\Tencent\QQPinyin\1.2.1264.400\QQPYCloud.exeFirewallRules: [{C854B602-F3A7-4FD1-BA94-D8B8ED10C5C4}] => (Allow) C:\Program Files\Tencent\QQPinyin\1.2.1264.400\QQPYCloud.exeFirewallRules: [{50D08931-E69D-4F4F-9A11-644AF611F23F}] => (Allow) C:\Users\Admin\AppData\Roaming\SogouWallPaper\2.5.3.2577\SGUpdater.exeFirewallRules: [{98ABCA38-2FEE-4AB9-91AD-15CAF6EE7BCD}] => (Allow) C:\Users\Admin\AppData\Roaming\SogouWallPaper\2.5.3.2577\SGUpdater.exeFirewallRules: [{239E0195-7865-4CC5-A6A2-C3FFA645473A}] => (Allow) C:\Users\Admin\AppData\Roaming\SogouWallPaper\2.5.3.2577\SGWallPaper.exeFirewallRules: [{4931ADB3-674F-48C3-8D92-DB816E02B7D8}] => (Allow) C:\Users\Admin\AppData\Roaming\SogouWallPaper\2.5.3.2577\SGWallPaper.exeFirewallRules: [{D73CB55E-4D9F-4C8E-BB54-4ABFC82EE105}] => (Allow) C:\Users\Admin\AppData\Roaming\SogouWallPaper\2.5.3.2577\SGWPThemeMall.exeFirewallRules: [{85DD7997-E67A-46AB-9A35-FDB0341023AC}] => (Allow) C:\Users\Admin\AppData\Roaming\SogouWallPaper\2.5.3.2577\SGWPThemeMall.exeFirewallRules: [{3AC9D5DF-83C9-40BF-85B0-DA7C2457B0F1}] => (Allow) C:\Users\Admin\AppData\Roaming\SogouWallPaper\2.5.3.2577\SGWallPaperDT.exeFirewallRules: [{D284224E-8CBF-426E-ABE8-6CC31450226F}] => (Allow) C:\Users\Admin\AppData\Roaming\SogouWallPaper\2.5.3.2577\SGWallPaperDT.exeFirewallRules: [{4216EC54-6D87-4882-A0F7-322AA0DB54BB}] => (Allow) C:\Users\Admin\AppData\Local\SogouGame\SogouGame.exeFirewallRules: [{329D1987-2BC6-483B-8D12-15DFFD4EF497}] => (Allow) C:\Users\Admin\AppData\Local\SogouGame\SogouGame.exeFirewallRules: [{E11BA6CE-2839-42DC-8D6C-57B456A50333}] => (Allow) C:\Users\Admin\AppData\Roaming\SogouGame\Temp\SogouGameUpdate.exeFirewallRules: [{5E2133D5-C5C1-42D7-BA63-DC9E9A345287}] => (Allow) C:\Users\Admin\AppData\Roaming\SogouGame\Temp\SogouGameUpdate.exeFirewallRules: [{D36237DF-E754-4309-951C-5A987B46CE64}] => (Allow) C:\Users\Admin\AppData\Local\SogouExplorer\SogouExplorer.exeFirewallRules: [{F08C47A1-B83E-4175-9F09-456A3AC3CA7E}] => (Allow) C:\Users\Admin\AppData\Local\SogouExplorer\SogouExplorer.exeFirewallRules: [{B594F1B8-1CFD-4BE5-A34F-740C7A690B4D}] => (Allow) C:\Users\Admin\AppData\Roaming\SogouExplorer\Temp\SogouExplorerUp.exeFirewallRules: [{71EF35A4-B802-44D6-8097-9FF6F3DD9E53}] => (Allow) C:\Users\Admin\AppData\Roaming\SogouExplorer\Temp\SogouExplorerUp.exeFirewallRules: [{CADD20DE-8A48-48C0-88E8-F1E0643EEBC3}] => (Allow) C:\Users\Admin\AppData\Local\SogouExplorer\5.1.7.15323\SGRepairTool.exeFirewallRules: [{4B466664-D36B-4904-9F3A-80A7349587A5}] => (Allow) C:\Users\Admin\AppData\Local\SogouExplorer\5.1.7.15323\SGRepairTool.exeFirewallRules: [{196DC1B3-949A-4AD0-96F1-7B8BE13B9F66}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exeFirewallRules: [{5735F05F-2207-488C-A979-DB41395B9170}] => (Allow) C:\Program Files\Skype\Phone\Skype.exeFirewallRules: [{E28D1A28-6247-4DB7-8E49-4859AB15E9DF}] => (Allow) C:\Program Files\SogouInput\7.5.0.5674\SogouCloud.exeFirewallRules: [{8DD3467F-89B0-441A-9206-D4B812A30F70}] => (Allow) C:\Program Files\SogouInput\7.5.0.5674\SogouCloud.exeFirewallRules: [{D7CDAC57-58C0-4F83-8774-22C482319D1E}] => (Allow) C:\Program Files\SogouInput\7.5.0.5674\SogouCloud.exeFirewallRules: [{D903D96E-BFA3-4623-BB4A-20F853216685}] => (Allow) C:\Program Files\SogouInput\7.5.0.5674\SogouCloud.exeFirewallRules: [{BA93A875-2469-4395-81F7-08E1EA96546F}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exeFirewallRules: [{7EC783B6-02D1-48B4-BE5A-411D9C9C219B}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exeFirewallRules: [{B6F5541C-EF42-4CCC-8CD9-35946DC71E90}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe==================== Faulty Device Manager Devices ================================= Event log errors: =========================Application errors:==================Error: (07/10/2015 02:32:53 PM) (Source: SideBySide) (EventID: 33) (User: )Description: Activation context generation failed for "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".Dependent Assembly Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.Please use sxstrace.exe for detailed diagnosis.Error: (07/08/2015 12:08:45 PM) (Source: SideBySide) (EventID: 33) (User: )Description: Activation context generation failed for "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".Dependent Assembly Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.Please use sxstrace.exe for detailed diagnosis.Error: (07/08/2015 12:08:45 PM) (Source: SideBySide) (EventID: 33) (User: )Description: Activation context generation failed for "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="ia64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".Dependent Assembly Microsoft.Windows.Common-Controls,language="*",processorArchitecture="ia64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.Please use sxstrace.exe for detailed diagnosis.Error: (07/07/2015 11:19:24 AM) (Source: SideBySide) (EventID: 33) (User: )Description: Activation context generation failed for "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".Dependent Assembly Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.Please use sxstrace.exe for detailed diagnosis.Error: (07/07/2015 11:19:23 AM) (Source: SideBySide) (EventID: 33) (User: )Description: Activation context generation failed for "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="ia64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".Dependent Assembly Microsoft.Windows.Common-Controls,language="*",processorArchitecture="ia64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.Please use sxstrace.exe for detailed diagnosis.Error: (07/06/2015 10:39:23 AM) (Source: SideBySide) (EventID: 33) (User: )Description: Activation context generation failed for "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".Dependent Assembly Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.Please use sxstrace.exe for detailed diagnosis.Error: (07/06/2015 10:39:23 AM) (Source: SideBySide) (EventID: 33) (User: )Description: Activation context generation failed for "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="ia64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".Dependent Assembly Microsoft.Windows.Common-Controls,language="*",processorArchitecture="ia64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.Please use sxstrace.exe for detailed diagnosis.Error: (06/23/2015 03:01:57 PM) (Source: SideBySide) (EventID: 33) (User: )Description: Activation context generation failed for "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".Dependent Assembly Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.Please use sxstrace.exe for detailed diagnosis.Error: (06/23/2015 03:01:56 PM) (Source: SideBySide) (EventID: 33) (User: )Description: Activation context generation failed for "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="ia64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".Dependent Assembly Microsoft.Windows.Common-Controls,language="*",processorArchitecture="ia64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.Please use sxstrace.exe for detailed diagnosis.Error: (06/19/2015 02:00:52 PM) (Source: MsiInstaller) (EventID: 1024) (User: NT AUTHORITY)Description: Product: Microsoft SQL Server 2008 Database Engine Services - Update '{2D5199EF-6F61-44CA-A60D-CBAB801880F1}' could not be installed. Error code 1642. Windows Installer can create logs to help troubleshoot issues with installing software packages. Use the following link for instructions on turning on logging support: http://go.microsoft.com/fwlink/?LinkId=23127System errors:=============Error: (07/11/2015 12:58:22 PM) (Source: Service Control Manager) (EventID: 7000) (User: )Description: The Google Update Service (gupdate) service failed to start due to the following error: %%2Error: (07/11/2015 12:56:03 PM) (Source: PCIESER) (EventID: 18) (User: )Description: No Parameters subkey was found for user defined data. This is odd, and it also means no user configuration can be found.Error: (07/11/2015 12:56:01 PM) (Source: PCIESER) (EventID: 18) (User: )Description: No Parameters subkey was found for user defined data. This is odd, and it also means no user configuration can be found.Error: (07/11/2015 12:48:20 PM) (Source: PCIESER) (EventID: 18) (User: )Description: No Parameters subkey was found for user defined data. This is odd, and it also means no user configuration can be found.Error: (07/11/2015 12:48:18 PM) (Source: PCIESER) (EventID: 18) (User: )Description: No Parameters subkey was found for user defined data. This is odd, and it also means no user configuration can be found.Error: (07/11/2015 12:44:55 PM) (Source: PCIESER) (EventID: 18) (User: )Description: No Parameters subkey was found for user defined data. This is odd, and it also means no user configuration can be found.Error: (07/11/2015 12:44:53 PM) (Source: PCIESER) (EventID: 18) (User: )Description: No Parameters subkey was found for user defined data. This is odd, and it also means no user configuration can be found.Error: (07/11/2015 11:54:35 AM) (Source: Service Control Manager) (EventID: 7000) (User: )Description: The Google Update Service (gupdate) service failed to start due to the following error: %%2Error: (07/11/2015 11:52:14 AM) (Source: PCIESER) (EventID: 18) (User: )Description: No Parameters subkey was found for user defined data. This is odd, and it also means no user configuration can be found.Error: (07/11/2015 11:52:12 AM) (Source: PCIESER) (EventID: 18) (User: )Description: No Parameters subkey was found for user defined data. This is odd, and it also means no user configuration can be found.Microsoft Office:=========================Error: (07/10/2015 02:32:53 PM) (Source: SideBySide) (EventID: 33) (User: )Description: Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"C:\$Recycle.Bin\S-1-5-21-1026416997-2916169332-1528636737-1000\$R1ZAXSW.exeError: (07/08/2015 12:08:45 PM) (Source: SideBySide) (EventID: 33) (User: )Description: Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"c:\program files\microsoft visual studio 10.0\Common7\IDE\remote debugger\x64\msvsmon.exeError: (07/08/2015 12:08:45 PM) (Source: SideBySide) (EventID: 33) (User: )Description: Microsoft.Windows.Common-Controls,language="*",processorArchitecture="ia64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"c:\program files\microsoft visual studio 10.0\Common7\IDE\remote debugger\ia64\msvsmon.exeError: (07/07/2015 11:19:24 AM) (Source: SideBySide) (EventID: 33) (User: )Description: Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"c:\program files\microsoft visual studio 10.0\Common7\IDE\remote debugger\x64\msvsmon.exeError: (07/07/2015 11:19:23 AM) (Source: SideBySide) (EventID: 33) (User: )Description: Microsoft.Windows.Common-Controls,language="*",processorArchitecture="ia64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"c:\program files\microsoft visual studio 10.0\Common7\IDE\remote debugger\ia64\msvsmon.exeError: (07/06/2015 10:39:23 AM) (Source: SideBySide) (EventID: 33) (User: )Description: Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"c:\program files\microsoft visual studio 10.0\Common7\IDE\remote debugger\x64\msvsmon.exeError: (07/06/2015 10:39:23 AM) (Source: SideBySide) (EventID: 33) (User: )Description: Microsoft.Windows.Common-Controls,language="*",processorArchitecture="ia64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"c:\program files\microsoft visual studio 10.0\Common7\IDE\remote debugger\ia64\msvsmon.exeError: (06/23/2015 03:01:57 PM) (Source: SideBySide) (EventID: 33) (User: )Description: Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"c:\program files\microsoft visual studio 10.0\Common7\IDE\remote debugger\x64\msvsmon.exeError: (06/23/2015 03:01:56 PM) (Source: SideBySide) (EventID: 33) (User: )Description: Microsoft.Windows.Common-Controls,language="*",processorArchitecture="ia64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"c:\program files\microsoft visual studio 10.0\Common7\IDE\remote debugger\ia64\msvsmon.exeError: (06/19/2015 02:00:52 PM) (Source: MsiInstaller) (EventID: 1024) (User: NT AUTHORITY)Description: Microsoft SQL Server 2008 Database Engine Services{2D5199EF-6F61-44CA-A60D-CBAB801880F1}1642(NULL)(NULL)(NULL)==================== Memory info =========================== Processor: Intel(R) Pentium(R) CPU G3240 @ 3.10GHzPercentage of memory in use: 46%Total physical RAM: 3502.95 MBAvailable physical RAM: 1882.01 MBTotal Virtual: 7004.2 MBAvailable Virtual: 5089.18 MB==================== Drives ================================Drive c: () (Fixed) (Total:214.84 GB) (Free:153.98 GB) NTFSDrive d: () (Fixed) (Total:250.82 GB) (Free:248.5 GB) NTFS==================== MBR & Partition Table ==========================================================================Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: C116EC83)Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)Partition 2: (Not Active) - (Size=250.8 GB) - (Type=07 NTFS)Partition 3: (Not Active) - (Size=214.8 GB) - (Type=07 NTFS)==================== End of log ============================
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.