Jump to content

AndersonC

Members
  • Posts

    6
  • Joined

  • Last visited

Reputation

0 Neutral
  1. Hi Aura, I have a last question. Does Cerber Version 4 / 5 1) encrypts the original files and leave it just like that or 2) does it make a copy of the original files and encrypt the copies , then delete the original unencrypted files? Would be grateful if someone knows the definite answer to this..
  2. Thank you for your verification on my system's status. By the way, what are the things that appeared to be wrong in my system? If you could highlight them, perhaps I can try to fix them. Once again, thanks for your help!
  3. Hi Aura, sorry for the late reply. The following is my FRST.txt and Addition.txt Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 23-02-2017 01 Ran by Yu Zheng (administrator) on YUZHENG-PC (25-02-2017 03:53:53) Running from E:\ Loaded Profiles: UpdatusUser & Yu Zheng (Available Profiles: UpdatusUser & Yu Zheng & Anderson) Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States) Internet Explorer Version 11 (Default browser: IE) Boot Mode: Normal ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (SurfRight B.V.) C:\Program Files (x86)\HitmanPro.Alert\hmpalert.exe (NVIDIA Corporation) C:\windows\System32\nvvsvc.exe (Microsoft Corporation) C:\windows\System32\wlanext.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe (NVIDIA Corporation) C:\windows\System32\nvvsvc.exe (Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Device Health\DhMachineSvc.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Device Health\PluginManager\DhPluginMgr.exe (Egis Incorporated) C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe (Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe () C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe (www.shadowexplorer.com) C:\Program Files (x86)\ShadowExplorer\sesvc.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe (VMware, Inc.) C:\windows\SysWOW64\vmnat.exe (Copyright 2017.) C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (VMware, Inc.) C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe (VMware, Inc.) C:\windows\SysWOW64\vmnetdhcp.exe (Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE (SurfRight B.V.) C:\Program Files (x86)\HitmanPro.Alert\hmpalert.exe (Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe (Intel Corporation) C:\windows\System32\hkcmd.exe (Intel Corporation) C:\windows\System32\igfxpers.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Lenovo) C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE (Egis Incorporated) C:\Acer\Empowering Technology\eDataSecurity\x64\eDSLoader.exe () C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeySupport.exe (Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\utility.exe (Lenovo (Beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Egis inc.) C:\Acer\Empowering Technology\eDataSecurity\x86\eDSMSNLoader32.exe (Microsoft Corporation) C:\windows\System32\dllhost.exe (Google Inc.) C:\Program Files (x86)\Google\Google Pinyin 2\GooglePinyinDaemon.exe (Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe (CyberLink) C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe (Lenovo) C:\Program Files (x86)\Lenovo\Lenovo MuteSync\MuteSync.exe () C:\Program Files (x86)\Google\Google Pinyin 2\GooglePinyinService.exe (Elaborate Bytes AG) C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\BTStackServer.exe (Microsoft Corporation) C:\windows\SysWOW64\rundll32.exe (Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\BluetoothHeadsetProxy.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Tonec Inc.) C:\Program Files (x86)\Internet Download Manager\IDMan.exe (Tonec Inc.) C:\Program Files (x86)\Internet Download Manager\IEMonitor.exe (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe (Internet Download Manager, Tonec Inc.) C:\Program Files (x86)\Internet Download Manager\idmBroker.exe (Adobe Systems Incorporated) C:\windows\System32\Macromed\Flash\FlashUtil64_20_0_0_228_ActiveX.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Visual Studio 12.0\Common7\IDE\devenv.exe (Microsoft Corporation) C:\windows\Microsoft.NET\assembly\GAC_32\Microsoft.Alm.Shared.Remoting.RemoteContainer\v4.0_12.0.0.0__b03f5f7f11d50a3a\Microsoft.Alm.Shared.Remoting.RemoteContainer.dll (Microsoft Corporation) C:\Program Files (x86)\MSBuild\12.0\Bin\MSBuild.exe (Microsoft Corporation) C:\Program Files (x86)\MSBuild\12.0\Bin\MSBuild.exe (Microsoft Corporation) C:\Users\Yu Zheng\Documents\Visual Studio 2013\Projects\SchoolCommentsBuilder\SchoolCommentsBuilder\bin\Release\SchoolCommentsBuilder.vshost.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Visual Studio 12.0\Common7\IDE\CommonExtensions\Microsoft\IntelliTrace\12.0.0\IntelliTrace.exe ==================== Registry (Whitelisted) ==================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11775592 2011-01-26] (Realtek Semiconductor) HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2771240 2011-04-21] (Synaptics Incorporated) HKLM\...\Run: [Lenovo EE Boot Optimizer] => C:\Program Files (x86)\Lenovo\Boot Optimizer\PopWnd.exe [114688 2011-12-27] (Lenovo) HKLM\...\Run: [OnekeyStudio] => C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe [789920 2011-12-27] (Lenovo) HKLM\...\Run: [Energy Management] => C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [9745312 2011-12-27] (Lenovo (Beijing) Limited) HKLM\...\Run: [EnergyUtility] => C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe [5374880 2011-12-27] (Lenovo(beijing) Limited) HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [499608 2011-03-30] (Adobe Systems Incorporated) HKLM\...\Run: [eDataSecurity Loader] => C:\Acer\Empowering Technology\eDataSecurity\x64\eDSloader.exe [561200 2009-04-13] (Egis Incorporated) HKLM\...\Run: [New Value #1] => "ctfmon"="CTFMON.EXE" HKLM\...\Run: [ZAM] => C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe [14416624 2017-02-02] (Copyright 2017.) HKLM-x32\...\Run: [MuteSync] => C:\Program Files (x86)\Lenovo\Lenovo MuteSync\MuteSync.exe [336384 2009-12-28] (Lenovo) HKLM-x32\...\Run: [YouCam Mirage] => C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe [136488 2010-12-05] (CyberLink) HKLM-x32\...\Run: [YouCam Tray] => C:\Program Files (x86)\Lenovo\YouCam\YouCam.exe [224352 2010-12-05] (CyberLink Corp.) HKLM-x32\...\Run: [VeriFaceManager] => C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe [329056 2011-12-27] (Lenovo) HKLM-x32\...\Run: [UpdateP2GShortCut] => C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [222504 2010-07-27] (CyberLink Corp.) HKLM-x32\...\Run: [UpdatePRCShortCut] => C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe [222504 2009-05-14] (CyberLink Corp.) HKLM-x32\...\Run: [VirtualCloneDrive] => C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [52392 2009-01-30] (Elaborate Bytes AG) HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) HKLM-x32\...\Run: [AdobeCS5.5ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe [1523360 2011-01-12] (Adobe Systems Incorporated) HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [91520 2010-01-21] (Microsoft Corporation) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [597040 2015-10-06] (Oracle Corporation) HKLM-x32\...\Run: [Ninox Aurora mouse] => C:\Program Files (x86)\LBOTS Top Mouse\DareUMonitor.exe [495616 2013-12-28] () HKLM-x32\...\Run: [SystemExplorerAutoStart] => "C:\Program Files (x86)\System Explorer\SystemExplorer.exe" /TRAY HKLM Group Policy restriction on software: %userprofile%\*.exe <====== ATTENTION HKLM Group Policy restriction on software: *.docx*.scr <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*\*.jse <====== ATTENTION HKLM Group Policy restriction on software: *.avi*.js <====== ATTENTION HKLM Group Policy restriction on software: *.jpg*.com <====== ATTENTION HKLM Group Policy restriction on software: *.wmv*.bat <====== ATTENTION HKLM Group Policy restriction on software: *.bmp*.js <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.bat <====== ATTENTION HKLM Group Policy restriction on software: *.mp4*.pif <====== ATTENTION HKLM Group Policy restriction on software: *.wma*.com <====== ATTENTION HKLM Group Policy restriction on software: *.rar*.bat <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*\*.pif <====== ATTENTION HKLM Group Policy restriction on software: scsvserv.exe <====== ATTENTION HKLM Group Policy restriction on software: *.pdf*.exe <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.js <====== ATTENTION HKLM Group Policy restriction on software: C:\Users\*.exe <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\7z*\*.exe <====== ATTENTION HKLM Group Policy restriction on software: *.bmp*.bat <====== ATTENTION HKLM Group Policy restriction on software: *.pub*.scr <====== ATTENTION HKLM Group Policy restriction on software: *.txt*.com <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.js <====== ATTENTION HKLM Group Policy restriction on software: *.bmp*.com <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.com <====== ATTENTION HKLM Group Policy restriction on software: *.pptx*.jse <====== ATTENTION HKLM Group Policy restriction on software: %appdata%\*.jse <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\wz*\*.exe <====== ATTENTION HKLM Group Policy restriction on software: *.mp4*.exe <====== ATTENTION HKLM Group Policy restriction on software: %allusersprofile%\*.exe <====== ATTENTION HKLM Group Policy restriction on software: %programdata%\*.pif <====== ATTENTION HKLM Group Policy restriction on software: *.rtf*.com <====== ATTENTION HKLM Group Policy restriction on software: *.rar*.com <====== ATTENTION HKLM Group Policy restriction on software: *.xls*.bat <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\wz*\*.bat <====== ATTENTION HKLM Group Policy restriction on software: *.wma*.cmd <====== ATTENTION HKLM Group Policy restriction on software: C:\Users\*.pif <====== ATTENTION HKLM Group Policy restriction on software: %programdata%\*.jse <====== ATTENTION HKLM Group Policy restriction on software: *.gif*.scr <====== ATTENTION HKLM Group Policy restriction on software: *.pptx*.bat <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*\*.exe <====== ATTENTION HKLM Group Policy restriction on software: *.bmp*.scr <====== ATTENTION HKLM Group Policy restriction on software: *.doc*.exe <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.pif <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\*.pif <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\rar*\*.jse <====== ATTENTION HKLM Group Policy restriction on software: *.7z*.bat <====== ATTENTION HKLM Group Policy restriction on software: %appdata%\*\*.exe <====== ATTENTION HKLM Group Policy restriction on software: *.mp3*.pif <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.exe <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.bat <====== ATTENTION HKLM Group Policy restriction on software: *.ppt*.com <====== ATTENTION HKLM Group Policy restriction on software: *.bmp*.cmd <====== ATTENTION HKLM Group Policy restriction on software: C:\Users\*.scr <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.js <====== ATTENTION HKLM Group Policy restriction on software: %appdata%\*.bat <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.cmd <====== ATTENTION HKLM Group Policy restriction on software: *.zip*.exe <====== ATTENTION HKLM Group Policy restriction on software: *.ppt*.pif <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\7z*\*.bat <====== ATTENTION HKLM Group Policy restriction on software: *.avi*.exe <====== ATTENTION HKLM Group Policy restriction on software: *.avi*.jse <====== ATTENTION HKLM Group Policy restriction on software: *.avi*.com <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\*.jse <====== ATTENTION HKLM Group Policy restriction on software: *.doc*.js <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.scr <====== ATTENTION HKLM Group Policy restriction on software: *.pub*.pif <====== ATTENTION HKLM Group Policy restriction on software: *.doc*.scr <====== ATTENTION HKLM Group Policy restriction on software: %programdata%\*.cmd <====== ATTENTION HKLM Group Policy restriction on software: %appdata%\*\*.scr <====== ATTENTION HKLM Group Policy restriction on software: *.zip*.com <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\7z*\*.jse <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\*.scr <====== ATTENTION HKLM Group Policy restriction on software: *.jpg*.js <====== ATTENTION HKLM Group Policy restriction on software: %allusersprofile%\*.com <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\rar*\*.exe <====== ATTENTION HKLM Group Policy restriction on software: *.txt*.bat <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.cmd <====== ATTENTION HKLM Group Policy restriction on software: *.rtf*.exe <====== ATTENTION HKLM Group Policy restriction on software: *.jpg*.scr <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.jse <====== ATTENTION HKLM Group Policy restriction on software: *.avi*.cmd <====== ATTENTION HKLM Group Policy restriction on software: *.gif*.com <====== ATTENTION HKLM Group Policy restriction on software: *.mp3*.jse <====== ATTENTION HKLM Group Policy restriction on software: *.jpeg*.scr <====== ATTENTION HKLM Group Policy restriction on software: *.mp3*.cmd <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\*.js <====== ATTENTION HKLM Group Policy restriction on software: *.wma*.pif <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\*.zip\*.cmd <====== ATTENTION HKLM Group Policy restriction on software: *.txt*.js <====== ATTENTION HKLM Group Policy restriction on software: *.doc*.com <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*\*.cmd <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\rar*\*.bat <====== ATTENTION HKLM Group Policy restriction on software: *.docx*.pif <====== ATTENTION HKLM Group Policy restriction on software: *.mp3*.js <====== ATTENTION HKLM Group Policy restriction on software: *.7z*.exe <====== ATTENTION HKLM Group Policy restriction on software: *.divx*.cmd <====== ATTENTION HKLM Group Policy restriction on software: *.avi*.pif <====== ATTENTION HKLM Group Policy restriction on software: *.jpeg*.jse <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\7z*\*.js <====== ATTENTION HKLM Group Policy restriction on software: *.wmv*.cmd <====== ATTENTION HKLM Group Policy restriction on software: %programdata%\*.bat <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\*.zip\*.com <====== ATTENTION HKLM Group Policy restriction on software: *.rar*.cmd <====== ATTENTION HKLM Group Policy restriction on software: *.7z*.cmd <====== ATTENTION HKLM Group Policy restriction on software: *.wav*.scr <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\*.com <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\rar*\*.pif <====== ATTENTION HKLM Group Policy restriction on software: *.wmv*.scr <====== ATTENTION HKLM Group Policy restriction on software: *.doc*.bat <====== ATTENTION HKLM Group Policy restriction on software: *.txt*.jse <====== ATTENTION HKLM Group Policy restriction on software: C:\Users\*.bat <====== ATTENTION HKLM Group Policy restriction on software: *.7z*.com <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\*.pif <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\*.zip\*.jse <====== ATTENTION HKLM Group Policy restriction on software: *.png*.exe <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*\*.scr <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\rar*\*.scr <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*\*.js <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\*.exe <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\wz*\*.com <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.com <====== ATTENTION HKLM Group Policy restriction on software: *.txt*.pif <====== ATTENTION HKLM Group Policy restriction on software: %programdata%\*.exe <====== ATTENTION HKLM Group Policy restriction on software: *.jpg*.exe <====== ATTENTION HKLM Group Policy restriction on software: *.divx*.js <====== ATTENTION HKLM Group Policy restriction on software: *.ppt*.bat <====== ATTENTION HKLM Group Policy restriction on software: *.rtf*.jse <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.jse <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.scr <====== ATTENTION HKLM Group Policy restriction on software: *.ppt*.scr <====== ATTENTION HKLM Group Policy restriction on software: *.pdf*.com <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\*.com <====== ATTENTION HKLM Group Policy restriction on software: *.xls*.pif <====== ATTENTION HKLM Group Policy restriction on software: C:\Users\*.js <====== ATTENTION HKLM Group Policy restriction on software: %appdata%\*\*.bat <====== ATTENTION HKLM Group Policy restriction on software: *.divx*.scr <====== ATTENTION HKLM Group Policy restriction on software: *.gif*.cmd <====== ATTENTION HKLM Group Policy restriction on software: *.zip*.pif <====== ATTENTION HKLM Group Policy restriction on software: *.wav*.jse <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\*.scr <====== ATTENTION HKLM Group Policy restriction on software: *.wav*.bat <====== ATTENTION HKLM Group Policy restriction on software: *.ppt*.js <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\*.scr <====== ATTENTION HKLM Group Policy restriction on software: *.avi*.bat <====== ATTENTION HKLM Group Policy restriction on software: %programfiles(x86)%\*\svchost.exe <====== ATTENTION HKLM Group Policy restriction on software: *.pub*.cmd <====== ATTENTION HKLM Group Policy restriction on software: %appdata%\*.com <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\*.cmd <====== ATTENTION HKLM Group Policy restriction on software: *.png*.jse <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.cmd <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.pif <====== ATTENTION HKLM Group Policy restriction on software: *.zip*.cmd <====== ATTENTION HKLM Group Policy restriction on software: *.pdf*.cmd <====== ATTENTION HKLM Group Policy restriction on software: *.rtf*.pif <====== ATTENTION HKLM Group Policy restriction on software: C:\Users\*.jse <====== ATTENTION HKLM Group Policy restriction on software: *.wav*.com <====== ATTENTION HKLM Group Policy restriction on software: *.wmv*.jse <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.exe <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.scr <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\rar*\*.com <====== ATTENTION HKLM Group Policy restriction on software: %appdata%\*.js <====== ATTENTION HKLM Group Policy restriction on software: bcdedit.exe <====== ATTENTION HKLM Group Policy restriction on software: *.docx*.jse <====== ATTENTION HKLM Group Policy restriction on software: *.xls*.com <====== ATTENTION HKLM Group Policy restriction on software: *.doc*.cmd <====== ATTENTION HKLM Group Policy restriction on software: ** <====== ATTENTION HKLM Group Policy restriction on software: %programdata%\*.scr <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\*.com <====== ATTENTION HKLM Group Policy restriction on software: *.divx*.bat <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.pif <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\wz*\*.scr <====== ATTENTION HKLM Group Policy restriction on software: *.wmv*.exe <====== ATTENTION HKLM Group Policy restriction on software: *.gif*.jse <====== ATTENTION HKLM Group Policy restriction on software: *.pub*.jse <====== ATTENTION HKLM Group Policy restriction on software: %appdata%\*.pif <====== ATTENTION HKLM Group Policy restriction on software: *.ppt*.cmd <====== ATTENTION HKLM Group Policy restriction on software: *.xlsx*.scr <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\*.js <====== ATTENTION HKLM Group Policy restriction on software: *.pub*.com <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*\*.com <====== ATTENTION HKLM Group Policy restriction on software: *.mp4*.bat <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.exe <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\rar*\*.js <====== ATTENTION HKLM Group Policy restriction on software: *.7z*.js <====== ATTENTION HKLM Group Policy restriction on software: %allusersprofile%\*.scr <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\rar*\*.cmd <====== ATTENTION HKLM Group Policy restriction on software: *.gif*.pif <====== ATTENTION HKLM Group Policy restriction on software: *.png*.pif <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.bat <====== ATTENTION HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.js <====== ATTENTION HKLM Group Policy restriction on software: *.wmv*.com <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*\*.bat <====== ATTENTION HKLM Group Policy restriction on software: %allusersprofile%\*.jse <====== ATTENTION HKLM Group Policy restriction on software: *.png*.bat <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\*.zip\*.scr <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.pif <====== ATTENTION HKLM Group Policy restriction on software: *.mp3*.exe <====== ATTENTION HKLM Group Policy restriction on software: *.mp4*.js <====== ATTENTION HKLM Group Policy restriction on software: *.wav*.cmd <====== ATTENTION HKLM Group Policy restriction on software: *.pdf*.scr <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.com <====== ATTENTION HKLM Group Policy restriction on software: *.7z*.pif <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.cmd <====== ATTENTION HKLM Group Policy restriction on software: *.rar*.scr <====== ATTENTION HKLM Group Policy restriction on software: *.png*.scr <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\*.zip\*.js <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\wz*\*.cmd <====== ATTENTION HKLM Group Policy restriction on software: *.txt*.scr <====== ATTENTION HKLM Group Policy restriction on software: *.wma*.exe <====== ATTENTION HKLM Group Policy restriction on software: *.wav*.pif <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.scr <====== ATTENTION HKLM Group Policy restriction on software: *.zip*.scr <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\*.jse <====== ATTENTION HKLM Group Policy restriction on software: *.doc*.pif <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.exe <====== ATTENTION HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.cmd <====== ATTENTION HKLM Group Policy restriction on software: *.wmv*.js <====== ATTENTION HKLM Group Policy restriction on software: *.rar*.exe <====== ATTENTION HKLM Group Policy restriction on software: %appdata%\*\*.cmd <====== ATTENTION HKLM Group Policy restriction on software: %programdata%\*\svchost.exe <====== ATTENTION HKLM Group Policy restriction on software: *.xlsx*.cmd <====== ATTENTION HKLM Group Policy restriction on software: *.xlsx*.com <====== ATTENTION HKLM Group Policy restriction on software: *.ppt*.exe <====== ATTENTION HKLM Group Policy restriction on software: *.rtf*.scr <====== ATTENTION HKLM Group Policy restriction on software: *.bmp*.pif <====== ATTENTION HKLM Group Policy restriction on software: C:\Users\*.cmd <====== ATTENTION HKLM Group Policy restriction on software: *.pub*.js <====== ATTENTION HKLM Group Policy restriction on software: %allusersprofile%\*.js <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\7z*\*.com <====== ATTENTION HKLM Group Policy restriction on software: *.xlsx*.js <====== ATTENTION HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.exe <====== ATTENTION HKLM Group Policy restriction on software: *.xls*.jse <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.jse <====== ATTENTION HKLM Group Policy restriction on software: *.divx*.com <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.js <====== ATTENTION HKLM Group Policy restriction on software: *.rar*.jse <====== ATTENTION HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.com <====== ATTENTION HKLM Group Policy restriction on software: *.pptx*.pif <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.js <====== ATTENTION HKLM Group Policy restriction on software: syskey.exe <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\*.bat <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.bat <====== ATTENTION HKLM Group Policy restriction on software: *.jpeg*.pif <====== ATTENTION HKLM Group Policy restriction on software: *.xls*.scr <====== ATTENTION HKLM Group Policy restriction on software: %appdata%\*\*.jse <====== ATTENTION HKLM Group Policy restriction on software: *.txt*.cmd <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\Appdata\Roaming\Microsoft\Windows\IEUpdate\*.exe <====== ATTENTION HKLM Group Policy restriction on software: *.jpg*.bat <====== ATTENTION HKLM Group Policy restriction on software: *.wma*.scr <====== ATTENTION HKLM Group Policy restriction on software: *.zip*.jse <====== ATTENTION HKLM Group Policy restriction on software: *.png*.cmd <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.pif <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.jse <====== ATTENTION HKLM Group Policy restriction on software: *.jpeg*.exe <====== ATTENTION HKLM Group Policy restriction on software: lsassvrtdbks.exe <====== ATTENTION HKLM Group Policy restriction on software: *.pptx*.exe <====== ATTENTION HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.jse <====== ATTENTION HKLM Group Policy restriction on software: *.gif*.js <====== ATTENTION HKLM Group Policy restriction on software: *.wma*.bat <====== ATTENTION HKLM Group Policy restriction on software: *.xls*.js <====== ATTENTION HKLM Group Policy restriction on software: *.jpg*.cmd <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\wz*\*.js <====== ATTENTION HKLM Group Policy restriction on software: *.xlsx*.bat <====== ATTENTION HKLM Group Policy restriction on software: *:\$Recycle.Bin <====== ATTENTION HKLM Group Policy restriction on software: %appdata%\*.scr <====== ATTENTION HKLM Group Policy restriction on software: *.wav*.js <====== ATTENTION HKLM Group Policy restriction on software: %appdata%\*\*.js <====== ATTENTION HKLM Group Policy restriction on software: %systemdrive%\*\svchost.exe <====== ATTENTION HKLM Group Policy restriction on software: *.jpeg*.bat <====== ATTENTION HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.scr <====== ATTENTION HKLM Group Policy restriction on software: *.divx*.exe <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\*.pif <====== ATTENTION HKLM Group Policy restriction on software: *.pub*.exe <====== ATTENTION HKLM Group Policy restriction on software: *.pptx*.scr <====== ATTENTION HKLM Group Policy restriction on software: %appdata%\*.exe <====== ATTENTION HKLM Group Policy restriction on software: *.jpeg*.js <====== ATTENTION HKLM Group Policy restriction on software: *.png*.com <====== ATTENTION HKLM Group Policy restriction on software: %allusersprofile%\*.pif <====== ATTENTION HKLM Group Policy restriction on software: *.pdf*.js <====== ATTENTION HKLM Group Policy restriction on software: *.bmp*.jse <====== ATTENTION HKLM Group Policy restriction on software: *.zip*.bat <====== ATTENTION HKLM Group Policy restriction on software: *.jpg*.jse <====== ATTENTION HKLM Group Policy restriction on software: *.rtf*.cmd <====== ATTENTION HKLM Group Policy restriction on software: %programdata%\*.js <====== ATTENTION HKLM Group Policy restriction on software: *.mp4*.com <====== ATTENTION HKLM Group Policy restriction on software: *.pdf*.pif <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.cmd <====== ATTENTION HKLM Group Policy restriction on software: %appdata%\*.cmd <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.bat <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.scr <====== ATTENTION HKLM Group Policy restriction on software: *.jpeg*.com <====== ATTENTION HKLM Group Policy restriction on software: *.docx*.com <====== ATTENTION HKLM Group Policy restriction on software: *.pub*.bat <====== ATTENTION HKLM Group Policy restriction on software: *.xls*.exe <====== ATTENTION HKLM Group Policy restriction on software: *.wma*.jse <====== ATTENTION HKLM Group Policy restriction on software: *.docx*.exe <====== ATTENTION HKLM Group Policy restriction on software: *.docx*.bat <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.com <====== ATTENTION HKLM Group Policy restriction on software: *.rtf*.bat <====== ATTENTION HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.bat <====== ATTENTION HKLM Group Policy restriction on software: *.mp3*.scr <====== ATTENTION HKLM Group Policy restriction on software: *.jpeg*.cmd <====== ATTENTION HKLM Group Policy restriction on software: *.zip*.js <====== ATTENTION HKLM Group Policy restriction on software: *.rar*.js <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.com <====== ATTENTION HKLM Group Policy restriction on software: *.xlsx*.jse <====== ATTENTION HKLM Group Policy restriction on software: *.mp4*.jse <====== ATTENTION HKLM Group Policy restriction on software: cipher.exe <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\wz*\*.pif <====== ATTENTION HKLM Group Policy restriction on software: *.gif*.bat <====== ATTENTION HKLM Group Policy restriction on software: *.doc*.jse <====== ATTENTION HKLM Group Policy restriction on software: *.gif*.exe <====== ATTENTION HKLM Group Policy restriction on software: *.mp3*.com <====== ATTENTION HKLM Group Policy restriction on software: *.avi*.scr <====== ATTENTION HKLM Group Policy restriction on software: *.7z*.jse <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.exe <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\7z*\*.cmd <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.js <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.scr <====== ATTENTION HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.pif <====== ATTENTION HKLM Group Policy restriction on software: %appdata%\*\*.com <====== ATTENTION HKLM Group Policy restriction on software: *.xlsx*.pif <====== ATTENTION HKLM Group Policy restriction on software: %appdata%\*\*.pif <====== ATTENTION HKLM Group Policy restriction on software: *.pptx*.cmd <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\*.cmd <====== ATTENTION HKLM Group Policy restriction on software: %allusersprofile%\*.bat <====== ATTENTION HKLM Group Policy restriction on software: *.docx*.cmd <====== ATTENTION HKLM Group Policy restriction on software: *.xls*.cmd <====== ATTENTION HKLM Group Policy restriction on software: *.mp3*.bat <====== ATTENTION HKLM Group Policy restriction on software: *.divx*.pif <====== ATTENTION HKLM Group Policy restriction on software: *.bmp*.exe <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\*.zip\*.exe <====== ATTENTION HKLM Group Policy restriction on software: *.mp4*.scr <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.exe <====== ATTENTION HKLM Group Policy restriction on software: *.wmv*.pif <====== ATTENTION HKLM Group Policy restriction on software: *.rtf*.js <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\*.bat <====== ATTENTION HKLM Group Policy restriction on software: *.jpg*.pif <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\7z*\*.scr <====== ATTENTION HKLM Group Policy restriction on software: *.pdf*.bat <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.cmd <====== ATTENTION HKLM Group Policy restriction on software: *.pdf*.jse <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.bat <====== ATTENTION HKLM Group Policy restriction on software: *.pptx*.com <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\*.zip\*.pif <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\7z*\*.pif <====== ATTENTION HKLM Group Policy restriction on software: *.divx*.jse <====== ATTENTION HKLM Group Policy restriction on software: *.docx*.js <====== ATTENTION HKLM Group Policy restriction on software: *.xlsx*.exe <====== ATTENTION HKLM Group Policy restriction on software: *.pptx*.js <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.com <====== ATTENTION HKLM Group Policy restriction on software: *.7z*.scr <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.jse <====== ATTENTION HKLM Group Policy restriction on software: *.ppt*.jse <====== ATTENTION HKLM Group Policy restriction on software: *.png*.js <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.jse <====== ATTENTION HKLM Group Policy restriction on software: %allusersprofile%\*.cmd <====== ATTENTION HKLM Group Policy restriction on software: %programdata%\*.com <====== ATTENTION HKLM Group Policy restriction on software: vssadmin.exe <====== ATTENTION HKLM Group Policy restriction on software: *.txt*.exe <====== ATTENTION HKLM Group Policy restriction on software: *.wav*.exe <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\*.js <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\*.jse <====== ATTENTION HKLM Group Policy restriction on software: %programfiles%\*\svchost.exe <====== ATTENTION HKLM Group Policy restriction on software: *.rar*.pif <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\*.exe <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.pif <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\*.zip\*.bat <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\wz*\*.jse <====== ATTENTION HKLM Group Policy restriction on software: *.mp4*.cmd <====== ATTENTION HKLM Group Policy restriction on software: *.wma*.js <====== ATTENTION HKLM Group Policy restriction on software: lsassw86s.exe <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\*.bat <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\*.cmd <====== ATTENTION Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) HKU\S-1-5-21-1359419172-3491595909-2348629299-1000\...\Run: [FactoryTest] => C:\Windows\Test.bat HKU\S-1-5-21-1359419172-3491595909-2348629299-1000\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2011-12-27] (Google Inc.) HKU\S-1-5-21-1359419172-3491595909-2348629299-1000\...\Run: [Power2GoExpress] => NA HKU\S-1-5-21-1359419172-3491595909-2348629299-1000\...\Run: [msnmsgr] => C:\Program Files (x86)\Windows Live\Messenger\MsnMsgr.Exe [5729136 2007-05-17] (Microsoft Corporation) HKU\S-1-5-21-1359419172-3491595909-2348629299-1000\...\Run: [BitTorrent] => C:\Users\Yu Zheng\AppData\Roaming\BitTorrent\BitTorrent.exe [1972232 2016-05-21] (BitTorrent Inc.) HKU\S-1-5-21-1359419172-3491595909-2348629299-1000\...\MountPoints2: {7f29c7e9-9278-11e1-bed1-60d819ebe2f0} - H:\Windows\CHECK\DriveNavigator.exe HKU\S-1-5-21-1359419172-3491595909-2348629299-1000\...\MountPoints2: {e5e6b698-c6dd-11e1-8337-005056c00008} - J:\autorun.exe HKU\S-1-5-21-1359419172-3491595909-2348629299-1001\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2011-12-27] (Google Inc.) HKU\S-1-5-21-1359419172-3491595909-2348629299-1001\...\Run: [msnmsgr] => C:\Program Files (x86)\Windows Live\Messenger\MsnMsgr.Exe [5729136 2007-05-17] (Microsoft Corporation) HKU\S-1-5-21-1359419172-3491595909-2348629299-1001\...\Run: [BitTorrent] => C:\Users\Yu Zheng\AppData\Roaming\BitTorrent\BitTorrent.exe [1972232 2016-05-21] (BitTorrent Inc.) HKU\S-1-5-21-1359419172-3491595909-2348629299-1001\...\Run: [MySQL Notifier] => C:\Program Files (x86)\MySQL\MySQL Notifier 1.1.5\MySqlNotifier.exe [771584 2013-11-25] (Oracle Corporation) HKU\S-1-5-21-1359419172-3491595909-2348629299-1001\...\Run: [OfficeSyncProcess] => C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE [717696 2010-01-16] (Microsoft Corporation) HKU\S-1-5-21-1359419172-3491595909-2348629299-1001\...\Run: [IDMan] => C:\Program Files (x86)\Internet Download Manager\IDMan.exe [3907152 2015-09-04] (Tonec Inc.) HKU\S-1-5-21-1359419172-3491595909-2348629299-1001\...\MountPoints2: {e5e6b698-c6dd-11e1-8337-005056c00008} - J:\SETUP.EXE HKU\S-1-5-18\...\Run: [label] => "C:\windows\system32\config\systemprofile\AppData\Roaming\{FBFAFF78-223B-D7FF-6D0C-F7C584759878}\label.exe" HKU\S-1-5-18\...\Run: [rdrleakdiag] => "C:\windows\system32\config\systemprofile\AppData\Roaming\{FBFAFF78-223B-D7FF-6D0C-F7C584759878}\rdrleakdiag.exe" HKU\S-1-5-18\...\Run: [mfpmp] => "C:\windows\system32\config\systemprofile\AppData\Roaming\{FBFAFF78-223B-D7FF-6D0C-F7C584759878}\mfpmp.exe" HKU\S-1-5-18\...\Run: [NAPSTAT] => "C:\windows\system32\config\systemprofile\AppData\Roaming\{FBFAFF78-223B-D7FF-6D0C-F7C584759878}\NAPSTAT.EXE" HKU\S-1-5-18\...\Run: [msdt] => "C:\windows\system32\config\systemprofile\AppData\Roaming\{FBFAFF78-223B-D7FF-6D0C-F7C584759878}\msdt.exe" HKU\S-1-5-18\...\Run: [systeminfo] => "C:\windows\system32\config\systemprofile\AppData\Roaming\{FBFAFF78-223B-D7FF-6D0C-F7C584759878}\systeminfo.exe" HKU\S-1-5-18\...\Run: [mcbuilder] => "C:\windows\system32\config\systemprofile\AppData\Roaming\{FBFAFF78-223B-D7FF-6D0C-F7C584759878}\mcbuilder.exe" HKU\S-1-5-18\...\Run: [doskey] => "C:\windows\system32\config\systemprofile\AppData\Roaming\{FBFAFF78-223B-D7FF-6D0C-F7C584759878}\doskey.exe" HKU\S-1-5-18\...\Run: [syskey] => "C:\windows\system32\config\systemprofile\AppData\Roaming\{FBFAFF78-223B-D7FF-6D0C-F7C584759878}\syskey.exe" HKU\S-1-5-18\...\Run: [rasdial] => "C:\windows\system32\config\systemprofile\AppData\Roaming\{FBFAFF78-223B-D7FF-6D0C-F7C584759878}\rasdial.exe" HKU\S-1-5-18\...\Run: [ktmutil] => "C:\windows\system32\config\systemprofile\AppData\Roaming\{FBFAFF78-223B-D7FF-6D0C-F7C584759878}\ktmutil.exe" HKU\S-1-5-18\...\Run: [fontview] => "C:\windows\system32\config\systemprofile\AppData\Roaming\{FBFAFF78-223B-D7FF-6D0C-F7C584759878}\fontview.exe" HKU\S-1-5-18\...\Run: [newdev] => "C:\windows\system32\config\systemprofile\AppData\Roaming\{FBFAFF78-223B-D7FF-6D0C-F7C584759878}\newdev.exe" HKU\S-1-5-18\...\Run: [mmc] => "C:\windows\system32\config\systemprofile\AppData\Roaming\{FBFAFF78-223B-D7FF-6D0C-F7C584759878}\mmc.exe" HKU\S-1-5-18\...\Run: [ndadmin] => "C:\windows\system32\config\systemprofile\AppData\Roaming\{FBFAFF78-223B-D7FF-6D0C-F7C584759878}\ndadmin.exe" HKU\S-1-5-18\...\Run: [pcaui] => "C:\windows\system32\config\systemprofile\AppData\Roaming\{FBFAFF78-223B-D7FF-6D0C-F7C584759878}\pcaui.exe" HKU\S-1-5-18\...\Run: [cliconfg] => "C:\windows\system32\config\systemprofile\AppData\Roaming\{FBFAFF78-223B-D7FF-6D0C-F7C584759878}\cliconfg.exe" HKU\S-1-5-18\...\Run: [fixmapi] => "C:\windows\system32\config\systemprofile\AppData\Roaming\{FBFAFF78-223B-D7FF-6D0C-F7C584759878}\fixmapi.exe" HKU\S-1-5-18\...\Run: [eventcreate] => "C:\windows\system32\config\systemprofile\AppData\Roaming\{FBFAFF78-223B-D7FF-6D0C-F7C584759878}\eventcreate.exe" HKU\S-1-5-18\...\Run: [TCPSVCS] => "C:\windows\system32\config\systemprofile\AppData\Roaming\{FBFAFF78-223B-D7FF-6D0C-F7C584759878}\TCPSVCS.EXE" HKU\S-1-5-18\...\Run: [HOSTNAME] => "C:\windows\system32\config\systemprofile\AppData\Roaming\{FBFAFF78-223B-D7FF-6D0C-F7C584759878}\HOSTNAME.EXE" HKU\S-1-5-18\...\Run: [UserAccountControlSettings] => "C:\windows\system32\config\systemprofile\AppData\Roaming\{FBFAFF78-223B-D7FF-6D0C-F7C584759878}\UserAccountControlSettings.exe" HKU\S-1-5-18\...\Run: [wecutil] => "C:\windows\system32\config\systemprofile\AppData\Roaming\{FBFAFF78-223B-D7FF-6D0C-F7C584759878}\wecutil.exe" HKU\S-1-5-18\...\Run: [icsunattend] => "C:\windows\system32\config\systemprofile\AppData\Roaming\{FBFAFF78-223B-D7FF-6D0C-F7C584759878}\icsunattend.exe" HKU\S-1-5-18\...\Run: [shrpubw] => "C:\windows\system32\config\systemprofile\AppData\Roaming\{FBFAFF78-223B-D7FF-6D0C-F7C584759878}\shrpubw.exe" HKU\S-1-5-18\...\Run: [forfiles] => "C:\windows\system32\config\systemprofile\AppData\Roaming\{FBFAFF78-223B-D7FF-6D0C-F7C584759878}\forfiles.exe" HKU\S-1-5-18\...\Run: [netbtugc] => "C:\windows\system32\config\systemprofile\AppData\Roaming\{FBFAFF78-223B-D7FF-6D0C-F7C584759878}\netbtugc.exe" HKU\S-1-5-18\...\Run: [typeperf] => "C:\windows\system32\config\systemprofile\AppData\Roaming\{FBFAFF78-223B-D7FF-6D0C-F7C584759878}\typeperf.exe" HKU\S-1-5-18\...\Run: [Magnify] => "C:\windows\system32\config\systemprofile\AppData\Roaming\{FBFAFF78-223B-D7FF-6D0C-F7C584759878}\Magnify.exe" HKU\S-1-5-18\...\Run: [verclsid] => "C:\windows\system32\config\systemprofile\AppData\Roaming\{FBFAFF78-223B-D7FF-6D0C-F7C584759878}\verclsid.exe" HKU\S-1-5-18\...\Run: [unlodctr] => "C:\windows\system32\config\systemprofile\AppData\Roaming\{FBFAFF78-223B-D7FF-6D0C-F7C584759878}\unlodctr.exe" HKU\S-1-5-18\...\Run: [bitsadmin] => "C:\windows\system32\config\systemprofile\AppData\Roaming\{FBFAFF78-223B-D7FF-6D0C-F7C584759878}\bitsadmin.exe" HKU\S-1-5-18\...\Run: [mountvol] => "C:\windows\system32\config\systemprofile\AppData\Roaming\{FBFAFF78-223B-D7FF-6D0C-F7C584759878}\mountvol.exe" HKU\S-1-5-18\...\Run: [MRINFO] => "C:\windows\system32\config\systemprofile\AppData\Roaming\{FBFAFF78-223B-D7FF-6D0C-F7C584759878}\MRINFO.EXE" HKU\S-1-5-18\...\Run: [SndVol] => "C:\windows\system32\config\systemprofile\AppData\Roaming\{FBFAFF78-223B-D7FF-6D0C-F7C584759878}\SndVol.exe" HKU\S-1-5-18\...\Run: [mshta] => "C:\windows\system32\config\systemprofile\AppData\Roaming\{FBFAFF78-223B-D7FF-6D0C-F7C584759878}\mshta.exe" HKU\S-1-5-18\...\Run: [TapiUnattend] => "C:\windows\system32\config\systemprofile\AppData\Roaming\{FBFAFF78-223B-D7FF-6D0C-F7C584759878}\TapiUnattend.exe" HKU\S-1-5-18\...\Run: [esentutl] => "C:\windows\system32\config\systemprofile\AppData\Roaming\{FBFAFF78-223B-D7FF-6D0C-F7C584759878}\esentutl.exe" HKU\S-1-5-18\...\Run: [WSManHTTPConfig] => "C:\windows\system32\config\systemprofile\AppData\Roaming\{FBFAFF78-223B-D7FF-6D0C-F7C584759878}\WSManHTTPConfig.exe" HKU\S-1-5-18\...\Run: [dccw] => "C:\windows\system32\config\systemprofile\AppData\Roaming\{FBFAFF78-223B-D7FF-6D0C-F7C584759878}\dccw.exe" HKU\S-1-5-18\...\Run: [vmnat] => "C:\windows\system32\config\systemprofile\AppData\Roaming\{FBFAFF78-223B-D7FF-6D0C-F7C584759878}\vmnat.exe" HKU\S-1-5-18\...\Run: [sc] => "C:\windows\system32\config\systemprofile\AppData\Roaming\{FBFAFF78-223B-D7FF-6D0C-F7C584759878}\sc.exe" HKU\S-1-5-18\...\Run: [icardagt] => "C:\windows\system32\config\systemprofile\AppData\Roaming\{FBFAFF78-223B-D7FF-6D0C-F7C584759878}\icardagt.exe" HKU\S-1-5-18\...\Run: [chkdsk] => "C:\windows\system32\config\systemprofile\AppData\Roaming\{FBFAFF78-223B-D7FF-6D0C-F7C584759878}\chkdsk.exe" HKU\S-1-5-18\...\Run: [icacls] => "C:\windows\system32\config\systemprofile\AppData\Roaming\{FBFAFF78-223B-D7FF-6D0C-F7C584759878}\icacls.exe" HKU\S-1-5-18\...\Run: [SearchIndexer] => "C:\windows\system32\config\systemprofile\AppData\Roaming\{FBFAFF78-223B-D7FF-6D0C-F7C584759878}\SearchIndexer.exe" HKU\S-1-5-18\...\Run: [whoami] => "C:\windows\system32\config\systemprofile\AppData\Roaming\{FBFAFF78-223B-D7FF-6D0C-F7C584759878}\whoami.exe" HKU\S-1-5-18\...\Run: [dfrgui] => "C:\windows\system32\config\systemprofile\AppData\Roaming\{FBFAFF78-223B-D7FF-6D0C-F7C584759878}\dfrgui.exe" HKU\S-1-5-18\...\Run: [MuiUnattend] => "C:\windows\system32\config\systemprofile\AppData\Roaming\{FBFAFF78-223B-D7FF-6D0C-F7C584759878}\MuiUnattend.exe" HKU\S-1-5-18\...\Run: [cipher] => "C:\windows\system32\config\systemprofile\AppData\Roaming\{FBFAFF78-223B-D7FF-6D0C-F7C584759878}\cipher.exe" HKU\S-1-5-18\...\Run: [rasautou] => "C:\windows\system32\config\systemprofile\AppData\Roaming\{FBFAFF78-223B-D7FF-6D0C-F7C584759878}\rasautou.exe" HKU\S-1-5-18\...\Run: [lodctr] => "C:\windows\system32\config\systemprofile\AppData\Roaming\{FBFAFF78-223B-D7FF-6D0C-F7C584759878}\lodctr.exe" HKU\S-1-5-18\...\Run: [xpsrchvw] => "C:\windows\system32\config\systemprofile\AppData\Roaming\{FBFAFF78-223B-D7FF-6D0C-F7C584759878}\xpsrchvw.exe" HKU\S-1-5-18\...\Run: [auditpol] => "C:\windows\system32\config\systemprofile\AppData\Roaming\{FBFAFF78-223B-D7FF-6D0C-F7C584759878}\auditpol.exe" HKU\S-1-5-18\...\Run: [FlashPlayerApp] => "C:\windows\system32\config\systemprofile\AppData\Roaming\{FBFAFF78-223B-D7FF-6D0C-F7C584759878}\FlashPlayerApp.exe" HKU\S-1-5-18\...\Run: [charmap] => "C:\windows\system32\config\systemprofile\AppData\Roaming\{FBFAFF78-223B-D7FF-6D0C-F7C584759878}\charmap.exe" HKU\S-1-5-18\...\Run: [RunLegacyCPLElevated] => "C:\windows\system32\config\systemprofile\AppData\Roaming\{FBFAFF78-223B-D7FF-6D0C-F7C584759878}\RunLegacyCPLElevated.exe" HKU\S-1-5-18\...\Run: [poqexec] => "C:\windows\system32\config\systemprofile\AppData\Roaming\{FBFAFF78-223B-D7FF-6D0C-F7C584759878}\poqexec.exe" HKU\S-1-5-18\...\Run: [dialer] => "C:\windows\system32\config\systemprofile\AppData\Roaming\{FBFAFF78-223B-D7FF-6D0C-F7C584759878}\dialer.exe" HKU\S-1-5-18\...\Run: [ctfmon] => "C:\windows\system32\config\systemprofile\AppData\Roaming\{FBFAFF78-223B-D7FF-6D0C-F7C584759878}\ctfmon.exe" HKU\S-1-5-18\...\Run: [cacls] => "C:\windows\system32\config\systemprofile\AppData\Roaming\{FBFAFF78-223B-D7FF-6D0C-F7C584759878}\cacls.exe" HKU\S-1-5-18\...\Run: [isoburn] => "C:\windows\system32\config\systemprofile\AppData\Roaming\{FBFAFF78-223B-D7FF-6D0C-F7C584759878}\isoburn.exe" HKU\S-1-5-18\...\RunOnce: [label] => "C:\windows\system32\config\systemprofile\AppData\Roaming\{FBFAFF78-223B-D7FF-6D0C-F7C584759878}\label.exe" HKU\S-1-5-18\...\RunOnce: [rdrleakdiag] => "C:\windows\system32\config\systemprofile\AppData\Roaming\{FBFAFF78-223B-D7FF-6D0C-F7C584759878}\rdrleakdiag.exe" HKU\S-1-5-18\...\RunOnce: [mfpmp] => "C:\windows\system32\config\systemprofile\AppData\Roaming\{FBFAFF78-223B-D7FF-6D0C-F7C584759878}\mfpmp.exe" HKU\S-1-5-18\...\RunOnce: [NAPSTAT] => "C:\windows\system32\config\systemprofile\AppData\Roaming\{FBFAFF78-223B-D7FF-6D0C-F7C584759878}\NAPSTAT.EXE" HKU\S-1-5-18\...\RunOnce: [msdt] => "C:\windows\system32\config\systemprofile\AppData\Roaming\{FBFAFF78-223B-D7FF-6D0C-F7C584759878}\msdt.exe" HKU\S-1-5-18\...\RunOnce: [systeminfo] => "C:\windows\system32\config\systemprofile\AppData\Roaming\{FBFAFF78-223B-D7FF-6D0C-F7C584759878}\systeminfo.exe" HKU\S-1-5-18\...\RunOnce: [mcbuilder] => "C:\windows\system32\config\systemprofile\AppData\Roaming\{FBFAFF78-223B-D7FF-6D0C-F7C584759878}\mcbuilder.exe" HKU\S-1-5-18\...\RunOnce: [doskey] => "C:\windows\system32\config\systemprofile\AppData\Roaming\{FBFAFF78-223B-D7FF-6D0C-F7C584759878}\doskey.exe" HKU\S-1-5-18\...\RunOnce: [syskey] => "C:\windows\system32\config\systemprofile\AppData\Roaming\{FBFAFF78-223B-D7FF-6D0C-F7C584759878}\syskey.exe" HKU\S-1-5-18\...\RunOnce: [rasdial] => "C:\windows\system32\config\systemprofile\AppData\Roaming\{FBFAFF78-223B-D7FF-6D0C-F7C584759878}\rasdial.exe" HKU\S-1-5-18\...\RunOnce: [ktmutil] => "C:\windows\system32\config\systemprofile\AppData\Roaming\{FBFAFF78-223B-D7FF-6D0C-F7C584759878}\ktmutil.exe" HKU\S-1-5-18\...\RunOnce: [fontview] => "C:\windows\system32\config\systemprofile\AppData\Roaming\{FBFAFF78-223B-D7FF-6D0C-F7C584759878}\fontview.exe" HKU\S-1-5-18\...\RunOnce: [newdev] => "C:\windows\system32\config\systemprofile\AppData\Roaming\{FBFAFF78-223B-D7FF-6D0C-F7C584759878}\newdev.exe" HKU\S-1-5-18\...\RunOnce: [mmc] => "C:\windows\system32\config\systemprofile\AppData\Roaming\{FBFAFF78-223B-D7FF-6D0C-F7C584759878}\mmc.exe" HKU\S-1-5-18\...\RunOnce: [ndadmin] => "C:\windows\system32\config\systemprofile\AppData\Roaming\{FBFAFF78-223B-D7FF-6D0C-F7C584759878}\ndadmin.exe" HKU\S-1-5-18\...\RunOnce: [pcaui] => "C:\windows\system32\config\systemprofile\AppData\Roaming\{FBFAFF78-223B-D7FF-6D0C-F7C584759878}\pcaui.exe" HKU\S-1-5-18\...\RunOnce: [cliconfg] => "C:\windows\system32\config\systemprofile\AppData\Roaming\{FBFAFF78-223B-D7FF-6D0C-F7C584759878}\cliconfg.exe" HKU\S-1-5-18\...\RunOnce: [fixmapi] => "C:\windows\system32\config\systemprofile\AppData\Roaming\{FBFAFF78-223B-D7FF-6D0C-F7C584759878}\fixmapi.exe" HKU\S-1-5-18\...\RunOnce: [eventcreate] => "C:\windows\system32\config\systemprofile\AppData\Roaming\{FBFAFF78-223B-D7FF-6D0C-F7C584759878}\eventcreate.exe" HKU\S-1-5-18\...\RunOnce: [TCPSVCS] => "C:\windows\system32\config\systemprofile\AppData\Roaming\{FBFAFF78-223B-D7FF-6D0C-F7C584759878}\TCPSVCS.EXE" HKU\S-1-5-18\...\RunOnce: [HOSTNAME] => "C:\windows\system32\config\systemprofile\AppData\Roaming\{FBFAFF78-223B-D7FF-6D0C-F7C584759878}\HOSTNAME.EXE" HKU\S-1-5-18\...\RunOnce: [UserAccountControlSettings] => "C:\windows\system32\config\systemprofile\AppData\Roaming\{FBFAFF78-223B-D7FF-6D0C-F7C584759878}\UserAccountControlSettings.exe" HKU\S-1-5-18\...\RunOnce: [wecutil] => "C:\windows\system32\config\systemprofile\AppData\Roaming\{FBFAFF78-223B-D7FF-6D0C-F7C584759878}\wecutil.exe" HKU\S-1-5-18\...\RunOnce: [icsunattend] => "C:\windows\system32\config\systemprofile\AppData\Roaming\{FBFAFF78-223B-D7FF-6D0C-F7C584759878}\icsunattend.exe" HKU\S-1-5-18\...\RunOnce: [shrpubw] => "C:\windows\system32\config\systemprofile\AppData\Roaming\{FBFAFF78-223B-D7FF-6D0C-F7C584759878}\shrpubw.exe" HKU\S-1-5-18\...\RunOnce: [forfiles] => "C:\windows\system32\config\systemprofile\AppData\Roaming\{FBFAFF78-223B-D7FF-6D0C-F7C584759878}\forfiles.exe" HKU\S-1-5-18\...\RunOnce: [netbtugc] => "C:\windows\system32\config\systemprofile\AppData\Roaming\{FBFAFF78-223B-D7FF-6D0C-F7C584759878}\netbtugc.exe" HKU\S-1-5-18\...\RunOnce: [typeperf] => "C:\windows\system32\config\systemprofile\AppData\Roaming\{FBFAFF78-223B-D7FF-6D0C-F7C584759878}\typeperf.exe" HKU\S-1-5-18\...\RunOnce: [Magnify] => "C:\windows\system32\config\systemprofile\AppData\Roaming\{FBFAFF78-223B-D7FF-6D0C-F7C584759878}\Magnify.exe" HKU\S-1-5-18\...\RunOnce: [verclsid] => "C:\windows\system32\config\systemprofile\AppData\Roaming\{FBFAFF78-223B-D7FF-6D0C-F7C584759878}\verclsid.exe" HKU\S-1-5-18\...\RunOnce: [unlodctr] => "C:\windows\system32\config\systemprofile\AppData\Roaming\{FBFAFF78-223B-D7FF-6D0C-F7C584759878}\unlodctr.exe" HKU\S-1-5-18\...\RunOnce: [bitsadmin] => "C:\windows\system32\config\systemprofile\AppData\Roaming\{FBFAFF78-223B-D7FF-6D0C-F7C584759878}\bitsadmin.exe" HKU\S-1-5-18\...\RunOnce: [mountvol] => "C:\windows\system32\config\systemprofile\AppData\Roaming\{FBFAFF78-223B-D7FF-6D0C-F7C584759878}\mountvol.exe" HKU\S-1-5-18\...\RunOnce: [MRINFO] => "C:\windows\system32\config\systemprofile\AppData\Roaming\{FBFAFF78-223B-D7FF-6D0C-F7C584759878}\MRINFO.EXE" HKU\S-1-5-18\...\RunOnce: [SndVol] => "C:\windows\system32\config\systemprofile\AppData\Roaming\{FBFAFF78-223B-D7FF-6D0C-F7C584759878}\SndVol.exe" HKU\S-1-5-18\...\RunOnce: [mshta] => "C:\windows\system32\config\systemprofile\AppData\Roaming\{FBFAFF78-223B-D7FF-6D0C-F7C584759878}\mshta.exe" HKU\S-1-5-18\...\RunOnce: [TapiUnattend] => "C:\windows\system32\config\systemprofile\AppData\Roaming\{FBFAFF78-223B-D7FF-6D0C-F7C584759878}\TapiUnattend.exe" HKU\S-1-5-18\...\RunOnce: [esentutl] => "C:\windows\system32\config\systemprofile\AppData\Roaming\{FBFAFF78-223B-D7FF-6D0C-F7C584759878}\esentutl.exe" HKU\S-1-5-18\...\RunOnce: [WSManHTTPConfig] => "C:\windows\system32\config\systemprofile\AppData\Roaming\{FBFAFF78-223B-D7FF-6D0C-F7C584759878}\WSManHTTPConfig.exe" HKU\S-1-5-18\...\RunOnce: [dccw] => "C:\windows\system32\config\systemprofile\AppData\Roaming\{FBFAFF78-223B-D7FF-6D0C-F7C584759878}\dccw.exe" HKU\S-1-5-18\...\RunOnce: [vmnat] => "C:\windows\system32\config\systemprofile\AppData\Roaming\{FBFAFF78-223B-D7FF-6D0C-F7C584759878}\vmnat.exe" HKU\S-1-5-18\...\RunOnce: [sc] => "C:\windows\system32\config\systemprofile\AppData\Roaming\{FBFAFF78-223B-D7FF-6D0C-F7C584759878}\sc.exe" HKU\S-1-5-18\...\RunOnce: [icardagt] => "C:\windows\system32\config\systemprofile\AppData\Roaming\{FBFAFF78-223B-D7FF-6D0C-F7C584759878}\icardagt.exe" HKU\S-1-5-18\...\RunOnce: [chkdsk] => "C:\windows\system32\config\systemprofile\AppData\Roaming\{FBFAFF78-223B-D7FF-6D0C-F7C584759878}\chkdsk.exe" HKU\S-1-5-18\...\RunOnce: [icacls] => "C:\windows\system32\config\systemprofile\AppData\Roaming\{FBFAFF78-223B-D7FF-6D0C-F7C584759878}\icacls.exe" HKU\S-1-5-18\...\RunOnce: [SearchIndexer] => "C:\windows\system32\config\systemprofile\AppData\Roaming\{FBFAFF78-223B-D7FF-6D0C-F7C584759878}\SearchIndexer.exe" HKU\S-1-5-18\...\RunOnce: [whoami] => "C:\windows\system32\config\systemprofile\AppData\Roaming\{FBFAFF78-223B-D7FF-6D0C-F7C584759878}\whoami.exe" HKU\S-1-5-18\...\RunOnce: [dfrgui] => "C:\windows\system32\config\systemprofile\AppData\Roaming\{FBFAFF78-223B-D7FF-6D0C-F7C584759878}\dfrgui.exe" HKU\S-1-5-18\...\RunOnce: [MuiUnattend] => "C:\windows\system32\config\systemprofile\AppData\Roaming\{FBFAFF78-223B-D7FF-6D0C-F7C584759878}\MuiUnattend.exe" HKU\S-1-5-18\...\RunOnce: [cipher] => "C:\windows\system32\config\systemprofile\AppData\Roaming\{FBFAFF78-223B-D7FF-6D0C-F7C584759878}\cipher.exe" HKU\S-1-5-18\...\RunOnce: [rasautou] => "C:\windows\system32\config\systemprofile\AppData\Roaming\{FBFAFF78-223B-D7FF-6D0C-F7C584759878}\rasautou.exe" HKU\S-1-5-18\...\RunOnce: [lodctr] => "C:\windows\system32\config\systemprofile\AppData\Roaming\{FBFAFF78-223B-D7FF-6D0C-F7C584759878}\lodctr.exe" HKU\S-1-5-18\...\RunOnce: [xpsrchvw] => "C:\windows\system32\config\systemprofile\AppData\Roaming\{FBFAFF78-223B-D7FF-6D0C-F7C584759878}\xpsrchvw.exe" HKU\S-1-5-18\...\RunOnce: [auditpol] => "C:\windows\system32\config\systemprofile\AppData\Roaming\{FBFAFF78-223B-D7FF-6D0C-F7C584759878}\auditpol.exe" HKU\S-1-5-18\...\RunOnce: [FlashPlayerApp] => "C:\windows\system32\config\systemprofile\AppData\Roaming\{FBFAFF78-223B-D7FF-6D0C-F7C584759878}\FlashPlayerApp.exe" HKU\S-1-5-18\...\RunOnce: [charmap] => "C:\windows\system32\config\systemprofile\AppData\Roaming\{FBFAFF78-223B-D7FF-6D0C-F7C584759878}\charmap.exe" HKU\S-1-5-18\...\RunOnce: [RunLegacyCPLElevated] => "C:\windows\system32\config\systemprofile\AppData\Roaming\{FBFAFF78-223B-D7FF-6D0C-F7C584759878}\RunLegacyCPLElevated.exe" HKU\S-1-5-18\...\RunOnce: [poqexec] => "C:\windows\system32\config\systemprofile\AppData\Roaming\{FBFAFF78-223B-D7FF-6D0C-F7C584759878}\poqexec.exe" HKU\S-1-5-18\...\RunOnce: [dialer] => "C:\windows\system32\config\systemprofile\AppData\Roaming\{FBFAFF78-223B-D7FF-6D0C-F7C584759878}\dialer.exe" HKU\S-1-5-18\...\RunOnce: [ctfmon] => "C:\windows\system32\config\systemprofile\AppData\Roaming\{FBFAFF78-223B-D7FF-6D0C-F7C584759878}\ctfmon.exe" HKU\S-1-5-18\...\RunOnce: [cacls] => "C:\windows\system32\config\systemprofile\AppData\Roaming\{FBFAFF78-223B-D7FF-6D0C-F7C584759878}\cacls.exe" HKU\S-1-5-18\...\RunOnce: [isoburn] => "C:\windows\system32\config\systemprofile\AppData\Roaming\{FBFAFF78-223B-D7FF-6D0C-F7C584759878}\isoburn.exe" HKU\S-1-5-18\...\Policies\Explorer: [Run] "C:\windows\system32\config\systemprofile\AppData\Roaming\{FBFAFF78-223B-D7FF-6D0C-F7C584759878}\isoburn.exe" HKU\S-1-5-18\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\windows\system32\config\systemprofile\AppData\Roaming\{FBFAFF78-223B-D7FF-6D0C-F7C584759878}\isoburn.exe AppInit_DLLs: C:\windows\system32\nvinitx.dll => C:\windows\system32\nvinitx.dll [226920 2011-03-04] (NVIDIA Corporation) AppInit_DLLs-x32: C:\windows\SysWOW64\nvinit.dll => C:\windows\SysWOW64\nvinit.dll [192616 2011-03-04] (NVIDIA Corporation) ShellIconOverlayIdentifiers: [ IDM Shell Extension] -> {CDC95B92-E27C-4745-A8C5-64A52A78855D} => C:\Program Files (x86)\Internet Download Manager\IDMShellExt64.dll [2015-08-14] (Tonec Inc.) ShellIconOverlayIdentifiers: [egisPSDP] -> {30A0A3F6-38AC-4C53-BB8B-0D95238E25BA} => C:\Acer\Empowering Technology\eDataSecurity\x64\PSDProtect.dll [2009-04-13] (Egis Inc.) ShellIconOverlayIdentifiers: [VeriFace Enc] -> {771C7324-DA80-49D3-8017-753B0AF60951} => C:\windows\system32\IcnOvrly.dll [2011-12-27] () ShellIconOverlayIdentifiers-x32: [egisPSDP] -> {30A0A3F6-38AC-4C53-BB8B-0D95238E25BA} => C:\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll [2009-04-13] (Egis Inc.) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk [2011-12-27] ShortcutTarget: Bluetooth.lnk -> C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe (Broadcom Corporation.) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Empowering Technology Launcher.lnk [2013-02-04] ShortcutTarget: Empowering Technology Launcher.lnk -> C:\Acer\Empowering Technology\eAPLauncher.exe (Acer Inc.) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 Tcpip\..\Interfaces\{3D693390-84DF-4CEB-ABA7-D71EBB40E34B}: [DhcpNameServer] 192.168.0.1 Internet Explorer: ================== HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.yahoo.com.sg HKU\S-1-5-21-1359419172-3491595909-2348629299-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.lenovo.com HKU\S-1-5-21-1359419172-3491595909-2348629299-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://xin.msn.com/ HKU\S-1-5-21-1359419172-3491595909-2348629299-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://xin.msn.com/ HKU\S-1-5-21-1359419172-3491595909-2348629299-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.yahoo.com.sg/ URLSearchHook: HKU\S-1-5-21-1359419172-3491595909-2348629299-1000 - (No Name) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - No File URLSearchHook: HKU\S-1-5-21-1359419172-3491595909-2348629299-1000 - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.) URLSearchHook: HKU\S-1-5-21-1359419172-3491595909-2348629299-1000 - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=LENDF8&pc=MALN&src=IE-SearchBox SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=LENDF8&pc=MALN&src=IE-SearchBox SearchScopes: HKU\S-1-5-21-1359419172-3491595909-2348629299-1000 -> {1FF7973D-AB0A-496d-82C1-4EADBBA11E7B} URL = hxxp://www.soso.com/q?sc=web&cid=tb.ub&w={searchTerms}&gid=m3nmSH7aBaJN3WRsM5VnlR0l108501k4&lr=&ie={inputEncoding}&unc=x400443_1 SearchScopes: HKU\S-1-5-21-1359419172-3491595909-2348629299-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-1359419172-3491595909-2348629299-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = BHO: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll [2015-08-28] (Internet Download Manager, Tonec Inc.) BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2010-01-21] (Microsoft Corporation) BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_60\bin\ssv.dll [2015-09-19] (Oracle Corporation) BHO: ShowBarObj Class -> {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} -> C:\Acer\Empowering Technology\eDataSecurity\x64\ActiveToolBand.dll [2009-04-13] (Egis) BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-29] (Google Inc.) BHO: McAfee WebAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2017-02-06] (McAfee, Inc.) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-01-16] (Microsoft Corporation) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_60\bin\jp2ssv.dll [2015-09-19] (Oracle Corporation) BHO: Hotspot Shield Class -> {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} -> C:\Program Files (x86)\Hotspot Shield\HssIE\HssIE_64.dll => No File BHO-x32: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll [2015-08-28] (Internet Download Manager, Tonec Inc.) BHO-x32: ContributeBHO Class -> {074C1DC5-9320-4A9A-947D-C042949C6216} -> C:\Program Files (x86)\Adobe\Adobe Contribute CS5.1\Plugins\IEPlugin\contributeieplugin.dll [2011-03-19] (Adobe Systems, Inc.) BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll [2012-08-09] (RealDownloader) BHO-x32: Microsoft Web Test Recorder 12.0 Helper -> {432dd630-7e03-4c97-9d62-b99f52df4fc2} -> C:\Program Files (x86)\Microsoft Visual Studio 12.0\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dll [2013-10-05] (Microsoft Corporation) BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2010-01-21] (Microsoft Corporation) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_65\bin\ssv.dll [2015-10-25] (Oracle Corporation) BHO-x32: Windows Live Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2006-08-31] (Microsoft Corporation) BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-29] (Google Inc.) BHO-x32: McAfee WebAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2017-02-06] (McAfee, Inc.) BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-01-16] (Microsoft Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_65\bin\jp2ssv.dll [2015-10-25] (Oracle Corporation) Toolbar: HKLM - Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Acer\Empowering Technology\eDataSecurity\x64\eDStoolbar.dll [2009-04-13] (Egis Incorporated.) Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-29] (Google Inc.) Toolbar: HKLM-x32 - Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5.1\Plugins\IEPlugin\contributeieplugin.dll [2011-03-19] (Adobe Systems, Inc.) Toolbar: HKLM-x32 - Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll [2009-04-13] (Egis Incorporated.) Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-29] (Google Inc.) Toolbar: HKU\S-1-5-21-1359419172-3491595909-2348629299-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-29] (Google Inc.) Toolbar: HKU\S-1-5-21-1359419172-3491595909-2348629299-1001 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-29] (Google Inc.) DPF: HKLM-x32 {233C1507-6A77-46A4-9443-F871F945D258} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab DPF: HKLM-x32 {5D6F45B3-9043-443D-A792-115447494D24} hxxp://messenger.zone.msn.com/MessengerGamesContent/GameContent/fr/uno1/GAME_UNO1.cab DPF: HKLM-x32 {C3F79A2B-B9B4-4A66-B012-3EE46475B072} hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2017-02-06] (McAfee, Inc.) Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2017-02-06] (McAfee, Inc.) Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.8.5.1235.0517.dll [2007-05-17] (Microsoft Corporation) Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.8.5.1235.0517.dll [2007-05-17] (Microsoft Corporation) Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2017-02-06] (McAfee, Inc.) Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2017-02-06] (McAfee, Inc.) Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-04-08] (Skype Technologies) FireFox: ======== FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi FF Extension: (McAfee WebAdvisor) - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi [2017-02-21] FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi FF HKLM-x32\...\Firefox\Extensions: [{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}] - C:\Program Files (x86)\Adobe\Adobe Contribute CS5.1\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9} FF Extension: (Adobe Contribute Toolbar) - C:\Program Files (x86)\Adobe\Adobe Contribute CS5.1\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9} [2013-06-30] [not signed] FF HKLM-x32\...\Firefox\Extensions: [{B1FC07E1-E05B-4567-8891-E63FBE545BA8}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext FF Extension: (RealDownloader) - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013-08-27] [not signed] FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext FF HKU\S-1-5-21-1359419172-3491595909-2348629299-1001\...\SeaMonkey\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\Yu Zheng\AppData\Roaming\IDM\idmmzcc5 FF Extension: (IDM CC) - C:\Users\Yu Zheng\AppData\Roaming\IDM\idmmzcc5 [2017-02-24] [not signed] FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_20_0_0_235.dll [2015-12-09] () FF Plugin: @java.com/DTPlugin,version=11.60.2 -> C:\Program Files\Java\jre1.8.0_60\bin\dtplugin\npDeployJava1.dll [2015-09-19] (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=11.60.2 -> C:\Program Files\Java\jre1.8.0_60\bin\plugin2\npjp2.dll [2015-09-19] (Oracle Corporation) FF Plugin: @microsoft.com/GENUINE -> disabled [No File] FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_235.dll [2015-12-09] () FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\SysWOW64\Adobe\Director\np32dsw_1213153.dll [2014-06-25] (Adobe Systems, Inc.) FF Plugin-x32: @java.com/DTPlugin,version=11.65.2 -> C:\Program Files (x86)\Java\jre1.8.0_65\bin\dtplugin\npDeployJava1.dll [2015-10-25] (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.65.2 -> C:\Program Files (x86)\Java\jre1.8.0_65\bin\plugin2\npjp2.dll [2015-10-25] (Oracle Corporation) FF Plugin-x32: @kingsfot.com/npkws -> C:\Program Files (x86)\Kingsoft\kingsoft antivirus\npkws.dll [No File] FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File] FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll [2013-05-13] ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation) FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [No File] FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [No File] FF Plugin-x32: @real.com/nprndlchromebrowserrecordext;version=1.2.0 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll [2012-08-09] (RealNetworks, Inc.) FF Plugin-x32: @real.com/nprndlhtml5videoshim;version=1.2.0 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll [2012-08-09] (RealNetworks, Inc.) FF Plugin-x32: @realnetworks.com/npdlplugin;version=1 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll [2012-08-09] (RealDownloader) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-17] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-17] (Google Inc.) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2015-09-24] (Adobe Systems Inc.) FF Plugin HKU\S-1-5-21-1359419172-3491595909-2348629299-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Yu Zheng\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2013-08-27] (Unity Technologies ApS) Chrome: ======= CHR DefaultProfile: Default CHR HomePage: Default -> hxxp:\/\/www.google.com\/ig\/redirectdomain?brand=LENN&bmod=LENN CHR StartupUrls: Default -> "hxxp:\/\/www.google.com.sg\/" CHR Plugin: (Widevine Content Decryption Module) - C:\Users\Yu Zheng\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.8.823\_platform_specific\win_x86\widevinecdmadapter.dll => No File CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\54.0.2840.99\PepperFlash\pepflashplayer.dll => No File CHR Profile: C:\Users\Yu Zheng\AppData\Local\Google\Chrome\User Data\Default [2017-02-24] CHR Extension: (McAfee® WebAdvisor) - C:\Users\Yu Zheng\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2016-09-24] CHR Extension: (Downloader) - C:\Users\Yu Zheng\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji [2013-08-27] CHR Extension: (Skype) - C:\Users\Yu Zheng\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2016-10-24] CHR Extension: (Chrome Web Store Payments) - C:\Users\Yu Zheng\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-12] CHR Extension: (Chrome Media Router) - C:\Users\Yu Zheng\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-09-23] CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2016-06-19] CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2015-08-28] CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2016-06-19] CHR HKLM-x32\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2012-08-09] CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - hxxps://clients2.google.com/service/update2/crx ==================== Services (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 btwdins; C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe [953632 2010-12-15] (Broadcom Corporation.) S3 c2wts; C:\Program Files\Windows Identity Foundation\v3.5\c2wtshost.exe [15768 2010-02-03] (Microsoft Corporation) R2 DeviceHealth; C:\Program Files (x86)\Microsoft Device Health\DhMachineSvc.exe [196760 2015-01-30] (Microsoft Corporation) R2 DeviceHealthPluginMgr; C:\Program Files (x86)\Microsoft Device Health\PluginManager\DhPluginMgr.exe [244376 2015-01-30] (Microsoft Corporation) R2 eDataSecurity Service; C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe [500784 2009-04-13] (Egis Incorporated) S3 fussvc; C:\Program Files (x86)\Windows Kits\8.1\App Certification Kit\fussvc.exe [142336 2013-08-22] (Microsoft Corporation) [File not signed] R2 hmpalertsvc; C:\Program Files (x86)\HitmanPro.Alert\hmpalert.exe [4902536 2017-02-24] (SurfRight B.V.) S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed] R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1136608 2016-03-10] (Malwarebytes) R2 McAfee SiteAdvisor Service; C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe [188352 2017-02-06] (McAfee, Inc.) S3 MYSQL01; C:\ProgramData\MySQL\MySQL Server 5.6\my.ini [14252 2014-07-28] () [File not signed] R2 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [38608 2012-08-09] () R2 sesvc; C:\Program Files (x86)\ShadowExplorer\sesvc.exe [9216 2013-01-02] (www.shadowexplorer.com) [File not signed] S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed] S3 SystemExplorerHelpService; C:\Program Files (x86)\System Explorer\service\SystemExplorerService64.exe [820960 2014-12-20] (Mister Group) S3 Te.Service; C:\Program Files (x86)\Windows Kits\8.1\Testing\Runtimes\TAEF\Wex.Services.exe [119808 2013-08-22] (Microsoft Corporation) [File not signed] S3 usnjsvc; C:\Program Files (x86)\Windows Live\Messenger\usnsvc.exe [98672 2007-05-17] (Microsoft Corporation) R2 VMAuthdService; C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe [79872 2012-01-18] (VMware, Inc.) [File not signed] S3 VsEtwService120; C:\Program Files\Microsoft Visual Studio 12.0\Common7\Packages\Debugger\Services\VsEtwService.exe [87728 2013-10-04] (Microsoft Corporation) R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] (Microsoft Corporation) S3 WLSetupSvc; C:\Program Files (x86)\Windows Live\installer\WLSetupSvc.exe [228208 2007-05-16] () R2 ZAMSvc; C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe [14416624 2017-02-02] (Copyright 2017.) S2 Stereo Service; C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [X] ===================== Drivers (Whitelisted) ====================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R3 hmpalert; C:\windows\system32\drivers\hmpalert.sys [274816 2017-02-24] (SurfRight B.V.) R3 hmpnet; C:\windows\system32\drivers\hmpnet.sys [92712 2017-02-24] (SurfRight B.V.) R2 IntelHaxm; C:\windows\System32\DRIVERS\IntelHaxm.sys [89072 2013-03-21] () R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [27008 2016-03-10] (Malwarebytes) R3 MBAMSwissArmy; C:\windows\system32\drivers\MBAMSwissArmy.sys [192216 2017-02-24] (Malwarebytes) S3 MBAMWebAccessControl; C:\windows\system32\drivers\mwac.sys [64896 2016-03-10] (Malwarebytes Corporation) R3 mfesapsn; C:\Program Files (x86)\McAfee\SiteAdvisor\x64\mfesapsn.sys [46240 2016-06-06] (McAfee, Inc.) R0 PSDFilter; C:\windows\System32\DRIVERS\psdfilter.sys [22064 2009-04-13] (Egis Incorporated) R2 PSDNServ; C:\windows\System32\drivers\PSDNServ.sys [21040 2009-04-13] (Egis Incorporated) R2 psdvdisk; C:\windows\System32\drivers\psdvdisk.sys [60976 2009-04-13] (Egis Incorporated) R3 rtsuvc; C:\windows\System32\DRIVERS\rtsuvc.sys [8200552 2010-09-27] (Realtek Semiconductor Corp.) S3 taphss6; C:\windows\System32\DRIVERS\taphss6.sys [42184 2014-03-20] (Anchorfree Inc.) R1 ZAM; C:\windows\System32\drivers\zam64.sys [203680 2017-02-24] (Zemana Ltd.) R1 ZAM_Guard; C:\windows\System32\drivers\zamguard64.sys [203680 2017-02-24] (Zemana Ltd.) U3 BcmSqlStartupSvc; no ImagePath U2 CLKMSVC10_3A60B698; no ImagePath U2 CLKMSVC10_C3B3B687; no ImagePath U2 DriverService; no ImagePath U2 IAStorDataMgrSvc; no ImagePath U2 iATAgentService; no ImagePath U2 idealife Update Service; no ImagePath U3 IGRS; no ImagePath U2 IviRegMgr; no ImagePath U2 Oasis2Service; no ImagePath U2 PCCarerService; no ImagePath U2 ReadyComm.DirectRouter; no ImagePath U2 RichVideo; no ImagePath U2 RtLedService; no ImagePath U2 SeaPort; no ImagePath U2 SoftwareService; no ImagePath ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2017-02-25 03:53 - 2017-02-25 03:53 - 00000000 ____D C:\FRST 2017-02-25 01:19 - 2017-02-25 01:19 - 00000000 ____D C:\Users\Anderson\AppData\Local\Zemana 2017-02-24 16:49 - 2017-02-24 17:43 - 00054736 _____ C:\windows\system32\Drivers\hitmanpro37.sys 2017-02-24 16:09 - 2017-02-24 16:09 - 00909448 _____ (SurfRight B.V.) C:\windows\system32\hmpalert.dll 2017-02-24 16:09 - 2017-02-24 16:09 - 00840328 _____ (SurfRight B.V.) C:\windows\SysWOW64\hmpalert.dll 2017-02-24 16:09 - 2017-02-24 16:09 - 00274816 _____ (SurfRight B.V.) C:\windows\system32\Drivers\hmpalert.sys 2017-02-24 16:09 - 2017-02-24 16:09 - 00092712 _____ (SurfRight B.V.) C:\windows\system32\Drivers\hmpnet.sys 2017-02-24 16:09 - 2017-02-24 16:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro.Alert 2017-02-24 16:09 - 2017-02-24 16:09 - 00000000 ____D C:\Program Files (x86)\HitmanPro.Alert 2017-02-24 15:28 - 2017-02-24 15:28 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro 2017-02-24 15:28 - 2017-02-24 15:28 - 00000000 ____D C:\Program Files\HitmanPro 2017-02-24 15:04 - 2017-02-24 15:04 - 00000000 ____D C:\Users\Yu Zheng\Desktop\Recover 2017-02-24 13:51 - 2017-02-24 13:51 - 00000000 ____D C:\Users\Yu Zheng\AppData\Roaming\www.shadowexplorer.com 2017-02-24 13:51 - 2017-02-24 13:51 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ShadowExplorer 2017-02-24 13:51 - 2017-02-24 13:51 - 00000000 ____D C:\Program Files (x86)\ShadowExplorer 2017-02-24 13:10 - 2017-02-24 13:48 - 00001090 _____ C:\Users\Public\Desktop\System Explorer.lnk 2017-02-24 13:10 - 2017-02-24 13:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Explorer 2017-02-24 13:10 - 2017-02-24 13:48 - 00000000 ____D C:\Program Files (x86)\System Explorer 2017-02-24 13:10 - 2017-02-24 13:12 - 00000000 ____D C:\ProgramData\SystemExplorer 2017-02-24 12:54 - 2017-02-25 03:53 - 00128223 _____ C:\windows\ZAM.krnl.trace 2017-02-24 12:54 - 2017-02-25 03:53 - 00090324 _____ C:\windows\ZAM_Guard.krnl.trace 2017-02-24 12:54 - 2017-02-24 12:54 - 00203680 _____ (Zemana Ltd.) C:\windows\system32\Drivers\zamguard64.sys 2017-02-24 12:54 - 2017-02-24 12:54 - 00203680 _____ (Zemana Ltd.) C:\windows\system32\Drivers\zam64.sys 2017-02-24 12:54 - 2017-02-24 12:54 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zemana AntiMalware 2017-02-24 12:54 - 2017-02-24 12:54 - 00000000 ____D C:\Program Files (x86)\Zemana AntiMalware 2017-02-24 12:51 - 2017-02-24 12:51 - 00000000 ____D C:\Users\Yu Zheng\AppData\Local\Zemana 2017-02-24 11:03 - 2017-02-24 22:56 - 00000000 ____D C:\ProgramData\HitmanPro.Alert 2017-02-24 10:54 - 2017-02-24 10:54 - 02093773 _____ C:\windows\SchoolCommentsBuilder.zip 2017-02-24 09:00 - 2017-02-24 09:00 - 00075862 _____ C:\Users\Anderson\Desktop\_HELP_HELP_HELP_RLWB_.hta 2017-02-24 08:47 - 2017-02-24 08:47 - 00075862 _____ C:\Users\Yu Zheng\Documents\_HELP_HELP_HELP_VL61N_.hta 2017-02-24 08:23 - 2017-02-24 08:23 - 00075862 _____ C:\_HELP_HELP_HELP_CL92F3AN_.hta 2017-02-20 00:37 - 2017-02-24 22:58 - 00003372 _____ C:\windows\System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-1359419172-3491595909-2348629299-1001 2017-02-20 00:37 - 2017-02-24 22:58 - 00003244 _____ C:\windows\System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-1359419172-3491595909-2348629299-1001 2017-02-19 02:57 - 2017-02-24 08:56 - 00016619 _____ C:\Users\Yu Zheng\Desktop\JN9C9AgSYj.905f 2017-02-19 02:55 - 2017-02-24 08:56 - 00012952 _____ C:\Users\Yu Zheng\Desktop\aQIF4XM51S.905f 2017-02-16 20:55 - 2017-02-24 15:18 - 00000000 ____D C:\Users\Yu Zheng\Desktop\Damn Stuff 2017-02-10 02:28 - 2017-02-10 02:28 - 00008192 _____ C:\Users\Yu Zheng\AppData\Roaming\records_db 2017-02-07 02:27 - 2017-02-12 20:35 - 00000084 _____ C:\Users\Yu Zheng\Desktop\a.txt 2017-02-02 19:40 - 2017-02-24 09:01 - 00000000 ____D C:\Users\Anderson\Desktop\Xin Yu ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2017-02-25 03:33 - 2014-05-25 14:12 - 00000000 ____D C:\Users\Yu Zheng\Documents\Visual Studio 2013 2017-02-25 02:46 - 2013-02-05 06:50 - 00000000 ____D C:\Program Files (x86)\Pandora Recovery 2017-02-25 01:19 - 2014-07-15 15:22 - 00000000 ____D C:\Users\Anderson\Documents\My Received Files 2017-02-25 01:19 - 2011-12-27 20:20 - 00000000 ____D C:\ProgramData\VeriFace 2017-02-25 01:19 - 2011-12-27 20:14 - 00176879 _____ C:\windows\system32\fastboot.set 2017-02-25 00:03 - 2009-07-14 13:13 - 00788428 _____ C:\windows\system32\PerfStringBackup.INI 2017-02-25 00:03 - 2009-07-14 11:20 - 00000000 ____D C:\windows\inf 2017-02-24 23:50 - 2015-09-04 02:32 - 00000000 ____D C:\Users\Yu Zheng\Downloads\Compressed 2017-02-24 23:04 - 2009-07-14 12:45 - 00021280 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2017-02-24 23:04 - 2009-07-14 12:45 - 00021280 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2017-02-24 22:57 - 2016-09-02 03:29 - 00192216 _____ (Malwarebytes) C:\windows\system32\Drivers\MBAMSwissArmy.sys 2017-02-24 22:57 - 2012-04-28 01:22 - 00000000 ____D C:\Users\Yu Zheng\Documents\My Received Files 2017-02-24 22:56 - 2012-04-28 01:26 - 00000000 ____D C:\ProgramData\VMware 2017-02-24 22:56 - 2009-07-14 13:08 - 00000006 ____H C:\windows\Tasks\SA.DAT 2017-02-24 16:07 - 2012-04-28 00:48 - 00000000 ____D C:\Users\Yu Zheng 2017-02-24 16:04 - 2015-09-04 02:32 - 00000000 ____D C:\Users\Yu Zheng\AppData\Roaming\DMCache 2017-02-24 15:21 - 2016-10-26 20:59 - 00000000 ____D C:\Users\Yu Zheng\Desktop\Visual Studio 2013 Projects 2017-02-24 15:20 - 2014-11-01 20:54 - 00000000 ____D C:\Users\Yu Zheng\Desktop\Use And Delete 2017-02-24 15:20 - 2014-06-29 02:21 - 00000000 ____D C:\Users\Yu Zheng\Desktop\ShuiHu 2017-02-24 15:20 - 2013-04-20 19:44 - 00000000 ____D C:\Users\Yu Zheng\Desktop\short program 2017-02-24 15:20 - 2012-09-26 21:12 - 00000000 ____D C:\Users\Yu Zheng\Desktop\SSP12 3A - Lift Prototype 2017-02-24 15:19 - 2017-01-06 14:20 - 00000000 ____D C:\Users\Yu Zheng\Desktop\RESUME 2017-02-24 15:19 - 2015-10-04 01:09 - 00000000 ____D C:\Users\Yu Zheng\Desktop\Mario 2017-02-24 15:19 - 2015-02-16 05:00 - 00000000 ____D C:\Users\Yu Zheng\Desktop\newone 2017-02-24 15:19 - 2014-05-14 21:45 - 00000000 ____D C:\Users\Yu Zheng\Desktop\NYP Module 2017-02-24 15:19 - 2014-02-01 09:45 - 00000000 ____D C:\Users\Yu Zheng\Desktop\Java Teaching Material 2017-02-24 15:19 - 2012-10-09 01:13 - 00000000 ____D C:\Users\Yu Zheng\Desktop\Java Testing 2017-02-24 15:19 - 2012-09-23 05:54 - 00000000 ____D C:\Users\Yu Zheng\Desktop\Prototype images 2017-02-24 15:19 - 2012-05-19 04:54 - 00000000 ____D C:\Users\Yu Zheng\Desktop\Sample 2017-02-24 15:18 - 2016-10-26 05:23 - 00000000 ____D C:\Users\Yu Zheng\Desktop\CHECKED CLEAR 2017-02-24 15:18 - 2015-07-14 21:37 - 00000000 ____D C:\Users\Yu Zheng\Desktop\JAVA homework 2017-02-24 15:18 - 2014-09-06 10:06 - 00000000 ____D C:\Users\Yu Zheng\Desktop\Interface vs abstract class 2017-02-24 15:18 - 2012-08-30 04:04 - 00000000 ____D C:\Users\Yu Zheng\Desktop\Image 2017-02-24 15:18 - 2012-08-21 22:16 - 00000000 ____D C:\Users\Yu Zheng\Desktop\FYPTemplate 2017-02-24 15:17 - 2016-08-12 00:58 - 00000000 ____D C:\Users\Yu Zheng\Desktop\Authy Tester 2017-02-24 15:17 - 2014-10-11 01:45 - 00000000 ____D C:\Users\Yu Zheng\Desktop\C Programming 2017-02-24 15:17 - 2014-03-18 04:49 - 00000000 ____D C:\Users\Yu Zheng\Desktop\C++ Testing 2017-02-24 15:17 - 2013-05-25 16:56 - 00000000 ____D C:\Users\Yu Zheng\Desktop\algo_A3 2017-02-24 15:17 - 2013-05-24 22:33 - 00000000 ____D C:\Users\Yu Zheng\Desktop\Algo_Assignment3 2017-02-24 15:17 - 2013-05-09 08:54 - 00000000 ____D C:\Users\Yu Zheng\Desktop\A1_backup 2017-02-24 15:17 - 2013-01-21 14:27 - 00000000 ____D C:\Users\Yu Zheng\Desktop\222_A1 2017-02-24 13:47 - 2013-01-02 15:52 - 00007655 _____ C:\Users\Yu Zheng\AppData\Local\Resmon.ResmonCfg 2017-02-24 12:45 - 2015-09-04 03:22 - 00000000 ____D C:\Users\Yu Zheng\Downloads\Video 2017-02-24 12:23 - 2012-05-29 21:12 - 00250644 _____ C:\windows\ntbtlog.txt 2017-02-24 11:27 - 2013-02-07 05:38 - 00000000 ____D C:\windows\pss 2017-02-24 11:22 - 2016-06-14 04:04 - 00000000 ____D C:\AdwCleaner 2017-02-24 09:01 - 2015-11-09 20:30 - 00000000 ____D C:\Users\Anderson\Desktop\IDS 2017-02-24 09:01 - 2015-09-24 14:20 - 02000786 _____ C:\Users\Anderson\Desktop\zdM51nB5XE.905f 2017-02-24 09:01 - 2015-08-31 21:16 - 00218270 _____ C:\Users\Anderson\Desktop\FiuaSUNzzM.905f 2017-02-24 09:01 - 2015-02-12 19:01 - 00028313 _____ C:\Users\Anderson\Desktop\KUeMEIAHDc.905f Build-To-Order System_files 2017-02-24 09:01 - 2015-01-31 10:56 - 00079982 _____ C:\Users\Anderson\Desktop\9M-upy-Tdx.905f 2017-02-24 09:01 - 2015-01-22 16:28 - 01925846 _____ C:\Users\Anderson\Desktop\lWxnxGb7JQ.905f 2017-02-24 09:01 - 2015-01-17 11:46 - 00004844 _____ C:\Users\Anderson\Desktop\WIQijg1Itr.905f 2017-02-24 09:01 - 2014-12-07 12:19 - 00005625 _____ C:\Users\Anderson\Desktop\yZykhMH6nf.905f 2017-02-24 09:00 - 2015-01-13 07:15 - 00003788 _____ C:\Users\Anderson\Desktop\3b4kV9QWu3.905f 2017-02-24 08:59 - 2016-10-31 00:08 - 00915459 _____ C:\Users\Yu Zheng\Desktop\95sge7AFMQ.905f 2017-02-24 08:59 - 2015-01-08 21:16 - 00094052 _____ C:\Users\Yu Zheng\Desktop\FJEPdgRc6P.905f 2017-02-24 08:59 - 2014-08-06 23:10 - 03063997 _____ C:\Users\Yu Zheng\Desktop\D9wIkyAICQ.905f 2017-02-24 08:59 - 2013-05-30 23:06 - 00162826 _____ C:\Users\Yu Zheng\Desktop\ARNXqnzh2T.905f 2017-02-24 08:59 - 2013-05-25 16:55 - 00092876 _____ C:\Users\Yu Zheng\Desktop\aFKoAtxzj0.905f 2017-02-24 08:59 - 2012-09-28 20:19 - 00339931 _____ C:\Users\Yu Zheng\Desktop\QuW7CgnHK0.905f 2017-02-24 08:58 - 2017-01-24 23:29 - 00014227 _____ C:\Users\Yu Zheng\Desktop\SIkL3WWFKj.905f 2017-02-24 08:58 - 2016-12-10 11:16 - 00010006 _____ C:\Users\Yu Zheng\Desktop\anHlQdBlsb.905f 2017-02-24 08:58 - 2016-08-12 17:10 - 00003604 _____ C:\Users\Yu Zheng\Desktop\yXCBGrjXK4.905f 2017-02-24 08:58 - 2015-02-02 22:53 - 06675837 _____ C:\Users\Yu Zheng\Desktop\KrdZQ-MPp6.905f 2017-02-24 08:58 - 2015-01-09 05:45 - 06009456 _____ C:\Users\Yu Zheng\Desktop\3JioC7VLCy.905f 2017-02-24 08:58 - 2014-05-31 22:02 - 00017848 _____ C:\Users\Yu Zheng\Desktop\bFqG4sYrh2.905f 2017-02-24 08:58 - 2013-10-24 15:47 - 00115375 _____ C:\Users\Yu Zheng\Desktop\hjPLUn6YcB.905f 2017-02-24 08:58 - 2013-10-21 22:33 - 00239139 _____ C:\Users\Yu Zheng\Desktop\HNOheOjV-N.905f 2017-02-24 08:58 - 2013-01-08 00:43 - 00210041 _____ C:\Users\Yu Zheng\Desktop\VF8k9r5hEz.905f 2017-02-24 08:58 - 2012-11-27 22:02 - 00124168 _____ C:\Users\Yu Zheng\Desktop\-k80uZ1KIp.905f 2017-02-24 08:56 - 2016-11-18 22:49 - 00127427 _____ C:\Users\Yu Zheng\Desktop\v0XiKVCFQg.905f 2017-02-24 08:56 - 2016-11-18 07:04 - 00125409 _____ C:\Users\Yu Zheng\Desktop\9g2IADM2q9.905f 2017-02-24 08:56 - 2016-08-30 20:48 - 00190974 _____ C:\Users\Yu Zheng\Desktop\PlvlQH4K4a.905f 2017-02-24 08:56 - 2016-03-18 00:58 - 00037318 _____ C:\Users\Yu Zheng\Desktop\jOM8IVrCd1.905f 2017-02-24 08:56 - 2013-09-04 00:26 - 00009300 _____ C:\Users\Yu Zheng\Desktop\iWyGczXriI.905f 2017-02-24 08:56 - 2012-11-26 11:29 - 00047544 _____ C:\Users\Yu Zheng\Desktop\bpdluaDWD1.905f 2017-02-24 08:56 - 2012-11-22 17:44 - 00025571 _____ C:\Users\Yu Zheng\Desktop\OL6rpTA7Gv.905f 2017-02-24 08:50 - 2015-06-01 18:47 - 00004837 _____ C:\Users\Yu Zheng\Desktop\F22WRjWJ3m.905f 2017-02-24 08:49 - 2012-09-15 02:49 - 00000000 ____D C:\Users\Yu Zheng\Documents\NetBeansProjects 2017-02-24 08:48 - 2012-09-21 06:49 - 00000000 ____D C:\Users\Yu Zheng\Documents\My Digital Editions 2017-02-24 08:47 - 2014-11-20 08:50 - 00000000 ____D C:\xampp 2017-02-24 08:47 - 2013-08-04 00:23 - 00000000 ____D C:\Users\Yu Zheng\Documents\Flash Tutorial 2017-02-24 08:47 - 2012-10-07 14:11 - 00295340 _____ C:\Users\Yu Zheng\Documents\VyYOjiT4-w.905f 2017-02-24 08:47 - 2012-09-23 05:41 - 00003494 _____ C:\Users\Yu Zheng\Documents\Tj0eXNsEkm.905f 2017-02-24 08:42 - 2016-09-10 05:19 - 00232624 _____ C:\NzXGRFrbws.905f 2017-02-24 08:42 - 2016-07-06 19:31 - 00232618 _____ C:\28ZqDxdl2u.905f 2017-02-24 08:42 - 2016-06-14 01:35 - 00463108 _____ C:\TKJ9Yc7-WK.905f 2017-02-24 08:42 - 2007-11-07 08:00 - 00006108 _____ C:\bfQD0V6zOP.905f 2017-02-24 08:41 - 2012-04-28 14:57 - 00000000 ____D C:\Games 2017-02-24 08:35 - 2012-12-01 13:47 - 00000000 ____D C:\FYP_ALL 2017-02-24 08:33 - 2013-09-14 02:30 - 00000000 ____D C:\Game962 2017-02-24 08:33 - 2007-11-07 08:00 - 00018158 _____ C:\WYGMXVq7I8.905f 2017-02-24 08:33 - 2007-11-07 08:00 - 00018158 _____ C:\rrVheblD8s.905f 2017-02-24 08:33 - 2007-11-07 08:00 - 00018158 _____ C:\PnCMZTxsHX.905f 2017-02-24 08:33 - 2007-11-07 08:00 - 00018158 _____ C:\k9es158K3R.905f 2017-02-24 08:33 - 2007-11-07 08:00 - 00018158 _____ C:\f3XffXrPFs.905f 2017-02-24 08:33 - 2007-11-07 08:00 - 00018158 _____ C:\d22iItjlZW.905f 2017-02-24 08:33 - 2007-11-07 08:00 - 00018158 _____ C:\9CUllR5pxp.905f 2017-02-24 08:33 - 2007-11-07 08:00 - 00010558 _____ C:\4MsfWdMggG.905f 2017-02-24 08:28 - 2015-02-05 13:31 - 00000000 ____D C:\EngineSDK 2017-02-24 08:27 - 2015-05-20 05:33 - 00000000 ____D C:\Eclipse 2017-02-24 08:27 - 2013-02-07 03:21 - 00000000 ____D C:\EGIS_Drive 2017-02-24 08:27 - 2013-02-04 18:35 - 00000000 ____D C:\eDataSecurity 2017-02-24 08:23 - 2016-10-24 21:26 - 00003772 _____ C:\fQgBKh2WUv.905f 2017-02-24 08:23 - 2014-06-14 22:43 - 00000000 ____D C:\Android Development 2017-02-24 08:23 - 2014-03-25 03:41 - 00000000 ____D C:\Dev-Cpp 2017-02-24 08:17 - 2014-02-06 14:27 - 00000000 ____D C:\Adobe ActionScript 3.0 Lesson Files 2017-02-24 08:17 - 2013-05-02 20:49 - 00000000 ____D C:\Adobe CS5.5 Master Collection 2017-02-24 08:16 - 2013-05-02 20:38 - 00000000 ____D C:\3d max 2017-02-24 08:16 - 2013-02-04 18:47 - 00000000 ____D C:\Acer 2017-02-24 07:55 - 2012-09-21 09:03 - 00000000 ____D C:\Users\Yu Zheng\AppData\Local\CrashDumps 2017-02-21 07:12 - 2009-07-14 13:08 - 00032558 _____ C:\windows\Tasks\SCHEDLGU.TXT 2017-02-20 16:39 - 2014-05-29 16:08 - 00000000 ____D C:\Users\Anderson\Documents\Visual Studio 2013 2017-02-14 22:20 - 2012-04-28 15:14 - 00000000 ____D C:\Program Files (x86)\DOSBox-0.72 2017-02-07 10:09 - 2016-10-25 20:18 - 00002195 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2017-02-07 10:09 - 2016-10-25 20:18 - 00002183 _____ C:\Users\Public\Desktop\Google Chrome.lnk 2017-01-27 12:48 - 2012-08-06 00:08 - 00000000 ____D C:\Users\Yu Zheng\MUSICS ==================== Files in the root of some directories ======= 2013-06-14 01:15 - 2016-09-02 03:30 - 0000289 _____ () C:\Users\Yu Zheng\AppData\Roaming\burnaware.ini 2007-08-01 07:00 - 2007-08-01 07:00 - 0001695 _____ () C:\Users\Yu Zheng\AppData\Roaming\CrenelDivvy.z 2003-10-13 07:00 - 2003-10-13 07:00 - 0150278 _____ () C:\Users\Yu Zheng\AppData\Roaming\Discotheque.C 2015-07-12 04:33 - 2016-12-20 18:14 - 0000149 _____ () C:\Users\Yu Zheng\AppData\Roaming\licecap.ini 2014-06-29 02:34 - 2014-06-29 03:11 - 0000046 _____ () C:\Users\Yu Zheng\AppData\Roaming\mbam.context.scan 2012-05-28 17:22 - 2014-03-12 00:03 - 0000565 _____ () C:\Users\Yu Zheng\AppData\Roaming\myMPQ.ini 2017-02-10 02:28 - 2017-02-10 02:28 - 0008192 _____ () C:\Users\Yu Zheng\AppData\Roaming\records_db 2013-02-04 18:37 - 2013-02-04 18:37 - 0000625 _____ () C:\Users\Yu Zheng\AppData\Local\edsinstaller.txt-20130204.log 2013-02-07 03:11 - 2013-02-07 03:14 - 0146651 _____ () C:\Users\Yu Zheng\AppData\Local\edsinstaller.txt-20130207.log 2013-07-01 05:43 - 2013-07-01 05:57 - 0279060 _____ () C:\Users\Yu Zheng\AppData\Local\edsinstaller.txt-20130701.log 2013-01-02 15:52 - 2017-02-24 13:47 - 0007655 _____ () C:\Users\Yu Zheng\AppData\Local\Resmon.ResmonCfg 2013-11-07 02:49 - 2013-12-15 16:58 - 0000058 _____ () C:\ProgramData\Update.ini Some files in TEMP: ==================== 2016-05-11 20:26 - 2016-06-05 21:11 - 41763456 _____ (Skype Technologies S.A.) C:\Users\Anderson\AppData\Local\Temp\SkypeSetup.exe 2016-03-08 03:42 - 2016-03-08 03:43 - 11441744 _____ (SurfRight B.V.) C:\Users\Yu Zheng\AppData\Local\Temp\HitmanPro.exe 2017-02-24 11:04 - 2017-02-24 14:24 - 11581544 _____ (SurfRight B.V.) C:\Users\Yu Zheng\AppData\Local\Temp\HitmanPro_x64.exe 2016-01-10 03:17 - 2016-12-18 22:08 - 43872728 _____ (Skype Technologies S.A.) C:\Users\Yu Zheng\AppData\Local\Temp\SkypeSetup.exe 2006-05-25 01:10 - 2006-05-25 01:10 - 0455600 ____R (Macrovision Corporation) C:\Users\Yu Zheng\AppData\Local\Temp\_isF317.exe 2007-02-28 05:08 - 2007-02-28 05:08 - 0456416 ____R (Macrovision Corporation) C:\Users\Yu Zheng\AppData\Local\Temp\_isF50B.exe ==================== Bamital & volsnap ====================== (There is no automatic fix for files that do not pass verification.) C:\windows\system32\winlogon.exe => File is digitally signed C:\windows\system32\wininit.exe => File is digitally signed C:\windows\SysWOW64\wininit.exe => File is digitally signed C:\windows\explorer.exe => File is digitally signed C:\windows\SysWOW64\explorer.exe => File is digitally signed C:\windows\system32\svchost.exe => File is digitally signed C:\windows\SysWOW64\svchost.exe => File is digitally signed C:\windows\system32\services.exe => File is digitally signed C:\windows\system32\User32.dll => File is digitally signed C:\windows\SysWOW64\User32.dll => File is digitally signed C:\windows\system32\userinit.exe => File is digitally signed C:\windows\SysWOW64\userinit.exe => File is digitally signed C:\windows\system32\rpcss.dll => File is digitally signed C:\windows\system32\dnsapi.dll => File is digitally signed C:\windows\SysWOW64\dnsapi.dll => File is digitally signed C:\windows\system32\Drivers\volsnap.sys => File is digitally signed ATTENTION: ==> Could not access BCD. LastRegBack: 2015-12-21 01:45 ==================== End of FRST.txt ============================ Additional scan result of Farbar Recovery Scan Tool (x64) Version: 23-02-2017 01 Ran by Yu Zheng (25-02-2017 03:55:03) Running from E:\ Windows 7 Home Premium Service Pack 1 (X64) (2012-04-27 16:48:26) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-1359419172-3491595909-2348629299-500 - Administrator - Disabled) Anderson (S-1-5-21-1359419172-3491595909-2348629299-1007 - Administrator - Enabled) => C:\Users\Anderson Guest (S-1-5-21-1359419172-3491595909-2348629299-501 - Limited - Disabled) HomeGroupUser$ (S-1-5-21-1359419172-3491595909-2348629299-1003 - Limited - Enabled) UpdatusUser (S-1-5-21-1359419172-3491595909-2348629299-1000 - Limited - Enabled) => C:\Users\UpdatusUser Yu Zheng (S-1-5-21-1359419172-3491595909-2348629299-1001 - Administrator - Enabled) => C:\Users\Yu Zheng ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Acer eDataSecurity Management (HKLM-x32\...\{A5633652-3795-4829-BB0B-644F0279E279}) (Version: 2.8.4367 - Egis Inc.) Acer Empowering Technology (HKLM-x32\...\{AB6097D9-D722-4987-BD9E-A076E2848EE2}) (Version: 2.5.3005 - Acer Inc.) Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.5.1.17730 - Adobe Systems Inc.) Adobe Community Help (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.4.980 - Adobe Systems Incorporated.) Adobe Content Viewer (HKLM-x32\...\com.adobe.dmp.contentviewer) (Version: 1.4.0 - Adobe Systems Incorporated) Adobe Creative Suite 5.5 Master Collection (HKLM-x32\...\{D57FC112-312E-4D70-860F-2DB8FB6858F0}) (Version: 5.5 - Adobe Systems Incorporated) Adobe Digital Editions 3.0 (HKLM-x32\...\Adobe Digital Editions 3.0) (Version: 3.0 - Adobe Systems Incorporated) Adobe Flash Player 20 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 20.0.0.228 - Adobe Systems Incorporated) Adobe Flash Player 20 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 20.0.0.235 - Adobe Systems Incorporated) Adobe Reader X (10.1.16) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.16 - Adobe Systems Incorporated) Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.3.153 - Adobe Systems, Inc.) Adobe Story (HKLM-x32\...\com.adobe.AdobeStory.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.0.571 - Adobe Systems Incorporated) Adobe Widget Browser (HKLM-x32\...\com.adobe.WidgetBrowser.E7BED6E5DDA59983786DD72EBFA46B1598278E07.1) (Version: 2.0 Build 230 - Adobe Systems Incorporated.) Age of Empires III - Complete Collection (HKLM-x32\...\Age of Empires III - Complete Collection_Origami_is1) (Version: 1.0 - R.G. Origami, Seraph1) Age of Empires III Trial (HKLM-x32\...\InstallShield_{C83F2952-4678-4F00-AB05-776658A8D0AE}) (Version: 1.00.0000 - Microsoft Game Studios) Age of Empires III Trial (x32 Version: 1.00.0000 - Microsoft Game Studios) Hidden Android SDK Tools (HKLM-x32\...\Android SDK Tools) (Version: 1.16 - Google Inc.) ASIO4ALL (HKLM-x32\...\ASIO4ALL) (Version: 2.11 Beta1 - Michael Tippach) AutoHotkey 1.0.48.05 (HKLM-x32\...\AutoHotkey) (Version: 1.0.48.05 - Chris Mallett) AzureTools.Notifications (x32 Version: 2.1.10731.1602 - Microsoft Corporation) Hidden Baldur's Gate(TM) II - Shadows of Amn(TM) (HKLM-x32\...\{7AF32AB1-CB97-11D4-9607-0050BA84F5F7}) (Version: - ) Battle.net (HKLM-x32\...\Battle.net) (Version: - ) Behaviors SDK (XAML) for Visual Studio (x32 Version: 12.0.41002.1 - Microsoft Corporation) Hidden BitTorrent (HKU\S-1-5-21-1359419172-3491595909-2348629299-1000\...\BitTorrent) (Version: 7.9.2.32128 - BitTorrent Inc.) BitTorrent (HKU\S-1-5-21-1359419172-3491595909-2348629299-1001\...\BitTorrent) (Version: 7.9.7.42331 - BitTorrent Inc.) Blend for Visual Studio 2013 (x32 Version: 12.0.41002.1 - Microsoft Corporation) Hidden Blend for Visual Studio 2013 ENU resources (x32 Version: 12.0.41002.1 - Microsoft Corporation) Hidden Blend for Visual Studio SDK for .NET 4.5 (x32 Version: 3.0.40218.0 - Microsoft Corporation) Hidden Blend for Visual Studio SDK for Silverlight 5 (x32 Version: 3.0.40218.0 - Microsoft Corporation) Hidden Build Tools - amd64 (Version: 12.0.21005 - Microsoft Corporation) Hidden Build Tools - x86 (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden Build Tools Language Resources - amd64 (Version: 12.0.21005 - Microsoft Corporation) Hidden Build Tools Language Resources - x86 (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden BurnAware Free 6.3 (HKLM-x32\...\BurnAware Free_is1) (Version: - Burnaware) Caesar 3 (HKLM-x32\...\Caesar 3) (Version: - ) CDex - Open Source Digital Audio CD Extractor (HKLM-x32\...\CDex) (Version: 1.70.4.2009 - Georgy Berdyshev) Citadels (HKU\S-1-5-21-1359419172-3491595909-2348629299-1000\...\Citadels) (Version: - BroomStixInk) Citadels (HKU\S-1-5-21-1359419172-3491595909-2348629299-1001\...\Citadels) (Version: - BroomStixInk) Civilization III (HKLM-x32\...\{0AD84416-63A4-4CF3-BDDF-8FA866711FB0}) (Version: - ) CryptoPrevent (HKLM-x32\...\{5C5B24E7-4694-4049-A222-CCE7D3FAC63F}_is1) (Version: - Foolish IT LLC) Dev-C++ 5 beta 9 release (4.9.9.2) (HKLM-x32\...\Dev-C++) (Version: - ) Diablo (HKLM-x32\...\Diablo) (Version: - ) Diablo II (HKLM-x32\...\Diablo II) (Version: - ) Dotfuscator and Analytics Community Edition (x32 Version: 5.5.4954.46574 - PreEmptive Solutions) Hidden Energy Management (HKLM-x32\...\InstallShield_{D0956C11-0F60-43FE-99AD-524E833471BB}) (Version: 6.0.1.6 - Lenovo) Energy Management (x32 Version: 6.0.1.6 - Lenovo) Hidden Entity Framework Tools for Visual Studio 2013 (HKLM-x32\...\{08AEF86A-1956-4846-B906-B01350E96E30}) (Version: 12.0.20912.0 - Microsoft Corporation) Èý¹úɱ (HKLM-x32\...\Èý¹úɱ) (Version: 1.1.4.0 - º¼Öݱ߷æÍøÂç¿Æ¼¼ÓÐÏÞ¹«Ë¾) Èý¹úÖ¾11ÍþÁ¦¼ÓÇ¿°æNETSHOWÍêÕû°æ (HKLM-x32\...\Èý¹úÖ¾11ÍþÁ¦¼ÓÇ¿°æNETSHOWÍêÕû°æ_is1) (Version: - NETSHOW) FL Studio 11 (HKLM-x32\...\FL Studio 11) (Version: - Image-Line) FlowStone FL 3.0 (HKLM-x32\...\FlowStone) (Version: - ) GameMaker 8.1 (HKU\S-1-5-21-1359419172-3491595909-2348629299-1001\...\GameMaker81) (Version: - ) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 56.0.2924.87 - Google Inc.) Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.8231.2252 - Google Inc.) Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden Google Update Helper (x32 Version: 1.3.32.7 - Google Inc.) Hidden Gothic (HKLM-x32\...\{BBF10B37-4ED3-11D5-A818-00500435FC18}) (Version: - ) Gothic (HKLM-x32\...\Gothic_is1) (Version: - GOG.com) Gothic 2 Gold (HKLM-x32\...\Gothic 2 Gold_is1) (Version: - GOG.com) Heroes of Might and Magic 2 GOLD (HKLM-x32\...\Heroes of Might and Magic 2 GOLD_is1) (Version: - GOG.com) Heroes of Might and Magic 4 Complete (HKLM-x32\...\Heroes of Might and Magic 4 Complete_is1) (Version: - GOG.com) Heroes of Might and Magic III Complete (HKLM-x32\...\Heroes of Might and Magic III Complete) (Version: - ) Heroes of Might and Magic V Collector Edition (HKLM-x32\...\{DDB68A90-340C-42B9-B42B-D2CBED1B91DC}) (Version: - ) HitmanPro 3.7 (HKLM\...\HitmanPro37) (Version: 3.7.15.281 - SurfRight B.V.) HitmanPro.Alert 3 (HKLM\...\HitmanPro.Alert) (Version: 3.6.3.586 - SurfRight B.V.) IIS 8.0 Express (HKLM\...\{7BF61FA9-BDFB-4563-98AD-FCB0DA28CCC7}) (Version: 8.0.1557 - Microsoft Corporation) IIS Express Application Compatibility Database for x64 (HKLM\...\{9f4f4a9b-eec5-4906-92fe-d1f43ccf5c8d}.sdb) (Version: - ) IIS Express Application Compatibility Database for x86 (HKLM\...\{fdfba1f3-74ae-4255-9c10-a0f552b4610f}.sdb) (Version: - ) IL Download Manager (HKLM-x32\...\IL Download Manager) (Version: - Image-Line) IL Shared Libraries (HKLM-x32\...\IL Shared Libraries) (Version: - Image-Line) Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation) Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1118 - Intel Corporation) Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2538 - Intel Corporation) Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.1.5.1001 - Intel Corporation) Intel® Hardware Accelerated Execution Manager (HKLM\...\{7824FFE2-E5BE-4530-91AA-C1F442FD4A83}) (Version: 1.0.6 - Intel Corporation) Internet Download Manager (HKLM-x32\...\Internet Download Manager) (Version: - Tonec Inc.) Java 7 Update 51 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417051FF}) (Version: 7.0.510 - Oracle) Java 7 Update 65 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217051FF}) (Version: 7.0.650 - Oracle) Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation) Java 8 Update 45 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218045F0}) (Version: 8.0.450 - Oracle Corporation) Java 8 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218051F0}) (Version: 8.0.510 - Oracle Corporation) Java 8 Update 60 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418060F0}) (Version: 8.0.600.27 - Oracle Corporation) Java 8 Update 65 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218065F0}) (Version: 8.0.650.17 - Oracle Corporation) Java SE Development Kit 7 Update 51 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0170510}) (Version: 1.7.0.510 - Oracle) Java SE Development Kit 7 Update 7 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0170070}) (Version: 1.7.0.70 - Oracle) Java SE Development Kit 8 Update 60 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0180600}) (Version: 8.0.600.27 - Oracle Corporation) Java(TM) 6 Update 32 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216032FF}) (Version: 6.0.320 - Oracle) JavaScript Tooling (Version: 12.0.21005 - Microsoft Corporation) Hidden JCreator LE 4.50 (HKLM-x32\...\JCreator LE_is1) (Version: - Xinox Software) JCreator Pro 5.00 (HKLM-x32\...\JCreator Pro_is1) (Version: - Xinox Software) LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version: - ) LBOTS Top mouse Driver (HKLM-x32\...\{D4A3F178-321C-432F-A40F-CEA1C9CB357C}) (Version: 1.0 - Togran) Lenovo Bluetooth with Enhanced Data Rate Software (HKLM\...\{436E0B79-2CFB-4E5F-9380-E17C1B25D0C5}) (Version: 6.3.0.7400 - Broadcom Corporation) Lenovo EasyCamera (HKLM-x32\...\{E0A7ED39-8CD6-4351-93C3-69CCA00D12B4}) (Version: 6.1.7600.0083 - Realtek Semiconductor Corp.) Lenovo EE Boot Optimizer (HKLM\...\Lenovo EE Boot Optimizer) (Version: 0.0.1.5 - Lenovo) Lenovo MuteSync (HKLM-x32\...\InstallShield_{C39EF9B4-0C4F-4D48-8665-8FD45BFF3961}) (Version: 1.0.0.3 - Lenovo) Lenovo MuteSync (x32 Version: 1.0.0.3 - Lenovo) Hidden Lenovo OneKey Recovery (HKLM-x32\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 7.0.1628 - CyberLink Corp.) Lenovo OneKey Recovery (Version: 7.0.1628 - CyberLink Corp.) Hidden Lenovo YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.1.3603 - CyberLink Corp.) Lenovo YouCam (x32 Version: 3.1.3603 - CyberLink Corp.) Hidden Lenovo_Wireless_Driver (HKLM-x32\...\{28ABE740-47F3-441B-9437-852F6A64EFF8}) (Version: 1.02.01 - Lenovo) Little Fighter 2 version 2.0a (HKLM-x32\...\Little Fighter 2 version 2.0a) (Version: - ) LocalESPC Dev12 (x32 Version: 8.100.25984 - Microsoft Corporation) Hidden LocalESPCui for en-us Dev12 (x32 Version: 8.100.25984 - Microsoft) Hidden LockHunter 3.1, 32/64 bit (HKLM\...\LockHunter_is1) (Version: - Crystal Rich Ltd) Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes) McAfee WebAdvisor (HKLM-x32\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 4.0.228 - McAfee, Inc.) MDF to ISO version 1.0 (HKLM-x32\...\{79DDA36F-B19E-4293-A4F2-FA3EC1C06E6E}_is1) (Version: 1.0 - mdftoiso.com) Microsoft .NET Framework 4.5 Multi-Targeting Pack (HKLM-x32\...\{56E962F0-4FB0-3C67-88DB-9EAA6EEFC493}) (Version: 4.5.50710 - Microsoft Corporation) Microsoft .NET Framework 4.5 SDK (HKLM-x32\...\{4AE57014-05C4-4864-A13D-86517A7E1BA4}) (Version: 4.5.50710 - Microsoft Corporation) Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation) Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (ENU) (HKLM-x32\...\{D3517C62-68A5-37CF-92F7-93C029A89681}) (Version: 4.5.50932 - Microsoft Corporation) Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (HKLM-x32\...\{6A0C6700-EA93-372C-8871-DCCF13D160A4}) (Version: 4.5.50932 - Microsoft Corporation) Microsoft .NET Framework 4.5.1 SDK (HKLM-x32\...\{19A5926D-66E1-46FC-854D-163AA10A52D3}) (Version: 4.5.51641 - Microsoft Corporation) Microsoft Age of Empires Gold (HKLM-x32\...\Age of Empires Gold 1.0) (Version: - ) Microsoft AppLocale (HKLM-x32\...\{394BE3D9-7F57-4638-A8D1-1D88671913B7}) (Version: 1.0.0 - MS) Microsoft Help Viewer 2.1 (HKLM-x32\...\Microsoft Help Viewer 2.1) (Version: 2.1.21005 - Microsoft Corporation) Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation) Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation) Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.4734.1000 - Microsoft Corporation) Microsoft PowerPoint Viewer (HKLM-x32\...\{95140000-00AF-0409-0000-0000000FF1CE}) (Version: 14.0.6029.1000 - Microsoft Corporation) Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.20513.0 - Microsoft Corporation) Microsoft Silverlight 5 SDK (HKLM-x32\...\{E1FBB3D4-ADB0-4949-B101-855DA061C735}) (Version: 5.0.61118.0 - Microsoft Corporation) Microsoft SQL Server 2012 Command Line Utilities (HKLM\...\{58FED865-4F13-408D-A5BF-996019C4B936}) (Version: 11.1.3000.0 - Microsoft Corporation) Microsoft SQL Server 2012 Data-Tier App Framework (HKLM-x32\...\{1B876496-B3A2-4D22-9B12-B608A3FD4B8B}) (Version: 11.1.2902.0 - Microsoft Corporation) Microsoft SQL Server 2012 Data-Tier App Framework (x64) (HKLM\...\{A6BA243E-85A3-4635-A269-32949C98AC7F}) (Version: 11.1.2902.0 - Microsoft Corporation) Microsoft SQL Server 2012 Express LocalDB (HKLM\...\{6C026A91-640F-4A23-8B68-05D589CC6F18}) (Version: 11.1.3000.0 - Microsoft Corporation) Microsoft SQL Server 2012 Management Objects (HKLM-x32\...\{2F7DBBE6-8EBC-495C-9041-46A772F4E311}) (Version: 11.1.3000.0 - Microsoft Corporation) Microsoft SQL Server 2012 Management Objects (x64) (HKLM\...\{43A5C316-9521-49C3-B9B6-FCE5E1005DF0}) (Version: 11.1.3000.0 - Microsoft Corporation) Microsoft SQL Server 2012 Native Client (HKLM\...\{D411E9C9-CE62-4DBF-9D92-4CB22B750ED5}) (Version: 11.1.3000.0 - Microsoft Corporation) Microsoft SQL Server 2012 Transact-SQL ScriptDom (HKLM\...\{54C5041B-0E91-4E92-8417-AAA12493C790}) (Version: 11.1.3000.0 - Microsoft Corporation) Microsoft SQL Server 2012 T-SQL Language Service (HKLM-x32\...\{04DD7AF4-A6D3-4E30-9BB9-3B3670719234}) (Version: 11.1.3000.0 - Microsoft Corporation) Microsoft SQL Server Compact 4.0 SP1 x64 ENU (HKLM\...\{78909610-D229-459C-A936-25D92283D3FD}) (Version: 4.0.8876.1 - Microsoft Corporation) Microsoft SQL Server Data Tools - enu (12.0.30919.1) (HKLM-x32\...\{0D7FCBFB-F478-4D32-901C-83F0BF5A3501}) (Version: 12.0.30919.1 - Microsoft Corporation) Microsoft SQL Server Data Tools Build Utilities - enu (12.0.30919.1) (HKLM-x32\...\{6781FF9B-E87D-4A03-9373-A55A288B83FA}) (Version: 12.0.30919.1 - Microsoft Corporation) Microsoft SQL Server System CLR Types (HKLM-x32\...\{A47FD1BF-A815-4A76-BE65-53A15BD5D25D}) (Version: 10.50.1600.1 - Microsoft Corporation) Microsoft SQL Server System CLR Types (x64) (HKLM\...\{4701DEDE-1888-49E0-BAE5-857875924CA2}) (Version: 10.50.1600.1 - Microsoft Corporation) Microsoft System CLR Types for SQL Server 2012 (HKLM-x32\...\{070C38AC-05CE-43DF-9A20-141332F6AB2B}) (Version: 11.1.3366.16 - Microsoft Corporation) Microsoft System CLR Types for SQL Server 2012 (x64) (HKLM\...\{05FF8209-C4F1-4C77-BC28-791653156D20}) (Version: 11.1.3366.16 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation) Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.40820 - Microsoft Corporation) Microsoft Visual Studio Ultimate 2013 (HKLM-x32\...\{cd09eea6-d0b3-4246-bb80-e047ceadf61f}) (Version: 12.0.21005.13 - Microsoft Corporation) Microsoft Web Deploy 3.5 (HKLM\...\{3674F088-9B90-473A-AAC3-20A00D8D810C}) (Version: 3.1237.1762 - Microsoft Corporation) Microsoft Windows Application Compatibility Database (HKLM\...\{deb7008b-681e-4a4a-8aae-cc833e8216ce}.sdb) (Version: - ) MySQL Connector C++ 1.1.3 (HKLM\...\{5C7A1ED6-DC5F-4017-B363-3E80644B4BD0}) (Version: 1.1.3 - Oracle and/or its affiliates) MySQL Connector J (HKLM-x32\...\{E8528562-D612-4331-8A5B-57532D89716B}) (Version: 5.1.31 - Oracle Corporation) MySQL Connector Net 6.8.3 (HKLM-x32\...\{38157422-F952-42F7-88AA-CC16A63CD109}) (Version: 6.8.3 - Oracle) MySQL Connector Python v1.2.2 for Python v3.3 (HKLM-x32\...\{345018CB-60E7-4CC9-8DBA-6E908B8882E8}) (Version: 1.2.2 - Oracle) MySQL Connector/C 6.1 (HKLM\...\{4E2AAB30-1E42-4ACA-B1A9-3AE8629D0C89}) (Version: 6.1.5 - Oracle Corporation) MySQL Connector/ODBC 5.3 (HKLM\...\{43E572BC-B21F-4BEC-94CA-2D4AA6F53246}) (Version: 5.3.2 - Oracle Corporation) MySQL Documents 5.6 (HKLM-x32\...\{790BC099-47CC-4215-9BF3-B20AC3D348B2}) (Version: 5.6.19 - Oracle Corporation) MySQL Examples and Samples 5.6 (HKLM-x32\...\{8934A43E-D901-4337-8313-0C084FBB8ADE}) (Version: 5.6.19 - Oracle Corporation) MySQL For Excel 1.2.1 (HKLM-x32\...\{EC5F887C-FCEE-45D7-BF7B-C0EA767CC45B}) (Version: 1.2.1 - Oracle) MySQL for Visual Studio 1.1.4 (HKLM-x32\...\{3B89BFD4-8AD2-4177-A742-EB5310C0C7F3}) (Version: 1.1.4 - Oracle) MySQL Installer (HKLM-x32\...\{7FDEB19B-06E3-4FA3-9FE7-D792939DCD55}) (Version: 1.3.6.0 - Oracle Corporation) MySQL Notifier 1.1.5 (HKLM-x32\...\{DB02F4B3-3FC4-4FED-B2A2-7CDCF88D87D3}) (Version: 1.1.5 - Oracle) MySQL Server 5.6 (HKLM\...\{FB2E13E5-05CE-4C27-B645-A6FB7D0AB412}) (Version: 5.6.19 - Oracle Corporation) MySQL Utilities (HKLM-x32\...\{AD74E509-A826-4C30-93C3-73E2DFE271F2}) (Version: 1.4.3 - Oracle Corporation) MySQL Workbench 6.1 CE (HKLM-x32\...\{AD95295B-0279-43B6-A873-F12A1D1CD146}) (Version: 6.1.7 - Oracle Corporation) NetBeans IDE 7.2 (HKLM\...\nbi-nb-base-7.2.0.0.201207171143) (Version: 7.2 - NetBeans.org) NetBeans IDE 7.4 (HKLM\...\nbi-nb-base-7.4.0.0.201310111528) (Version: 7.4 - NetBeans.org) Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.6.9 - Notepad++ Team) NVIDIA 3D Vision Driver 267.53 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 267.53 - NVIDIA Corporation) NVIDIA Graphics Driver 267.53 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 267.53 - NVIDIA Corporation) Onekey Theater (HKLM-x32\...\InstallShield_{D4B060B9-AD4A-4152-9D99-28B93C615AFE}) (Version: 2.0.2.8 - Lenovo) Onekey Theater (x32 Version: 2.0.2.8 - Lenovo) Hidden Open XML SDK 2.5 for Microsoft Office (x32 Version: 2.5.5631 - Microsoft Corporation) Hidden PandoraRecovery (Remove Only) (HKLM-x32\...\PandoraRecovery) (Version: - ) PARI (remove only) (HKLM-x32\...\PARI) (Version: - ) PCSX2 - Playstation 2 Emulator (HKLM-x32\...\pcsx2-r4600) (Version: - ) PDF Settings CS5 (x32 Version: 10.0 - Adobe Systems Incorporated) Hidden PDFCreator (HKLM-x32\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.0.2 - Frank Heindörfer, Philip Chinery) Photo Pos Pro (HKLM-x32\...\Photo Pos Pro) (Version: 1.88 - PowerOfSoftware Ltd.) Power2Go (HKLM-x32\...\{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 5.6.0.7303 - CyberLink Corp.) PreEmptive Analytics Visual Studio Components (x32 Version: 1.2.3197.1 - PreEmptive Solutions) Hidden Prerequisites for SSDT (HKLM-x32\...\{35C1D9D6-87C0-46A3-B1B4-EDBCC063221C}) (Version: 11.1.3000.0 - Microsoft Corporation) PxMergeModule (x32 Version: 1.00.0000 - Your Company Name) Hidden Python 3.3.3 (64-bit) (HKLM\...\{e9d90870-ab19-32a8-aa93-f8348ba21d05}) (Version: 3.3.3150 - Python Software Foundation) Python 3.5.1 (32-bit) (HKU\S-1-5-21-1359419172-3491595909-2348629299-1001\...\{c39d559b-aa83-4476-ba20-988a35a1199a}) (Version: 3.5.1150.0 - Python Software Foundation) Python 3.5.1 Core Interpreter (32-bit) (x32 Version: 3.5.1150.0 - Python Software Foundation) Hidden Python 3.5.1 Development Libraries (32-bit) (x32 Version: 3.5.1150.0 - Python Software Foundation) Hidden Python 3.5.1 Documentation (32-bit) (x32 Version: 3.5.1150.0 - Python Software Foundation) Hidden Python 3.5.1 Executables (32-bit) (x32 Version: 3.5.1150.0 - Python Software Foundation) Hidden Python 3.5.1 Launcher (32-bit) (HKLM-x32\...\{17778F7B-FB5A-4A93-9719-D75BAF673498}) (Version: 3.5.150.0 - Python Software Foundation) Python 3.5.1 pip Bootstrap (32-bit) (x32 Version: 3.5.1150.0 - Python Software Foundation) Hidden Python 3.5.1 Standard Library (32-bit) (x32 Version: 3.5.1150.0 - Python Software Foundation) Hidden Python 3.5.1 Tcl/Tk Support (32-bit) (x32 Version: 3.5.1150.0 - Python Software Foundation) Hidden Python 3.5.1 Test Suite (32-bit) (x32 Version: 3.5.1150.0 - Python Software Foundation) Hidden Python 3.5.1 Utility Scripts (32-bit) (x32 Version: 3.5.1150.0 - Python Software Foundation) Hidden Python Tools Redirection Template (x32 Version: 1.1 - Microsoft Corporation) Hidden Qemu 0.7.2 (remove only) (HKLM-x32\...\Qemu) (Version: - ) Quincy 2005 v. 1.3 (HKLM-x32\...\{8F1850CA-B67C-4888-A828-06AC1441C985}_is1) (Version: - Codecutter) Raptor - Call of the Shadows (HKLM-x32\...\Raptor - Call of the Shadows_is1) (Version: - GOG.com) RealDownloader (HKLM-x32\...\{A88E1685-1986-4A86-8E88-5FE1E727D026}) (Version: 1.2.0 - RealNetworks, Inc.) Realtek Ethernet Controller Driver For Windows 7 (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.23.623.2010 - Realtek) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6301 - Realtek Semiconductor Corp.) Realtek USB 2.0 Reader Driver (HKLM-x32\...\{62BBB2F0-E220-4821-A564-730807D2C34D}) (Version: 6.1.7601.39015 - Realtek Semiconductor Corp.) Rome - Total War(TM) (HKLM-x32\...\InstallShield_{A642BB6B-CA1D-4142-8DD4-318C3F3DC834}) (Version: 1.0 - Activision) Rome - Total War(TM) (x32 Version: 1.0 - Activision) Hidden ShadowExplorer 0.9 (HKLM-x32\...\ShadowExplorer_is1) (Version: 0.9.462.0 - ShadowExplorer.com) SharePoint Client Components (Version: 15.0.4481.1505 - Microsoft Corporation) Hidden Sid Meier's Civilization 4 - Beyond the Sword (HKU\S-1-5-21-1359419172-3491595909-2348629299-1001\...\{32E4F0D2-C135-475E-A841-1D59A0D22989}) (Version: 3.17 - Firaxis Games) Sid Meier's Civilization 4 - Warlords (HKU\S-1-5-21-1359419172-3491595909-2348629299-1000\...\{3E4B349F-10B5-4586-9D99-489A90A8B228}) (Version: 1.00.0000 - Firaxis Games) Sid Meier's Civilization 4 - Warlords (HKU\S-1-5-21-1359419172-3491595909-2348629299-1001\...\{3E4B349F-10B5-4586-9D99-489A90A8B228}) (Version: 2.13 - Firaxis Games) Sid Meier's Civilization 4 (HKU\S-1-5-21-1359419172-3491595909-2348629299-1000\...\{CFBCE791-2D53-4FCE-B3FB-D6E01F4112E8}) (Version: 1.00.0000 - Firaxis Games) Sid Meier's Civilization 4 (HKU\S-1-5-21-1359419172-3491595909-2348629299-1001\...\{CFBCE791-2D53-4FCE-B3FB-D6E01F4112E8}) (Version: 1.74 - Firaxis Games) Sid Meier's Civilization 4 (x32 Version: 1.00.0000 - Firaxis Games) Hidden Sid Meier's Pirates! (HKLM-x32\...\InstallShield_{1632FD86-1BA4-4FC4-8B25-A8C655D63F68}) (Version: 2.00.0000 - Firaxis Games) Sid Meier's Pirates! (x32 Version: 2.00.0000 - Firaxis Games) Hidden Sierra Utilities (HKLM-x32\...\Sierra Utilities) (Version: - ) Skype Click to Call (HKLM-x32\...\{873F8E7C-10E6-449F-BD7E-5FBA7C8E1C9B}) (Version: 8.5.0.9167 - Microsoft Corporation) Skype™ 6.18 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.18.106 - Skype Technologies S.A.) Skyscraper 2.0 Alpha 7 (HKLM-x32\...\Skyscraper) (Version: 2.0 Alpha 7 - Ryan Thoryk) Snagit 11 (HKLM-x32\...\{F8E3C768-71F3-11E1-9DF7-70804824019B}) (Version: 11.0.1 - TechSmith Corporation) SRS Premium Sound Control Panel (HKLM\...\{F3C66EC8-2F33-452D-9CFF-E8C886B3ECC4}) (Version: 1.11.0000 - SRS Labs, Inc.) Starcraft (HKLM-x32\...\Starcraft) (Version: - ) StarCraft II (HKLM-x32\...\StarCraft II) (Version: 1.0.0.16117 - Blizzard Entertainment) swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.3.2.0 - Synaptics Incorporated) System Explorer 7.0.0 (HKLM-x32\...\{40F485F7-6478-4896-B0D5-F94BE677EB78}_is1) (Version: - Mister Group) Team Explorer for Microsoft Visual Studio 2013 (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden The KMPlayer (remove only) (HKLM-x32\...\The KMPlayer) (Version: 3.6.0.87 - KMP Media co., Ltd) Unity Web Player (HKU\S-1-5-21-1359419172-3491595909-2348629299-1000\...\UnityWebPlayer) (Version: - Unity Technologies ApS) Unity Web Player (HKU\S-1-5-21-1359419172-3491595909-2348629299-1001\...\UnityWebPlayer) (Version: - Unity Technologies ApS) Update for (KB2504637) (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}.KB2504637) (Version: 1 - Microsoft Corporation) UserGuide (HKLM-x32\...\InstallShield_{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}) (Version: 1.0.0.6 - Lenovo) UserGuide (x32 Version: 1.0.0.6 - Lenovo) Hidden VeriFace (HKLM-x32\...\VeriFace) (Version: 4.0.1.0126 - Lenovo) VirtualCloneDrive (HKLM-x32\...\VirtualCloneDrive) (Version: - Elaborate Bytes) VmciSockets (Version: 9.1.54.1 - VMware, Inc.) Hidden VMware Player (HKLM-x32\...\VMware_Player) (Version: 4.0.2.28060 - VMware, Inc) VMware Player (x32 Version: 4.0.2.28060 - VMware, Inc.) Hidden Warcraft II BNE (HKLM-x32\...\Warcraft II BNE) (Version: - ) Warcraft III (HKLM-x32\...\Warcraft III) (Version: - ) Warcraft III: All Products (HKU\S-1-5-21-1359419172-3491595909-2348629299-1000\...\Warcraft III) (Version: - ) Warcraft III: All Products (HKU\S-1-5-21-1359419172-3491595909-2348629299-1001\...\Warcraft III) (Version: - ) WCF Data Services 5.6.0 Runtime (x32 Version: 5.6.61587.0 - Microsoft Corporation) Hidden WCF Data Services Tools for Microsoft Visual Studio 2013 (x32 Version: 5.6.61587.0 - Microsoft Corporation) Hidden WCF RIA Services V1.0 SP2 (HKLM-x32\...\{5D8DD6A8-C4D7-4554-93F9-F1CC28C72600}) (Version: 4.1.62812.0 - Microsoft Corporation) Windows Driver Package - Lenovo (ACPIVPC) System (12/02/2010 6.1.0.1) (HKLM\...\EA12B1FB53CE4E387C31A85236C41EF559B5E392) (Version: 12/02/2010 6.1.0.1 - Lenovo) Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation) Windows Live Messenger (HKLM-x32\...\{33F8EAD4-B6EC-498B-B487-696B973D1C0C}) (Version: 8.5.1235.0517 - Microsoft Corporation) Windows Live Sign-in Assistant (HKLM-x32\...\{49672EC2-171B-47B4-8CE7-50D7806360D7}) (Version: 4.100.313.1 - Microsoft Corporation) WinRAR 4.11 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 4.11.0 - win.rar GmbH) Workflow Manager Client 1.0 (Version: 2.0.30813.2 - Microsoft Corporation) Hidden Workflow Manager Tools 1.0 for Visual Studio (Version: 2.0.30725.1 - Microsoft Corporation) Hidden XAMPP (HKLM-x32\...\xampp) (Version: 5.6.3-0 - Bitnami) Zemana AntiMalware (HKLM-x32\...\{8F0CD7D1-42F3-4195-95CD-833578D45057}_is1) (Version: 2.72.101 - Zemana Ltd.) 微软设备健康助手 (HKLM-x32\...\{2EAC4B0F-6E44-4FF6-AA5E-5D100F2BAA59}) (Version: 1.5.3.1 - Microsoft Corporation) 用于远程连接的 Windows Live Mesh ActiveX 控件(简体中文) (HKLM-x32\...\{F992409C-9D10-4AE2-BAEB-B5409AD3785E}) (Version: 15.4.5722.2 - Microsoft Corporation) 谷歌拼音输入法 2.7 (HKLM\...\GooglePinyin2) (Version: - Google Inc.) 適用遠端連線的 Windows Live Mesh ActiveX 控制項 (HKLM-x32\...\{622DE1BE-9EDE-49D3-B349-29D64760342A}) (Version: 15.4.5722.2 - Microsoft Corporation) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {061F0FA4-D62B-44E4-8441-773653549120} - System32\Tasks\AutoKMSDaily => C:\windows\AutoKMS.exe Task: {16F62F4A-E3A7-4EB1-98E1-254E5B8F2293} - System32\Tasks\MySQLNotifierTask => C:\Program Files (x86)\MySQL\MySQL Notifier 1.1.5\MySQLNotifier.exe [2013-11-25] (Oracle Corporation) Task: {2279A256-0F7E-4964-9298-E7C5C09048C0} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-12-09] (Adobe Systems Incorporated) Task: {2625E688-1E3A-4151-86D3-E3E54549F06A} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.) Task: {2F57269B-1E09-4E2D-AB1E-B0FDAC7D279C} - \Microsoft\Windows\WindowsBackup\ConfigNotification -> No File <==== ATTENTION Task: {3009AF14-0182-4478-945F-85E9AA16B038} - System32\Tasks\Google Pinyin Daemon => C:\Program Files (x86)\Google\Google Pinyin 2\GooglePinyinDaemon.exe [2016-01-22] (Google Inc.) <==== ATTENTION Task: {32FB1136-CAA3-4F0A-8005-554131A750F4} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-10-28] (Adobe Systems Incorporated) Task: {64C7979A-5677-418A-B543-9F4DD7549588} - System32\Tasks\微软设备健康助手开机检测 => C:\Program Files (x86)\Microsoft Device Health\DhUpdate.exe [2015-01-30] (Microsoft Corporation) Task: {6CD14696-8535-42D0-974D-1536D7A00FD2} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-1359419172-3491595909-2348629299-1001 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe [2012-08-09] (RealNetworks, Inc.) Task: {76999E7D-650B-47C5-A803-462E033DC6F8} - \Microsoft\Windows\Windows Activation Technologies\ValidationTaskDeadline -> No File <==== ATTENTION Task: {780739B0-1898-4497-A76F-8C4C44AC6725} - System32\Tasks\{D4699E34-BCB4-48AB-A90E-DFB83F4644D6} => pcalua.exe -a D:\CYZ\Download\HijackThis.exe -d D:\CYZ\Download Task: {7AB34FAD-57EE-4637-BCBE-B4E54C9394E3} - \Microsoft\Windows\Windows Activation Technologies\ValidationTask -> No File <==== ATTENTION Task: {80794040-F5DF-4AD0-BF42-2FEB231848A5} - System32\Tasks\微软设备健康助手设备检查 => C:\Program Files (x86)\Microsoft Device Health\PluginManager\DhPluginMgrScheduler.exe [2015-01-30] (Microsoft Corporation) Task: {86A97C22-955C-4417-A4C6-800FD0C6D6B7} - System32\Tasks\AutoKMS => C:\windows\AutoKMS.exe Task: {8C715FA0-C36A-4545-9877-121863035BD6} - System32\Tasks\{91B8B184-2936-4DD2-A034-A42E0F5BEEC1} => pcalua.exe -a "C:\Users\Yu Zheng\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9XXUN38F\JavaSetup8u45.exe" -d "C:\Users\Yu Zheng\Desktop" Task: {9728A154-F652-455C-BB4F-BE8F20683618} - System32\Tasks\GoogleUpdateTaskMachineUA1d15c13b819c33a => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.) Task: {994C86AD-A929-4B2C-88A0-4E25A107A029} - System32\Tasks\Microsoft\Windows\SystemRestore\SR => %windir%\system32\srtasks.exe Task: {9D53F332-5B40-45EE-AE38-205E7E4A1325} - System32\Tasks\微软设备健康助手自动更新 => C:\Program Files (x86)\Microsoft Device Health\DhUpdate.exe [2015-01-30] (Microsoft Corporation) Task: {A349DFAE-5664-4BE5-997B-6462AA444CBA} - System32\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-1359419172-3491595909-2348629299-1001 => C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe [2012-08-09] (RealNetworks, Inc.) Task: {A6AF9377-77CE-47AB-AD7D-EC32CAD0C82D} - System32\Tasks\Microsoft\Windows\Location\Notifications => %windir%\System32\LocationNotificationWindows.exe Task: {A825F8D7-5378-4292-B491-4BF4BDAF15E3} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-1359419172-3491595909-2348629299-1001 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe [2012-08-09] (RealNetworks, Inc.) Task: {ABFC1D8E-7FEA-4BB3-B2A4-F9667AABE67D} - System32\Tasks\{77896C98-A6A7-4C08-B5CA-2A930F8E447D} => pcalua.exe -a "C:\Users\Yu Zheng\Downloads\Age of Empires\Age of empires\setup.exe" -d "C:\Users\Yu Zheng\Downloads\Age of Empires\Age of empires" Task: {AC4E5ACF-89F7-4220-BA21-81EE183975E2} - \Microsoft\Windows\Application Experience\AitAgent -> No File <==== ATTENTION Task: {C789A7BD-CCEF-4D8B-B0C3-5A0B46828356} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.) Task: {CEE64558-E1A7-4D9D-80A7-2001912BE5B5} - \Microsoft\Windows\MemoryDiagnostic\CorruptionDetector -> No File <==== ATTENTION Task: {D9A94517-9828-4988-9CD4-2E35D08510E4} - System32\Tasks\MirageAgent => C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe [2010-12-05] (CyberLink) Task: {ECE84F5B-62B7-451F-8EE6-6A5D75D339CE} - System32\Tasks\{FEDBD757-808D-4119-8142-1D2D455C93F7} => pcalua.exe -a "C:\Users\Yu Zheng\Downloads\www.sanguogame.com.cn__san5dos.exe" -d "C:\Users\Yu Zheng\Downloads" Task: {F14C8BFF-A327-47EE-99BC-03101DE8C562} - System32\Tasks\GoogleUpdateTaskMachineCore1d15c13b7cb35d1 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.) Task: {FA2BC0A6-8D4B-458A-85C8-2B8C72487513} - \Microsoft\Windows\MemoryDiagnostic\DecompressionFailureDetector -> No File <==== ATTENTION Task: {FF09A2C6-F287-4FEE-A4D4-65C0068A6293} - System32\Tasks\AdobeAAMUpdater-1.0-YuZheng-PC-Anderson => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2011-03-30] (Adobe Systems Incorporated) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\windows\Tasks\AutoKMS.job => C:\windows\AutoKMS.exe Task: C:\windows\Tasks\AutoKMSDaily.job => C:\windows\AutoKMS.exe Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\windows\Tasks\微软设备健康助手开机检测.job => C:\Program Files (x86)\Microsoft Device Health\DhUpdate.exe /EnableDH SYSTEM H此任务用于微软设备健康助手的状态检测和自我修复。了解更多请查阅hxxp:/support.microsoft.com Task: C:\windows\Tasks\微软设备健康助手自动更新.job => C:\Program Files (x86)\Microsoft Device Health\DhUpdate.exe SYSTEM Z此服务属于微软设备健康助手用于获取最新的版本有助于提高设备健康度及保障支付安全。了解更多请查阅hxxp:/support.microsoft.com Task: C:\windows\Tasks\微软设备健康助手设备检查.job => C:\Program Files (x86)\Microsoft Device Health\PluginManager\DhPluginMgrScheduler.exe SYSTEM C此任务用于微软设备健康助手的设备检查。了解更多请查阅hxxp:/support.microsoft.com ==================== Shortcuts ============================= (The entries could be listed to be restored or removed.) ShortcutWithArgument: C:\Users\Yu Zheng\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\水浒传之梁山好汉\游戏无法运行.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation) -> "hxxp://www.paopaoche.net/?err" ShortcutWithArgument: C:\Users\Yu Zheng\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\水浒传2天导108星\游戏无法运行.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation) -> " hxxp://www.962.net/app/downhelp.html" ==================== Loaded Modules (Whitelisted) ============== 2012-04-30 21:12 - 2005-03-12 01:07 - 00087040 _____ () C:\windows\System32\pdfcmnnt.dll 2012-08-09 13:02 - 2012-08-09 13:02 - 00038608 _____ () C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe 2011-02-17 01:56 - 2011-02-17 01:56 - 00202144 _____ () C:\Program Files (x86)\Lenovo\Onekey Theater\ActiveDetect64.dll 2011-02-17 02:01 - 2011-02-17 02:01 - 00156576 _____ () C:\Program Files (x86)\Lenovo\Onekey Theater\WindowsApiHookDll64.dll 2010-01-09 20:17 - 2010-01-09 20:17 - 04254560 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF 2010-01-21 01:40 - 2010-01-21 01:40 - 08794464 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll 2011-12-27 20:20 - 2011-12-27 20:20 - 01508192 _____ () C:\windows\system32\IcnOvrly.dll 2011-12-27 20:20 - 2011-12-27 20:20 - 00628064 _____ () C:\windows\system32\SimpleExt.dll 2012-04-29 21:59 - 2012-02-17 20:55 - 00193536 _____ () C:\Program Files (x86)\WinRAR\rarext64.dll 2014-05-12 17:49 - 2014-05-12 17:49 - 00222720 _____ () C:\Program Files (x86)\Notepad++\NppShell_06.dll 2017-02-24 12:54 - 2017-02-24 12:54 - 00154480 _____ () C:\Program Files (x86)\Zemana AntiMalware\ZAMShellExt64.dll 2010-12-15 02:05 - 2010-12-15 02:05 - 00173856 _____ () C:\Program Files\Lenovo\Bluetooth Software\BTKeyInd.dll 2011-11-03 13:32 - 2011-09-26 00:36 - 00094208 _____ () C:\windows\System32\IccLibDll_x64.dll 2007-12-13 03:08 - 2007-12-13 03:08 - 01401856 _____ () C:\Acer\Empowering Technology\eDataSecurity\x64\libeay32.dll 2009-04-13 14:48 - 2009-04-13 14:48 - 00382000 _____ () C:\Acer\Empowering Technology\eDataSecurity\x64\ShowErrMsg.dll 2011-12-27 20:18 - 2011-12-27 20:18 - 00100256 _____ () C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeySupport.exe 2008-12-20 11:20 - 2011-12-27 20:31 - 00054088 _____ () C:\Program Files (x86)\Lenovo\Energy Management\KbdHook.dll 2008-12-20 11:20 - 2011-12-27 20:31 - 00054088 _____ () C:\Program Files (x86)\Lenovo\Energy Management\HookLib.dll 2016-01-22 03:47 - 2016-01-22 03:47 - 00846360 _____ () C:\Program Files (x86)\Google\Google Pinyin 2\GooglePinyinService.exe 2012-01-18 16:11 - 2012-01-18 16:11 - 01229424 _____ () C:\Program Files (x86)\VMware\VMware Player\libxml2.dll 2011-02-17 01:51 - 2011-02-17 01:51 - 00161696 _____ () C:\Program Files (x86)\Lenovo\Onekey Theater\ActiveDetect32.dll 2011-02-17 01:53 - 2011-02-17 01:53 - 00133024 _____ () C:\Program Files (x86)\Lenovo\Onekey Theater\WindowsApiHookDll32.dll 2010-01-09 20:18 - 2010-01-09 20:18 - 04254560 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF 2010-01-21 01:34 - 2010-01-21 01:34 - 08793952 _____ () C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) AlternateDataStreams: C:\ProgramData\Temp:54D4173A [196] AlternateDataStreams: C:\ProgramData\Temp:98F0614F [97] AlternateDataStreams: C:\Users\Yu Zheng\Desktop\FYPTemplate:Mac_Metadata [42] ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) ==================== Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) HKLM\...\.exe: CryptoPreventEXE => "C:\Program Files (x86)\Foolish IT\CryptoPrevent\CryptoPreventFilterMod.CryptoPreventEXEC" /"%1" %* <===== ATTENTION HKLM\...\.com: CryptoPreventEXE => "C:\Program Files (x86)\Foolish IT\CryptoPrevent\CryptoPreventFilterMod.CryptoPreventEXEC" /"%1" %* <===== ATTENTION HKLM\...\.scr: CryptoPreventSCR => "C:\Program Files (x86)\Foolish IT\CryptoPrevent\CryptoPreventFilterMod.CryptoPreventEXEC" "%1" /S %* ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-14 10:34 - 2012-12-20 15:25 - 00002198 ____A C:\windows\system32\Drivers\etc\hosts 127.0.0.1 crl.verisign.net CRL.VERISIGN.NET ood.opsource.net 127.0.0.1 activate.adobe.com 127.0.0.1 activate-sea.adobe.com 127.0.0.1 practivate.adobe 127.0.0.1 practivate.adobe.com 127.0.0.1 practivate.adobe.newoa 127.0.0.1 practivate.adobe.ntp 127.0.0.1 practivate.adobe.ipp 127.0.0.1 adobeereg.com 127.0.0.1 activate.wip1.adobe.com 127.0.0.1 activate.wip2.adobe.com 127.0.0.1 activate.wip3.adobe.com 127.0.0.1 activate.wip4.adobe.com 127.0.0.1 www.adobeereg.com 127.0.0.1 hl2rcv.adobe.com 127.0.0.1 wip.adobe.com 127.0.0.1 wip1.aobe.com 127.0.0.1 wip2.adobe.com 127.0.0.1 wip3.adobe.com 127.0.0.1 wip4.adobe.com 127.0.0.1 www.wip.adobe.com 127.0.0.1 www.wip1.adobe.com 127.0.0.1 www.wip2.adobe.com 127.0.0.1 www.wip3.adobe.com 127.0.0.1 www.wip4.adobe.com 127.0.0.1 3dns.adobe.com 127.0.0.1 3dns-1.adobe.com 127.0.0.1 3dns-2.adobe.com 127.0.0.1 3dns-3.adobe.com 127.0.0.1 3dns-4.adobe.com There are 12 more lines. ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-1359419172-3491595909-2348629299-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Yu Zheng\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg DNS Servers: 192.168.0.1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == MSCONFIG\startupreg: BitTorrent => "C:\Users\Yu Zheng\AppData\Roaming\BitTorrent\BitTorrent.exe" /MINIMIZED MSCONFIG\startupreg: BlueStacks Agent => C:\Program Files (x86)\BlueStacks\HD-Agent.exe MSCONFIG\startupreg: Power2GoExpress => NA MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun MSCONFIG\startupreg: VoipRaider => "C:\Program Files (x86)\VoipRaider.com\VoipRaider\VoipRaider.exe" -nosplash -minimized ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [{5B0536A9-D2E1-465D-980C-E4C595D11C0B}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe FirewallRules: [{6D464A96-FF7B-4837-B11B-A8179B27F4DE}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe FirewallRules: [{809A37BA-9D43-48E5-AB1C-FB2348DB2F77}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe FirewallRules: [{17802D83-3FAC-4826-A860-7D37C089C157}] => (Allow) svchost.exe FirewallRules: [{D3BCEBFA-958F-4265-AA6E-7D8544C47F63}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\livecall.exe FirewallRules: [{7563DD9F-E88B-4A57-A3BE-414803FC32A2}] => (Allow) C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe FirewallRules: [{0CEBCDD1-383F-493B-8CE7-C700E786B4B0}] => (Allow) C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe FirewallRules: [{B2DE7C15-4475-4080-842F-26355A9D1007}] => (Allow) C:\Program Files (x86)\StarCraft II\StarCraft II.exe FirewallRules: [{0248906A-0FED-45DD-92BA-ADA243F1F8C7}] => (Allow) C:\Program Files (x86)\StarCraft II\StarCraft II.exe FirewallRules: [{EEA09A55-4033-4E5A-9279-A1C682689267}] => (Allow) C:\Program Files (x86)\StarCraft II\Versions\Base15405\SC2.exe FirewallRules: [{207C1038-959E-4798-8D95-763031E7725F}] => (Allow) C:\Program Files (x86)\StarCraft II\Versions\Base15405\SC2.exe FirewallRules: [{23A5D807-89B4-4408-8F30-1D0E90E3F1DE}] => (Allow) C:\Program Files (x86)\Adobe\Adobe Flash Builder 4.5\FlashBuilder.exe FirewallRules: [{EF08E183-B9A5-4441-8354-17E01BEA905F}] => (Allow) C:\Program Files (x86)\Adobe\Adobe Flash Builder 4.5\FlashBuilder.exe FirewallRules: [{036221F4-662B-47FF-B59B-C4FF2389600E}] => (Allow) LPort=7935 FirewallRules: [{4844D1BB-5326-4783-9D4C-D67C7ADA57B3}] => (Allow) C:\Users\Yu Zheng\AppData\Roaming\BitTorrent\BitTorrent.exe FirewallRules: [{4C5B497C-F90B-4E18-826B-EE0880BB47BF}] => (Allow) C:\Users\Yu Zheng\AppData\Roaming\BitTorrent\BitTorrent.exe FirewallRules: [TCP Query User{17298735-CE34-42F5-A17F-EB42B9F93958}C:\users\yu zheng\downloads\age of empires\age of empires\empires.exe] => (Block) C:\users\yu zheng\downloads\age of empires\age of empires\empires.exe FirewallRules: [UDP Query User{CECA81BE-8ACD-4FB3-A3E3-2A0652653E47}C:\users\yu zheng\downloads\age of empires\age of empires\empires.exe] => (Block) C:\users\yu zheng\downloads\age of empires\age of empires\empires.exe FirewallRules: [TCP Query User{6BFC5AB1-69BF-46FC-9DA1-30E7D87C3286}C:\program files (x86)\microsoft games\age of empires ii\empires2.exe] => (Block) C:\program files (x86)\microsoft games\age of empires ii\empires2.exe FirewallRules: [UDP Query User{C1922452-2698-4310-B0ED-08F4A7CE9AC6}C:\program files (x86)\microsoft games\age of empires ii\empires2.exe] => (Block) C:\program files (x86)\microsoft games\age of empires ii\empires2.exe FirewallRules: [TCP Query User{3FCFF4BA-D117-461A-B48A-0F8B13959680}C:\users\yu zheng\downloads\age_of_empires_expansion_fixed\empiresx.exe] => (Block) C:\users\yu zheng\downloads\age_of_empires_expansion_fixed\empiresx.exe FirewallRules: [UDP Query User{7170A9BC-E351-4EED-9475-D544324863FE}C:\users\yu zheng\downloads\age_of_empires_expansion_fixed\empiresx.exe] => (Block) C:\users\yu zheng\downloads\age_of_empires_expansion_fixed\empiresx.exe FirewallRules: [TCP Query User{FD170F67-5D01-455B-B0D2-FBBFA26386B1}C:\program files (x86)\voipraider.com\voipraider\voipraider.exe] => (Allow) C:\program files (x86)\voipraider.com\voipraider\voipraider.exe FirewallRules: [UDP Query User{7DC6849C-FD40-4DDB-A0B9-3C31BFEAEE29}C:\program files (x86)\voipraider.com\voipraider\voipraider.exe] => (Allow) C:\program files (x86)\voipraider.com\voipraider\voipraider.exe FirewallRules: [{2627E1D8-FBA3-427A-A202-9CEE97883785}] => (Block) C:\program files (x86)\voipraider.com\voipraider\voipraider.exe FirewallRules: [{BEA4661F-605C-4F8A-A629-E1B0EC5B761A}] => (Block) C:\program files (x86)\voipraider.com\voipraider\voipraider.exe FirewallRules: [{2F597FCA-BB5D-4854-A86F-3ABD5D883CC5}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe FirewallRules: [{1F094D59-35E8-44A4-B2E4-C62C694A6B1D}] => (Block) %ProgramFiles% (x86)\Image-Line\FL Studio 11\FL.exe FirewallRules: [{A7AD4131-42EF-403A-8382-F408E1A5E332}] => (Block) %ProgramFiles% (x86)\Image-Line\FL Studio 11\FL (compatible memory).exe FirewallRules: [TCP Query User{A38590DA-97B7-4436-A97C-D4993358E48D}C:\windows\kmsemulator.exe] => (Allow) C:\windows\kmsemulator.exe FirewallRules: [UDP Query User{5C6EAD09-4F0D-48B8-B98F-C079E3C7AB10}C:\windows\kmsemulator.exe] => (Allow) C:\windows\kmsemulator.exe FirewallRules: [{D87E9A45-B947-47A9-BEA9-71F24FED4618}] => (Block) C:\windows\kmsemulator.exe FirewallRules: [{5526345B-A6CA-4661-8EA7-BA20751985F3}] => (Block) C:\windows\kmsemulator.exe FirewallRules: [{71AF7E43-0784-4901-86F9-FC985BCA20EA}] => (Allow) C:\Program Files (x86)\Microsoft Visual Studio 12.0\Common7\IDE\devenv.exe FirewallRules: [{94BE3D60-0F86-4A0C-9B50-BF72216FB549}] => (Allow) C:\Program Files (x86)\Microsoft Visual Studio 12.0\Common7\IDE\devenv.exe FirewallRules: [{63DFBCF7-CC07-4A2C-AE54-8C86811F2497}] => (Allow) C:\Program Files (x86)\Microsoft Visual Studio 12.0\Common7\IDE\devenv.exe FirewallRules: [{C6228DCE-FFFE-4848-BC23-86A5779F5E20}] => (Allow) C:\Program Files (x86)\Microsoft Visual Studio 12.0\Common7\IDE\devenv.exe FirewallRules: [{3A98180D-76D7-47C3-A059-A4C66FC1C28D}] => (Allow) C:\Program Files (x86)\Microsoft Visual Studio 12.0\Common7\IDE\devenv.exe FirewallRules: [{CCE90AAC-A45D-4824-BBC6-81F2EF269BDB}] => (Allow) C:\Program Files (x86)\Microsoft Visual Studio 12.0\Common7\IDE\devenv.exe FirewallRules: [{55B724E1-D910-4AF6-A5A9-66C7576D09BD}] => (Allow) C:\Program Files (x86)\Microsoft Visual Studio 12.0\Common7\IDE\devenv.exe FirewallRules: [{CD2BD7B0-07CE-402D-90F7-32E7E526B805}] => (Allow) LPort=12292 FirewallRules: [TCP Query User{A9C39E6B-3DA9-4696-B2C5-85A742D0BD26}C:\program files (x86)\littlefighter2\lf2_v2.0a\lf2.exe] => (Block) C:\program files (x86)\littlefighter2\lf2_v2.0a\lf2.exe FirewallRules: [UDP Query User{DF99DA16-8948-4615-95D4-925103814143}C:\program files (x86)\littlefighter2\lf2_v2.0a\lf2.exe] => (Block) C:\program files (x86)\littlefighter2\lf2_v2.0a\lf2.exe FirewallRules: [{6166304C-0918-4A2C-B186-787BB734CA57}] => (Allow) C:\Program Files (x86)\Firaxis Games\Sid Meier's Civilization 4\Civilization4.exe FirewallRules: [{62B998CD-7BF9-42C8-94A9-C6721C6F811C}] => (Allow) C:\Program Files (x86)\Firaxis Games\Sid Meier's Civilization 4\Civilization4.exe FirewallRules: [{13BEC4B5-F1EC-4E3C-91DA-653CA7217439}] => (Allow) C:\Program Files (x86)\Firaxis Games\Sid Meier's Civilization 4\Warlords\Civ4Warlords.exe FirewallRules: [{5BDA445B-D5BC-4984-924A-A3154ACB5C22}] => (Allow) C:\Program Files (x86)\Firaxis Games\Sid Meier's Civilization 4\Warlords\Civ4Warlords.exe FirewallRules: [{37702035-654F-4192-B13F-DC81AB3F34CF}] => (Allow) C:\Program Files (x86)\Firaxis Games\Sid Meier's Civilization 4\Warlords\Civ4Warlords_PitBoss.exe FirewallRules: [{53F628E4-5350-477A-ACA4-91FB48D4E959}] => (Allow) C:\Program Files (x86)\Firaxis Games\Sid Meier's Civilization 4\Warlords\Civ4Warlords_PitBoss.exe FirewallRules: [{917D8325-C572-445C-B891-FAE92234DFD3}] => (Allow) C:\Program Files (x86)\Firaxis Games\Sid Meier's Civilization 4\Beyond the Sword\Civ4BeyondSword.exe FirewallRules: [{31A8294B-5710-40F2-A357-43106F26D809}] => (Allow) C:\Program Files (x86)\Firaxis Games\Sid Meier's Civilization 4\Beyond the Sword\Civ4BeyondSword.exe FirewallRules: [{4645740F-1924-4FFF-88F0-24487CF254DD}] => (Allow) C:\Program Files (x86)\Firaxis Games\Sid Meier's Civilization 4\Beyond the Sword\Civ4BeyondSword_PitBoss.exe FirewallRules: [{E3E27CB1-83AF-46B2-951B-0D9B57A415E1}] => (Allow) C:\Program Files (x86)\Firaxis Games\Sid Meier's Civilization 4\Beyond the Sword\Civ4BeyondSword_PitBoss.exe FirewallRules: [{F8B1E6F7-B20B-4E5E-A363-D39449AE8522}] => (Allow) LPort=3306 FirewallRules: [TCP Query User{76A5906B-B8A9-43F5-A35F-5D565FB26DF5}C:\program files\java\jdk1.7.0_07\bin\java.exe] => (Allow) C:\program files\java\jdk1.7.0_07\bin\java.exe FirewallRules: [UDP Query User{606BFF00-3EB5-425A-913E-45FDEBA0D874}C:\program files\java\jdk1.7.0_07\bin\java.exe] => (Allow) C:\program files\java\jdk1.7.0_07\bin\java.exe FirewallRules: [{5326642D-CC4A-45E7-92FD-ACFFD72A721D}] => (Block) C:\program files\java\jdk1.7.0_07\bin\java.exe FirewallRules: [{145B05AD-9E60-435B-9A1C-470CFE00710B}] => (Block) C:\program files\java\jdk1.7.0_07\bin\java.exe FirewallRules: [TCP Query User{C3BC0FC4-DCDE-4235-A485-F26D640B2623}C:\program files\xampp\apache\bin\httpd.exe] => (Allow) C:\program files\xampp\apache\bin\httpd.exe FirewallRules: [UDP Query User{BC61114A-FEA8-4C7F-998D-388F4284BB45}C:\program files\xampp\apache\bin\httpd.exe] => (Allow) C:\program files\xampp\apache\bin\httpd.exe FirewallRules: [{63A1BFC1-E0DD-4906-BCD0-2DA69240226D}] => (Block) C:\program files\xampp\apache\bin\httpd.exe FirewallRules: [{20DA3170-7906-48BB-867F-BAF98CCB6136}] => (Block) C:\program files\xampp\apache\bin\httpd.exe FirewallRules: [TCP Query User{BA726E23-781B-4932-B0B0-88A5405A2138}C:\xampp\apache\bin\httpd.exe] => (Allow) C:\xampp\apache\bin\httpd.exe FirewallRules: [UDP Query User{E2BA404E-7291-4062-97E6-1214F5E53E85}C:\xampp\apache\bin\httpd.exe] => (Allow) C:\xampp\apache\bin\httpd.exe FirewallRules: [{06A64801-E76F-49A4-85AB-55646D0EAFE4}] => (Block) C:\xampp\apache\bin\httpd.exe FirewallRules: [{0E765B6E-D364-4F45-AD65-4AFDF473C534}] => (Block) C:\xampp\apache\bin\httpd.exe FirewallRules: [{A4B2EC94-BE02-4E72-BE84-65CB385D29E7}] => (Allow) C:\Users\Yu Zheng\AppData\Roaming\WIN10HELPER.EXE FirewallRules: [TCP Query User{96AF26A2-E806-4173-A49F-5BC86BC52493}C:\program files (x86)\heroes of might and magic 2 gold\dosbox\dosbox.exe] => (Block) C:\program files (x86)\heroes of might and magic 2 gold\dosbox\dosbox.exe FirewallRules: [UDP Query User{598C64D1-72FE-4433-ADDA-1CE839E2B237}C:\program files (x86)\heroes of might and magic 2 gold\dosbox\dosbox.exe] => (Block) C:\program files (x86)\heroes of might and magic 2 gold\dosbox\dosbox.exe FirewallRules: [TCP Query User{D8407790-1B2C-4BB2-BEDF-7DAFAB57D7F8}C:\program files (x86)\warcraft ii bne\warcraft ii bne.exe] => (Block) C:\program files (x86)\warcraft ii bne\warcraft ii bne.exe FirewallRules: [UDP Query User{F2CF8A28-C22B-453C-A46B-15E19080970B}C:\program files (x86)\warcraft ii bne\warcraft ii bne.exe] => (Block) C:\program files (x86)\warcraft ii bne\warcraft ii bne.exe FirewallRules: [TCP Query User{33A9DAFD-3D43-4929-BF95-08CC18F50121}C:\program files (x86)\starcraft\starcraft.exe] => (Block) C:\program files (x86)\starcraft\starcraft.exe FirewallRules: [UDP Query User{64E161FB-78B2-463C-98EB-70444C8AE481}C:\program files (x86)\starcraft\starcraft.exe] => (Block) C:\program files (x86)\starcraft\starcraft.exe FirewallRules: [TCP Query User{43178190-6DCD-47E6-A5F9-EB1C69E651F3}C:\xampp\filezillaftp\filezillaserver.exe] => (Allow) C:\xampp\filezillaftp\filezillaserver.exe FirewallRules: [UDP Query User{7BD77955-C7AC-4BB1-9600-84AD0823510C}C:\xampp\filezillaftp\filezillaserver.exe] => (Allow) C:\xampp\filezillaftp\filezillaserver.exe FirewallRules: [{4193CCB2-FDEB-44F4-84D2-26962DA76B6D}] => (Block) C:\xampp\filezillaftp\filezillaserver.exe FirewallRules: [{B7C6E54A-1770-4B4E-8C03-1F8F12D18CB3}] => (Block) C:\xampp\filezillaftp\filezillaserver.exe FirewallRules: [{4D2E1D38-130B-4B18-8D2E-62BF3FA74A31}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe StandardProfile\AuthorizedApplications: [C:\Acer\Empowering Technology\eDataSecurity\x86\eDSfsu.exe] => Enabled:eDSfs StandardProfile\AuthorizedApplications: [C:\Acer\Empowering Technology\eDataSecurity\x86\encryption.exe] => Enabled:encryptio StandardProfile\AuthorizedApplications: [C:\Acer\Empowering Technology\eDataSecurity\x86\decryption.exe] => Enabled:decryptio StandardProfile\AuthorizedApplications: [C:\Acer\Empowering Technology\eDataSecurity\x86\eDSMgr.exe] => Enabled:eDSMg StandardProfile\AuthorizedApplications: [C:\Acer\Empowering Technology\eDataSecurity\x86\eDStbmngr.exe] => Enabled:eDStbmng StandardProfile\AuthorizedApplications: [C:\Acer\Empowering Technology\eDataSecurity\x64\eDSfsu.exe] => Enabled:eDSfs StandardProfile\AuthorizedApplications: [C:\Acer\Empowering Technology\eDataSecurity\x64\encryption.exe] => Enabled:encryptio StandardProfile\AuthorizedApplications: [C:\Acer\Empowering Technology\eDataSecurity\x64\decryption.exe] => Enabled:decryptio StandardProfile\AuthorizedApplications: [C:\Acer\Empowering Technology\eDataSecurity\x64\eDSMgr.exe] => Enabled:eDSMg StandardProfile\AuthorizedApplications: [C:\Acer\Empowering Technology\eDataSecurity\x64\eDStbmngr.exe] => Enabled:eDStbmng ==================== Restore Points ========================= 24-02-2017 14:39:04 Windows Update ==================== Faulty Device Manager Devices ============= Name: Bluetooth Peripheral Device Description: Bluetooth Peripheral Device Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. Name: Bluetooth Peripheral Device Description: Bluetooth Peripheral Device Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. ==================== Event log errors: ========================= Application errors: ================== Error: (02/24/2017 10:57:36 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected. Error: (02/24/2017 04:06:33 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected. Error: (02/24/2017 03:37:41 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: The program wmplayer.exe version 12.0.7601.17514 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: 1d0c Start Time: 01d28e6ff118ee28 Termination Time: 200 Application Path: C:\Program Files (x86)\Windows Media Player\wmplayer.exe Report Id: 10a23b98-fa64-11e6-9d2c-60d819ebe2f0 Error: (02/24/2017 03:21:06 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: hmpalert.exe, version: 3.6.3.586, time stamp: 0x589db2fd Faulting module name: ntdll.dll, version: 6.1.7601.18247, time stamp: 0x521ea8e7 Exception code: 0xc0000005 Fault offset: 0x00038e19 Faulting process id: 0x390 Faulting application start time: 0x01d28e55d03bb669 Faulting application path: C:\Program Files (x86)\HitmanPro.Alert\hmpalert.exe Faulting module path: C:\windows\SysWOW64\ntdll.dll Report Id: cdc1cb01-fa61-11e6-9d2c-60d819ebe2f0 Error: (02/24/2017 01:52:01 PM) (Source: VSS) (EventID: 12293) (User: ) Description: Volume Shadow Copy Service error: Error calling a routine on a Shadow Copy Provider {b5946137-7b9f-4925-af80-51abd60b20d5}. Routine details IVssSnapshotProvider::QueryVolumesSupportedForSnapshots(ProviderId,29,...) [hr = 0x80042302, A Volume Shadow Copy Service component encountered an unexpected error. Check the Application event log for more information. ]. Operation: Query volumes supported by this provider Context: Provider ID: {b5946137-7b9f-4925-af80-51abd60b20d5} Snapshot Context: 29 Error: (02/24/2017 01:52:01 PM) (Source: VSS) (EventID: 8193) (User: ) Description: Volume Shadow Copy Service error: Unexpected error calling routine Error calling CreateFile on volume '\\?\Volume{2efa2760-91d6-11e1-8f9f-60d819ebe2f0}\'. hr = 0x8000ffff, Catastrophic failure . Error: (02/24/2017 12:25:39 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected. Error: (02/24/2017 11:29:12 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected. Error: (02/24/2017 07:55:33 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: IEXPLORE.EXE, version: 11.0.9600.17041, time stamp: 0x531807e4 Faulting module name: VBScript.dll, version: 5.8.9600.17041, time stamp: 0x53182b95 Exception code: 0xc0000005 Fault offset: 0x00037ff9 Faulting process id: 0x1078 Faulting application start time: 0x01d28e30366c11eb Faulting application path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE Faulting module path: C:\windows\SysWow64\VBScript.dll Report Id: 90087d29-fa23-11e6-a59c-60d819ebe2f0 Error: (02/24/2017 07:05:23 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected. System errors: ============= Error: (02/25/2017 02:42:00 AM) (Source: iaStor) (EventID: 9) (User: ) Description: The device, \Device\Ide\iaStor0, did not respond within the timeout period. Error: (02/25/2017 02:41:59 AM) (Source: iaStor) (EventID: 9) (User: ) Description: The device, \Device\Ide\iaStor0, did not respond within the timeout period. Error: (02/25/2017 02:41:58 AM) (Source: iaStor) (EventID: 9) (User: ) Description: The device, \Device\Ide\iaStor0, did not respond within the timeout period. Error: (02/25/2017 02:41:40 AM) (Source: iaStor) (EventID: 9) (User: ) Description: The device, \Device\Ide\iaStor0, did not respond within the timeout period. Error: (02/25/2017 02:41:39 AM) (Source: iaStor) (EventID: 9) (User: ) Description: The device, \Device\Ide\iaStor0, did not respond within the timeout period. Error: (02/25/2017 01:20:26 AM) (Source: DCOM) (EventID: 10010) (User: ) Description: The server {995C996E-D918-4A8C-A302-45719A6F4EA7} did not register with DCOM within the required timeout. Error: (02/25/2017 12:49:18 AM) (Source: iaStor) (EventID: 9) (User: ) Description: The device, \Device\Ide\iaStor0, did not respond within the timeout period. Error: (02/25/2017 12:49:17 AM) (Source: iaStor) (EventID: 9) (User: ) Description: The device, \Device\Ide\iaStor0, did not respond within the timeout period. Error: (02/25/2017 12:49:16 AM) (Source: iaStor) (EventID: 9) (User: ) Description: The device, \Device\Ide\iaStor0, did not respond within the timeout period. Error: (02/25/2017 12:02:26 AM) (Source: Disk) (EventID: 11) (User: ) Description: The driver detected a controller error on \Device\Harddisk1\DR1. CodeIntegrity: =================================== Date: 2013-04-18 14:20:42.875 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Tencent\QQPCMgr\7.5.8439.209\QQPCHelper.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2013-04-18 14:20:42.860 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Tencent\QQPCMgr\7.5.8439.209\QQPCHelper.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2013-04-17 09:22:58.111 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Tencent\QQPCMgr\7.5.8439.209\QQPCHelper.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2013-04-17 09:22:58.095 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Tencent\QQPCMgr\7.5.8439.209\QQPCHelper.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2013-04-17 00:54:07.158 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Tencent\QQPCMgr\7.5.8439.209\QQPCHelper.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2013-04-17 00:54:07.142 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Tencent\QQPCMgr\7.5.8439.209\QQPCHelper.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2013-04-16 16:23:03.172 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Tencent\QQPCMgr\7.5.8439.209\QQPCHelper.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2013-04-16 16:23:03.172 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Tencent\QQPCMgr\7.5.8439.209\QQPCHelper.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2013-04-16 00:57:07.797 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Tencent\QQPCMgr\7.5.8439.209\QQPCHelper.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2013-04-16 00:57:07.782 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Tencent\QQPCMgr\7.5.8439.209\QQPCHelper.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. = = = = = = = = = = = = = = = = = = = = M e m o r y i n f o = = = = = = = = = = = = = = = = = = = = = = = = = = = P r o c e s s o r : I n t e l ( R ) C o r e ( T M ) i 5 - 2 4 5 0 M C P U @ 2 . 5 0 G H z P e r c e n t a g e o f m e m o r y i n u s e : 4 5 % T o t a l p h y s i c a l R A M : 8 0 9 6 . 4 9 M B A v a i l a b l e p h y s i c a l R A M : 4 4 3 9 . 1 M B T o t a l V i r t u a l : 1 6 1 9 1 . 1 6 M B A v a i l a b l e V i r t u a l : 1 1 8 3 9 . 0 3 M B = = = = = = = = = = = = = = = = = = = = D r i v e s = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = D r i v e c : ( ) ( F i x e d ) ( T o t a l : 4 2 0 . 3 3 G B ) ( F r e e : 1 3 6 . 8 4 G B ) N T F S D r i v e d : ( L E N O V O ) ( F i x e d ) ( T o t a l : 3 0 . 4 8 G B ) ( F r e e : 2 0 . 9 2 G B ) N T F S = = = = = = = = = = = = = = = = = = = = M B R & P a r t i t i o n T a b l e = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = D i s k : 0 ( M B R C o d e : W i n d o w s 7 o r 8 ) ( S i z e : 4 6 5 . 8 G B ) ( D i s k I D : 4 7 5 E A 8 2 5 ) P a r t i t i o n 1 : ( A c t i v e ) - ( S i z e = 2 0 0 M B ) - ( T y p e = 0 7 N T F S ) P a r t i t i o n 2 : ( N o t A c t i v e ) - ( S i z e = 4 2 0 . 3 G B ) - ( T y p e = 0 7 N T F S ) P a r t i t i o n 3 : ( N o t A c t i v e ) - ( S i z e = 3 0 . 5 G B ) - ( T y p e = O F E x t e n d e d ) P a r t i t i o n 4 : ( N o t A c t i v e ) - ( S i z e = 1 4 . 8 G B ) - ( T y p e = 1 2 ) = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = D i s k : 1 ( M B R C o d e : W i n d o w s X P ) ( S i z e : 1 4 . 4 G B ) ( D i s k I D : C 3 0 7 2 E 1 8 ) P a r t i t i o n 1 : ( N o t A c t i v e ) - ( S i z e = 1 4 . 4 G B ) - ( T y p e = 0 C ) = = = = = = = = = = = = = = = = = = = = E n d o f A d d i t i o n . t x t = = = = = = = = = = = = = = = = = = = = = = = = = = = =
  4. Sorry, perhaps you can ignore my previous remark on deletion of contents in "back up" folder. The folder could have been emptied before the infection. The folder was created by another program. In that case, I shall unquarantine all the .hta files quarantined by Zemana and I guess I shall place the respective (.hta, .txt, .png) files together with their corresponding encrypted files. Yes, can you help me to run FRST? Thank you so much for all your help and support. Nothing has been worse than yesterday when I got infected in the past decade of my life..
  5. Hi Aura, thank you very much for your reply. I have a few more questions which I hope you could help me out. 1) Until now, I dare not pluck in any thumb drive / portable hard disk into my laptop. Was afraid they may get infected as well. But you mentioned Cerber will remove itself, so I am already safe to pluck in any removable storage now and I should feel safe to use my laptop just like before the infection? 2) I plan to keep all my encrypted files and wait for a decryptor to be created one day. Other than the encrypted files, are there any other files which could possibly hold the details of the private key that I should keep as well? ( a) I read that some json files may hold the key. b) should I keep/delete all the .hta files generated by Cerber? Are they dangerous? ) P.S: I am willing to do my part to help the team by providing any files/info they need to fight this ransomware. This Cerber variant also seems capable of deleting all the files which resides within any folder with folder names containing "back up".
  6. Hi, today I just got my laptop infected with Cerber. All encrypted files were having an extension of 4 alpha-numeric characters. After scanning my computer with Malwarebytes, Hitman Pro and Zemana. The only malicious file that was detected is "a.exe" which reside in %appdata%. Since all anti-malware softwares only detected one single malicious file, I was afraid there were other residual files or registries left behind by Cerber and remained undetected. I have already quarantined the malicious "a.exe". What I want to know is: 1) Can I assume my laptop is already freed from Cerber (after I quarantine that one single file)? 2) My D:/ which Lenovo uses for One-Key recovery is also affected. If I use the One-Key recovery to restore to my last restore point, will that be able to remove Cerber? 3) Is Cerber capable of infecting the Kernel so that after reformatting, it may still re-infect the laptop?
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.