Endless Pop-Up Attack, Blocked by antivirus
hello, seeking help to remove this relentless pop-up virus/trojan that seem to originate from a folder inside Users AppData Roaming that keep coming back. the notebook belonged to a friend and she has no idea how it got infected as she hardly install anything new and been using the same set of software for years.
as requested in the removal requirement, here's the relevant log :
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 17-10-2016
Ran by cheesan2000 (administrator) on CHEESAN (24-10-2016 01:36:06)
Running from C:\Users\cheesan2000\Desktop\Download
Loaded Profiles: cheesan2000 (Available Profiles: cheesan2000)
Platform: Windows 8 Single Language (X64) Language: English (United States)
Internet Explorer Version 10 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic...ery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgcsrva.exe
(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\AdminService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgidsagenta.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgwdsvca.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Acer Cloud\CCDMonitorService.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDService.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(乐视网信息技术(北京)股份有限公司) C:\Program Files (x86)\Letv\LeService.exe
(IObit) C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe
(NTI Corporation) C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe
(Dritek System INC.) C:\Windows\RfBtnSvc64.exe
(IObit) C:\Program Files (x86)\IObit\Start Menu 8\StartMenuServices.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgemca.exe
(COMPANYVERS_NAME) C:\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin\4zbarsvc.exe
(北京微梦创科网络技术有限公司) C:\Windows\SysWOW64\Weibo.exe
(Microsoft Corporation) C:\Windows\System32\SppExtComObj.Exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
() C:\Program Files (x86)\Acer Incorporated\HID Monitor\HIDMonitor.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMutilps32.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(IObit) C:\Program Files (x86)\IObit\Start Menu 8\StartMenu8.exe
(IObit) C:\Program Files (x86)\IObit\Start Menu 8\InstallServices64.exe
(IObit) C:\Program Files (x86)\IObit\Start Menu 8\StartMenu_Hook.exe
(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe
() C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\ActivateDesktop.exe
(乐视网信息技术(北京)股份有限公司) C:\Users\cheesan2000\AppData\Roaming\Letv\AfterPlay\AfterPlayMonitor.exe
(youku.com) C:\Users\cheesan2000\AppData\Roaming\ytmediacenter\YoukuMediaCenter.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avguix.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerTray.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerEvent.exe
() C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuBrowserIEAgent.exe
() C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuEmailOutlookAgent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgui.exe
(Egis Technology Inc.) C:\Program Files\EgisTec IPS\PmmUpdate.exe
(Egis Technology Inc.) C:\Program Files\EgisTec IPS\EgisUpdate.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
==================== Registry (Whitelisted) ====================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12936848 2012-08-01] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1214608 2012-08-01] (Realtek Semiconductor)
HKLM\...\Run: [BtPreLoad] => "C:\Program Files (x86)\Bluetooth Suite\BtPreLoad.exe"
HKLM\...\Run: [KiesTrayAgent] => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [311152 2013-12-11] (Samsung Electronics Co., Ltd.)
HKLM-x32\...\Run: [Dolby Advanced Audio v2] => C:\Dolby PCEE4\pcee4.exe [508256 2012-04-24] (Dolby Laboratories Inc.)
HKLM-x32\...\Run: [LManager] => [X]
HKLM-x32\...\Run: [KiesTrayAgent] => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [311152 2013-12-11] (Samsung Electronics Co., Ltd.)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\Framework\Common\avguirna.exe [218896 2016-09-13] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [mobilegeni daemon] => C:\Program Files (x86)\Mobogenie\DaemonProcess.exe
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-11] (Oracle Corporation)
HKLM-x32\...\Run: [tasktk] => C:\Users\cheesan2000\AppData\Roaming\iy\tasktk.exe [125776 2014-09-08] ()
HKLM-x32\...\Run: [YoukuMediaCenter] => C:\Users\cheesan2000\AppData\Roaming\ytmediacenter\YoukuMediaCenter.exe [2970688 2015-08-31] (youku.com)
HKLM-x32\...\Run: [AvgUi] => start
HKLM-x32\...\RunOnce: [Malwarebytes Anti-Malware (cleanup)] => C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\mbamdor.exe [55264 2016-03-10] (Malwarebytes)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe [132736 2013-01-28] (Qualcomm Atheros Commnucations)
HKU\S-1-5-19\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid}
HKU\S-1-5-20\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid}
HKU\S-1-5-18\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid}
HKU\S-1-5-18\...\Policies\Explorer: [NoDriveTypeAutoRun] 0xB5000000
ShellIconOverlayIdentifiers: [ YoukuModShlExt64] -> {314711D6-6B45-4AF7-83D8-DCD8537FD241} => C:\Users\cheesan2000\AppData\Roaming\ytmediacenter\X64\coreplay64.dll [2015-09-01] (Youku.com)
ShellIconOverlayIdentifiers: [AAADesktopTips] -> {4562B511-62E9-4533-B7B2-56A8BB10B482} => C:\Users\Public\Thunder Network\KanKan\reghelper\xappex.1.1.1.82.(305).dll [2013-08-20] (深圳市迅雷网络技术有限公司)
ShellIconOverlayIdentifiers: [Abborrowing] -> {FC5A372E-6480-48AB-A861-2E873D86F6FC} => C:\Users\cheesan2000\AppData\Roaming\Arefresh\Abborrowing.dll [2016-08-07] (Accelerate )
ShellIconOverlayIdentifiers-x32: [ YoukuModShlExt] -> {9071723E-9F41-4A8C-9CC2-EB6F94BA9B9E} => C:\Users\cheesan2000\AppData\Roaming\ytmediacenter\coreplay.dll [2015-09-01] (Youku.com)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Acer Backup Manager Tray.lnk [2016-10-24]
ShortcutTarget: Acer Backup Manager Tray.lnk -> C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe (NTI Corporation)
Startup: C:\Users\cheesan2000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2016-10-24]
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files (x86)\Microsoft Office\Office15\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\cheesan2000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\The Seven Year Itch 1955 BDRip 1080p DTS multisub HighCode.lnk [2016-10-24]
ShortcutTarget: The Seven Year Itch 1955 BDRip 1080p DTS multisub HighCode.lnk -> C:\ProgramData\{eb2adc1c-4f83-306f-eb2a-adc1c4f87071}\The Seven Year Itch 1955 BDRip 1080p DTS multisub HighCode.exe (No File)
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{1E85678C-223E-4167-8BC6-EF313FE9FE24}: [NameServer] 208.67.222.222,208.67.220.220
Tcpip\..\Interfaces\{1E85678C-223E-4167-8BC6-EF313FE9FE24}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{D1D92323-9D0B-4FB8-8879-AD16DF4A773F}: [NameServer] 202.205.112.100,202.205.112.99
Tcpip\..\Interfaces\{E9E47CBA-1998-43EA-9D8F-D98DA058F05A}: [DhcpNameServer] 192.168.42.129
ManualProxies:
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2247952248-501301587-607099746-1001 -> DefaultScope {2B5413DD-0D2B-463B-8228-E41A13AD8556} URL =
SearchScopes: HKU\S-1-5-21-2247952248-501301587-607099746-1001 -> {2B5413DD-0D2B-463B-8228-E41A13AD8556} URL =
SearchScopes: HKU\S-1-5-21-2247952248-501301587-607099746-1001 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxps://mysearch.avg.com/search?cid={C5EB2D8A-5E0C-4ED9-BF89-21428AEA07E1}&mid=120c45f7b53347d39dc4f123cc14a9de-0dfc6ff2e7a1014cd5e03bcd4fab8990efdbecee&lang=en&ds=AVG&coid=avgtbavg&cmpid=0915tb&pr=fr&d=2015-05-18 18:50:43&v=4.3.2.18&pid=wtu&sg=&sap=dsp&q={searchTerms}
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2016-09-13] (Microsoft Corporation)
BHO: YoukuEyeOnIE64 Class -> {509DC5B8-F673-4102-B86E-5BF20BF4EE54} -> C:\Users\cheesan2000\AppData\Roaming\ytmediacenter\X64\ykcool64.dll [2015-09-01] (Youku.com)
BHO: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\IEPlugIn.dll [2013-01-28] (Qualcomm Atheros Commnucations)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-05-25] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2015-11-10] (Microsoft Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2016-09-13] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2014-07-11] (Oracle Corporation)
BHO-x32: YoukuEyeOnIE Class -> {7DC4B5B6-C122-44C4-825C-B310513A47CB} -> C:\Users\cheesan2000\AppData\Roaming\ytmediacenter\ykcool.dll [2015-09-01] (Youku.com)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-05-25] (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2015-11-10] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2014-07-11] (Oracle Corporation)
DPF: HKLM-x32 {1E525898-EE12-4002-9374-82D15147F762} hxxp://player.cntv.cn/flashplayer/config/plugins/wCNTVLive204.dll
DPF: HKLM-x32 {1FAF427B-1EE5-43D3-A023-3009142AFCD9} hxxps://ost.maybank2u.com.my/MBBWecos/Cab/csoex_mbb.cab
DPF: HKLM-x32 {20BBA18F-5BC8-47B5-8FC9-5DFCA8E56A4B} hxxp://mpi.dacom.net/XMPI/js/LGUplus_XMPI_20110503.cab
DPF: HKLM-x32 {8D9E0B29-563C-4226-86C1-5FF2AE77E1D2} hxxps://b2c.icbc.com.cn/icbc/newperbank/AxSafeControls.cab
DPF: HKLM-x32 {B9B2EE1A-E314-4338-A305-BE845EACB113} hxxps://ost.maybank2u.com.my/MBBWecos/Cab/csw25.cab
DPF: HKLM-x32 {B9B2EE1A-E314-4338-A305-BE845EACB124} hxxps://ost.maybank2u.com.my/MBBWecos/UpdateCab/cswbt_bts2.cab
DPF: HKLM-x32 {E78928A6-3D2A-4BF7-A100-F3FBAA351B49} hxxp://www.vpay.co.kr/kvpfiles_new/KVPISPCTLD_VISTA64.cab
DPF: HKLM-x32 {FFD77E35-1C34-4EAC-B5A7-414CC5D007DA} hxxps://www.isaackorea.net/update/ansim/ilkactx.cab
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-05-25] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-05-25] (Microsoft Corporation)
FireFox:
========
FF ProfilePath: C:\Users\cheesan2000\AppData\Roaming\Mozilla\Firefox\Profiles\r9pjlnvo.default-1445789977050 [2016-10-24]
FF Homepage: Mozilla\Firefox\Profiles\r9pjlnvo.default-1445789977050 -> about:home
FF Extension: (Firefox Hotfix) - C:\Users\cheesan2000\AppData\Roaming\Mozilla\Firefox\Profiles\r9pjlnvo.default-1445789977050\Extensions\firefox-hotfix@mozilla.org.xpi [2016-10-20]
FF Extension: (Skype) - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2016-05-25]
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK => not found
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\wtu-secure-search.xml [2016-07-28]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_94.dll [2013-08-18] ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll [2013-08-18] ()
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll [2013-04-02] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll [2013-04-02] (Foxit Corporation)
FF Plugin-x32: @funshion.com/npFunshion -> C:\Users\cheesan2000\funshion\funshiontools\npFunshion.dll [No File]
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-07] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-07] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.65.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-07-11] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.65.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2014-07-11] (Oracle Corporation)
FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files (x86)\Yahoo!\Shared\npYState.dll [2012-05-25] (Yahoo! Inc.)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2016-09-13] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-08-03] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-08-03] (Google Inc.)
FF Plugin-x32: @VideoDownloadConverter_ScriptHelper.com/Plugin -> C:\Program Files (x86)\VideoDownloadConverter\npVDCPlugin.dll [No File]
FF Plugin-x32: @xunlei.com/npaplayer -> C:\Users\Public\Thunder Network\APlayer\codecs\npaplayer.dll [2013-07-06] (ShenZhen Thunder Networking Technologies, LTD)
FF Plugin-x32: @xunlei.com/npxluser -> C:\Program Files (x86)\Common Files\Thunder Network\UserAgent\npxluser2.0.2.3.dll [No File]
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-10-01] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2247952248-501301587-607099746-1001: @xtxapp.com/appcombroker -> C:\Program Files (x86)\CertAppEnv\Program\npxtxhost.dll [No File]
FF Plugin HKU\S-1-5-21-2247952248-501301587-607099746-1001: @xunlei.com/npxluser -> C:\Program Files (x86)\Common Files\Thunder Network\UserAgent\npxluser2.0.2.3.dll [No File]
FF Plugin HKU\S-1-5-21-2247952248-501301587-607099746-1001: none.com/Base -> C:\Program Files (x86)\Letv\npBase.dll [2015-07-09] (letv)
FF Plugin HKU\S-1-5-21-2247952248-501301587-607099746-1001: youku.com/YoukuAgent -> C:\Users\cheesan2000\AppData\Roaming\ytmediacenter\npYoukuAgent.dll [2015-05-13] (Youku)
FF Plugin HKU\S-1-5-21-2247952248-501301587-607099746-1001: youku.com/YoukuAgent_x86_64 -> C:\Users\cheesan2000\AppData\Roaming\ytmediacenter\X64\npYoukuAgent_x64.dll [2015-05-13] (Youku)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2016-09-13] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2016-10-01] (Adobe Systems Inc.)
Chrome:
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR Profile: C:\Users\cheesan2000\AppData\Local\Google\Chrome\User Data\Default [2016-10-24]
CHR Extension: (Google Slides) - C:\Users\cheesan2000\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-11-25]
CHR Extension: (Google Docs) - C:\Users\cheesan2000\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-01-11]
CHR Extension: (Google Drive) - C:\Users\cheesan2000\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-01-11]
CHR Extension: (YouTube) - C:\Users\cheesan2000\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-01-11]
CHR Extension: (Google Search) - C:\Users\cheesan2000\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-01-11]
CHR Extension: (Google Sheets) - C:\Users\cheesan2000\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-11-25]
CHR Extension: (Google Docs Offline) - C:\Users\cheesan2000\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-07-28]
CHR Extension: (Chrome Web Store Payments) - C:\Users\cheesan2000\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-07-28]
CHR Extension: (Gmail) - C:\Users\cheesan2000\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-01-11]
CHR Extension: (Chrome Media Router) - C:\Users\cheesan2000\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-10-24]
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 AtherosSvc; C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\adminservice.exe [227456 2013-01-28] (Qualcomm Atheros Commnucations) [File not signed]
S3 AvgAMPS; C:\Program Files (x86)\AVG\Av\avgamps.exe [647864 2016-10-13] (AVG Technologies CZ, s.r.o.)
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\Av\avgidsagenta.exe [5332384 2016-10-13] (AVG Technologies CZ, s.r.o.)
R2 avgsvc; C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe [1149712 2016-09-13] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\Av\avgwdsvca.exe [727512 2016-10-13] (AVG Technologies CZ, s.r.o.)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1364096 2016-05-25] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1687680 2016-05-25] (Microsoft Corporation)
R2 CCDMonitorService; C:\Program Files (x86)\Acer\Acer Cloud\CCDMonitorService.exe [2435728 2012-08-24] (Acer Incorporated)
R3 ePowerSvc; C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe [658576 2012-09-06] (Acer Incorporated)
R2 ETDService; C:\Program Files\Elantech\ETDService.exe [90992 2012-09-18] (ELAN Microelectronics Corp.)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [166720 2012-06-26] (Intel Corporation)
R2 LeService; C:\Program Files (x86)\Letv\LeService.exe [190120 2015-07-09] (乐视网信息技术(北京)股份有限公司)
R2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2960160 2016-04-22] (IObit)
R2 NTI IScheduleSvc; C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [259136 2012-08-23] (NTI Corporation)
R2 RfButtonDriverService; C:\Windows\RfBtnSvc64.exe [93296 2013-01-11] (Dritek System INC.)
R2 StartMenuService; C:\Program Files (x86)\IObit\Start Menu 8\StartMenuServices.exe [75584 2013-09-29] (IObit)
S3 vmicvss; C:\Windows\System32\ICSvc.dll [336384 2012-07-26] (Microsoft Corporation)
R2 Weibo; C:\Windows\SysWOW64\Weibo.exe [2169032 2015-05-11] (北京微梦创科网络技术有限公司)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16056 2015-07-07] (Microsoft Corporation)
S2 BDKVRTP; "C:\Program Files (x86)\Baidu\BaiduSd\3.0.2.3\BaiduSdSvc.exe" -r [X]
S2 vToolbarUpdater40.1.8; "C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\40.1.8\ToolbarUpdater.exe" [X]
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S0 Avgboota; C:\Windows\System32\DRIVERS\avgboota.sys [21632 2016-01-07] (AVG Technologies CZ, s.r.o.)
R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [163072 2016-05-13] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [311552 2016-09-22] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [272640 2016-07-27] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [265472 2016-09-20] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [360736 2016-02-16] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [254208 2016-09-26] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [52992 2016-06-01] (AVG Technologies CZ, s.r.o.)
R0 Avguniva; C:\Windows\System32\DRIVERS\avguniva.sys [77056 2016-06-20] (AVG Technologies CZ, s.r.o.)
R1 Avgwfpa; C:\Windows\system32\DRIVERS\avgwfpa.sys [313096 2016-08-04] (AVG Technologies CZ, s.r.o.)
S3 AX88772; C:\Windows\system32\DRIVERS\ax88772.sys [104960 2012-07-07] (ASIX Electronics Corp.)
S3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2013-01-28] (Qualcomm Atheros)
S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3265256 2012-09-20] (Broadcom Corporation)
R2 PassGuard; C:\Windows\system32\drivers\PassGuard_x64.sys [111416 2014-12-27] ()
R3 Ps2Kb2Hid; C:\Windows\System32\drivers\aPs2Kb2Hid.sys [26736 2013-01-11] (Dritek System Inc.)
U0 tvfi; C:\Windows\System32\drivers\prqerkh.sys [79064 2016-10-24] (Malwarebytes)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [281944 2015-07-06] (Microsoft Corporation)
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-10-24 01:35 - 2016-10-24 01:36 - 00000000 ____D C:\FRST
2016-10-24 01:35 - 2016-10-24 01:35 - 00000207 _____ C:\Windows\tweaking.com-regbackup-CHEESAN-Windows-8-Single-Language-(64-bit).dat
2016-10-24 01:34 - 2016-10-24 01:34 - 00002199 _____ C:\Users\cheesan2000\Desktop\Tweaking.com - Registry Backup.lnk
2016-10-24 01:34 - 2016-10-24 01:34 - 00000000 ____D C:\Users\cheesan2000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Tweaking.com
2016-10-24 01:34 - 2016-10-24 01:34 - 00000000 ____D C:\RegBackup
2016-10-24 01:34 - 2016-10-24 01:34 - 00000000 ____D C:\Program Files (x86)\Tweaking.com
2016-10-24 01:33 - 2016-10-24 01:33 - 00079064 _____ (Malwarebytes) C:\Windows\system32\Drivers\prqerkh.sys
2016-10-24 01:29 - 2016-10-24 01:36 - 00000000 ____D C:\Users\cheesan2000\Desktop\Download
2016-10-24 01:29 - 2016-10-24 01:34 - 00018201 _____ C:\Windows\Tweaking.com - Registry Backup Setup Log.txt
2016-10-24 00:59 - 2016-10-24 00:59 - 00000000 ____D C:\Users\cheesan2000\AppData\Roaming\Hua1006
2016-10-24 00:38 - 2016-10-24 00:44 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-10-24 00:37 - 2016-10-24 00:37 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-10-24 00:37 - 2016-10-24 00:37 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-10-24 00:37 - 2016-10-24 00:37 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-10-24 00:37 - 2016-03-10 14:09 - 00065408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2016-10-24 00:37 - 2016-03-10 14:08 - 00140672 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2016-10-24 00:37 - 2016-03-10 14:08 - 00027008 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2016-10-24 00:35 - 2016-10-24 00:37 - 22851472 _____ (Malwarebytes ) C:\Users\cheesan2000\Downloads\mbam-setup-2.2.1.1043.exe
2016-10-20 19:16 - 2016-10-20 19:16 - 00005092 _____ C:\Users\cheesan2000\Desktop\Receipt si.pdf
2016-10-01 14:38 - 2016-10-20 18:47 - 00003600 _____ C:\Windows\System32\Tasks\AVG EUpdate Task
2016-09-26 18:19 - 2016-09-26 18:19 - 00254208 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgmfx64.sys
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-10-24 01:34 - 2015-11-25 23:25 - 00002159 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-10-24 01:34 - 2015-11-25 23:25 - 00002141 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-10-24 01:34 - 2015-11-25 23:24 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2016-10-24 01:34 - 2015-11-21 00:35 - 00000978 _____ C:\Users\Public\Desktop\AVG.lnk
2016-10-24 01:34 - 2014-10-16 08:01 - 00000823 _____ C:\Users\cheesan2000\Desktop\µTorrent.lnk
2016-10-24 01:34 - 2014-09-23 19:23 - 00001969 _____ C:\Users\Public\Desktop\MultiBank Terminal PRO.lnk
2016-10-24 01:34 - 2014-04-21 22:30 - 00000968 _____ C:\Users\cheesan2000\Desktop\Chee San - Shortcut.lnk
2016-10-24 01:34 - 2014-04-13 20:04 - 00001713 _____ C:\Users\cheesan2000\Desktop\Skype - Shortcut.lnk
2016-10-24 01:34 - 2014-02-27 17:27 - 00001861 _____ C:\Users\cheesan2000\Desktop\Microsoft Office 2013 - Shortcut.lnk
2016-10-24 01:34 - 2014-02-27 17:27 - 00001544 _____ C:\Users\cheesan2000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013.lnk
2016-10-24 01:34 - 2014-02-03 12:34 - 00001012 _____ C:\Users\Public\Desktop\BurnAware Free.lnk
2016-10-24 01:34 - 2013-05-18 22:23 - 00001404 _____ C:\Users\cheesan2000\Desktop\Internet Explorer (2).lnk
2016-10-24 01:34 - 2013-05-01 17:05 - 00001123 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2016-10-24 01:34 - 2013-05-01 17:05 - 00001105 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2016-10-24 01:34 - 2013-03-09 18:26 - 00001990 _____ C:\Users\Public\Desktop\Samsung Kies.lnk
2016-10-24 01:34 - 2013-03-03 22:35 - 00001103 _____ C:\Users\Public\Desktop\FastStone Image Viewer.lnk
2016-10-24 01:34 - 2013-03-03 22:22 - 00001121 _____ C:\Users\cheesan2000\Desktop\FastStone Photo Resizer.lnk
2016-10-24 01:34 - 2013-03-03 07:00 - 00000882 _____ C:\Users\cheesan2000\Desktop\Downloads.lnk
2016-10-24 01:34 - 2013-03-03 06:59 - 00001410 _____ C:\Users\cheesan2000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2016-10-24 01:34 - 2013-03-02 22:06 - 00001387 _____ C:\Users\cheesan2000\Desktop\Kingsoft Spreadsheets.lnk
2016-10-24 01:34 - 2013-03-02 19:37 - 00001135 _____ C:\Users\Public\Desktop\Yahoo! Messenger.lnk
2016-10-24 01:34 - 2013-03-02 19:28 - 00001130 _____ C:\Users\cheesan2000\Desktop\Foxit Reader.lnk
2016-10-24 01:33 - 2016-06-27 17:44 - 00000000 ____D C:\Users\cheesan2000\AppData\Roaming\Arefresh
2016-10-24 01:33 - 2013-03-03 06:58 - 00000000 ____D C:\Users\cheesan2000
2016-10-24 01:33 - 2012-07-26 16:12 - 00000000 ____D C:\Windows\Performance
2016-10-24 01:32 - 2016-07-25 23:36 - 00000000 ____D C:\Users\cheesan2000\AppData\Roaming\funspeed
2016-10-24 01:32 - 2016-02-11 13:53 - 00000000 ____D C:\Users\cheesan2000\AppData\Roaming\Ahoweverd
2016-10-24 01:32 - 2016-02-06 20:34 - 00000000 ____D C:\Users\cheesan2000\AppData\Roaming\Aanothe
2016-10-24 01:32 - 2015-03-12 21:57 - 00000000 ____D C:\Users\cheesan2000\AppData\Roaming\FunUninstall
2016-10-24 01:32 - 2014-11-19 13:30 - 00000000 ____D C:\Users\cheesan2000\AppData\Roaming\FunTV
2016-10-24 01:32 - 2014-07-26 19:56 - 00000000 ____D C:\Users\cheesan2000\AppData\Roaming\Funshion
2016-10-24 01:32 - 2014-07-26 19:56 - 00000000 ____D C:\Users\cheesan2000\AppData\Roaming\CloudMedia
2016-10-24 01:32 - 2014-07-26 15:04 - 00000000 ___HD C:\Users\Public\Fundata
2016-10-24 01:32 - 2014-02-27 17:21 - 00000000 ____D C:\Program Files\KMSnano
2016-10-24 01:32 - 2014-01-25 17:23 - 00000000 ____D C:\Program Files (x86)\VideoDownloadConverter
2016-10-24 01:28 - 2012-07-26 16:12 - 00000000 ___HD C:\Program Files\WindowsApps
2016-10-24 01:25 - 2012-07-26 16:12 - 00000000 ____D C:\Windows\tracing
2016-10-24 01:19 - 2012-07-26 16:12 - 00000000 ____D C:\Windows\AUInstallAgent
2016-10-24 01:04 - 2015-11-25 23:24 - 00000922 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-10-24 00:58 - 2012-07-26 16:12 - 00000000 ____D C:\Windows\system32\migwiz
2016-10-24 00:38 - 2013-03-02 20:00 - 00000000 ____D C:\ProgramData\MFAData
2016-10-24 00:38 - 2012-07-26 13:26 - 00262144 ___SH C:\Windows\system32\config\ELAM
2016-10-24 00:23 - 2016-05-04 21:55 - 00003758 _____ C:\Windows\System32\Tasks\AutoKMS
2016-10-24 00:23 - 2015-11-25 23:24 - 00000918 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-10-24 00:23 - 2015-05-21 18:37 - 00000000 ____D C:\ProgramData\boost_interprocess
2016-10-24 00:23 - 2013-03-17 17:17 - 00000000 _____ C:\Users\cheesan2000\AppData\LocalLow\ChangeTaskbarRect
2016-10-24 00:03 - 2014-03-02 15:28 - 00065536 _____ C:\Windows\system32\Ikeext.etl
2016-10-24 00:03 - 2012-10-24 05:41 - 00053284 _____ C:\Windows\system32\wpbbin.exe
2016-10-24 00:03 - 2012-07-26 15:22 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-10-23 12:19 - 2012-07-26 13:26 - 00262144 ___SH C:\Windows\system32\config\BBI
2016-10-23 11:29 - 2015-01-22 13:23 - 00000000 ____D C:\ProgramData\ProductData
2016-10-21 18:19 - 2012-07-26 15:59 - 00000000 ____D C:\Windows\CbsTemp
2016-10-21 18:07 - 2013-03-02 22:12 - 00000000 ____D C:\Users\cheesan2000\AppData\Local\CrashDumps
2016-10-20 19:04 - 2014-02-27 17:10 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2016-10-20 18:53 - 2014-04-04 13:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2016-10-17 19:32 - 2012-07-26 13:37 - 00000000 ____D C:\Windows\Inf
2016-10-16 11:46 - 2015-11-25 23:24 - 00004476 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2016-10-01 14:47 - 2015-12-13 12:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG Zen
==================== Files in the root of some directories =======
2013-03-09 19:16 - 2007-09-08 23:44 - 1623104 _____ (Acro Software Inc. ) C:\Program Files (x86)\CuteWriter.exe
2013-03-09 19:16 - 2006-10-06 22:50 - 0042528 _____ () C:\Program Files (x86)\mp3DirectCut.exe
2014-10-16 08:00 - 2014-10-16 08:00 - 1918032 _____ (BitTorrent Inc.) C:\Program Files (x86)\uTorrent3.4.2.34537.1412752566.exe
2014-12-27 23:27 - 2014-12-27 23:27 - 0001078 _____ () C:\Users\cheesan2000\AppData\Roaming\base64.cer
2014-02-03 13:19 - 2014-02-03 14:13 - 0000435 _____ () C:\Users\cheesan2000\AppData\Roaming\burnaware.ini
2014-06-05 17:48 - 2015-01-20 15:23 - 0007168 _____ () C:\Users\cheesan2000\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-12-30 10:55 - 2015-09-17 23:25 - 0000032 _____ () C:\Users\cheesan2000\AppData\Local\temp.tmp
2013-01-11 19:47 - 2013-01-11 19:47 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
Some files in TEMP:
====================
C:\Users\cheesan2000\AppData\Local\Temp\36058D9.tmp360net.dll
C:\Users\cheesan2000\AppData\Local\Temp\360InI.dll
C:\Users\cheesan2000\AppData\Local\Temp\360se_setup.exe
C:\Users\cheesan2000\AppData\Local\Temp\avguirn_081150790857.exe
C:\Users\cheesan2000\AppData\Local\Temp\avguirn_081391763997.exe
C:\Users\cheesan2000\AppData\Local\Temp\avguirn_081736955343.exe
C:\Users\cheesan2000\AppData\Local\Temp\avguirn_081870066989.exe
C:\Users\cheesan2000\AppData\Local\Temp\avguirn_08229528752.exe
C:\Users\cheesan2000\AppData\Local\Temp\avguirn_08564745005.exe
C:\Users\cheesan2000\AppData\Local\Temp\COMAP.EXE
C:\Users\cheesan2000\AppData\Local\Temp\converter.exe
C:\Users\cheesan2000\AppData\Local\Temp\dfsrf_updsp.exe
C:\Users\cheesan2000\AppData\Local\Temp\dl_peer_id.dll
C:\Users\cheesan2000\AppData\Local\Temp\downloader.4994.50.316.exe
C:\Users\cheesan2000\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpiselrh.dll
C:\Users\cheesan2000\AppData\Local\Temp\Foxit Reader Updater.exe
C:\Users\cheesan2000\AppData\Local\Temp\Foxit Updater.exe
C:\Users\cheesan2000\AppData\Local\Temp\jre-7u60-windows-i586-iftw.exe
C:\Users\cheesan2000\AppData\Local\Temp\jre-7u65-windows-i586-iftw.exe
C:\Users\cheesan2000\AppData\Local\Temp\oi_{1BEEC320-EF8D-4EE9-94C3-17C614781836}.exe
C:\Users\cheesan2000\AppData\Local\Temp\PidGenX.dll
C:\Users\cheesan2000\AppData\Local\Temp\RegHidDevice.dll
C:\Users\cheesan2000\AppData\Local\Temp\setup.exe
C:\Users\cheesan2000\AppData\Local\Temp\Setup_fengxingtg.exe
C:\Users\cheesan2000\AppData\Local\Temp\Setup_iku.exe
C:\Users\cheesan2000\AppData\Local\Temp\Tmp1406375812_Greenil.dll
C:\Users\cheesan2000\AppData\Local\Temp\Tmp1416375037_greenil.dll
C:\Users\cheesan2000\AppData\Local\Temp\UNINSTALL.exe
C:\Users\cheesan2000\AppData\Local\Temp\W.P.S.4994.50.316.exe
C:\Users\cheesan2000\AppData\Local\Temp\XmpSetupHelper.dll
C:\Users\cheesan2000\AppData\Local\Temp\YSDQSetup-xmp.exe
==================== Bamital & volsnap ======================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-11-15 09:20
==================== End of FRST.txt ============================
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 17-10-2016
Ran by cheesan2000 (24-10-2016 01:38:10)
Running from C:\Users\cheesan2000\Desktop\Download
Windows 8 Single Language (X64) (2013-03-02 22:58:43)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-2247952248-501301587-607099746-500 - Administrator - Disabled)
cheesan2000 (S-1-5-21-2247952248-501301587-607099746-1001 - Administrator - Enabled) => C:\Users\cheesan2000
Guest (S-1-5-21-2247952248-501301587-607099746-501 - Limited - Disabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: AVG AntiVirus Free Edition (Enabled - Up to date) {4D41356F-32AD-7C42-C820-63775EE4F413}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG AntiVirus Free Edition (Enabled - Up to date) {F620D48B-1497-73CC-F290-58052563BEAE}
FW: AVG Internet Security (Disabled) {757AB44A-78C2-7D1A-E37F-CA42A037B368}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
µTorrent (HKU\S-1-5-21-2247952248-501301587-607099746-1001\...\uTorrent) (Version: 3.4.5.41372 - BitTorrent Inc.)
Acer Backup Manager (HKLM-x32\...\InstallShield_{9DDDF20E-9FD1-4434-A43E-E7889DBC9420}) (Version: 4.0.0.0059 - NTI Corporation)
Acer Instant Update Service (HKLM\...\{8215A318-CC27-435E-B3EA-2E3443C8998C}) (Version: 1.00.3013 - Acer Incorporated)
Acer Power Management (HKLM\...\{91F52DE4-B789-42B0-9311-A349F10E5479}) (Version: 7.00.3007 - Acer Incorporated)
Acer Recovery Management (HKLM\...\{07F2005A-8CAC-4A4B-83A2-DA98A722CA61}) (Version: 6.00.3011 - Acer Incorporated)
AcerCloud (HKLM-x32\...\{A5AD0B17-F34D-49BE-A157-C8B3D52ACD13}) (Version: 2.01.3115 - Acer Incorporated)
AcerCloud Docs (HKLM-x32\...\{CA4FE8B0-298C-4E5D-A486-F33B126D6A0A}) (Version: 1.00.3201 - Acer Incorporated)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.020.20039 - Adobe Systems Incorporated)
Adobe Flash Player 11 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 11.8.800.94 - Adobe Systems Incorporated)
AVG (HKLM\...\AvgZen) (Version: 1.101.2.40207 - AVG Technologies)
AVG (Version: 16.121.7859 - AVG Technologies) Hidden
AVG 2014 (Version: 14.0.4447 - AVG Technologies) Hidden
AVG 2014 (Version: 14.0.4842 - AVG Technologies) Hidden
AVG 2016 (Version: 16.0.4664 - AVG Technologies) Hidden
AVG Protection (HKLM\...\AVG) (Version: 2016.121.7859 - AVG Technologies)
AVG Zen (Version: 1.101.4 - AVG Technologies) Hidden
Backup Manager v4 (x32 Version: 4.0.0.0059 - NTI Corporation) Hidden
BurnAware Free 6.9.1 (HKLM-x32\...\BurnAware Free_is1) (Version: - Burnaware)
clear.fi Media (HKLM-x32\...\{E9AF1707-3F3A-49E2-8345-4F2D629D0876}) (Version: 2.01.3108 - Acer Incorporated)
clear.fi Photo (HKLM-x32\...\{B5AD89F2-03D3-4206-8487-018298007DD0}) (Version: 2.01.3108 - Acer Incorporated)
clear.fi SDK - Video 2 (x32 Version: 2.1.1925 - CyberLink Corp.) Hidden
clear.fi SDK- Movie 2 (x32 Version: 2.1.2008 - CyberLink Corp.) Hidden
Cloudy for Gmail (HKLM-x32\...\{AD11DADE-C597-45D9-D8C5-1D2EB0B89613}) (Version: - ) <==== ATTENTION
CutePDF Writer 2.7 (HKLM\...\CutePDF Writer Installation) (Version: - )
CyberLink MediaEspresso 6.5 (HKLM-x32\...\InstallShield_{E3739848-5329-48E3-8D28-5BBD6E8BE384}) (Version: 6.5.3103_44819 - CyberLink Corp.)
Dolby Advanced Audio v2 (HKLM-x32\...\{B9E70C7A-9F85-4A39-A4A3-BFA3C3BF7613}) (Version: 7.2.8000.13 - Dolby Laboratories Inc)
ETDWare PS/2-X64 11.6.10.001_WHQL (HKLM\...\Elantech) (Version: 11.6.10.001 - ELAN Microelectronic Corp.)
FastStone Image Viewer 4.7 (HKLM-x32\...\FastStone Image Viewer) (Version: 4.7 - FastStone Soft)
FastStone Photo Resizer 3.1 (HKLM-x32\...\FastStone Photo Resizer) (Version: 3.1 - FastStone Soft.)
FMW 1 (Version: 1.132.1 - AVG Technologies) Hidden
Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 6.0.2.413 - Foxit Corporation)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 53.0.2785.143 - Google Inc.)
Google Update Helper (x32 Version: 1.3.31.5 - Google Inc.) Hidden
HID Monitor (HKLM-x32\...\{CA6EBB86-6C56-46FD-96B3-57A7436314AF}) (Version: 1.1.3 - Acer Incorporated)
Identity Card (HKLM-x32\...\{3D9CB654-99AD-4301-89C6-0D12A790767C}) (Version: 2.00.3004 - Acer Incorporated)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.2867 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.5.4.1001 - Intel Corporation)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
Java 7 Update 60 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217060FF}) (Version: 7.0.600 - Oracle)
K-Lite Codec Pack 9.8.0 (Full) (HKLM-x32\...\KLiteCodecPack_is1) (Version: 9.8.0 - )
KMSnano 24 (HKLM\...\KMSnano 24_is1) (Version: KMSnano 24 - )
Launch Manager (HKLM-x32\...\LManager) (Version: 7.0.6 - Acer Inc.)
Live Updater (HKLM-x32\...\{EE26E302-876A-48D9-9058-3129E5B99999}) (Version: 2.00.3004 - Acer Incorporated)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Microsoft Office Professional Plus 2013 (HKLM-x32\...\Office15.PROPLUSR) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Mozilla Firefox 47.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 47.0.1 (x86 en-US)) (Version: 47.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 47.0.1.6018 - Mozilla)
MultiBank Terminal PRO (HKLM-x32\...\MultiBank Terminal PRO) (Version: 4.00 - MetaQuotes Software Corp.)
MyWinLocker (Version: 4.0.14.35 - Egis Technology Inc.) Hidden
MyWinLocker 4 (x32 Version: 4.0.14.35 - Egis Technology Inc.) Hidden
MyWinLocker Suite (HKLM-x32\...\InstallShield_{17DF9714-60C9-43C9-A9C2-32BCAED44CBE}) (Version: 4.0.14.24 - Egis Technology Inc.)
MyWinLocker Suite (x32 Version: 4.0.14.24 - Egis Technology Inc.) Hidden
NTI Media Maker 9 (HKLM-x32\...\InstallShield_{D3D5C4E8-040F-4C6F-8105-41D43CF94F44}) (Version: 9.0.2.9008 - NTI Corporation)
NTI Media Maker 9 (x32 Version: 9.0.2.9008 - NTI Corporation) Hidden
Office Addin (HKLM-x32\...\{6D2BBE1D-E600-4695-BA37-0B0E605542CC}) (Version: 2.01.3200 - Acer)
Outils de vérification linguistique 2013 de Microsoft Office*- Français (x32 Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.0.220 - Qualcomm Atheros Communications)
Qualcomm Atheros WLAN and Bluetooth Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 11.41 - Qualcomm Atheros)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.2.612.2012 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6690 - Realtek Semiconductor Corp.)
Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.2.8400.27028 - Realtek Semiconductor Corp.)
SalePlus (HKLM-x32\...\{B696F285-F54E-2524-58B1-E06A70ABE6BE}) (Version: - ) <==== ATTENTION
Samsung Kies (HKLM-x32\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.5.2.13021_10 - Samsung Electronics Co., Ltd.)
Samsung Kies (x32 Version: 2.5.2.13021_10 - Samsung Electronics Co., Ltd.) Hidden
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.29.0 - SAMSUNG Electronics Co., Ltd.)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 32-Bit Edition (HKLM-x32\...\{91150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUSR_{7F6C4883-A18C-459A-82C1-A2F9403F2DA6}) (Version: - Microsoft)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
Shredder (Version: 2.0.8.9 - Egis Technology Inc.) Hidden
Shredder (x32 Version: 2.0.8.9 - Egis Technology Inc.) Hidden
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 8.3.0.9150 - Microsoft Corporation)
Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
Start Menu 8 (HKLM-x32\...\IObit_StartMenu8_is1) (Version: 1.3.0.0 - IObit)
Tweaking.com - Registry Backup (HKLM-x32\...\Tweaking.com - Registry Backup) (Version: 3.5.2 - Tweaking.com)
Update for Skype for Business 2015 (KB3039776) 32-Bit Edition (HKLM-x32\...\{90150000-012B-0409-0000-0000000FF1CE}_Office15.PROPLUSR_{9F6B3627-AF9E-40A5-AAD5-3497C4327616}) (Version: - Microsoft)
Visual Studio 2005 Tools for Office Second Edition Runtime (HKLM-x32\...\Microsoft Visual Studio 2005 Tools for Office Runtime) (Version: - Microsoft Corporation)
Visual Studio 2010 x64 Redistributables (HKLM\...\{21B133D6-5979-47F0-BE1C-F6A6B304693F}) (Version: 13.0.0.1 - AVG Technologies)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
Visual Studio Tools for the Office system 3.0 Runtime (HKLM-x32\...\Visual Studio Tools for the Office system 3.0 Runtime) (Version: - Microsoft Corporation)
Visual Studio Tools for the Office system 3.0 Runtime Service Pack 1 (KB949258) (HKLM-x32\...\{8FB53850-246A-3507-8ADE-0060093FFEA6}.KB949258) (Version: 1 - Microsoft Corporation)
VSFilter 2.41.322 (0c3a1ea) Nightly (HKLM-x32\...\vsfilter_is1) (Version: 2.41.322 - MPC-HC Team)
WinRAR 5.00 beta 5 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.00.5 - win.rar GmbH)
Yahoo! Messenger (HKLM-x32\...\Yahoo! Messenger) (Version: - Yahoo! Inc.)
youtubeadblocker (HKLM-x32\...\{4820778D-AB0D-6D18-C316-52A6A0E1D507}) (Version: - ) <==== ATTENTION
乐视视频 V7.3.1.60 (HKLM-x32\...\乐视视频) (Version: V7.3.1.60 - 乐视网信息技术(北京)股份有限公司.)
优酷 (HKLM-x32\...\YoukuClient) (Version: 6.6.4.8311 - youkutudou, Inc.)
谷歌拼音输入法 2.7 (HKLM\...\GooglePinyin2) (Version: - Google Inc.)
风行视频加速器 (HKLM-x32\...\FunAccelerator) (Version: - )
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-2247952248-501301587-607099746-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\cheesan2000\AppData\Roaming\Dropbox\bin\Dropbox.exe /autoplay => No File
CustomCLSID: HKU\S-1-5-21-2247952248-501301587-607099746-1001_Classes\CLSID\{5ed339e2-e6a7-576a-be70-fb9cdbdce50e}\InprocServer32 -> C:\Users\cheesan2000\AppData\Roaming\ytmediacenter\X64\npYoukuAgent_x64.dll (Youku)
CustomCLSID: HKU\S-1-5-21-2247952248-501301587-607099746-1001_Classes\CLSID\{67F4D210-BFC2-4ADD-9A2A-C9B9E1F42C4F}\InprocServer32 -> C:\Users\cheesan2000\AppData\Local\Kingsoft\WPS Office\9.1.0.4994\office6\qingshellext64.dll => No F (the data entry has 3 more characters).
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {23A5D8BE-9196-40EB-BD89-794398B2B073} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
Task: {2980FB8D-A540-42B2-99A6-42D09868F437} - System32\Tasks\ALUAgent => C:\Program Files (x86)\Acer\Live Updater\liveupdater_agent.exe [2012-06-22] ()
Task: {353869C8-31DA-425A-8AAE-A91E0D6CC717} - System32\Tasks\DeviceDetector => C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe [2012-07-05] (CyberLink)
Task: {37469A66-CEC8-4787-8F68-A7DC60C85D3D} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2015-10-17] (Microsoft Corporation)
Task: {378401BA-A703-444A-A79C-3C47AD2DC5B6} - \Microsoft\Windows\TaskScheduler\Maintenance Configurator -> No File <==== ATTENTION
Task: {3C6C44A6-654F-4A90-A491-42FBB8EDC69C} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-22] (Microsoft Corporation)
Task: {40525C58-79C2-47A1-9AA2-F1D7FC4F0691} - \Microsoft\Windows\WindowsBackup\ConfigNotification -> No File <==== ATTENTION
Task: {44B3F1B8-5943-4072-8D8C-A9484676AC44} - \Microsoft\Windows\Live\Roaming\SynchronizeWithStorage -> No File <==== ATTENTION
Task: {5755E746-D7ED-4C20-A472-66C11834CDE4} - \Microsoft\Windows\TaskScheduler\Manual Maintenance -> No File <==== ATTENTION
Task: {577DF235-9C7E-4A4F-AE59-16B5CB695160} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-22] (Microsoft Corporation)
Task: {5E1ED4C5-3F92-4698-AE82-CA6AEBAB03A8} - System32\Tasks\HIDMonitor => C:\Program Files\Acer Incorporated\HID Monitor\HIDMonitor.exe
Task: {62AA9BFB-5F8A-4FED-AD70-ABAE8F516C49} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-11-25] (Google Inc.)
Task: {705758AC-DC37-4B8D-9DC2-F969892D7B58} - System32\Tasks\StartMenuAutoupdate => C:\Program Files (x86)\IObit\Start Menu 8\AutoUpdate.exe [2013-09-29] (IObit)
Task: {710D1009-6505-40D8-8D83-962A1985732C} - System32\Tasks\Microsoft\Windows\Location\Notifications => C:\Windows\System32\LocationNotificationWindows.exe
Task: {75BDE221-F4CB-4CAE-9161-C0297F2700FD} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe
Task: {76302546-EC1E-40BE-AFDF-87ECAA67A02B} - System32\Tasks\ALU => C:\Program Files (x86)\Acer\Live Updater\updater.exe [2012-08-30] ()
Task: {7B8FAC18-F5B9-4E6E-B145-5439B9FCD6E3} - System32\Tasks\AVG EUpdate Task => avgsetupx.exe
Task: {7D332F91-B5C9-4F6B-AF97-CEE7660A3E16} - System32\Tasks\PMMUpdate => C:\Program Files\EgisTec IPS\PMMUpdate.exe [2012-07-12] (Egis Technology Inc.)
Task: {7D9A9A1C-499C-40A6-8F8A-5BCC4CC9A87C} - \Microsoft\Windows\TaskScheduler\Regular Maintenance -> No File <==== ATTENTION
Task: {845CB020-68B5-4C6B-9876-7BEC7B3E27AC} - \Microsoft\Windows\TaskScheduler\Idle Maintenance -> No File <==== ATTENTION
Task: {8D99A998-0B74-45D5-BC23-006B8C51B906} - System32\Tasks\Google Pinyin Daemon => C:\Program Files (x86)\Google\Google Pinyin 2\GooglePinyinDaemon.exe [2013-03-06] (Google Inc.) <==== ATTENTION
Task: {909EF2D8-C14F-405C-9B13-3CA79A44463E} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-11-25] (Google Inc.)
Task: {92E1EBD0-7106-4235-BFD2-C857E7AC5FC5} - System32\Tasks\Power Management => C:\Program Files\Acer\Acer Power Management\ePowerTray.exe [2012-09-06] (Acer Incorporated)
Task: {93DA7C53-1D03-452C-B165-2430787DF069} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-09-16] (Adobe Systems Incorporated)
Task: {A01CDD7D-2FB4-4689-8598-9FA9CFF71706} - System32\Tasks\0615tbUpdateInfo => C:\ProgramData\Avg_Update_0615tb\0615tb_AVG-Secure-Search-Update_0615tb.exe
Task: {A61946CA-DE81-4003-8717-D25B56D1C2BB} - System32\Tasks\iuBrowserIEAgent => C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuBrowserIEAgent.exe [2012-08-23] ()
Task: {A800277E-E202-4492-AD38-3312641CBC04} - \Microsoft\Windows\Live\Roaming\MaintenanceTask -> No File <==== ATTENTION
Task: {ADAE2B69-DF40-4C58-93B4-31AF13C94048} - System32\Tasks\EgisUpdate => C:\Program Files\EgisTec IPS\EgisUpdate.exe [2012-07-12] (Egis Technology Inc.)
Task: {BDB55F61-DAA1-4CF8-BD70-018FC00C641D} - System32\Tasks\Trigger KMS Activation => C:\Program Files\KMSnano\TriggerKMS.exe [2013-01-26] ()
Task: {C84F8A44-9FD3-4273-930B-E488674D2812} - \Microsoft\Windows\Application Experience\AitAgent -> No File <==== ATTENTION
Task: {CE0B2787-40DD-4031-B6E4-54818A6F8747} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS\AutoKMS.exe [2014-02-27] ()
Task: {CF050D4E-F168-4EEA-B850-463608779D2D} - System32\Tasks\iuEmailOutlookAgent => C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuEmailOutlookAgent.exe [2012-08-23] ()
Task: {E67BB8DA-41A7-472E-8014-9DA0215F7941} - System32\Tasks\0215avUpdateInfo => C:\ProgramData\Avg_Update_0215av\0215av_AVG-Secure-Search-Update.exe [2015-02-17] ()
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\0215avUpdateInfo.job => C:\ProgramData\Avg_Update_0215av\0215av_AVG-Secure-Search-Update.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
==================== Shortcuts =============================
(The entries could be listed to be restored or removed.)
Shortcut: C:\Users\cheesan2000\AppData\Local\Microsoft\Windows\RoamingTiles\7692675940.lnk -> hxxp://www.google.com.my/
ShortcutWithArgument: C:\Users\cheesan2000\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.InternetExplorer.Default\7692675940.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> -contentTile -formatVersion 0x00000002 -pinnedTimeLow 0x990269a0 -pinnedTimeHigh 0x01ce17ac -securityFlags 0x00000000 -url 0x00000019 hxxp://www.google.com.my/
==================== Loaded Modules (Whitelisted) ==============
2013-03-09 20:02 - 2007-07-12 22:37 - 00085504 _____ () C:\Windows\System32\cpwmon64.dll
2012-08-24 06:02 - 2012-08-24 06:02 - 00030640 _____ () C:\Program Files (x86)\Acer Incorporated\HID Monitor\HIDMonitor.exe
2015-09-15 14:58 - 2015-09-15 14:58 - 08901184 _____ () C:\Program Files\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2015-09-17 23:24 - 2015-08-25 16:29 - 00707112 _____ () C:\Users\cheesan2000\AppData\Roaming\ytmediacenter\X64\cmc64.dll
2012-06-22 10:12 - 2012-06-22 10:12 - 01407568 _____ () C:\Program Files (x86)\EgisTec MyWinLocker\x64\LIBEAY32.dll
2013-01-28 14:45 - 2013-01-28 14:45 - 00011264 _____ () C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\Modules\ActivateDesktopDebugger\ActivateDesktopDebugger.dll
2013-01-28 14:42 - 2013-01-28 14:42 - 00084992 _____ () C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\Modules\Map\MAP.dll
2013-01-28 14:47 - 2013-01-28 14:47 - 00012928 _____ () C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\ActivateDesktop.exe
2012-08-23 07:04 - 2012-08-23 07:04 - 00044176 _____ () C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuBrowserIEAgent.exe
2012-08-23 07:04 - 2012-08-23 07:04 - 00025232 _____ () C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuEmailOutlookAgent.exe
2015-01-22 13:23 - 2014-10-16 10:26 - 00622880 _____ () C:\Program Files (x86)\IObit\LiveUpdate\ProductStatistics.dll
2012-08-23 14:26 - 2012-08-23 14:26 - 00465384 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\sqlite3.dll
2012-08-23 14:25 - 2012-08-23 14:25 - 00125504 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\MailConverter32.dll
2012-08-23 14:26 - 2012-08-23 14:26 - 00155712 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\VolumeSnapshot.dll
2012-08-23 14:25 - 2012-08-23 14:25 - 00118336 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\Online.dll
2012-08-23 14:25 - 2012-08-23 14:25 - 01081408 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\ACE.dll
2012-08-23 14:25 - 2012-08-23 14:25 - 00052288 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\OsSettingPort.dll
2012-08-23 14:26 - 2012-08-23 14:26 - 00727616 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\OutlookShadow.dll
2013-03-17 17:14 - 2013-09-29 19:05 - 00348992 _____ () C:\Program Files (x86)\IObit\Start Menu 8\madExcept_.bpl
2013-03-17 17:14 - 2013-09-29 19:05 - 00183616 _____ () C:\Program Files (x86)\IObit\Start Menu 8\madBasic_.bpl
2013-03-17 17:14 - 2013-09-29 19:05 - 00051008 _____ () C:\Program Files (x86)\IObit\Start Menu 8\madDisAsm_.bpl
2013-01-11 19:45 - 2012-06-26 02:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll
2012-08-24 06:02 - 2012-08-24 06:02 - 00034736 _____ () C:\Program Files (x86)\Acer Incorporated\HID Monitor\ElanTPAPI.dll
2015-09-15 14:58 - 2015-09-15 14:58 - 08901184 _____ () C:\Program Files (x86)\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2015-08-25 16:28 - 2015-08-25 16:28 - 00587304 _____ () C:\Users\cheesan2000\AppData\Roaming\ytmediacenter\cmc.dll
2013-10-19 10:38 - 2013-09-29 19:05 - 00040256 _____ () C:\Program Files (x86)\IObit\Start Menu 8\winkey.dll
2015-07-09 15:18 - 2015-07-09 15:18 - 00308392 _____ () C:\Users\cheesan2000\AppData\Roaming\Letv\AfterPlay\curllib.dll
2015-07-09 15:18 - 2015-07-09 15:18 - 00305832 _____ () C:\Users\cheesan2000\AppData\Roaming\Letv\AfterPlay\CommDll.dll
2015-07-09 15:17 - 2015-07-09 15:17 - 00514216 _____ () C:\Users\cheesan2000\AppData\Roaming\Letv\AfterPlay\DuiLib.dll
2015-12-13 12:55 - 2016-04-17 01:55 - 40500224 _____ () C:\Program Files (x86)\AVG\UiDll\2171\libcef.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
IE trusted site: HKU\S-1-5-21-2247952248-501301587-607099746-1001\...\95516.com -> hxxps://www.95516.com
IE trusted site: HKU\S-1-5-21-2247952248-501301587-607099746-1001\...\95516.net -> hxxps://95516.net
IE trusted site: HKU\S-1-5-21-2247952248-501301587-607099746-1001\...\alipay.com -> hxxps://alipay.com
IE trusted site: HKU\S-1-5-21-2247952248-501301587-607099746-1001\...\alipay.com -> hxxp://alipay.com
IE trusted site: HKU\S-1-5-21-2247952248-501301587-607099746-1001\...\alisoft.com -> hxxps://alisoft.com
IE trusted site: HKU\S-1-5-21-2247952248-501301587-607099746-1001\...\alisoft.com -> hxxp://alisoft.com
IE trusted site: HKU\S-1-5-21-2247952248-501301587-607099746-1001\...\taobao.com -> hxxps://taobao.com
IE trusted site: HKU\S-1-5-21-2247952248-501301587-607099746-1001\...\taobao.com -> hxxp://taobao.com
IE trusted site: HKU\S-1-5-21-2247952248-501301587-607099746-1001\...\unionpay.com -> hxxps://online.unionpay.com
IE trusted site: HKU\S-1-5-21-2247952248-501301587-607099746-1001\...\unionpaysecure.com -> hxxps://unionpaysecure.com
==================== Hosts content: ===============================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2012-07-26 13:26 - 2012-07-26 13:26 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-2247952248-501301587-607099746-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Theme1\img4.jpg
DNS Servers: 208.67.222.222 - 208.67.220.220
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
HKLM\...\StartupApproved\StartupFolder: => "Acer Backup Manager Tray.lnk"
HKLM\...\StartupApproved\Run: => "BtPreLoad"
HKLM\...\StartupApproved\Run: => "RtHDVBg_Dolby"
HKLM\...\StartupApproved\Run: => "HotKeysCmds"
HKLM\...\StartupApproved\Run: => "IgfxTray"
HKLM\...\StartupApproved\Run: => "Persistence"
HKLM\...\StartupApproved\Run: => "RtHDVCpl"
HKLM\...\StartupApproved\Run: => "KiesTrayAgent"
HKLM\...\StartupApproved\Run32: => "AVG_UI"
HKLM\...\StartupApproved\Run32: => "Dolby Advanced Audio v2"
HKLM\...\StartupApproved\Run32: => "KiesTrayAgent"
HKLM\...\StartupApproved\Run32: => "Adobe ARM"
HKLM\...\StartupApproved\Run32: => "VideoDownloadConverter EPM Support"
HKLM\...\StartupApproved\Run32: => "VideoDownloadConverter_4z Browser Plugin Loader 64"
HKLM\...\StartupApproved\Run32: => "mobilegeni daemon"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKLM\...\StartupApproved\Run32: => "tasktk"
HKU\S-1-5-21-2247952248-501301587-607099746-1001\...\StartupApproved\StartupFolder: => "Send to OneNote.lnk"
HKU\S-1-5-21-2247952248-501301587-607099746-1001\...\StartupApproved\StartupFolder: => "Æô¶¯·ÉËÙÍÁ¶¹.lnk"
HKU\S-1-5-21-2247952248-501301587-607099746-1001\...\StartupApproved\Run: => "KiesPreload"
HKU\S-1-5-21-2247952248-501301587-607099746-1001\...\StartupApproved\Run: => ""
HKU\S-1-5-21-2247952248-501301587-607099746-1001\...\StartupApproved\Run: => "KiesAirMessage"
HKU\S-1-5-21-2247952248-501301587-607099746-1001\...\StartupApproved\Run: => "Messenger (Yahoo!)"
HKU\S-1-5-21-2247952248-501301587-607099746-1001\...\StartupApproved\Run: => "AVG-Secure-Search-Update_0913b"
HKU\S-1-5-21-2247952248-501301587-607099746-1001\...\StartupApproved\Run: => "FS23"
HKU\S-1-5-21-2247952248-501301587-607099746-1001\...\StartupApproved\Run: => "Skype"
HKU\S-1-5-21-2247952248-501301587-607099746-1001\...\StartupApproved\Run: => "HunanTV"
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{28878431-1C86-41A7-BB54-020DC538777E}] => (Allow) C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe
FirewallRules: [{BF94936D-C70A-4101-BF20-21B8882FB804}] => (Allow) C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe
FirewallRules: [{5F489EF1-2E4F-4B94-8703-1A968110D8BD}] => (Allow) C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManager.exe
FirewallRules: [{EF5B2A2B-FE17-46D8-9DE6-29962400E36D}] => (Allow) C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe
FirewallRules: [{29D5ECAC-44EF-4B0D-A7B6-37B0211448B2}] => (Allow) C:\Program Files (x86)\NTI\Acer Backup Manager\FileExplorer.exe
FirewallRules: [{B4575AFD-9F9F-4C1D-B8B0-1434AC170F31}] => (Allow) C:\Program Files (x86)\Acer\Acer Cloud\ccd.exe
FirewallRules: [{2B3F65A4-E525-4381-8AB9-CF0CDE10710A}] => (Allow) C:\Program Files (x86)\Acer\Acer Cloud\ccd.exe
FirewallRules: [{9330932E-9801-4EBA-84F9-43640F68F1B1}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Media\DMCDaemon.exe
FirewallRules: [{DDD7E425-297C-43C3-9F92-16CF18BE3AB6}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Media\DMCDaemon.exe
FirewallRules: [{D53E77B8-6B78-4851-B369-6FE37B5E9C48}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Media\WindowsUpnpMV.exe
FirewallRules: [{7000D00F-2C20-48D3-A4AA-D93D8D291947}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Media\WindowsUpnpMV.exe
FirewallRules: [{4728AC63-FF4E-4B72-886A-7F5532082212}] => (Allow) C:\Program Files (x86)\Acer\clear.fi SDK21\Video\VideoPlayer.exe
FirewallRules: [{4A7A1DB7-3BFD-40E2-8106-3C0F6C4C2E06}] => (Allow) C:\Program Files (x86)\Acer\clear.fi SDK21\Video\MusicPlayer.exe
FirewallRules: [{9F0310B5-B7FD-409E-91F2-46AAF85E6954}] => (Allow) C:\Program Files (x86)\Acer\clear.fi SDK21\Movie\PlayMovie.exe
FirewallRules: [{2628D6B7-853B-47B5-A93F-B564177153F9}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Photo\DMCDaemon.exe
FirewallRules: [{237D7DC0-135C-4696-85C8-DBAFA152AE4B}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Photo\DMCDaemon.exe
FirewallRules: [{56AE373E-241A-4746-91CA-435757153DC9}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Photo\WindowsUpnp.exe
FirewallRules: [{A76EA8C8-96CD-43B7-9B1D-26029CB0C0B5}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Photo\WindowsUpnp.exe
FirewallRules: [{56889E25-1FA5-4AA7-BB9C-B623A734044C}] => (Allow) C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe
FirewallRules: [{E6819424-6E95-49FF-8DBB-0692A83ED0C8}] => (Allow) C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe
FirewallRules: [{5A6E1F11-91FE-4D9E-873E-292C71928FC3}] => (Allow) C:\Program Files (x86)\AVG\AVG2013\avgmfapx.exe
FirewallRules: [{A3A57CB0-ACFD-4AE5-9D75-0EC9978A941A}] => (Allow) C:\Program Files (x86)\AVG\AVG2013\avgmfapx.exe
FirewallRules: [{23415CC0-9D4F-47AA-97F3-6BB22E92CA7E}] => (Allow) C:\Windows\SysWOW64\muzapp.exe
FirewallRules: [{69774AAE-07F9-4151-97B2-73C09FD60219}] => (Allow) C:\Windows\SysWOW64\muzapp.exe
FirewallRules: [TCP Query User{F06714BB-9C22-497F-AB09-D549EB212BF9}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [UDP Query User{8D12A158-EB46-45B4-A92D-7C827C2A2BE7}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [TCP Query User{246B4501-DCDB-458B-ADDD-0D3D52797CF6}C:\program files (x86)\skype\phone\skype.exe] => (Block) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [UDP Query User{4B127EB8-5254-48B2-96E4-257209388692}C:\program files (x86)\skype\phone\skype.exe] => (Block) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [{E9464FFE-2567-47A6-A779-2E82D9910606}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\lync.exe
FirewallRules: [{EA5EE077-5ACC-4A4D-8A1D-1A586D0BE672}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\lync.exe
FirewallRules: [{04902624-F50E-473F-BD4F-C1DAEBEF2A5A}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{A78B1608-EBC0-48C2-8DB0-4A29AF7F663E}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{EA59728B-5A49-4A00-BE62-8ED7BFC2784F}] => (Allow) C:\Program Files\KMSnano\qemu-system-i386.exe
FirewallRules: [{205E2357-9E94-44DE-8BF2-23E005FAD317}] => (Allow) C:\Program Files\KMSnano\qemu-system-i386.exe
FirewallRules: [TCP Query User{DBBE6E53-4059-4EC8-BF54-AE4FB63ECB23}F:\fg737p.exe] => (Allow) F:\fg737p.exe
FirewallRules: [UDP Query User{BAB273A9-F2B2-4278-B36C-159C11936E46}F:\fg737p.exe] => (Allow) F:\fg737p.exe
FirewallRules: [TCP Query User{531E22CC-2050-4BC6-8E36-B2D03FCC11A9}F:\fg742p.exe] => (Allow) F:\fg742p.exe
FirewallRules: [UDP Query User{B1C6D64E-3426-4E03-B397-3F33938CC9AF}F:\fg742p.exe] => (Allow) F:\fg742p.exe
FirewallRules: [TCP Query User{55CA158F-D799-44F8-97DA-38BA88721B74}C:\users\cheesan2000\downloads\fg742p.exe] => (Allow) C:\users\cheesan2000\downloads\fg742p.exe
FirewallRules: [UDP Query User{FBEDA804-B299-489A-A48F-52B236108BF5}C:\users\cheesan2000\downloads\fg742p.exe] => (Allow) C:\users\cheesan2000\downloads\fg742p.exe
FirewallRules: [TCP Query User{45A01888-BE1B-4A90-884A-00D4C7971517}C:\users\cheesan2000\downloads\fg742p.exe] => (Block) C:\users\cheesan2000\downloads\fg742p.exe
FirewallRules: [UDP Query User{1AB2A143-7DF5-44E1-8B88-AE1ED9ED6434}C:\users\cheesan2000\downloads\fg742p.exe] => (Block) C:\users\cheesan2000\downloads\fg742p.exe
FirewallRules: [TCP Query User{4991C9E0-265C-4248-AA34-A5EE7D5068FA}C:\program files (x86)\mozilla firefox\plugin-container.exe] => (Allow) C:\program files (x86)\mozilla firefox\plugin-container.exe
FirewallRules: [UDP Query User{BC2E5AAB-F5A6-4888-8BBC-B732F35DD6BD}C:\program files (x86)\mozilla firefox\plugin-container.exe] => (Allow) C:\program files (x86)\mozilla firefox\plugin-container.exe
FirewallRules: [TCP Query User{F92054F3-175C-4FA5-8EB1-FBFEDC07087B}C:\program files (x86)\cntv\cbox\cbox.exe] => (Allow) C:\program files (x86)\cntv\cbox\cbox.exe
FirewallRules: [UDP Query User{18A585C5-23C9-49A8-82B0-90E2EFE5AC29}C:\program files (x86)\cntv\cbox\cbox.exe] => (Allow) C:\program files (x86)\cntv\cbox\cbox.exe
FirewallRules: [TCP Query User{CC0B4F30-DB6E-4D9F-B07B-EC2E8406E185}C:\users\cheesan2000\appdata\local\tudou\feisutudou\tudouva.exe] => (Allow) C:\users\cheesan2000\appdata\local\tudou\feisutudou\tudouva.exe
FirewallRules: [UDP Query User{721ED3F3-0E94-4770-B231-CA1B9DCC923C}C:\users\cheesan2000\appdata\local\tudou\feisutudou\tudouva.exe] => (Allow) C:\users\cheesan2000\appdata\local\tudou\feisutudou\tudouva.exe
FirewallRules: [{004C0A6E-FB01-4CA2-BD4D-D214E0ABB5C8}] => (Allow) C:\Users\cheesan2000\AppData\Roaming\baidu\BaiduRJDownloader\1.3.0.4\BDRJDL.exe
FirewallRules: [{DA9F0B21-118C-4899-B669-E19B899414C3}] => (Allow) C:\Users\cheesan2000\AppData\Roaming\baidu\BaiduRJDownloader\1.3.0.4\BDRJDL.exe
FirewallRules: [{1F38B8C8-A9B9-4CA4-ADB1-41E8DA52AEAE}] => (Allow) C:\Users\cheesan2000\AppData\Roaming\baidu\BaiduRJDownloader\1.3.0.4\BDRJDL.exe
FirewallRules: [{18DC0617-E33A-422E-B230-85672086A6FE}] => (Allow) C:\Users\cheesan2000\AppData\Roaming\baidu\BaiduRJDownloader\1.3.0.4\BDRJDL.exe
FirewallRules: [{E5E544FE-2243-44BE-9CA7-4ACBC59CFAD0}] => (Allow) C:\Users\cheesan2000\AppData\Roaming\baidu\BaiduRJDownloader\1.3.0.4\BugReport.exe
FirewallRules: [{FBBCD5C6-A6C6-4BE5-9E26-A4DF7B5C1778}] => (Allow) C:\Users\cheesan2000\AppData\Roaming\baidu\BaiduRJDownloader\1.3.0.4\BugReport.exe
FirewallRules: [{D255199B-D282-4E9F-AF4C-0BEE53B3780F}] => (Allow) C:\Users\cheesan2000\AppData\Roaming\baidu\BaiduRJDownloader\1.3.0.4\BugReport.exe
FirewallRules: [{E079F413-F923-4ECC-8AC2-4A086CC5E98A}] => (Allow) C:\Users\cheesan2000\AppData\Roaming\baidu\BaiduRJDownloader\1.3.0.4\BugReport.exe
FirewallRules: [{7703FB34-002B-4277-ADA8-B57624FC5EF6}] => (Allow) C:\Users\cheesan2000\AppData\Roaming\baidu\BaiduRJDownloader\1.3.0.4\uninstaller.exe
FirewallRules: [{44A5BA87-7920-4032-8575-EDBC0B140BEB}] => (Allow) C:\Users\cheesan2000\AppData\Roaming\baidu\BaiduRJDownloader\1.3.0.4\uninstaller.exe
FirewallRules: [{80E1624B-2060-480C-AB85-0F478470B02E}] => (Allow) C:\Users\cheesan2000\AppData\Roaming\baidu\BaiduRJDownloader\1.3.0.4\uninstaller.exe
FirewallRules: [{B764EEF1-8657-4665-A331-3543C032C152}] => (Allow) C:\Users\cheesan2000\AppData\Roaming\baidu\BaiduRJDownloader\1.3.0.4\uninstaller.exe
FirewallRules: [TCP Query User{746AFE0B-5684-4611-AF7F-9DBF561654A2}C:\program files (x86)\funshion online\3.0.1.29\funshionservice.exe] => (Allow) C:\program files (x86)\funshion online\3.0.1.29\funshionservice.exe
FirewallRules: [UDP Query User{0F05E3AA-F5A8-4A03-B17E-594A2207B744}C:\program files (x86)\funshion online\3.0.1.29\funshionservice.exe] => (Allow) C:\program files (x86)\funshion online\3.0.1.29\funshionservice.exe
FirewallRules: [{6BCE6015-14F8-4806-99D2-4B55393A6267}] => (Allow) C:\Users\cheesan2000\AppData\Roaming\fsbrowser\BaiduBrowserOnlineSetupSilent-401-ftn_30000027.exe
FirewallRules: [{141D7945-80D6-44AC-A19D-186721AD5EC8}] => (Allow) C:\Users\cheesan2000\AppData\Roaming\fsbrowser\BaiduBrowserOnlineSetupSilent-401-ftn_30000027.exe
FirewallRules: [{868C1738-D1C7-4712-A0C9-255B8B896B6F}] => (Allow) C:\Users\cheesan2000\AppData\Roaming\fsbrowser\BaiduBrowserOnlineSetupSilent-401-ftn_30000027.exe
FirewallRules: [{7B69E8DB-9B36-4F46-8525-B85465616032}] => (Allow) C:\Users\cheesan2000\AppData\Roaming\fsbrowser\BaiduBrowserOnlineSetupSilent-401-ftn_30000027.exe
FirewallRules: [{5F7E4DF3-7C70-4005-9BEA-4D284FCD2EDD}] => (Allow) C:\Users\cheesan2000\AppData\Local\Temp\Setup_fengxingtg.exe
FirewallRules: [{B1255279-3757-49B1-9109-06946A64C065}] => (Allow) C:\Users\cheesan2000\AppData\Local\Temp\Setup_fengxingtg.exe
FirewallRules: [TCP Query User{4742C774-07F1-46BF-8E91-C6FD990CB965}C:\users\cheesan2000\appdata\local\tudou\feisutudou\tudouva.exe] => (Block) C:\users\cheesan2000\appdata\local\tudou\feisutudou\tudouva.exe
FirewallRules: [UDP Query User{A7054C80-618B-4BDB-8012-C52242FAC40D}C:\users\cheesan2000\appdata\local\tudou\feisutudou\tudouva.exe] => (Block) C:\users\cheesan2000\appdata\local\tudou\feisutudou\tudouva.exe
FirewallRules: [{BED67B80-B28A-4E69-8F40-8A5F70FC5928}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgmfapx.exe
FirewallRules: [{F7722B7A-7A8D-484A-912D-D8D8F53801F8}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgmfapx.exe
FirewallRules: [{EDE5D161-C3DA-40E0-8263-2671CB2FD2DD}] => (Allow) C:\Users\cheesan2000\AppData\Roaming\baidu\BaiduRJDownloader\1.3.0.4\AladdinAssistant.exe
FirewallRules: [{4911CA9F-0426-40EA-A2EC-60296FBFAC4B}] => (Allow) C:\Users\cheesan2000\AppData\Roaming\baidu\BaiduRJDownloader\1.3.0.4\AladdinAssistant.exe
FirewallRules: [{D511784A-1B58-4BF9-B5AC-4A8B99645EBC}] => (Allow) C:\Users\cheesan2000\AppData\Roaming\baidu\BaiduRJDownloader\1.3.0.4\AladdinAssistant.exe
FirewallRules: [{A3644E98-1BED-461F-B946-DD6B0DC817CC}] => (Allow) C:\Users\cheesan2000\AppData\Roaming\baidu\BaiduRJDownloader\1.3.0.4\AladdinAssistant.exe
FirewallRules: [{44FEE3A7-AE5A-4040-ADF6-4A59DF796685}] => (Allow) C:\Users\cheesan2000\AppData\Roaming\baidu\BaiduRJDownloader\1.3.0.11\bdswdl.exe
FirewallRules: [{D835302F-385E-46D4-A984-70C29607AE41}] => (Allow) C:\Users\cheesan2000\AppData\Roaming\baidu\BaiduRJDownloader\1.3.0.11\bdswdl.exe
FirewallRules: [{1BD9EC22-FBFE-41F6-8445-E2F073BA4D90}] => (Allow) C:\Users\cheesan2000\AppData\Roaming\baidu\BaiduRJDownloader\1.3.0.11\bdswdl.exe
FirewallRules: [{B2A81AA0-9A3F-41C2-8B0D-1AEEA5092479}] => (Allow) C:\Users\cheesan2000\AppData\Roaming\baidu\BaiduRJDownloader\1.3.0.11\bdswdl.exe
FirewallRules: [{752EAE24-0EEC-4716-A6D4-F6B0E93D6236}] => (Allow) C:\Users\cheesan2000\AppData\Roaming\baidu\BaiduRJDownloader\1.3.0.11\BugReport.exe
FirewallRules: [{742F905F-DB62-4103-967B-1998F6EA81AC}] => (Allow) C:\Users\cheesan2000\AppData\Roaming\baidu\BaiduRJDownloader\1.3.0.11\BugReport.exe
FirewallRules: [{81282C28-4672-4D5B-A6E3-54D8098FB88A}] => (Allow) C:\Users\cheesan2000\AppData\Roaming\baidu\BaiduRJDownloader\1.3.0.11\BugReport.exe
FirewallRules: [{3CA45A47-2E8B-4E1B-894B-1BB262C24B86}] => (Allow) C:\Users\cheesan2000\AppData\Roaming\baidu\BaiduRJDownloader\1.3.0.11\BugReport.exe
FirewallRules: [{F4AC60AB-F820-4DEE-9AF3-B92356568384}] => (Allow) C:\Users\cheesan2000\AppData\Roaming\baidu\BaiduRJDownloader\1.3.0.11\uninstaller.exe
FirewallRules: [{A0B91F48-9B70-4965-A4A8-64F5C9789B72}] => (Allow) C:\Users\cheesan2000\AppData\Roaming\baidu\BaiduRJDownloader\1.3.0.11\uninstaller.exe
FirewallRules: [{821E6ECB-5238-43F5-9C64-0B9BC880DBD0}] => (Allow) C:\Users\cheesan2000\AppData\Roaming\baidu\BaiduRJDownloader\1.3.0.11\uninstaller.exe
FirewallRules: [{6280CF6A-15AE-4956-94C7-110068C7D345}] => (Allow) C:\Users\cheesan2000\AppData\Roaming\baidu\BaiduRJDownloader\1.3.0.11\uninstaller.exe
FirewallRules: [TCP Query User{66FB22C7-54B3-4B47-B5DB-0F1CD6980C19}C:\users\cheesan2000\appdata\roaming\iy\tasktk.exe] => (Block) C:\users\cheesan2000\appdata\roaming\iy\tasktk.exe
FirewallRules: [UDP Query User{E105B4B7-A101-4B1E-A164-C00F4C3663A5}C:\users\cheesan2000\appdata\roaming\iy\tasktk.exe] => (Block) C:\users\cheesan2000\appdata\roaming\iy\tasktk.exe
FirewallRules: [{7E49877A-EC18-4713-A363-1130BF0A6008}] => (Allow) C:\Users\cheesan2000\AppData\Local\Temp\nsf928B.tmp\tw.exe
FirewallRules: [{1A1BE4A2-8A57-471F-A4EC-1C98C2D87AD9}] => (Allow) C:\Users\cheesan2000\AppData\Local\Temp\nsf928B.tmp\tw.exe
FirewallRules: [{2709DB1E-E4AD-408A-89CF-790C3F91E367}] => (Allow) C:\Users\cheesan2000\AppData\Local\Temp\nsf928B.tmp\tw.exe
FirewallRules: [{BC1B4465-6217-46C4-8524-5AB2B1BB1E02}] => (Allow) C:\Users\cheesan2000\AppData\Local\Temp\nsf928B.tmp\tw.exe
FirewallRules: [{4CAE61D1-D31D-4880-BA5B-F97E67AD4C79}] => (Allow) C:\program files (x86)\common files\baidu\bddownload\107\bddownloader.exe
FirewallRules: [{A773CF8C-1A8D-40F1-A132-0B0D17054F16}] => (Allow) C:\Users\cheesan2000\AppData\Roaming\baidu\BaiduRJDownloader\1.3.0.11\AladdinAssistant.exe
FirewallRules: [{ED04F496-B1AC-4923-85CA-559D1EC8DACF}] => (Allow) C:\Users\cheesan2000\AppData\Roaming\baidu\BaiduRJDownloader\1.3.0.11\AladdinAssistant.exe
FirewallRules: [TCP Query User{7C6EBF6E-AB27-422A-9979-ACC104686BE3}C:\users\cheesan2000\appdata\roaming\iy\tasktk.exe] => (Block) C:\users\cheesan2000\appdata\roaming\iy\tasktk.exe
FirewallRules: [UDP Query User{16FA3F6B-53EF-4BBE-A3D2-875A29145C54}C:\users\cheesan2000\appdata\roaming\iy\tasktk.exe] => (Block) C:\users\cheesan2000\appdata\roaming\iy\tasktk.exe
FirewallRules: [{937F4E0A-3E1B-4B49-A2FD-E70E90C0E312}] => (Allow) C:\Users\cheesan2000\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{318FBCAB-A1E4-43A7-8C64-8DF60697CDAB}] => (Allow) C:\Users\cheesan2000\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{D492BD6B-D5FC-4B6C-AD1D-710D55CCCDAB}] => (Allow) C:\Program Files (x86)\Thunder Network\Thunder\Program\XLRCSReport.exe
FirewallRules: [{ECB66BEA-0A59-492D-AA5F-9A9301BAD1B7}] => (Allow) C:\Program Files (x86)\Thunder Network\Thunder\Program\XLRCSReport.exe
FirewallRules: [{F3321750-8303-4E11-A6FF-5E8F904AA337}] => (Allow) c:\program files (x86)\common files\thunder network\tp\ver1\1.1.2.241_1111\thunderplatform.exe
FirewallRules: [{F3266976-DCBD-45B1-AB3A-8D6925D719B3}] => (Allow) c:\program files (x86)\common files\thunder network\tp\ver1\1.1.2.241_1111\thunderplatform.exe
FirewallRules: [{B97B7927-5889-451D-9FBB-FBE942625413}] => (Allow) C:\Program Files (x86)\Common Files\Thunder Network\Kankan\ThunderServiceLite.exe
FirewallRules: [{29F19A6D-DC48-47C8-8CE1-E5B9C5781E2C}] => (Allow) C:\Program Files (x86)\Common Files\Thunder Network\Kankan\ThunderServiceLite.exe
FirewallRules: [{9D1FAC0C-895B-44DB-A725-2CFA3BF61D02}] => (Allow) c:\program files (x86)\common files\thunder network\tp\ver1\1.1.2.223_1111\thunderplatform.exe
FirewallRules: [{AFFA1830-FCCF-4746-8113-F41B85C0F4B2}] => (Allow) c:\program files (x86)\common files\thunder network\tp\ver1\1.1.2.223_1111\thunderplatform.exe
FirewallRules: [{EBFF9258-566B-4978-BF81-E463E5F0F72C}] => (Allow) C:\Program Files (x86)\Common Files\Thunder Network\Kankan\ThunderServiceLite.exe
FirewallRules: [{5F26A0EC-381B-4E85-9366-635F67CD9FC3}] => (Allow) C:\Program Files (x86)\Common Files\Thunder Network\Kankan\ThunderServiceLite.exe
FirewallRules: [{E1A7FC5E-C158-4C9C-AF20-B047BB7D2163}] => (Allow) C:\Users\Public\Thunder Network\KanKan\Pusher\XmpTipWnd.1.0.0.79.exe
FirewallRules: [{2361A47D-BC50-42D9-8573-6614408407B3}] => (Allow) C:\Users\Public\Thunder Network\KanKan\Pusher\XmpTipWnd.1.0.0.79.exe
FirewallRules: [{B8017878-F1C0-46F8-8FE1-EF8EA7CB5218}] => (Allow) C:\Users\Public\Thunder Network\YSDQ\Program\YSDQ.exe
FirewallRules: [{6AA9FD9D-ED4B-446D-8AF6-35B155EF0E4F}] => (Allow) C:\Users\Public\Thunder Network\YSDQ\Program\YSDQ.exe
FirewallRules: [{F427C3DC-8D38-44A6-A08F-3DD11415155A}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgnsa.exe
FirewallRules: [{D5599C68-6FC9-480F-A861-048C7CB5873F}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgnsa.exe
FirewallRules: [{77BC6878-E6A9-4E29-9A98-153187B12B73}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgdiagex.exe
FirewallRules: [{56D88A71-6764-41AF-9AA3-F493845CF1DD}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgdiagex.exe
FirewallRules: [{C0ACBA3A-0541-4AED-85F9-8DFCB9B8E4E3}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgemca.exe
FirewallRules: [{D8D90E2A-7CE6-44F5-8707-82C717F578B2}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgemca.exe
FirewallRules: [TCP Query User{D0776747-1EA2-4770-AD57-1E13C17D4B3D}C:\users\cheesan2000\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\cheesan2000\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [UDP Query User{2C5374CE-96E2-4766-A457-016408F7F17E}C:\users\cheesan2000\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\cheesan2000\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [{043792F7-0BC4-40D2-B2E8-37E6697F765C}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{14EE449E-B93D-42EA-9CDA-E7AE79FC2069}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{B12C8B29-2441-4DCA-A4B6-7F9898E06C53}C:\program files (x86)\hunantv\hunantv.exe] => (Allow) C:\program files (x86)\hunantv\hunantv.exe
FirewallRules: [UDP Query User{4CAAD5E8-9113-4647-8DAA-60DF06415508}C:\program files (x86)\hunantv\hunantv.exe] => (Allow) C:\program files (x86)\hunantv\hunantv.exe
FirewallRules: [{BDC1B8FB-8754-44F9-84F6-23BEA7BBC06C}] => (Block) C:\program files (x86)\hunantv\hunantv.exe
FirewallRules: [{0B7A298B-FF20-474A-9274-847664FF5B0D}] => (Block) C:\program files (x86)\hunantv\hunantv.exe
FirewallRules: [TCP Query User{00D66ED3-1D60-489F-B504-95EA9AF877E4}C:\program files (x86)\youku\youkuclient\youkumediacenter.exe] => (Allow) C:\program files (x86)\youku\youkuclient\youkumediacenter.exe
FirewallRules: [UDP Query User{08C1391B-E8F1-4D98-AF20-860967B28EA1}C:\program files (x86)\youku\youkuclient\youkumediacenter.exe] => (Allow) C:\program files (x86)\youku\youkuclient\youkumediacenter.exe
FirewallRules: [TCP Query User{7F8FFFC3-7B63-4703-BA62-C6BBCC0B8D24}C:\program files (x86)\youku\youkuclient\ikuacc.exe] => (Allow) C:\program files (x86)\youku\youkuclient\ikuacc.exe
FirewallRules: [UDP Query User{76B58E6C-467E-4EB9-A0ED-FA30D505FC33}C:\program files (x86)\youku\youkuclient\ikuacc.exe] => (Allow) C:\program files (x86)\youku\youkuclient\ikuacc.exe
FirewallRules: [{704943E0-F591-4D7F-836C-5D3DA4028CA3}] => (Block) C:\program files (x86)\youku\youkuclient\ikuacc.exe
FirewallRules: [{568C5990-A803-44EA-8087-217BA776E037}] => (Block) C:\program files (x86)\youku\youkuclient\ikuacc.exe
FirewallRules: [{5087E661-B45A-47E8-A6E3-CB082DE5BC86}] => (Block) C:\program files (x86)\youku\youkuclient\youkumediacenter.exe
FirewallRules: [{D7F13B81-06A9-4749-A31F-870D9A2387F0}] => (Block) C:\program files (x86)\youku\youkuclient\youkumediacenter.exe
FirewallRules: [{48A837DF-E70D-4C6B-B524-0A54B3D076A6}] => (Allow) C:\Users\cheesan2000\AppData\Local\Temp\Setup_iku.exe
FirewallRules: [{4590B4A0-B639-4948-8CA6-0AF64E1BE13F}] => (Allow) C:\Users\cheesan2000\AppData\Local\Temp\Setup_iku.exe
FirewallRules: [{8AF71344-5607-4D5B-B87F-362A83E71985}] => (Allow) C:\Windows\SysWOW64\Weibo.exe
FirewallRules: [{0E64E5CA-E5FD-49EF-95EC-34141E9F4DAA}] => (Allow) C:\Windows\SysWOW64\Weibo.exe
FirewallRules: [{CBEC55B9-73DA-4D0A-996B-2444ECCC1BBB}] => (Allow) C:\Program Files (x86)\Sina\Weibo2012\Bin\Weibo2015.exe
FirewallRules: [{427D7A15-C87C-4AE4-BC2A-D2B29715607D}] => (Allow) C:\Program Files (x86)\Sina\Weibo2012\Bin\Weibo2015.exe
FirewallRules: [TCP Query User{DCB523AF-B2AE-4B91-A00D-CA262AA98C80}C:\program files (x86)\hunantv\mangoupgrade.exe] => (Block) C:\program files (x86)\hunantv\mangoupgrade.exe
FirewallRules: [UDP Query User{4541A62B-7BF4-47E7-B99D-3BB590B8ACD6}C:\program files (x86)\hunantv\mangoupgrade.exe] => (Block) C:\program files (x86)\hunantv\mangoupgrade.exe
FirewallRules: [TCP Query User{3655A9A1-58A0-4F34-A866-9AB9947DB932}C:\users\cheesan2000\appdata\roaming\youku\ikucmc\ikuacc.exe] => (Block) C:\users\cheesan2000\appdata\roaming\youku\ikucmc\ikuacc.exe
FirewallRules: [UDP Query User{B998B639-1A2F-49BC-A369-8B96D9D520A8}C:\users\cheesan2000\appdata\roaming\youku\ikucmc\ikuacc.exe] => (Block) C:\users\cheesan2000\appdata\roaming\youku\ikucmc\ikuacc.exe
FirewallRules: [{1F3B6B8E-DE8B-441B-9DD1-7F3CD3685EB0}] => (Allow) C:\program files (x86)\common files\tencent\qqdownload\125\tencentdl.exe
FirewallRules: [{6E231A80-FE41-4822-B41C-880BE3505ABB}] => (Allow) C:\program files (x86)\common files\tencent\qqdownload\125\tencentdl.exe
FirewallRules: [{0B6F0032-7058-4E9F-93DF-E19695E2BCE8}] => (Allow) C:\program files (x86)\common files\tencent\qqdownload\125\tencentdl.exe
FirewallRules: [{E743B516-AF18-47EA-BB1C-8EF21F7AFC93}] => (Allow) C:\program files (x86)\common files\tencent\qqdownload\125\tencentdl.exe
FirewallRules: [TCP Query User{EEED25E8-8651-4D6E-A9B8-809CBA586D90}C:\users\cheesan2000\appdata\roaming\youku\ikucmc\ikuacc.exe] => (Block) C:\users\cheesan2000\appdata\roaming\youku\ikucmc\ikuacc.exe
FirewallRules: [UDP Query User{CCE71943-0DB8-4499-973D-A90109B8FD7A}C:\users\cheesan2000\appdata\roaming\youku\ikucmc\ikuacc.exe] => (Block) C:\users\cheesan2000\appdata\roaming\youku\ikucmc\ikuacc.exe
FirewallRules: [TCP Query User{3A7D334E-1846-46F8-8770-610A86C03714}C:\users\cheesan2000\appdata\roaming\youku\ikucmc\cmc\ikuacc.exe] => (Block) C:\users\cheesan2000\appdata\roaming\youku\ikucmc\cmc\ikuacc.exe
FirewallRules: [UDP Query User{3371B9BA-6FF4-4B9A-A309-FD5644A77E68}C:\users\cheesan2000\appdata\roaming\youku\ikucmc\cmc\ikuacc.exe] => (Block) C:\users\cheesan2000\appdata\roaming\youku\ikucmc\cmc\ikuacc.exe
FirewallRules: [{267CD8BC-57DA-48B1-9CC0-52680BE12C83}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgnsa.exe
FirewallRules: [{B7652068-2B61-4D35-8DCB-CC8907359E0D}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgnsa.exe
FirewallRules: [{4087D7E0-A4D3-494F-AF5E-D3EF569923B4}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgdiagex.exe
FirewallRules: [{9B93C37A-19E5-4097-94BD-ED9BDBF7802A}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgdiagex.exe
FirewallRules: [{BFF91EE7-1540-4A7B-AA83-928B9F8BF684}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgemca.exe
FirewallRules: [{802DF3F8-B581-46C1-A212-D4F441B1F235}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgemca.exe
FirewallRules: [{ECC9EB9C-AFBC-46BD-A866-25F29EA28077}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{DE26BC01-7B4A-4365-B753-15471CD72707}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{9B8CE584-6058-4FD2-917A-EE0147335A6F}] => (Allow) C:\Program Files (x86)\AVG\Av\avgmfapx.exe
FirewallRules: [{4D1C7984-7A31-48B5-BD39-DC240E29E5FE}] => (Allow) C:\Program Files (x86)\AVG\Av\avgmfapx.exe
FirewallRules: [{2904A116-9A83-4808-945D-6E7900162E4E}] => (Allow) C:\Program Files (x86)\AVG\Av\avgmfapx.exe
FirewallRules: [{8271F7DF-18D3-4D6C-A03E-C6644901E0C4}] => (Allow) C:\Program Files (x86)\AVG\Av\avgmfapx.exe
FirewallRules: [{302EAC4A-56FB-4388-AEC5-3737FFDB292C}] => (Allow) C:\Program Files (x86)\AVG\Av\avgnsa.exe
FirewallRules: [{38AC434B-5D85-4DCA-8791-D86F03337DC2}] => (Allow) C:\Program Files (x86)\AVG\Av\avgnsa.exe
FirewallRules: [{CE326D53-5974-4598-9D57-26BB341BD8B5}] => (Allow) C:\Program Files (x86)\AVG\Av\avgdiagex.exe
FirewallRules: [{CC2DB66E-BBF7-43DF-B0DA-415308268BD0}] => (Allow) C:\Program Files (x86)\AVG\Av\avgdiagex.exe
FirewallRules: [{4A43FA24-DC1C-4F11-97F3-BDEF5351A189}] => (Allow) C:\Program Files (x86)\AVG\Av\avgemca.exe
FirewallRules: [{773B3299-E69F-4AB6-99AA-8966E3CD994A}] => (Allow) C:\Program Files (x86)\AVG\Av\avgemca.exe
FirewallRules: [{CBDCEF87-1128-4392-8636-88EDD3BC8ACC}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{60930F4D-9456-409F-99A0-8984A256A005}] => (Allow) C:\Program Files (x86)\AVG\Av\avgnsa.exe
FirewallRules: [{8046CF7F-130F-4DBC-850B-BFA806D6DAA4}] => (Allow) C:\Program Files (x86)\AVG\Av\avgnsa.exe
FirewallRules: [{021CFB20-3E0F-43C7-8E94-E7B06B49D7F1}] => (Allow) C:\Program Files (x86)\AVG\Av\avgemca.exe
FirewallRules: [{0ACF33A9-61E9-4007-A895-04BACCE3A505}] => (Allow) C:\Program Files (x86)\AVG\Av\avgemca.exe
FirewallRules: [{32587BA1-7125-41BE-A8F7-AA57751E02C7}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\lync.exe
FirewallRules: [{DC685522-5FE6-42DC-9050-371B21B371A6}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\lync.exe
FirewallRules: [{1FF7972D-3DDC-42C3-B501-F1B01B6A3A54}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{6796D2BB-B0C7-47A0-9C6F-96C0C388DB05}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\UcMapi.exe
==================== Restore Points =========================
20-10-2016 18:52:53 Windows Update
==================== Faulty Device Manager Devices =============
Name: Bluetooth USB Module
Description: Bluetooth USB Module
Class Guid: {e0cbf06c-cd8b-4647-bb8a-263b43f0f974}
Manufacturer: Qualcomm Atheros Communications
Service: BTHUSB
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
==================== Event log errors: =========================
Application errors:
==================
Error: (10/24/2016 01:39:33 AM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Failed to schedule Software Protection service for re-start at 2016-11-22T16:05:33Z. Error Code: 0x80041316.
Error: (10/24/2016 01:39:03 AM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Failed to schedule Software Protection service for re-start at 2016-11-22T16:05:03Z. Error Code: 0x80041316.
Error: (10/24/2016 01:38:33 AM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Failed to schedule Software Protection service for re-start at 2016-11-22T16:05:30Z. Error Code: 0x80041316.
Error: (10/24/2016 01:38:00 AM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Failed to schedule Software Protection service for re-start at 2016-11-22T16:05:00Z. Error Code: 0x80041316.
Error: (10/24/2016 01:37:30 AM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Failed to schedule Software Protection service for re-start at 2016-11-22T16:05:30Z. Error Code: 0x80041316.
Error: (10/24/2016 01:37:00 AM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Failed to schedule Software Protection service for re-start at 2016-11-22T16:05:00Z. Error Code: 0x80041316.
Error: (10/24/2016 01:36:30 AM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Failed to schedule Software Protection service for re-start at 2016-11-22T16:05:30Z. Error Code: 0x80041316.
Error: (10/24/2016 01:36:00 AM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Failed to schedule Software Protection service for re-start at 2016-11-22T16:05:00Z. Error Code: 0x80041316.
Error: (10/24/2016 01:35:30 AM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Failed to schedule Software Protection service for re-start at 2016-11-22T16:05:30Z. Error Code: 0x80041316.
Error: (10/24/2016 01:35:00 AM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Failed to schedule Software Protection service for re-start at 2016-11-22T16:05:00Z. Error Code: 0x80041316.
System errors:
=============
Error: (10/24/2016 12:04:23 AM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for FailureActions with the following error:
Access is denied.
Error: (10/24/2016 12:03:47 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The vToolbarUpdater40.1.8 service failed to start due to the following error:
%%2 = The system cannot find the file specified.
Error: (10/24/2016 12:03:39 AM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for FailureActions with the following error:
%%5 = Access is denied.
Error: (10/24/2016 12:03:35 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The BDKVRTP Service service failed to start due to the following error:
%%2 = The system cannot find the file specified.
Error: (10/23/2016 12:19:01 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for FailureActions with the following error:
%%5 = Access is denied.
Error: (10/23/2016 11:32:02 AM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for FailureActions with the following error:
%%5 = Access is denied.
Error: (10/23/2016 11:31:44 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The vToolbarUpdater40.1.8 service failed to start due to the following error:
%%2 = The system cannot find the file specified.
Error: (10/23/2016 11:31:34 AM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for FailureActions with the following error:
%%5 = Access is denied.
Error: (10/23/2016 11:31:29 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The BDKVRTP Service service failed to start due to the following error:
%%2 = The system cannot find the file specified.
Error: (10/23/2016 11:31:29 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 12:20:01 AM on 10/22/2016 was unexpected.
==================== Memory info ===========================
Processor: Intel(R) Core(TM) i3-3227U CPU @ 1.90GHz
Percentage of memory in use: 71%
Total physical RAM: 3891.59 MB
Available physical RAM: 1118.54 MB
Total Virtual: 5907.59 MB
Available Virtual: 1403.39 MB
==================== Drives ================================
Drive c: (ACER) (Fixed) (Total:252.99 GB) (Free:55.05 GB) NTFS
Drive e: (New Volume) (Fixed) (Total:197.5 GB) (Free:63.93 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 16E1400C)
Partition: GPT.
==================== End of Addition.txt ============================
aswMBR version 1.0.1.2252 Copyright(c) 2014 AVAST Software
Run date: 2016-10-24 01:45:58
-----------------------------
01:45:58.701 OS Version: Windows x64 6.2.9200
01:45:58.701 Number of processors: 4 586 0x3A09
01:45:58.701 ComputerName: CHEESAN UserName:
01:46:01.014 Initialize success
01:46:01.123 VM: initialized successfully
01:46:01.123 VM: Intel CPU supported
01:46:10.002 VM: disk I/O iaStorA.sys
01:47:46.127 AVAST engine defs: 16102300
01:50:55.184 The log file has been saved successfully to "C:\Users\cheesan2000\Desktop\Download\aswMBR.txt"
01:51:04.205 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000038
01:51:04.205 Disk 0 Vendor: WDC_WD5000LPVT-22G33T0 01.01A01 Size: 476940MB BusType: 11
01:51:04.345 Disk 0 MBR read successfully
01:51:04.345 Disk 0 MBR scan
01:51:04.361 Disk 0 unknown MBR code
01:51:04.361 Disk 0 Partition 1 00 EE GPT 2097151 MB offset 1
01:51:04.408 Disk 0 scanning C:\Windows\system32\drivers
01:51:25.534 Service scanning
01:52:17.349 Modules scanning
01:52:17.365 Disk 0 trace - called modules:
01:52:17.474 ntoskrnl.exe CLASSPNP.SYS disk.sys storport.sys hal.dll iaStorA.sys
01:52:17.490 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8005ce9740]
01:52:17.505 3 CLASSPNP.SYS[fffff88001201e0a] -> nt!IofCallDriver -> \Device\00000038[0xfffffa800441a7f0]
01:52:18.818 AVAST engine scan C:\Windows
01:52:26.881 AVAST engine scan C:\Windows\system32
01:57:22.802 AVAST engine scan C:\Windows\system32\drivers
01:57:51.147 AVAST engine scan C:\Users\cheesan2000
03:13:17.971 Disk 0 statistics 4824441/0/0 @ 0.63 MB/s
03:13:17.971 Scan stopped
03:13:21.174 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000038
03:13:21.174 Disk 0 Vendor: WDC_WD5000LPVT-22G33T0 01.01A01 Size: 476940MB BusType: 11
03:13:21.346 Disk 0 MBR read successfully
03:13:21.346 Disk 0 MBR scan
03:13:21.409 Disk 0 unknown MBR code
03:13:21.440 Disk 0 Partition 1 00 EE GPT 2097151 MB offset 1
03:13:21.455 Disk 0 scanning C:\Windows\system32\drivers
03:13:21.455 Service scanning
03:15:22.884 Modules scanning
03:15:22.884 Disk 0 trace - called modules:
03:15:22.930 ntoskrnl.exe CLASSPNP.SYS disk.sys storport.sys hal.dll iaStorA.sys
03:15:22.930 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8005ce9740]
03:15:22.930 3 CLASSPNP.SYS[fffff88001201e0a] -> nt!IofCallDriver -> \Device\00000038[0xfffffa800441a7f0]
03:15:24.681 AVAST engine scan C:\Windows
03:16:58.467 AVAST engine scan C:\Windows\system32
03:37:59.863 AVAST engine scan C:\Windows\system32\drivers
03:40:18.807 AVAST engine scan C:\Users\cheesan2000
04:49:42.616 AVAST engine scan C:\ProgramData
04:52:27.250 Disk 0 statistics 9924351/0/0 @ 0.55 MB/s
04:52:27.265 Scan finished successfully
05:36:44.998 Disk 0 MBR has been saved successfully to "C:\Users\cheesan2000\Desktop\Download\MBR.dat"
05:36:44.998 The log file has been saved successfully to "C:\Users\cheesan2000\Desktop\Download\aswMBR.txt"
AdwCleaner
Run as administrator to run the programme.
Scan.
Logfile. A log (AdwCleaner[S1].txt) will open. Briefly check the log for anything you know to be legitimate.
Clean.
Originally Posted by Juliet
