Unable to Remove Alibaba PC Safe Service | #firefox | #chrome | #microsoftedge

I have installed the Aliwangwang application to contact vendors on Taobao. I have uninstalled it via windows a few months ago, but the process kept on running in the background when I checked task manager.

I have already generated fixlogs, and the issue seems to be in the protected registry.

The addition log is too long and will be posted next.

I will greatly appreciate anyone’s help, and thank you.

2020-11-14 11:25 – 2020-11-14 11:26 _____ C:UsershizkiAppDataLocalGoogleChromeUser DataDefaultIndexedDBhttps_m.alibaba.com_0.indexeddb.leveldb

2020-11-14 22:50 – 2020-11-14 22:50 _____ C:UsershizkiAppDataLocalGoogleChromeUser DataDefaultIndexedDBhttps_sale.alibaba.com_0.indexeddb.blob

2020-11-14 22:50 – 2020-11-14 22:51 _____ C:UsershizkiAppDataLocalGoogleChromeUser DataDefaultIndexedDBhttps_sale.alibaba.com_0.indexeddb.leveldb

2020-11-14 22:50 – 2020-11-14 22:50 _____ C:UsershizkiAppDataLocalGoogleChromeUser DataDefaultIndexedDBhttps_www.alibaba.com_0.indexeddb.blob

2020-11-14 22:50 – 2020-11-14 22:51 _____ C:UsershizkiAppDataLocalGoogleChromeUser DataDefaultIndexedDBhttps_www.alibaba.com_0.indexeddb.leveldb

DeleteKey: HKEY_USERSS-1-5-21-811714995-2993444165-2323458220-1001SOFTWAREAlibaba

DeleteValue: HKEY_USERSS-1-5-21-811714995-2993444165-2323458220-1001SOFTWAREMicrosoftInternet ExplorerLow RightsElevationPolicy{48D49FCF-3CC7-4639-91CC-0346035512C6}|AppPath

DeleteValue: HKEY_USERSS-1-5-21-811714995-2993444165-2323458220-1001SOFTWAREMicrosoftInternet ExplorerLowRegistryAudioPolicyConfigPropertyStorea8f09de7_0|””

DeleteValue: HKEY_USERSS-1-5-21-811714995-2993444165-2323458220-1001SOFTWAREMicrosoftWindowsCurrentVersionExplorerFeatureUsageAppSwitched|E:AliwangwangAliIM.exe

DeleteValue: HKEY_USERSS-1-5-21-811714995-2993444165-2323458220-1001SOFTWAREMicrosoftWindows NTCurrentVersionAppCompatFlagsCompatibility AssistantStore|E:AliwangwangAliIM.exe

DeleteValue: HKEY_USERSS-1-5-21-811714995-2993444165-2323458220-1001SOFTWAREMicrosoftWindows NTCurrentVersionAppCompatFlagsCompatibility AssistantStore|E:AliwangwangUninstall.exe

DeleteValue: HKEY_USERSS-1-5-21-811714995-2993444165-2323458220-1001SOFTWAREClassesaliimShellOpenCommand|””

DeleteValue: HKEY_USERSS-1-5-21-811714995-2993444165-2323458220-1001SOFTWAREClassesLocal SettingsSoftwareMicrosoftWindowsShellMuiCache|E:Aliwangwang9.12.10Cwwcmd.exe.FriendlyAppName

DeleteValue: HKEY_USERSS-1-5-21-811714995-2993444165-2323458220-1001SOFTWAREClassesLocal SettingsSoftwareMicrosoftWindowsShellMuiCache|E:Aliwangwang9.12.10Cwwcmd.exe.ApplicationCompany

DeleteValue: HKEY_USERSS-1-5-21-811714995-2993444165-2323458220-1001SOFTWAREClassesTypeLib{258EFC18-DE50-44D2-94E8-4DE23882DF82}1.0 win32|””

DeleteValue: HKEY_USERSS-1-5-21-811714995-2993444165-2323458220-1001SOFTWAREClassesTypeLib{4438A6FC-6EC6-4093-937A-2E674C49B3E2}1.0 win32|””

DeleteValue: HKEY_USERSS-1-5-21-811714995-2993444165-2323458220-1001SOFTWAREClassesWOW6432NodeCLSID{017CE1A6-416F-4684-AE6A-02064420B30A}InprocServer32|””

DeleteValue: HKEY_USERSS-1-5-21-811714995-2993444165-2323458220-1001SOFTWAREClassesWOW6432NodeCLSID{26C3F8B0-0217-46A1-AB2D-A1B494E71402}InprocServer32|””

DeleteValue: HKEY_USERSS-1-5-21-811714995-2993444165-2323458220-1001SOFTWAREClassesWOW6432NodeCLSID{5D09DD40-CDC4-4C56-B615-0D1E3B357C2B}InprocServer32|””

DeleteValue: HKEY_USERSS-1-5-21-811714995-2993444165-2323458220-1001SOFTWAREClassesWOW6432NodeCLSID{5D09DD40-CDC4-4C56-B615-0D1E3B357C2B}ToolboxBitmap32|””

DeleteValue: HKEY_USERSS-1-5-21-811714995-2993444165-2323458220-1001SOFTWAREClassesWOW6432NodeCLSID{E81FB43C-B144-4D30-8033-C9338AA0ECB8}InprocServer32|””

DeleteValue: HKEY_USERS.DEFAULTSoftwareMicrosoftInternet ExplorerSafetyActiveXFilterExceptions|alibaba.com

DeleteValue: HKEY_USERSS-1-5-21-811714995-2993444165-2323458220-1001SOFTWAREMicrosoftInternet ExplorerSafetyActiveXFilterExceptions|alibaba.com

DeleteValue: HKEY_USERSS-1-5-21-811714995-2993444165-2323458220-1001SOFTWAREMicrosoftWindows NTCurrentVersionAppCompatFlagsCompatibility AssistantStore|C:Program Files (x86)AlibabaProtectuninstallre.exe

DeleteValue: HKEY_USERSS-1-5-21-811714995-2993444165-2323458220-1001SOFTWAREMicrosoftWindows NTCurrentVersionAppCompatFlagsCompatibility AssistantStore|C:Program Files (x86)Alibabawwbizsrvwwbizsrv.exe

DeleteValue: HKEY_USERSS-1-5-21-811714995-2993444165-2323458220-1001SOFTWAREClassesLocal SettingsSoftwareMicrosoftWindowsShellMuiCache|E:Aliwangwang9.12.10Cwwcmd.exe.ApplicationCompany

DeleteValue: HKEY_USERSS-1-5-21-811714995-2993444165-2323458220-1001SOFTWAREClassesSoftwareMicrosoftInternet ExplorerSafetyActiveXFilterExceptions|alibaba.com

Restore point was successfully created.

Processes closed successfully.

“C:UsershizkiAppDataRoamingMicrosoftWindowsRecentAliwangwang.lnk” => not found

“C:UsershizkiAppDataLocalGoogleChromeUser DataDefaultIndexedDBhttps_m.alibaba.com_0.indexeddb.leveldb” => not found

“C:UsershizkiAppDataLocalGoogleChromeUser DataDefaultIndexedDBhttps_sale.alibaba.com_0.indexeddb.blob” => not found

“C:UsershizkiAppDataLocalGoogleChromeUser DataDefaultIndexedDBhttps_sale.alibaba.com_0.indexeddb.leveldb” => not found

“C:UsershizkiAppDataLocalGoogleChromeUser DataDefaultIndexedDBhttps_www.alibaba.com_0.indexeddb.blob” => not found

“C:UsershizkiAppDataLocalGoogleChromeUser DataDefaultIndexedDBhttps_www.alibaba.com_0.indexeddb.leveldb” => not found

Could not move “C:ProgramDataAlibaba” => Scheduled to move on reboot.

HKEY_LOCAL_MACHINESOFTWAREWOW6432NodeAlibabaProtect => could not remove, key could be protected

“HKEY_USERSS-1-5-21-811714995-2993444165-2323458220-1001SOFTWAREAlibaba” => not found

“HKEY_USERSS-1-5-21-811714995-2993444165-2323458220-1001SOFTWAREMicrosoftInternet ExplorerLow RightsElevationPolicy{48D49FCF-3CC7-4639-91CC-0346035512C6}\AppPath” => not found

“HKEY_USERSS-1-5-21-811714995-2993444165-2323458220-1001SOFTWAREMicrosoftInternet ExplorerLowRegistryAudioPolicyConfigPropertyStorea8f09de7_0\” => not found

“HKEY_USERSS-1-5-21-811714995-2993444165-2323458220-1001SOFTWAREMicrosoftWindowsCurrentVersionExplorerFeatureUsageAppSwitched\E:AliwangwangAliIM.exe” => not found

“HKEY_USERSS-1-5-21-811714995-2993444165-2323458220-1001SOFTWAREMicrosoftWindows NTCurrentVersionAppCompatFlagsCompatibility AssistantStore\E:AliwangwangAliIM.exe” => not found

“HKEY_USERSS-1-5-21-811714995-2993444165-2323458220-1001SOFTWAREMicrosoftWindows NTCurrentVersionAppCompatFlagsCompatibility AssistantStore\E:AliwangwangUninstall.exe” => not found

“HKEY_USERSS-1-5-21-811714995-2993444165-2323458220-1001SOFTWAREClassesaliimShellOpenCommand\” => not found

“HKEY_USERSS-1-5-21-811714995-2993444165-2323458220-1001SOFTWAREClassesLocal SettingsSoftwareMicrosoftWindowsShellMuiCache\E:Aliwangwang9.12.10Cwwcmd.exe.FriendlyAppName” => not found

“HKEY_USERSS-1-5-21-811714995-2993444165-2323458220-1001SOFTWAREClassesLocal SettingsSoftwareMicrosoftWindowsShellMuiCache\E:Aliwangwang9.12.10Cwwcmd.exe.ApplicationCompany” => not found

“HKEY_USERSS-1-5-21-811714995-2993444165-2323458220-1001SOFTWAREClassesTypeLib{258EFC18-DE50-44D2-94E8-4DE23882DF82}1.0 win32\” => not found

“HKEY_USERSS-1-5-21-811714995-2993444165-2323458220-1001SOFTWAREClassesTypeLib{4438A6FC-6EC6-4093-937A-2E674C49B3E2}1.0 win32\” => not found

“HKEY_USERSS-1-5-21-811714995-2993444165-2323458220-1001SOFTWAREClassesWOW6432NodeCLSID{017CE1A6-416F-4684-AE6A-02064420B30A}InprocServer32\” => not found

“HKEY_USERSS-1-5-21-811714995-2993444165-2323458220-1001SOFTWAREClassesWOW6432NodeCLSID{26C3F8B0-0217-46A1-AB2D-A1B494E71402}InprocServer32\” => not found

“HKEY_USERSS-1-5-21-811714995-2993444165-2323458220-1001SOFTWAREClassesWOW6432NodeCLSID{5D09DD40-CDC4-4C56-B615-0D1E3B357C2B}InprocServer32\” => not found

“HKEY_USERSS-1-5-21-811714995-2993444165-2323458220-1001SOFTWAREClassesWOW6432NodeCLSID{5D09DD40-CDC4-4C56-B615-0D1E3B357C2B}ToolboxBitmap32\” => not found

“HKEY_USERSS-1-5-21-811714995-2993444165-2323458220-1001SOFTWAREClassesWOW6432NodeCLSID{E81FB43C-B144-4D30-8033-C9338AA0ECB8}InprocServer32\” => not found

“HKEY_USERS.DEFAULTSoftwareMicrosoftInternet ExplorerSafetyActiveXFilterExceptions\alibaba.com” => removed successfully

“HKEY_USERSS-1-5-21-811714995-2993444165-2323458220-1001SOFTWAREMicrosoftInternet ExplorerSafetyActiveXFilterExceptions\alibaba.com” => not found

“HKEY_USERSS-1-5-21-811714995-2993444165-2323458220-1001SOFTWAREMicrosoftWindows NTCurrentVersionAppCompatFlagsCompatibility AssistantStore\C:Program Files (x86)AlibabaProtectuninstallre.exe” => not found

“HKEY_USERSS-1-5-21-811714995-2993444165-2323458220-1001SOFTWAREMicrosoftWindows NTCurrentVersionAppCompatFlagsCompatibility AssistantStore\C:Program Files (x86)Alibabawwbizsrvwwbizsrv.exe” => not found

“HKEY_USERSS-1-5-21-811714995-2993444165-2323458220-1001SOFTWAREClassesLocal SettingsSoftwareMicrosoftWindowsShellMuiCache\E:Aliwangwang9.12.10Cwwcmd.exe.ApplicationCompany” => not found

“HKEY_USERSS-1-5-21-811714995-2993444165-2323458220-1001SOFTWAREClassesSoftwareMicrosoftInternet ExplorerSafetyActiveXFilterExceptions\alibaba.com” => not found

Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 14-10-2021 19:22:14)

HKEY_LOCAL_MACHINESOFTWAREWOW6432NodeAlibabaProtect => could not remove, key could be protected

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 12-10-2021

Ran by win10 (administrator) on ANDREW-PC (14-10-2021 19:17:41)

Running from F:程序文件FireFox Downloads

Loaded Profiles: win10

Platform: Microsoft Windows 10 Enterprise Version 1607 14393.2273 (X64) Language: Chinese (Simplified, China) -> English (United States)

Default browser: Chrome

Boot Mode: Normal

 

==================== Processes (Whitelisted) =================

 

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

 

() [File not signed] H:Anime ToolsqBittorrentqbittorrent.exe

(Adobe Inc. -> Adobe Systems Inc.) [File not signed] G:Program FilesAdobeAdobe AcrobatAcrobatacrotray.exe

(Alibaba (China) Network Technology Co.,Ltd. -> 阿里巴巴(中国)软件有限公司) C:Program Files (x86)AlibabaProtect1.0.23.863AlibabaProtect.exe

(Apple Inc. -> Apple Inc.) C:Program FilesCommon FilesAppleMobile Device SupportAppleMobileDeviceService.exe

(ASUSTeK Computer Inc. -> ) C:Program Files (x86)LightingService1.00.39AsRogAuraGpuDllServer.exe

(ASUSTeK Computer Inc. -> ASUSTeK Computer Inc.) C:Program Files (x86)ASUSAXSP4.00.01atkexComSvc.exe

(Binary Fortress Software Ltd -> Binary Fortress Software) F:Program FilesTrayStatusTrayStatus.exe

(EXPRSVPN LLC -> ExpressVPN) C:Program Files (x86)ExpressVPNbootstrapamd64nssm.exe

(EXPRSVPN LLC -> ExpressVPN) C:Program Files (x86)ExpressVPNexpressvpndexpressvpn-browser-helper.exe

(EXPRSVPN LLC -> ExpressVPN) C:Program Files (x86)ExpressVPNexpressvpndexpressvpnd.exe

(Flexera Software LLC -> Flexera) C:Program Files (x86)Common FilesMacrovision SharedFlexNet PublisherFNPLicensingService.exe

(Flexera Software LLC -> Flexera) C:Program FilesCommon FilesMacrovision SharedFlexNet PublisherFNPLicensingService64.exe

(Google LLC -> Google LLC) C:Program Files (x86)GoogleChromeApplicationchrome.exe <26>

(Google LLC -> Google LLC) C:Program Files (x86)GoogleUpdate1.3.36.112GoogleCrashHandler.exe

(Google LLC -> Google LLC) C:Program Files (x86)GoogleUpdate1.3.36.112GoogleCrashHandler64.exe

(Mentor Graphics Corporation -> Mentor Graphics Corporation) E:Program FilesSOLIDWORKS CorpSOLIDWORKS Flow SimulationbinCFWdispatcher.exe

(Mentor Graphics Corporation -> Mentor Graphics Corporation) E:Program FilesSOLIDWORKS CorpSOLIDWORKS Flow SimulationbinCFWremotesolverdispatcherservice.exe

(Microsoft Corporation -> Microsoft Corporation) C:Program Files (x86)Common FilesMicrosoft SharedPhone ToolsCoreCon11.0binIpOverUsbSvc.exe

(Microsoft Corporation -> Microsoft Corporation) C:Program Files (x86)Microsoft SQL Server90Sharedsqlbrowser.exe

(Microsoft Corporation -> Microsoft Corporation) C:Program FilesCommon Filesmicrosoft sharedClickToRunOfficeClickToRun.exe

(Microsoft Corporation -> Microsoft Corporation) C:Program FilesMicrosoft OfficerootOffice16ONENOTEM.EXE

(Microsoft Corporation -> Microsoft Corporation) C:Program FilesMicrosoft SQL Server90Sharedsqlwriter.exe

(Microsoft Windows -> Microsoft Corporation) C:WindowsSystem32cmd.exe

(Microsoft Windows -> Microsoft Corporation) C:WindowsSystem32dllhost.exe <3>

(Microsoft Windows -> Microsoft Corporation) C:WindowsSystem32InputMethodCHSChsIME.exe

(Microsoft Windows -> Microsoft Corporation) C:WindowsSystem32wbemWMIADAP.exe

(Microsoft Windows -> Microsoft® Windows® Operating System) C:WindowsSystem32Taskmgr.exe

(Microsoft Windows Hardware Compatibility Publisher -> Windows ® Win 7 DDK provider) C:WindowsSystem32driversAdminService.exe

(Qualcomm Atheros -> Qualcomm Technologies Inc.) C:WindowsSystem32driversQcomWlanSrvx64.exe

(Razer USA Ltd. -> Razer Inc.) C:Program Files (x86)Razer Chroma SDKbinRzSDKServer.exe

(Razer USA Ltd. -> Razer Inc.) C:Program Files (x86)Razer Chroma SDKbinRzSDKService.exe

(Razer USA Ltd. -> Razer Inc.) C:Program Files (x86)RazerSynapseRzSynapse.exe

(TAOBAO (CHINA) SOFTWARE CO.,LTD. -> Alibaba Group) C:Program Files (x86)Alibabawwbizsrvwwbizsrv.exe

(Tencent Technology(Shenzhen) Company Limited -> Tencent) C:Program Files (x86)Common FilesTencentQQProtectBinQQProtect.exe

 

==================== Registry (Whitelisted) ===================

 

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

 

HKLM-x32…Run: [] => [X]

HKLM-x32…Run: [Razer Synapse] => C:Program Files (x86)RazerSynapseRzSynapse.exe [601784 2020-05-13] (Razer USA Ltd. -> Razer Inc.)

HKLM-x32…Run: [Adobe Creative Cloud] => C:Program Files (x86)AdobeAdobe Creative CloudACCCreative Cloud.exe [2409424 2018-04-24] (Adobe Systems Incorporated -> Adobe Systems Incorporated)

HKLM-x32…Run: [Acrobat Assistant 8.0] => G:Program FilesAdobeAdobe AcrobatAcrobatAcrotray.exe [5007408 2019-08-01] (Adobe Inc. -> Adobe Systems Inc.) [File not signed]

HKLM-x32…Run: [SunJavaUpdateSched] => C:Program Files (x86)Common FilesJavaJava Updatejusched.exe [710264 2020-06-18] (Oracle America, Inc. -> Oracle Corporation)

HKLM-x32…Run: [LogMeIn Hamachi Ui] => G:Program FilesLogMeIn Hamachihamachi-2-ui.exe [5890504 2019-04-02] (LogMeIn, Inc. -> LogMeIn Inc.)

HKLM-x32…Run: [ExpressVPNNotificationService] => C:Program Files (x86)ExpressVPNexpressvpn-uiExpressVPNNotificationServiceStarter.exe [370088 2021-09-21] (EXPRSVPN LLC -> ExpressVPN)

HKLMSOFTWAREPoliciesMicrosoftWindows Defender: Restriction <==== ATTENTION

HKUS-1-5-21-2243823886-1026449666-483798452-1001…Run: [com.squirrel.Teams.Teams] => C:Userswin10AppDataLocalMicrosoftTeamsUpdate.exe [2455256 2021-10-10] (Microsoft 3rd Party Application Component -> Microsoft Corporation)

HKUS-1-5-21-2243823886-1026449666-483798452-1001…Run: [vibranceGUI] => F:程序文件FireFox DownloadsvibranceGUIvibranceGUI.exe [797184 2017-06-09] (juvlarN) [File not signed]

HKUS-1-5-21-2243823886-1026449666-483798452-1001…Run: [TortoiseSVN Monitor] => C:Program FilesTortoiseSVNbinTortoiseProc.exe /tray

HKUS-1-5-21-2243823886-1026449666-483798452-1001…Run: [Gaijin.Net Agent] => “C:Userswin10AppDataLocalGaijinProgram Files (x86)NetAgentgjagent.exe”

HKUS-1-5-21-2243823886-1026449666-483798452-1001…Run: [YYAssistant] => C:Program Files (x86)duowanyy8.46.0.0\yyassistant.exe

HKUS-1-5-21-2243823886-1026449666-483798452-1001…Run: [Akamai NetSession Interface] => C:Userswin10AppDataLocalAkamainetsession_win.exe [4586456 2018-04-17] (Akamai Technologies, Inc. -> Akamai Technologies, Inc.)

HKUS-1-5-21-2243823886-1026449666-483798452-1001…Run: [BaiduYunDetect] => F:程序文件BaiduNetdiskYunDetectService.exe [1132536 2021-03-17] (Beijing Duyou Science and Technology Co.,Ltd. -> )

HKUS-1-5-21-2243823886-1026449666-483798452-1001…Run: [NIRegistrationWizard] => G:Program FilesNational InstrumentsSharedRegistrationWizardBinRegistrationWizard.exe -autoDiscover 1 -displayIfNoneFound 0 -displayRegisterOptions 1 -sleepIfNoneFound 0 -locale 2052

HKUS-1-5-21-2243823886-1026449666-483798452-1001…Run: [qBittorrent] => H:Anime ToolsqBittorrentqbittorrent.exe [25497088 2020-04-23] () [File not signed]

HKUS-1-5-21-2243823886-1026449666-483798452-1001…Run: [Skype for Desktop] => C:Program Files (x86)MicrosoftSkype for DesktopSkype.exe [91701608 2020-07-30] (Skype Software Sarl -> Skype Technologies S.A.)

HKUS-1-5-21-2243823886-1026449666-483798452-1001…Run: [TabletDriver] => G:Program FilesHuion Tabletx64TabletDriverCore.exe [321256 2020-06-29] (Shenzhen Huion Animation Technology Co.,LTD -> )

HKUS-1-5-21-2243823886-1026449666-483798452-1001…Run: [TrayStatus] => F:Program FilesTrayStatusTrayStatus.exe [4446656 2021-05-03] (Binary Fortress Software Ltd -> Binary Fortress Software)

HKLM…PrintMonitorsAdobe PDF Port Monitor: C:Windowssystem32AdobePDF.dll [65096 2019-08-01] (Adobe Systems, Incorporated -> Adobe Systems Inc)

HKLMSoftwareMicrosoftActive SetupInstalled Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:Program Files (x86)GoogleChromeApplication94.0.4606.81Installerchrmstp.exe [2021-10-13] (Google LLC -> Google LLC)

IFEOLogTransport2.exe: [Debugger] 0

Startup: C:ProgramDataMicrosoftWindowsStart MenuProgramsStartupHuion Tablet.lnk [2021-01-28]

ShortcutTarget: Huion Tablet.lnk -> G:Program FilesHuion TabletHuion Tablet.exe (Shenzhen Huion Animation Technology Co.,LTD -> )

Startup: C:ProgramDataMicrosoftWindowsStart MenuProgramsStartupSOLIDWORKS 2021 Fast Start.lnk [2021-06-14]

ShortcutTarget: SOLIDWORKS 2021 Fast Start.lnk -> C:WindowsInstaller{9C0A2571-4AAE-4FEE-B673-038B38B85EFC}NewShortcut2_87EDF6C81D0A4B7B84F42FE0C6A9D608.exe (Flexera) [File not signed]

Startup: C:Userswin10AppDataRoamingMicrosoftWindowsStart MenuProgramsStartupMEGAsync.lnk [2020-12-19]

ShortcutTarget: MEGAsync.lnk -> C:Userswin10AppDataLocalMEGAsyncMEGAsync.exe (Mega Limited -> Mega Limited)

Startup: C:Userswin10AppDataRoamingMicrosoftWindowsStart MenuProgramsStartupSend to OneNote.lnk [2021-10-10]

ShortcutTarget: Send to OneNote.lnk -> C:Program FilesMicrosoft OfficerootOffice16ONENOTEM.EXE (Microsoft Corporation -> Microsoft Corporation)

Startup: C:Userswin10AppDataRoamingMicrosoftWindowsStart MenuProgramsStartup发送至 OneNote.lnk [2021-08-30]

ShortcutTarget: 发送至 OneNote.lnk -> C:Program FilesMicrosoft OfficerootOffice16ONENOTEM.EXE (Microsoft Corporation -> Microsoft Corporation)

GroupPolicy: Restriction ? <==== ATTENTION

Policies: C:ProgramDataNTUSER.pol: Restriction <==== ATTENTION

 

==================== Scheduled Tasks (Whitelisted) ============

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

Task: {0384B976-9E4B-4C4F-83E8-4BF076CDDA5F} – System32TasksGoogleUpdateTaskMachineUA => C:Program Files (x86)GoogleUpdateGoogleUpdate.exe [156456 2019-04-06] (Google Inc -> Google LLC)

Task: {0AA88BD2-C54F-4488-A838-88D755250A17} – System32TasksMATLAB R2014a 启动加速器 => F:Program FilesMATLABR2014abinwin64MATLABStartupAccelerator.exe

Task: {1118DF1D-36FA-4EFD-96DD-646D38A8210B} – System32TasksAppleAppleSoftwareUpdate => C:Program Files (x86)Apple Software UpdateSoftwareUpdate.exe [616832 2019-09-04] (Apple Inc. -> Apple Inc.)

Task: {1382A885-4C80-4D2D-A118-322C45B9F880} – System32TasksAdobe Acrobat Update Task => C:Program Files (x86)Common FilesAdobeARM1.0AdobeARM.exe

Task: {16DEA092-FB0C-40D0-AE20-0536BECC21D9} – System32TasksMicrosoftWindowsEDPEDP App Launch Task => {35EF4182-F900-4632-B072-8639E4478A61}

Task: {1B65DD58-D16B-45E8-BEB4-94D7E4D64DF7} – System32TasksMicrosoftWindowsEDPEDP Auth Task => {35EF4182-F900-4632-B072-8639E4478A61}

Task: {1C65BD0E-7DDC-4DC7-840E-1835965258DF} – System32TasksMeLogo_{67679FCB-7ECA-4db5-B5AE-E6B4E178D0BA} => C:Userswin10AppDataRoamingduowanyygamestoreMini3.6.0.4me.exe

Task: {22CB046C-182D-45F6-A918-859361BD2A11} – System32TasksHuanjuGameUpdate => C:Userswin10AppDataRoamingduowanyygamepopupbinhjGameUpdate.exe

Task: {279FD7B7-04D9-46B8-B13A-60242360DF9A} – System32Tasksyyplayer.exe => C:Userswin10AppDataRoamingduowanyygamestoreMini3.6.0.4yyplayer.exe

Task: {28B56E7D-4430-4290-8CFB-58A2358BA805} – System32TasksMicrosoftOfficeOffice Feature Updates => C:Program FilesMicrosoft OfficerootOffice16sdxhelper.exe [134488 2021-10-09] (Microsoft Corporation -> Microsoft Corporation)

Task: {2AACA42E-7591-48B5-B771-222078906F03} – System32TasksViGEmBusUpdater => C:Program FilesNefarius Software SolutionsViGEm Bus DriverViGEmBusUpdater.exe [901144 2019-05-10] (Nefarius Software Solutions e.U. -> Nefarius Software Solutions e.U.)

Task: {30AF064E-6835-4100-BD95-352675AE1C5F} – System32TasksBlueStacksHelper_nxt => C:Program FilesBlueStacks_nxtBlueStacksHelper.exe [275136 2021-08-12] (Bluestack Systems, Inc -> BlueStack Systems, Inc.)

Task: {3F52DC66-A71F-4A1A-A652-F29D3B0A22E9} – System32TasksAliUpdater{D3F2D754-2208-4931-AE76-F53B9378C908} => F:程序文件AliWangWangAliTask.exe

Task: {413CB625-E8AB-4AEF-8E54-D2B97B89738E} – System32TasksMicrosoftOfficeOffice Feature Updates Logon => C:Program FilesMicrosoft OfficerootOffice16sdxhelper.exe [134488 2021-10-09] (Microsoft Corporation -> Microsoft Corporation)

Task: {4617832C-E047-4102-95A8-40AC2F03F45C} – System32TasksASUSAsRogAuraGpuDllServer => C:Program Files (x86)LightingService1.00.39AsRogAuraGpuDllServer.exe [280536 2018-02-06] (ASUSTeK Computer Inc. -> )

Task: {46C5D836-8F74-4A8A-A616-C64594EDC7DD} – System32TasksMicrosoftVisualStudioUpdatesBackgroundDownload => C:Program Files (x86)Microsoft Visual StudioInstallerresourcesappServiceHubServicesMicrosoft.VisualStudio.Setup.ServiceBackgroundDownload.exe [64936 2021-04-23] (Microsoft Corporation -> Microsoft)

Task: {4B2FC121-EDC2-4AAF-B199-62D881ABF4F0} – System32TasksMicrosoftWindowsErrorDetailsErrorDetailsUpdate => {9CDA66BE-3271-4723-8D35-DD834C58AD92} C:WindowsSystem32ErrorDetailsUpdate.dll [72704 2018-04-28] (Microsoft Windows -> Microsoft Corporation)

Task: {4CA63951-FA4B-4AC1-BB44-121E0D8A2AF4} – System32TasksMicrosoftOfficeOffice Automatic Updates 2.0 => C:Program FilesCommon FilesMicrosoft SharedClickToRunOfficeC2RClient.exe [21976976 2021-09-25] (Microsoft Corporation -> Microsoft Corporation)

Task: {5A86B255-88F9-4CDC-8F61-7346F6D18E1F} – System32Tasksgsrun.exe => C:Userswin10AppDataRoamingduowanyygamestoreMini3.6.0.4gsrun.exe

Task: {612819C7-D35C-4DE0-BBEA-4F1463C0B950} – System32TasksWIN_KMS_ALL => C:Userswin10AppDataLocalwinsysKMS_VL_ALLrun.cmd 0

Task: {639B2EEF-9741-45EF-865C-8517B34230AB} – System32TasksMicrosoftWindowsErrorDetailsEnableErrorDetailsUpdate => {FE285C8C-5360-41C1-A700-045501C740DE} C:WindowsSystem32ErrorDetailsUpdate.dll [72704 2018-04-28] (Microsoft Windows -> Microsoft Corporation)

Task: {68EC0520-C623-4048-9EAC-F5368A60CDA3} – System32TasksGoogleUpdateTaskMachineCore => C:Program Files (x86)GoogleUpdateGoogleUpdate.exe [156456 2019-04-06] (Google Inc -> Google LLC)

Task: {929FC9DF-3CF3-4FF0-9690-81BE20A9B9D1} – System32TasksMicrosoftOfficeOffice ClickToRun Service Monitor => C:Program FilesCommon FilesMicrosoft SharedClickToRunOfficeC2RClient.exe [21976976 2021-09-25] (Microsoft Corporation -> Microsoft Corporation)

Task: {9D4747C4-4D05-4951-888D-002671561E30} – System32TasksMATLAB R2021a Startup Accelerator => E:Program FilesMATLABR2021abinwin64MATLABStartupAccelerator.exe [51200 2020-11-15] () [File not signed]

Task: {A9B08D6A-7CF6-4F4B-8618-2D5B028783E5} – System32TasksNvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:Program FilesNVIDIA CorporationUpdate CoreNvProfileUpdater64.exe [905072 2021-06-09] (NVIDIA Corporation -> NVIDIA Corporation)

Task: {AC292159-13BC-40C7-84AE-4340341E7A5A} – System32TasksSOLIDWORKS Electrical Archiver => E:Program FilesSOLIDWORKS CorpSOLIDWORKS ElectricalbinEwEnvironmentArchiverewenvironmentarchiver.exe [275912 2021-03-27] (Dassault Systemes SolidWorks Corp. -> Dassault Systèmes SolidWorks Corporation)

Task: {AF74D1F3-D7EF-44EA-968C-1C2F394D01F6} – System32TasksGit for Windows Updater => G:Program FilesGitgit-bash.exe [137232 2021-08-24] (Johannes Schindelin -> The Git Development Community)

Task: {B391F808-F5FE-411D-B1B7-F90A860522C3} – System32TasksMicrosoftWindows LiveSOXEExtractor Definitions Update Task => {3519154C-227E-47F3-9CC9-12C3F05817F1}

Task: {C57CEE49-5CA5-4CEF-8899-2046DEA9D29A} – System32Tasksyygamestore.exe => C:Userswin10AppDataRoamingduowanyygamestoreMini3.6.0.4yygamestore.exe

Task: {D89D66AB-0503-4ABF-B50C-58B0F90BACA6} – System32TasksNIUpdateServiceStartupTask => G:Program FilesNational InstrumentsSharedUpdate ServiceNIUpdateService.exe

Task: {DF942F38-F1E1-424A-AF5F-AE3ED5BCEC83} – System32Tasksme.exe => C:Userswin10AppDataRoamingduowanyygamestoreMini3.6.0.4me.exe

Task: {E2008AB9-D3D0-4BCB-9E66-DFA8B1AEC47D} – System32TasksTSUpd4 => F:程序文件iTools 4TSUpd4.exe [166912 2019-02-11] (Shenzhen Thinksky Technology Co.,Ltd -> )

Task: {E2169498-F4C0-4ED4-ADA0-DD39B5B03C5B} – System32TasksMEGAMEGAsync Update Task S-1-5-21-2243823886-1026449666-483798452-1001 => C:Userswin10AppDataLocalMEGAsyncMEGAupdater.exe [1820848 2021-07-15] (Mega Limited -> Mega Limited)

Task: {E2D653E3-1A2C-4C3B-A256-C13092D69DC0} – System32TasksNvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:Program FilesNVIDIA CorporationUpdate CoreNvProfileUpdater64.exe [905072 2021-06-09] (NVIDIA Corporation -> NVIDIA Corporation)

Task: {E9C9FA5A-1739-4003-A708-7FB0686531F0} – System32TasksAdobeAAMUpdater-1.0-DESKTOP-76DKPUH-win10 => C:Program Files (x86)Common FilesAdobeOOBEPDAppUWAUpdaterStartupUtility.exe [509936 2018-04-11] (Adobe Systems Incorporated -> Adobe Systems Incorporated)

Task: {EADEA930-129B-434E-8557-7B865B779514} – System32TasksAdobeGCInvoker-1.0 => C:Program Files (x86)Common FilesAdobeAdobeGCClientAGCInvokerUtility.exe [3412680 2021-02-17] (Adobe Inc. -> Adobe Systems, Incorporated)

Task: {F30E4105-23D2-4CE3-A8DD-9161D3E6AADC} – System32TasksAutoPico Daily Restart => F:程序文件KMSpicoAutoPico.exe [745664 2016-01-12] (@ByELDI -> @ByELDI) [File not signed]

 

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

 

Task: C:WindowsTasksAliUpdater{D3F2D754-2208-4931-AE76-F53B9378C908}.job => F:程序文件AliWangWangAliTask.exe

Task: C:WindowsTasksHuanjuGameUpdate.job => C:Userswin10AppDataRoamingduowanyygamepopupbinhjGameUpdate.exe

Task: C:WindowsTasksMATLAB R2014a 启动加速器.job => F:Program FilesMATLABR2014abinwin64MATLABStartupAccelerator.exe

Task: C:WindowsTasksMATLAB R2021a Startup Accelerator.job => E:Program FilesMATLABR2021abinwin64MATLABStartupAccelerator.exe

Task: C:WindowsTasksSOLIDWORKS Electrical Archiver.job => E:Program FilesSOLIDWORKS CorpSOLIDWORKS ElectricalbinEwEnvironmentArchiverewenvironmentarchiver.exe

Task: C:WindowsTasksTSUpd4.job => F:程序文件iTools 4TSUpd4.exe

 

==================== Internet (Whitelisted) ====================

 

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

 

Winsock: Catalog5 07 C:Program Files (x86)BonjourmdnsNSP.dll [122128 2015-08-12] (Apple Inc. -> Apple Inc.)

Winsock: Catalog5 09 G:Program FilesNational InstrumentsSharedmDNS RespondernimdnsNSP.dll [35448 2017-03-08] (National Instruments Corporation -> National Instruments Corporation)

Winsock: Catalog5-x64 07 C:Program FilesBonjourmdnsNSP.dll [133392 2015-08-12] (Apple Inc. -> Apple Inc.)

Winsock: Catalog5-x64 09 C:Program FilesNational InstrumentsSharedmDNS RespondernimdnsNSP.dll [38520 2017-03-08] (National Instruments Corporation -> National Instruments Corporation)

Hosts: 139.196.199.157 vip.codedeception.com

TcpipParameters: [DhcpNameServer] 192.168.50.1

Tcpip..Interfaces{a162f058-b44c-4859-98e6-e4a0c9687bab}: [DhcpNameServer] 192.168.50.1

Tcpip..Interfaces{c660c4ec-829c-4fc3-91f7-681e298800df}: [NameServer] 10.196.0.1

 

Edge: 

=======

DownloadDir: C:Userswin10Downloads

 

FireFox:

========

FF DefaultProfile: ktzp4mi4.default

FF ProfilePath: C:Userswin10AppDataRoamingMozillaFirefoxProfilesktzp4mi4.default [2019-12-26]

FF DownloadDir: F:程序文件FireFox Downloads

FF Homepage: MozillaFirefoxProfilesktzp4mi4.default -> myschool.dulwich-beijing.cn

FF Notifications: MozillaFirefoxProfilesktzp4mi4.default -> hxxps://www.faceit.com; hxxps://www.youtube.com

FF Extension: (Addons Manager) – C:Userswin10AppDataRoamingMozillaFirefoxProfilesktzp4mi4.defaultExtensionscpmanager@mozillaonline.com.xpi [2019-12-20] [UpdateUrl:hxxps://addons.firefox.com.cn/chinaedition/addons/updates.json?reqVersion=%REQ_VERSION%&id=%ITEM_ID%&version=%ITEM_VERSION%&maxAppVersion=%ITEM_MAXAPPVERSION%&status=%ITEM_STATUS%&appID=%APP_ID%&appVersion=%APP_VERSION%&appOS=%APP_OS%&appABI=%APP_ABI%&locale=%APP_LOCALE%&currentAppVersion=%CURRENT_APP_VERSION%&updateType=%UPDATE_TYPE%&compatMode=%COMPATIBILITY_MODE%]

FF Extension: (ExpressVPN: VPN proxy to unblock everything) – C:Userswin10AppDataRoamingMozillaFirefoxProfilesktzp4mi4.defaultExtensionsfirefox-addon@expressvpn.com.xpi [2019-11-29]

FF HKLM…FirefoxExtensions: [web2pdfextension.17@acrobat.adobe.com] – G:Program FilesAdobeAdobe AcrobatAcrobatBrowserWCFirefoxExtnWebExtnsigned_extnadobe_acrobat-1.0-windows.xpi

FF Extension: (Adobe Acrobat) – G:Program FilesAdobeAdobe AcrobatAcrobatBrowserWCFirefoxExtnWebExtnsigned_extnadobe_acrobat-1.0-windows.xpi [2019-07-31]

FF HKLM-x32…FirefoxExtensions: [web2pdfextension.17@acrobat.adobe.com] – G:Program FilesAdobeAdobe AcrobatAcrobatBrowserWCFirefoxExtnWebExtnsigned_extnadobe_acrobat-1.0-windows.xpi

FF Plugin: 3ds.com/ComposerPlayerWebPlugin_x86_64 -> E:Program FilesSOLIDWORKS CorpSOLIDWORKS ComposerBinnpcomposerplayerwebplugin.dll [2021-03-27] (DASSAULT SYSTEMES SE -> Dassault Systemes)

FF Plugin: @adobe.com/FlashPlayer -> C:Windowssystem32MacromedFlashNPSWF64_25_0_0_171.dll [2017-05-26] (Adobe Systems Incorporated -> )

FF Plugin: @java.com/DTPlugin,version=11.261.2 -> C:Program FilesJavajre1.8.0_261bindtpluginnpDeployJava1.dll [2020-07-29] (Oracle America, Inc. -> Oracle Corporation)

FF Plugin: @java.com/JavaPlugin,version=11.261.2 -> C:Program FilesJavajre1.8.0_261binplugin2npjp2.dll [2020-07-29] (Oracle America, Inc. -> Oracle Corporation)

FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:Program FilesMicrosoft Silverlight5.1.50918.0npctrl.dll [2018-10-23] (Microsoft Corporation ->  Microsoft Corporation)

FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:Program FilesMicrosoft OfficerootOffice16NPSPWRAP.DLL [2021-05-28] (Microsoft Corporation -> Microsoft Corporation)

FF Plugin: adobe.com/AdobeAAMDetect -> C:Program Files (x86)AdobeAdobe Creative CloudUtilsnpAdobeAAMDetect64.dll [2018-04-24] (Adobe Systems Incorporated -> Adobe Systems)

FF Plugin-x32: 3ds.com/ComposerPlayerWebPlugin -> E:Program FilesSOLIDWORKS CorpSOLIDWORKS ComposerBinx86npcomposerplayerwebplugin.dll [2021-03-27] (DASSAULT SYSTEMES SE -> Dassault Systemes)

FF Plugin-x32: 3ds.com/ComposerPlayerWebPlugin_x86_64 -> \devsilo1buildssw2021_sp03swReleasex64d210326.009.BGS.finalcomposerBinnpcomposerplayerwebplugin.dll [No File]

FF Plugin-x32: @adobe.com/FlashPlayer -> C:WindowsSysWOW64MacromedFlashNPSWF32_25_0_0_171.dll [2017-05-26] (Adobe Systems Incorporated -> )

FF Plugin-x32: @alipay.com/npaliedit -> C:Program Files (x86)alipayaliedit4.0.0.101npaliedit.dll [2015-03-24] (Alipay.com Co.,Ltd -> Alipay.com co.,ltd)

FF Plugin-x32: @alipay.com/npAliSecCtrl -> C:Program Files (x86)alipayaliedit4.0.0.101npAliSecCtrl.dll [2015-03-24] (Alipay.com Co.,Ltd -> Alipay.com Inc.)

FF Plugin-x32: @baidu.com/YunWebDetectPlugin -> F:程序文件BaiduNetdisknpYunWebDetect.dll [2021-03-17] (Beijing Duyou Science and Technology Co.,Ltd. -> Baidu.com, Inc.)

FF Plugin-x32: @java.com/DTPlugin,version=11.261.2 -> C:Program Files (x86)Javajre1.8.0_261bindtpluginnpDeployJava1.dll [2020-07-29] (Oracle America, Inc. -> Oracle Corporation)

FF Plugin-x32: @java.com/JavaPlugin,version=11.261.2 -> C:Program Files (x86)Javajre1.8.0_261binplugin2npjp2.dll [2020-07-29] (Oracle America, Inc. -> Oracle Corporation)

FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:Program Files (x86)Microsoft Silverlight5.1.50918.0npctrl.dll [2018-10-23] (Microsoft Corporation ->  Microsoft Corporation)

FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:Program FilesMicrosoft OfficerootVFSProgramFilesX86Microsoft OfficeOffice16NPSPWRAP.DLL [2021-06-01] (Microsoft Corporation -> Microsoft Corporation)

FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:Program Files (x86)Windows LivePhoto GalleryNPWLPG.dll [2014-03-31] (Microsoft Corporation -> Microsoft Corporation)

FF Plugin-x32: @qq.com/npqscall -> C:Program Files (x86)Common FilesTencentNpchromenpactivex.dll [2021-08-27] (Tencent Technology(Shenzhen) Company Limited -> Tencent)

FF Plugin-x32: @qq.com/QQMiniDLPlugin -> C:Program Files (x86)Common FilesTencentQQMiniDL60BrowsernpXFMiniDLPlugin.dll [2014-04-25] (Tencent Technology(Shenzhen) Company Limited -> Tencent Technology (Shenzhen) Company Limited)

FF Plugin-x32: @qq.com/QQPhotoDrawEx -> C:Program Files (x86)TencentQzonenpQQPhotoDrawEx.dll [2013-08-13] (Tencent Technology(Shenzhen) Company Limited -> )

FF Plugin-x32: @qq.com/QzoneMusic -> C:Program Files (x86)TencentQzoneMusicnpQzoneMusic.dll [2016-02-26] (Tencent Technology(Shenzhen) Company Limited -> Tencent)

FF Plugin-x32: @qq.com/TXSSO -> C:Program Files (x86)Common FilesTencentTXSSO1.2.5.16BinnpSSOAxCtrlForPTLogin.dll [2017-05-18] (Tencent Technology(Shenzhen) Company Limited -> Tencent)

FF Plugin-x32: @qq.com/WeSingBS -> C:Program Files (x86)TencentWeSingBSWeSingBS1150.19.55.47npWeSingBS.dll [2016-08-03] (Tencent Technology(Shenzhen) Company Limited -> Tencent)

FF Plugin-x32: @tencent.com/npQQMailWebKit,version=1.0.0.1 -> C:Program Files (x86)QQMailPluginnpQQMailWebKit.dll [2013-04-25] (Tencent Technology(Shenzhen) Company Limited -> Tencent)

FF Plugin-x32: @tencent.com/nptxftnWebKit,version=1.0.0.1 -> C:Program Files (x86)QQMailPluginnptxftnWebKit.dll [2013-04-08] (Tencent Technology (Shenzhen) Company Limited) [File not signed]

FF Plugin-x32: @videolan.org/vlc,version=2.2.6 -> F:程序文件VLCnpvlc.dll [2017-05-24] (VideoLAN -> VideoLAN)

FF Plugin-x32: @xunlei.com/DapCtrl -> C:UsersPublicThunder NetworkXMP5AddinsnpDapCtrl.dll [2016-11-15] (深圳市迅雷网络技术有限公司 -> ShenZhen Thunder Networking Technologies Ltd.)

FF Plugin-x32: @xunlei.com/DapCtrlPlugin -> C:Program Files (x86)Common FilesThunder NetworkKanKannpDapCtrlFirefox.2.0.5901.12.(701).dll [2009-12-29] (ShenZhen Thunder Networking Technologies Ltd. -> ShenZhen Thunder Networking Technologies Ltd.)

FF Plugin-x32: @xunlei.com/npaplayer -> C:UsersPublicThunder NetworkAPlayercodecsnpaplayer.dll [2013-07-06] (ShenZhen Thunder Networking Technologies, LTD) [File not signed]

FF Plugin-x32: @xunlei.com/npxluser -> C:Program Files (x86)Common FilesThunder NetworkUserAgentnpxluser2.0.2.3.dll [2020-01-10] (ShenZhen Thunder Networking Technologies Ltd. -> Thunder Networking Technologies,LTD)

FF Plugin-x32: Adobe Acrobat -> G:Program FilesAdobeAdobe AcrobatAcrobatAirnppdf32.dll [2019-08-01] (Adobe Inc. -> Adobe Systems Inc.)

FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:Program Files (x86)AdobeAdobe Creative CloudUtilsnpAdobeAAMDetect32.dll [2018-04-24] (Adobe Systems Incorporated -> Adobe Systems)

FF Plugin HKUS-1-5-21-2243823886-1026449666-483798452-1001: @1.qq.com/npqqwebgame -> C:Userswin10AppDataRoamingTencentWebGamePlugin1.0.4.3npqqwebgame.dll [2015-10-20] (Tencent Technology(Shenzhen) Company Limited -> )

FF Plugin HKUS-1-5-21-2243823886-1026449666-483798452-1001: @alipay.com/npalicert -> C:Userswin10AppDataRoamingalipaycfnpalicdo.dll [2014-10-21] (Alipay.com Co.,Ltd -> alipay.com)

FF Plugin HKUS-1-5-21-2243823886-1026449666-483798452-1001: @xunlei.com/npxluser -> C:Program Files (x86)Common FilesThunder NetworkUserAgentnpxluser2.0.2.3.dll [2020-01-10] (ShenZhen Thunder Networking Technologies Ltd. -> Thunder Networking Technologies,LTD)

FF Plugin HKUS-1-5-21-2243823886-1026449666-483798452-1001: @zhumu.me/ZhumuMeetingsPlugin -> C:Userswin10AppDataRoamingZhumu Cloud Meetingsbinnpzhumuplugin.dll [2019-08-16] (随锐科技股份有限公司 -> SUIRUI Co., Ltd.)

FF Plugin HKUS-1-5-21-2243823886-1026449666-483798452-1001: duowan.com/Checker -> C:Program Files (x86)Common FilesduowanyyYYSSO1.0.0.8npChecker.dll [2017-05-28] (YY Inc. -> 广州多玩信息技术有限公司)

 

Chrome: 

=======

CHR DefaultProfile: Default

CHR Profile: C:Userswin10AppDataLocalGoogleChromeUser DataDefault [2021-10-14]

CHR DownloadDir: F:程序文件FireFox Downloads

CHR Notifications: Default -> hxxps://inclowdz.wondershare.com

CHR NewTab: Default ->  Active:”chrome-extension://laookkfknpbbblfpciffpaejjkokdgca/dashboard.html”

CHR Extension: (Slides) – C:Userswin10AppDataLocalGoogleChromeUser DataDefaultExtensionsaapocclcgogkmnckokdopfmhonfmgoek [2019-04-06]

CHR Extension: (Just Black) – C:Userswin10AppDataLocalGoogleChromeUser DataDefaultExtensionsaghfnjkcakhmadgdomlmlhhaocbkloab [2021-05-18]

CHR Extension: (Docs) – C:Userswin10AppDataLocalGoogleChromeUser DataDefaultExtensionsaohghmighlieiainnegkcijnfilokake [2019-04-06]

CHR Extension: (Google Drive) – C:Userswin10AppDataLocalGoogleChromeUser DataDefaultExtensionsapdfllckaahabafndbhieahigkjlhalf [2020-10-26]

CHR Extension: (YouTube) – C:Userswin10AppDataLocalGoogleChromeUser DataDefaultExtensionsblpcfgokakmgnkcojhhkbfbldkacnbeo [2019-04-06]

CHR Extension: (Social Blade) – C:Userswin10AppDataLocalGoogleChromeUser DataDefaultExtensionscfidkbgamfhdgmedldkagjopnbobdmdn [2021-06-05] [UpdateUrl:hxxps://addon.socialblade.com/updates.json] <==== ATTENTION

CHR Extension: (uBlock Origin) – C:Userswin10AppDataLocalGoogleChromeUser DataDefaultExtensionscjpalhdlnbpafiamejdnhcphjbkeiagm [2021-10-09]

CHR Extension: (Slate) – C:Userswin10AppDataLocalGoogleChromeUser DataDefaultExtensionscmhmcmgkegfffbbfobhjpdbimgmoohap [2021-05-18]

CHR Extension: (Tampermonkey) – C:Userswin10AppDataLocalGoogleChromeUser DataDefaultExtensionsdhdgffkkebhmkfjojejmpbldmpobfkfo [2021-10-08]

CHR Extension: (Adobe Acrobat) – C:Userswin10AppDataLocalGoogleChromeUser DataDefaultExtensionsefaidnbmnnnibpcajpcglclefindmkaj [2021-08-14]

CHR Extension: (Sheets) – C:Userswin10AppDataLocalGoogleChromeUser DataDefaultExtensionsfelcaaldnbdncclmgdcncolpebgiejap [2019-04-06]

CHR Extension: (ExpressVPN: VPN proxy for a better internet) – C:Userswin10AppDataLocalGoogleChromeUser DataDefaultExtensionsfgddmllnllkalaagkghckoinaemmogpe [2021-07-08]

CHR Extension: (Google Docs Offline) – C:Userswin10AppDataLocalGoogleChromeUser DataDefaultExtensionsghbmnnjooekpmoecnnnilnnbdlolhkhi [2021-09-30]

CHR Extension: (OneNote Web Clipper) – C:Userswin10AppDataLocalGoogleChromeUser DataDefaultExtensionsgojbdfnpnhogfdgjbigejoaolejmgdhk [2021-07-25]

CHR Extension: (EquatIO – Math made digital) – C:Userswin10AppDataLocalGoogleChromeUser DataDefaultExtensionshjngolefdpdnooamgdldlkjgmdcmcjnc [2021-09-30]

CHR Extension: (Furigana) – C:Userswin10AppDataLocalGoogleChromeUser DataDefaultExtensionsingbigompaecaefaoihaicmkgepkmkeg [2021-09-04]

CHR Extension: (Momentum) – C:Userswin10AppDataLocalGoogleChromeUser DataDefaultExtensionslaookkfknpbbblfpciffpaejjkokdgca [2021-10-12]

CHR Extension: (Ultra Violet) – C:Userswin10AppDataLocalGoogleChromeUser DataDefaultExtensionslcknjpenlfdlffeafcadkbjfodmmgdip [2021-05-18]

CHR Extension: (Decentraleyes) – C:Userswin10AppDataLocalGoogleChromeUser DataDefaultExtensionsldpochfccmkkmhdbclfhpagapcfdljkj [2021-09-16]

CHR Extension: (Chrome Web Store Payments) – C:Userswin10AppDataLocalGoogleChromeUser DataDefaultExtensionsnmmhkkegccagdldgiimedpiccmgmieda [2021-01-29]

CHR Extension: (MyBib: Free Citation Generator) – C:Userswin10AppDataLocalGoogleChromeUser DataDefaultExtensionsphidhnmbkbkbkbknhldmpmnacgicphkf [2020-11-14]

CHR Extension: (Gmail) – C:Userswin10AppDataLocalGoogleChromeUser DataDefaultExtensionspjkljhegncpnkpknbcohdijeoejaedia [2020-10-26]

CHR Profile: C:Userswin10AppDataLocalGoogleChromeUser DataGuest Profile [2020-03-28]

CHR HKLM-x32…ChromeExtension: [efaidnbmnnnibpcajpcglclefindmkaj]

 

==================== Services (Whitelisted) ===================

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

S4 AdobeUpdateService; C:Program Files (x86)Common FilesAdobeAdobe Desktop CommonElevationManagerAdobeUpdateService.exe [818128 2018-04-24] (Adobe Systems Incorporated -> Adobe Systems Incorporated)

S3 AGMService; C:Program Files (x86)Common FilesAdobeAdobeGCClientAGMService.exe [3780296 2021-02-17] (Adobe Inc. -> Adobe Systems, Incorporated)

S4 AGSService; C:Program Files (x86)Common FilesAdobeAdobeGCClientAGSService.exe [3548360 2021-02-17] (Adobe Inc. -> Adobe Systems, Incorporated)

R2 AlibabaProtect; C:Program Files (x86)AlibabaProtect1.0.23.863AlibabaProtect.exe [726920 2018-05-31] (Alibaba (China) Network Technology Co.,Ltd. -> 阿里巴巴(中国)软件有限公司)

S3 AntiCheatExpert Service; C:Program FilesAntiCheatExpertSGuardx64SGuardSvc64.exe [2678216 2021-09-06] (Tencent Technology(Shenzhen) Company Limited -> )

R2 Apple Mobile Device Service; C:Program FilesCommon FilesAppleMobile Device SupportAppleMobileDeviceService.exe [96056 2020-05-20] (Apple Inc. -> Apple Inc.)

R2 asComSvc; C:Program Files (x86)ASUSAXSP4.00.01atkexComSvc.exe [382424 2018-02-06] (ASUSTeK Computer Inc. -> ASUSTeK Computer Inc.)

R2 ClickToRunSvc; C:Program FilesCommon FilesMicrosoft SharedClickToRunOfficeClickToRun.exe [9250696 2021-10-01] (Microsoft Corporation -> Microsoft Corporation)

S3 CoordinatorServiceHost; E:Program FilesSOLIDWORKS CorpSOLIDWORKSswSchedulerDTSCoordinatorService.exe [79520 2021-03-27] (Dassault Systemes SolidWorks Corp. -> Dassault Systèmes SolidWorks Corporation)

S3 EasyAntiCheat; C:Program Files (x86)EasyAntiCheatEasyAntiCheat.exe [803440 2019-08-06] (EasyAntiCheat Oy -> EasyAntiCheat Ltd)

S3 EpicOnlineServices; C:Program Files (x86)Epic GamesEpic Online ServicesserviceEpicOnlineServicesHost.exe [439880 2021-01-05] (Epic Games Inc. -> Epic Games, Inc.)

S3 ewserver; E:Program FilesSOLIDWORKS CorpSOLIDWORKS ElectricalserverEwServer.exe [185288 2021-03-27] (Dassault Systemes SolidWorks Corp. -> )

R2 ExpressVPNService; C:Program Files (x86)ExpressVPNbootstrapamd64nssm.exe [437160 2021-09-21] (EXPRSVPN LLC -> ExpressVPN)

S3 Hamachi2Svc; G:Program FilesLogMeIn Hamachix64hamachi-2.exe [3361736 2019-04-02] (LogMeIn, Inc. -> LogMeIn Inc.)

S3 impi_hydra; E:Program FilesSOLIDWORKS CorpSOLIDWORKShydra_service.exe [924472 2021-03-27] (Intel® Software Development Products -> Intel Corporation)

S3 InputMapper Cerberus Whitelister; G:Program FilesInputmapperHidGuardianInputMapperCerberusWhitelister.exe [15360 2020-01-10] () [File not signed]

R2 IpOverUsbSvc; C:Program Files (x86)Common FilesMicrosoft SharedPhone ToolsCoreCon11.0binIpOverUsbSvc.exe [21304 2017-09-28] (Microsoft Corporation -> Microsoft Corporation)

S4 LightingService; C:Program Files (x86)LightingService1.00.39LightingService.exe [1244632 2018-02-06] (ASUSTeK Computer Inc. -> ASUSTek Computer Inc.)

S3 lkClassAds; C:WindowsSysWOW64lkads.exe [69096 2018-03-13] (National Instruments Corporation -> National Instruments Corporation)

S3 lkTimeSync; C:WindowsSysWOW64lktsrv.exe [80880 2018-03-13] (National Instruments Corporation -> National Instruments Corporation)

S3 MSSQL$TEW_SQLEXPRESS; E:Program FilesSOLIDWORKS ElectricalMSSQL12.TEW_SQLEXPRESSMSSQLBinnsqlservr.exe [372512 2018-09-07] (Microsoft Corporation -> Microsoft Corporation)

S3 mxssvr; G:Program FilesNational InstrumentsMAXnimxs.exe [103872 2018-02-26] (National Instruments Corporation -> National Instruments Corporation)

S3 NIDomainService; G:Program FilesNational InstrumentsSharedSecuritynidmsrv.exe [432600 2018-03-13] (National Instruments Corporation -> National Instruments Corporation)

S3 niLXIDiscovery; G:Program FilesNational InstrumentsSharedNI-VISAniLxiDiscovery.exe [269368 2018-03-19] (National Instruments Corporation -> National Instruments Corporation)

S3 nimDNSResponder; G:Program FilesNational InstrumentsSharedmDNS RespondernimdnsResponder.exe [343080 2017-03-08] (National Instruments Corporation -> National Instruments Corporation)

S3 NINetworkDiscovery; G:Program FilesNational InstrumentsSharedNI Network DiscoveryniDiscSvc.exe [189512 2018-03-05] (National Instruments Corporation -> National Instruments Corporation)

S3 nipxicmsvc; G:Program FilesNational InstrumentsPXInipxicms.exe [204312 2018-02-26] (National Instruments Corporation -> National Instruments Corporation)

S3 nipxirmu; C:WindowsSysWOW64nipxism.exe [32744 2018-03-08] (National Instruments Corporation -> National Instruments Corporation)

S3 niroco; C:Program FilesNational InstrumentsSharedroconiroco.exe [687144 2018-03-01] (National Instruments Corporation -> National Instruments Corporation)

S3 NiSvcLoc; G:Program FilesNational InstrumentsSharedniSvcLocnisvcloc.exe [110040 2017-11-08] (National Instruments Corporation -> National Instruments Corporation)

S4 pcas; C:Program Files (x86)alipayaliedit4.0.0.101pcas.exe [592856 2015-03-24] (Alipay.com Co.,Ltd -> Alipay.com Inc.)

R2 QPCore; C:Program Files (x86)Common FilesTencentQQProtectBinQQProtect.exe [118480 2021-02-02] (Tencent Technology(Shenzhen) Company Limited -> Tencent)

R2 Razer Chroma SDK Server; C:Program Files (x86)Razer Chroma SDKbinRzSDKServer.exe [447080 2019-07-24] (Razer USA Ltd. -> Razer Inc.)

R2 Razer Chroma SDK Service; C:Program Files (x86)Razer Chroma SDKbinRzSDKService.exe [943240 2019-07-24] (Razer USA Ltd. -> Razer Inc.)

R2 RemoteSolverDispatcher; E:Program FilesSOLIDWORKS CorpSOLIDWORKS Flow SimulationbinCFWremotesolverdispatcherservice.exe [252936 2021-03-27] (Mentor Graphics Corporation -> Mentor Graphics Corporation)

S3 Sense; C:Program FilesWindows Defender Advanced Threat ProtectionMsSense.exe [2889856 2018-04-28] (Microsoft Corporation -> Microsoft Corporation)

S3 Service KMSELDI; F:程序文件KMSpicoService_KMS.exe [745664 2016-01-12] (@ByELDI -> @ByELDI) [File not signed]

S3 SolidWorks Licensing Service; C:Program Files (x86)Common FilesSolidWorks SharedServiceSolidWorksLicensing.exe [79360 2021-06-14] (SolidWorks) [File not signed]

S4 SQLAgent$TEW_SQLEXPRESS; E:Program FilesSOLIDWORKS ElectricalMSSQL12.TEW_SQLEXPRESSMSSQLBinnSQLAGENT.EXE [613152 2018-09-07] (Microsoft Corporation -> Microsoft Corporation)

S3 SWVisualize2021.Queue.Server; E:Program FilesSOLIDWORKS CorpSOLIDWORKS VisualizeSWVisualize.Queue.Server.exe [30368 2021-03-27] (Dassault Systemes SolidWorks Corp. -> Dassault Systèmes)

S3 ViGEmBusUpdater; C:Program FilesNefarius Software SolutionsViGEm Bus DriverViGEmBusUpdater.exe [901144 2019-05-10] (Nefarius Software Solutions e.U. -> Nefarius Software Solutions e.U.)

S3 WdNisSvc; C:Program FilesWindows DefenderNisSrv.exe [347320 2017-04-28] (Microsoft Corporation -> Microsoft Corporation)

S3 WemeetUpdateSvc; C:Program Files (x86)TencentUpdateSvrWemeetUpdateSvc.exe [521168 2021-01-07] (Tencent Technology(Shenzhen) Company Limited -> )

S3 WinDefend; C:Program FilesWindows DefenderMsMpEng.exe [103680 2018-04-28] (Microsoft Corporation -> Microsoft Corporation)

R2 wwbizsrv; C:Program Files (x86)Alibabawwbizsrvwwbizsrv.exe [2240864 2019-08-06] (TAOBAO (CHINA) SOFTWARE CO.,LTD. -> Alibaba Group)

S4 XLNXService; C:Userswin10AppDataRoamingXLGameBoxServicePlatformXLNX.dll [151488 2017-11-14] (ShenZhen Thunder Networking Technologies Ltd. -> 深圳市迅雷网络技术有限公司)

 

===================== Drivers (Whitelisted) ===================

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

S3 ACE-BASE; C:Windowssystem32driversACE-BASE.sys [1732736 2021-09-29] (Tencent Technology(Shenzhen) Company Limited -> ANTICHEATEXPERT.COM)

S3 ACE-GAME; C:Windowssystem32driversACE-GAME.sys [752768 2021-09-29] (Tencent Technology(Shenzhen) Company Limited -> ANTICHEATEXPERT.COM)

R2 AliPaladin; C:Windowssystem32driversAliPaladin64.sys [286600 2018-05-31] (Alibaba (China) Network Technology Co.,Ltd. -> AliBaba)

S3 ampa; C:Windowssystem32ampa.sys [38320 2016-12-27] (CHENGDU AOMEI Tech Co., Ltd. -> )

S3 anvsnddrv; C:Windowssystem32driversanvsnddrv.sys [34416 2017-06-20] (Anvsoft Inc. -> AnvSoft Inc.)

R1 AsIO; C:WindowsSysWow64driversAsIO.sys [15232 2018-02-06] (ASUSTeK Computer Inc. -> )

S3 bcmfn; C:WindowsSystem32driversbcmfn.sys [9728 2016-07-16] (Microsoft Windows -> Windows ® Win 7 DDK provider)

R2 BlueStacksDrv_nxt; C:Program FilesBlueStacks_nxtBstkDrv_nxt.sys [320728 2021-07-28] (Bluestack Systems, Inc -> Bluestack System Inc.)

S3 cage; C:Windowssystem32driverscage.sys [44320 2020-07-04] (南京偲言睿网络科技有限公司 -> )

S3 CY3014.X64; C:Windowssystem32DRIVERSCY3014.X64.SYS [3548696 2016-10-17] (Elgato Systems LLC -> )

S3 ElgatoVAD; C:Windowssystem32DRIVERSElgatoVAD.sys [39208 2017-07-11] (Elgato Systems LLC -> Elgato Systems GmbH)

S3 expressvpnsplittunnel; C:Program Files (x86)ExpressVPNsplittunnelexpressvpnsplittunnel.sys [28160 2021-09-21] (ExprsVPN LLC -> )

R3 expressvpnwintun; C:WindowsSystem32driversexpressvpn-wintun.sys [38224 2020-11-27] (Express VPN International Ltd. -> ExpressVPN)

S3 GLCKIO; C:Program Files (x86)ASUSAURA690b33e1-0462-4e84-9bea-c7552b45432a.sys [14976 2020-01-12] (ASUSTeK Computer Inc. -> )

S3 GoFly; C:Windowssystem32driversGoFly64.sys [92976 2020-06-27] (南京偲言睿网络科技有限公司 -> )

S3 Hamachi; C:Windowssystem32DRIVERSHamdrv.sys [45680 2019-04-02] (Microsoft Windows Hardware Compatibility Publisher -> LogMeIn Inc.)

S3 HidGuardian; C:WindowsSystem32driversHidGuardian.sys [26736 2017-04-17] (Microsoft Windows Hardware Compatibility Publisher -> Benjamin Höglinger-Stelzer)

S3 LonlifeFD; C:Windowssystem32driversLonlifeFD.sys [41416 2017-05-08] (Zhengzhou LongLing Technology Co., Ltd. -> )

S3 Netaapl; C:WindowsSystem32driversnetaapl64.sys [23040 2016-12-21] (Microsoft Windows Hardware Compatibility Publisher -> Apple Inc.)

S3 NetAdapterCx; C:WindowsSystem32driversNetAdapterCx.sys [90624 2016-07-16] (Microsoft Windows -> )

R3 Netease_UU_TAP_0921; C:WindowsSystem32driversNetease_UU_TAP_0921.sys [45696 2017-05-26] (NetEase (Hangzhou) Network Co. Ltd. -> The OpenVPN Project)

S3 nidimk; C:WindowsSystem32driversnidimkl.sys [31344 2018-03-01] (National Instruments Corporation -> National Instruments Corporation)

S3 nigevwrapper; C:Windowssystem32DRIVERSnigevwrapper.sys [100016 2018-03-27] (National Instruments Corporation -> National Instruments Corporation)

S3 nimdbgk; C:WindowsSystem32driversnimdbgkl.sys [31392 2017-03-09] (National Instruments Corporation -> National Instruments Corporation)

S3 nimxdfk; C:WindowsSystem32driversnimxdfkl.sys [31360 2017-10-10] (National Instruments Corporation -> National Instruments Corporation)

S3 niorbk; C:WindowsSystem32driversniorbkl.sys [31368 2017-03-09] (National Instruments Corporation -> National Instruments Corporation)

S3 nipalfwedl; C:WindowsSystem32driversnipalfwedl.sys [31408 2018-03-05] (National Instruments Corporation -> National Instruments Corporation)

R0 NIPALK; C:WindowsSystem32driversnipalk.sys [798304 2018-03-05] (National Instruments Corporation -> National Instruments Corporation)

S3 nipalusbedl; C:WindowsSystem32driversnipalusbedl.sys [31400 2018-03-05] (National Instruments Corporation -> National Instruments Corporation)

R0 nipbcfk; C:WindowsSystem32driversnipbcfk.sys [19288 2018-03-07] (National Instruments Corporation -> National Instruments Corporation)

R0 nipcibrd; C:WindowsSystem32driversnipcibrd.sys [135312 2018-03-13] (National Instruments Corporation -> National Instruments Corporation)

R0 nipxibrc; C:WindowsSystem32driversnipxibrc.sys [83736 2018-02-26] (National Instruments Corporation -> National Instruments Corporation)

S3 nipxifpk; C:WindowsSystem32driversnipxifpk.sys [50920 2018-03-12] (National Instruments Corporation -> National Instruments Corporation)

S3 nipxigpk; C:WindowsSystem32driversnipxigpk.sys [40544 2018-03-13] (National Instruments Corporation -> National Instruments Corporation)

R2 nipxirmk; C:WindowsSystem32driversnipxirmkl.sys [31320 2018-03-08] (National Instruments Corporation -> National Instruments Corporation)

S3 NiViPciK; C:WindowsSystem32driversNiViPciKl.sys [31360 2018-03-19] (National Instruments Corporation -> National Instruments Corporation)

R2 NiViPxiK; C:WindowsSystem32driversNiViPxiKl.sys [31360 2018-03-19] (National Instruments Corporation -> National Instruments Corporation)

S3 niwsk; C:Windowssystem32DRIVERSniwsk.sys [113808 2018-03-27] (National Instruments Corporation -> National Instruments Corporation)

R3 NVHDA; C:Windowssystem32driversnvhda64v.sys [129960 2021-06-21] (Microsoft Windows Hardware Compatibility Publisher -> NVIDIA Corporation)

R2 QQProtectX64; C:Windowssystem32driversQQProtectX64.sys [121344 2019-11-20] (Tencent Technology (Shenzhen) Company Limited -> Tencent)

R3 RAZERSEIREN; C:Windowssystem32DRIVERSSEIREN.sys [3806920 2015-07-13] (WDKTestCert chou,130795027549068093 -> Razer Inc.)

S4 RsFx0321; C:WindowsSystem32DRIVERSRsFx0321.sys [258720 2018-07-25] (Microsoft Corporation -> Microsoft Corporation)

S3 RtsUpx; C:Windowssystem32driversRtsUpx.sys [30328 2018-03-03] (Realtek Semiconductor Corp. -> Realtek Semiconductor Corp.)

R3 rzendpt; C:WindowsSystem32driversrzendpt.sys [52240 2016-10-30] (Razer USA Ltd. -> Razer Inc)

R1 savitar; C:WindowsSystem32driverssavitar.sys [100664 2020-07-04] (南京偲言睿网络科技有限公司 -> Windows ® Win 7 DDK provider)

S3 ScpVBus; C:WindowsSystem32driversScpVBus.sys [39168 2013-05-19] (Bruce James -> Scarlet.Crush Productions)

R3 tapexpressvpn; C:WindowsSystem32driverstapexpressvpn.sys [45440 2019-05-22] (ExprsVPN LLC -> The OpenVPN Project)

S3 tapnordvpn; C:WindowsSystem32driverstapnordvpn.sys [44896 2018-07-24] (TEFINCOM S.A. -> The OpenVPN Project)

S3 TESMON; C:Windowssystem32driversTesMon.sys [3231264 2020-04-26] (Tencent Technology(Shenzhen) Company Limited -> Tencent)

S3 TesSafe; C:Windowssystem32TesSafe.sys [1143400 2018-04-05] (Tencent Technology(Shenzhen) Company Limited -> TENCENT)

S3 USBAAPL64; C:WindowsSystem32Driversusbaapl64.sys [54784 2016-12-21] (Microsoft Windows Hardware Compatibility Publisher -> Apple, Inc.)

S3 uupacket; C:WindowsSystem32driversuupacket.sys [54400 2019-09-10] (NetEase(Hangzhou) Network Co. Ltd. -> 网易(杭州)网络有限公司)

S3 uuwfp; C:WindowsSystem32driversuuwfp.sys [63112 2020-12-08] (NetEase(Hangzhou) Network Co. Ltd. -> )

R3 VBoxNetAdp; C:Windowssystem32DRIVERSVBoxNetAdp6.sys [213080 2018-07-16] (Oracle Corporation -> Oracle Corporation)

R1 VBoxNetLwf; C:Windowssystem32DRIVERSVBoxNetLwf.sys [222864 2018-07-16] (Oracle Corporation -> Oracle Corporation)

R3 ViGEmBus; C:WindowsSystem32driversViGEmBus.sys [69168 2019-04-04] (Microsoft Windows Hardware Compatibility Publisher -> Benjamin Höglinger-Stelzer)

R3 vmulti; C:WindowsSystem32driversvmulti.sys [10752 2018-03-16] (Microsoft Windows Hardware Compatibility Publisher -> Windows ® Win 7 DDK provider)

S3 WdBoot; C:Windowssystem32driversWdBoot.sys [44056 2016-07-16] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)

S3 WdFilter; C:Windowssystem32driversWdFilter.sys [290144 2016-07-16] (Microsoft Windows -> Microsoft Corporation)

S3 WdNisDrv; C:WindowsSystem32DriversWdNisDrv.sys [123232 2016-07-16] (Microsoft Windows -> Microsoft Corporation)

S3 WeGameProcService; C:WindowsSystem32driversWeGameDriver764.sys [31576 2021-08-17] (Tencent Technology(Shenzhen) Company Limited -> Tencent Technology(Shenzhen) Company Limited)

S3 XSplit_Dummy; C:Windowssystem32driversxspltspk.sys [26200 2016-06-15] (Splitmedialabs Limited -> SplitmediaLabs Limited)

U4 AdobeARMservice; no ImagePath

S3 cheano_drv; ??D:Application FilesSteamsteamappscommonCounter-Strike Global Offensivebincheano_drv.sys [X]

S3 intaud_WaveExtensible; SystemRootsystem32driversintelaud.sys [X]

S3 iwdbus; SystemRootSystem32driversiwdbus.sys [X]

S3 niimaqk; system32driversniimaqk.sys [X]

S4 nvvad_WaveExtensible; SystemRootsystem32driversnvvad64v.sys [X]

S4 nvvhci; SystemRootSystem32driversnvvhci.sys [X]

U3 SwitchBoard; no ImagePath

 

==================== NetSvcs (Whitelisted) ===================

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

NETSVCx32: XLServicePlatform -> no filepath.

NETSVCx32: HpSvc -> no filepath.

 

==================== One month (created) (Whitelisted) =========

 

(If an entry is included in the fixlist, the file/folder will be moved.)

 

2021-10-14 19:11 – 2021-10-14 19:18 – 000000000 ____D C:FRST

2021-10-14 18:21 – 2021-10-14 18:21 – 000000053 ____C C:Userswin10.git-for-windows-updater

2021-10-09 10:18 – 2021-10-09 10:18 – 000000000 ___DC C:Userswin10AppDataRoamingBlender Foundation

2021-10-08 18:31 – 2021-10-08 18:34 – 000000000 ___DC C:Userswin10AppDataRoamingGeek Uninstaller

2021-09-26 22:22 – 2021-09-26 22:34 – 000000000 ___DC C:Userswin10DocumentsMy Digital Editions

2021-09-26 22:22 – 2021-09-26 22:22 – 000000980 _____ C:UsersPublicDesktopAdobe Digital Editions 4.5.lnk

2021-09-26 22:22 – 2021-09-26 22:22 – 000000980 _____ C:ProgramDataMicrosoftWindowsStart MenuProgramsAdobe Digital Editions 4.5.lnk

2021-09-26 22:22 – 2021-09-26 22:22 – 000000000 ___DC C:Userswin10AppDataLocalAdobe_Systems_Incorporate

2021-09-26 22:22 – 2021-09-26 22:22 – 000000000 ____D C:ProgramDataMicrosoftWindowsStart MenuProgramsAdobe

2021-09-26 22:16 – 2021-09-26 23:10 – 000000000 ___DC C:Userswin10DesktopDulwich

2021-09-18 19:15 – 2021-09-18 19:15 – 000139600 _____ (Beijing Huorong Network Technology Co., Ltd.) C:Windowssystem32Drivershrfwdrv.sys

2021-09-18 19:15 – 2021-09-18 19:15 – 000036696 _____ (Beijing Huorong Network Technology Co., Ltd.) C:Windowssystem32Drivershrdevmon_win10.sys

2021-09-18 19:15 – 2021-09-18 19:15 – 000036696 _____ (Beijing Huorong Network Technology Co., Ltd.) C:Windowssystem32Drivershrdevmon.sys

2021-09-16 19:16 – 2021-10-08 20:24 – 000002330 _____ C:ProgramDataMicrosoftWindowsStart MenuProgramsExpressVPN.lnk

2021-09-16 19:16 – 2021-10-08 20:24 – 000002160 _____ C:UsersPublicDesktopExpressVPN.lnk

 

==================== One month (modified) ==================

 

(If an entry is included in the fixlist, the file/folder will be moved.)

 

2021-10-14 19:14 – 2020-04-24 08:37 – 000000000 ___DC C:Userswin10AppDataRoamingqBittorrent

2021-10-14 19:14 – 2019-04-06 11:16 – 000000000 ____D C:Program Files (x86)Google

2021-10-14 19:13 – 2017-08-20 16:17 – 000003278 _____ C:Windowssystem32TasksTSUpd4

2021-10-14 19:13 – 2017-08-20 16:17 – 000000290 _____ C:WindowsTasksTSUpd4.job

2021-10-14 19:13 – 2016-07-16 19:47 – 000000000 ____D C:ProgramDataregid.1991-06.com.microsoft

2021-10-14 19:12 – 2017-05-06 16:10 – 000000006 ____H C:WindowsTasksSA.DAT

2021-10-14 19:12 – 2017-05-06 16:10 – 000000000 ____D C:Windowssystem32SleepStudy

2021-10-14 18:21 – 2019-10-05 05:50 – 000000000 ___HD C:UsersPublicDocumentsAdobeGCData

2021-10-14 18:21 – 2017-06-11 17:20 – 000004120 _____ C:Windowssystem32TasksUser_Feed_Synchronization-{BE025A60-8CC8-4094-B866-8D0E82841934}

2021-10-14 18:21 – 2017-05-06 16:16 – 000000000 ___DC C:Userswin10

2021-10-14 18:18 – 2017-05-06 16:16 – 013051296 _____ C:Windowssystem32PerfStringBackup.INI

2021-10-14 18:18 – 2016-07-17 06:32 – 003121592 _____ C:Windowssystem32prfh0804.dat

2021-10-14 18:18 – 2016-07-17 06:32 – 002838244 _____ C:Windowssystem32prfc0804.dat

2021-10-13 17:51 – 2019-04-06 11:17 – 000002275 _____ C:ProgramDataMicrosoftWindowsStart MenuProgramsGoogle Chrome.lnk

2021-10-13 17:51 – 2019-04-06 11:17 – 000002234 _____ C:UsersPublicDesktopGoogle Chrome.lnk

2021-10-11 21:06 – 2017-05-06 16:16 – 000000000 ___DC C:Userswin10AppDataLocalPackages

2021-10-11 18:02 – 2017-05-17 17:20 – 000000000 ___DC C:Userswin10AppDataLocalCrashDumps

2021-10-11 17:43 – 2017-08-20 09:07 – 000000000 ___DC C:Userswin10AppDataRoamingCode

2021-10-10 14:14 – 2020-03-01 16:48 – 000002364 ____C C:Userswin10AppDataRoamingMicrosoftWindowsStart MenuProgramsMicrosoft Teams.lnk

2021-10-10 14:14 – 2017-10-26 18:18 – 000002356 ____C C:Userswin10DesktopMicrosoft Teams.lnk

2021-10-09 22:38 – 2017-05-09 05:48 – 000000000 ____D C:Program FilesMicrosoft Office

2021-10-09 11:17 – 2016-07-16 19:45 – 000000000 ____D C:WindowsINF

2021-10-09 10:38 – 2016-07-16 14:04 – 000524288 _____ C:Windowssystem32configBBI

2021-10-09 09:38 – 2019-11-29 12:50 – 000000000 ___DC C:Userswin10AppDataLocalParadox Interactive

2021-10-09 09:37 – 2017-05-07 18:56 – 000000000 ___DC C:Userswin10AppDataRoamingMicrosoftWindowsStart MenuProgramsSteam

2021-10-08 20:24 – 2018-09-01 11:38 – 000000000 ____D C:Program Files (x86)ExpressVPN

2021-10-08 20:24 – 2017-05-06 16:25 – 000000000 ____D C:ProgramDataPackage Cache

2021-10-08 18:33 – 2017-05-08 06:32 – 000000000 ____D C:ProgramDataMicrosoftWindowsStart MenuPrograms腾讯游戏

2021-10-08 18:32 – 2017-05-08 07:03 – 000000000 ___DC C:Userswin10AppDataRoamingMicrosoftWindowsStart MenuPrograms腾讯游戏

2021-10-08 18:24 – 2017-05-08 06:30 – 000000000 ___DC C:Userswin10AppDataRoamingTencent

2021-10-08 17:49 – 2017-07-29 16:52 – 000003366 _____ C:Windowssystem32TasksOneDrive Standalone Update Task-S-1-5-21-2243823886-1026449666-483798452-1001

2021-10-08 17:49 – 2017-05-06 16:17 – 000002363 ____C C:Userswin10AppDataRoamingMicrosoftWindowsStart MenuProgramsOneDrive.lnk

2021-10-08 17:45 – 2019-04-06 11:16 – 000003420 _____ C:Windowssystem32TasksGoogleUpdateTaskMachineUA

2021-10-08 17:45 – 2019-04-06 11:16 – 000003296 _____ C:Windowssystem32TasksGoogleUpdateTaskMachineCore

2021-09-30 08:32 – 2021-08-28 18:31 – 000000000 ___DC C:Userswin10AppDataRoamingkicad

2021-09-29 18:53 – 2021-01-07 17:24 – 000000000 ____D C:ProgramDataAntiCheatExpert

2021-09-29 17:46 – 2020-11-01 15:42 – 000000000 ____D C:Program Files (x86)yxq_nethelper

2021-09-29 17:46 – 2017-05-08 07:15 – 000000000 ____D C:ProgramDataRiot Games

2021-09-29 16:50 – 2020-12-11 20:04 – 000752768 _____ (ANTICHEATEXPERT.COM) C:Windowssystem32DriversACE-GAME.sys

2021-09-29 16:50 – 2020-09-27 17:27 – 001732736 _____ (ANTICHEATEXPERT.COM) C:Windowssystem32DriversACE-BASE.sys

2021-09-26 22:31 – 2019-09-22 08:52 – 000000000 ___DC C:Userswin10AppDataRoamingcalibre

2021-09-26 22:19 – 2019-09-22 08:52 – 000000830 _____ C:UsersPublicDesktopcalibre 64bit – E-book management.lnk

2021-09-26 22:19 – 2019-09-22 08:52 – 000000000 ____D C:ProgramDataMicrosoftWindowsStart MenuProgramscalibre 64bit – E-book Management

2021-09-25 06:44 – 2017-05-08 07:15 – 000000000 ___DC C:Userswin10DocumentsTencent Files

2021-09-20 10:31 – 2020-07-17 12:07 – 000000000 ___DC C:Userswin10DocumentsParadox Interactive

2021-09-19 21:11 – 2017-08-20 09:07 – 000000000 ____D C:ProgramDataMicrosoftWindowsStart MenuProgramsVisual Studio Code

2021-09-18 13:18 – 2017-05-08 06:32 – 000000000 ____D C:WindowsMinidump

 

==================== Files in the root of some directories ========

 

2017-05-08 16:34 – 2018-05-05 15:06 – 000000298 _____ () C:ProgramDataDP0004.dat

2020-07-18 21:22 – 2020-07-18 21:22 – 000000256 ____C () C:Userswin10AppDataRoaming 03CA06773E743

2017-05-28 16:56 – 2017-05-28 16:56 – 000000020 ____C () C:Userswin10AppDataRoaming 04D5649544E41696E66

2017-05-28 16:56 – 2017-05-28 16:56 – 000000256 ____C () C:Userswin10AppDataRoaming 13CA06773E743

2021-01-31 20:46 – 2021-01-31 20:46 – 000000624 ____C () C:Userswin10AppDataRoaming 6e9bfebfbff

2020-06-02 22:22 – 2020-06-02 22:22 – 000159424 ____C (Tencent) C:Userswin10AppDataRoaming5g11B9Yd4OC.xml

2021-01-31 20:46 – 2021-01-31 20:46 – 000000624 ____C () C:Userswin10AppDataRoaming6128097b645246dd0a1aac0f92789123

2021-01-31 20:46 – 2021-01-31 20:46 – 000000624 ____C () C:Userswin10AppDataRoaming81d51dde5348e59429778cae4512ee82

2017-06-21 06:55 – 2017-06-21 06:55 – 000159424 ____C (Tencent) C:Userswin10AppDataRoaming85xsd3.Ota

2021-01-31 20:46 – 2021-01-31 20:46 – 000000624 ____C () C:Userswin10AppDataRoaminga93e59440c39e043ee57a8df56c1947d

2017-05-17 17:20 – 2019-04-04 21:03 – 000000033 ____C () C:Userswin10AppDataRoamingAdobeWLCMCache.dat

2021-01-31 20:46 – 2021-01-31 20:46 – 000000624 ____C () C:Userswin10AppDataRoamingc790634a13e0ed481e87b25d371861da

2017-05-28 09:25 – 2017-12-09 12:18 – 000000046 ____C () C:Userswin10AppDataRoamingCoreAVC.ini

2017-05-28 16:57 – 2017-05-28 16:57 – 000000024 ____C () C:Userswin10AppDataRoamingD3D5D3C0-0F3D-40c1-9973-CEB7C072AE31.ini

2017-05-28 16:56 – 2017-05-28 16:56 – 000001081 ____C () C:Userswin10AppDataRoamingD3D5D3C0-0F3D-40c1-9973-CEB7C072AE32.ini

2021-01-31 20:46 – 2021-01-31 20:46 – 000000624 ____C () C:Userswin10AppDataRoamingf6ffdea3fdc2ccca28d77c165a222836

2017-11-13 17:38 – 2017-11-13 17:38 – 000000190 ____C () C:Userswin10AppDataRoamingGlobalMgr.db

2017-06-06 20:24 – 2017-06-06 20:24 – 000159424 ____C (Tencent) C:Userswin10AppDataRoamingmj2b6F189.xml

2017-05-11 08:05 – 2017-07-13 06:06 – 000002676 ____C () C:Userswin10AppDataRoamingnetwork.dat

2017-07-09 11:15 – 2017-07-09 11:15 – 000159424 ____C (Tencent) C:Userswin10AppDataRoamingTi8K84LI6mo2iA.log

2019-10-13 14:03 – 2019-10-13 14:03 – 000045056 ____C () C:Userswin10AppDataRoamingWeb Data

2019-10-13 14:03 – 2019-10-13 14:03 – 000000000 ____C () C:Userswin10AppDataRoamingWeb Data-journal

2017-06-04 10:52 – 2017-06-04 10:52 – 001111976 ____C (Tencent) C:Userswin10AppDataRoamingZXBQM112X4.DLL

2017-06-10 16:54 – 2017-06-11 20:49 – 000001404 ____C () C:Userswin10AppDataLocalAdobe 存储为 Web 所用格式 13.0 Prefs

2019-08-20 17:33 – 2019-08-20 17:33 – 000000000 ____C () C:Userswin10AppDataLocaloobelibMkey.log

2017-05-20 16:55 – 2021-08-15 17:37 – 000007606 ____C () C:Userswin10AppDataLocalResmon.ResmonCfg

2019-09-07 07:27 – 2019-09-07 07:28 – 000000000 ____C () C:Userswin10AppDataLocal{4F7A8A7E-07F4-4FBD-9ED0-A38064B04292}

 

==================== SigCheck ============================

 

(There is no automatic fix for files that do not pass verification.)

 

 

LastRegBack: 2021-10-11 17:01

==================== End of FRST.txt ========================

 

 




Original Source by [author_name]

Leave a Reply

Your email address will not be published. Required fields are marked *

seven + = twelve