Additional scan result of Farbar Recovery Scan Tool (x64) Version:05-03-2016 01
Ran by OnnaissaK (2016-04-04 18:38:02)
Running from C:\Users\OnnaissaK\Downloads
Windows 7 Ultimate Service Pack 1 (X64) (2015-01-16 02:10:50)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-426536042-1825847990-1245049844-500 - Administrator - Disabled)
Guest (S-1-5-21-426536042-1825847990-1245049844-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-426536042-1825847990-1245049844-1004 - Limited - Enabled)
OnnaissaK (S-1-5-21-426536042-1825847990-1245049844-1000 - Administrator - Enabled) => C:\Users\OnnaissaK

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7+ Taskbar Tweaker v5.0 (HKU\S-1-5-21-426536042-1825847990-1245049844-1000\...\7 Taskbar Tweaker) (Version: 5.0 - RaMMicHaeL)
7-Zip 9.38 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0938-000001000000}) (Version: 9.38.00.0 - Igor Pavlov)
Adobe Flash Player 21 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 21.0.0.197 - Adobe Systems Incorporated)
Adobe Flash Player 21 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 21.0.0.197 - Adobe Systems Incorporated)
Akamai NetSession Interface (HKU\S-1-5-21-426536042-1825847990-1245049844-1000\...\Akamai) (Version:  - Akamai Technologies, Inc)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Arc (HKLM-x32\...\{CED8E25B-122A-4E80-B612-7F99B93284B3}) (Version: 1.0.0.9668 - Perfect World Entertainment)
Archeage (HKLM-x32\...\Glyph Archeage) (Version:  - Trion Worlds, Inc.)
BitComet 1.40 (HKLM-x32\...\BitComet) (Version: 1.40 - CometNetwork)
Blade & Soul Closed Beta Test (HKLM-x32\...\{F7DBB870-787A-4B0E-A314-C931522A5859}) (Version: 4.0.0.6 - NC Interactive, LLC)
C9 (HKLM-x32\...\C9(Continent of the Ninth Seal)_is1) (Version:  - WEBZEN)
calibre (HKLM-x32\...\{CF0D492B-12F2-40B0-AF33-0F1BAA0BEF37}) (Version: 2.28.0 - Kovid Goyal)
Cheat Engine 6.5 (HKLM-x32\...\Cheat Engine 6.5_is1) (Version:  - Cheat Engine)
CPUID HWMonitor 1.28 (HKLM\...\CPUID HWMonitor_is1) (Version:  - )
DFO (HKLM-x32\...\{C1E5C0FB-527E-42C6-BCA0-0A37A6124AE4}) (Version: 1.01.0000 - Neople)
Dolby Home Theater v4 (HKLM-x32\...\{B26438B4-BF51-49C3-9567-7F14A5E40CB9}) (Version: 7.2.8000.17 - Dolby Laboratories Inc)
Driver Booster 3.1 (HKLM-x32\...\Driver Booster_is1) (Version: 3.1 - IObit)
FIFA 14 (HKLM-x32\...\{AA7A2800-1E75-4240-855B-03AFF8E5171E}) (Version: 1.0.0.0 - Electronic Arts)
Glyph (HKLM-x32\...\Glyph) (Version:  - Trion Worlds, Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 49.0.2623.110 - Google Inc.)
Google Update Helper (x32 Version: 1.3.29.5 - Google Inc.) Hidden
Guild Wars 2 (HKLM-x32\...\Guild Wars 2) (Version:  - NCsoft Corporation, Ltd.)
Kingo ROOT version 1.4.4.2620 (HKLM-x32\...\{AE7675D6-0B31-494F-ABFA-822E1A0FDF17}_is1) (Version: 1.4.4.2620 - Kingosoft Technology Ltd.)
marvell 91xx driver (HKLM-x32\...\MagniDriver) (Version: 1.2.0.1039 - Marvell)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUSR) (Version: 15.0.4420.1017 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{887868A2-D6DE-3255-AA92-AA0B5A59B874}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Motorola Device Manager (HKLM-x32\...\{28DB8373-C1BB-444F-A427-A55585A12ED7}) (Version: 2.5.4 - Motorola Mobility)
Motorola Device Software Update (x32 Version: 13.09.3001 - Motorola Mobility) Hidden
Motorola Mobile Drivers Installation 6.4.0 (HKLM\...\{27986EDD-C9EC-4B52-B92F-06D073F0AA52}) (Version: 6.4.0 - Motorola Mobility LLC)
Movavi Video Converter 16 (HKLM-x32\...\Movavi Video Converter 16) (Version: 16.0.1 - Movavi)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
NCSOFT Game Launcher (HKLM-x32\...\NCLauncher_NCWest) (Version:  - NCSOFT)
NVIDIA 3D Vision Controller Driver 340.50 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 340.50 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.4.1.21 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.4.1.21 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.30.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.30.1 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.15.0428 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.15.0428 - NVIDIA Corporation)
ON_OFF Charge 2 B13.1028.1 (HKLM-x32\...\InstallShield_{6B4ED6F7-BB88-4945-B0C6-01410E1BAC3A}) (Version: 1.00.0000 - GIGABYTE)
ON_OFF Charge 2 B13.1028.1 (x32 Version: 1.00.0000 - GIGABYTE) Hidden
Origin (HKLM-x32\...\Origin) (Version: 9.3.1.4482 - Electronic Arts, Inc.)
Outils de vérification linguistique 2013 de Microsoft Office - Français (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Platform (x32 Version: 1.42 - VIA Technologies, Inc.) Hidden
Poke (HKLM-x32\...\{FC9F924E-9472-45F1-980D-8267E47AA054}) (Version: 2.0.1 - CodeFromThe70s.org)
QQ International (HKLM-x32\...\{3CA54984-A14B-42FE-9FF1-7EA90151D725}) (Version: 1.91.1370.0 - Tencent Technology(Shenzhen) Company Limited)
RaidCall (HKLM-x32\...\RaidCall) (Version: 7.3.6-1.0.13004.105 - raidcall.com)
Rappelz_US (HKLM-x32\...\{FF64912C-DC87-4A55-86C2-9CB30CAD1611}_is1) (Version: Rappelz_US - Webzen)
RareElites English Patcher (HKLM-x32\...\RareElites English Patcher) (Version:  - )
RareElites English Patcher 1.3.00 (HKLM-x32\...\RareElites English Patcher 1.3.00) (Version:  - )
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.92.115.2015 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7512 - Realtek Semiconductor Corp.)
Safari (HKLM-x32\...\{C779648B-410E-4BBA-B75B-5815BCEFE71D}) (Version: 5.34.57.2 - Apple Inc.)
SHIELD Streaming (Version: 4.1.1000 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 2.4.1.21 - NVIDIA Corporation) Hidden
SoftEther VPN Client (HKLM\...\softether_sevpnclient) (Version: 4.12.9514 - SoftEther VPN Project)
TeamSpeak 3 Client (HKLM-x32\...\TeamSpeak 3 Client) (Version: 3.0.18 - TeamSpeak Systems GmbH)
Unity Web Player (HKU\S-1-5-21-426536042-1825847990-1245049844-1000\...\UnityWebPlayer) (Version: 5.3.4f1 - Unity Technologies ApS)
VIA Gerenciador de dispositivo de plataforma (HKLM-x32\...\InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.42 - VIA Technologies, Inc.)
VirtualCloneDrive (HKLM-x32\...\VirtualCloneDrive) (Version: 5.4.8.0 - Elaborate Bytes)
Wakfu (HKU\S-1-5-21-426536042-1825847990-1245049844-1000\...\1F4715F1-86E7-4450-AA9A-13ADBF14BED1-2) (Version:  - Ankama)
Windows Driver Package - Advanced Micro Devices, Inc System  (03/16/2011 5.12.0.0015) (HKLM\...\A3A37EC031F134EDD1E9DB40819B1EAD0DB7C844) (Version: 03/16/2011 5.12.0.0015 - Advanced Micro Devices, Inc)
Windows Driver Package - Marvell Inc. (mv64xx) SCSIAdapter  (01/10/2010 3.1.0.2408.) (HKLM\...\30BE1C1F0056A25C29E784A96A58FD4A290816BC) (Version: 01/10/2010 3.1.0.2408. - Marvell Inc.)
Yumina the Ethereal (HKLM-x32\...\Yumina) (Version: English 1.0 - JAST Densetsu)
微软设备健康助手 (HKLM-x32\...\{2EAC4B0F-6E44-4FF6-AA5E-5D100F2BAA59}) (Version: 1.5.3.1 - Microsoft Corporation)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-426536042-1825847990-1245049844-1000_Classes\CLSID\{0002DF01-0000-0000-C000-000000000046}\localserver32 -> "C:\Users\OnnaissaK\AppData\Local\liebao\liebao.exe" => No File

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {089FF7D8-77AF-4C36-A1C9-A35DF5AB39AC} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2012-10-01] (Microsoft Corporation)
Task: {19392081-CCF1-4638-96FB-4682436C3526} - System32\Tasks\Ovamwext => C:\PROGRA~1\KETRAR~1\Buuafi.bat
Task: {2506F7F5-D5DF-4FC2-838D-C12D50FAF528} - System32\Tasks\{C1717768-380E-49DA-B0A1-21F74B7F860A} => D:\Program Files (x86)\Origin Games\FIFA 14\Game\fifa14.exe [2014-04-15] (Electronic Arts)
Task: {3046E8A3-08EA-4BA4-964A-B74CF3F81BB0} - System32\Tasks\{D08236D7-CD9C-41D2-9512-6104486D0048} => D:\Program Files (x86)\Origin Games\FIFA 14\Game\fifa14.exe [2014-04-15] (Electronic Arts)
Task: {40D6A032-49F6-4417-94A6-10DA2FE26E8D} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {5668B981-109D-4076-960A-99DD56D8C544} - System32\Tasks\{52130B97-DC44-4575-9A1C-23BDC34D80D5} => D:\Program Files (x86)\Origin Games\FIFA 14\Game\fifa14.exe [2014-04-15] (Electronic Arts)
Task: {6C828874-AD9B-41A8-A3EA-FF49628DF95E} - System32\Tasks\Driver Booster SkipUAC (OnnaissaK) => C:\Program Files (x86)\IObit\Driver Booster\DriverBooster.exe [2015-11-27] (IObit)
Task: {9F885BB0-4443-4897-BD3D-4682B5A85694} - System32\Tasks\Driver Booster Scheduler => C:\Program Files (x86)\IObit\Driver Booster\Scheduler.exe [2015-11-23] (IObit)
Task: {A5538443-0BDB-4006-B675-32674F51D04A} - System32\Tasks\{64264969-6218-4F9C-A072-8638A99C189D} => D:\Program Files (x86)\Origin Games\FIFA 14\Game\fifa14.exe [2014-04-15] (Electronic Arts)
Task: {AF5A2E0C-2E36-4BC4-8751-9E85070143E5} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {B0EBA0DF-543C-4702-8E55-AAE3AC260EAA} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2012-10-01] (Microsoft Corporation)
Task: {CB37458C-0472-4A29-965D-04657D5D4AD5} - System32\Tasks\Opera scheduled Autoupdate 1421357951 => C:\Program Files (x86)\Opera\launcher.exe
Task: {CD46393E-B7AA-4BCF-B80E-B66F3E56C44A} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2012-10-01] (Microsoft Corporation)
Task: {D5412689-5522-4222-8F96-CFB386C53F7D} - System32\Tasks\{871AA4F6-4244-43D1-8C2B-9CC1C5AE0BE7} => D:\Program Files (x86)\Origin Games\FIFA 14\Game\fifa14.exe [2014-04-15] (Electronic Arts)
Task: {D93ADF9E-A6CE-4C94-B7D1-199A372C1FD6} - System32\Tasks\osTip => C:\ProgramData\WindowsMsg\osmsg.exe [2016-03-31] ()
Task: {DB7F5D4A-3517-4141-9B4C-DB9BB4B61C3F} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_21_0_0_197_pepper.exe [2016-03-26] (Adobe Systems Incorporated)
Task: {DF4FB2DD-92F2-473A-9D18-3E577C0B0494} - System32\Tasks\{9E79891C-661C-4125-A528-52DDD81F58DC} => D:\Program Files (x86)\Origin Games\FIFA 14\Game\fifa14.exe [2014-04-15] (Electronic Arts)
Task: {F7A1978C-9A0C-41C5-A5E3-D3F479094FBA} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player PPAPI Notifier.job => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_21_0_0_197_pepper.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2015-01-15 18:09 - 2015-10-13 14:26 - 00125616 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2016-04-02 09:34 - 2016-04-02 09:34 - 00670544 _____ () C:\Users\OnnaissaK\AppData\Roaming\Dugusiac\Fyjlobca.dll
2012-10-01 20:36 - 2012-10-01 20:36 - 06522480 _____ () C:\Program Files\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2016-03-26 15:46 - 2016-03-26 15:47 - 00302080 _____ () C:\Program Files (x86)\03AA02FC-1459017997-0523-EE06-870700080009\jnsmFD54.tmp
2016-04-02 09:34 - 2016-04-02 09:34 - 00174416 _____ () C:\Users\OnnaissaK\AppData\Roaming\Dugusiac\Dugusiac.exe
2016-04-02 09:34 - 2016-04-02 09:34 - 00115536 _____ () C:\Users\OnnaissaK\AppData\Roaming\Dugusiac\Mitrogfoa.exe
2016-04-02 09:34 - 2016-04-02 09:34 - 00146256 _____ () C:\Users\OnnaissaK\AppData\Roaming\Dugusiac\Fyjlobca.exe
2015-04-17 21:47 - 2015-04-17 16:47 - 00041528 _____ () C:\Documents and Settings\Public\QQNetBar\tud.exe
2016-03-26 15:47 - 2016-03-26 15:47 - 00416256 _____ () C:\Program Files (x86)\03AA02FC-1459017997-0523-EE06-870700080009\hnsr1B03.tmp
2016-04-02 18:42 - 2016-04-02 18:42 - 00304128 _____ () C:\Program Files (x86)\03AA02FC-1459017997-0523-EE06-870700080009\knsk3780.tmp
2016-04-02 20:13 - 2016-03-31 16:28 - 02041856 _____ () C:\ProgramData\WindowsMsg\osmsg.exe
2016-04-02 09:34 - 2016-04-02 09:34 - 00261968 _____ () C:\Users\OnnaissaK\AppData\Roaming\Dugusiac\Mitrogfoa.dll
2015-04-17 21:47 - 2015-04-17 16:47 - 00257592 _____ () C:\Documents and Settings\Public\QQNetBar\libmpr.dll
2015-03-31 11:24 - 2015-03-28 00:45 - 00011920 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
2012-10-01 20:37 - 2012-10-01 20:37 - 06522480 _____ () C:\Program Files (x86)\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2016-04-02 13:51 - 2016-03-27 04:58 - 01675928 _____ () C:\Program Files (x86)\Google\Chrome\Application\49.0.2623.110\libglesv2.dll
2016-04-02 13:51 - 2016-03-27 04:58 - 00086168 _____ () C:\Program Files (x86)\Google\Chrome\Application\49.0.2623.110\libegl.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\QQPCRTP => ""="service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\QQPCRTP => ""="service"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\.DEFAULT\...\alipay.com -> hxxps://alipay.com
IE trusted site: HKU\.DEFAULT\...\alipay.com -> hxxp://alipay.com
IE trusted site: HKU\.DEFAULT\...\alisoft.com -> hxxps://alisoft.com
IE trusted site: HKU\.DEFAULT\...\alisoft.com -> hxxp://alisoft.com
IE trusted site: HKU\.DEFAULT\...\taobao.com -> hxxps://taobao.com
IE trusted site: HKU\.DEFAULT\...\taobao.com -> hxxp://taobao.com

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 23:34 - 2016-03-26 15:44 - 00001006 ____A C:\Windows\system32\Drivers\etc\hosts

127.0.0.1       down.baidu2016.com
127.0.0.1       123.sogou.com
127.0.0.1       www.czzsyzgm.com
127.0.0.1       www.czzsyzxl.com
127.0.0.1       union.baidu2019.com

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-426536042-1825847990-1245049844-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\OnnaissaK\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 104.197.191.4
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{99C3B6CE-6FF0-43E8-ACC7-383325345727}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{67BCC97D-527F-49D8-885D-8C60B0972811}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{8DC09FC8-22C0-43FB-95C7-4D71B4C17106}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{119E083A-3756-4D01-8153-19A5C11150A8}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{1C3CB4E0-FD61-4E45-B81D-A6F5FF360F3A}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{44D73B05-4BD5-4EEB-A3DA-09DC9E6E6020}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{24DBB0F4-5E0B-4B93-B945-7742241BCC52}] => (Allow) C:\Program Files\BitComet\BitComet.exe
FirewallRules: [{983A7685-0E27-4BE1-B54C-4DEA20A852D0}] => (Allow) C:\Program Files\BitComet\BitComet.exe
FirewallRules: [{3FCA75EB-CF8D-4132-94A8-A6C6720D2517}] => (Allow) C:\Program Files\SoftEther VPN Client\vpnclient.exe
FirewallRules: [{F30D0C5C-6646-45B8-9E83-0977540E142F}] => (Allow) C:\Program Files\SoftEther VPN Client\vpncmgr_x64.exe
FirewallRules: [{D7CE5E15-D782-413A-849C-536F582419E6}] => (Allow) C:\Program Files\SoftEther VPN Client\vpnclient_x64.exe
FirewallRules: [{967D88CB-E16A-4D3C-B38C-C1A63D8E602F}] => (Allow) C:\Program Files\SoftEther VPN Client\vpncmd_x64.exe
FirewallRules: [{4BEE5669-EC53-45ED-8732-19CD09500A2B}] => (Allow) C:\Program Files\SoftEther VPN Client\vpncmd.exe
FirewallRules: [{06262F97-AFEC-4C5A-8462-6BB0454B881C}] => (Allow) C:\Program Files\SoftEther VPN Client\vpncmgr.exe
FirewallRules: [{5008BA77-BB6B-4349-AED8-D5B604533164}] => (Allow) D:\Program Files (x86)\Origin Games\FIFA 14\Game\fifa14.exe
FirewallRules: [{91475A3A-F0BA-48A0-8D91-D8D1185F6E1D}] => (Allow) D:\Program Files (x86)\Origin Games\FIFA 14\Game\fifa14.exe
FirewallRules: [{E8BA6DF9-ED44-4ED9-A0B6-59C9327FE3AC}] => (Allow) C:\Program Files (x86)\baidu\Spark\Spark.exe
FirewallRules: [{43FA801C-33FC-4E56-82E6-FEE23A14387B}] => (Allow) C:\Program Files (x86)\baidu\Spark\Spark.exe
FirewallRules: [{D098D9E9-DE0B-4A6D-B843-CEAE0CA4DB6C}] => (Allow) C:\Program Files (x86)\baidu\Spark\bdtray.exe
FirewallRules: [{D9D12783-A071-4C6E-84B6-0F89442DA7F2}] => (Allow) C:\Program Files (x86)\baidu\Spark\bdtray.exe
FirewallRules: [{B300BB05-1939-482A-8122-765F0A402D8B}] => (Allow) LPort=8902
FirewallRules: [{14580736-C386-4473-A400-F8CA2A0FF1C0}] => (Allow) LPort=8902
FirewallRules: [{4F914F4B-065C-4380-951D-89F10E519B9C}] => (Allow) C:\Users\OnnaissaK\AppData\Local\Temp\QQVipDownloader\bns_1425373850\QQVipDownloader.exe
FirewallRules: [{53B223AE-B845-4832-8463-B758C881B5F6}] => (Allow) C:\Users\OnnaissaK\AppData\Local\Temp\QQVipDownloader\bns_1425373850\QQVipDownloader.exe
FirewallRules: [{0C43881C-90F7-4A86-9F4D-826862223F6F}] => (Allow) C:\Users\OnnaissaK\AppData\Local\Temp\QQVipDownloader\bns_1425373850\bugreport.exe
FirewallRules: [{C24D53A6-78B2-4358-BFF1-3BA7A2EB023B}] => (Allow) C:\Users\OnnaissaK\AppData\Local\Temp\QQVipDownloader\bns_1425373850\bugreport.exe
FirewallRules: [{7DA7611C-749C-46BF-8FA9-E0F37379F6B5}] => (Allow) C:\program files (x86)\common files\tencent\qqdownload\127\bugreport_xf.exe
FirewallRules: [{A4AB863D-C778-4E89-A07D-B140D0DEF65B}] => (Allow) C:\Program Files (x86)\Tencent\QQIntl\Bin\QQ.exe
FirewallRules: [{527F6FCD-EAC0-453B-AAB4-429A7AAA30F6}] => (Allow) C:\Program Files (x86)\Tencent\QQIntl\Bin\QQ.exe
FirewallRules: [{DEC22699-7736-4185-B6FA-4C064C578501}] => (Allow) C:\program files (x86)\common files\tencent\qqdownload\128\bugreport_xf.exe
FirewallRules: [TCP Query User{87118694-FFA9-4C86-B9A5-A6D7E30F33B9}D:\blade&soul\剑灵_腾讯\tcls\tenprotect\tensafe_1.exe] => (Allow) D:\blade&soul\剑灵_腾讯\tcls\tenprotect\tensafe_1.exe
FirewallRules: [UDP Query User{84D58270-CBC9-4171-815D-CDFB47C05BF4}D:\blade&soul\剑灵_腾讯\tcls\tenprotect\tensafe_1.exe] => (Allow) D:\blade&soul\剑灵_腾讯\tcls\tenprotect\tensafe_1.exe
FirewallRules: [{663A2338-F897-441A-BF70-3753BE273FC2}] => (Allow) d:\blade&soul\剑灵_腾讯\tcls\launcher.exe
FirewallRules: [{FB0C52E1-8BEC-4E43-BE5B-E8369E483A5D}] => (Allow) d:\blade&soul\剑灵_腾讯\tcls\launcher.exe
FirewallRules: [{46E38C16-B837-4AFC-B283-CFD4C6CBCD9F}] => (Allow) c:\users\onnaissak\appdata\roaming\tencent\剑灵\9f4f319bd77381bc44e8af63291f7731\teniodl\teniodl.exe
FirewallRules: [{82593BC8-BF83-45C0-91F3-557B0F30378D}] => (Allow) c:\users\onnaissak\appdata\roaming\tencent\剑灵\9f4f319bd77381bc44e8af63291f7731\teniodl\teniodl.exe
FirewallRules: [{056D661C-5AFC-427C-8DCF-8910E395C0CA}] => (Allow) d:\blade&soul\剑灵_腾讯\tcls\launcher.exe
FirewallRules: [{F0BE6EB9-4C70-4403-8A8F-C95BC324C5F9}] => (Allow) d:\blade&soul\剑灵_腾讯\tcls\launcher.exe
FirewallRules: [{E08D09CE-B041-4930-9FEE-DCF7032AECA7}] => (Allow) d:\blade&soul\剑灵_腾讯\tcls\launcher.exe
FirewallRules: [{75DD1C65-DC3D-4E9A-AE0D-7A1E53A58532}] => (Allow) d:\blade&soul\剑灵_腾讯\tcls\launcher.exe
FirewallRules: [{3D6943E6-098F-47C8-B644-02E5ACDD3EF2}] => (Allow) C:\Users\OnnaissaK\AppData\Local\Temp\QQGameDownloader\bns_1425346859_61356\MiniQQDL.exe
FirewallRules: [{4B975BAC-D3B9-4738-8800-65D039CCB18C}] => (Allow) C:\Users\OnnaissaK\AppData\Local\Temp\QQGameDownloader\bns_1425346859_61356\MiniQQDL.exe
FirewallRules: [{89B1D62E-7FBE-49DB-9EA3-C06982137A86}] => (Allow) c:\users\onnaissak\appdata\local\temp\qqgamedownloader\bns_1425346859_61356\teniodl.exe
FirewallRules: [{45D1643D-4E7B-4C48-846D-0B9821878648}] => (Allow) c:\users\onnaissak\appdata\local\temp\qqgamedownloader\bns_1425346859_61356\teniodl.exe
FirewallRules: [{31297F56-3C8B-4560-B014-DD7D3FFACB3E}] => (Allow) C:\Users\OnnaissaK\AppData\Local\Temp\QQGameDownloader\bns_1426138953_35264\MiniQQDL.exe
FirewallRules: [{F715D98C-86BA-4595-AF4C-AD604C46CDB2}] => (Allow) C:\Users\OnnaissaK\AppData\Local\Temp\QQGameDownloader\bns_1426138953_35264\MiniQQDL.exe
FirewallRules: [{EE48D7C6-9B04-4563-836B-0778B84E2991}] => (Allow) c:\users\onnaissak\appdata\local\temp\qqgamedownloader\bns_1426138953_35264\teniodl.exe
FirewallRules: [{05DC9607-9059-4B1F-9C74-6DAFA4C751A0}] => (Allow) c:\users\onnaissak\appdata\local\temp\qqgamedownloader\bns_1426138953_35264\teniodl.exe
FirewallRules: [{34D2E03D-FA30-41BA-AD74-5AD35605D37C}] => (Allow) c:\users\onnaissak\appdata\local\temp\tencent\tgpminidown.1367.2.1.5.8204\teniodl\teniodl.exe
FirewallRules: [{F780290A-0190-4F99-A71F-9059A5DB83BB}] => (Allow) c:\users\onnaissak\appdata\local\temp\tencent\tgpminidown.1367.2.1.5.8204\teniodl\teniodl.exe
FirewallRules: [TCP Query User{C7C75B5C-3936-4E5F-97F5-3BF568BFCA4E}D:\blade&soul\blade and soul\bin\client.exe] => (Allow) D:\blade&soul\blade and soul\bin\client.exe
FirewallRules: [UDP Query User{5A140DDD-985C-4D04-A960-FA407908E577}D:\blade&soul\blade and soul\bin\client.exe] => (Allow) D:\blade&soul\blade and soul\bin\client.exe
FirewallRules: [{98659C10-2A91-4CD3-AED6-BD253C3F6384}] => (Allow) D:\Blade&Soul\blade and soul\bin\Cross\CrossProxy.exe
FirewallRules: [{50BDBDB5-71BB-4AC2-92DA-6A9BA57E8A4F}] => (Allow) D:\Blade&Soul\blade and soul\bin\Cross\CrossProxy.exe
FirewallRules: [{CB3DF1FB-F0DE-4E7A-AC54-9F8CAEF52D45}] => (Allow) D:\Blade&Soul\blade and soul\bin\Cross\Apps\CQS\QTalk\Bin\miniQTalk.exe
FirewallRules: [{18A672BD-F77C-42EA-A105-8539A058CA27}] => (Allow) D:\Blade&Soul\blade and soul\bin\Cross\Apps\CQS\QTalk\Bin\miniQTalk.exe
FirewallRules: [{F0A54484-3D11-4069-B908-E9CB7E632A8C}] => (Allow) D:\Blade&Soul\blade and soul\bin\Cross\CrossProxy.exe
FirewallRules: [{E8A17FA6-AD8D-4A55-ABE9-9AC8F6C4DDEE}] => (Allow) D:\Blade&Soul\blade and soul\bin\Cross\CrossProxy.exe
FirewallRules: [{D3012EF7-0ED6-4A15-A1B9-FA789BEB4CEC}] => (Allow) D:\Blade&Soul\blade and soul\bin\Cross\Apps\CQS\QTalk\Bin\miniQTalk.exe
FirewallRules: [{F1205128-E90D-4E55-856E-9253FB1124AA}] => (Allow) D:\Blade&Soul\blade and soul\bin\Cross\Apps\CQS\QTalk\Bin\miniQTalk.exe
FirewallRules: [{A0B6EFC8-B1B8-45BD-A009-7DE75A5C3827}] => (Allow) C:\Users\OnnaissaK\Downloads\QQPCDownload70194.exe
FirewallRules: [{7379DAAA-5696-4BBD-800E-C82B25A0D890}] => (Allow) C:\Users\OnnaissaK\Downloads\QQPCDownload70194.exe
FirewallRules: [{7DBCD0B2-E6B0-466A-9B4F-55443A643897}] => (Allow) C:\program files (x86)\common files\tencent\qqdownload\130\bugreport_xf.exe
FirewallRules: [TCP Query User{FC67F4D0-7F0E-471B-A89E-076F5EA55870}C:\program files (x86)\tencent\qqintl\bin\qq.exe] => (Allow) C:\program files (x86)\tencent\qqintl\bin\qq.exe
FirewallRules: [UDP Query User{991CF313-5147-44CA-96E7-1A9E94497666}C:\program files (x86)\tencent\qqintl\bin\qq.exe] => (Allow) C:\program files (x86)\tencent\qqintl\bin\qq.exe
FirewallRules: [TCP Query User{866C69DB-AB55-4645-89DE-7F689C09C51B}D:\blade&soul\blade and soul\bin\client.exe] => (Allow) D:\blade&soul\blade and soul\bin\client.exe
FirewallRules: [UDP Query User{4207F5E3-9471-41C4-9948-DB311433CDA9}D:\blade&soul\blade and soul\bin\client.exe] => (Allow) D:\blade&soul\blade and soul\bin\client.exe
FirewallRules: [TCP Query User{630A4363-CFA1-4E8D-B7CA-C9A194E0C11D}C:\program files (x86)\tencent\qqpcmgr\10.8.16208.227\plugins\qqpcb1androidjmp\qqphonemanager.exe] => (Allow) C:\program files (x86)\tencent\qqpcmgr\10.8.16208.227\plugins\qqpcb1androidjmp\qqphonemanager.exe
FirewallRules: [UDP Query User{07F514E8-C5AF-4C7E-8AB4-B476CC063C75}C:\program files (x86)\tencent\qqpcmgr\10.8.16208.227\plugins\qqpcb1androidjmp\qqphonemanager.exe] => (Allow) C:\program files (x86)\tencent\qqpcmgr\10.8.16208.227\plugins\qqpcb1androidjmp\qqphonemanager.exe
FirewallRules: [{AB688D6A-3033-4D7E-A0DD-CFC5DB2255DB}] => (Block) C:\program files (x86)\tencent\qqpcmgr\10.8.16208.227\plugins\qqpcb1androidjmp\qqphonemanager.exe
FirewallRules: [{EBC3CB1E-24C2-48BB-9A6D-373BFBB939A9}] => (Block) C:\program files (x86)\tencent\qqpcmgr\10.8.16208.227\plugins\qqpcb1androidjmp\qqphonemanager.exe
FirewallRules: [{F7C31BA9-EBDD-4A2B-980D-8BEF2CA1EB23}] => (Allow) C:\Users\OnnaissaK\AppData\Roaming\Tencent\QQMicroGameBox\Launch.exe
FirewallRules: [{2BAA812A-11D1-46CE-8F11-DDD9431E2504}] => (Allow) C:\Users\OnnaissaK\AppData\Roaming\Tencent\QQMicroGameBox\Launch.exe
FirewallRules: [{AEBC998F-719A-41F9-9151-C1043DBBC1DB}] => (Allow) C:\Users\OnnaissaK\AppData\Roaming\Tencent\QQMicroGameBox\1.0.8.0\QQMicroGameBox.exe
FirewallRules: [{41B7D36E-6E5A-422B-9A5D-D9050F693E2F}] => (Allow) C:\Users\OnnaissaK\AppData\Roaming\Tencent\QQMicroGameBox\1.0.8.0\QQMicroGameBox.exe
FirewallRules: [{44A27B8B-720F-4F91-AE43-76AB31E02C41}] => (Allow) C:\Users\OnnaissaK\AppData\Roaming\Tencent\QQMicroGameBox\1.0.8.0\QQMicroGameBoxTray.exe
FirewallRules: [{5154DCCA-52AF-41D2-973D-355FAE9B57E9}] => (Allow) C:\Users\OnnaissaK\AppData\Roaming\Tencent\QQMicroGameBox\1.0.8.0\QQMicroGameBoxTray.exe
FirewallRules: [{26E2381C-EA74-4F03-B1AA-11853CFF659E}] => (Allow) C:\Users\OnnaissaK\AppData\Roaming\Tencent\QQMicroGameBox\data\100662078\bin\launch.exe
FirewallRules: [{38EC858C-3AB9-40BD-9F88-E2772E319FA2}] => (Allow) C:\Users\OnnaissaK\AppData\Roaming\Tencent\QQMicroGameBox\data\100662078\bin\launch.exe
FirewallRules: [{0F6D5E23-B4EB-4C7B-ACBA-732F6C27ABAA}] => (Allow) C:\ProgramData\Tencent\QQPCMgr\Clinic\Drive_theLife_SDK\DriverTheLife20141114\dtlqq.exe
FirewallRules: [{6004B75A-5B2E-4110-B8D2-EA380E076BC6}] => (Allow) C:\program files (x86)\common files\tencent\qqdownload\130\bugreport_xf.exe
FirewallRules: [{2269D8D6-DEEE-4D21-A780-0DE09490D602}] => (Allow) C:\Users\OnnaissaK\AppData\Roaming\IQIYI Video\LStyle\QyUpdate.exe
FirewallRules: [{EFF67769-E8BD-4EBC-ACDF-3560F29E5E19}] => (Allow) D:\IQIYI Video\LStyle\QyClient.exe
FirewallRules: [{121B3564-8ADF-4424-A0C1-A70557A2D23D}] => (Allow) D:\IQIYI Video\LStyle\QyWebPlayer.exe
FirewallRules: [{DBC37AB1-94D2-4FA0-92B2-6C8C0AADD3BE}] => (Allow) D:\IQIYI Video\LStyle\GeePlayer.exe
FirewallRules: [{FF80AE8E-4CDE-40D6-A8FC-E40603D85AD7}] => (Allow) D:\IQIYI Video\Common\HCDNClient.exe
FirewallRules: [{2080FE4C-98FC-456E-9EEF-FC0A287E1006}] => (Allow) D:\IQIYI Video\Common\QyKernel.exe
FirewallRules: [{91AA27A8-3EA6-439B-B161-C720AEDED09A}] => (Allow) D:\IQIYI Video\LStyle\QyPlayer.exe
FirewallRules: [TCP Query User{8F5D1EE7-2179-4D0C-B7D8-CF38D28D6A62}D:\iqiyi video\lstyle\mobprotect.exe] => (Block) D:\iqiyi video\lstyle\mobprotect.exe
FirewallRules: [UDP Query User{CA59A6D7-9CC3-41A1-9A39-80D896A23287}D:\iqiyi video\lstyle\mobprotect.exe] => (Block) D:\iqiyi video\lstyle\mobprotect.exe
FirewallRules: [{179D9EA4-1401-4031-92A4-DBC15DAC1286}] => (Allow) C:\Users\OnnaissaK\AppData\Roaming\IQIYI Video\LStyle\GpUpdate.exe
FirewallRules: [{672F5185-EB75-45A9-98BF-5E2248812EB0}] => (Allow) D:\IQIYI Video\GeePlayer\GeePlayer.exe
FirewallRules: [{5C38946C-6E70-404E-89DC-8E2943039FDA}] => (Allow) C:\Users\OnnaissaK\AppData\Roaming\IQIYI Video\LStyle\QyUpdate.exe
FirewallRules: [{31AE8B8C-170E-4B59-81D1-E49F23C05716}] => (Allow) D:\IQIYI Video\LStyle\QyClient.exe
FirewallRules: [{D20B52D4-247A-4524-8498-92A8D9B3A8E9}] => (Allow) D:\IQIYI Video\LStyle\QyWebPlayer.exe
FirewallRules: [{A2C32F36-E13C-407E-B814-1B71DEBF1CAB}] => (Allow) D:\IQIYI Video\Common\HCDNClient.exe
FirewallRules: [{BDB03D69-5038-4D95-88DB-7B53CA612C9A}] => (Allow) D:\IQIYI Video\Common\QyKernel.exe
FirewallRules: [{E202FD8D-6E2E-4328-8AAC-B8B69BFE4D13}] => (Allow) D:\IQIYI Video\LStyle\QyPlayer.exe
FirewallRules: [{2890EE48-4B90-4258-9360-E42E90D67E8D}] => (Allow) C:\Program Files (x86)\IQIYI Video\PStyle\PStyle\Common\QyKernel.exe
FirewallRules: [{06854ED5-CD13-4179-9ECF-CC5AECC46B2E}] => (Allow) C:\Program Files (x86)\IQIYI Video\PStyle\QyClient.exe
FirewallRules: [{52E6E5A8-6296-4EFD-A014-6444314F50AB}] => (Allow) C:\Program Files (x86)\IQIYI Video\PStyle\QyPlayer.exe
FirewallRules: [TCP Query User{661E5FD8-E9D3-43E7-9E5B-DD80F661FC13}C:\program files (x86)\iqiyi video\pstyle\common\hcdnclient.exe] => (Block) C:\program files (x86)\iqiyi video\pstyle\common\hcdnclient.exe
FirewallRules: [UDP Query User{2BC7723B-223C-4C07-A03C-F8DE19DFF5FF}C:\program files (x86)\iqiyi video\pstyle\common\hcdnclient.exe] => (Block) C:\program files (x86)\iqiyi video\pstyle\common\hcdnclient.exe
FirewallRules: [{FAAAA213-5F54-43B1-9F46-965050516861}] => (Allow) C:\Program Files (x86)\Tencent\TGP\tcls\tcls_core.exe
FirewallRules: [{0E8B8202-EF4E-4692-AECF-3394C4B7CC6C}] => (Allow) C:\Program Files (x86)\Tencent\TGP\tcls\tcls_core.exe
FirewallRules: [{B4AB69FB-4CA1-4CC2-886A-0C79BD42D202}] => (Allow) C:\Program Files (x86)\Tencent\TGP\tcls\Tenio\TenioDL\TenioDL.exe
FirewallRules: [{0687BC00-1E73-468C-8E15-6A6DEAF77BAF}] => (Allow) C:\Program Files (x86)\Tencent\TGP\tcls\Tenio\TenioDL\TenioDL.exe
FirewallRules: [{2066A4D1-A9C0-4B52-BB4D-556EAA5ACBB7}] => (Allow) C:\Program Files (x86)\Tencent\TGP\tgp_daemon.exe
FirewallRules: [{578FEDCE-3D3C-4CFD-8F9F-A72B98D7B7A4}] => (Allow) C:\Program Files (x86)\Tencent\TGP\tgp_daemon.exe
FirewallRules: [{954951AC-59CB-4754-9487-669E55750ED1}] => (Allow) D:\Program Files\Tencent\TGP\tcls\tcls_core.exe
FirewallRules: [{3B4EEA27-6BEA-4189-AC13-4AEE365C305F}] => (Allow) D:\Program Files\Tencent\TGP\tcls\tcls_core.exe
FirewallRules: [{2947D138-81F7-435D-88CD-D2019B916E1C}] => (Allow) D:\Program Files\Tencent\TGP\tcls\Tenio\TenioDL\TenioDL.exe
FirewallRules: [{060B5055-5885-4EC7-A58D-688C4AAD6F17}] => (Allow) D:\Program Files\Tencent\TGP\tcls\Tenio\TenioDL\TenioDL.exe
FirewallRules: [{F8610585-9D0D-462D-9A40-457C7E86C8A4}] => (Allow) D:\Program Files\Tencent\TGP\tgp_daemon.exe
FirewallRules: [{EAE7C7AD-CBAB-4599-8041-374305BED93F}] => (Allow) D:\Program Files\Tencent\TGP\tgp_daemon.exe
FirewallRules: [{D33752C3-A67A-448E-9D02-5495AA3EA9A3}] => (Allow) C:\QMDownload\SoftMgr\QQMusic_Setup_1161-11.61.3314.410.exe
FirewallRules: [{3CD6FDFF-6F63-446C-93FA-6ECE68FCC997}] => (Allow) C:\QMDownload\SoftMgr\QQMusic_Setup_1161-11.61.3314.410.exe
FirewallRules: [{7687B917-DE3A-4A9F-B021-DE8443B0F725}] => (Allow) C:\Program Files\BitComet\BitComet.exe
FirewallRules: [{62C0DCA2-C17F-4FF0-99BD-FEAFEAAD0709}] => (Allow) C:\Program Files\BitComet\BitComet.exe
FirewallRules: [{6DD55D5E-44DA-4D3B-BD73-CE7E813B5E7E}] => (Allow) C:\Users\OnnaissaK\AppData\Roaming\Tencent\QQ\STemp\SetupEx0\QQSetupEx.exe
FirewallRules: [{92C4854D-EB61-4F44-A2BA-E591B78B670C}] => (Allow) C:\Program Files\Tencent\QQ\Bin\QQ.exe
FirewallRules: [{F9821CA6-3064-47E6-90DE-AFB10EB3FF21}] => (Allow) C:\Program Files\Tencent\QQ\Bin\auclt.exe
FirewallRules: [{7623A9B0-BEBB-437F-8B81-8E19318692BA}] => (Allow) C:\Program Files\Tencent\QQ\Bin\txupd.exe
FirewallRules: [{DA333B1B-8C83-468A-8410-E9E6A57E099F}] => (Allow) C:\Program Files\Tencent\QQ\Bin\SetupEx\SetupEx.exe
FirewallRules: [{E45FE5E6-9366-4169-A002-B8C0874C5A6C}] => (Allow) C:\Program Files\Tencent\QQ\Bin\maLauncher.exe
FirewallRules: [{4AA68F65-D507-496D-8391-8625C32F5ECD}] => (Allow) C:\Program Files\Tencent\QQ\Bin\maUpdat.exe
FirewallRules: [{622FCD2E-B2D7-4634-A479-1D3C605D6837}] => (Allow) C:\program files (x86)\common files\tencent\qqdownload\131\bugreport_xf.exe
FirewallRules: [{4E5ED717-3414-49E2-BC8E-0365E2628438}] => (Allow) C:\program files (x86)\common files\tencent\qqdownload\131\tencentdl.exe
FirewallRules: [{21B36A34-CCDE-4112-A29E-1A250AAFE45B}] => (Allow) C:\Program Files (x86)\Tencent\QzoneMusic\QzoneMusic.exe
FirewallRules: [{0C992FC5-3030-4A9A-ACD9-92F5B6E451CF}] => (Allow) C:\Program Files (x86)\Tencent\QzoneMusic\QzoneMusic.exe
FirewallRules: [{4A95270F-432E-4302-88BC-CB234D22AFEC}] => (Allow) C:\Program Files\Thunder Network\Thunder\Program\XLRCSReport.exe
FirewallRules: [{C1FC0137-FCD6-4606-8F63-64F6A083A640}] => (Allow) C:\Program Files\Thunder Network\Thunder\Program\ThunderMPServer.exe
FirewallRules: [{B84D90E2-D2BA-4A21-9642-C77513B7F221}] => (Allow) C:\Program Files\Thunder Network\Thunder\Program\XLRCSReport.exe
FirewallRules: [{D2D951B8-911C-41F8-AFB7-5518523C7F4B}] => (Allow) C:\Program Files\Thunder Network\Thunder\Program\ThunderMPServer.exe
FirewallRules: [{4BB521FB-B76F-4897-89C1-C50E23BA5B92}] => (Allow) C:\Users\Public\Documents\Tencent\QQGameMicro\IEProc.exe
FirewallRules: [{711E41CD-34E5-491D-A494-2886F294E7C6}] => (Allow) C:\Users\Public\Documents\Tencent\QQGameMicro\QQGameMicro.exe
FirewallRules: [{6CE75EBF-3490-4AF9-918C-3D2AED0F78A3}] => (Allow) C:\program files (x86)\common files\tencent\qqminidl\60\qqminidl.exe
FirewallRules: [{2FF3D05D-B534-42C1-88CC-91498384AB1E}] => (Allow) C:\program files (x86)\common files\tencent\qqminidl\60\QQMiniDLUI.exe
FirewallRules: [{DAD1B264-494B-46BF-9D7F-F71C294BAB3C}] => (Allow) C:\program files (x86)\common files\tencent\qqminidl\60\QQGameUpUI.exe
FirewallRules: [{67FEF26A-FD8D-4F76-8972-FF5EFAAD5708}] => (Allow) D:\k_ssoft\k_du_ba\ktgaz\xlmodule\download\minithunderplatform.exe
FirewallRules: [{46F4FBCB-C7DD-42C1-BAD5-7CF4497D4BA3}] => (Allow) D:\k_ssoft\k_du_ba\ktgaz\xlmodule\download\minithunderplatform.exe
FirewallRules: [{A893F80F-9B61-42E2-876E-56531CFBE265}] => (Allow) C:\Program Files (x86)\KSpeeder\XunYouTM.exe
FirewallRules: [{FC5504B5-5ADE-43ED-BD4C-F0CABD6E27E1}] => (Allow) C:\Program Files (x86)\KSpeeder\xunyou.exe
FirewallRules: [{AEE045DD-63BF-4A79-857E-29E386F391B8}] => (Allow) C:\Program Files (x86)\kingsoft\shoujizhushou\sjk_daemon.exe
FirewallRules: [{3F086963-5023-450F-B94A-4213AB67C3A9}] => (Allow) C:\Program Files (x86)\kingsoft\shoujizhushou\sjk_daemon.exe
FirewallRules: [{346E5398-C551-4BB5-A15E-A48B9B0A57DB}] => (Allow) C:\Program Files (x86)\kingsoft\shoujizhushou\shoujizhushou.exe
FirewallRules: [{0696BE4D-5ABB-40CD-9916-09C717D83E34}] => (Allow) C:\Program Files (x86)\kingsoft\shoujizhushou\shoujizhushou.exe
FirewallRules: [{C6D763EC-09BD-42BE-9265-6626C365CD8B}] => (Allow) LPort=20111
FirewallRules: [{99FA5D97-CA7C-431B-B6B9-532AFE9CC1B4}] => (Allow) D:\IQIYI Video\Common\HCDNClient.exe
FirewallRules: [{35DEEB81-D03A-4789-A0D6-84557179438F}] => (Allow) C:\Users\Public\Documents\Tencent\QQGameZone\IEProc.exe
FirewallRules: [{64554EFF-AA90-4C52-B20C-8C782A1061DA}] => (Allow) C:\Users\Public\Documents\Tencent\QQGameZone\QQGameBoxSvc.exe
FirewallRules: [{D71A1EF5-F832-4B43-B4F3-5794FBB57BA0}] => (Allow) D:\IQIYI Video\Common\QyKernel.exe
FirewallRules: [{656FB676-D2CE-4839-93E2-1F0C48147184}] => (Allow) D:\IQIYI Video\LStyle\QyPlayer.exe
FirewallRules: [{880D3204-B20B-4A06-8DA0-FFBE344C3016}] => (Allow) C:\Users\Public\Documents\Tencent\QQGameZone\QQGameZone.exe
FirewallRules: [{1C47D292-B2F1-4755-9125-50E2DBFD31F5}] => (Allow) C:\Users\OnnaissaK\AppData\Local\Temp\Tencent\MiniQQGameDownloader.1.0.0.7\QQGameDownload.exe
FirewallRules: [{F5984316-C746-4F41-AACF-9EFA9C8B7877}] => (Allow) C:\Users\OnnaissaK\AppData\Local\Temp\Tencent\MiniQQGameDownloader.1.0.0.7\QQGameDownload.exe
FirewallRules: [{942B46A8-5180-45A8-9783-8CA5ACF58164}] => (Allow) C:\Program Files (x86)\kingsoft\shoujizhushou\kphonetray.exe
FirewallRules: [{6A8ED47B-6B28-4036-BA94-B94330DB4340}] => (Allow) C:\Program Files (x86)\kingsoft\shoujizhushou\kphonetray.exe
FirewallRules: [TCP Query User{4F7FD973-13D1-4EEF-8C5C-1FE0BF3A0F91}C:\program files (x86)\mydrivers\drivergenius2013\ksoft\xlmodule\download\minithunderplatform.exe] => (Allow) C:\program files (x86)\mydrivers\drivergenius2013\ksoft\xlmodule\download\minithunderplatform.exe
FirewallRules: [UDP Query User{56A71573-3073-4620-B5B4-D8C49E332E0B}C:\program files (x86)\mydrivers\drivergenius2013\ksoft\xlmodule\download\minithunderplatform.exe] => (Allow) C:\program files (x86)\mydrivers\drivergenius2013\ksoft\xlmodule\download\minithunderplatform.exe
FirewallRules: [TCP Query User{BB2EB32F-0CA6-4E17-B417-B9F1BF2C5065}D:\program files\tencent\tgp\tcls\tenio\teniodl\teniodl.exe] => (Allow) D:\program files\tencent\tgp\tcls\tenio\teniodl\teniodl.exe
FirewallRules: [UDP Query User{54072AD4-F6F0-480F-817D-15B66C52FE81}D:\program files\tencent\tgp\tcls\tenio\teniodl\teniodl.exe] => (Allow) D:\program files\tencent\tgp\tcls\tenio\teniodl\teniodl.exe
FirewallRules: [TCP Query User{AEA9EA42-4253-4B1E-B664-FFD4D81E9A36}D:\neople\dfo\dfo.exe] => (Allow) D:\neople\dfo\dfo.exe
FirewallRules: [UDP Query User{369F069E-34E6-4E08-8E5E-9E33F7B06464}D:\neople\dfo\dfo.exe] => (Allow) D:\neople\dfo\dfo.exe
FirewallRules: [TCP Query User{BD1B1B7D-B0A3-43A1-8941-66E2819EBFCB}C:\users\onnaissak\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\onnaissak\appdata\local\akamai\netsession_win.exe
FirewallRules: [UDP Query User{A627A64D-6C98-491B-AFDE-99E98B737DDD}C:\users\onnaissak\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\onnaissak\appdata\local\akamai\netsession_win.exe
FirewallRules: [{54FB7018-9A95-40A7-8FC7-51B583EBD1C6}] => (Allow) D:\C9\C9.exe
FirewallRules: [{44680F9B-FE51-4196-B478-54C5F8EB3B1C}] => (Allow) D:\C9\C9.exe
FirewallRules: [TCP Query User{C75D59E3-0C1D-4160-8E9A-17D771654D12}C:\users\onnaissak\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\onnaissak\appdata\local\akamai\netsession_win.exe
FirewallRules: [UDP Query User{653F0AE1-8117-4EB7-936D-6998883CF02C}C:\users\onnaissak\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\onnaissak\appdata\local\akamai\netsession_win.exe
FirewallRules: [{4D0CB740-B2B3-48CA-986B-5F5B77A27B0F}] => (Allow) C:\program files (x86)\common files\tencent\qqdownload\131\tencentdl.exe
FirewallRules: [{6B47805A-EFFE-4E5E-929D-E1595177E97E}] => (Allow) C:\program files (x86)\common files\tencent\qqdownload\131\bugreport_xf.exe
FirewallRules: [{313B4391-A1AC-4D5F-8FF7-2D65EA6319D6}] => (Allow) C:\Users\Public\Documents\Tencent\QQGameMicro\IEProc.exe
FirewallRules: [{7B11FBC3-D5D5-4208-8B50-1D34AD0AD861}] => (Allow) C:\Users\Public\Documents\Tencent\QQGameMicro\QQGameMicro.exe
FirewallRules: [{B05CD958-DA0C-43D8-9380-F3F9DF0405E4}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{82710728-0CF9-4D3C-AEF3-B6FE7F200E7D}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{4275D73F-A4FF-4802-ADBF-0A6D37B395A4}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{7B0D8DF5-2164-4DCB-AB03-A9AD27831331}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{56DAD901-5F5B-4B8C-82B2-182534755545}] => (Allow) C:\Program Files (x86)\BitComet\BitComet.exe
FirewallRules: [{5A059FA0-01E6-4CD0-9238-23A09BCB664D}] => (Allow) C:\Program Files (x86)\BitComet\BitComet.exe
FirewallRules: [{EB2F31F6-BCCE-4451-A06A-E8CF29B43F01}] => (Allow) LPort=23095
FirewallRules: [{A8608773-FA4C-4B00-B818-52D486171057}] => (Allow) LPort=23095
FirewallRules: [{8CC9AA5E-D8CC-4144-BA7E-D08D618773E8}] => (Allow) C:\Program Files (x86)\BitComet\BitComet.exe
FirewallRules: [{0EEC2BAF-3365-4183-9484-8FDAB28A0DEF}] => (Allow) C:\Program Files (x86)\BitComet\BitComet.exe
FirewallRules: [{DC0C18D8-133E-4E56-869B-DB381E794775}] => (Allow) LPort=23095
FirewallRules: [{DF496C52-C581-4523-B34A-2C717495FBAB}] => (Allow) LPort=23095
FirewallRules: [TCP Query User{C8EA6232-CDD1-4203-953B-EAD5A24BFD03}C:\users\onnaissak\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\onnaissak\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{88D5570E-E06D-4B89-B8C4-537D7E1286FF}C:\users\onnaissak\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\onnaissak\appdata\roaming\spotify\spotify.exe
FirewallRules: [{BCC3D722-1930-4204-89EA-5D05FE1DF7C3}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\DriverBooster.exe
FirewallRules: [{E72A8140-5A79-4FD0-BEF7-A4C72C10B3F2}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\DriverBooster.exe
FirewallRules: [{8AB184E7-3D19-44CE-BD6A-79F0EAE31A30}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\DBDownloader.exe
FirewallRules: [{2553F86F-8223-4601-88C0-5B38FA005B71}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\DBDownloader.exe
FirewallRules: [{E19BF89B-B749-49F5-AB34-F114E190AE20}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\AutoUpdate.exe
FirewallRules: [{55477C7C-1326-437B-944E-9D54FA6BAA70}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\AutoUpdate.exe
FirewallRules: [{C244DFD9-F890-4887-A942-D54B8364D7AF}] => (Allow) C:\Program Files\UBar\ubar.exe
FirewallRules: [{8D6DADAA-26A3-40C6-B020-974C90A5522C}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{4EA12E5B-7C8F-48F3-ABC5-579230F8FF9A}] => (Allow) LPort=49347
FirewallRules: [{B6CB34E9-014B-4C79-AEF5-2359010CD449}] => (Allow) LPort=5000

==================== Restore Points =========================

26-03-2016 14:43:37 Scheduled Checkpoint
26-03-2016 15:49:03 Windows Defender Checkpoint
26-03-2016 15:51:18 Driver Booster : Adobe Flash Player ActiveX
26-03-2016 16:26:44 Windows Update
02-04-2016 15:32:16 Windows Update
02-04-2016 23:28:12 Removed Java 8 Update 77

==================== Faulty Device Manager Devices =============

Name: tencent QMUdisk
Description: tencent QMUdisk
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: QMUdisk
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: TSDefenseBt
Description: TSDefenseBt
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: TSDefenseBt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: Microsoft Teredo Tunneling Adapter
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (04/04/2016 06:29:44 PM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
Description: Subscription licensing service failed: -1073418231

Error: (04/04/2016 06:21:16 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/02/2016 11:30:00 PM) (Source: NvStreamSvc) (EventID: 2001) (User: )
Description: NvStreamSvcSSAU restarted too many times in a short period. Aborting. [0]

Error: (04/02/2016 07:40:39 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/02/2016 07:40:11 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: NvStreamNetworkService.exe, version: 4.1.1943.6202, time stamp: 0x551399be
Faulting module name: NvStreamNetworkService.exe, version: 4.1.1943.6202, time stamp: 0x551399be
Exception code: 0xc0000005
Fault offset: 0x00000000004e920f
Faulting process id: 0x934
Faulting application start time: 0xNvStreamNetworkService.exe0
Faulting application path: NvStreamNetworkService.exe1
Faulting module path: NvStreamNetworkService.exe2
Report Id: NvStreamNetworkService.exe3

Error: (04/02/2016 01:54:35 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: nsw143E.tmp, version: 0.0.0.0, time stamp: 0x56f6cb47
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x00000000
Faulting process id: 0x534
Faulting application start time: 0xnsw143E.tmp0
Faulting application path: nsw143E.tmp1
Faulting module path: nsw143E.tmp2
Report Id: nsw143E.tmp3

Error: (04/02/2016 01:33:10 PM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
Description: Subscription licensing service failed: -1073418231

Error: (04/02/2016 01:24:48 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/26/2016 04:00:28 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/26/2016 04:00:21 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: NvStreamNetworkService.exe, version: 4.1.1943.6202, time stamp: 0x551399be
Faulting module name: NvStreamNetworkService.exe, version: 4.1.1943.6202, time stamp: 0x551399be
Exception code: 0xc0000005
Fault offset: 0x00000000004e920f
Faulting process id: 0x8f8
Faulting application start time: 0xNvStreamNetworkService.exe0
Faulting application path: NvStreamNetworkService.exe1
Faulting module path: NvStreamNetworkService.exe2
Report Id: NvStreamNetworkService.exe3


System errors:
=============
Error: (04/04/2016 06:19:46 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
bootsafe
TsDefenseBt
UsbCharger

Error: (04/04/2016 06:19:41 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Iatenl service failed to start due to the following error: 
%%2

Error: (04/04/2016 06:19:41 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The GOSafer service failed to start due to the following error: 
%%2

Error: (04/04/2016 06:19:38 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The QQPCMgr RTP Service service failed to start due to the following error: 
%%2

Error: (04/02/2016 11:25:46 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The EcirvWisdi service terminated unexpectedly.  It has done this 1 time(s).

Error: (04/02/2016 11:25:46 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The 4C1FBB1B-062E-42F2-8EA3-1D63B59745D4 service terminated unexpectedly.  It has done this 1 time(s).

Error: (04/02/2016 07:40:02 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
bootsafe
TsDefenseBt
UsbCharger

Error: (04/02/2016 07:39:26 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The GOSafer service failed to start due to the following error: 
%%2

Error: (04/02/2016 07:39:10 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The QQPCMgr RTP Service service failed to start due to the following error: 
%%2

Error: (04/02/2016 03:32:02 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 40.


==================== Memory info =========================== 

Processor: AMD Athlon(tm) II X2 250 Processor
Percentage of memory in use: 25%
Total physical RAM: 8165.86 MB
Available physical RAM: 6101.53 MB
Total Virtual: 16329.93 MB
Available Virtual: 14114.05 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:146.39 GB) (Free:40.09 GB) NTFS
Drive d: () (Fixed) (Total:319.28 GB) (Free:81.07 GB) NTFS
Drive e: (Setup) (CDROM) (Total:0.07 GB) (Free:0 GB) CDFS

==================== MBR & Partition Table ==================

==================== End of Addition.txt ============================