Rkill 2.9.1 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2019 BleepingComputer.com
More Information about Rkill can be found at this link:
 http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 12/24/2019 07:28:38 PM in x64 mode.
Windows Version: Windows 10 Pro 

Checking for Windows services to stop:

 * No malware services found to stop.

Checking for processes to terminate:

 * No malware processes found to kill.

Checking Registry for malware related settings:

 * Advanced Explorer Setting Removed:  HideIcons [HKCU]

Backup Registry file created at:
 C:\Users\saenz\Desktop\rkill\rkill-12-24-2019-07-28-41.reg

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

 * Reparse Point/Junctions Found (Most likely legitimate)!

     * C:\WINDOWS\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 => C:\WINDOWS\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\INetCache\IE [Dir]

Searching for Missing Digital Signatures: 

 * No issues found.

Checking HOSTS File: 

 * Cannot edit the HOSTS file.
 * Permissions could not be fixed. Use Hosts-perm.bat to fix permissions: http://www.bleepingcomputer.com/download/hosts-permbat/

 * HOSTS file entries found: 

  127.0.0.1       licensing.freegrabapp.com
  127.0.0.1 api.bignox.com
  127.0.0.1 tracking.trnox.com
  127.0.0.1 bi.yeshen.com
  127.0.0.1 launcher.us.yeshen.com
  127.0.0.1 pubstatus.sinaapp.com
  127.0.0.1 noxagile.duapp.com
  127.0.0.1 common.duapps.com
  127.0.0.1 pasta.esfile.duapps.com
  127.0.0.1 api.mobula.sdk.duapps.com
  127.0.0.1 hmma.baidu.com
  127.0.0.1 nrc.tapas.net
  127.0.0.1 au.umeng.com
  127.0.0.1 www.yeshen.com
  127.0.0.1 www.yeshen.com.w.kunlungr.com
  127.0.0.1 hm.e.shifen.com
  127.0.0.1 tdcv3.talkingdata.net
  127.0.0.1 alog.umeng.com
  127.0.0.1 sdk.open.inc2.igexin.com
  127.0.0.1 androiden.duapp.com

Program finished at: 12/24/2019 07:28:47 PM
Execution time: 0 hours(s), 0 minute(s), and 9 seconds(s)