CreateRestorePoint: CloseProcesses: (XTab system) C:\Program Files (x86)\MiuiTab\ProtectService.exe (Microsoft Corporation) C:\Users\Hira\AppData\Roaming\Microsoft\SystemCertificates\VSSVC.exe C:\Users\Hira\AppData\Roaming\Microsoft\SystemCertificates\VSSVC.exe (SearchProtect) C:\Program Files (x86)\MiuiTab\CmdShell.exe C:\Program Files (x86)\MiuiTab (XTab system) C:\Program Files (x86)\MiuiTab\HPNotify.exe HKLM\...\Policies\Explorer: [TaskbarNoNotification] 1 HKLM\...\Policies\Explorer: [HideSCAHealth] 1 HKU\S-1-5-19\Control Panel\Desktop\\SCRNSAVE.EXE -> HKU\S-1-5-20\Control Panel\Desktop\\SCRNSAVE.EXE -> HKU\S-1-5-21-2566174151-1872494669-349303958-1011\...\Run: [Optimizer Pro] => C:\Program Files (x86)\Optimizer Pro\OptProLauncher.exe C:\Program Files (x86)\Optimizer Pro HKU\S-1-5-21-2566174151-1872494669-349303958-1011\...\MountPoints2: {bc36c78f-7ef4-11e4-9204-0024beaf8023} - G:\HTC_Sync_Manager_PC.exe HKU\S-1-5-18\Control Panel\Desktop\\SCRNSAVE.EXE -> SearchScopes: HKLM -> DefaultScope value is missing SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM-x32 -> DefaultScope value is missing SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll No File C:\Program Files\Java BHO-x32: No Name -> {02478D38-C3F9-4efb-9B51-7695ECA05670} -> No File BHO-x32: IETabPage Class -> {3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} -> C:\Program Files (x86)\SupTab\SupTab.dll No File C:\Program Files (x86)\SupTab BHO-x32: LuckyTab Class -> {51D26BB4-4D2C-4AE4-9873-5FF41B6DED1F} -> C:\Program Files (x86)\MiuiTab\SupTab.dll [2015-06-11] (Thinknice Co. Limited) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32.dll No File CHR HKLM\...\Chrome\Extension: [fhidhffpdlhleocklmjbncdngoobjdli] - C:\Users\Hira\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhidhffpdlhleocklmjbncdngoobjdli.crx [2014-11-01] CHR HKU\S-1-5-21-2566174151-1872494669-349303958-1011\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [cflheckfmhopnialghigdlggahiomebp] - C:\Users\Hira\AppData\Local\CRE\cflheckfmhopnialghigdlggahiomebp.crx [2013-07-27] CHR HKU\S-1-5-21-2566174151-1872494669-349303958-1011\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - https://clients2.goo...ice/update2/crx CHR HKLM-x32\...\Chrome\Extension: [bicnnkjibmphdeigoodpjlcklcnaobdj] - C:\Program Files (x86)\TornTV.com\torntv10.crx [Not Found] CHR HKLM-x32\...\Chrome\Extension: [cflheckfmhopnialghigdlggahiomebp] - C:\Users\Hira\AppData\Local\CRE\cflheckfmhopnialghigdlggahiomebp.crx [2013-07-27] CHR HKLM-x32\...\Chrome\Extension: [fhidhffpdlhleocklmjbncdngoobjdli] - C:\Users\Hira\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhidhffpdlhleocklmjbncdngoobjdli.crx [2014-11-01]R2 IHProtect Service; C:\Program Files (x86)\MiuiTab\ProtectService.exe [125056 2015-06-11] (XTab system) R2 VSSS; C:\Users\Hira\AppData\Roaming\Microsoft\SystemCertificates\VSSVC.exe [101133184 2015-06-24] (Microsoft Corporation) [File not signed] <==== ATTENTION S2 vvdsvc; C:\Windows\SysWOW64\nagasoft\vjocx.dll [1685024 2009-03-18] (NanJing Nagasoft Co, LTD.) C:\Windows\SysWOW64\nagasoft\vjocx.dll S3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [102472 2009-11-04] (McAfee, Inc.) C:\Windows\System32\drivers\mfeavfk.sys R1 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [308296 2009-11-04] (McAfee, Inc.) C:\Windows\System32\drivers\mfehidk.sys S3 mferkdk; C:\Windows\System32\drivers\mferkdk.sys [40904 2009-11-04] (McAfee, Inc.) C:\Windows\System32\drivers\mferkdk.sys S3 mfesmfk; C:\Windows\System32\drivers\mfesmfk.sys [49480 2009-11-04] (McAfee, Inc.) C:\Windows\System32\drivers\mfesmfk.sys R3 KProcessHacker2; \??\C:\Program Files\kprocesshacker.sys [X] \??\C:\Program Files\kprocesshacker.sys 2015-06-29 02:34 - 2015-06-29 02:34 - 01415680 _____ (wj32) C:\Program Files\OX6FDMVZ.exe 2015-06-29 02:33 - 2015-06-29 02:33 - 01415680 _____ (wj32) C:\Program Files\U3CLJS15.exe 2015-06-28 20:15 - 2015-06-28 20:15 - 01415680 _____ (wj32) C:\Program Files\ENW53CL0.exe 2015-06-28 20:15 - 2015-06-28 20:15 - 01415680 _____ (wj32) C:\Program Files\4DMVT2BF.exe 2015-06-28 03:47 - 2015-06-28 03:47 - 01415680 _____ (wj32) C:\Program Files\KTR09IGV.exe 2015-06-28 03:43 - 2015-06-28 03:43 - 01415680 _____ (wj32) C:\Program Files\YGNRKD6M.exe 2015-06-28 03:43 - 2015-06-28 03:43 - 01415680 _____ (wj32) C:\Program Files\CLJS1A8N.exe 2015-06-28 03:42 - 2015-06-28 03:42 - 01415680 _____ (wj32) C:\Program Files\Z8HKOM9A.exe 2015-06-28 03:42 - 2015-06-28 03:42 - 01415680 _____ (wj32) C:\Program Files\KZ8HFOX1.exe 2015-06-28 03:42 - 2015-06-28 03:42 - 01415680 _____ (wj32) C:\Program Files\KZ8HFD01.exe 2015-06-28 03:42 - 2015-06-28 03:42 - 01415680 _____ (wj32) C:\Program Files\9IR0Y7GK.exe 2015-06-27 22:58 - 2015-06-27 22:58 - 01415680 _____ (wj32) C:\Program Files\UNG92VO4.exe 2015-06-27 04:04 - 2015-06-27 04:04 - 00000000 ____D C:\Users\Hira\AppData\Roaming\Process Hacker 2 2015-06-11 14:17 - 2015-06-11 14:17 - 00000000 ____D C:\ProgramData\IHProtectUpDate 2015-06-11 14:17 - 2015-06-11 14:17 - 00000000 ____D C:\Program Files (x86)\MiuiTab 2015-06-11 14:16 - 2014-11-01 20:28 - 00000000 ____D C:\ProgramData\IePluginServices 2015-06-28 20:15 - 2015-06-28 20:15 - 1415680 _____ (wj32) C:\Program Files\4DMVT2BF.exe 2015-06-28 03:42 - 2015-06-28 03:42 - 1415680 _____ (wj32) C:\Program Files\9IR0Y7GK.exe 2015-06-28 03:43 - 2015-06-28 03:43 - 1415680 _____ (wj32) C:\Program Files\CLJS1A8N.exe 2015-06-28 20:15 - 2015-06-28 20:15 - 1415680 _____ (wj32) C:\Program Files\ENW53CL0.exe 2015-06-28 03:47 - 2015-06-28 03:47 - 1415680 _____ (wj32) C:\Program Files\KTR09IGV.exe 2015-06-28 03:42 - 2015-06-28 03:42 - 1415680 _____ (wj32) C:\Program Files\KZ8HFD01.exe 2015-06-28 03:42 - 2015-06-28 03:42 - 1415680 _____ (wj32) C:\Program Files\KZ8HFOX1.exe 2015-06-29 02:34 - 2015-06-29 02:34 - 1415680 _____ (wj32) C:\Program Files\OX6FDMVZ.exe 2015-06-29 02:33 - 2015-06-29 02:33 - 1415680 _____ (wj32) C:\Program Files\U3CLJS15.exe 2015-06-27 22:58 - 2015-06-27 22:58 - 1415680 _____ (wj32) C:\Program Files\UNG92VO4.exe 2015-06-28 03:43 - 2015-06-28 03:43 - 1415680 _____ (wj32) C:\Program Files\YGNRKD6M.exe 2015-06-28 03:42 - 2015-06-28 03:42 - 1415680 _____ (wj32) C:\Program Files\Z8HKOM9A.exe 2013-03-03 19:38 - 2013-03-04 22:00 - 0000024 _____ () C:\Users\Hira\AppData\Roaming\MyPhrases.dta 2010-01-17 20:04 - 2010-01-17 20:04 - 0000048 ____H () C:\ProgramData\ezsidmv.dat Task: {20BFAA7E-F743-46AD-8B6F-182B63B185D6} - System32\Tasks\{28F47C53-0506-4D7B-94B5-DB7B6EB7733D} => pcalua.exe -a C:\Users\Hira\AppData\Roaming\webssearches\UninstallManager.exe -c -ptid=exp <==== ATTENTION C:\Users\Hira\AppData\Roaming\webssearches Task: {7A2A2AD4-9109-4609-97BA-5F8028C12A76} - System32\Tasks\LuckyTab => C:\Program Files (x86)\LuckyTab\LuckyTab.exe [2014-11-01] (http://lucky-tab.com/) <==== ATTENTION C:\Program Files (x86)\LuckyTab AlternateDataStreams: C:\Users\Public\DRM:مايكروسوفت HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcmscsvc => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MpfService => ""="Service" Hosts: CMD: bitsadmin /reset /allusers CMD: netsh advfirewall reset CMD: netsh advfirewall set allprofiles state ON CMD: ipconfig /flushdns CMD: netsh winsock reset catalog CMD: netsh int ip reset c:\resetlog.txt CMD: ipconfig /release CMD: ipconfig /renew CMD: netsh int ipv4 reset CMD: netsh int ipv6 reset CMD: bitsadmin /reset /allusers Reg: Reg Delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg" /F Reg: Reg Add "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg" /F EmptyTemp: