CloseProcesses:
CreateRestorePoint:
C:\ProgramData\WindowsMangerProtect
C:\Program Files\SavePass 1.1
C:\Program Files\MiuiTab
C:\Program Files\Mezaa
HKLM\...\Run: [Mezaa Tray] => C:\Program Files\Mezaa\MzaXYZTy.exe [181992 2015-03-06] (Mezaa)
HKU\S-1-5-21-398714757-4205386782-3194616843-1001\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-398714757-4205386782-3194616843-1001\...\Run: [] => [X]
Winsock: Catalog9 01 C:\Windows\system32\MZA.dll [358632 2015-06-16] (MZA)
Winsock: Catalog9 02 C:\Windows\system32\MZA.dll [358632 2015-06-16] (MZA)
Winsock: Catalog9 03 C:\Windows\system32\MZA.dll [358632 2015-06-16] (MZA)
Winsock: Catalog9 04 C:\Windows\system32\MZA.dll [358632 2015-06-16] (MZA)
Winsock: Catalog9 15 C:\Windows\system32\MZA.dll [358632 2015-06-16] (MZA)
C:\Windows\system32\MZA.dll
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.oursurfing.com/?type=hp&ts=1434421514&z=b946c920a0ebfc7592c0598g2zbc1z5z9oagbw8gab&from=2sq&uid=ST1000DM003-1CH162_Z1D7PJBJXXXXZ1D7PJBJ
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.oursurfing.com/web/?type=ds&ts=1434421514&z=b946c920a0ebfc7592c0598g2zbc1z5z9oagbw8gab&from=2sq&uid=ST1000DM003-1CH162_Z1D7PJBJXXXXZ1D7PJBJ&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.oursurfing.com/?type=hp&ts=1434421514&z=b946c920a0ebfc7592c0598g2zbc1z5z9oagbw8gab&from=2sq&uid=ST1000DM003-1CH162_Z1D7PJBJXXXXZ1D7PJBJ
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.oursurfing.com/web/?type=ds&ts=1434421514&z=b946c920a0ebfc7592c0598g2zbc1z5z9oagbw8gab&from=2sq&uid=ST1000DM003-1CH162_Z1D7PJBJXXXXZ1D7PJBJ&q={searchTerms}
HKU\S-1-5-21-398714757-4205386782-3194616843-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.oursurfing.com/?type=hp&ts=1434421514&z=b946c920a0ebfc7592c0598g2zbc1z5z9oagbw8gab&from=2sq&uid=ST1000DM003-1CH162_Z1D7PJBJXXXXZ1D7PJBJ
HKU\S-1-5-21-398714757-4205386782-3194616843-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.oursurfing.com/?type=hp&ts=1434421514&z=b946c920a0ebfc7592c0598g2zbc1z5z9oagbw8gab&from=2sq&uid=ST1000DM003-1CH162_Z1D7PJBJXXXXZ1D7PJBJ
SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.oursurfing.com/web/?type=ds&ts=1434421514&z=b946c920a0ebfc7592c0598g2zbc1z5z9oagbw8gab&from=2sq&uid=ST1000DM003-1CH162_Z1D7PJBJXXXXZ1D7PJBJ&q={searchTerms}
SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.oursurfing.com/web/?type=ds&ts=1434421514&z=b946c920a0ebfc7592c0598g2zbc1z5z9oagbw8gab&from=2sq&uid=ST1000DM003-1CH162_Z1D7PJBJXXXXZ1D7PJBJ&q={searchTerms}
SearchScopes: HKU\S-1-5-21-398714757-4205386782-3194616843-1001 -> DefaultScope {2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} URL = hxxp://www.oursurfing.com/web/?utm_source=b&utm_medium=2sq&utm_campaign=install_ie&utm_content=ds&from=2sq&uid=ST1000DM003-1CH162_Z1D7PJBJXXXXZ1D7PJBJ&ts=1434421552&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-398714757-4205386782-3194616843-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.oursurfing.com/web/?utm_source=b&utm_medium=2sq&utm_campaign=install_ie&utm_content=ds&from=2sq&uid=ST1000DM003-1CH162_Z1D7PJBJXXXXZ1D7PJBJ&ts=1434421552&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-398714757-4205386782-3194616843-1001 -> {2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} URL = hxxp://www.oursurfing.com/web/?utm_source=b&utm_medium=2sq&utm_campaign=install_ie&utm_content=ds&from=2sq&uid=ST1000DM003-1CH162_Z1D7PJBJXXXXZ1D7PJBJ&ts=1434421552&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-398714757-4205386782-3194616843-1001 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.oursurfing.com/web/?utm_source=b&utm_medium=2sq&utm_campaign=install_ie&utm_content=ds&from=2sq&uid=ST1000DM003-1CH162_Z1D7PJBJXXXXZ1D7PJBJ&ts=1434421552&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-398714757-4205386782-3194616843-1001 -> {E733165D-CBCF-4FDA-883E-ADEF965B476C} URL = hxxp://www.oursurfing.com/web/?utm_source=b&utm_medium=2sq&utm_campaign=install_ie&utm_content=ds&from=2sq&uid=ST1000DM003-1CH162_Z1D7PJBJXXXXZ1D7PJBJ&ts=1434421552&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-398714757-4205386782-3194616843-1002 -> DefaultScope {2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} URL = hxxp://www.oursurfing.com/web/?utm_source=b&utm_medium=2sq&utm_campaign=install_ie&utm_content=ds&from=2sq&uid=ST1000DM003-1CH162_Z1D7PJBJXXXXZ1D7PJBJ&ts=1434421552&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-398714757-4205386782-3194616843-1002 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.oursurfing.com/web/?utm_source=b&utm_medium=2sq&utm_campaign=install_ie&utm_content=ds&from=2sq&uid=ST1000DM003-1CH162_Z1D7PJBJXXXXZ1D7PJBJ&ts=1434421552&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-398714757-4205386782-3194616843-1002 -> {2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} URL = hxxp://www.oursurfing.com/web/?utm_source=b&utm_medium=2sq&utm_campaign=install_ie&utm_content=ds&from=2sq&uid=ST1000DM003-1CH162_Z1D7PJBJXXXXZ1D7PJBJ&ts=1434421552&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-398714757-4205386782-3194616843-1002 -> {E733165D-CBCF-4FDA-883E-ADEF965B476C} URL = hxxp://www.oursurfing.com/web/?utm_source=b&utm_medium=2sq&utm_campaign=install_ie&utm_content=ds&from=2sq&uid=ST1000DM003-1CH162_Z1D7PJBJXXXXZ1D7PJBJ&ts=1434421552&type=default&q={searchTerms}
BHO: PriceLesos -> {04FB05C4-DADA-4A8E-83A3-C0A6EB294B05} -> C:\Program Files\PriceLesos\kRJzbAg21r5rpg.dll [2015-06-16] ()
C:\Program Files\PriceLesos
BHO: LuckyTab Class -> {51D26BB4-4D2C-4AE4-9873-5FF41B6DED1F} -> C:\Program Files\MiuiTab\SupTab.dll [2015-06-12] (Thinknice Co. Limited)
StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe hxxp://www.oursurfing.com/?type=sc&ts=1434421514&z=b946c920a0ebfc7592c0598g2zbc1z5z9oagbw8gab&from=2sq&uid=ST1000DM003-1CH162_Z1D7PJBJXXXXZ1D7PJBJ
FF DefaultSearchEngine: oursurfing
FF SelectedSearchEngine: oursurfing
FF Homepage: hxxp://www.oursurfing.com/?type=hp&ts=1434421514&z=b946c920a0ebfc7592c0598g2zbc1z5z9oagbw8gab&from=2sq&uid=ST1000DM003-1CH162_Z1D7PJBJXXXXZ1D7PJBJ
FF Plugin: @staging.google.com/globalUpdate Update;version=10 -> C:\Program Files\globalUpdate\Update\1.3.25.0\npglobalupdateUpdate4.dll [2015-06-16] (globalUpdate)
FF Plugin: @staging.google.com/globalUpdate Update;version=4 -> C:\Program Files\globalUpdate\Update\1.3.25.0\npglobalupdateUpdate4.dll [2015-06-16] (globalUpdate)
FF Extension: PriceLesos - C:\Users\Ananda\AppData\Roaming\Mozilla\Firefox\Profiles\ka8quv27.default\Extensions\OdpE@aF.edu [2015-07-12]
FF HKLM\...\Firefox\Extensions: [sweetsearch@gmail.com] - C:\Users\Ananda\AppData\Roaming\Mozilla\Firefox\Profiles\ka8quv27.default\extensions\sweetsearch@gmail.com
OPR Extension: (SavePass 1.1) - C:\Users\Ananda\AppData\Roaming\Opera Software\Opera Stable\Extensions\akaelkiagnbfcccfnmbimdbplecgbikh [2015-06-18]
R2 c616b728; c:\Program Files\RelaySoft\RelaySoft.dll [1803776 2015-06-16] () [File not signed]
R2 CDROM_Eject_FI; C:\Program Files\Mblaze_Mylink\FI_Eject.exe [2198016 2014-07-31] () [File not signed]
c:\Program Files\RelaySoft
S2 globalUpdate; C:\Program Files\globalUpdate\Update\globalupdate.exe [68608 2015-06-16] (globalUpdate) [File not signed] <==== ATTENTION
S3 globalUpdatem; C:\Program Files\globalUpdate\Update\globalupdate.exe [68608 2015-06-16] (globalUpdate) [File not signed] <==== ATTENTION
R2 MezaaV1; C:\Program Files\Mezaa\MezaaSvc.exe [94440 2015-03-06] (Mezaa)
R2 MezaaV2; C:\Program Files\Mezaa\Mezaa.Service.exe [22248 2015-03-06] (Mezaa)
R2 IHProtect Service; C:\Program Files\MiuiTab\ProtectService.exe [125056 2015-06-12] (XTab system)
R2 MZA; C:\Program Files\Mezaa\MZA.exe [4310248 2015-03-06] (MZA)
R2 WindowsMangerProtect; C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe [695976 2015-06-16] (DTools LIMITED) <==== ATTENTION
2015-08-29 09:38 - 2015-08-29 09:38 - 00000985 _____ C:\Users\Public\Desktop\Mblaze_Mylink.lnk
2015-08-29 09:38 - 2015-08-29 09:38 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mblaze_Mylink
2015-08-29 09:38 - 2015-08-29 09:38 - 00000000 ____D C:\Program Files\Mblaze_Mylink
2015-09-11 12:22 - 2015-06-16 07:56 - 00000882 _____ C:\Windows\Tasks\globalUpdateUpdateTaskMachineCore.job
2015-09-09 14:49 - 2015-06-16 07:56 - 00000886 _____ C:\Windows\Tasks\globalUpdateUpdateTaskMachineUA.job
globalupdate Helper (Version: 1.3.25.0 - globalupdate Inc.) Hidden <==== ATTENTIONCustomCLSID: HKU\S-1-5-21-398714757-4205386782-3194616843-1001_Classes\CLSID\{F28C2F70-47DE-4EA5-8F6D-7D1476CD1EF5}\localserver32 -> C:\Users\Ananda\AppData\Local\Temp\E00\temp\Download.exe ()
Task: {01271955-7A1C-4ACC-90CB-91CA0B8D7FC8} - System32\Tasks\Comp Logo => Rundll32.exe "C:\Users\Home\AppData\Local\Comp Logo\Bin\CompLogo.dll",#3
C:\Users\Home\AppData\Local\Comp Logo
Task: {01E59BD3-B27B-4CA0-874E-99E25864D9A8} - System32\Tasks\globalUpdateUpdateTaskMachineUA => C:\Program Files\globalUpdate\Update\globalupdate.exe [2015-06-16] (globalUpdate) <==== ATTENTION
Task: {3F429246-AF3A-48A9-BC3D-D5E31677CC8C} - System32\Tasks\31833287-93cf-44c4-8a29-8b6ff7de3cc2-5_user => C:\Program Files\SavePass 1.1\31833287-93cf-44c4-8a29-8b6ff7de3cc2-5.exe [2015-06-16] (OB) <==== ATTENTION
Task: {6967D98C-1245-4F0D-A72B-1161C7D128FD} - System32\Tasks\31833287-93cf-44c4-8a29-8b6ff7de3cc2-11 => C:\Program Files\SavePass 1.1\31833287-93cf-44c4-8a29-8b6ff7de3cc2-11.exe [2015-06-16] (OB) <==== ATTENTION
Task: {7A075BD5-512C-431F-B084-B00911CCA350} - System32\Tasks\31833287-93cf-44c4-8a29-8b6ff7de3cc2-1-6 => C:\Program Files\SavePass 1.1\31833287-93cf-44c4-8a29-8b6ff7de3cc2-1-6.exe [2015-06-16] (OB) <==== ATTENTION
Task: {A0B3B02A-FAFA-409D-897C-D21852A41B1B} - System32\Tasks\31833287-93cf-44c4-8a29-8b6ff7de3cc2-10_user => C:\Program Files\SavePass 1.1\31833287-93cf-44c4-8a29-8b6ff7de3cc2-10.exe [2015-06-16] (OB) <==== ATTENTION
Task: {ACC9FF67-0E05-439B-AC26-307B79911162} - System32\Tasks\31833287-93cf-44c4-8a29-8b6ff7de3cc2-1-7 => C:\Program Files\SavePass 1.1\31833287-93cf-44c4-8a29-8b6ff7de3cc2-1-7.exe [2015-06-16] (OB) <==== ATTENTION
Task: {B0C11DA4-02AB-43B7-A420-C51C08E37DA1} - System32\Tasks\Bidaily Synchronize Task[973b] => c:\programdata\{c42df292-8e31-60a9-c42d-df2928e3ca4a}\download.exe [2014-06-16] () <==== ATTENTION
c:\programdata\{c42df292-8e31-60a9-c42d-df2928e3ca4a}
Task: {C674A54D-0CEA-43D3-9B29-153BE3DFAC61} - System32\Tasks\globalUpdateUpdateTaskMachineCore => C:\Program Files\globalUpdate\Update\globalupdate.exe [2015-06-16] (globalUpdate) <==== ATTENTION
Task: {EE8C7A6F-FC27-4975-9565-FE240B2F67E1} - System32\Tasks\31833287-93cf-44c4-8a29-8b6ff7de3cc2-5 => C:\Program Files\SavePass 1.1\31833287-93cf-44c4-8a29-8b6ff7de3cc2-5.exe [2015-06-16] (OB) <==== ATTENTION
Task: {F6690E14-EBAE-4BC4-8418-DD3A5C7ABE7B} - System32\Tasks\31833287-93cf-44c4-8a29-8b6ff7de3cc2-4 => C:\Program Files\SavePass 1.1\31833287-93cf-44c4-8a29-8b6ff7de3cc2-4.exe [2015-06-16] (OB) <==== ATTENTION
Task: C:\Windows\Tasks\31833287-93cf-44c4-8a29-8b6ff7de3cc2-1-6.job => C:\Program Files\SavePass 1.1\31833287-93cf-44c4-8a29-8b6ff7de3cc2-1-6.exe <==== ATTENTION
Task: C:\Windows\Tasks\31833287-93cf-44c4-8a29-8b6ff7de3cc2-1-7.job => C:\Program Files\SavePass 1.1\31833287-93cf-44c4-8a29-8b6ff7de3cc2-1-7.exe <==== ATTENTION
Task: C:\Windows\Tasks\31833287-93cf-44c4-8a29-8b6ff7de3cc2-10_user.job => C:\Program Files\SavePass 1.1\31833287-93cf-44c4-8a29-8b6ff7de3cc2-10.exe <==== ATTENTION
Task: C:\Windows\Tasks\31833287-93cf-44c4-8a29-8b6ff7de3cc2-11.job => C:\Program Files\SavePass 1.1\31833287-93cf-44c4-8a29-8b6ff7de3cc2-11.exe <==== ATTENTION
Task: C:\Windows\Tasks\31833287-93cf-44c4-8a29-8b6ff7de3cc2-4.job => C:\Program Files\SavePass 1.1\31833287-93cf-44c4-8a29-8b6ff7de3cc2-4.exe <==== ATTENTION
Task: C:\Windows\Tasks\31833287-93cf-44c4-8a29-8b6ff7de3cc2-5.job => C:\Program Files\SavePass 1.1\31833287-93cf-44c4-8a29-8b6ff7de3cc2-5.exe <==== ATTENTION
Task: C:\Windows\Tasks\31833287-93cf-44c4-8a29-8b6ff7de3cc2-5_user.job => C:\Program Files\SavePass 1.1\31833287-93cf-44c4-8a29-8b6ff7de3cc2-5.exe <==== ATTENTION
Task: C:\Windows\Tasks\Bidaily Synchronize Task[973b].job => c:\programdata\{c42df292-8e31-60a9-c42d-df2928e3ca4a}\download.exe <==== ATTENTION
Task: C:\Windows\Tasks\globalUpdateUpdateTaskMachineCore.job => C:\Program Files\globalUpdate\Update\globalupdate.exe <==== ATTENTION
Task: C:\Windows\Tasks\globalUpdateUpdateTaskMachineUA.job => C:\Program Files\globalUpdate\Update\globalupdate.exe <==== ATTENTION
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MZA => ""="service"
C:\Windows\system32\netcfg-*.txt
EmptyTemp:
CMD: bitsadmin /reset /allusers
Reg: Reg Delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartupApproved" /F
Reg: Reg Add "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartupApproved" /F
Reg: Reg Delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg" /F
Reg: Reg Add "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg" /F
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: ipconfig /flushdns
CMD: netsh winsock reset catalog
CMD: netsh int ip reset c:\resetlog.txt
CMD: ipconfig /release
CMD: ipconfig /renew
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset