CreateRestorePoint: HKLM\...\Run: [SpaceSoundPro] => C:\Program Files\SpaceSoundPro\SpaceSoundPro.exe [4203520 2015-08-03] (Space Sound Pro) HKLM\...\Run: [shopperz170920151519] => C:\Program Files\shopperz170920151519\Pafyf.exe [428744 2015-09-17] () HKLM\...\Run: [shopperz17092015151964] => C:\Program Files\shopperz170920151519\Pafyf64.exe [459976 2015-09-17] () HKLM-x32\...\Run: [smallbox] => C:\ProgramData\uiksdl201591822\ElTaces.exe [699712 2015-09-18] (eyuwi) HKLM-x32\...\Run: [SmartWeb] => C:\Users\Christine\AppData\Local\SmartWeb\SmartWebHelper.exe [270368 2015-02-17] (SoftBrain Technologies Ltd.) HKLM-x32\...\Run: [ QQPCTray] => C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16575.227\QQPCTray.exe [355296 2015-09-18] (Tencent) HKLM-x32\...\Run: [RSDTRAY] => C:\Program Files (x86)\Rising\RSD\popwndexe.exe [126808 2012-09-24] (Beijing Rising Information Technology Co., Ltd.) HKLM-x32\...\Run: [RavTRAY] => C:\Program Files (x86)\Rising\RAV\RSTRAY.EXE [111000 2014-05-14] (Beijing Rising Information Technology Co., Ltd.) HKLM-x32\...\RunOnce: [IOPROTECT] => C:\Users\Christine\AppData\Local\Temp\WIZZ\ioproduct_service.bat [128 2015-09-18] () <===== ATTENTION HKLM-x32\...\RunOnce: [Update] => C:\Users\Christine\AppData\Roaming\ASPackage\ASPackage.exe [1426182 2015-09-18] () HKLM-x32\...\RunOnce: [rsrunproc] => C:\Program Files (x86)\Rising\RAV\rsstub.exe [114968 2015-03-20] (Beijing Rising Information Technology Co., Ltd.) HKU\S-1-5-21-755935381-1260166776-3288764244-1001\...\Run: [apphide] => C:\Program Files (x86)\baidu\pps.exe [77824 2015-08-31] () HKU\S-1-5-21-755935381-1260166776-3288764244-1001\...\Run: [HCDNClient] => C:\IQIYI Video\Common\QyKernel.exe [576104 2015-05-12] (iQIYI.COM) HKU\S-1-5-21-755935381-1260166776-3288764244-1001\...\Run: [Application] => C:\Users\Public\Documents\windows.exe [8368733 2015-06-29] () HKU\S-1-5-21-755935381-1260166776-3288764244-1001\...\Run: [GoogleChromeAutoLaunch_1893FD521B79CDAB1CE329917B5C6AAE] => C:\Program Files (x86)\MyBrowser\MyBrowser\Application\mybrowser.exe [796160 2015-08-30] (MyBrowser) HKU\S-1-5-18\...\RunOnce: [Application Restart #0] => C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe [372400 2014-10-28] (Microsoft Corporation) ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No File ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No File ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No File ShellIconOverlayIdentifiers: [.QMDeskTopGCIcon] -> {B7667919-3765-4815-A66D-98A09BE662D6} => C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16575.227\QMGCShellExt64.dll [2015-09-18] (Tencent) ShellIconOverlayIdentifiers: [Fatlfn] -> {646BAAE7-7538-4866-8EEE-974C0AA910AB} => C:\ProgramData\alglcnqmicek.dll [2015-09-18] (wenjiqiwu) ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No File ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No File ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No File ShellIconOverlayIdentifiers-x32: [Fatlfn] -> {646BAAE7-7538-4866-8EEE-974C0AA910AB} => C:\ProgramData\alglcnqmicek.dll [2015-09-18] (wenjiqiwu) Startup: C:\Users\Christine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\crossbrowse.lnk [2015-09-18] ShortcutTarget: crossbrowse.lnk -> C:\Program Files (x86)\Crossbrowse\Crossbrowse\Application\crossbrowse.exe (Crossbrowse) Startup: C:\Users\Christine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SmartWeb.lnk [2015-09-18] ShortcutTarget: SmartWeb.lnk -> C:\Users\Christine\AppData\Local\SmartWeb\SmartWebHelper.exe (SoftBrain Technologies Ltd.) HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.hao123.com/?tn=94493384_hao_pg SearchScopes: HKU\S-1-5-21-755935381-1260166776-3288764244-1001 -> DefaultScope {A060E7FB-91F5-4c7c-BD0F-4A11A581D878} URL = hxxps://www.baidu.com/s?wd={searchTerms}&tn=96010190_dg SearchScopes: HKU\S-1-5-21-755935381-1260166776-3288764244-1001 -> {A060E7FB-91F5-4c7c-BD0F-4A11A581D878} URL = hxxps://www.baidu.com/s?wd={searchTerms}&tn=96010190_dg BHO-x32: shopperz170920151519 -> {0AEDF00D-4C89-468A-82F1-4ABF8E85A3B2} -> C:\Program Files\shopperz170920151519\Culacif.dll [2015-09-17] () FF Plugin: @iqiyi.com/npclient -> C:\IQIYI Video\LStyle\npclient.dll [2015-05-12] () FF Plugin: @iqiyi.com/npWebPlayer -> C:\IQIYI Video\LStyle\npWebPlayer.dll [2015-04-29] (?????) FF Plugin-x32: @qq.com/QQPCMgr -> C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16575.227\npQMExtensionsMozilla.dll [2015-09-18] (Tencent Technology (Shenzhen) Company Limited) FF Plugin-x32: @rising.com.cn/nprising -> C:\Program Files (x86)\Rising\RAV\nprising.dll [2013-06-27] (Beijing Rising Information Technology Co., Ltd.) FF Plugin-x32: @staging.google.com/globalUpdate Update;version=10 -> C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npglobalupdateUpdate4.dll [2015-09-18] (globalUpdate) FF Plugin-x32: @staging.google.com/globalUpdate Update;version=4 -> C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npglobalupdateUpdate4.dll [2015-09-18] (globalUpdate) FF HKLM\...\Firefox\Extensions: [{0AEDF00D-4C89-468A-82F1-4ABF8E85A3B2}] - C:\Program Files\shopperz170920151519\Firefox FF Extension: shopperz170920151519 - C:\Program Files\shopperz170920151519\Firefox [2015-09-18] FF HKLM-x32\...\Firefox\Extensions: [{0AEDF00D-4C89-468A-82F1-4ABF8E85A3B2}] - C:\Program Files\shopperz170920151519\Firefox S3 14B0C7EE-1958-4206-8F30-4F58C3C06807; C:\Program Files\shopperz170920151519\Jasaur.exe [280776 2015-09-17] () S3 csrcc; C:\Program Files\shopperz170920151519\csrcc.exe [1444040 2015-09-17] () S2 dipubibu; C:\Users\Christine\AppData\Local\A04B8653-1442599488-5975-A32C-60A44C071572\snsn382F.tmp [303616 2015-09-18] () [File not signed] S2 globalUpdate; C:\Program Files (x86)\globalUpdate\Update\globalupdate.exe [68608 2015-09-18] (globalUpdate) [File not signed] <==== ATTENTION S3 globalUpdatem; C:\Program Files (x86)\globalUpdate\Update\globalupdate.exe [68608 2015-09-18] (globalUpdate) [File not signed] <==== ATTENTION S2 gyvixodu; C:\Program Files (x86)\A04B8653-1442613792-5975-A32C-60A44C071572\hnsh6C14.tmp [203776 2015-09-18] () [File not signed] S2 lehicewu; C:\Program Files (x86)\A04B8653-1442613792-5975-A32C-60A44C071572\jnss533B.tmp [181760 2015-09-18] () [File not signed] S2 ppsvc_1.10.0.21; C:\Program Files (x86)\PhraseProfessor_1.10.0.21\Service\ppsvc.exe [300128 2015-07-28] (PhraseProfessor) R2 QQPCRTP; C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16575.227\QQPCRTP.exe [301728 2015-09-18] (Tencent) S2 RsMgrSvc; C:\Program Files (x86)\Rising\RSD\RsMgrSvc.exe [196288 2015-08-05] (Beijing Rising Information Technology Co., Ltd.) S2 RsRavMon; C:\Program Files (x86)\Rising\RAV\ravmond.exe [277552 2014-05-14] (Beijing Rising Information Technology Co., Ltd.) S2 shopperz170920151519 Updater; C:\Program Files\shopperz170920151519\Seauabfo.exe [170696 2015-09-17] () S3 TAOFrame; C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16575.227\TAOFrame.exe [293856 2015-09-18] (Tencent) S2 XZobVxbd; C:\ProgramData\vyJRqGIa\XZobVxbd.exe [2731496 2015-09-18] (Time Lapse Solutions) S2 xypyvoge; C:\Program Files (x86)\A04B8653-1442613792-5975-A32C-60A44C071572\knsw29E3.tmpfs [X] S1 rsutils; C:\Windows\System32\DRIVERS\rsutils.sys [71760 2015-04-09] (Beijing Rising Information Technology Co., Ltd.) R0 sysmon; C:\Windows\System32\DRIVERS\sysmon.sys [119256 2015-04-29] (Beijing Rising Information Technology Co., Ltd.) S3 TAOAccelerator; C:\WINDOWS\system32\Drivers\TAOAccelerator64.sys [87160 2015-08-21] (Tencent) S2 TAOKernelDriver; C:\WINDOWS\system32\drivers\TAOKernel64.sys [274232 2015-09-18] (Tencent Technology(Shenzhen) Company Limited) S3 TFsFlt; C:\Windows\System32\Drivers\TFsFltX64.sys [87864 2015-09-18] (????) S3 TS888x64; C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16575.227\TS888x64.sys [28984 2015-09-18] (Tencent) S1 TSDefenseBt; C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16575.227\TSDefenseBT64.sys [28472 2015-09-18] (Tencent) S1 TSSysKit; C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16575.227\TSSysKit64.sys [87352 2015-09-18] (????) 2015-09-18 18:42 - 2015-09-18 18:42 - 00000150 __RSH C:\rising.ini 2015-09-18 18:42 - 2015-09-18 18:42 - 00000000 ___RD C:\RavBin 2015-09-18 18:42 - 2015-09-18 18:42 - 00000000 ____D C:\ProgramData\TXQMPC 2015-09-18 18:42 - 2014-07-29 22:44 - 00091928 ____N (Beijing Rising Information Technology Co., Ltd.) C:\WINDOWS\SysWOW64\vpatch.dll 2015-09-18 18:41 - 2015-09-18 18:41 - 00000000 ____D C:\Users\Christine\AppData\Roaming\WB_CFG 2015-09-18 18:41 - 2015-04-29 21:17 - 00119256 ____N (Beijing Rising Information Technology Co., Ltd.) C:\WINDOWS\system32\Drivers\sysmon.sys 2015-09-18 18:41 - 2015-04-09 01:00 - 00071760 ____N (Beijing Rising Information Technology Co., Ltd.) C:\WINDOWS\system32\Drivers\rsutils.sys 2015-09-18 18:41 - 2014-01-02 03:37 - 00325400 ____N (Beijing Rising Information Technology Co., Ltd.) C:\WINDOWS\system32\ravext64.dll 2015-09-18 18:41 - 2013-12-30 03:33 - 00256280 ____N (Beijing Rising Information Technology Co., Ltd.) C:\WINDOWS\SysWOW64\ravext.dll 2015-09-18 18:41 - 2012-09-05 20:30 - 00240472 ____N (Beijing Rising Information Technology Co., Ltd.) C:\WINDOWS\SysWOW64\bsmain.exe 2015-09-18 18:41 - 2012-02-29 03:49 - 00011888 ____N (Beijing Rising Information Technology Co., Ltd.) C:\WINDOWS\system32\Drivers\rsndisp.sys 2015-09-18 18:40 - 2015-09-18 18:42 - 00000000 ____D C:\ProgramData\Rising 2015-09-18 18:40 - 2015-09-18 18:41 - 00000000 ____D C:\Program Files (x86)\Rising 2015-09-18 18:38 - 2015-09-18 19:29 - 00000328 _____ C:\WINDOWS\Tasks\QQBrowser Udpater Task(Core).job 2015-09-18 18:38 - 2015-09-18 19:29 - 00000324 _____ C:\WINDOWS\Tasks\QQBrowser Udpater Task.job 2015-09-18 18:38 - 2015-09-18 18:38 - 00003656 _____ C:\WINDOWS\System32\Tasks\Waaru 2015-09-18 18:38 - 2015-09-18 18:38 - 00003216 _____ C:\WINDOWS\System32\Tasks\QQBrowser Udpater Task 2015-09-18 18:38 - 2015-09-18 18:38 - 00002590 _____ C:\WINDOWS\System32\Tasks\QQBrowser Udpater Task(Core) 2015-09-18 18:38 - 2015-08-21 13:24 - 00087160 _____ (Tencent) C:\WINDOWS\system32\Drivers\TAOAccelerator64.sys 2015-09-18 18:37 - 2015-09-18 18:37 - 00000000 ____D C:\Program Files\Common Files\Tencent 2015-09-18 18:36 - 2015-09-18 18:42 - 00000000 ____D C:\Program Files\shopperz170920151519 2015-09-18 18:36 - 2015-09-18 18:35 - 00274232 _____ (Tencent Technology(Shenzhen) Company Limited) C:\WINDOWS\system32\Drivers\TAOKernel64.sys 2015-09-18 18:36 - 2015-08-19 12:41 - 00056736 _____ (Windows (R) Win 7 DDK provider) C:\WINDOWS\system32\Drivers\cherimoya.sys 2015-09-18 18:32 - 2015-09-18 19:14 - 00000000 ____D C:\Users\Christine\AppData\Roaming\Tencent 2015-09-18 18:32 - 2015-09-18 18:38 - 00000000 ____D C:\Program Files (x86)\Tencent 2015-09-18 18:31 - 2015-09-18 18:51 - 00000000 ____D C:\ProgramData\Tencent 2015-09-18 18:23 - 2015-09-18 18:23 - 00000000 __SHD C:\Users\Christine\AppData\Roaming\AnyProtectEx 2015-09-18 18:23 - 2015-09-18 18:23 - 00000000 ____D C:\Program Files (x86)\AnyProtectEx 2015-09-18 18:22 - 2015-09-18 19:29 - 00002478 _____ C:\WINDOWS\Tasks\75079631-40cc-4325-b3b8-8e362ad582a7-5_user.job 2015-09-18 18:22 - 2015-09-18 19:29 - 00002478 _____ C:\WINDOWS\Tasks\75079631-40cc-4325-b3b8-8e362ad582a7-5.job 2015-09-18 18:22 - 2015-09-18 19:29 - 00001056 _____ C:\WINDOWS\Tasks\gekCi9oBuHwfRAF8tXCYeQ.job 2015-09-18 18:22 - 2015-09-18 18:22 - 00005482 _____ C:\WINDOWS\System32\Tasks\75079631-40cc-4325-b3b8-8e362ad582a7-5 2015-09-18 18:22 - 2015-09-18 18:22 - 00004076 _____ C:\WINDOWS\System32\Tasks\gekCi9oBuHwfRAF8tXCYeQ 2015-09-18 18:21 - 2015-09-18 19:29 - 00003170 _____ C:\WINDOWS\Tasks\75079631-40cc-4325-b3b8-8e362ad582a7-1-7.job 2015-09-18 18:21 - 2015-09-18 19:21 - 00003170 _____ C:\WINDOWS\Tasks\75079631-40cc-4325-b3b8-8e362ad582a7-1-6.job 2015-09-18 18:21 - 2015-09-18 18:21 - 00006174 _____ C:\WINDOWS\System32\Tasks\75079631-40cc-4325-b3b8-8e362ad582a7-1-7 2015-09-18 18:21 - 2015-09-18 18:21 - 00006174 _____ C:\WINDOWS\System32\Tasks\75079631-40cc-4325-b3b8-8e362ad582a7-1-6 2015-09-18 18:20 - 2015-09-18 19:29 - 00005214 _____ C:\WINDOWS\Tasks\75079631-40cc-4325-b3b8-8e362ad582a7-7.job 2015-09-18 18:20 - 2015-09-18 19:20 - 00005550 _____ C:\WINDOWS\Tasks\75079631-40cc-4325-b3b8-8e362ad582a7-6.job 2015-09-18 18:20 - 2015-09-18 18:20 - 00008554 _____ C:\WINDOWS\System32\Tasks\75079631-40cc-4325-b3b8-8e362ad582a7-6 2015-09-18 18:20 - 2015-09-18 18:20 - 00008218 _____ C:\WINDOWS\System32\Tasks\75079631-40cc-4325-b3b8-8e362ad582a7-7 2015-09-18 18:20 - 2015-09-18 18:20 - 00000000 ____D C:\Program Files (x86)\564d6902-f317-4685-98cb-a4bee8930b2a 2015-09-18 18:19 - 2015-09-18 19:29 - 00004190 _____ C:\WINDOWS\Tasks\75079631-40cc-4325-b3b8-8e362ad582a7-3.job 2015-09-18 18:19 - 2015-09-18 19:19 - 00002144 _____ C:\WINDOWS\Tasks\75079631-40cc-4325-b3b8-8e362ad582a7-10_user.job 2015-09-18 18:19 - 2015-09-18 18:19 - 00007194 _____ C:\WINDOWS\System32\Tasks\75079631-40cc-4325-b3b8-8e362ad582a7-3 2015-09-18 18:17 - 2015-09-18 18:22 - 00000000 ____D C:\Program Files (x86)\CinemaPlus-3.2cV18.09 2015-09-18 18:16 - 2015-09-18 18:16 - 00000010 _____ C:\Users\Public\Documents\test.txt 2015-09-18 18:15 - 2015-09-18 19:29 - 00001080 _____ C:\WINDOWS\Tasks\MyBrowser.job 2015-09-18 18:15 - 2015-09-18 18:16 - 00000000 ____D C:\Users\Christine\AppData\Local\SmartWeb 2015-09-18 18:15 - 2015-09-18 18:15 - 00004094 _____ C:\WINDOWS\System32\Tasks\MyBrowser 2015-09-18 18:15 - 2015-09-18 18:15 - 00002362 _____ C:\Users\Public\Desktop\MyBrowser.lnk 2015-09-18 18:15 - 2015-09-18 18:15 - 00000000 ____D C:\Users\Christine\AppData\Local\MyBrowser 2015-09-18 18:15 - 2015-09-18 18:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MyBrowser 2015-09-18 18:14 - 2015-09-18 18:14 - 00000000 ____D C:\Program Files (x86)\MyBrowser 2015-09-18 18:11 - 2015-09-18 18:11 - 00003434 _____ C:\WINDOWS\System32\Tasks\Jepenrek 2015-09-18 18:11 - 2015-09-18 18:11 - 00000000 ____D C:\ProgramData\Jepenrek 2015-09-18 18:10 - 2015-09-18 19:29 - 00001088 _____ C:\WINDOWS\Tasks\Crossbrowse.job 2015-09-18 18:10 - 2015-09-18 18:10 - 00004102 _____ C:\WINDOWS\System32\Tasks\Crossbrowse 2015-09-18 18:10 - 2015-09-18 18:10 - 00002416 _____ C:\Users\Public\Desktop\Crossbrowse.lnk 2015-09-18 18:10 - 2015-09-18 18:10 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Crossbrowse 2015-09-18 18:09 - 2015-09-18 18:10 - 00000000 ____D C:\Program Files (x86)\Smwyyntm1ndi1zdz 2015-09-18 18:09 - 2015-09-18 18:09 - 00003394 _____ C:\WINDOWS\System32\Tasks\Global Updates AT - zkc3bgfvogi1ytl 2015-09-18 18:09 - 2015-09-18 18:09 - 00003288 _____ C:\WINDOWS\System32\Tasks\Maintenance Service-zkq3t2ftoei1ltl 2015-09-18 18:09 - 2015-09-18 18:09 - 00000000 ____D C:\Users\Christine\AppData\Local\zkq3t2ftoei1ltl 2015-09-18 18:09 - 2015-09-18 18:09 - 00000000 ____D C:\Users\Christine\AppData\Local\zkc3bgfvogi1ytl 2015-09-18 18:09 - 2015-09-18 18:09 - 00000000 ____D C:\Program Files (x86)\Crossbrowse 2015-09-18 18:08 - 2015-09-18 19:29 - 00002472 _____ C:\WINDOWS\Tasks\9fd7b578-79a8-4120-9970-c89d17e57c9e-5_user.job 2015-09-18 18:08 - 2015-09-18 19:29 - 00002472 _____ C:\WINDOWS\Tasks\9fd7b578-79a8-4120-9970-c89d17e57c9e-5.job 2015-09-18 18:08 - 2015-09-18 19:29 - 00001044 _____ C:\WINDOWS\Tasks\HDsGsjbQj5an7sFL.job 2015-09-18 18:08 - 2015-09-18 18:08 - 00005476 _____ C:\WINDOWS\System32\Tasks\9fd7b578-79a8-4120-9970-c89d17e57c9e-5 2015-09-18 18:08 - 2015-09-18 18:08 - 00004066 _____ C:\WINDOWS\System32\Tasks\HDsGsjbQj5an7sFL 2015-09-18 18:07 - 2015-09-18 19:29 - 00005208 _____ C:\WINDOWS\Tasks\9fd7b578-79a8-4120-9970-c89d17e57c9e-7.job 2015-09-18 18:07 - 2015-09-18 19:29 - 00004184 _____ C:\WINDOWS\Tasks\9fd7b578-79a8-4120-9970-c89d17e57c9e-3.job 2015-09-18 18:07 - 2015-09-18 19:29 - 00003164 _____ C:\WINDOWS\Tasks\9fd7b578-79a8-4120-9970-c89d17e57c9e-1-7.job 2015-09-18 18:07 - 2015-09-18 19:07 - 00005544 _____ C:\WINDOWS\Tasks\9fd7b578-79a8-4120-9970-c89d17e57c9e-6.job 2015-09-18 18:07 - 2015-09-18 19:07 - 00002820 _____ C:\WINDOWS\Tasks\9fd7b578-79a8-4120-9970-c89d17e57c9e-1-6.job 2015-09-18 18:07 - 2015-09-18 18:25 - 00001006 _____ C:\WINDOWS\Tasks\globalUpdateUpdateTaskMachineUA.job 2015-09-18 18:07 - 2015-09-18 18:24 - 00001002 _____ C:\WINDOWS\Tasks\globalUpdateUpdateTaskMachineCore.job 2015-09-18 18:07 - 2015-09-18 18:20 - 00003978 _____ C:\WINDOWS\System32\Tasks\globalUpdateUpdateTaskMachineUA 2015-09-18 18:07 - 2015-09-18 18:19 - 00003742 _____ C:\WINDOWS\System32\Tasks\globalUpdateUpdateTaskMachineCore 2015-09-18 18:07 - 2015-09-18 18:07 - 00008548 _____ C:\WINDOWS\System32\Tasks\9fd7b578-79a8-4120-9970-c89d17e57c9e-6 2015-09-18 18:07 - 2015-09-18 18:07 - 00008212 _____ C:\WINDOWS\System32\Tasks\9fd7b578-79a8-4120-9970-c89d17e57c9e-7 2015-09-18 18:07 - 2015-09-18 18:07 - 00007188 _____ C:\WINDOWS\System32\Tasks\9fd7b578-79a8-4120-9970-c89d17e57c9e-3 2015-09-18 18:07 - 2015-09-18 18:07 - 00006168 _____ C:\WINDOWS\System32\Tasks\9fd7b578-79a8-4120-9970-c89d17e57c9e-1-7 2015-09-18 18:07 - 2015-09-18 18:07 - 00005824 _____ C:\WINDOWS\System32\Tasks\9fd7b578-79a8-4120-9970-c89d17e57c9e-1-6 2015-09-18 18:07 - 2015-09-18 18:07 - 00000000 ____D C:\Users\Christine\AppData\Local\globalUpdate 2015-09-18 18:07 - 2015-09-18 18:07 - 00000000 ____D C:\Program Files (x86)\globalUpdate 2015-09-18 18:07 - 2015-09-18 18:07 - 00000000 ____D C:\Program Files (x86)\e1e64e83-5d44-4a2e-b248-6abc5a869e31 2015-09-18 18:06 - 2015-09-18 19:19 - 00000004 _____ C:\WINDOWS\SysWOW64\029B560A371F4E00AB32838EBC01B9E7 2015-09-18 18:06 - 2015-09-18 19:06 - 00002138 _____ C:\WINDOWS\Tasks\9fd7b578-79a8-4120-9970-c89d17e57c9e-10_user.job 2015-09-18 18:06 - 2015-09-18 18:07 - 00000000 ____D C:\Users\Christine\AppData\Local\ZombieNews 2015-09-18 18:06 - 2015-09-18 18:07 - 00000000 ____D C:\ProgramData\vyJRqGIa 2015-09-18 18:06 - 2015-09-18 18:06 - 00000000 ____D C:\ProgramData\ZombieNews 2015-09-18 18:05 - 2015-09-18 18:08 - 00000000 ____D C:\Program Files (x86)\CinemaP-1.9cV18.09 2015-09-18 18:05 - 2015-09-18 18:05 - 00004210 _____ C:\WINDOWS\System32\Tasks\PhraseProfessor Auto Updater 1.10.0.21 Pending Update 2015-09-18 18:05 - 2015-09-18 18:05 - 00004200 _____ C:\WINDOWS\System32\Tasks\PhraseProfessor Auto Updater 1.10.0.21 Core 2015-09-18 18:05 - 2015-09-18 18:05 - 00000000 ____D C:\Program Files (x86)\ZombieNews 2015-09-18 18:04 - 2015-09-18 19:35 - 00000000 ____D C:\Users\Christine\AppData\Local\A04B8653-1442599488-5975-A32C-60A44C071572 2015-09-18 18:04 - 2015-09-18 18:05 - 00000000 ____D C:\Program Files (x86)\PhraseProfessor_1.10.0.21 2015-09-18 18:04 - 2015-09-18 18:04 - 00929953 _____ C:\WINDOWS\unins000.exe 2015-09-18 18:04 - 2015-09-18 18:04 - 00001152 _____ C:\WINDOWS\unins000.dat 2015-09-18 18:04 - 2015-09-18 18:04 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\(Default) 2015-09-18 18:04 - 2015-09-18 18:04 - 00000000 ____D C:\Program Files (x86)\ytd 2015-09-18 18:04 - 2015-06-29 21:11 - 08368733 _____ C:\Users\Public\Documents\windows.exe 2015-09-18 18:04 - 2013-08-22 09:25 - 00000824 _____ C:\WINDOWS\system32\Drivers\etc\hp.bak 2015-09-18 18:03 - 2015-09-18 18:19 - 00000000 ____D C:\Program Files (x86)\A04B8653-1442613792-5975-A32C-60A44C071572 2015-09-18 18:03 - 2015-09-18 18:03 - 00000000 ____D C:\Users\Christine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ASPackage 2015-09-18 18:03 - 2015-09-18 18:03 - 00000000 ____D C:\Users\Christine\AppData\Roaming\ASPackage 2015-09-18 18:02 - 2015-09-18 18:09 - 00000008 _____ C:\END 2015-09-18 18:02 - 2015-09-18 18:02 - 00000886 _____ C:\Users\Christine\Desktop\SpaceSoundPro.lnk 2015-09-18 18:02 - 2015-09-18 18:02 - 00000000 ____D C:\Users\Christine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpaceSoundPro 1.0 2015-09-18 18:02 - 2015-09-18 18:02 - 00000000 ____D C:\Program Files\SpaceSoundPro 2015-09-18 18:02 - 2015-09-18 18:02 - 00000000 ____D C:\Program Files (x86)\SpaceSondPro_v84.2437 2015-09-18 18:02 - 2015-09-18 18:02 - 00000000 ____D C:\Program Files (x86)\SpaceSondPro 2015-09-18 18:01 - 2015-09-18 18:01 - 00443200 _____ (wenjiqiwu) C:\ProgramData\alglcnqmicek.dll 2015-09-18 18:01 - 2015-09-18 18:01 - 00000000 _____ C:\ProgramData\inf.dat BHO: 电脑管家网页防火墙 -> {7C260B4B-F7A0-40B5-B403-BEFCDC6A4C3B} -> C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16575.227\TSWebMon64.dat [2015-09-18] (Tencent) BHO-x32: °®ÆæÒÕÖúÊÖ -> {FB4F6285-4C32-49F2-950F-A5998F9CEC6C} -> C:\IQIYI Video\Common\Accelerator\IEHelper.dll [2015-04-29] (爱奇艺) FF Plugin-x32: @iqiyi.com/npclient -> C:\IQIYI Video\LStyle\npclient.dll [2015-05-12] () FF Plugin-x32: @iqiyi.com/npWebPlayer -> C:\IQIYI Video\LStyle\npWebPlayer.dll [2015-04-29] (爱奇艺公司) FF Plugin HKU\S-1-5-21-755935381-1260166776-3288764244-1001: @iqiyi.com/npWebPlayer -> C:\IQIYI Video\LStyle\npWebPlayer.dll [2015-04-29] (爱奇艺公司) FF Plugin HKU\S-1-5-21-755935381-1260166776-3288764244-1001: @rising.com.cn/nprising -> C:\Program Files (x86)\Rising\RAV\nprising.dll [2013-06-27] (Beijing Rising Information Technology Co., Ltd.) CHR Extension: (电脑管家上网防护) - C:\Users\Christine\AppData\Local\Google\Chrome\User Data\Default\Extensions\ooebklgpfnbcnpokahmdidgbmlcdepkm [2015-09-18] CHR Extension: (CinemaPlus-3.2cV18.09) - C:\Users\Christine\AppData\Local\Google\Chrome\User Data\Default\Extensions\papbadoldddalgcjcicnikcfenodpghp [2015-09-18] S1 ppfd_vw_1_10_0_21; C:\Windows\System32\drivers\ppfd_vw_1_10_0_21.sys [57744 2015-07-28] (PhraseProfessor) S1 QMUdisk; C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16575.227\QMUdisk64.sys [80184 2015-09-14] (Tencent) S2 QQSysMonX64; C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16575.227\QQSysMonX64.sys [138040 2015-09-18] (电脑管家) 2015-09-18 18:36 - 2015-09-18 18:38 - 00000000 ____D C:\Users\Christine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\腾讯软件 2015-09-18 18:36 - 2015-09-18 18:36 - 00087864 _____ (电脑管家) C:\WINDOWS\system32\Drivers\TFsFltX64.sys 2015-09-18 18:36 - 2015-09-18 18:36 - 00000045 _____ C:\user.js 2015-09-18 18:00 - 2015-09-18 19:00 - 00000472 _____ C:\WINDOWS\Tasks\Adobe Flash box Files Update Ver 2015918.job 2015-09-18 18:00 - 2015-09-18 18:01 - 00000000 ____D C:\ProgramData\4997GameBox_Data 2015-09-18 18:00 - 2015-09-18 18:00 - 00003518 _____ C:\WINDOWS\System32\Tasks\Adobe Flash box Files Update Ver 2015918 2015-09-18 18:00 - 2015-09-18 18:00 - 00000000 ____D C:\Users\Christine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\7k7k游戏盒子(918) 2015-09-18 18:00 - 2015-09-18 18:00 - 00000000 ____D C:\Users\Christine\AppData\Local\Unity 2015-09-18 18:00 - 2015-09-18 18:00 - 00000000 ____D C:\Users\Christine\AppData\Local\SysassistByHotWheel 2015-09-18 18:00 - 2015-09-18 18:00 - 00000000 ____D C:\ProgramData\uiksdl201591822 2015-09-18 18:00 - 2015-09-18 18:00 - 00000000 ____D C:\ProgramData\adb 2015-09-18 17:59 - 2015-09-18 20:18 - 00000000 ____D C:\ProgramData\IQIYI Video 2015-09-18 17:59 - 2015-09-18 18:00 - 00000000 ____D C:\IQIYI Video 2015-09-18 17:59 - 2015-09-18 17:59 - 00000000 ____D C:\Users\Public\QiYi 2015-09-18 17:59 - 2015-09-18 17:59 - 00000000 ____D C:\Users\Christine\AppData\Roaming\IQIYI Video 2015-09-18 17:58 - 2015-09-18 17:58 - 00000000 ____D C:\Program Files (x86)\baidu 2015-09-18 17:57 - 2015-09-18 18:09 - 00000000 ____D C:\Users\Christine\Desktop\7z ZIP RAR 18.Sep.2015 17-57-00 2015-09-18 00:35 - 2015-09-18 00:35 - 00067416 _____ (Windows (R) Win 7 DDK provider) C:\WINDOWS\system32\Drivers\zmi3m2f2ohm1bdl.sys 2015-04-19 08:20 - 2015-04-19 08:20 - 0005872 _____ () C:\Users\Christine\AppData\Roaming\gekCi9oBuHwfRAF8tXCYeQ 2015-04-20 10:05 - 2015-04-20 10:05 - 1579520 _____ () C:\Users\Christine\AppData\Roaming\gekCi9oBuHwfRAF8tXCYeQ.exe 2015-04-19 08:20 - 2015-04-19 08:20 - 0005872 _____ () C:\Users\Christine\AppData\Roaming\HDsGsjbQj5an7sFL 2015-04-20 10:05 - 2015-04-20 10:05 - 1579520 _____ () C:\Users\Christine\AppData\Roaming\HDsGsjbQj5an7sFL.exe 2014-04-19 10:58 - 2014-04-19 10:58 - 0000021 _____ () C:\Users\Christine\AppData\Roaming\my_intel.sys 2013-09-08 12:42 - 2015-09-18 17:40 - 0000401 _____ () C:\Users\Christine\AppData\Roaming\sp_data.sys 2015-09-18 18:01 - 2015-09-18 18:01 - 0443200 _____ (wenjiqiwu) C:\ProgramData\alglcnqmicek.dll 2015-09-18 18:01 - 2015-09-18 18:01 - 0000000 _____ () C:\ProgramData\inf.dat 2012-11-27 14:26 - 2012-09-07 07:40 - 0000256 _____ () C:\ProgramData\SetStretch.cmd 2012-11-27 14:26 - 2009-07-22 06:04 - 0024576 _____ () C:\ProgramData\SetStretch.exe 2012-11-27 14:26 - 2012-09-07 07:37 - 0000103 _____ () C:\ProgramData\SetStretch.VBS C:\Users\Christine\AppData\Local\Temp\WIZZ\ioproduct_service.bat C:\ProgramData\alglcnqmicek.dll C:\ProgramData\inf.dat C:\ProgramData\SetStretch.VBS CustomCLSID: HKU\S-1-5-21-755935381-1260166776-3288764244-1001_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Christine\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll No File CustomCLSID: HKU\S-1-5-21-755935381-1260166776-3288764244-1001_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\Christine\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll No File CustomCLSID: HKU\S-1-5-21-755935381-1260166776-3288764244-1001_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Christine\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll No File CustomCLSID: HKU\S-1-5-21-755935381-1260166776-3288764244-1001_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Users\Christine\AppData\Local\Google\Update\1.3.28.1\psuser_64.dll No File CustomCLSID: HKU\S-1-5-21-755935381-1260166776-3288764244-1001_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}\InprocServer32 -> C:\Users\Christine\AppData\Local\Google\Update\1.3.28.13\psuser_64.dll No File CustomCLSID: HKU\S-1-5-21-755935381-1260166776-3288764244-1001_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Christine\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll No File CustomCLSID: HKU\S-1-5-21-755935381-1260166776-3288764244-1001_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\Christine\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll No File CustomCLSID: HKU\S-1-5-21-755935381-1260166776-3288764244-1001_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Christine\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f Reg: Reg Delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg" /F Reg: Reg Add "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg" /F RemoveProxy: CMD: netsh advfirewall reset CMD: netsh advfirewall set allprofiles state ON CMD: ipconfig /flushdns CMD: netsh winsock reset catalog CMD: netsh int ip reset c:\resetlog.txt CMD: ipconfig /release CMD: ipconfig /renew CMD: netsh int ipv4 reset CMD: netsh int ipv6 reset EmptyTemp: CMD: bitsadmin /reset /allusers