Fix result of Farbar Recovery Scan Tool (x64) Version:15-09-2015 Ran by Christine (2015-09-19 12:51:42) Run:1 Running from C:\Users\Christine\Desktop\cleaning tools Loaded Profiles: Christine (Available Profiles: Christine & sewil_000) Boot Mode: Safe Mode (minimal) ============================================== fixlist content: ***************** CreateRestorePoint: HKLM\...\Run: [SpaceSoundPro] => C:\Program Files\SpaceSoundPro\SpaceSoundPro.exe [4203520 2015-08-03] (Space Sound Pro) HKLM\...\Run: [shopperz170920151519] => C:\Program Files\shopperz170920151519\Pafyf.exe [428744 2015-09-17] () HKLM\...\Run: [shopperz17092015151964] => C:\Program Files\shopperz170920151519\Pafyf64.exe [459976 2015-09-17] () HKLM-x32\...\Run: [smallbox] => C:\ProgramData\uiksdl201591822\ElTaces.exe [699712 2015-09-18] (eyuwi) HKLM-x32\...\Run: [SmartWeb] => C:\Users\Christine\AppData\Local\SmartWeb\SmartWebHelper.exe [270368 2015-02-17] (SoftBrain Technologies Ltd.) HKLM-x32\...\Run: [ QQPCTray] => C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16575.227\QQPCTray.exe [355296 2015-09-18] (Tencent) HKLM-x32\...\Run: [RSDTRAY] => C:\Program Files (x86)\Rising\RSD\popwndexe.exe [126808 2012-09-24] (Beijing Rising Information Technology Co., Ltd.) HKLM-x32\...\Run: [RavTRAY] => C:\Program Files (x86)\Rising\RAV\RSTRAY.EXE [111000 2014-05-14] (Beijing Rising Information Technology Co., Ltd.) HKLM-x32\...\RunOnce: [IOPROTECT] => C:\Users\Christine\AppData\Local\Temp\WIZZ\ioproduct_service.bat [128 2015-09-18] () <===== ATTENTION HKLM-x32\...\RunOnce: [Update] => C:\Users\Christine\AppData\Roaming\ASPackage\ASPackage.exe [1426182 2015-09-18] () HKLM-x32\...\RunOnce: [rsrunproc] => C:\Program Files (x86)\Rising\RAV\rsstub.exe [114968 2015-03-20] (Beijing Rising Information Technology Co., Ltd.) HKU\S-1-5-21-755935381-1260166776-3288764244-1001\...\Run: [apphide] => C:\Program Files (x86)\baidu\pps.exe [77824 2015-08-31] () HKU\S-1-5-21-755935381-1260166776-3288764244-1001\...\Run: [HCDNClient] => C:\IQIYI Video\Common\QyKernel.exe [576104 2015-05-12] (iQIYI.COM) HKU\S-1-5-21-755935381-1260166776-3288764244-1001\...\Run: [Application] => C:\Users\Public\Documents\windows.exe [8368733 2015-06-29] () HKU\S-1-5-21-755935381-1260166776-3288764244-1001\...\Run: [GoogleChromeAutoLaunch_1893FD521B79CDAB1CE329917B5C6AAE] => C:\Program Files (x86)\MyBrowser\MyBrowser\Application\mybrowser.exe [796160 2015-08-30] (MyBrowser) HKU\S-1-5-18\...\RunOnce: [Application Restart #0] => C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe [372400 2014-10-28] (Microsoft Corporation) ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No File ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No File ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No File ShellIconOverlayIdentifiers: [.QMDeskTopGCIcon] -> {B7667919-3765-4815-A66D-98A09BE662D6} => C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16575.227\QMGCShellExt64.dll [2015-09-18] (Tencent) ShellIconOverlayIdentifiers: [Fatlfn] -> {646BAAE7-7538-4866-8EEE-974C0AA910AB} => C:\ProgramData\alglcnqmicek.dll [2015-09-18] (wenjiqiwu) ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No File ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No File ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No File ShellIconOverlayIdentifiers-x32: [Fatlfn] -> {646BAAE7-7538-4866-8EEE-974C0AA910AB} => C:\ProgramData\alglcnqmicek.dll [2015-09-18] (wenjiqiwu) Startup: C:\Users\Christine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\crossbrowse.lnk [2015-09-18] ShortcutTarget: crossbrowse.lnk -> C:\Program Files (x86)\Crossbrowse\Crossbrowse\Application\crossbrowse.exe (Crossbrowse) Startup: C:\Users\Christine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SmartWeb.lnk [2015-09-18] ShortcutTarget: SmartWeb.lnk -> C:\Users\Christine\AppData\Local\SmartWeb\SmartWebHelper.exe (SoftBrain Technologies Ltd.) HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.hao123.com/?tn=94493384_hao_pg SearchScopes: HKU\S-1-5-21-755935381-1260166776-3288764244-1001 -> DefaultScope {A060E7FB-91F5-4c7c-BD0F-4A11A581D878} URL = hxxps://www.baidu.com/s?wd={searchTerms}&tn=96010190_dg SearchScopes: HKU\S-1-5-21-755935381-1260166776-3288764244-1001 -> {A060E7FB-91F5-4c7c-BD0F-4A11A581D878} URL = hxxps://www.baidu.com/s?wd={searchTerms}&tn=96010190_dg BHO-x32: shopperz170920151519 -> {0AEDF00D-4C89-468A-82F1-4ABF8E85A3B2} -> C:\Program Files\shopperz170920151519\Culacif.dll [2015-09-17] () FF Plugin: @iqiyi.com/npclient -> C:\IQIYI Video\LStyle\npclient.dll [2015-05-12] () FF Plugin: @iqiyi.com/npWebPlayer -> C:\IQIYI Video\LStyle\npWebPlayer.dll [2015-04-29] (?????) FF Plugin-x32: @qq.com/QQPCMgr -> C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16575.227\npQMExtensionsMozilla.dll [2015-09-18] (Tencent Technology (Shenzhen) Company Limited) FF Plugin-x32: @rising.com.cn/nprising -> C:\Program Files (x86)\Rising\RAV\nprising.dll [2013-06-27] (Beijing Rising Information Technology Co., Ltd.) FF Plugin-x32: @staging.google.com/globalUpdate Update;version=10 -> C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npglobalupdateUpdate4.dll [2015-09-18] (globalUpdate) FF Plugin-x32: @staging.google.com/globalUpdate Update;version=4 -> C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npglobalupdateUpdate4.dll [2015-09-18] (globalUpdate) FF HKLM\...\Firefox\Extensions: [{0AEDF00D-4C89-468A-82F1-4ABF8E85A3B2}] - C:\Program Files\shopperz170920151519\Firefox FF Extension: shopperz170920151519 - C:\Program Files\shopperz170920151519\Firefox [2015-09-18] FF HKLM-x32\...\Firefox\Extensions: [{0AEDF00D-4C89-468A-82F1-4ABF8E85A3B2}] - C:\Program Files\shopperz170920151519\Firefox S3 14B0C7EE-1958-4206-8F30-4F58C3C06807; C:\Program Files\shopperz170920151519\Jasaur.exe [280776 2015-09-17] () S3 csrcc; C:\Program Files\shopperz170920151519\csrcc.exe [1444040 2015-09-17] () S2 dipubibu; C:\Users\Christine\AppData\Local\A04B8653-1442599488-5975-A32C-60A44C071572\snsn382F.tmp [303616 2015-09-18] () [File not signed] S2 globalUpdate; C:\Program Files (x86)\globalUpdate\Update\globalupdate.exe [68608 2015-09-18] (globalUpdate) [File not signed] <==== ATTENTION S3 globalUpdatem; C:\Program Files (x86)\globalUpdate\Update\globalupdate.exe [68608 2015-09-18] (globalUpdate) [File not signed] <==== ATTENTION S2 gyvixodu; C:\Program Files (x86)\A04B8653-1442613792-5975-A32C-60A44C071572\hnsh6C14.tmp [203776 2015-09-18] () [File not signed] S2 lehicewu; C:\Program Files (x86)\A04B8653-1442613792-5975-A32C-60A44C071572\jnss533B.tmp [181760 2015-09-18] () [File not signed] S2 ppsvc_1.10.0.21; C:\Program Files (x86)\PhraseProfessor_1.10.0.21\Service\ppsvc.exe [300128 2015-07-28] (PhraseProfessor) R2 QQPCRTP; C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16575.227\QQPCRTP.exe [301728 2015-09-18] (Tencent) S2 RsMgrSvc; C:\Program Files (x86)\Rising\RSD\RsMgrSvc.exe [196288 2015-08-05] (Beijing Rising Information Technology Co., Ltd.) S2 RsRavMon; C:\Program Files (x86)\Rising\RAV\ravmond.exe [277552 2014-05-14] (Beijing Rising Information Technology Co., Ltd.) S2 shopperz170920151519 Updater; C:\Program Files\shopperz170920151519\Seauabfo.exe [170696 2015-09-17] () S3 TAOFrame; C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16575.227\TAOFrame.exe [293856 2015-09-18] (Tencent) S2 XZobVxbd; C:\ProgramData\vyJRqGIa\XZobVxbd.exe [2731496 2015-09-18] (Time Lapse Solutions) S2 xypyvoge; C:\Program Files (x86)\A04B8653-1442613792-5975-A32C-60A44C071572\knsw29E3.tmpfs [X] S1 rsutils; C:\Windows\System32\DRIVERS\rsutils.sys [71760 2015-04-09] (Beijing Rising Information Technology Co., Ltd.) R0 sysmon; C:\Windows\System32\DRIVERS\sysmon.sys [119256 2015-04-29] (Beijing Rising Information Technology Co., Ltd.) S3 TAOAccelerator; C:\WINDOWS\system32\Drivers\TAOAccelerator64.sys [87160 2015-08-21] (Tencent) S2 TAOKernelDriver; C:\WINDOWS\system32\drivers\TAOKernel64.sys [274232 2015-09-18] (Tencent Technology(Shenzhen) Company Limited) S3 TFsFlt; C:\Windows\System32\Drivers\TFsFltX64.sys [87864 2015-09-18] (????) S3 TS888x64; C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16575.227\TS888x64.sys [28984 2015-09-18] (Tencent) S1 TSDefenseBt; C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16575.227\TSDefenseBT64.sys [28472 2015-09-18] (Tencent) S1 TSSysKit; C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16575.227\TSSysKit64.sys [87352 2015-09-18] (????) 2015-09-18 18:42 - 2015-09-18 18:42 - 00000150 __RSH C:\rising.ini 2015-09-18 18:42 - 2015-09-18 18:42 - 00000000 ___RD C:\RavBin 2015-09-18 18:42 - 2015-09-18 18:42 - 00000000 ____D C:\ProgramData\TXQMPC 2015-09-18 18:42 - 2014-07-29 22:44 - 00091928 ____N (Beijing Rising Information Technology Co., Ltd.) C:\WINDOWS\SysWOW64\vpatch.dll 2015-09-18 18:41 - 2015-09-18 18:41 - 00000000 ____D C:\Users\Christine\AppData\Roaming\WB_CFG 2015-09-18 18:41 - 2015-04-29 21:17 - 00119256 ____N (Beijing Rising Information Technology Co., Ltd.) C:\WINDOWS\system32\Drivers\sysmon.sys 2015-09-18 18:41 - 2015-04-09 01:00 - 00071760 ____N (Beijing Rising Information Technology Co., Ltd.) C:\WINDOWS\system32\Drivers\rsutils.sys 2015-09-18 18:41 - 2014-01-02 03:37 - 00325400 ____N (Beijing Rising Information Technology Co., Ltd.) C:\WINDOWS\system32\ravext64.dll 2015-09-18 18:41 - 2013-12-30 03:33 - 00256280 ____N (Beijing Rising Information Technology Co., Ltd.) C:\WINDOWS\SysWOW64\ravext.dll 2015-09-18 18:41 - 2012-09-05 20:30 - 00240472 ____N (Beijing Rising Information Technology Co., Ltd.) C:\WINDOWS\SysWOW64\bsmain.exe 2015-09-18 18:41 - 2012-02-29 03:49 - 00011888 ____N (Beijing Rising Information Technology Co., Ltd.) C:\WINDOWS\system32\Drivers\rsndisp.sys 2015-09-18 18:40 - 2015-09-18 18:42 - 00000000 ____D C:\ProgramData\Rising 2015-09-18 18:40 - 2015-09-18 18:41 - 00000000 ____D C:\Program Files (x86)\Rising 2015-09-18 18:38 - 2015-09-18 19:29 - 00000328 _____ C:\WINDOWS\Tasks\QQBrowser Udpater Task(Core).job 2015-09-18 18:38 - 2015-09-18 19:29 - 00000324 _____ C:\WINDOWS\Tasks\QQBrowser Udpater Task.job 2015-09-18 18:38 - 2015-09-18 18:38 - 00003656 _____ C:\WINDOWS\System32\Tasks\Waaru 2015-09-18 18:38 - 2015-09-18 18:38 - 00003216 _____ C:\WINDOWS\System32\Tasks\QQBrowser Udpater Task 2015-09-18 18:38 - 2015-09-18 18:38 - 00002590 _____ C:\WINDOWS\System32\Tasks\QQBrowser Udpater Task(Core) 2015-09-18 18:38 - 2015-08-21 13:24 - 00087160 _____ (Tencent) C:\WINDOWS\system32\Drivers\TAOAccelerator64.sys 2015-09-18 18:37 - 2015-09-18 18:37 - 00000000 ____D C:\Program Files\Common Files\Tencent 2015-09-18 18:36 - 2015-09-18 18:42 - 00000000 ____D C:\Program Files\shopperz170920151519 2015-09-18 18:36 - 2015-09-18 18:35 - 00274232 _____ (Tencent Technology(Shenzhen) Company Limited) C:\WINDOWS\system32\Drivers\TAOKernel64.sys 2015-09-18 18:36 - 2015-08-19 12:41 - 00056736 _____ (Windows (R) Win 7 DDK provider) C:\WINDOWS\system32\Drivers\cherimoya.sys 2015-09-18 18:32 - 2015-09-18 19:14 - 00000000 ____D C:\Users\Christine\AppData\Roaming\Tencent 2015-09-18 18:32 - 2015-09-18 18:38 - 00000000 ____D C:\Program Files (x86)\Tencent 2015-09-18 18:31 - 2015-09-18 18:51 - 00000000 ____D C:\ProgramData\Tencent 2015-09-18 18:23 - 2015-09-18 18:23 - 00000000 __SHD C:\Users\Christine\AppData\Roaming\AnyProtectEx 2015-09-18 18:23 - 2015-09-18 18:23 - 00000000 ____D C:\Program Files (x86)\AnyProtectEx 2015-09-18 18:22 - 2015-09-18 19:29 - 00002478 _____ C:\WINDOWS\Tasks\75079631-40cc-4325-b3b8-8e362ad582a7-5_user.job 2015-09-18 18:22 - 2015-09-18 19:29 - 00002478 _____ C:\WINDOWS\Tasks\75079631-40cc-4325-b3b8-8e362ad582a7-5.job 2015-09-18 18:22 - 2015-09-18 19:29 - 00001056 _____ C:\WINDOWS\Tasks\gekCi9oBuHwfRAF8tXCYeQ.job 2015-09-18 18:22 - 2015-09-18 18:22 - 00005482 _____ C:\WINDOWS\System32\Tasks\75079631-40cc-4325-b3b8-8e362ad582a7-5 2015-09-18 18:22 - 2015-09-18 18:22 - 00004076 _____ C:\WINDOWS\System32\Tasks\gekCi9oBuHwfRAF8tXCYeQ 2015-09-18 18:21 - 2015-09-18 19:29 - 00003170 _____ C:\WINDOWS\Tasks\75079631-40cc-4325-b3b8-8e362ad582a7-1-7.job 2015-09-18 18:21 - 2015-09-18 19:21 - 00003170 _____ C:\WINDOWS\Tasks\75079631-40cc-4325-b3b8-8e362ad582a7-1-6.job 2015-09-18 18:21 - 2015-09-18 18:21 - 00006174 _____ C:\WINDOWS\System32\Tasks\75079631-40cc-4325-b3b8-8e362ad582a7-1-7 2015-09-18 18:21 - 2015-09-18 18:21 - 00006174 _____ C:\WINDOWS\System32\Tasks\75079631-40cc-4325-b3b8-8e362ad582a7-1-6 2015-09-18 18:20 - 2015-09-18 19:29 - 00005214 _____ C:\WINDOWS\Tasks\75079631-40cc-4325-b3b8-8e362ad582a7-7.job 2015-09-18 18:20 - 2015-09-18 19:20 - 00005550 _____ C:\WINDOWS\Tasks\75079631-40cc-4325-b3b8-8e362ad582a7-6.job 2015-09-18 18:20 - 2015-09-18 18:20 - 00008554 _____ C:\WINDOWS\System32\Tasks\75079631-40cc-4325-b3b8-8e362ad582a7-6 2015-09-18 18:20 - 2015-09-18 18:20 - 00008218 _____ C:\WINDOWS\System32\Tasks\75079631-40cc-4325-b3b8-8e362ad582a7-7 2015-09-18 18:20 - 2015-09-18 18:20 - 00000000 ____D C:\Program Files (x86)\564d6902-f317-4685-98cb-a4bee8930b2a 2015-09-18 18:19 - 2015-09-18 19:29 - 00004190 _____ C:\WINDOWS\Tasks\75079631-40cc-4325-b3b8-8e362ad582a7-3.job 2015-09-18 18:19 - 2015-09-18 19:19 - 00002144 _____ C:\WINDOWS\Tasks\75079631-40cc-4325-b3b8-8e362ad582a7-10_user.job 2015-09-18 18:19 - 2015-09-18 18:19 - 00007194 _____ C:\WINDOWS\System32\Tasks\75079631-40cc-4325-b3b8-8e362ad582a7-3 2015-09-18 18:17 - 2015-09-18 18:22 - 00000000 ____D C:\Program Files (x86)\CinemaPlus-3.2cV18.09 2015-09-18 18:16 - 2015-09-18 18:16 - 00000010 _____ C:\Users\Public\Documents\test.txt 2015-09-18 18:15 - 2015-09-18 19:29 - 00001080 _____ C:\WINDOWS\Tasks\MyBrowser.job 2015-09-18 18:15 - 2015-09-18 18:16 - 00000000 ____D C:\Users\Christine\AppData\Local\SmartWeb 2015-09-18 18:15 - 2015-09-18 18:15 - 00004094 _____ C:\WINDOWS\System32\Tasks\MyBrowser 2015-09-18 18:15 - 2015-09-18 18:15 - 00002362 _____ C:\Users\Public\Desktop\MyBrowser.lnk 2015-09-18 18:15 - 2015-09-18 18:15 - 00000000 ____D C:\Users\Christine\AppData\Local\MyBrowser 2015-09-18 18:15 - 2015-09-18 18:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MyBrowser 2015-09-18 18:14 - 2015-09-18 18:14 - 00000000 ____D C:\Program Files (x86)\MyBrowser 2015-09-18 18:11 - 2015-09-18 18:11 - 00003434 _____ C:\WINDOWS\System32\Tasks\Jepenrek 2015-09-18 18:11 - 2015-09-18 18:11 - 00000000 ____D C:\ProgramData\Jepenrek 2015-09-18 18:10 - 2015-09-18 19:29 - 00001088 _____ C:\WINDOWS\Tasks\Crossbrowse.job 2015-09-18 18:10 - 2015-09-18 18:10 - 00004102 _____ C:\WINDOWS\System32\Tasks\Crossbrowse 2015-09-18 18:10 - 2015-09-18 18:10 - 00002416 _____ C:\Users\Public\Desktop\Crossbrowse.lnk 2015-09-18 18:10 - 2015-09-18 18:10 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Crossbrowse 2015-09-18 18:09 - 2015-09-18 18:10 - 00000000 ____D C:\Program Files (x86)\Smwyyntm1ndi1zdz 2015-09-18 18:09 - 2015-09-18 18:09 - 00003394 _____ C:\WINDOWS\System32\Tasks\Global Updates AT - zkc3bgfvogi1ytl 2015-09-18 18:09 - 2015-09-18 18:09 - 00003288 _____ C:\WINDOWS\System32\Tasks\Maintenance Service-zkq3t2ftoei1ltl 2015-09-18 18:09 - 2015-09-18 18:09 - 00000000 ____D C:\Users\Christine\AppData\Local\zkq3t2ftoei1ltl 2015-09-18 18:09 - 2015-09-18 18:09 - 00000000 ____D C:\Users\Christine\AppData\Local\zkc3bgfvogi1ytl 2015-09-18 18:09 - 2015-09-18 18:09 - 00000000 ____D C:\Program Files (x86)\Crossbrowse 2015-09-18 18:08 - 2015-09-18 19:29 - 00002472 _____ C:\WINDOWS\Tasks\9fd7b578-79a8-4120-9970-c89d17e57c9e-5_user.job 2015-09-18 18:08 - 2015-09-18 19:29 - 00002472 _____ C:\WINDOWS\Tasks\9fd7b578-79a8-4120-9970-c89d17e57c9e-5.job 2015-09-18 18:08 - 2015-09-18 19:29 - 00001044 _____ C:\WINDOWS\Tasks\HDsGsjbQj5an7sFL.job 2015-09-18 18:08 - 2015-09-18 18:08 - 00005476 _____ C:\WINDOWS\System32\Tasks\9fd7b578-79a8-4120-9970-c89d17e57c9e-5 2015-09-18 18:08 - 2015-09-18 18:08 - 00004066 _____ C:\WINDOWS\System32\Tasks\HDsGsjbQj5an7sFL 2015-09-18 18:07 - 2015-09-18 19:29 - 00005208 _____ C:\WINDOWS\Tasks\9fd7b578-79a8-4120-9970-c89d17e57c9e-7.job 2015-09-18 18:07 - 2015-09-18 19:29 - 00004184 _____ C:\WINDOWS\Tasks\9fd7b578-79a8-4120-9970-c89d17e57c9e-3.job 2015-09-18 18:07 - 2015-09-18 19:29 - 00003164 _____ C:\WINDOWS\Tasks\9fd7b578-79a8-4120-9970-c89d17e57c9e-1-7.job 2015-09-18 18:07 - 2015-09-18 19:07 - 00005544 _____ C:\WINDOWS\Tasks\9fd7b578-79a8-4120-9970-c89d17e57c9e-6.job 2015-09-18 18:07 - 2015-09-18 19:07 - 00002820 _____ C:\WINDOWS\Tasks\9fd7b578-79a8-4120-9970-c89d17e57c9e-1-6.job 2015-09-18 18:07 - 2015-09-18 18:25 - 00001006 _____ C:\WINDOWS\Tasks\globalUpdateUpdateTaskMachineUA.job 2015-09-18 18:07 - 2015-09-18 18:24 - 00001002 _____ C:\WINDOWS\Tasks\globalUpdateUpdateTaskMachineCore.job 2015-09-18 18:07 - 2015-09-18 18:20 - 00003978 _____ C:\WINDOWS\System32\Tasks\globalUpdateUpdateTaskMachineUA 2015-09-18 18:07 - 2015-09-18 18:19 - 00003742 _____ C:\WINDOWS\System32\Tasks\globalUpdateUpdateTaskMachineCore 2015-09-18 18:07 - 2015-09-18 18:07 - 00008548 _____ C:\WINDOWS\System32\Tasks\9fd7b578-79a8-4120-9970-c89d17e57c9e-6 2015-09-18 18:07 - 2015-09-18 18:07 - 00008212 _____ C:\WINDOWS\System32\Tasks\9fd7b578-79a8-4120-9970-c89d17e57c9e-7 2015-09-18 18:07 - 2015-09-18 18:07 - 00007188 _____ C:\WINDOWS\System32\Tasks\9fd7b578-79a8-4120-9970-c89d17e57c9e-3 2015-09-18 18:07 - 2015-09-18 18:07 - 00006168 _____ C:\WINDOWS\System32\Tasks\9fd7b578-79a8-4120-9970-c89d17e57c9e-1-7 2015-09-18 18:07 - 2015-09-18 18:07 - 00005824 _____ C:\WINDOWS\System32\Tasks\9fd7b578-79a8-4120-9970-c89d17e57c9e-1-6 2015-09-18 18:07 - 2015-09-18 18:07 - 00000000 ____D C:\Users\Christine\AppData\Local\globalUpdate 2015-09-18 18:07 - 2015-09-18 18:07 - 00000000 ____D C:\Program Files (x86)\globalUpdate 2015-09-18 18:07 - 2015-09-18 18:07 - 00000000 ____D C:\Program Files (x86)\e1e64e83-5d44-4a2e-b248-6abc5a869e31 2015-09-18 18:06 - 2015-09-18 19:19 - 00000004 _____ C:\WINDOWS\SysWOW64\029B560A371F4E00AB32838EBC01B9E7 2015-09-18 18:06 - 2015-09-18 19:06 - 00002138 _____ C:\WINDOWS\Tasks\9fd7b578-79a8-4120-9970-c89d17e57c9e-10_user.job 2015-09-18 18:06 - 2015-09-18 18:07 - 00000000 ____D C:\Users\Christine\AppData\Local\ZombieNews 2015-09-18 18:06 - 2015-09-18 18:07 - 00000000 ____D C:\ProgramData\vyJRqGIa 2015-09-18 18:06 - 2015-09-18 18:06 - 00000000 ____D C:\ProgramData\ZombieNews 2015-09-18 18:05 - 2015-09-18 18:08 - 00000000 ____D C:\Program Files (x86)\CinemaP-1.9cV18.09 2015-09-18 18:05 - 2015-09-18 18:05 - 00004210 _____ C:\WINDOWS\System32\Tasks\PhraseProfessor Auto Updater 1.10.0.21 Pending Update 2015-09-18 18:05 - 2015-09-18 18:05 - 00004200 _____ C:\WINDOWS\System32\Tasks\PhraseProfessor Auto Updater 1.10.0.21 Core 2015-09-18 18:05 - 2015-09-18 18:05 - 00000000 ____D C:\Program Files (x86)\ZombieNews 2015-09-18 18:04 - 2015-09-18 19:35 - 00000000 ____D C:\Users\Christine\AppData\Local\A04B8653-1442599488-5975-A32C-60A44C071572 2015-09-18 18:04 - 2015-09-18 18:05 - 00000000 ____D C:\Program Files (x86)\PhraseProfessor_1.10.0.21 2015-09-18 18:04 - 2015-09-18 18:04 - 00929953 _____ C:\WINDOWS\unins000.exe 2015-09-18 18:04 - 2015-09-18 18:04 - 00001152 _____ C:\WINDOWS\unins000.dat 2015-09-18 18:04 - 2015-09-18 18:04 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\(Default) 2015-09-18 18:04 - 2015-09-18 18:04 - 00000000 ____D C:\Program Files (x86)\ytd 2015-09-18 18:04 - 2015-06-29 21:11 - 08368733 _____ C:\Users\Public\Documents\windows.exe 2015-09-18 18:04 - 2013-08-22 09:25 - 00000824 _____ C:\WINDOWS\system32\Drivers\etc\hp.bak 2015-09-18 18:03 - 2015-09-18 18:19 - 00000000 ____D C:\Program Files (x86)\A04B8653-1442613792-5975-A32C-60A44C071572 2015-09-18 18:03 - 2015-09-18 18:03 - 00000000 ____D C:\Users\Christine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ASPackage 2015-09-18 18:03 - 2015-09-18 18:03 - 00000000 ____D C:\Users\Christine\AppData\Roaming\ASPackage 2015-09-18 18:02 - 2015-09-18 18:09 - 00000008 _____ C:\END 2015-09-18 18:02 - 2015-09-18 18:02 - 00000886 _____ C:\Users\Christine\Desktop\SpaceSoundPro.lnk 2015-09-18 18:02 - 2015-09-18 18:02 - 00000000 ____D C:\Users\Christine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpaceSoundPro 1.0 2015-09-18 18:02 - 2015-09-18 18:02 - 00000000 ____D C:\Program Files\SpaceSoundPro 2015-09-18 18:02 - 2015-09-18 18:02 - 00000000 ____D C:\Program Files (x86)\SpaceSondPro_v84.2437 2015-09-18 18:02 - 2015-09-18 18:02 - 00000000 ____D C:\Program Files (x86)\SpaceSondPro 2015-09-18 18:01 - 2015-09-18 18:01 - 00443200 _____ (wenjiqiwu) C:\ProgramData\alglcnqmicek.dll 2015-09-18 18:01 - 2015-09-18 18:01 - 00000000 _____ C:\ProgramData\inf.dat BHO: 电脑管家网页防火墙 -> {7C260B4B-F7A0-40B5-B403-BEFCDC6A4C3B} -> C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16575.227\TSWebMon64.dat [2015-09-18] (Tencent) BHO-x32: °®ÆæÒÕÖúÊÖ -> {FB4F6285-4C32-49F2-950F-A5998F9CEC6C} -> C:\IQIYI Video\Common\Accelerator\IEHelper.dll [2015-04-29] (爱奇艺) FF Plugin-x32: @iqiyi.com/npclient -> C:\IQIYI Video\LStyle\npclient.dll [2015-05-12] () FF Plugin-x32: @iqiyi.com/npWebPlayer -> C:\IQIYI Video\LStyle\npWebPlayer.dll [2015-04-29] (爱奇艺公司) FF Plugin HKU\S-1-5-21-755935381-1260166776-3288764244-1001: @iqiyi.com/npWebPlayer -> C:\IQIYI Video\LStyle\npWebPlayer.dll [2015-04-29] (爱奇艺公司) FF Plugin HKU\S-1-5-21-755935381-1260166776-3288764244-1001: @rising.com.cn/nprising -> C:\Program Files (x86)\Rising\RAV\nprising.dll [2013-06-27] (Beijing Rising Information Technology Co., Ltd.) CHR Extension: (电脑管家上网防护) - C:\Users\Christine\AppData\Local\Google\Chrome\User Data\Default\Extensions\ooebklgpfnbcnpokahmdidgbmlcdepkm [2015-09-18] CHR Extension: (CinemaPlus-3.2cV18.09) - C:\Users\Christine\AppData\Local\Google\Chrome\User Data\Default\Extensions\papbadoldddalgcjcicnikcfenodpghp [2015-09-18] S1 ppfd_vw_1_10_0_21; C:\Windows\System32\drivers\ppfd_vw_1_10_0_21.sys [57744 2015-07-28] (PhraseProfessor) S1 QMUdisk; C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16575.227\QMUdisk64.sys [80184 2015-09-14] (Tencent) S2 QQSysMonX64; C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16575.227\QQSysMonX64.sys [138040 2015-09-18] (电脑管家) 2015-09-18 18:36 - 2015-09-18 18:38 - 00000000 ____D C:\Users\Christine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\腾讯软件 2015-09-18 18:36 - 2015-09-18 18:36 - 00087864 _____ (电脑管家) C:\WINDOWS\system32\Drivers\TFsFltX64.sys 2015-09-18 18:36 - 2015-09-18 18:36 - 00000045 _____ C:\user.js 2015-09-18 18:00 - 2015-09-18 19:00 - 00000472 _____ C:\WINDOWS\Tasks\Adobe Flash box Files Update Ver 2015918.job 2015-09-18 18:00 - 2015-09-18 18:01 - 00000000 ____D C:\ProgramData\4997GameBox_Data 2015-09-18 18:00 - 2015-09-18 18:00 - 00003518 _____ C:\WINDOWS\System32\Tasks\Adobe Flash box Files Update Ver 2015918 2015-09-18 18:00 - 2015-09-18 18:00 - 00000000 ____D C:\Users\Christine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\7k7k游戏盒子(918) 2015-09-18 18:00 - 2015-09-18 18:00 - 00000000 ____D C:\Users\Christine\AppData\Local\Unity 2015-09-18 18:00 - 2015-09-18 18:00 - 00000000 ____D C:\Users\Christine\AppData\Local\SysassistByHotWheel 2015-09-18 18:00 - 2015-09-18 18:00 - 00000000 ____D C:\ProgramData\uiksdl201591822 2015-09-18 18:00 - 2015-09-18 18:00 - 00000000 ____D C:\ProgramData\adb 2015-09-18 17:59 - 2015-09-18 20:18 - 00000000 ____D C:\ProgramData\IQIYI Video 2015-09-18 17:59 - 2015-09-18 18:00 - 00000000 ____D C:\IQIYI Video 2015-09-18 17:59 - 2015-09-18 17:59 - 00000000 ____D C:\Users\Public\QiYi 2015-09-18 17:59 - 2015-09-18 17:59 - 00000000 ____D C:\Users\Christine\AppData\Roaming\IQIYI Video 2015-09-18 17:58 - 2015-09-18 17:58 - 00000000 ____D C:\Program Files (x86)\baidu 2015-09-18 17:57 - 2015-09-18 18:09 - 00000000 ____D C:\Users\Christine\Desktop\7z ZIP RAR 18.Sep.2015 17-57-00 2015-09-18 00:35 - 2015-09-18 00:35 - 00067416 _____ (Windows (R) Win 7 DDK provider) C:\WINDOWS\system32\Drivers\zmi3m2f2ohm1bdl.sys 2015-04-19 08:20 - 2015-04-19 08:20 - 0005872 _____ () C:\Users\Christine\AppData\Roaming\gekCi9oBuHwfRAF8tXCYeQ 2015-04-20 10:05 - 2015-04-20 10:05 - 1579520 _____ () C:\Users\Christine\AppData\Roaming\gekCi9oBuHwfRAF8tXCYeQ.exe 2015-04-19 08:20 - 2015-04-19 08:20 - 0005872 _____ () C:\Users\Christine\AppData\Roaming\HDsGsjbQj5an7sFL 2015-04-20 10:05 - 2015-04-20 10:05 - 1579520 _____ () C:\Users\Christine\AppData\Roaming\HDsGsjbQj5an7sFL.exe 2014-04-19 10:58 - 2014-04-19 10:58 - 0000021 _____ () C:\Users\Christine\AppData\Roaming\my_intel.sys 2013-09-08 12:42 - 2015-09-18 17:40 - 0000401 _____ () C:\Users\Christine\AppData\Roaming\sp_data.sys 2015-09-18 18:01 - 2015-09-18 18:01 - 0443200 _____ (wenjiqiwu) C:\ProgramData\alglcnqmicek.dll 2015-09-18 18:01 - 2015-09-18 18:01 - 0000000 _____ () C:\ProgramData\inf.dat 2012-11-27 14:26 - 2012-09-07 07:40 - 0000256 _____ () C:\ProgramData\SetStretch.cmd 2012-11-27 14:26 - 2009-07-22 06:04 - 0024576 _____ () C:\ProgramData\SetStretch.exe 2012-11-27 14:26 - 2012-09-07 07:37 - 0000103 _____ () C:\ProgramData\SetStretch.VBS C:\Users\Christine\AppData\Local\Temp\WIZZ\ioproduct_service.bat C:\ProgramData\alglcnqmicek.dll C:\ProgramData\inf.dat C:\ProgramData\SetStretch.VBS CustomCLSID: HKU\S-1-5-21-755935381-1260166776-3288764244-1001_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Christine\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll No File CustomCLSID: HKU\S-1-5-21-755935381-1260166776-3288764244-1001_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\Christine\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll No File CustomCLSID: HKU\S-1-5-21-755935381-1260166776-3288764244-1001_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Christine\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll No File CustomCLSID: HKU\S-1-5-21-755935381-1260166776-3288764244-1001_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Users\Christine\AppData\Local\Google\Update\1.3.28.1\psuser_64.dll No File CustomCLSID: HKU\S-1-5-21-755935381-1260166776-3288764244-1001_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}\InprocServer32 -> C:\Users\Christine\AppData\Local\Google\Update\1.3.28.13\psuser_64.dll No File CustomCLSID: HKU\S-1-5-21-755935381-1260166776-3288764244-1001_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Christine\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll No File CustomCLSID: HKU\S-1-5-21-755935381-1260166776-3288764244-1001_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\Christine\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll No File CustomCLSID: HKU\S-1-5-21-755935381-1260166776-3288764244-1001_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Christine\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f Reg: Reg Delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg" /F Reg: Reg Add "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg" /F RemoveProxy: CMD: netsh advfirewall reset CMD: netsh advfirewall set allprofiles state ON CMD: ipconfig /flushdns CMD: netsh winsock reset catalog CMD: netsh int ip reset c:\resetlog.txt CMD: ipconfig /release CMD: ipconfig /renew CMD: netsh int ipv4 reset CMD: netsh int ipv6 reset EmptyTemp: CMD: bitsadmin /reset /allusers ***************** Error: Restore point can only be created in normal mode. HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\SpaceSoundPro => value removed successfully HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\shopperz170920151519 => value removed successfully HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\shopperz17092015151964 => value removed successfully HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\smallbox => value removed successfully HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\SmartWeb => value removed successfully HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ QQPCTray => value removed successfully HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\RSDTRAY => value removed successfully HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\RavTRAY => value removed successfully HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\\IOPROTECT => value removed successfully HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\\Update => value removed successfully HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\\rsrunproc => value removed successfully HKU\S-1-5-21-755935381-1260166776-3288764244-1001\Software\Microsoft\Windows\CurrentVersion\Run\\apphide => value removed successfully HKU\S-1-5-21-755935381-1260166776-3288764244-1001\Software\Microsoft\Windows\CurrentVersion\Run\\HCDNClient => value removed successfully HKU\S-1-5-21-755935381-1260166776-3288764244-1001\Software\Microsoft\Windows\CurrentVersion\Run\\Application => value removed successfully HKU\S-1-5-21-755935381-1260166776-3288764244-1001\Software\Microsoft\Windows\CurrentVersion\Run\\GoogleChromeAutoLaunch_1893FD521B79CDAB1CE329917B5C6AAE => value removed successfully HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\RunOnce\\Application Restart #0 => value removed successfully "HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive1" => key removed successfully HKCR\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A} => key not found. "HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive2" => key removed successfully HKCR\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => key not found. "HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive3" => key removed successfully HKCR\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524} => key not found. "HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\.QMDeskTopGCIcon" => key removed successfully "HKCR\CLSID\{B7667919-3765-4815-A66D-98A09BE662D6}" => key removed successfully "HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\Fatlfn" => key removed successfully "HKCR\CLSID\{646BAAE7-7538-4866-8EEE-974C0AA910AB}" => key removed successfully "HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive1" => key removed successfully HKCR\Wow6432Node\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A} => key not found. "HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive2" => key removed successfully HKCR\Wow6432Node\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => key not found. "HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive3" => key removed successfully HKCR\Wow6432Node\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524} => key not found. "HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\Fatlfn" => key removed successfully "HKCR\Wow6432Node\CLSID\{646BAAE7-7538-4866-8EEE-974C0AA910AB}" => key removed successfully C:\Users\Christine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\crossbrowse.lnk => moved successfully C:\Program Files (x86)\Crossbrowse\Crossbrowse\Application\crossbrowse.exe => moved successfully C:\Users\Christine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SmartWeb.lnk => moved successfully C:\Users\Christine\AppData\Local\SmartWeb\SmartWebHelper.exe => moved successfully "HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully HKU\S-1-5-21-755935381-1260166776-3288764244-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully "HKU\S-1-5-21-755935381-1260166776-3288764244-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{A060E7FB-91F5-4c7c-BD0F-4A11A581D878}" => key removed successfully HKCR\CLSID\{A060E7FB-91F5-4c7c-BD0F-4A11A581D878} => key not found. "HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0AEDF00D-4C89-468A-82F1-4ABF8E85A3B2}" => key removed successfully "HKCR\Wow6432Node\CLSID\{0AEDF00D-4C89-468A-82F1-4ABF8E85A3B2}" => key removed successfully "HKLM\Software\MozillaPlugins\@iqiyi.com/npclient" => key removed successfully C:\IQIYI Video\LStyle\npclient.dll => moved successfully "HKLM\Software\MozillaPlugins\@iqiyi.com/npWebPlayer" => key removed successfully C:\IQIYI Video\LStyle\npWebPlayer.dll => moved successfully "HKLM\Software\Wow6432Node\MozillaPlugins\@qq.com/QQPCMgr" => key removed successfully C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16575.227\npQMExtensionsMozilla.dll => moved successfully "HKLM\Software\Wow6432Node\MozillaPlugins\@rising.com.cn/nprising" => key removed successfully C:\Program Files (x86)\Rising\RAV\nprising.dll => moved successfully "HKLM\Software\Wow6432Node\MozillaPlugins\@staging.google.com/globalUpdate Update;version=10" => key removed successfully C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npglobalupdateUpdate4.dll => moved successfully "HKLM\Software\Wow6432Node\MozillaPlugins\@staging.google.com/globalUpdate Update;version=4" => key removed successfully C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npglobalupdateUpdate4.dll => not found. HKLM\Software\Mozilla\Firefox\Extensions\\{0AEDF00D-4C89-468A-82F1-4ABF8E85A3B2} => value removed successfully C:\Program Files\shopperz170920151519\Firefox => moved successfully FF Extension: shopperz170920151519 - C:\Program Files\shopperz170920151519\Firefox [2015-09-18] => not found HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensions\\{0AEDF00D-4C89-468A-82F1-4ABF8E85A3B2} => value removed successfully 14B0C7EE-1958-4206-8F30-4F58C3C06807 => service removed successfully csrcc => service removed successfully dipubibu => service removed successfully globalUpdate => service removed successfully globalUpdatem => service removed successfully gyvixodu => service removed successfully lehicewu => service removed successfully ppsvc_1.10.0.21 => service removed successfully QQPCRTP => Unable to stop service. QQPCRTP => service removed successfully RsMgrSvc => service removed successfully RsRavMon => service removed successfully shopperz170920151519 Updater => service removed successfully TAOFrame => service removed successfully XZobVxbd => service removed successfully xypyvoge => service removed successfully rsutils => service removed successfully sysmon => Unable to stop service. sysmon => service removed successfully TAOAccelerator => service removed successfully TAOKernelDriver => service removed successfully TFsFlt => service removed successfully TS888x64 => service removed successfully TSDefenseBt => service removed successfully TSSysKit => service removed successfully C:\rising.ini => moved successfully C:\RavBin => moved successfully C:\ProgramData\TXQMPC => moved successfully C:\WINDOWS\SysWOW64\vpatch.dll => moved successfully C:\Users\Christine\AppData\Roaming\WB_CFG => moved successfully C:\WINDOWS\system32\Drivers\sysmon.sys => moved successfully C:\WINDOWS\system32\Drivers\rsutils.sys => moved successfully C:\WINDOWS\system32\ravext64.dll => moved successfully C:\WINDOWS\SysWOW64\ravext.dll => moved successfully C:\WINDOWS\SysWOW64\bsmain.exe => moved successfully C:\WINDOWS\system32\Drivers\rsndisp.sys => moved successfully C:\ProgramData\Rising => moved successfully C:\Program Files (x86)\Rising => moved successfully C:\WINDOWS\Tasks\QQBrowser Udpater Task(Core).job => moved successfully C:\WINDOWS\Tasks\QQBrowser Udpater Task.job => moved successfully C:\WINDOWS\System32\Tasks\Waaru => moved successfully C:\WINDOWS\System32\Tasks\QQBrowser Udpater Task => moved successfully C:\WINDOWS\System32\Tasks\QQBrowser Udpater Task(Core) => moved successfully C:\WINDOWS\system32\Drivers\TAOAccelerator64.sys => moved successfully C:\Program Files\Common Files\Tencent => moved successfully C:\Program Files\shopperz170920151519 => moved successfully C:\WINDOWS\system32\Drivers\TAOKernel64.sys => moved successfully Could not move "C:\WINDOWS\system32\Drivers\cherimoya.sys" => Scheduled to move on reboot. C:\Users\Christine\AppData\Roaming\Tencent => moved successfully "C:\Program Files (x86)\Tencent" folder move: Could not move "C:\Program Files (x86)\Tencent" => Scheduled to move on reboot. "C:\ProgramData\Tencent" folder move: Could not move "C:\ProgramData\Tencent" => Scheduled to move on reboot. C:\Users\Christine\AppData\Roaming\AnyProtectEx => moved successfully C:\Program Files (x86)\AnyProtectEx => moved successfully C:\WINDOWS\Tasks\75079631-40cc-4325-b3b8-8e362ad582a7-5_user.job => moved successfully C:\WINDOWS\Tasks\75079631-40cc-4325-b3b8-8e362ad582a7-5.job => moved successfully C:\WINDOWS\Tasks\gekCi9oBuHwfRAF8tXCYeQ.job => moved successfully C:\WINDOWS\System32\Tasks\75079631-40cc-4325-b3b8-8e362ad582a7-5 => moved successfully C:\WINDOWS\System32\Tasks\gekCi9oBuHwfRAF8tXCYeQ => moved successfully C:\WINDOWS\Tasks\75079631-40cc-4325-b3b8-8e362ad582a7-1-7.job => moved successfully C:\WINDOWS\Tasks\75079631-40cc-4325-b3b8-8e362ad582a7-1-6.job => moved successfully C:\WINDOWS\System32\Tasks\75079631-40cc-4325-b3b8-8e362ad582a7-1-7 => moved successfully C:\WINDOWS\System32\Tasks\75079631-40cc-4325-b3b8-8e362ad582a7-1-6 => moved successfully C:\WINDOWS\Tasks\75079631-40cc-4325-b3b8-8e362ad582a7-7.job => moved successfully C:\WINDOWS\Tasks\75079631-40cc-4325-b3b8-8e362ad582a7-6.job => moved successfully C:\WINDOWS\System32\Tasks\75079631-40cc-4325-b3b8-8e362ad582a7-6 => moved successfully C:\WINDOWS\System32\Tasks\75079631-40cc-4325-b3b8-8e362ad582a7-7 => moved successfully C:\Program Files (x86)\564d6902-f317-4685-98cb-a4bee8930b2a => moved successfully C:\WINDOWS\Tasks\75079631-40cc-4325-b3b8-8e362ad582a7-3.job => moved successfully C:\WINDOWS\Tasks\75079631-40cc-4325-b3b8-8e362ad582a7-10_user.job => moved successfully C:\WINDOWS\System32\Tasks\75079631-40cc-4325-b3b8-8e362ad582a7-3 => moved successfully C:\Program Files (x86)\CinemaPlus-3.2cV18.09 => moved successfully C:\Users\Public\Documents\test.txt => moved successfully C:\WINDOWS\Tasks\MyBrowser.job => moved successfully C:\Users\Christine\AppData\Local\SmartWeb => moved successfully C:\WINDOWS\System32\Tasks\MyBrowser => moved successfully C:\Users\Public\Desktop\MyBrowser.lnk => moved successfully C:\Users\Christine\AppData\Local\MyBrowser => moved successfully C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MyBrowser => moved successfully C:\Program Files (x86)\MyBrowser => moved successfully C:\WINDOWS\System32\Tasks\Jepenrek => moved successfully C:\ProgramData\Jepenrek => moved successfully C:\WINDOWS\Tasks\Crossbrowse.job => moved successfully C:\WINDOWS\System32\Tasks\Crossbrowse => moved successfully C:\Users\Public\Desktop\Crossbrowse.lnk => moved successfully C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Crossbrowse => moved successfully C:\Program Files (x86)\Smwyyntm1ndi1zdz => moved successfully C:\WINDOWS\System32\Tasks\Global Updates AT - zkc3bgfvogi1ytl => moved successfully C:\WINDOWS\System32\Tasks\Maintenance Service-zkq3t2ftoei1ltl => moved successfully C:\Users\Christine\AppData\Local\zkq3t2ftoei1ltl => moved successfully C:\Users\Christine\AppData\Local\zkc3bgfvogi1ytl => moved successfully C:\Program Files (x86)\Crossbrowse => moved successfully C:\WINDOWS\Tasks\9fd7b578-79a8-4120-9970-c89d17e57c9e-5_user.job => moved successfully C:\WINDOWS\Tasks\9fd7b578-79a8-4120-9970-c89d17e57c9e-5.job => moved successfully C:\WINDOWS\Tasks\HDsGsjbQj5an7sFL.job => moved successfully C:\WINDOWS\System32\Tasks\9fd7b578-79a8-4120-9970-c89d17e57c9e-5 => moved successfully C:\WINDOWS\System32\Tasks\HDsGsjbQj5an7sFL => moved successfully C:\WINDOWS\Tasks\9fd7b578-79a8-4120-9970-c89d17e57c9e-7.job => moved successfully C:\WINDOWS\Tasks\9fd7b578-79a8-4120-9970-c89d17e57c9e-3.job => moved successfully C:\WINDOWS\Tasks\9fd7b578-79a8-4120-9970-c89d17e57c9e-1-7.job => moved successfully C:\WINDOWS\Tasks\9fd7b578-79a8-4120-9970-c89d17e57c9e-6.job => moved successfully C:\WINDOWS\Tasks\9fd7b578-79a8-4120-9970-c89d17e57c9e-1-6.job => moved successfully C:\WINDOWS\Tasks\globalUpdateUpdateTaskMachineUA.job => moved successfully C:\WINDOWS\Tasks\globalUpdateUpdateTaskMachineCore.job => moved successfully C:\WINDOWS\System32\Tasks\globalUpdateUpdateTaskMachineUA => moved successfully C:\WINDOWS\System32\Tasks\globalUpdateUpdateTaskMachineCore => moved successfully C:\WINDOWS\System32\Tasks\9fd7b578-79a8-4120-9970-c89d17e57c9e-6 => moved successfully C:\WINDOWS\System32\Tasks\9fd7b578-79a8-4120-9970-c89d17e57c9e-7 => moved successfully C:\WINDOWS\System32\Tasks\9fd7b578-79a8-4120-9970-c89d17e57c9e-3 => moved successfully C:\WINDOWS\System32\Tasks\9fd7b578-79a8-4120-9970-c89d17e57c9e-1-7 => moved successfully C:\WINDOWS\System32\Tasks\9fd7b578-79a8-4120-9970-c89d17e57c9e-1-6 => moved successfully C:\Users\Christine\AppData\Local\globalUpdate => moved successfully C:\Program Files (x86)\globalUpdate => moved successfully C:\Program Files (x86)\e1e64e83-5d44-4a2e-b248-6abc5a869e31 => moved successfully C:\WINDOWS\SysWOW64\029B560A371F4E00AB32838EBC01B9E7 => moved successfully C:\WINDOWS\Tasks\9fd7b578-79a8-4120-9970-c89d17e57c9e-10_user.job => moved successfully C:\Users\Christine\AppData\Local\ZombieNews => moved successfully C:\ProgramData\vyJRqGIa => moved successfully C:\ProgramData\ZombieNews => moved successfully C:\Program Files (x86)\CinemaP-1.9cV18.09 => moved successfully C:\WINDOWS\System32\Tasks\PhraseProfessor Auto Updater 1.10.0.21 Pending Update => moved successfully C:\WINDOWS\System32\Tasks\PhraseProfessor Auto Updater 1.10.0.21 Core => moved successfully C:\Program Files (x86)\ZombieNews => moved successfully C:\Users\Christine\AppData\Local\A04B8653-1442599488-5975-A32C-60A44C071572 => moved successfully C:\Program Files (x86)\PhraseProfessor_1.10.0.21 => moved successfully C:\WINDOWS\unins000.exe => moved successfully C:\WINDOWS\unins000.dat => moved successfully C:\ProgramData\Microsoft\Windows\Start Menu\Programs\(Default) => moved successfully C:\Program Files (x86)\ytd => moved successfully C:\Users\Public\Documents\windows.exe => moved successfully C:\WINDOWS\system32\Drivers\etc\hp.bak => moved successfully C:\Program Files (x86)\A04B8653-1442613792-5975-A32C-60A44C071572 => moved successfully C:\Users\Christine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ASPackage => moved successfully C:\Users\Christine\AppData\Roaming\ASPackage => moved successfully C:\END => moved successfully C:\Users\Christine\Desktop\SpaceSoundPro.lnk => moved successfully C:\Users\Christine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpaceSoundPro 1.0 => moved successfully C:\Program Files\SpaceSoundPro => moved successfully C:\Program Files (x86)\SpaceSondPro_v84.2437 => moved successfully C:\Program Files (x86)\SpaceSondPro => moved successfully C:\ProgramData\alglcnqmicek.dll => moved successfully C:\ProgramData\inf.dat => moved successfully "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7C260B4B-F7A0-40B5-B403-BEFCDC6A4C3B}" => key removed successfully "HKCR\CLSID\{7C260B4B-F7A0-40B5-B403-BEFCDC6A4C3B}" => key removed successfully "HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FB4F6285-4C32-49F2-950F-A5998F9CEC6C}" => key removed successfully "HKCR\Wow6432Node\CLSID\{FB4F6285-4C32-49F2-950F-A5998F9CEC6C}" => key removed successfully "HKLM\Software\Wow6432Node\MozillaPlugins\@iqiyi.com/npclient" => key removed successfully C:\IQIYI Video\LStyle\npclient.dll => not found. "HKLM\Software\Wow6432Node\MozillaPlugins\@iqiyi.com/npWebPlayer" => key removed successfully C:\IQIYI Video\LStyle\npWebPlayer.dll => not found. "HKU\S-1-5-21-755935381-1260166776-3288764244-1001\Software\MozillaPlugins\@iqiyi.com/npWebPlayer" => key removed successfully C:\IQIYI Video\LStyle\npWebPlayer.dll => not found. "HKU\S-1-5-21-755935381-1260166776-3288764244-1001\Software\MozillaPlugins\@rising.com.cn/nprising" => key removed successfully C:\Program Files (x86)\Rising\RAV\nprising.dll => not found. C:\Users\Christine\AppData\Local\Google\Chrome\User Data\Default\Extensions\ooebklgpfnbcnpokahmdidgbmlcdepkm => moved successfully C:\Users\Christine\AppData\Local\Google\Chrome\User Data\Default\Extensions\papbadoldddalgcjcicnikcfenodpghp => moved successfully ppfd_vw_1_10_0_21 => service removed successfully QMUdisk => service removed successfully QQSysMonX64 => service removed successfully C:\Users\Christine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\腾讯软件 => moved successfully C:\WINDOWS\system32\Drivers\TFsFltX64.sys => moved successfully C:\user.js => moved successfully C:\WINDOWS\Tasks\Adobe Flash box Files Update Ver 2015918.job => moved successfully C:\ProgramData\4997GameBox_Data => moved successfully C:\WINDOWS\System32\Tasks\Adobe Flash box Files Update Ver 2015918 => moved successfully C:\Users\Christine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\7k7k游戏盒子(918) => moved successfully C:\Users\Christine\AppData\Local\Unity => moved successfully C:\Users\Christine\AppData\Local\SysassistByHotWheel => moved successfully C:\ProgramData\uiksdl201591822 => moved successfully C:\ProgramData\adb => moved successfully C:\ProgramData\IQIYI Video => moved successfully C:\IQIYI Video => moved successfully C:\Users\Public\QiYi => moved successfully C:\Users\Christine\AppData\Roaming\IQIYI Video => moved successfully C:\Program Files (x86)\baidu => moved successfully C:\Users\Christine\Desktop\7z ZIP RAR 18.Sep.2015 17-57-00 => moved successfully C:\WINDOWS\system32\Drivers\zmi3m2f2ohm1bdl.sys => moved successfully C:\Users\Christine\AppData\Roaming\gekCi9oBuHwfRAF8tXCYeQ => moved successfully C:\Users\Christine\AppData\Roaming\gekCi9oBuHwfRAF8tXCYeQ.exe => moved successfully C:\Users\Christine\AppData\Roaming\HDsGsjbQj5an7sFL => moved successfully C:\Users\Christine\AppData\Roaming\HDsGsjbQj5an7sFL.exe => moved successfully C:\Users\Christine\AppData\Roaming\my_intel.sys => moved successfully C:\Users\Christine\AppData\Roaming\sp_data.sys => moved successfully "C:\ProgramData\alglcnqmicek.dll" => File/Folder not found. "C:\ProgramData\inf.dat" => File/Folder not found. C:\ProgramData\SetStretch.cmd => moved successfully C:\ProgramData\SetStretch.exe => moved successfully C:\ProgramData\SetStretch.VBS => moved successfully C:\Users\Christine\AppData\Local\Temp\WIZZ\ioproduct_service.bat => moved successfully "C:\ProgramData\alglcnqmicek.dll" => File/Folder not found. "C:\ProgramData\inf.dat" => File/Folder not found. "C:\ProgramData\SetStretch.VBS" => File/Folder not found. "HKU\S-1-5-21-755935381-1260166776-3288764244-1001_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}" => key removed successfully "HKU\S-1-5-21-755935381-1260166776-3288764244-1001_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}" => key removed successfully "HKU\S-1-5-21-755935381-1260166776-3288764244-1001_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}" => key removed successfully "HKU\S-1-5-21-755935381-1260166776-3288764244-1001_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}" => key removed successfully "HKU\S-1-5-21-755935381-1260166776-3288764244-1001_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}" => key removed successfully "HKU\S-1-5-21-755935381-1260166776-3288764244-1001_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}" => key removed successfully "HKU\S-1-5-21-755935381-1260166776-3288764244-1001_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}" => key removed successfully "HKU\S-1-5-21-755935381-1260166776-3288764244-1001_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}" => key removed successfully ========= reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f ========= The operation completed successfully. ========= End of Reg: ========= ========= reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f ========= The operation completed successfully. ========= End of Reg: ========= ========= Reg Delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg" /F ========= ERROR: The system was unable to find the specified registry key or value. ========= End of Reg: ========= ========= Reg Add "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg" /F ========= The operation completed successfully. ========= End of Reg: ========= ========= RemoveProxy: ========= HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully HKU\S-1-5-21-755935381-1260166776-3288764244-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully HKU\S-1-5-21-755935381-1260166776-3288764244-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully ========= End of RemoveProxy: ========= ========= netsh advfirewall reset ========= An error occurred while attempting to contact the Windows Firewall service. Make sure that the service is running and try your request again. ========= End of CMD: ========= ========= netsh advfirewall set allprofiles state ON ========= An error occurred while attempting to contact the Windows Firewall service. Make sure that the service is running and try your request again. ========= End of CMD: ========= ========= ipconfig /flushdns ========= Windows IP Configuration Could not flush the DNS Resolver Cache: Function failed during execution. ========= End of CMD: ========= ========= netsh winsock reset catalog ========= Sucessfully reset the Winsock Catalog. You must restart the computer in order to complete the reset. ========= End of CMD: ========= ========= netsh int ip reset c:\resetlog.txt ========= There's no user specified settings to be reset. ========= End of CMD: ========= ========= ipconfig /release ========= Windows IP Configuration ========= End of CMD: ========= ========= ipconfig /renew ========= Windows IP Configuration ========= End of CMD: ========= ========= netsh int ipv4 reset ========= There's no user specified settings to be reset. ========= End of CMD: ========= ========= netsh int ipv6 reset ========= There's no user specified settings to be reset. ========= End of CMD: ========= ========= bitsadmin /reset /allusers ========= BITSADMIN version 3.0 [ 7.7.9600 ] BITS administration utility. (C) Copyright 2000-2006 Microsoft Corp. BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows. Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets. Unable to connect to BITS - 0x8007042c ========= End of CMD: ========= EmptyTemp: => 1.2 GB temporary data Removed. Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 2015-09-19 12:56:09)<= "C:\WINDOWS\system32\Drivers\cherimoya.sys" => Could not move C:\Program Files (x86)\Tencent => moved successfully C:\ProgramData\Tencent => Is moved successfully ==== End of Fixlog 12:56:11 ====