CreateRestorePoint: (FileProperties_CompanyName) C:\Program Files (x86)\help4u\help4u_notification_service.exe C:\Program Files (x86)\help4u\ HKLM-x32\...\Run: [] => [X] HKLM\...\Policies\Explorer: [TaskbarNoNotification] 1 HKLM\...\Policies\Explorer: [HideSCAHealth] 1 HKU\S-1-5-21-1232603322-3645337139-1979953262-1001\...\Run: [TornTv Downloader] => C:\Users\Rifandi\AppData\Roaming\TornTV.com\Torntv Downloader.exe /c=startup HKU\S-1-5-21-1232603322-3645337139-1979953262-1001\...\Run: [Only-search] => C:\Users\Rifandi\AppData\Local\onlysearch\onlysearch\1.3.15.4\onlysearch.exe AppInit_DLLs: C:\PROGRA~2\SupTab\SEARCH~2.DLL => C:\Program Files (x86)\SupTab\SearchProtect64.dll [96768 2014-03-05] (Skytech Co., Ltd.) AppInit_DLLs-x32: C:\PROGRA~2\SupTab\SEARCH~1.DLL => C:\Program Files (x86)\SupTab\SearchProtect32.dll [85504 2014-03-05] (Skytech Co., Ltd.) Startup: C:\Users\Rifandi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TornTvDownloader.lnk [2014-10-30] ShortcutTarget: TornTvDownloader.lnk -> C:\Users\Rifandi\AppData\Roaming\TornTV.com\TornTV Downloader.exe (No File) GroupPolicy: Restriction - Chrome <======= ATTENTION CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.qone8.com/?type=hp&ts=1395502286&from=ild&uid=ST1000LM024XHN-M101MBB_S2U5J9KD102731 HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.qone8.com/web/?type=ds&ts=1395502286&from=ild&uid=ST1000LM024XHN-M101MBB_S2U5J9KD102731&q={searchTerms} HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.qone8.com/web/?type=ds&ts=1395502286&from=ild&uid=ST1000LM024XHN-M101MBB_S2U5J9KD102731&q={searchTerms} HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://start.qone8.com/?type=hp&ts=1395502286&from=ild&uid=ST1000LM024XHN-M101MBB_S2U5J9KD102731 SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.qone8.com/web/?type=ds&ts=1395502286&from=ild&uid=ST1000LM024XHN-M101MBB_S2U5J9KD102731&q={searchTerms} SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=irmsd0103&cd=2XzuyEtN2Y1L1QzutB0C0DtDyD0AtCtAzz0CyCyCyB0E0D0EtN0D0Tzu0SyByCyDtN1L2XzutBtFtBtFtCyDtFtCyCtAtCtN1L1CzutBtAtDtC1N1R&cr=1961462397&ir= SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.qone8.com/web/?type=ds&ts=1395502286&from=ild&uid=ST1000LM024XHN-M101MBB_S2U5J9KD102731&q={searchTerms} SearchScopes: HKLM-x32 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.qone8.com/web/?type=ds&ts=1395502286&from=ild&uid=ST1000LM024XHN-M101MBB_S2U5J9KD102731&q={searchTerms} SearchScopes: HKU\S-1-5-21-1232603322-3645337139-1979953262-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=irmsd0103&cd=2XzuyEtN2Y1L1QzutB0C0DtDyD0AtCtAzz0CyCyCyB0E0D0EtN0D0Tzu0SyByCyDtN1L2XzutBtFtBtFtCyDtFtCyCtAtCtN1L1CzutBtAtDtC1N1R&cr=1961462397&ir= SearchScopes: HKU\S-1-5-21-1232603322-3645337139-1979953262-1001 -> {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://www.only-search.com/?q={searchTerms}&babsrc=SP_ss&mntrId=B6BD2ED05A138C66&affID=129300&tsp=5416 SearchScopes: HKU\S-1-5-21-1232603322-3645337139-1979953262-1001 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.qone8.com/web/?type=ds&ts=1395502286&from=ild&uid=ST1000LM024XHN-M101MBB_S2U5J9KD102731&q={searchTerms} BHO-x32: mysearchdial Helper Object -> {EF5625A3-37AB-4BDB-9875-2A3D91CD0DFD} -> C:\Program Files (x86)\Mysearchdial\1.8.21.0\bh\mysearchdial.dll [2014-02-04] (MySearchDial) Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File Toolbar: HKLM-x32 - mysearchdial Toolbar - {3004627E-F8E9-4E8B-909D-316753CBA923} - C:\Program Files (x86)\Mysearchdial\1.8.21.0\mysearchdialTlbr.dll [2014-02-04] (MySearchDial) StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe hxxp://start.qone8.com/?type=sc&ts=1395502286&from=ild&uid=ST1000LM024XHN-M101MBB_S2U5J9KD102731 FF Plugin-x32: @staging.google.com/globalUpdate Update;version=10 -> C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll [No File] FF Plugin-x32: @staging.google.com/globalUpdate Update;version=4 -> C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll [No File] FF SearchPlugin: C:\Users\Rifandi\AppData\Roaming\Mozilla\Firefox\Profiles\ly7cncgi.default\searchplugins\MyOnlineSearch.xml [2014-10-30] FF SearchPlugin: C:\Users\Rifandi\AppData\Roaming\Mozilla\Firefox\Profiles\ly7cncgi.default\searchplugins\onlysearchkms.xml [2014-10-30] FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\qone8.xml [2014-03-22] CHR Extension: (YYTBoOkMark) - C:\Users\Rifandi\AppData\Local\Google\Chrome\User Data\Default\Extensions\kmjboicapmacdaecgldenkpdcdkkifgc [2014-02-04] CHR Extension: (gREatSaveer) - C:\Users\Rifandi\AppData\Local\Google\Chrome\User Data\Default\Extensions\oefifkdlbdfmnhdkbagencoidhfjcich [2014-02-04] 2015-09-10 15:23 - 2015-09-10 15:23 - 01415680 _____ (wj32) C:\Program Files\ZNZUJ1KC.exe 2015-09-10 15:23 - 2015-09-10 15:23 - 01415680 _____ (wj32) C:\Program Files\YB8FRRCJ.exe 2015-09-10 15:23 - 2015-09-10 15:23 - 01415680 _____ (wj32) C:\Program Files\X1ZWBCHI.exe 2015-09-10 15:23 - 2015-09-10 15:23 - 01415680 _____ (wj32) C:\Program Files\W04V9Y20.exe 2015-09-10 15:23 - 2015-09-10 15:23 - 01415680 _____ (wj32) C:\Program Files\R5UVZL04.exe 2015-09-10 15:23 - 2015-09-10 15:23 - 01415680 _____ (wj32) C:\Program Files\ICJKVJ4B.exe 2015-09-10 15:23 - 2015-09-10 15:23 - 01415680 _____ (wj32) C:\Program Files\9GOV2WKR.exe 2015-09-10 15:23 - 2015-09-10 15:23 - 01415680 _____ (wj32) C:\Program Files\39Y7K2I0.exe 2015-09-10 15:23 - 2015-09-10 15:23 - 01415680 _____ (wj32) C:\Program Files\31XFGLPK.exe 2015-09-10 15:19 - 2015-09-10 15:19 - 01415680 _____ (wj32) C:\Program Files\AET6IA57.exe 2015-09-10 15:05 - 2015-09-10 15:05 - 01415680 _____ (wj32) C:\Program Files\TUYNETRG.exe 2015-09-03 11:16 - 2015-09-03 11:16 - 01415680 _____ (wj32) C:\Program Files\O6YOYI62.exe 2015-09-03 11:16 - 2015-09-03 11:16 - 01415680 _____ (wj32) C:\Program Files\B3T3NBZJ.exe 2015-09-03 09:54 - 2015-09-03 09:54 - 01415680 _____ (wj32) C:\Program Files\J5PP7DXH.exe 2015-08-30 23:33 - 2015-08-30 23:33 - 01415680 _____ (wj32) C:\Program Files\9TAOZDU8.exe 2015-08-30 23:32 - 2015-08-30 23:32 - 01415680 _____ (wj32) C:\Program Files\2WKICE8A.exe 2015-09-19 04:03 - 2015-04-06 23:03 - 00001302 _____ C:\Windows\Tasks\help4u_notification_service.job 2015-09-19 04:03 - 2015-04-06 23:03 - 00000664 _____ C:\Windows\Tasks\help4u_updating_service.job 2014-11-18 16:11 - 2014-11-18 16:11 - 0000000 _____ () C:\Users\Rifandi\AppData\Local\{28B07EFD-C22E-4EAF-BB9A-886224995B4E} 2014-11-22 20:25 - 2014-11-22 20:25 - 0000000 _____ () C:\Users\Rifandi\AppData\Local\{918915E7-62D3-4955-BD85-3C711153C0F0} 2014-11-21 17:59 - 2014-11-21 17:59 - 0000000 _____ () C:\Users\Rifandi\AppData\Local\{DE111176-0A34-4308-8E0C-5FC04B4A97A7} 2013-08-22 10:56 - 2013-08-22 10:56 - 68792320 ___SH () C:\ProgramData\msctqoijn.exe Task: {2AAB2F86-2217-46D4-8004-88F4A8F9C72E} - System32\Tasks\help4u_notification_service => C:\Program Files (x86)\help4u\help4u_notification_service.exe [2015-04-06] (FileProperties_CompanyName) <==== ATTENTION Task: {A1EEE3CA-8222-464D-BD7C-0E48D2C118DF} - System32\Tasks\help4u_updating_service => C:\Program Files (x86)\help4u\help4u_updating_service.exe [2015-04-06] () <==== ATTENTION Task: {C5EA213E-BFBF-436F-B6B2-DF62BD727E8A} - System32\Tasks\EPUpdater => C:\Users\Rifandi\AppData\Roaming\BabSolution\Shared\BabMaint.exe [2013-12-12] () <==== ATTENTION Task: C:\Windows\Tasks\64b5c250-015d-48b5-b157-300a8e3bfe82.job => C:\Program Files (x86)\SavePass 1.1\64b5c250-015d-48b5-b157-300a8e3bfe82.exe <==== ATTENTION Task: C:\Windows\Tasks\c04fc0ec-79d8-4759-ba86-ee0ffb49fea0-1.job => C:\Program Files (x86)\SavePass 1.1\SavePass 1.1-codedownloader.exe <==== ATTENTION Task: C:\Windows\Tasks\c04fc0ec-79d8-4759-ba86-ee0ffb49fea0-11.job => C:\Program Files (x86)\SavePass 1.1\c04fc0ec-79d8-4759-ba86-ee0ffb49fea0-11.exe <==== ATTENTION Task: C:\Windows\Tasks\c04fc0ec-79d8-4759-ba86-ee0ffb49fea0-2.job => C:\Program Files (x86)\SavePass 1.1\c04fc0ec-79d8-4759-ba86-ee0ffb49fea0-2.exe <==== ATTENTION Task: C:\Windows\Tasks\c04fc0ec-79d8-4759-ba86-ee0ffb49fea0-5.job => C:\Program Files (x86)\SavePass 1.1\c04fc0ec-79d8-4759-ba86-ee0ffb49fea0-5.exe <==== ATTENTION Task: C:\Windows\Tasks\c04fc0ec-79d8-4759-ba86-ee0ffb49fea0-5_user.job => C:\Program Files (x86)\SavePass 1.1\c04fc0ec-79d8-4759-ba86-ee0ffb49fea0-5.exe <==== ATTENTION Task: C:\Windows\Tasks\c6f17427-280e-44d4-88bc-561c1fe0d308.job => C:\Program Files (x86)\SavePass 1.1\c6f17427-280e-44d4-88bc-561c1fe0d308.exeȘ/agentregpath='SavePass 1.1' /appid=63429 /srcid='001504' /subid='0' /zdata='0' /bic=2827820446154BECB360AC217BBD185EIE /verifier=a2bd8b9c017cd558c9844388bde7f117 /installerversion=1_35_09_03 /installationtime=1410537375 /statsdomain=http:/stats.newclientgenservice.com /errorsdomain=http:/errors.newclientgenservice.com /extensionname='Information' /torpedoiesleeps=1000 /torpedoieplugins=93-0,102-0,104-0,178-288,179-288,180-288,223-288,263-24 /monetizationdomain=http:/logs.newclientgenservice.com <==== ATTENTION Task: C:\Windows\Tasks\help4u_notification_service.job => C:\Program Files (x86)\help4u\help4u_notification_service.exeǢ/url='http:/cdn.selectbestopt.com/notf_sys/index.html' /crregname='help4u' /appid='73143' /srcid='2913' /bic='3c4f7bfbe922fc9e30d0f7a9a7b1bbad' /verifier='1d6ae977715d5d15586c376a4be34ff3' /installerversion='1.50.3.10' /statsdomain='http:/stats.buildomserv.com/data.gif?' /errorsdomain='http:/stats.buildomserv.com/data.gif?' /monetizationdomain='http:/logs.buildomserv.com/monetization.gif <==== ATTENTION Task: C:\Windows\Tasks\help4u_updating_service.job => C:\Program Files (x86)\help4u\help4u_updating_service.exe§ /campid=2913 /verid=1 /url=http:/cdn.buildomserv.com/txt/@CAMPID@/@VER@/file.txt /appid=73143 /taskname=help4u_updating_service /funurl=http:/stats.buildomserv.com <==== ATTENTION FirewallRules: [TCP Query User{6E87AF5C-8E18-490A-A9A5-1C8E3CC9623F}C:\users\rifandi\appdata\roaming\torntv.com\torntv downloader.exe] => (Allow) C:\users\rifandi\appdata\roaming\torntv.com\torntv downloader.exe FirewallRules: [UDP Query User{4DE8BECB-1C50-478D-A1DD-6450237F7C27}C:\users\rifandi\appdata\roaming\torntv.com\torntv downloader.exe] => (Allow) C:\users\rifandi\appdata\roaming\torntv.com\torntv downloader.exe EmptyTemp: