Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Tech support scam pop up constantly

Started by horseshoe , Sep 10 2015 07:12 PM

  • This topic is locked This topic is locked

#1
horseshoe
Posted 10 September 2015 - 07:12 PM

horseshoe

    Member

  • Member
  • PipPipPip
  • 110 posts

Hi,

 

My OS is win 7 and my browser is infected by i think is Adware. Pop up with different messages asking to call toll free numbers to fix the problem. I can't even surf the web whenever i start a new browser the pop up alert shows up and  i have to use task manager to end the  browser constantly. 

Any help is greatly appreciated.

 

 

All the best!

 

 

 


  • 0

Advertisements

#2
zep516
Posted 10 September 2015 - 08:01 PM

zep516

    Trusted Helper

  • Malware Removal
  • 8,093 posts
Hi! My name is zep516 and Welcome to Geekstogo!
I'll do the best I can to resolve your computer issue
Please make sure to carefully read any instruction that I give you. If you're not sure, or if something unexpected happens, don't continue Stop and ask! Never be afraid to ask questions! :)

Everything gets download to the desktop and tools are "Run as administrator."

Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
  • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will produce a log called FRST.txt in the same directory the tool is run from.
  • Please copy and paste log back here.
  • The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.

  • 0

#3
horseshoe
Posted 11 September 2015 - 02:24 PM

horseshoe

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 110 posts

Thank you so much for your respond!

 

Below are the scan results:

 

1) FRST 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:10-09-2015 01
Ran by John (administrator) on JOHN-PC (11-09-2015 16:20:27)
Running from C:\Users\John\Desktop
Loaded Profiles: John (Available Profiles: John)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 10 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
(Intel® Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
(Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe
(Lenovo (Beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\utility.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
() C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeySupport.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
(Google Inc.) C:\Users\John\AppData\Local\Google\Update\GoogleUpdate.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
() C:\Program Files (x86)\ishop\ishop\1.4.2.4\ishop.exe
(Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Lenovo MuteSync\MuteSync.exe
(CyberLink) C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe
(Lenovo) C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\BTStackServer.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\BluetoothHeadsetProxy.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MpCmdRun.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11775592 2011-01-26] (Realtek Semiconductor)
HKLM\...\Run: [IntelPAN] => C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1935120 2011-09-15] (Intel® Corporation)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2771240 2011-04-21] (Synaptics Incorporated)
HKLM\...\Run: [Lenovo EE Boot Optimizer] => C:\Program Files (x86)\Lenovo\Boot Optimizer\PopWnd.exe [114688 2012-03-05] (Lenovo)
HKLM\...\Run: [OnekeyStudio] => C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe [789920 2012-03-05] (Lenovo)
HKLM\...\Run: [Energy Management] => C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [9745312 2012-03-05] (Lenovo (Beijing) Limited)
HKLM\...\Run: [EnergyUtility] => C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe [5374880 2012-03-05] (Lenovo(beijing) Limited)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1281512 2013-01-27] (Microsoft Corporation)
HKLM-x32\...\Run: [MuteSync] => C:\Program Files (x86)\Lenovo\Lenovo MuteSync\MuteSync.exe [336384 2009-12-28] (Lenovo)
HKLM-x32\...\Run: [YouCam Mirage] => C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe [136488 2010-12-04] (CyberLink)
HKLM-x32\...\Run: [YouCam Tray] => C:\Program Files (x86)\Lenovo\YouCam\YouCam.exe [224352 2010-12-04] (CyberLink Corp.)
HKLM-x32\...\Run: [VeriFaceManager] => C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe [329056 2012-03-05] (Lenovo)
HKLM-x32\...\Run: [UpdateP2GShortCut] => C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [222504 2010-07-26] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdatePRCShortCut] => C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe [222504 2009-05-13] (CyberLink Corp.)
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-19\...\Run: [PPS Accelerator] => D:\PPS.tv\PPStream\\PPSKernel.exe
HKU\S-1-5-20\...\Run: [PPS Accelerator] => D:\PPS.tv\PPStream\\PPSKernel.exe
HKU\S-1-5-21-4069971480-3308628135-3138954169-1001\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [7930136 2015-09-10] (SUPERAntiSpyware)
HKU\S-1-5-21-4069971480-3308628135-3138954169-1001\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2012-03-05] (Google Inc.)
HKU\S-1-5-21-4069971480-3308628135-3138954169-1001\...\Run: [Google Update] => C:\Users\John\AppData\Local\Google\Update\GoogleUpdate.exe [144200 2015-08-30] (Google Inc.)
HKU\S-1-5-21-4069971480-3308628135-3138954169-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [22041192 2014-08-27] (Skype Technologies S.A.)
HKU\S-1-5-21-4069971480-3308628135-3138954169-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7063832 2014-11-21] (Piriform Ltd)
HKU\S-1-5-21-4069971480-3308628135-3138954169-1001\...\Run: [i-Shop] => C:\Program Files (x86)\ishop\ishop\1.4.2.4\ishop.exe [686080 2015-09-10] ()
HKU\S-1-5-18\...\Run: [PPS Accelerator] => D:\PPS.tv\PPStream\\PPSKernel.exe
ShellIconOverlayIdentifiers: [VeriFace Enc] -> {771C7324-DA80-49D3-8017-753B0AF60951} => C:\windows\system32\IcnOvrly.dll [2012-03-05] ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk [2012-03-05]
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Winsock: Catalog9-x64 01 C:\windows\system32\Sendori64.dll No File 
Winsock: Catalog9-x64 02 C:\windows\system32\Sendori64.dll No File 
Winsock: Catalog9-x64 03 C:\windows\system32\Sendori64.dll No File 
Winsock: Catalog9-x64 04 C:\windows\system32\Sendori64.dll No File 
Winsock: Catalog9-x64 16 C:\windows\system32\Sendori64.dll No File 
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{170F098F-E077-4ADC-AD0F-7E32FA8F39CA}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{97A1B9F0-F80C-4C79-926C-BA055F9F83CC}: [DhcpNameServer] 75.75.75.75 75.75.76.76
 
Internet Explorer:
==================
HKU\S-1-5-21-4069971480-3308628135-3138954169-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.yahoo.com/
HKU\S-1-5-21-4069971480-3308628135-3138954169-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=LENN&bmod=LENN
URLSearchHook: HKU\S-1-5-21-4069971480-3308628135-3138954169-1001 - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
URLSearchHook: HKU\S-1-5-21-4069971480-3308628135-3138954169-1001 - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=LENDF8&pc=MALN&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=LENDF8&pc=MALN&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-4069971480-3308628135-3138954169-1001 -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7LENN_enUS481
SearchScopes: HKU\S-1-5-21-4069971480-3308628135-3138954169-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-4069971480-3308628135-3138954169-1001 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7LENN_enUS481
SearchScopes: HKU\S-1-5-21-4069971480-3308628135-3138954169-1001 -> {7FFB2E2B-038B-492E-BA02-EF781EA7ECBD} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7LENN_enUS481
SearchScopes: HKU\S-1-5-21-4069971480-3308628135-3138954169-1001 -> {C0C25CA0-78AB-4FCE-AE7B-8C8512083A11} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7LENN_enUS481
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-07-17] (Google Inc.)
BHO: McAfee SiteAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2011-08-11] (McAfee, Inc.)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-07-17] (Google Inc.)
BHO-x32: McAfee SiteAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2011-08-11] (McAfee, Inc.)
BHO-x32: °®ÆæÒÕÖúÊÖ -> {FB4F6285-4C32-49F2-950F-A5998F9CEC6C} -> D:\IQIYI Video\LStyle\Accelerator\IEHelper.dll [2015-08-04] (爱奇艺)
Toolbar: HKLM - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2011-08-11] (McAfee, Inc.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-07-17] (Google Inc.)
Toolbar: HKLM-x32 - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2011-08-11] (McAfee, Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-07-17] (Google Inc.)
Toolbar: HKU\S-1-5-21-4069971480-3308628135-3138954169-1001 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-07-17] (Google Inc.)
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2011-08-11] (McAfee, Inc.)
Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2011-08-11] (McAfee, Inc.)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2011-08-11] (McAfee, Inc.)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2011-08-11] (McAfee, Inc.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
Filter-x32: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-11-27] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-11-27] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-11-27] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-11-27] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-11-27] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-11-27] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-11-27] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-11-27] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-11-27] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-11-27] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-11-27] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-11-27] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-11-27] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-11-27] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-11-27] (Citrix Systems, Inc.)
Filter-x32: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-11-27] (Citrix Systems, Inc.)
 
FireFox:
========
FF ProfilePath: C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\qcqqjwwq.default
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll [2013-05-13] ( Microsoft Corporation)
FF Plugin: @pps.tv/npWebPlayer -> D:\IQIYI Video\LStyle\npWebPlayer.dll [No File]
FF Plugin-x32: @Citrix.com/npican -> C:\Program Files (x86)\Citrix\ICA Client\npicaN.dll [2014-11-27] (Citrix Systems, Inc.)
FF Plugin-x32: @mcafee.com/SAFFPlugin -> C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll [2011-08-11] (McAfee, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll [2013-05-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-09-22] (Microsoft Corporation)
FF Plugin-x32: @pps.tv/npWebPlayer -> D:\IQIYI Video\LStyle\npWebPlayer.dll [No File]
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.13\npGoogleUpdate3.dll [2015-08-29] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.13\npGoogleUpdate3.dll [2015-08-29] (Google Inc.)
FF Plugin HKU\S-1-5-21-4069971480-3308628135-3138954169-1001: @pps.tv/npWebPlayer -> D:\IQIYI Video\LStyle\npWebPlayer.dll No File
FF Plugin HKU\S-1-5-21-4069971480-3308628135-3138954169-1001: @talk.google.com/GoogleTalkPlugin -> C:\Users\John\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-04-17] (Google)
FF Plugin HKU\S-1-5-21-4069971480-3308628135-3138954169-1001: @talk.google.com/O1DPlugin -> C:\Users\John\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-04-17] (Google)
FF Plugin HKU\S-1-5-21-4069971480-3308628135-3138954169-1001: @tools.google.com/Google Update;version=3 -> C:\Users\John\AppData\Local\Google\Update\1.3.28.13\npGoogleUpdate3.dll [2015-08-30] (Google Inc.)
FF Plugin HKU\S-1-5-21-4069971480-3308628135-3138954169-1001: @tools.google.com/Google Update;version=9 -> C:\Users\John\AppData\Local\Google\Update\1.3.28.13\npGoogleUpdate3.dll [2015-08-30] (Google Inc.)
FF Plugin HKU\S-1-5-21-4069971480-3308628135-3138954169-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\John\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2014-12-05] (Unity Technologies ApS)
FF Plugin ProgramFiles/Appdata: C:\Users\John\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2015-04-17] (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\John\AppData\Roaming\mozilla\plugins\npo1d.dll [2015-04-17] (Google)
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor
FF Extension: McAfee SiteAdvisor - C:\Program Files (x86)\McAfee\SiteAdvisor [2012-03-05]
 
Chrome: 
=======
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR Profile: C:\Users\John\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-09-10]
CHR Extension: (Google Drive) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-09-10]
CHR Extension: (YouTube) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-10]
CHR Extension: (Google Search) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-09-10]
CHR Extension: (SiteAdvisor) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2015-09-10]
CHR Extension: (Google Docs Offline) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-09-10]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-09-10]
CHR Extension: (Chrome Web Store Payments) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-09-10]
CHR Extension: (Gmail) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-09-10]
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2012-04-24]
CHR HKLM-x32\...\Chrome\Extension: [nllafhekklanfkimibokomlmidmcmaoi] - C:\Users\John\AppData\Local\Shopping Sidekick\Chrome\Shopping Sidekick.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [ogccgbmabaphcakpiclgcnmcnimhokcj] - C:\Windows\SysWOW64\jmdp\SweetNT.crx <not found>
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2015-09-10] (SUPERAntiSpyware.com)
R2 btwdins; C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe [953632 2010-12-14] (Broadcom Corporation.)
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe [89840 2015-03-28] (Hewlett-Packard Company)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-06-18] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22056 2013-01-27] (Microsoft Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2011-09-15] ()
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [379360 2013-01-27] (Microsoft Corporation)
S4 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S2 McAfee SiteAdvisor Service; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [X]
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\windows\system32\drivers\MBAMSwissArmy.sys [113880 2015-09-11] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\windows\system32\drivers\mwac.sys [63704 2015-06-18] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [230320 2013-01-20] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [130008 2013-01-20] (Microsoft Corporation)
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [27520 2007-05-14] (Research In Motion Limited)
R3 rtsuvc; C:\Windows\System32\DRIVERS\rtsuvc.sys [8200552 2010-09-27] (Realtek Semiconductor Corp.)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
U3 BcmSqlStartupSvc; no ImagePath
U2 CLKMSVC10_3A60B698; no ImagePath
U2 CLKMSVC10_C3B3B687; no ImagePath
U2 DriverService; no ImagePath
U2 IAStorDataMgrSvc; no ImagePath
U2 iATAgentService; no ImagePath
U2 idealife Update Service; no ImagePath
U3 IGRS; no ImagePath
U2 IviRegMgr; no ImagePath
U2 nvUpdatusService; no ImagePath
U2 Oasis2Service; no ImagePath
U2 PCCarerService; no ImagePath
U2 ReadyComm.DirectRouter; no ImagePath
U2 RichVideo; no ImagePath
U2 RtLedService; no ImagePath
U2 SeaPort; no ImagePath
U2 SoftwareService; no ImagePath
U3 SQLWriter; no ImagePath
U2 Stereo Service; no ImagePath
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-09-11 16:20 - 2015-09-11 16:20 - 00025854 _____ C:\Users\John\Desktop\FRST.txt
2015-09-11 16:20 - 2015-09-11 16:20 - 00000000 ____D C:\FRST
2015-09-11 16:19 - 2015-09-11 16:19 - 02190848 _____ (Farbar) C:\Users\John\Desktop\FRST64.exe
2015-09-10 22:34 - 2015-09-10 22:34 - 00000336 _____ C:\windows\Tasks\i-Shop Updater.job
2015-09-10 22:27 - 2015-09-10 22:27 - 00002259 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-09-10 22:27 - 2015-09-10 22:27 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-09-10 22:21 - 2015-09-10 22:21 - 00000000 ____D C:\Users\John\AppData\Local\Deployment
2015-09-10 22:21 - 2015-09-10 22:21 - 00000000 ____D C:\Users\John\AppData\Local\Apps\2.0
2015-09-10 21:39 - 2015-09-11 16:05 - 00113880 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2015-09-10 21:39 - 2015-09-10 21:39 - 00001106 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-09-10 21:39 - 2015-09-10 21:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-09-10 21:39 - 2015-09-10 21:39 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-09-10 21:39 - 2015-09-10 21:39 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-09-10 21:39 - 2015-06-18 08:41 - 00109272 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2015-09-10 21:39 - 2015-06-18 08:41 - 00063704 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys
2015-09-10 21:39 - 2015-06-18 08:41 - 00025816 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys
2015-09-10 21:34 - 2015-09-10 21:39 - 24345872 _____ (Malwarebytes Corporation ) C:\Users\John\Downloads\mbam-setup-2.1.8.1057.exe
2015-09-10 20:19 - 2015-09-10 20:19 - 00003542 _____ C:\windows\System32\Tasks\i-Shop Updater
2015-09-10 20:19 - 2015-09-10 20:19 - 00000000 ____D C:\Program Files (x86)\ishop
2015-09-10 20:17 - 2015-09-10 20:28 - 00000000 ____D C:\Users\John\AppData\Local\Mozilla
2015-09-10 20:14 - 2015-09-10 20:14 - 00242752 _____ C:\Users\John\Downloads\Firefox Setup Stub 40.0.3.exe
2015-09-10 19:39 - 2015-09-10 19:39 - 00000000 ____D C:\SUPERDelete
2015-09-10 19:24 - 2015-09-11 16:04 - 00001258 _____ C:\windows\setupact.log
2015-09-10 19:24 - 2015-09-10 19:24 - 00000000 _____ C:\windows\setuperr.log
2015-09-10 18:34 - 2015-09-10 18:34 - 00001363 _____ C:\windows\WindowsUpdate.log
2015-09-03 19:09 - 2015-09-04 17:32 - 00000000 ____D C:\Users\John\AppData\Local\Windows Live
2015-08-29 08:25 - 2015-09-11 02:46 - 00219986 _____ C:\windows\PFRO.log
2015-08-19 22:19 - 2015-08-19 22:19 - 00000000 _____ C:\windows\SysWOW64\sho15A3.tmp
2015-08-14 21:50 - 2015-08-14 21:50 - 01546880 _____ C:\Users\John\Downloads\PCKeeper Installer.exe
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-09-11 16:15 - 2012-10-28 19:41 - 00000000 ____D C:\Users\John\AppData\Roaming\Skype
2015-09-11 16:12 - 2009-07-14 00:45 - 00021280 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-09-11 16:12 - 2009-07-14 00:45 - 00021280 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-09-11 16:10 - 2009-07-14 01:13 - 00780196 _____ C:\windows\system32\PerfStringBackup.INI
2015-09-11 16:05 - 2012-03-05 10:49 - 07682781 _____ C:\FaceProv.log
2015-09-11 16:05 - 2012-03-05 10:49 - 00000000 ____D C:\ProgramData\VeriFace
2015-09-11 16:05 - 2012-03-05 10:43 - 00431316 _____ C:\windows\system32\fastboot.set
2015-09-11 16:04 - 2009-07-14 01:08 - 00032640 _____ C:\windows\Tasks\SCHEDLGU.TXT
2015-09-11 16:04 - 2009-07-14 01:08 - 00000006 ____H C:\windows\Tasks\SA.DAT
2015-09-11 03:26 - 2012-04-24 20:48 - 00000000 ____D C:\Users\John\AppData\Local\Google
2015-09-11 03:19 - 2012-08-26 17:30 - 00000104 _____ C:\ProgramData\SWAPPINFO.ini
2015-09-10 22:27 - 2012-03-05 10:56 - 00000000 ____D C:\Program Files (x86)\Google
2015-09-10 22:23 - 2012-10-28 19:22 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-09-10 22:08 - 2013-10-31 22:17 - 00000000 ____D C:\Users\John\AppData\Local\NativeMessaging
2015-09-10 22:08 - 2012-10-28 19:22 - 00000000 ____D C:\windows\SysWOW64\WNLT
2015-09-10 21:50 - 2013-01-30 07:13 - 00000000 ____D C:\windows\SysWOW64\ARFC
2015-09-10 21:32 - 2014-01-28 20:20 - 00000904 _____ C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4069971480-3308628135-3138954169-1001UA.job
2015-09-10 21:26 - 2012-03-05 10:56 - 00000898 _____ C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-09-10 20:17 - 2012-10-28 19:23 - 00000000 ____D C:\Users\John\AppData\Roaming\mozilla
2015-09-10 20:08 - 2015-03-19 18:58 - 00000000 ____D C:\qycache
2015-09-10 20:08 - 2012-03-05 10:56 - 00000894 _____ C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-09-10 19:54 - 2013-11-16 16:51 - 00000000 ____D C:\Users\John\AppData\Local\WhiteListing
2015-09-10 19:44 - 2014-07-17 14:02 - 00000000 ____D C:\Users\John\AppData\Roaming\PPSGame
2015-09-10 19:44 - 2013-07-14 19:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PPStream
2015-09-10 19:41 - 2012-04-24 20:39 - 00001122 _____ C:\Users\John\Desktop\Cyberlink Power2Go.lnk
2015-09-10 19:29 - 2012-08-22 19:03 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2015-09-09 22:32 - 2014-01-28 20:20 - 00000852 _____ C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4069971480-3308628135-3138954169-1001Core.job
2015-09-08 21:58 - 2012-10-03 15:31 - 00000000 ____D C:\Users\John\Documents\Youcam
2015-09-06 07:17 - 2014-07-13 09:41 - 00000000 ____D C:\Users\John\AppData\Roaming\SoftGrid Client
2015-08-30 22:27 - 2014-01-28 20:20 - 00003876 _____ C:\windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-4069971480-3308628135-3138954169-1001UA
2015-08-30 22:27 - 2014-01-28 20:20 - 00003480 _____ C:\windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-4069971480-3308628135-3138954169-1001Core
2015-08-29 22:21 - 2012-03-05 10:56 - 00003894 _____ C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-08-29 22:21 - 2012-03-05 10:56 - 00003642 _____ C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-08-28 01:42 - 2015-03-17 22:34 - 00001266 _____ C:\Users\John\Desktop\全网影视.lnk
2015-08-28 01:42 - 2014-08-19 20:38 - 00001690 _____ C:\Users\John\Desktop\爱奇艺PPS 影音.lnk
2015-08-28 01:40 - 2014-10-17 15:16 - 00000000 ____D C:\Users\John\AppData\Roaming\ppslog
 
==================== Files in the root of some directories =======
 
2013-07-14 19:09 - 2013-07-14 19:09 - 0000037 _____ () C:\Users\John\AppData\Roaming\psnetwork.ini
2013-10-16 05:01 - 2013-10-16 05:01 - 0001567 _____ () C:\Users\John\AppData\Local\PDLSetup.20131016.050141.txt
2013-10-16 05:06 - 2013-10-16 05:06 - 0001567 _____ () C:\Users\John\AppData\Local\PDLSetup.20131016.050636.txt
2014-02-18 21:52 - 2014-02-18 21:52 - 0001541 _____ () C:\Users\John\AppData\Local\PDLSetup.20140218.205241.txt
2014-04-12 20:19 - 2014-04-14 16:44 - 0000298 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
2012-08-26 17:30 - 2015-09-11 03:19 - 0000104 _____ () C:\ProgramData\SWAPPINFO.ini
 
Some files in TEMP:
====================
C:\Users\John\AppData\Local\Temp\p158_B173.exe
C:\Users\John\AppData\Local\Temp\QYAgent_runxx.dl.dll
C:\Users\John\AppData\Local\Temp\_B173.exe
 
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\windows\system32\winlogon.exe => File is digitally signed
C:\windows\system32\wininit.exe => File is digitally signed
C:\windows\SysWOW64\wininit.exe => File is digitally signed
C:\windows\explorer.exe => File is digitally signed
C:\windows\SysWOW64\explorer.exe => File is digitally signed
C:\windows\system32\svchost.exe => File is digitally signed
C:\windows\SysWOW64\svchost.exe => File is digitally signed
C:\windows\system32\services.exe => File is digitally signed
C:\windows\system32\User32.dll => File is digitally signed
C:\windows\SysWOW64\User32.dll => File is digitally signed
C:\windows\system32\userinit.exe => File is digitally signed
C:\windows\SysWOW64\userinit.exe => File is digitally signed
C:\windows\system32\rpcss.dll => File is digitally signed
C:\windows\system32\dnsapi.dll => File is digitally signed
C:\windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-09-06 13:54
 
==================== End of FRST.txt ============================
 
 
1) Addition
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version:10-09-2015 01
Ran by John (2015-09-11 16:20:51)
Running from C:\Users\John\Desktop
Windows 7 Home Premium Service Pack 1 (X64) (2012-04-25 00:39:17)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-4069971480-3308628135-3138954169-500 - Administrator - Disabled)
Guest (S-1-5-21-4069971480-3308628135-3138954169-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-4069971480-3308628135-3138954169-1002 - Limited - Enabled)
John (S-1-5-21-4069971480-3308628135-3138954169-1001 - Administrator - Enabled) => C:\Users\John
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Microsoft Security Essentials (Enabled - Up to date) {3F839487-C7A2-C958-E30C-E2825BA31FB5}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Microsoft Security Essentials (Enabled - Up to date) {84E27563-E198-C6D6-D9BC-D9F020245508}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
CCleaner (HKLM\...\CCleaner) (Version: 5.00 - Piriform)
Citrix Desktop (HKU\S-1-5-21-4069971480-3308628135-3138954169-1001\...\store-5c0ec3f7@@Citrix.MPS.Desktop.Farm 1.XD FTL Dedicated:Citrix Desktop $P5254) (Version: 1.0 - Delivered by Citrix)
Citrix Receiver (HKLM-x32\...\CitrixOnlinePluginPackWeb) (Version: 14.2.0.10 - Citrix Systems, Inc.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Energy Management (HKLM-x32\...\InstallShield_{D0956C11-0F60-43FE-99AD-524E833471BB}) (Version: 6.0.1.6 - Lenovo)
Energy Management (x32 Version: 6.0.1.6 - Lenovo) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 45.0.2454.85 - Google Inc.)
Google Talk Plugin (HKLM-x32\...\{CA3DD97D-1FD7-37A7-BD5C-FC4430C8B8E6}) (Version: 5.41.2.0 - Google)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.6710.2136 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.28.13 - Google Inc.) Hidden
HP Support Solutions Framework (HKLM-x32\...\{FC3C2B77-6800-48C6-A15D-9D1031130C16}) (Version: 11.51.0049 - Hewlett-Packard Company)
Intel PROSet Wireless (x32 Version:  - ) Hidden
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1118 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2538 - Intel Corporation)
Intel® PROSet/Wireless WiFi Software (HKLM\...\{295AEB79-B53A-4F1B-860F-7800BB7E3681}) (Version: 14.2.1000 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.1.5.1001 - Intel Corporation)
Intel® Wireless Display (HKLM\...\{28EF7372-9087-4AC3-9B9F-D9751FCDF830}) (Version:  - )
Intel® Wireless Display (HKLM-x32\...\{F84906ED-BB54-4889-B131-FED9C9056FC8}) (Version: 2.0.27.0 - Intel Corporation)
i-Shop (HKU\S-1-5-21-4069971480-3308628135-3138954169-1001\...\ishop) (Version:  - ishop)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Lenovo Bluetooth with Enhanced Data Rate Software (HKLM\...\{436E0B79-2CFB-4E5F-9380-E17C1B25D0C5}) (Version: 6.3.0.7400 - Broadcom Corporation)
Lenovo EasyCamera (HKLM-x32\...\{E0A7ED39-8CD6-4351-93C3-69CCA00D12B4}) (Version: 6.1.7600.0083 - Realtek Semiconductor Corp.)
Lenovo EE Boot Optimizer (HKLM\...\Lenovo EE Boot Optimizer) (Version: 0.0.1.5 - Lenovo)
Lenovo Games Console (HKLM-x32\...\Lenovo Games Console) (Version: 1.2.6.436 - Oberon Media Inc.)
Lenovo MuteSync (HKLM-x32\...\InstallShield_{C39EF9B4-0C4F-4D48-8665-8FD45BFF3961}) (Version: 1.0.0.3 - Lenovo)
Lenovo MuteSync (x32 Version: 1.0.0.3 - Lenovo) Hidden
Lenovo OneKey Recovery (HKLM-x32\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 7.0.1628 - CyberLink Corp.)
Lenovo OneKey Recovery (Version: 7.0.1628 - CyberLink Corp.) Hidden
Lenovo YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.1.3603 - CyberLink Corp.)
Lenovo YouCam (x32 Version: 3.1.3603 - CyberLink Corp.) Hidden
Malwarebytes Anti-Malware version 2.1.8.1057 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (HKLM-x32\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Starter 2010 - English (HKLM-x32\...\{90140011-0066-0409-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.2.223.1 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.20513.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Onekey Theater (HKLM-x32\...\InstallShield_{D4B060B9-AD4A-4152-9D99-28B93C615AFE}) (Version: 2.0.2.8 - Lenovo)
Onekey Theater (x32 Version: 2.0.2.8 - Lenovo) Hidden
Online Plug-in (x32 Version: 14.2.0.10 - Citrix Systems, Inc.) Hidden
ooVoo (HKLM-x32\...\{FAA7F8FF-3C05-4A61-8F14-D8A6E9ED6623}) (Version: 2.2.4.25 - ooVoo LLC.)
Power2Go (HKLM-x32\...\{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 5.6.0.7303 - CyberLink Corp.)
Qlik Sense DemoApps (Version: 1.0.1.0 - QlikTech International AB) Hidden
Qlik Sense Desktop (HKU\S-1-5-21-4069971480-3308628135-3138954169-1001\...\{209cb214-bf13-4fbe-ba78-3cb7ae829cc4}) (Version: 1.0.1.0 - QlikTech International AB)
Qlik Sense Desktop (Version: 1.0.1.0 - QlikTech International AB) Hidden
Realtek Ethernet Controller Driver For Windows 7 (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.23.623.2010 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6301 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Reader Driver (HKLM-x32\...\{62BBB2F0-E220-4821-A564-730807D2C34D}) (Version: 6.1.7601.39015 - Realtek Semiconductor Corp.)
Self-service Plug-in (x32 Version: 4.2.0.2495 - Citrix Systems, Inc.) Hidden
Sendori (HKLM-x32\...\Sendori) (Version: 2.0.19 - Sendori, Inc.) <==== ATTENTION
Shopping Sidekick (HKLM-x32\...\Shopping Sidekick) (Version: 1.24.151.151 - 215 Apps)
Skype™ 6.20 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.20.104 - Skype Technologies S.A.)
SRS Premium Sound Control Panel (HKLM\...\{F3C66EC8-2F33-452D-9CFF-E8C886B3ECC4}) (Version: 1.11.0000 - SRS Labs, Inc.)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 5.5.1012 - SUPERAntiSpyware.com)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.3.2.0 - Synaptics Incorporated)
TurboTax 2013 (HKLM-x32\...\TurboTax 2013) (Version: 2013.0 - Intuit, Inc)
Unity Web Player (HKU\S-1-5-21-4069971480-3308628135-3138954169-1001\...\UnityWebPlayer) (Version: 4.6.1f1 - Unity Technologies ApS)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
UserGuide (HKLM-x32\...\InstallShield_{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}) (Version: 1.0.0.6 - Lenovo)
UserGuide (x32 Version: 1.0.0.6 - Lenovo) Hidden
VeriFace (HKLM-x32\...\VeriFace) (Version: 4.0.1.0126 - Lenovo)
Windows Driver Package - Lenovo (ACPIVPC) System  (12/02/2010 6.1.0.1) (HKLM\...\EA12B1FB53CE4E387C31A85236C41EF559B5E392) (Version: 12/02/2010 6.1.0.1 - Lenovo)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3502.0922 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
小蒙恬 (HKLM-x32\...\{F7D53B02-2C51-4CF5-9A51-F7A6D658EA5A}) (Version: 7.2 - 蒙恬科技)
爱奇艺万能播放器 (HKLM-x32\...\GeePlayer) (Version: 1.5.12.1411 - 爱奇艺)
爱奇艺影音 (HKLM-x32\...\IQIYI Video) (Version:  - 爱奇艺)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-4069971480-3308628135-3138954169-1001_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\John\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-4069971480-3308628135-3138954169-1001_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\John\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-4069971480-3308628135-3138954169-1001_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\John\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-4069971480-3308628135-3138954169-1001_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Users\John\AppData\Local\Google\Update\1.3.28.1\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-4069971480-3308628135-3138954169-1001_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}\InprocServer32 -> C:\Users\John\AppData\Local\Google\Update\1.3.28.13\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-4069971480-3308628135-3138954169-1001_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\John\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-4069971480-3308628135-3138954169-1001_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\John\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-4069971480-3308628135-3138954169-1001_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\John\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-4069971480-3308628135-3138954169-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\John\AppData\Local\Google\Update\1.3.28.13\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-4069971480-3308628135-3138954169-1001_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\John\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File
 
==================== Restore Points =========================
 
01-08-2015 09:35:51 Scheduled Checkpoint
10-08-2015 13:17:35 Scheduled Checkpoint
30-08-2015 11:53:50 Scheduled Checkpoint
06-09-2015 14:01:23 Scheduled Checkpoint
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 22:34 - 2009-06-10 17:00 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {162911A7-2ADD-44A8-A581-E84D09871AA9} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-4069971480-3308628135-3138954169-1001UA => C:\Users\John\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
Task: {1BD69E0A-8BD6-4A72-89B7-C566531BE531} - \Cawlez -> No File <==== ATTENTION
Task: {1D873FBC-402C-4C23-BDEE-41A94CBEC2D9} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {2846A99B-BB37-4F9A-9A94-17F068860B1F} - System32\Tasks\i-Shop Updater => Wscript.exe //B "C:\Program Files (x86)\ishop\ishop\1.4.2.4\..\updt.js"
Task: {544556CB-F1AE-47A7-803B-617321294FA3} - System32\Tasks\MirageAgent => C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe [2010-12-04] (CyberLink)
Task: {5975204B-5414-401F-81A4-D7C5C462B4DC} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {89ED4089-35F6-4021-A3F2-71DD3E72D8A9} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-11-21] (Piriform Ltd)
Task: {A837A95E-C7B5-44F9-9708-2D3D444FDB97} - System32\Tasks\{4A695FDE-7813-44B5-B286-369FF0F9071B} => pcalua.exe -a F:\SETUP.EXE -d F:\
Task: {D395164F-864C-42FD-B2AB-43279A9DC7FC} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-4069971480-3308628135-3138954169-1001Core => C:\Users\John\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
Task: {E6DF26AC-5426-4EE1-B027-136EEF38AE6E} - System32\Tasks\PPSProtect => D:\PPS.tv\PPStream\PPSProtect.exe
Task: {F7F23992-853B-4C8B-9F1B-C3F08DF8A264} - System32\Tasks\MobProtect => D:\IQIYI Video\LStyle\MobProtect.exe
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4069971480-3308628135-3138954169-1001Core.job => C:\Users\John\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4069971480-3308628135-3138954169-1001UA.job => C:\Users\John\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\i-Shop Updater.job => Wscript.exe </B C:\Program Files (x86)\ishop\ishop\1.4.2.4\..\updt.js
 
==================== Loaded Modules (Whitelisted) ==============
 
2011-09-15 13:46 - 2011-09-15 13:46 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\Libeay32.dll
2011-02-16 13:56 - 2011-02-16 13:56 - 00202144 _____ () C:\Program Files (x86)\Lenovo\Onekey Theater\ActiveDetect64.dll
2011-02-16 14:01 - 2011-02-16 14:01 - 00156576 _____ () C:\Program Files (x86)\Lenovo\Onekey Theater\WindowsApiHookDll64.dll
2012-03-05 10:49 - 2012-03-05 10:49 - 01508192 _____ () C:\windows\system32\IcnOvrly.dll
2010-12-14 14:05 - 2010-12-14 14:05 - 00173856 _____ () C:\Program Files\Lenovo\Bluetooth Software\btkeyind.dll
2012-03-05 10:49 - 2012-03-05 10:49 - 00628064 _____ () C:\windows\system32\SimpleExt.dll
2011-11-03 01:32 - 2011-09-25 12:36 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2011-09-15 13:46 - 2011-09-15 13:46 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\LIBEAY32.dll
2008-12-19 23:20 - 2012-03-05 11:00 - 00054088 _____ () C:\Program Files (x86)\Lenovo\Energy Management\HookLib.dll
2008-12-19 23:20 - 2012-03-05 11:00 - 00054088 _____ () C:\Program Files (x86)\Lenovo\Energy Management\kbdhook.dll
2012-03-05 10:47 - 2012-03-05 10:47 - 00100256 _____ () C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeySupport.exe
2015-09-10 20:19 - 2015-09-10 20:19 - 00686080 _____ () C:\Program Files (x86)\ishop\ishop\1.4.2.4\ishop.exe
2011-02-16 13:51 - 2011-02-16 13:51 - 00161696 _____ () C:\Program Files (x86)\Lenovo\Onekey Theater\ActiveDetect32.dll
2011-02-16 13:53 - 2011-02-16 13:53 - 00133024 _____ () C:\Program Files (x86)\Lenovo\Onekey Theater\WindowsApiHookDll32.dll
2012-03-05 10:49 - 2012-03-05 10:49 - 00013664 _____ () C:\Program Files (x86)\Lenovo\VeriFace\ChooseLang.dll
2015-09-10 22:27 - 2015-08-27 20:17 - 01501512 _____ () C:\Program Files (x86)\Google\Chrome\Application\45.0.2454.85\libglesv2.dll
2015-09-10 22:27 - 2015-08-27 20:17 - 00081224 _____ () C:\Program Files (x86)\Google\Chrome\Application\45.0.2454.85\libegl.dll
2015-09-10 22:27 - 2015-08-27 20:17 - 16393032 _____ () C:\Program Files (x86)\Google\Chrome\Application\45.0.2454.85\PepperFlash\pepflashplayer.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\sndappv2 => ""="service"
 
==================== EXE Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-4069971480-3308628135-3138954169-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\John\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 75.75.75.75 - 75.75.76.76
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\startupfolder: C:^Users^John^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Citrix Receiver.lnk => C:\windows\pss\Citrix Receiver.lnk.Startup
MSCONFIG\startupfolder: C:^Users^John^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^爱奇艺PPS影音.lnk => C:\windows\pss\爱奇艺PPS影音.lnk.Startup
MSCONFIG\startupreg: CitrixReceiver => "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Citrix\Receiver Updater.lnk"
MSCONFIG\startupreg: ConnectionCenter => "C:\Program Files (x86)\Citrix\ICA Client\concentr.exe" /startup
MSCONFIG\startupreg: HCDNClient => "D:\IQIYI Video\Common\HCDNClient.exe" -shell_start
MSCONFIG\startupreg: PPSDynamicDesktop => D:\PPS.tv\PPSGame\PPSDynamicDesktop.exe
MSCONFIG\startupreg: QyKernel => D:\IQIYI Video\Common\QyKernel.exe
MSCONFIG\startupreg: Redirector => "C:\Program Files (x86)\Citrix\ICA Client\redirector.exe" /startup
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{2EC7D9F6-F820-48CD-B39E-A7FBC50BC4D0}] => (Allow) C:\Program Files (x86)\Intel Corporation\Intel Wireless Display\WiDiApp.exe
FirewallRules: [{2D07C1ED-B2C6-4657-B081-A3F17033D925}] => (Allow) C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe
FirewallRules: [{D5C94779-D7F8-4CD9-AEE5-C32224C64DA3}] => (Allow) C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe
FirewallRules: [{CBA3FB37-E4DA-4D94-A052-444D8F9C2CE9}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{B5817979-361A-4745-8454-770107BC2106}] => (Allow) LPort=2869
FirewallRules: [{B433CD7E-2515-4EB8-A48E-F996ECD89A86}] => (Allow) LPort=1900
FirewallRules: [{7D6269D5-ADAD-4E31-B23A-E64F4C3100F0}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{7A9D8E52-516D-4A4A-9268-F277C793EC91}] => (Allow) C:\Program Files (x86)\Windows Live\Mesh\MOE.exe
FirewallRules: [TCP Query User{078772BC-6C80-49C7-952C-445F023BB0A6}C:\program files (x86)\oovoo\oovoo.exe] => (Allow) C:\program files (x86)\oovoo\oovoo.exe
FirewallRules: [UDP Query User{DDD00466-1FFE-4082-B3D4-4EE2D4D0FFBA}C:\program files (x86)\oovoo\oovoo.exe] => (Allow) C:\program files (x86)\oovoo\oovoo.exe
FirewallRules: [TCP Query User{790E5BA2-8A75-459B-B554-C616E6EEC58A}C:\program files (x86)\oovoo\oovoo.exe] => (Block) C:\program files (x86)\oovoo\oovoo.exe
FirewallRules: [UDP Query User{EF3073BD-AEBB-4823-9C04-EB2AD0EC0956}C:\program files (x86)\oovoo\oovoo.exe] => (Block) C:\program files (x86)\oovoo\oovoo.exe
FirewallRules: [{6502A973-BCCC-49DE-91AE-EF9939522800}] => (Allow) C:\Windows\System32\dmwu.exe
FirewallRules: [{EDEB2CF8-8244-4777-86E3-3E0EAE51ECBB}] => (Allow) C:\Windows\System32\dmwu.exe
FirewallRules: [{D28AE547-9DB0-4FB2-8D02-3919BF4DE8DF}] => (Allow) C:\Windows\System32\ARFC\wrtc.exe
FirewallRules: [{32D917C7-E24B-4CD0-90CC-F0EA2A992576}] => (Allow) C:\Windows\System32\ARFC\wrtc.exe
FirewallRules: [{19530CCE-5E04-455F-AE81-053A0665588E}] => (Allow) C:\Windows\System32\dmwu.exe
FirewallRules: [{6A56AB65-B8E4-4F21-BFC9-5BBC0F146333}] => (Allow) C:\Windows\System32\dmwu.exe
FirewallRules: [{48DAE4AA-03B7-494A-A6DB-445218C577E2}] => (Allow) C:\Windows\System32\ARFC\wrtc.exe
FirewallRules: [{9F397930-B848-43A0-8FAF-34AA08900838}] => (Allow) C:\Windows\System32\ARFC\wrtc.exe
FirewallRules: [{EEC34A5F-768A-441C-BE36-0611C54010CF}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{D084E6F8-E980-4FAA-8B83-B29A3B375874}] => (Allow) C:\Windows\SysWOW64\ARFC\wrtc.exe
FirewallRules: [{4DF505A5-57D5-4A4F-A681-3C346FFF4327}] => (Allow) C:\Windows\SysWOW64\ARFC\wrtc.exe
FirewallRules: [{037BA245-0CF0-4229-AAF6-642C8D1F309F}] => (Allow) C:\Windows\SysWOW64\ARFC\wrtc.exe
FirewallRules: [{1C1A5DB8-72CC-422E-9552-EF94E9719722}] => (Allow) C:\Windows\SysWOW64\ARFC\wrtc.exe
FirewallRules: [{35646F43-CD2B-4BC8-AE21-860443302BA4}] => (Allow) D:\PPS.tv\PPStream\PPStream.exe
FirewallRules: [{95BDDAF8-412A-4B27-B5EB-83251DDE789E}] => (Allow) D:\PPS.tv\PPStream\PPSKernel.exe
FirewallRules: [{03DFA0DF-E5B1-44F6-8D82-898FFDD92966}] => (Allow) D:\PPS.tv\PPStream\PPSProtect.exe
FirewallRules: [{B53B6376-D30E-4D34-A92A-DF70F93B94DF}] => (Allow) D:\PPS.tv\PPSGame\PPSGame.exe
FirewallRules: [{CCD25C93-E555-40CD-B527-92C1B201775D}] => (Allow) D:\PPS.tv\PPSGame\PPSWebClientGame.exe
FirewallRules: [{AFFFBBD7-601C-47D5-AA10-40D2D706ABA7}] => (Allow) D:\PPS.tv\PPSGame\updatermini.exe
FirewallRules: [TCP Query User{13DBBAF6-C38A-48FC-A2B7-9E35DF1B3412}D:\pps.tv\ppstream\ppskernel.exe] => (Allow) D:\pps.tv\ppstream\ppskernel.exe
FirewallRules: [UDP Query User{CACD0407-4234-4AB4-8EDF-F84FB2BEDB4A}D:\pps.tv\ppstream\ppskernel.exe] => (Allow) D:\pps.tv\ppstream\ppskernel.exe
FirewallRules: [TCP Query User{7ED125F4-6CC8-4C49-A525-80FA3B9B5ADD}D:\pps.tv\ppstream\ppsprotect.exe] => (Block) D:\pps.tv\ppstream\ppsprotect.exe
FirewallRules: [UDP Query User{A155A042-6785-4BDA-9208-29D4E920F92F}D:\pps.tv\ppstream\ppsprotect.exe] => (Block) D:\pps.tv\ppstream\ppsprotect.exe
FirewallRules: [{52ADFB30-107F-4783-A525-0242E7B20E53}] => (Allow) C:\Users\John\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
FirewallRules: [{3E83078F-9D76-40A1-9035-FF60E7D04010}] => (Allow) C:\Users\John\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
FirewallRules: [{319A2879-4D00-4C27-8C84-38F78BAA3589}] => (Allow) D:\PPS.tv\PPSGame\PPSGame.exe
FirewallRules: [{A2FFD172-8F19-4B3C-AB40-972D0B2E34BC}] => (Allow) D:\PPS.tv\PPSGame\PPSWebClientGame.exe
FirewallRules: [{0DB98260-5AF3-4D95-BCFF-0A2A5C212AE6}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdater.exe
FirewallRules: [{1CF48AC2-5351-4C38-9E73-10A3F171CEA4}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{916189F3-596D-4510-B93B-60E86F334D0D}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{0E2B0D2B-7FD4-4AF0-8E0A-507F4CF44494}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{76055F4F-E564-4E66-8BC1-7EC8EA4BCDC5}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{EC3DE66A-1140-4143-AAC6-1997EF07A5A8}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{A9E341B6-4A7D-4B63-8A24-9E975E5DC753}] => (Allow) C:\Users\John\AppData\Roaming\PPStream\ppsupdate.exe
FirewallRules: [{F188961D-25F5-47D5-948E-95D235E7B5F0}] => (Allow) D:\PPS.tv\PPStream\\PPStream.exe
FirewallRules: [{8394A33C-13A4-49E8-AB22-50FD6B97EC94}] => (Allow) D:\PPS.tv\PPStream\\PPSKernel.exe
FirewallRules: [{56A49E2A-31F4-4F73-8882-A93E59521982}] => (Allow) C:\Users\John\AppData\Roaming\PPStream\QyUpdate.exe
FirewallRules: [{226D3927-8087-4FCC-830E-055F0F8E744E}] => (Allow) D:\IQIYI Video\LStyle\QyClient.exe
FirewallRules: [{B4354BE2-29CA-4B87-B299-BC37745A42B1}] => (Allow) D:\IQIYI Video\LStyle\QyKernel.exe
FirewallRules: [{EA280826-B48A-479B-85EF-DD0E28B16EE3}] => (Allow) D:\IQIYI Video\LStyle\MobProtect.exe
FirewallRules: [{E2934432-54A2-4D74-9CED-5CE9F28005B6}] => (Allow) C:\Users\John\AppData\Roaming\PPStream\QyUpdate.exe
FirewallRules: [{503C0B9E-F307-470E-AC3F-E68F5B8E9B5F}] => (Allow) D:\IQIYI Video\LStyle\QyClient.exe
FirewallRules: [{DE6F54C7-528C-4C66-A81B-D0B4C8E718AB}] => (Allow) D:\IQIYI Video\LStyle\QyKernel.exe
FirewallRules: [{CC2612CC-D0B9-43DD-ABC9-3F424513F5AF}] => (Allow) C:\Users\John\AppData\Roaming\PPStream\QyUpdate.exe
FirewallRules: [{74F057E4-FE36-45C6-8F36-87A2E2B7A9AC}] => (Allow) D:\IQIYI Video\LStyle\QyClient.exe
FirewallRules: [{3E9C252A-B8D6-42A8-BEAA-E24E8D4CF99A}] => (Allow) D:\IQIYI Video\LStyle\QyKernel.exe
FirewallRules: [{61835DB6-1271-491E-9D8D-080597CC1EFF}] => (Allow) D:\IQIYI Video\LStyle\MobProtect.exe
FirewallRules: [{7DEF0954-41D0-43BF-8F0E-F4CE3E2BA4B0}] => (Allow) C:\Users\John\AppData\Roaming\PPStream\QyUpdate.exe
FirewallRules: [{38D4EB5D-55BC-4EA2-94A7-FBB3F7A0D6B3}] => (Allow) D:\IQIYI Video\LStyle\QyClient.exe
FirewallRules: [{2A2A9251-4F82-4732-ADBD-39EE252F542C}] => (Allow) D:\IQIYI Video\LStyle\QyKernel.exe
FirewallRules: [{0DAE1329-099C-4760-9DBD-6613BE73729C}] => (Allow) D:\IQIYI Video\LStyle\MobProtect.exe
FirewallRules: [{DAD14BE1-3CA2-4CAE-97CD-0F76F2708886}] => (Allow) C:\Users\John\AppData\Roaming\PPStream\QyUpdate.exe
FirewallRules: [{4936B0C3-A9A3-4B56-ACF0-6EC16F2CF92B}] => (Allow) D:\IQIYI Video\LStyle\QyClient.exe
FirewallRules: [{CAF52348-65DF-4EA2-9B2C-7DE6C428B44D}] => (Allow) D:\IQIYI Video\LStyle\QyKernel.exe
FirewallRules: [{035041DD-4864-4A6A-8DB1-E77B4BE0C6F7}] => (Allow) D:\IQIYI Video\LStyle\MobProtect.exe
FirewallRules: [{603A148C-FD5B-4789-A1BD-01F060FDC8AE}] => (Allow) C:\Users\John\AppData\Roaming\PPStream\QyUpdate.exe
FirewallRules: [{D1E93425-3B60-4191-AA71-4772FA1C1B8B}] => (Allow) D:\IQIYI Video\LStyle\QyClient.exe
FirewallRules: [{237252EB-B9D8-4F86-86B5-2F077623BC91}] => (Allow) D:\IQIYI Video\LStyle\QyKernel.exe
FirewallRules: [{834FAC20-BA91-4493-B173-064098CB5E66}] => (Allow) D:\IQIYI Video\LStyle\MobProtect.exe
FirewallRules: [{D222EC50-4A46-4194-8353-88AC9CE331F0}] => (Allow) C:\Users\John\AppData\Roaming\PPStream\QyUpdate.exe
FirewallRules: [{DA2BEB14-B0CA-48C5-9872-EE325D22F1C3}] => (Allow) D:\IQIYI Video\LStyle\QyClient.exe
FirewallRules: [{48A99A04-1E30-475F-99AE-080FB9CA5EAE}] => (Allow) D:\IQIYI Video\LStyle\QyKernel.exe
FirewallRules: [{D684DF43-41A0-429C-B9E3-3CA65662AAF7}] => (Allow) D:\IQIYI Video\LStyle\MobProtect.exe
FirewallRules: [{91E2B2F0-540D-42AC-9EC4-53EAE625C699}] => (Allow) C:\Users\John\AppData\Roaming\PPStream\QyUpdate.exe
FirewallRules: [{8544F0D7-A388-48F4-86F5-AAA55B47465B}] => (Allow) D:\IQIYI Video\LStyle\QyClient.exe
FirewallRules: [{B5AE15C4-5412-44F2-ACD3-DB1B49221E34}] => (Allow) D:\IQIYI Video\LStyle\QyKernel.exe
FirewallRules: [{AE212C05-F884-439B-B098-113DE2814F53}] => (Allow) D:\IQIYI Video\LStyle\MobProtect.exe
FirewallRules: [{C2F55D6F-4F09-4ED8-B78E-6C40DCAA7E90}] => (Allow) C:\Users\John\AppData\Roaming\PPStream\QyUpdate.exe
FirewallRules: [{53A292CC-C722-4F2F-B2C7-BDEADF26184B}] => (Allow) D:\IQIYI Video\LStyle\QyClient.exe
FirewallRules: [{93F32215-3BF3-4D71-A3EA-D4C9D04FF30D}] => (Allow) D:\IQIYI Video\LStyle\QyKernel.exe
FirewallRules: [{F15414FD-3FF0-4A35-AAF9-B4C6C8C9CA49}] => (Allow) D:\IQIYI Video\LStyle\MobProtect.exe
FirewallRules: [{F2419724-F656-4B43-B6CB-E8F4B359500D}] => (Allow) C:\Users\John\AppData\Roaming\PPStream\QyUpdate.exe
FirewallRules: [{2C962BA7-FEB0-4855-AB50-527B08FBF195}] => (Allow) D:\IQIYI Video\LStyle\QyClient.exe
FirewallRules: [{90CEC9E5-18FF-4B36-B977-84298B6B1825}] => (Allow) D:\IQIYI Video\LStyle\QyKernel.exe
FirewallRules: [{EE49FF0A-425C-4DDC-9F0F-B4C829D754B9}] => (Allow) D:\IQIYI Video\LStyle\MobProtect.exe
FirewallRules: [{F6D742CE-A329-4045-A74D-7A5DDCD77B15}] => (Allow) C:\Users\John\AppData\Roaming\PPStream\QyUpdate.exe
FirewallRules: [{A16DE384-2FCE-4D60-B9B0-F2BFA9CFD1C6}] => (Allow) D:\IQIYI Video\LStyle\QyClient.exe
FirewallRules: [{E738D889-8C82-4979-8BB0-3989ADD33A39}] => (Allow) D:\IQIYI Video\LStyle\QyKernel.exe
FirewallRules: [{C60C37D2-49CA-4BA0-AA77-63F54FDFB331}] => (Allow) D:\IQIYI Video\LStyle\MobProtect.exe
FirewallRules: [{5E88C64C-F581-4191-8553-8BE9B5BF5A42}] => (Allow) C:\Users\John\AppData\Roaming\PPStream\QyUpdate.exe
FirewallRules: [{9FEFC855-E653-4053-A6B0-622896438B61}] => (Allow) D:\IQIYI Video\LStyle\QyClient.exe
FirewallRules: [{3B055A12-854B-4BB1-8576-DC1FFB45908C}] => (Allow) D:\IQIYI Video\LStyle\QyKernel.exe
FirewallRules: [{158BBEDE-081D-4CFF-8A28-DC49DD6D5DEF}] => (Allow) D:\IQIYI Video\LStyle\MobProtect.exe
FirewallRules: [{371F4334-7802-468A-BE32-8BD2E30972A8}] => (Allow) C:\Users\John\AppData\Roaming\PPStream\QyUpdate.exe
FirewallRules: [{3407005D-634C-4ACA-9F4B-CD2E4910F60A}] => (Allow) D:\IQIYI Video\LStyle\QyClient.exe
FirewallRules: [{D5D36159-F5F8-4464-9335-5C649A6C5714}] => (Allow) D:\IQIYI Video\LStyle\QyKernel.exe
FirewallRules: [{E03A3963-8DE7-4BCB-A623-2DDA5B212AC6}] => (Allow) D:\IQIYI Video\LStyle\MobProtect.exe
FirewallRules: [{EA8D27D3-A57E-45AD-93BE-2BA5640F4409}] => (Allow) C:\Users\John\AppData\Roaming\PPStream\QyUpdate.exe
FirewallRules: [{D5482564-CD8C-435F-9058-05EE960F9895}] => (Allow) D:\IQIYI Video\LStyle\QyClient.exe
FirewallRules: [{8305D90C-4C04-4614-A703-CD108551FAC3}] => (Allow) D:\IQIYI Video\LStyle\QyKernel.exe
FirewallRules: [{924C4C6C-2A8C-4FB4-884F-A7F7E4D14B89}] => (Allow) D:\IQIYI Video\LStyle\MobProtect.exe
FirewallRules: [{8E68B901-2942-4D71-A3ED-BF49BBA116CD}] => (Allow) C:\Users\John\AppData\Roaming\PPStream\QyUpdate.exe
FirewallRules: [{14BE879B-4C6E-4E03-A2D0-243417F6FAFC}] => (Allow) D:\IQIYI Video\LStyle\QyClient.exe
FirewallRules: [{ED79B114-280E-4C06-9C55-4D5A882E61E8}] => (Allow) D:\IQIYI Video\LStyle\QyKernel.exe
FirewallRules: [{881AD044-8A21-4914-B5C4-C32401072DEE}] => (Allow) D:\IQIYI Video\LStyle\MobProtect.exe
FirewallRules: [{6B10520C-8A13-4C8F-9987-5A938A9AB9E1}] => (Allow) C:\Users\John\AppData\Roaming\PPStream\QyUpdate.exe
FirewallRules: [{75A72C1E-E3BF-4819-A461-E0E8E3D3CCE5}] => (Allow) D:\IQIYI Video\LStyle\QyClient.exe
FirewallRules: [{7063F544-BF96-44B5-ACF5-FE6DB604763F}] => (Allow) D:\IQIYI Video\LStyle\QyKernel.exe
FirewallRules: [{1F1D670C-F523-4B1B-BCBA-80A5C0E7E354}] => (Allow) D:\IQIYI Video\LStyle\MobProtect.exe
FirewallRules: [{41DEB2AA-A3E1-4B03-AA47-7EABA370353F}] => (Allow) C:\Users\John\AppData\Roaming\PPStream\QyUpdate.exe
FirewallRules: [{2B7086FD-895A-47C3-86C8-7F9937629F68}] => (Allow) D:\IQIYI Video\LStyle\QyClient.exe
FirewallRules: [{F0EDC8CA-0EFA-43E9-8D6A-823DCB12AD2B}] => (Allow) D:\IQIYI Video\LStyle\QyKernel.exe
FirewallRules: [{7129A4A5-2B15-4890-A39C-DBEDB2CF1028}] => (Allow) D:\IQIYI Video\LStyle\MobProtect.exe
FirewallRules: [{CA89DC6D-9DB9-426A-837D-7A4B57857523}] => (Allow) C:\Users\John\AppData\Roaming\PPStream\QyUpdate.exe
FirewallRules: [{2AE8DDFB-3AD3-4A04-A5EC-A41F0F58DACD}] => (Allow) D:\IQIYI Video\LStyle\QyClient.exe
FirewallRules: [{1668C448-7C1F-4C34-8B80-4C30FEA82669}] => (Allow) D:\IQIYI Video\LStyle\QyKernel.exe
FirewallRules: [{13B6892F-0DD0-47AD-9120-1AA4BEE4F94B}] => (Allow) D:\IQIYI Video\LStyle\MobProtect.exe
FirewallRules: [{FD65B8FE-17D0-4236-A28F-0E79BDE1119F}] => (Allow) C:\Users\John\AppData\Roaming\PPStream\QyUpdate.exe
FirewallRules: [{4C916655-174F-4DED-8B54-C799AE799B11}] => (Allow) D:\IQIYI Video\LStyle\QyClient.exe
FirewallRules: [{2EE16ED5-B1B6-4AEC-9818-A8A71F45746D}] => (Allow) D:\IQIYI Video\LStyle\QyKernel.exe
FirewallRules: [{AC073315-C4DC-49CA-B974-0A039D0B8EA8}] => (Allow) D:\IQIYI Video\LStyle\MobProtect.exe
FirewallRules: [{485E71C0-27F0-490B-AC16-C55D8318E11D}] => (Allow) C:\Users\John\AppData\Roaming\PPStream\QyUpdate.exe
FirewallRules: [{45D28550-D153-4D29-8563-10BD8F0518B1}] => (Allow) D:\IQIYI Video\LStyle\QyClient.exe
FirewallRules: [{AA253A7D-052F-4E8F-8B0F-7B9E4C159E19}] => (Allow) D:\IQIYI Video\LStyle\QyKernel.exe
FirewallRules: [{AD4DD67C-6FDA-4727-A62E-3F25407D253E}] => (Allow) D:\IQIYI Video\LStyle\MobProtect.exe
FirewallRules: [{150EA85A-E85C-4DB8-B16C-C80878A0376A}] => (Allow) C:\Users\John\AppData\Roaming\PPStream\QyUpdate.exe
FirewallRules: [{1396FA10-CBEE-4F5F-AFDB-829F926F39DE}] => (Allow) D:\IQIYI Video\LStyle\QyClient.exe
FirewallRules: [{A7E49067-FAFC-4A8D-8237-3B6AD8D59123}] => (Allow) D:\IQIYI Video\LStyle\QyKernel.exe
FirewallRules: [{78ABF01D-2925-4FCF-9E3E-2CBD843B6C5F}] => (Allow) D:\IQIYI Video\LStyle\MobProtect.exe
FirewallRules: [{A22CF6B2-4E35-4DA8-B605-881E8ACD3005}] => (Allow) C:\Users\John\AppData\Roaming\PPStream\QyUpdate.exe
FirewallRules: [{2858C158-63C7-4E72-9E75-2D8152F13DEF}] => (Allow) D:\IQIYI Video\LStyle\QyClient.exe
FirewallRules: [{77CF38C4-36F6-4DC9-B51C-46D441618560}] => (Allow) D:\IQIYI Video\LStyle\QyKernel.exe
FirewallRules: [{24405332-07FC-408D-8E0E-BD32B535A8E6}] => (Allow) D:\IQIYI Video\LStyle\MobProtect.exe
FirewallRules: [{F59B6F2A-FF2C-4C81-994C-7A60674600C9}] => (Allow) C:\Users\John\AppData\Roaming\PPStream\QyUpdate.exe
FirewallRules: [{DFB336E8-C20B-474A-B209-F694094FAB9D}] => (Allow) D:\IQIYI Video\LStyle\QyClient.exe
FirewallRules: [{05F995FF-6C34-4357-9E07-45C2E40D3AD5}] => (Allow) D:\IQIYI Video\LStyle\QyKernel.exe
FirewallRules: [{CC783157-0E7F-4CAB-AE61-EE10C91A2803}] => (Allow) D:\IQIYI Video\LStyle\MobProtect.exe
FirewallRules: [{C65EF9BF-B2D4-481E-81F1-21D86842CE05}] => (Allow) C:\Users\John\AppData\Roaming\PPStream\QyUpdate.exe
FirewallRules: [{D1B2A2C5-E379-4A03-B98F-891ECDE159A6}] => (Allow) D:\IQIYI Video\LStyle\QyClient.exe
FirewallRules: [{7F83F693-22A6-4CB7-B3BC-80ABEDD77A67}] => (Allow) D:\IQIYI Video\LStyle\QyKernel.exe
FirewallRules: [{4A7D8807-2BEC-47A5-9EAC-CA608776CCEA}] => (Allow) D:\IQIYI Video\LStyle\MobProtect.exe
FirewallRules: [{2403F6E0-2A57-425C-AECC-FB21A0F7ED9C}] => (Allow) C:\Users\John\AppData\Roaming\PPStream\QyUpdate.exe
FirewallRules: [{DAE8114F-2F5C-4C24-AEE5-238216084B94}] => (Allow) D:\IQIYI Video\LStyle\QyClient.exe
FirewallRules: [{53E80E42-1A4E-478A-A7FD-803C5A4DB555}] => (Allow) D:\IQIYI Video\LStyle\QyKernel.exe
FirewallRules: [{9FC63176-62D7-4DF9-AD15-3CB11A513ADD}] => (Allow) D:\IQIYI Video\LStyle\MobProtect.exe
FirewallRules: [{56C2309B-BC2F-4003-A209-A5B7999F2AA6}] => (Allow) C:\Users\John\AppData\Roaming\PPStream\QyUpdate.exe
FirewallRules: [{FBA73724-2098-4BDD-9B1F-47842AEC9960}] => (Allow) D:\IQIYI Video\LStyle\QyClient.exe
FirewallRules: [{C0FA35E4-01AF-4C93-B089-EA05879979EA}] => (Allow) D:\IQIYI Video\LStyle\QyKernel.exe
FirewallRules: [{B16E443C-13B4-44A7-9285-685F4D444864}] => (Allow) D:\IQIYI Video\LStyle\MobProtect.exe
FirewallRules: [{87FDCB3E-69FA-42CB-AEB7-F8884701AF0F}] => (Allow) C:\Users\John\AppData\Roaming\IQIYI Video\LStyle\QyUpdate.exe
FirewallRules: [{4676017F-9044-474E-852A-FD1D9A4DA364}] => (Allow) D:\IQIYI Video\LStyle\QyClient.exe
FirewallRules: [{E903CD47-2DD3-4228-8476-E865C8C20FC0}] => (Allow) D:\IQIYI Video\LStyle\QyWebPlayer.exe
FirewallRules: [{820AD292-55EA-4859-AD7A-D8DD6785C293}] => (Allow) D:\IQIYI Video\Common\QyKernel.exe
FirewallRules: [{55692520-A9BC-41C2-ADC3-753027AA0268}] => (Allow) D:\IQIYI Video\LStyle\QyPlayer.exe
FirewallRules: [{2F7975EA-83AF-4BA4-AF44-1DC2AD3A3BDD}] => (Allow) C:\Users\John\AppData\Roaming\IQIYI Video\LStyle\QyUpdate.exe
FirewallRules: [{43457AE7-C298-4366-A141-73FCD10C5BE4}] => (Allow) D:\IQIYI Video\LStyle\QyClient.exe
FirewallRules: [{0F5F066E-997A-42B3-A897-3F83A705B4F7}] => (Allow) D:\IQIYI Video\LStyle\QyWebPlayer.exe
FirewallRules: [{0996FDFB-0FA0-4DF0-A208-A7D6DB07A410}] => (Allow) D:\IQIYI Video\Common\QyKernel.exe
FirewallRules: [{363972CC-D0D5-4CA3-97A4-BB375084E104}] => (Allow) D:\IQIYI Video\LStyle\QyPlayer.exe
FirewallRules: [{C37BFC1E-8EAB-4E4F-BDD6-C07163175775}] => (Allow) D:\IQIYI Video\LStyle\MobProtect.exe
FirewallRules: [{98760E0D-30E6-47DB-BBD1-E2CAFC7BE1BE}] => (Allow) C:\Users\John\AppData\Roaming\IQIYI Video\LStyle\QyUpdate.exe
FirewallRules: [{DDB667BC-64D4-4E1B-904A-B73A409613B0}] => (Allow) D:\IQIYI Video\LStyle\QyClient.exe
FirewallRules: [{CF9DAF48-74BA-4C66-8F78-0E914D889C53}] => (Allow) D:\IQIYI Video\LStyle\QyWebPlayer.exe
FirewallRules: [{25664998-9FA6-4A8B-8AF3-B0EBA5BE8232}] => (Allow) D:\IQIYI Video\Common\QyKernel.exe
FirewallRules: [{A0F58A62-B1EA-4ACD-B7C3-03B6590BD6B8}] => (Allow) D:\IQIYI Video\LStyle\QyPlayer.exe
FirewallRules: [{B8046E98-8E43-4AAC-946E-415663E1FC85}] => (Allow) D:\IQIYI Video\LStyle\MobProtect.exe
FirewallRules: [{9DFD8732-C901-40AD-91FF-C96359D5B40C}] => (Allow) C:\Users\John\AppData\Roaming\IQIYI Video\LStyle\QyUpdate.exe
FirewallRules: [{3AEBA203-F34F-473C-A45F-D566A2AD4DE7}] => (Allow) D:\IQIYI Video\LStyle\QyClient.exe
FirewallRules: [{99E4D4B5-7BDC-41AB-AF11-0674D4158F8E}] => (Allow) D:\IQIYI Video\LStyle\QyWebPlayer.exe
FirewallRules: [{A04758F9-2DDB-493C-8BD7-0F6B5CE6BCF2}] => (Allow) D:\IQIYI Video\Common\QyKernel.exe
FirewallRules: [{AAD2114F-67ED-494B-8749-1E5ED233AA83}] => (Allow) D:\IQIYI Video\LStyle\QyPlayer.exe
FirewallRules: [{86BBBEDA-89CD-44C4-9BBC-81DA4DDAFBC1}] => (Allow) D:\IQIYI Video\LStyle\MobProtect.exe
FirewallRules: [{E922AEF0-1706-466A-9FD0-036583A52A2E}] => (Allow) C:\Users\John\AppData\Roaming\IQIYI Video\LStyle\QyUpdate.exe
FirewallRules: [{1AF6413B-0E66-4492-94CB-6C6923835A62}] => (Allow) D:\IQIYI Video\LStyle\QyClient.exe
FirewallRules: [{9E4B3072-8FD4-4F87-953B-36C24061397D}] => (Allow) D:\IQIYI Video\LStyle\QyWebPlayer.exe
FirewallRules: [{B1C1D295-33DB-401B-BD56-20C42345359F}] => (Allow) D:\IQIYI Video\Common\QyKernel.exe
FirewallRules: [{3932321D-B459-47AB-BACF-0FC3D8F67075}] => (Allow) D:\IQIYI Video\LStyle\QyPlayer.exe
FirewallRules: [{727DEBE1-F8C7-48D7-A5E0-D0EF0CCF0D7F}] => (Allow) D:\IQIYI Video\LStyle\MobProtect.exe
FirewallRules: [{D49D0052-6CB1-4E22-86C8-FB0FAE85A561}] => (Allow) C:\Users\John\AppData\Roaming\IQIYI Video\LStyle\QyUpdate.exe
FirewallRules: [{000BE1C0-1673-44AD-8BD4-D4F86FED3DA9}] => (Allow) D:\IQIYI Video\LStyle\QyClient.exe
FirewallRules: [{85D08086-7572-485C-9FC6-1A4F30275103}] => (Allow) D:\IQIYI Video\LStyle\QyWebPlayer.exe
FirewallRules: [{1B57F466-0157-4A78-94A8-390C592F3314}] => (Allow) D:\IQIYI Video\Common\QyKernel.exe
FirewallRules: [{3B95E759-11CB-47BD-AF0C-0CB5D58A17F4}] => (Allow) D:\IQIYI Video\LStyle\QyPlayer.exe
FirewallRules: [{4168771A-A85D-4279-AC4D-6C72AE792D82}] => (Allow) D:\IQIYI Video\LStyle\MobProtect.exe
FirewallRules: [{A3E189D2-1DB6-4A11-8D31-8F5996C5A844}] => (Allow) C:\Users\John\AppData\Roaming\IQIYI Video\LStyle\QyUpdate.exe
FirewallRules: [{7C304374-E465-426B-997D-4B6E599729B6}] => (Allow) D:\IQIYI Video\LStyle\QyClient.exe
FirewallRules: [{C3BCC41B-599B-41E1-87D9-55B6C6EB8D79}] => (Allow) D:\IQIYI Video\LStyle\QyWebPlayer.exe
FirewallRules: [{58060540-AD83-46AE-A26F-D35E596D775D}] => (Allow) D:\IQIYI Video\Common\QyKernel.exe
FirewallRules: [{5B740099-D281-41C2-B7D5-C3EDA97F2AF2}] => (Allow) D:\IQIYI Video\LStyle\QyPlayer.exe
FirewallRules: [{89F82812-15F3-4F8C-849A-47E9F5A00E5A}] => (Allow) D:\IQIYI Video\LStyle\MobProtect.exe
FirewallRules: [{42EF8361-BA49-4F6A-92B4-A018EC1FC42E}] => (Allow) C:\Users\John\AppData\Roaming\IQIYI Video\LStyle\QyUpdate.exe
FirewallRules: [{B541ABFD-1098-48FA-8195-2BD99214318E}] => (Allow) D:\IQIYI Video\LStyle\QyClient.exe
FirewallRules: [{674D0FE1-3697-43B3-AB1F-CC77B104C0B4}] => (Allow) D:\IQIYI Video\LStyle\QyWebPlayer.exe
FirewallRules: [{8C9EB44B-0343-46DF-A5E6-20AF8B1F8CF3}] => (Allow) D:\IQIYI Video\Common\QyKernel.exe
FirewallRules: [{81C7909A-0C6E-415C-ABA0-3ADA17431684}] => (Allow) D:\IQIYI Video\LStyle\QyPlayer.exe
FirewallRules: [{79F128D5-B8CF-47F5-894A-585E380DA7E6}] => (Allow) D:\IQIYI Video\LStyle\MobProtect.exe
FirewallRules: [{9C522A48-DED9-43B8-92E9-F0FDFC4BFA59}] => (Allow) C:\Users\John\AppData\Roaming\IQIYI Video\LStyle\QyUpdate.exe
FirewallRules: [{ED75B20B-1AC8-4444-895D-D5E566BB6856}] => (Allow) D:\IQIYI Video\LStyle\QyClient.exe
FirewallRules: [{8CF9EABF-978A-451D-83EB-57959E47E7B2}] => (Allow) D:\IQIYI Video\LStyle\QyWebPlayer.exe
FirewallRules: [{BF244DFE-C2BA-435F-ACC1-1CF24C9FA173}] => (Allow) D:\IQIYI Video\Common\QyKernel.exe
FirewallRules: [{AA84BEA5-772C-4CB2-AD5C-1800426B5CD3}] => (Allow) D:\IQIYI Video\LStyle\QyPlayer.exe
FirewallRules: [{6C422165-BF7B-4B07-BC1F-E42071FC86E1}] => (Allow) D:\IQIYI Video\LStyle\MobProtect.exe
FirewallRules: [TCP Query User{E965922E-B76C-40B4-A3AD-B5AD409855F7}C:\users\john\appdata\local\programs\qlik\sense\qliksense.exe] => (Block) C:\users\john\appdata\local\programs\qlik\sense\qliksense.exe
FirewallRules: [UDP Query User{96418A2E-0C81-40F2-8E74-75D100264ACE}C:\users\john\appdata\local\programs\qlik\sense\qliksense.exe] => (Block) C:\users\john\appdata\local\programs\qlik\sense\qliksense.exe
FirewallRules: [{54887585-D538-4783-916D-35918A0E66A6}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
FirewallRules: [TCP Query User{BB3E0874-942C-40B3-BADC-3320B1ED004E}C:\users\john\appdata\local\programs\qlik\sense\qliksense.exe] => (Allow) C:\users\john\appdata\local\programs\qlik\sense\qliksense.exe
FirewallRules: [UDP Query User{888C2C80-401C-43BD-A354-1D4AB784D558}C:\users\john\appdata\local\programs\qlik\sense\qliksense.exe] => (Allow) C:\users\john\appdata\local\programs\qlik\sense\qliksense.exe
FirewallRules: [{FF0A7CF6-693F-4E9A-943D-0608CB773718}] => (Allow) C:\Users\John\AppData\Roaming\IQIYI Video\LStyle\QyUpdate.exe
FirewallRules: [{6F9A393B-AA84-4911-8C37-A9C8CC2FDEE2}] => (Allow) D:\IQIYI Video\LStyle\QyClient.exe
FirewallRules: [{00745610-8EA2-4C5A-A6F1-5F3B08ABDFD9}] => (Allow) D:\IQIYI Video\LStyle\QyWebPlayer.exe
FirewallRules: [{8F547FB2-120F-4624-B674-151B2776C42A}] => (Allow) D:\IQIYI Video\LStyle\GeePlayer.exe
FirewallRules: [{87955361-CFC6-4BD7-836D-588BA96B6B64}] => (Allow) D:\IQIYI Video\Common\HCDNClient.exe
FirewallRules: [{4963C7F1-7B65-4C31-B563-D239F6713E22}] => (Allow) D:\IQIYI Video\Common\QyKernel.exe
FirewallRules: [{343BD42A-54CA-4EB8-8020-D5F519C18FBA}] => (Allow) D:\IQIYI Video\LStyle\QyPlayer.exe
FirewallRules: [{7786E097-ED51-40D7-93F9-21C4E2610A07}] => (Allow) C:\Users\John\AppData\Roaming\IQIYI Video\LStyle\QyUpdate.exe
FirewallRules: [{83AEFDF8-B97F-4C6A-8575-72AD7A49D05F}] => (Allow) D:\IQIYI Video\LStyle\QyClient.exe
FirewallRules: [{7F15C5F2-3674-47E1-88A5-078B24D98E87}] => (Allow) D:\IQIYI Video\LStyle\QyWebPlayer.exe
FirewallRules: [{8B67CC9E-D74E-4625-9657-39D64164DEAC}] => (Allow) D:\IQIYI Video\LStyle\GeePlayer.exe
FirewallRules: [{AAA81385-286C-42A4-B331-D01748BF3345}] => (Allow) D:\IQIYI Video\Common\HCDNClient.exe
FirewallRules: [{91C9A7E0-FFB2-4F40-B587-00CB45199F27}] => (Allow) D:\IQIYI Video\Common\QyKernel.exe
FirewallRules: [{C1B72161-42C3-41F2-84BB-34D671115846}] => (Allow) D:\IQIYI Video\LStyle\QyPlayer.exe
FirewallRules: [{1EB16FEC-53A3-4F11-A4BB-FB98989C98F3}] => (Allow) C:\Users\John\AppData\Roaming\IQIYI Video\LStyle\QyUpdate.exe
FirewallRules: [{C5488953-B319-4521-BC19-CF6FAAD202C5}] => (Allow) D:\IQIYI Video\LStyle\QyClient.exe
FirewallRules: [{165AD64E-0BE6-4B53-AFB5-E0257C9DDF4A}] => (Allow) D:\IQIYI Video\LStyle\QyWebPlayer.exe
FirewallRules: [{897BB750-C528-42B0-A579-6BAB07A588F5}] => (Allow) D:\IQIYI Video\LStyle\GeePlayer.exe
FirewallRules: [{48FD5F8C-086A-4780-A581-15DC321E7820}] => (Allow) D:\IQIYI Video\Common\HCDNClient.exe
FirewallRules: [{5C634982-20AF-425A-B0AA-0616230AFD21}] => (Allow) D:\IQIYI Video\Common\QyKernel.exe
FirewallRules: [{0A9C4696-85B2-42AE-8E88-B86A1883A6C0}] => (Allow) D:\IQIYI Video\LStyle\QyPlayer.exe
FirewallRules: [{D55130F2-1A21-4E15-8C04-3B1FDCA8BB91}] => (Allow) C:\Users\John\AppData\Roaming\IQIYI Video\LStyle\QyUpdate.exe
FirewallRules: [{61B7B01C-38F3-47A4-B5A4-3BD1F51B887C}] => (Allow) D:\IQIYI Video\LStyle\QyClient.exe
FirewallRules: [{3D0BD9B2-1EF1-437B-A47C-BF70DCD21EB7}] => (Allow) D:\IQIYI Video\LStyle\QyWebPlayer.exe
FirewallRules: [{C193FB26-8691-4129-805C-51BEE3E10541}] => (Allow) D:\IQIYI Video\LStyle\GeePlayer.exe
FirewallRules: [{B80555C2-9B31-448C-AD43-0292DAFFC38D}] => (Allow) D:\IQIYI Video\Common\HCDNClient.exe
FirewallRules: [{D2434ED4-7203-4E58-8005-CE61D4A0CE95}] => (Allow) D:\IQIYI Video\Common\QyKernel.exe
FirewallRules: [{686BFADA-AA80-4D49-B697-93078FFF7355}] => (Allow) D:\IQIYI Video\LStyle\QyPlayer.exe
FirewallRules: [{E717C7C8-D8CA-47BA-873C-8C03374473CD}] => (Allow) C:\Users\John\AppData\Roaming\IQIYI Video\LStyle\QyUpdate.exe
FirewallRules: [{97553BD5-A992-4EF9-BA55-ADC938C6251C}] => (Allow) D:\IQIYI Video\LStyle\QyClient.exe
FirewallRules: [{B1501D85-9D2C-4037-98B1-DC227171F825}] => (Allow) D:\IQIYI Video\LStyle\QyWebPlayer.exe
FirewallRules: [{DCB99D09-9AEF-43BF-AF1F-D7A8FFA12ED0}] => (Allow) D:\IQIYI Video\LStyle\GeePlayer.exe
FirewallRules: [{3AC4DB11-B512-457A-9D60-199FF386D473}] => (Allow) D:\IQIYI Video\Common\HCDNClient.exe
FirewallRules: [{0BF6E69B-5AA9-4F16-8239-D0C7CB6E75D7}] => (Allow) D:\IQIYI Video\Common\QyKernel.exe
FirewallRules: [{A2E3050C-17A5-44BA-939E-49B8D24D71E6}] => (Allow) D:\IQIYI Video\LStyle\QyPlayer.exe
FirewallRules: [{315944B2-FCC2-417A-B3FD-99D0321AEC4B}] => (Allow) C:\Users\John\AppData\Roaming\IQIYI Video\LStyle\QyUpdate.exe
FirewallRules: [{3BBEA215-1CE1-4F6E-8336-A0E52DFB81E7}] => (Allow) D:\IQIYI Video\LStyle\QyClient.exe
FirewallRules: [{D1BA8A8A-E1E3-40B1-A200-BBDADE2526BA}] => (Allow) D:\IQIYI Video\LStyle\QyWebPlayer.exe
FirewallRules: [{B14B6BEE-09DD-4610-B216-79FE6429CB65}] => (Allow) D:\IQIYI Video\LStyle\GeePlayer.exe
FirewallRules: [{84391036-FB83-46DF-B24E-BF166B4D2662}] => (Allow) D:\IQIYI Video\Common\HCDNClient.exe
FirewallRules: [{5429C4E0-583E-43C7-9397-963791405432}] => (Allow) D:\IQIYI Video\Common\QyKernel.exe
FirewallRules: [{31F87FAB-FDAF-4C84-9D14-055C08769FCF}] => (Allow) D:\IQIYI Video\LStyle\QyPlayer.exe
FirewallRules: [{9277EFBF-3108-45D3-BF8E-97E920C40D2F}] => (Allow) C:\Users\John\AppData\Roaming\IQIYI Video\LStyle\QyUpdate.exe
FirewallRules: [{89C90EDA-F6D6-4F28-889E-CD826E654BA3}] => (Allow) D:\IQIYI Video\LStyle\QyClient.exe
FirewallRules: [{2FEF9E80-BBF6-4E98-9291-929E1E1EFB79}] => (Allow) D:\IQIYI Video\LStyle\QyWebPlayer.exe
FirewallRules: [{EB4C5E36-F897-40D0-B6C9-02333229B9B7}] => (Allow) D:\IQIYI Video\LStyle\GeePlayer.exe
FirewallRules: [{91B93E8E-2B28-4081-920B-0234B7632C7D}] => (Allow) D:\IQIYI Video\Common\HCDNClient.exe
FirewallRules: [{B38E4BF1-E06E-4BD2-AA24-7D604963EB01}] => (Allow) D:\IQIYI Video\Common\QyKernel.exe
FirewallRules: [{93B0C419-6A95-46C1-A170-DB50C78D4DDF}] => (Allow) D:\IQIYI Video\LStyle\QyPlayer.exe
FirewallRules: [{D847A683-9B02-401A-888E-D4A5A182A8BE}] => (Allow) C:\Users\John\AppData\Roaming\IQIYI Video\LStyle\QyUpdate.exe
FirewallRules: [{AEE8384D-7C0C-4B67-9107-DC635162480D}] => (Allow) D:\IQIYI Video\LStyle\QyClient.exe
FirewallRules: [{F2F7A583-0BEE-434E-9329-6E6D1F40D9A5}] => (Allow) D:\IQIYI Video\LStyle\QyWebPlayer.exe
FirewallRules: [{F4F05C39-890A-456D-882E-2B274E20E78A}] => (Allow) D:\IQIYI Video\LStyle\GeePlayer.exe
FirewallRules: [{C8A0BE83-21E7-497B-BEF6-0B66498FA2A0}] => (Allow) D:\IQIYI Video\Common\HCDNClient.exe
FirewallRules: [{45A9D279-35A3-47D1-9898-736245C2A6F4}] => (Allow) D:\IQIYI Video\Common\QyKernel.exe
FirewallRules: [{39CACAAD-E5B9-4EEF-BA58-964F9F99195B}] => (Allow) D:\IQIYI Video\LStyle\QyPlayer.exe
FirewallRules: [{A08BA0E0-EBD6-4A95-8E8C-6060C6F88465}] => (Allow) C:\Users\John\AppData\Roaming\IQIYI Video\LStyle\QyUpdate.exe
FirewallRules: [{28A5857A-7020-43DD-9E81-B96426EA6C44}] => (Allow) D:\IQIYI Video\LStyle\QyClient.exe
FirewallRules: [{5FFE77DE-8280-4E72-8C62-CBC1925EBFDD}] => (Allow) D:\IQIYI Video\LStyle\QyWebPlayer.exe
FirewallRules: [{03150517-6528-453F-9993-88154F79A55D}] => (Allow) D:\IQIYI Video\LStyle\GeePlayer.exe
FirewallRules: [{45F7BDDE-AB15-4A4F-8956-84665C063515}] => (Allow) D:\IQIYI Video\Common\HCDNClient.exe
FirewallRules: [{D501765F-49D0-4917-A48E-EFE510EA137D}] => (Allow) D:\IQIYI Video\Common\QyKernel.exe
FirewallRules: [{DDD4F073-570A-4A81-ADB9-68703DC7CCEE}] => (Allow) D:\IQIYI Video\LStyle\QyPlayer.exe
FirewallRules: [{CAD55706-A491-4592-8DE7-0873B2B27158}] => (Allow) C:\Users\John\AppData\Roaming\IQIYI Video\LStyle\QyUpdate.exe
FirewallRules: [{BB4CEDDA-F467-402C-B520-4C787F200682}] => (Allow) D:\IQIYI Video\LStyle\QyClient.exe
FirewallRules: [{357B45AF-A107-428E-A4EA-0A705EDB5E5F}] => (Allow) D:\IQIYI Video\LStyle\QyWebPlayer.exe
FirewallRules: [{9FE8D019-5C4A-4180-ADB2-87B5CC6FF530}] => (Allow) D:\IQIYI Video\LStyle\GeePlayer.exe
FirewallRules: [{529329C9-FCEE-4B3E-9E36-94A933F20C33}] => (Allow) D:\IQIYI Video\Common\HCDNClient.exe
FirewallRules: [{DCBFBC40-512D-4DB4-931F-722F21484268}] => (Allow) D:\IQIYI Video\Common\QyKernel.exe
FirewallRules: [{41A8C103-BE63-4112-8EAF-766ED1BCAAD1}] => (Allow) D:\IQIYI Video\LStyle\QyPlayer.exe
FirewallRules: [{08CD902C-EC01-4BF6-921B-50ED835E548E}] => (Allow) C:\Users\John\AppData\Roaming\IQIYI Video\LStyle\QyUpdate.exe
FirewallRules: [{A6EC8B64-4A29-4891-9852-04C035DBBE91}] => (Allow) D:\IQIYI Video\LStyle\QyClient.exe
FirewallRules: [{E3FADE66-D5CA-4042-AA9C-5509919E690E}] => (Allow) D:\IQIYI Video\LStyle\QyWebPlayer.exe
FirewallRules: [{1C01AB2F-C1B2-4974-B433-7631CB7B8FBC}] => (Allow) D:\IQIYI Video\LStyle\GeePlayer.exe
FirewallRules: [{6F0F10EC-A3AD-4B2A-8CA7-000535DE5B83}] => (Allow) D:\IQIYI Video\Common\HCDNClient.exe
FirewallRules: [{927FE9EB-BE45-4E0B-B5A8-389F98087287}] => (Allow) D:\IQIYI Video\Common\QyKernel.exe
FirewallRules: [{D9E6B762-D6D3-4E54-AFC8-190A02CFC05D}] => (Allow) D:\IQIYI Video\LStyle\QyPlayer.exe
FirewallRules: [{9C1FDFAD-039C-4A2B-AAB6-CD0BD841EA59}] => (Allow) C:\Users\John\AppData\Roaming\IQIYI Video\LStyle\QyUpdate.exe
FirewallRules: [{9B777EA2-0F10-4D8F-A2A3-B32F808069EF}] => (Allow) D:\IQIYI Video\LStyle\QyClient.exe
FirewallRules: [{7AD636D6-5C8A-48BA-9634-8B54FE3BAE80}] => (Allow) D:\IQIYI Video\LStyle\QyWebPlayer.exe
FirewallRules: [{84674CEE-CD8F-4131-87A1-D2010C128901}] => (Allow) D:\IQIYI Video\LStyle\GeePlayer.exe
FirewallRules: [{350FCAD8-FEA0-4A04-8EA6-0F626B554177}] => (Allow) D:\IQIYI Video\Common\HCDNClient.exe
FirewallRules: [{E1EBE0D3-169F-4CCB-AB3F-B7DE4C945E32}] => (Allow) D:\IQIYI Video\Common\QyKernel.exe
FirewallRules: [{359702FF-14BD-4C57-B0EC-B5234D214A71}] => (Allow) D:\IQIYI Video\LStyle\QyPlayer.exe
FirewallRules: [{267F256C-7BBE-4B46-AD79-8248037C329D}] => (Allow) C:\Users\John\AppData\Roaming\IQIYI Video\LStyle\QyUpdate.exe
FirewallRules: [{04FC491D-12DC-4DF4-87EA-8F0451074D6E}] => (Allow) D:\IQIYI Video\LStyle\QyClient.exe
FirewallRules: [{F7BF3B96-3A8E-4EAF-A30E-53C88E96FE30}] => (Allow) D:\IQIYI Video\LStyle\QyWebPlayer.exe
FirewallRules: [{EA4138D2-8C1F-4447-9646-4FBB481CFD0E}] => (Allow) D:\IQIYI Video\LStyle\GeePlayer.exe
FirewallRules: [{A600B8B6-7C57-40C6-9BFF-128A43598E6C}] => (Allow) D:\IQIYI Video\Common\HCDNClient.exe
FirewallRules: [{A2DC0E9D-CF98-4ECD-8EA6-22384C16D87A}] => (Allow) D:\IQIYI Video\Common\QyKernel.exe
FirewallRules: [{C7034E21-9173-4148-AC11-8C58FEED2EF9}] => (Allow) D:\IQIYI Video\LStyle\QyPlayer.exe
FirewallRules: [TCP Query User{05E832F0-AB71-4393-AEF4-B6F17AE85C6A}D:\iqiyi video\lstyle\mobprotect.exe] => (Block) D:\iqiyi video\lstyle\mobprotect.exe
FirewallRules: [UDP Query User{05C22438-C1B9-4C67-99BE-0254A9FF1ED6}D:\iqiyi video\lstyle\mobprotect.exe] => (Block) D:\iqiyi video\lstyle\mobprotect.exe
FirewallRules: [{770E7CF2-D677-4F38-8494-79DFEC2F2D1A}] => (Allow) C:\Users\John\AppData\Roaming\IQIYI Video\LStyle\QyUpdate.exe
FirewallRules: [{440AB4A9-B221-4F22-A84B-67D4C6425CD5}] => (Allow) D:\IQIYI Video\LStyle\QyClient.exe
FirewallRules: [{F46B5498-D455-466D-B3C7-E3D0F2B08444}] => (Allow) D:\IQIYI Video\LStyle\QyWebPlayer.exe
FirewallRules: [{81F37FEA-9FC2-4811-BD2B-C1F0ABF74C74}] => (Allow) D:\IQIYI Video\LStyle\GeePlayer.exe
FirewallRules: [{B72502FE-54C4-457B-95A6-5D53C205EFE9}] => (Allow) D:\IQIYI Video\Common\HCDNClient.exe
FirewallRules: [{58067095-87BB-47C8-94B4-F4A59A4CB949}] => (Allow) D:\IQIYI Video\Common\QyKernel.exe
FirewallRules: [{00B92FD7-8A92-4A68-A6EE-701CEFBD13DA}] => (Allow) D:\IQIYI Video\LStyle\QyPlayer.exe
FirewallRules: [{AA74ACB3-14AA-4C87-B4CF-9D338A8452A5}] => (Allow) C:\Users\John\AppData\Roaming\IQIYI Video\LStyle\GpUpdate.exe
FirewallRules: [{BECFA074-41DC-4804-A9B5-0123D6C3FFEB}] => (Allow) D:\IQIYI Video\GeePlayer\GeePlayer.exe
FirewallRules: [{559D8F79-E19A-4551-995A-2AB13B7CB785}] => (Allow) C:\Users\John\AppData\Roaming\IQIYI Video\LStyle\QyUpdate.exe
FirewallRules: [{3ADEE506-69EC-4502-86F8-5E44D2F4CEE9}] => (Allow) D:\IQIYI Video\LStyle\QyClient.exe
FirewallRules: [{4441E2D6-850A-4817-8BC3-D7C22BF4ACA2}] => (Allow) D:\IQIYI Video\LStyle\QyWebPlayer.exe
FirewallRules: [{8238BC37-2487-43B1-96AC-D157A9A5CF47}] => (Allow) D:\IQIYI Video\Common\HCDNClient.exe
FirewallRules: [{FB4DA647-B1BC-42CB-A3D1-CD9BD965FD04}] => (Allow) D:\IQIYI Video\Common\QyKernel.exe
FirewallRules: [{1FE93857-7709-4280-B731-08A7A01A187E}] => (Allow) D:\IQIYI Video\LStyle\QyPlayer.exe
FirewallRules: [{D1D92B4E-6E4C-4F37-B734-63790BF0C1C3}] => (Allow) C:\Users\John\AppData\Roaming\IQIYI Video\LStyle\GpUpdate.exe
FirewallRules: [{77B51056-B2BB-4506-A9A3-DAA521562C92}] => (Allow) D:\IQIYI Video\GeePlayer\GeePlayer.exe
FirewallRules: [{AAD9D627-057E-4A4B-9741-D1396B845389}] => (Allow) C:\Users\John\AppData\Roaming\IQIYI Video\LStyle\QyUpdate.exe
FirewallRules: [{2B9ABD60-4577-4104-A7E3-E2EBB2D43815}] => (Allow) D:\IQIYI Video\LStyle\QyClient.exe
FirewallRules: [{945288B9-DA7E-405C-9A76-2379ED92873B}] => (Allow) D:\IQIYI Video\LStyle\QyWebPlayer.exe
FirewallRules: [{C98DD76D-A24E-466C-B48F-D386CACBD764}] => (Allow) D:\IQIYI Video\Common\HCDNClient.exe
FirewallRules: [{3332FECE-86F2-4A81-87A9-F02670402796}] => (Allow) D:\IQIYI Video\Common\QyKernel.exe
FirewallRules: [{C1994233-9ED9-41E2-9C92-8C52688B41B3}] => (Allow) D:\IQIYI Video\LStyle\QyPlayer.exe
FirewallRules: [{A1BA0C02-2DA7-4C90-A5D5-00E48CBB1D6F}] => (Allow) C:\Users\John\AppData\Roaming\IQIYI Video\LStyle\GpUpdate.exe
FirewallRules: [{87AC920B-4ABD-426C-BB57-A087B78D188D}] => (Allow) D:\IQIYI Video\GeePlayer\GeePlayer.exe
FirewallRules: [{CF2A045A-0AB5-4973-A8E6-16AE63325077}] => (Allow) C:\Users\John\AppData\Roaming\IQIYI Video\LStyle\QyUpdate.exe
FirewallRules: [{29FF5434-8F06-46B5-B257-4D0CEF51DEBD}] => (Allow) D:\IQIYI Video\LStyle\QyClient.exe
FirewallRules: [{E7623A0D-7032-44E4-A635-2CC569CAA811}] => (Allow) D:\IQIYI Video\LStyle\QyWebPlayer.exe
FirewallRules: [{96082AB6-D534-4DE0-B116-B288756F7AE8}] => (Allow) D:\IQIYI Video\Common\QyKernel.exe
FirewallRules: [{24D7F765-FB7E-49C6-BB79-5DF0DD8958E9}] => (Allow) D:\IQIYI Video\LStyle\QyPlayer.exe
FirewallRules: [{DA32121D-C82A-441B-9EB4-36534304ED84}] => (Allow) C:\Users\John\AppData\Roaming\IQIYI Video\LStyle\QyUpdate.exe
FirewallRules: [{4254E157-1AAE-4C94-8ACB-5046AB1B111D}] => (Allow) D:\IQIYI Video\LStyle\QyClient.exe
FirewallRules: [{618DD568-8D91-4ABF-A1D2-C3996A9AD691}] => (Allow) D:\IQIYI Video\LStyle\QyKernel.exe
FirewallRules: [{E185A419-1D56-4240-9EBB-F482616DA29C}] => (Allow) D:\IQIYI Video\LStyle\QyMiniPlayer.exe
FirewallRules: [{BE8F4DDE-5BC9-4609-A002-A4795ABCE61E}] => (Allow) D:\IQIYI Video\LStyle\QyPlayer.exe
FirewallRules: [{A0D0C524-4806-4B6E-8FD3-3FE1AAA3160A}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (09/11/2015 04:16:35 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Information only.
Error:  Initialization failed 0x80080005 Type: 88::UnexpectedError.
 
Error: (09/11/2015 04:04:53 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (09/11/2015 04:04:37 PM) (Source: Schedule) (EventID: 0) (User: )
Description: Schedule error: 10106Initialize call failed, bailing out
 
Error: (09/11/2015 03:42:46 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (09/11/2015 03:41:37 AM) (Source: Schedule) (EventID: 0) (User: )
Description: Schedule error: 10106Initialize call failed, bailing out
 
Error: (09/11/2015 02:59:14 AM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Information only.
Error:  Initialization failed 0x80080005 Type: 88::UnexpectedError.
 
Error: (09/11/2015 02:47:26 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (09/11/2015 02:47:04 AM) (Source: Schedule) (EventID: 0) (User: )
Description: Schedule error: 10106Initialize call failed, bailing out
 
Error: (09/10/2015 10:25:54 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Information only.
Error:  Initialization failed 0x80080005 Type: 88::UnexpectedError.
 
Error: (09/10/2015 10:14:06 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
 
System errors:
=============
Error: (09/11/2015 04:21:02 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The IPsec Policy Agent service terminated with the following error: 
%%10106
 
Error: (09/11/2015 04:21:01 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The IPsec Policy Agent service terminated with the following error: 
%%10106
 
Error: (09/11/2015 04:20:45 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The IPsec Policy Agent service terminated with the following error: 
%%10106
 
Error: (09/11/2015 04:20:45 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The IPsec Policy Agent service terminated with the following error: 
%%10106
 
Error: (09/11/2015 04:20:32 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The IPsec Policy Agent service terminated with the following error: 
%%10106
 
Error: (09/11/2015 04:20:30 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The IPsec Policy Agent service terminated with the following error: 
%%10106
 
Error: (09/11/2015 04:20:16 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The IPsec Policy Agent service terminated with the following error: 
%%10106
 
Error: (09/11/2015 04:20:15 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The IPsec Policy Agent service terminated with the following error: 
%%10106
 
Error: (09/11/2015 04:20:02 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The IPsec Policy Agent service terminated with the following error: 
%%10106
 
Error: (09/11/2015 04:20:00 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The IPsec Policy Agent service terminated with the following error: 
%%10106
 
 
Microsoft Office:
=========================
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i5-2450M CPU @ 2.50GHz
Percentage of memory in use: 32%
Total physical RAM: 8096.58 MB
Available physical RAM: 5457.58 MB
Total Virtual: 16191.34 MB
Available Virtual: 13395.45 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:420.33 GB) (Free:362.76 GB) NTFS
Drive d: (LENOVO) (Fixed) (Total:30.48 GB) (Free:27.46 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: F3F6059F)
Partition 1: (Active) - (Size=200 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=420.3 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=30.5 GB) - (Type=OF Extended)
Partition 4: (Not Active) - (Size=14.8 GB) - (Type=12)
 
==================== End of Addition.txt ============================

  • 0

#4
zep516
Posted 11 September 2015 - 06:18 PM

zep516

    Trusted Helper

  • Malware Removal
  • 8,093 posts
Hello,

Programs to remove from you programs uninstall list, right click on the program listed and choose uninstall, if a program will not uninstall skip it and keep following directions.
  • Sendori
  • Shopping Sidekick

    Next

    -->A few items to fix using frst64.
  • Open notepad (Start =>All Programs => Accessories => Notepad).
  • Copy/Paste the contents of the code box below into Notepad.
    start
CloseProcesses:
CreateRestorePoint:
SearchScopes: HKU\S-1-5-21-4069971480-3308628135-3138954169-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
U3 BcmSqlStartupSvc; no ImagePath
U2 CLKMSVC10_3A60B698; no ImagePath
U2 CLKMSVC10_C3B3B687; no ImagePath
U2 DriverService; no ImagePath
U2 IAStorDataMgrSvc; no ImagePath
U2 iATAgentService; no ImagePath
U2 idealife Update Service; no ImagePath
U3 IGRS; no ImagePath
U2 IviRegMgr; no ImagePath
U2 nvUpdatusService; no ImagePath
U2 Oasis2Service; no ImagePath
U2 PCCarerService; no ImagePath
U2 ReadyComm.DirectRouter; no ImagePath
U2 RichVideo; no ImagePath
U2 RtLedService; no ImagePath
U2 SeaPort; no ImagePath
U2 SoftwareService; no ImagePath
U3 SQLWriter; no ImagePath
U2 Stereo Service; no ImagePath
CustomCLSID: HKU\S-1-5-21-4069971480-3308628135-3138954169-1001_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\John\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-4069971480-3308628135-3138954169-1001_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\John\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-4069971480-3308628135-3138954169-1001_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\John\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-4069971480-3308628135-3138954169-1001_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Users\John\AppData\Local\Google\Update\1.3.28.1\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-4069971480-3308628135-3138954169-1001_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}\InprocServer32 -> C:\Users\John\AppData\Local\Google\Update\1.3.28.13\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-4069971480-3308628135-3138954169-1001_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\John\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-4069971480-3308628135-3138954169-1001_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\John\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-4069971480-3308628135-3138954169-1001_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\John\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-4069971480-3308628135-3138954169-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\John\AppData\Local\Google\Update\1.3.28.13\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-4069971480-3308628135-3138954169-1001_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\John\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File 
Task: {1BD69E0A-8BD6-4A72-89B7-C566531BE531} - \Cawlez -> No File <==== ATTENTION
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\sndappv2 => ""="service"
FF Plugin: @pps.tv/npWebPlayer -> D:\IQIYI Video\LStyle\npWebPlayer.dll [No File]
FF Plugin-x32: @pps.tv/npWebPlayer -> D:\IQIYI Video\LStyle\npWebPlayer.dll [No File]
FF Plugin HKU\S-1-5-21-4069971480-3308628135-3138954169-1001: @pps.tv/npWebPlayer -> D:\IQIYI Video\LStyle\npWebPlayer.dll No File
CMD: bitsadmin /reset /allusers
CMD: netsh winsock reset catalog
CMD: ipconfig /flushdns
RemoveProxy:
hosts:
Emptytemp:
  • Click Format and ensure Wordwrap is unchecked.
  • Save as Fixlist.txt to your Desktop (Must be in this location)
  • Run FRST/FRST64 and press the Fix button just once and wait.
    If the tool needed a restart please make sure you let the system to restart normally and let the tool completes its run after restart.
  • The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.
    Note: If the tool warns you about the version you're using being an outdated version please download and run the updated version.

    Next

    Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the logfile button and the log will open in Notepad.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished and the PC has rebooted.
  • Please post the content of that log file with your next answer.
  • You can find the log file at "C"

    Next

    thisisujrt.gif Please download Junkware Removal Tool to your Desktop.
  • Please close your security software to avoid potential conflicts. See Here how to disable you security protection (Anti Virus)
  • Run the tool by double-clicking it. If you are using Windows Vista or 7, right-mouse click it and select Run as administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete, depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your Desktop and will automatically open.
  • Please post the contents of JRT.txt into your reply.

    In your next reply post;
  • Fixlog.txt
  • The AdwCleaner [SO].txt Log
  • The JRT.txt Log

  • 0

#5
horseshoe
Posted 14 September 2015 - 08:49 PM

horseshoe

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 110 posts

Below are the log:

1) Fixlog.txt

 

Fix result of Farbar Recovery Scan Tool (x64) Version:10-09-2015 01
Ran by John (2015-09-14 18:36:20) Run:1
Running from C:\Users\John\Desktop
Loaded Profiles: John (Available Profiles: John)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
start
CloseProcesses:
CreateRestorePoint:
SearchScopes: HKU\S-1-5-21-4069971480-3308628135-3138954169-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
U3 BcmSqlStartupSvc; no ImagePath
U2 CLKMSVC10_3A60B698; no ImagePath
U2 CLKMSVC10_C3B3B687; no ImagePath
U2 DriverService; no ImagePath
U2 IAStorDataMgrSvc; no ImagePath
U2 iATAgentService; no ImagePath
U2 idealife Update Service; no ImagePath
U3 IGRS; no ImagePath
U2 IviRegMgr; no ImagePath
U2 nvUpdatusService; no ImagePath
U2 Oasis2Service; no ImagePath
U2 PCCarerService; no ImagePath
U2 ReadyComm.DirectRouter; no ImagePath
U2 RichVideo; no ImagePath
U2 RtLedService; no ImagePath
U2 SeaPort; no ImagePath
U2 SoftwareService; no ImagePath
U3 SQLWriter; no ImagePath
U2 Stereo Service; no ImagePath
CustomCLSID: HKU\S-1-5-21-4069971480-3308628135-3138954169-1001_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\John\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-4069971480-3308628135-3138954169-1001_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\John\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-4069971480-3308628135-3138954169-1001_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\John\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-4069971480-3308628135-3138954169-1001_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Users\John\AppData\Local\Google\Update\1.3.28.1\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-4069971480-3308628135-3138954169-1001_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}\InprocServer32 -> C:\Users\John\AppData\Local\Google\Update\1.3.28.13\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-4069971480-3308628135-3138954169-1001_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\John\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-4069971480-3308628135-3138954169-1001_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\John\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-4069971480-3308628135-3138954169-1001_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\John\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-4069971480-3308628135-3138954169-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\John\AppData\Local\Google\Update\1.3.28.13\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-4069971480-3308628135-3138954169-1001_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\John\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File 
Task: {1BD69E0A-8BD6-4A72-89B7-C566531BE531} - \Cawlez -> No File <==== ATTENTION
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\sndappv2 => ""="service"
FF Plugin: @pps.tv/npWebPlayer -> D:\IQIYI Video\LStyle\npWebPlayer.dll [No File]
FF Plugin-x32: @pps.tv/npWebPlayer -> D:\IQIYI Video\LStyle\npWebPlayer.dll [No File]
FF Plugin HKU\S-1-5-21-4069971480-3308628135-3138954169-1001: @pps.tv/npWebPlayer -> D:\IQIYI Video\LStyle\npWebPlayer.dll No File
CMD: bitsadmin /reset /allusers
CMD: netsh winsock reset catalog
CMD: ipconfig /flushdns
RemoveProxy:
hosts:
Emptytemp:
*****************
 
Processes closed successfully.
Restore point was successfully created.
"HKU\S-1-5-21-4069971480-3308628135-3138954169-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => key removed successfully
HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found. 
BcmSqlStartupSvc => service removed successfully
CLKMSVC10_3A60B698 => service removed successfully
CLKMSVC10_C3B3B687 => service removed successfully
DriverService => service removed successfully
IAStorDataMgrSvc => service removed successfully
iATAgentService => service removed successfully
idealife Update Service => service removed successfully
IGRS => service removed successfully
IviRegMgr => service removed successfully
nvUpdatusService => service removed successfully
Oasis2Service => service removed successfully
PCCarerService => service removed successfully
ReadyComm.DirectRouter => service removed successfully
RichVideo => service removed successfully
RtLedService => service removed successfully
SeaPort => service removed successfully
SoftwareService => service removed successfully
SQLWriter => service removed successfully
Stereo Service => service removed successfully
"HKU\S-1-5-21-4069971480-3308628135-3138954169-1001_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}" => key removed successfully
"HKU\S-1-5-21-4069971480-3308628135-3138954169-1001_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}" => key removed successfully
"HKU\S-1-5-21-4069971480-3308628135-3138954169-1001_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}" => key removed successfully
"HKU\S-1-5-21-4069971480-3308628135-3138954169-1001_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}" => key removed successfully
"HKU\S-1-5-21-4069971480-3308628135-3138954169-1001_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}" => key removed successfully
"HKU\S-1-5-21-4069971480-3308628135-3138954169-1001_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}" => key removed successfully
"HKU\S-1-5-21-4069971480-3308628135-3138954169-1001_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}" => key removed successfully
"HKU\S-1-5-21-4069971480-3308628135-3138954169-1001_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}" => key removed successfully
"HKU\S-1-5-21-4069971480-3308628135-3138954169-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}" => key removed successfully
"HKU\S-1-5-21-4069971480-3308628135-3138954169-1001_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1BD69E0A-8BD6-4A72-89B7-C566531BE531}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1BD69E0A-8BD6-4A72-89B7-C566531BE531}" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Cawlez => key not found. 
"HKLM\System\CurrentControlSet\Control\SafeBoot\Network\sndappv2" => key removed successfully
"HKLM\Software\MozillaPlugins\@pps.tv/npWebPlayer" => key removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@pps.tv/npWebPlayer" => key removed successfully
"HKU\S-1-5-21-4069971480-3308628135-3138954169-1001\Software\MozillaPlugins\@pps.tv/npWebPlayer" => key removed successfully
D:\IQIYI Video\LStyle\npWebPlayer.dll => not found.
 
=========  bitsadmin /reset /allusers =========
 
 
BITSADMIN version 3.0 [ 7.5.7601 ]
BITS administration utility.
© Copyright 2000-2006 Microsoft Corp.
 
BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.
 
Unable to connect to BITS - 0x80080005
Server execution failed
 
 
 
========= End of CMD: =========
 
 
=========  netsh winsock reset catalog =========
 
 
Sucessfully reset the Winsock Catalog.
You must restart the computer in order to complete the reset.
 
 
========= End of CMD: =========
 
 
=========  ipconfig /flushdns =========
 
 
Windows IP Configuration
 
Successfully flushed the DNS Resolver Cache.
 
========= End of CMD: =========
 
 
========= RemoveProxy: =========
 
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully
HKU\S-1-5-21-4069971480-3308628135-3138954169-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\S-1-5-21-4069971480-3308628135-3138954169-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully
 
 
========= End of RemoveProxy: =========
 
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.
EmptyTemp: => 639.6 MB temporary data Removed.
 
 
The system needed a reboot.. 
 
==== End of Fixlog 18:37:21 ====
 
 
2) AdwCleaner log
# AdwCleaner v5.007 - Logfile created 14/09/2015 at 22:06:42
# Updated 08/09/2015 by Xplode
# Database : 2015-09-10.1 [Server]
# Operating system : Windows 7 Home Premium Service Pack 1 (x64)
# Username : John - JOHN-PC
# Running from : C:\Users\John\Desktop\adwcleaner_5.007.exe
# Option : Cleaning
 
***** [ Services ] *****
 
 
***** [ Folders ] *****
 
[-] Folder Deleted : C:\QiYi
[-] Folder Deleted : C:\ProgramData\Partner
[-] Folder Deleted : C:\ProgramData\C82C374F9D6C68040000C82B6F296D43
[-] Folder Deleted : C:\Users\John\AppData\Local\Conduit
[-] Folder Deleted : C:\Users\John\AppData\Local\NativeMessaging
[-] Folder Deleted : C:\Users\John\AppData\Local\WhiteListing
[-] Folder Deleted : C:\Users\John\AppData\LocalLow\Conduit
[-] Folder Deleted : C:\Users\John\AppData\LocalLow\{D2020D47-707D-4E26-B4D9-739C4F4C2E9A}
[-] Folder Deleted : C:\windows\Sysnative\ARFC
[-] Folder Deleted : C:\windows\Sysnative\ljkb
[-] Folder Deleted : C:\windows\SysWOW64\ARFC
[-] Folder Deleted : C:\windows\SysWOW64\WNLT
[-] Folder Deleted : C:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Fighters
 
***** [ Files ] *****
 
[-] File Deleted : C:\END
[-] File Deleted : C:\Program Files (x86)\Mozilla Firefox\user.js
[-] File Deleted : C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_nps.pastaleads.com_0.localstorage
[-] File Deleted : C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_nps.pastaleads.com_0.localstorage-journal
[-] File Deleted : C:\Users\John\AppData\LocalLow\SkwConfig.bin
[-] File Deleted : C:\Users\John\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\???PPS??.LNK
[-] File Deleted : C:\windows\Sysnative\ImhxxpComm.dll
 
***** [ Shortcuts ] *****
 
 
***** [ Scheduled tasks ] *****
 
 
***** [ Registry ] *****
 
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\Extension.DLL
[-] Key Deleted : HKLM\SOFTWARE\Classes\driverscanner
[-] Key Deleted : HKLM\SOFTWARE\Classes\PCProxy.DataContainer
[-] Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
[-] Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
[-] Key Deleted : HKCU\Software\Classes\keepmysearch
[-] Key Deleted : HKLM\SOFTWARE\Classes\qygameclient
[-] Key Deleted : HKLM\SOFTWARE\Classes\HCDNProxy
[-] Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\ogccgbmabaphcakpiclgcnmcnimhokcj
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{9DC8FA51-B596-4F77-802C-5B295919C205}
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B302A1BD-0157-49FA-90F1-4E94F22C7B4B}
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{CFE8AAFD-A0F3-4329-84E9-6B679EC93EC2}
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{425F4ABF-B8E4-402D-9E49-06E494EB8DBF}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3E28F712-0D6C-4EE3-AC8C-8F060F5D7C33}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{533403E2-6E21-4615-9E28-43F4E97E977B}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6CE321DA-DC11-45C6-A0FC-4E8A7D978ABC}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6EEBC7FF-67DA-4B90-9251-C2C5696E4B48}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{74137531-80F7-406F-9543-7D11385FA8C8}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{832599B2-55BF-4437-8F3E-030CF5AEB262}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9B7B034B-944A-4261-B487-862F642F7615}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B1A429DB-FB06-4645-B7C0-0CC405EAD3CD}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C01315C7-B4E2-4864-B43D-5FAFC414D179}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DD67706E-819E-4EBD-BF8D-6D6147CC7A49}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F62A4AF9-58B4-4FEC-89CC-D717A547D8E8}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FB4F6285-4C32-49F2-950F-A5998F9CEC6C}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{085CB97F-6D0B-487D-B94C-E11A736C38CE}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{307B3CDB-9EE3-4137-9D18-F9AD6537ECEB}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5E6A8DA1-5731-465B-B036-B9E16EF26CAC}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5EC7C511-CD0F-42E6-830C-1BD9882F3458}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CF3CDEFB-31BE-43AE-B064-B9C62C883259}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D96C1D26-5CDF-4506-9244-57233C3984DF}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7D8DAE88-BC05-4578-8C29-E541FFBA5757}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{22B0769F-794B-4422-AC84-47B123C8986D}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{255E0B2A-D747-4EEF-B7CE-159D73A3656D}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{28ED590D-F5ED-4E05-A87F-1D759F1C6169}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{45D5B93F-E2ED-4AF2-915E-DCDDBDA8C33C}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{771B99AB-636F-4A11-9039-8DFEB927B061}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A8321AA2-2227-40C7-8525-6C2F4E1B0EBE}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{AA41A731-6814-4A70-A6F1-C0A20FBBFBD5}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{ABBB8A9E-D8AF-40D1-94BE-5175077465FC}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BF737694-56F6-46FA-9FDC-FA99A5B25FAD}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{CFCD164E-8AC9-478E-9ECC-B616A932016C}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D5961CC0-B442-4567-8030-67E241EF4CC2}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E450067F-1C93-41A7-928E-07E5C2EEC680}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F977D9F2-4BDC-44A6-B508-7C0284C61EED}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{48C9C8B0-A546-46C1-A81F-47A31E623E9D}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{B6360BD3-5CD0-40D3-BD87-DAFF37889F50}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{E1D75F62-CBBD-45C7-9D1D-6B5ECEC2E006}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FB4F6285-4C32-49F2-950F-A5998F9CEC6C}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FB4F6285-4C32-49F2-950F-A5998F9CEC6C}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5E6A8DA1-5731-465B-B036-B9E16EF26CAC}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5EC7C511-CD0F-42E6-830C-1BD9882F3458}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FB4F6285-4C32-49F2-950F-A5998F9CEC6C}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{5EC7C511-CD0F-42E6-830C-1BD9882F3458}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{5EC7C511-CD0F-42E6-830C-1BD9882F3458}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{74C36554-31F0-49DD-8857-ED6A64DF45BE}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1E6A8DA1-1731-465B-B036-B9E16EF26CAC}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1E6BE0FB-8B18-4DFC-959F-233651CC4D7F}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2E6A8DA1-2731-465B-B036-B9E16EF26CAC}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{BAC94FEE-45B4-4FD4-9EEA-D8978EC96C6E}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{085CB97F-6D0B-487D-B94C-E11A736C38CE}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{5E6A8DA1-5731-465B-B036-B9E16EF26CAC}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{5EC7C511-CD0F-42E6-830C-1BD9882F3458}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{22B0769F-794B-4422-AC84-47B123C8986D}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{255E0B2A-D747-4EEF-B7CE-159D73A3656D}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{28ED590D-F5ED-4E05-A87F-1D759F1C6169}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{45D5B93F-E2ED-4AF2-915E-DCDDBDA8C33C}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{771B99AB-636F-4A11-9039-8DFEB927B061}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{A8321AA2-2227-40C7-8525-6C2F4E1B0EBE}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{AA41A731-6814-4A70-A6F1-C0A20FBBFBD5}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{ABBB8A9E-D8AF-40D1-94BE-5175077465FC}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{BF737694-56F6-46FA-9FDC-FA99A5B25FAD}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{CFCD164E-8AC9-478E-9ECC-B616A932016C}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{D5961CC0-B442-4567-8030-67E241EF4CC2}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{E450067F-1C93-41A7-928E-07E5C2EEC680}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{F977D9F2-4BDC-44A6-B508-7C0284C61EED}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1E6A8DA1-1731-465B-B036-B9E16EF26CAC}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2E6A8DA1-2731-465B-B036-B9E16EF26CAC}
[-] Key Deleted : HKU\.DEFAULT\Software\IM
[-] Key Deleted : HKU\.DEFAULT\Software\ImInstaller
[-] Key Deleted : HKCU\Software\Conduit
[-] Key Deleted : HKCU\Software\Cr_Installer
[-] Key Deleted : HKCU\Software\IM
[-] Key Deleted : HKCU\Software\ImInstaller
[-] Key Deleted : HKCU\Software\incredibar
[-] Key Deleted : HKCU\Software\InstalledBrowserExtensions
[-] Key Deleted : HKCU\Software\QyGameClient
[-] Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
[-] Key Deleted : HKLM\SOFTWARE\Uniblue
[!] Key Not Deleted : HKLM\SOFTWARE\Uniblue\DriverScanner
[-] Key Deleted : HKLM\SOFTWARE\WNLT
[-] Key Deleted : HKLM\SOFTWARE\Fighters
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IQIYI Video
[!] Key Not Deleted : [x64] HKCU\Software\Conduit
[!] Key Not Deleted : [x64] HKCU\Software\Cr_Installer
[!] Key Not Deleted : [x64] HKCU\Software\IM
[!] Key Not Deleted : [x64] HKCU\Software\ImInstaller
[!] Key Not Deleted : [x64] HKCU\Software\incredibar
[!] Key Not Deleted : [x64] HKCU\Software\InstalledBrowserExtensions
[!] Key Not Deleted : [x64] HKCU\Software\QyGameClient
[!] Key Not Deleted : HKU\S-1-5-21-4069971480-3308628135-3138954169-1001\Software\AppDataLow\Software\Conduit
 
***** [ Web browsers ] *****
 
[-] [C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : aol.com
[-] [C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : ask.com
 
*************************
 
:: Winsock settings cleared
 
########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [10998 bytes] ##########
 
 
3) JRT.txt
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 7.6.1 (09.08.2015:1)
OS: Windows 7 Home Premium x64
Ran by John on Mon 09/14/2015 at 22:19:47.36
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Tasks
 
Successfully deleted: [Task] C:\windows\system32\tasks\MobProtect
Successfully deleted: [Task] C:\windows\system32\tasks\PPSProtect
 
 
 
~~~ Registry Values
 
 
 
~~~ Registry Keys
 
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{22222222-2222-2222-2222-220022502258}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{22222222-2222-2222-2222-220022502258}
 
 
 
~~~ Files
 
Successfully deleted: [File] C:\windows\SysWOW64\sho15A3.tmp
Successfully deleted: [File] C:\windows\SysWOW64\sho2666.tmp
Successfully deleted: [File] C:\windows\SysWOW64\sho471E.tmp
Successfully deleted: [File] C:\windows\SysWOW64\sho4E6E.tmp
Successfully deleted: [File] C:\windows\SysWOW64\shoA739.tmp
Successfully deleted: [File] C:\windows\SysWOW64\shoD5E6.tmp
Successfully deleted: [File] C:\windows\SysWOW64\shoFB6E.tmp
 
 
 
~~~ Folders
 
Successfully deleted: [Folder] C:\Users\John\Appdata\LocalLow\company
Successfully deleted: [Folder] C:\Users\John\AppData\Roaming\ppslog
Successfully deleted: [Folder] C:\Users\Public\qiyi
 
 
 
~~~ FireFox
 
Successfully deleted: [File] C:\user.js
 
 
 
~~~ Chrome
 
 
[C:\Users\John\Appdata\Local\Google\Chrome\User Data\Default\Preferences] - default search provider reset
 
[C:\Users\John\Appdata\Local\Google\Chrome\User Data\Default\Preferences] - Extensions Deleted:
 
[C:\Users\John\Appdata\Local\Google\Chrome\User Data\Default\Secure Preferences] - default search provider reset
 
[C:\Users\John\Appdata\Local\Google\Chrome\User Data\Default\Secure Preferences] - Extensions Deleted:
[]
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Mon 09/14/2015 at 22:22:48.35
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
Thanks!
 

  • 0

#6
zep516
Posted 15 September 2015 - 06:29 AM

zep516

    Trusted Helper

  • Malware Removal
  • 8,093 posts
Hello,
  • Please download Malwarebytes Anti-Malware to your desktop.
  • Double-click mbam-setup-version.exe and follow the prompts to install the program.
  • Launch Malwarebytes Anti-Malware
  • Then click Finish.
  • If an update is found, you will be prompted to download and install the latest version.
  • Once the program has loaded, select Scan now. Or select the Threat Scan from the Scan menu.
  • When the scan is complete , make sure that that all Threats are selected, and click Remove Selected.
  • Reboot your computer if prompted.
Posting the Malwarebytes log.
  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double click on the Scan Log which shows the Date and time of the scan just performed.
  • Click 'Export'.
  • Click 'Text file (*.txt)'
  • In the Save File dialog box which appears, click on Desktop.
  • In the File name: box type a name for your scan log.
  • A message box named 'File Saved' should appear stating "Your file has been successfully exported".
  • Click Ok
  • post that saved log to your next reply.
Thanks
Joe :)
  • 0

#7
horseshoe
Posted 15 September 2015 - 08:07 PM

horseshoe

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 110 posts

Hi Joe,

 

Below is the MBAM scan result.

 

 

Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 9/15/2015
Scan Time: 9:34 PM
Logfile: mbanScan.txt
Administrator: Yes
 
Version: 2.1.8.1057
Malware Database: v2015.09.16.01
Rootkit Database: v2015.08.16.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled
 
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: John
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 354011
Time Elapsed: 19 min, 33 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 2
PUP.Optional.Montiera, C:\Program Files (x86)\ishop\ishop\1.4.2.4\ishop.exe, 3912, Delete-on-Reboot, [fe93ec44434845f194157b514fb58f71]
PUP.Optional.Montiera, C:\Program Files (x86)\ishop\ishop\1.4.2.4\ishopup.exe, 5204, Delete-on-Reboot, [fe93ec44434845f194157b514fb58f71]
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 2
PUP.Optional.Montiera, HKU\S-1-5-21-4069971480-3308628135-3138954169-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\ishop, Quarantined, [fe93ec44434845f194157b514fb58f71], 
PUP.Optional.KeepMySearch, HKU\S-1-5-21-4069971480-3308628135-3138954169-1001_Classes\keepmysearch, Quarantined, [1c759f91454653e38a37049955af9f61], 
 
Registry Values: 1
PUP.Optional.Montiera, HKU\S-1-5-21-4069971480-3308628135-3138954169-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|i-Shop, C:\Program Files (x86)\ishop\ishop\1.4.2.4\ishop.exe, Quarantined, [fe93ec44434845f194157b514fb58f71]
 
Registry Data: 0
(No malicious items detected)
 
Folders: 2
PUP.Optional.Montiera, C:\Program Files (x86)\ishop\ishop\1.4.2.4, Delete-on-Reboot, [fe93ec44434845f194157b514fb58f71], 
PUP.Optional.Montiera, C:\Program Files (x86)\ishop\ishop, Delete-on-Reboot, [fe93ec44434845f194157b514fb58f71], 
 
Files: 8
PUP.Optional.PastaLeads, C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_nps.pastaleads.com_0.localstorage, Delete-on-Reboot, [7f12f7394a41da5c87a5f5b53fc546ba], 
PUP.Optional.PastaLeads, C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_nps.pastaleads.com_0.localstorage-journal, Delete-on-Reboot, [dbb6b080107b51e55ece6c3e5fa5728e], 
PUP.Optional.Montiera, C:\Program Files (x86)\ishop\ishop\1.4.2.4\app.ini, Quarantined, [fe93ec44434845f194157b514fb58f71], 
PUP.Optional.Montiera, C:\Program Files (x86)\ishop\ishop\1.4.2.4\ishop.exe, Delete-on-Reboot, [fe93ec44434845f194157b514fb58f71], 
PUP.Optional.Montiera, C:\Program Files (x86)\ishop\ishop\1.4.2.4\ishopup.exe, Delete-on-Reboot, [fe93ec44434845f194157b514fb58f71], 
PUP.Optional.Montiera, C:\Program Files (x86)\ishop\ishop\1.4.2.4\kcbocfc4.dll, Quarantined, [fe93ec44434845f194157b514fb58f71], 
PUP.Optional.Montiera, C:\Program Files (x86)\ishop\ishop\1.4.2.4\res.dll, Quarantined, [fe93ec44434845f194157b514fb58f71], 
PUP.Optional.Montiera, C:\Program Files (x86)\ishop\ishop\updt.js, Quarantined, [fe93ec44434845f194157b514fb58f71], 
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)
 
 
Thanks!

  • 0

#8
zep516
Posted 15 September 2015 - 08:38 PM

zep516

    Trusted Helper

  • Malware Removal
  • 8,093 posts
Hello,

What issues remain and in what browser do they occur in ?

Thanks
Joe :)
  • 0

#9
horseshoe
Posted 17 September 2015 - 08:00 PM

horseshoe

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 110 posts

Hi Joe,

 

 

I used IE, Firefox and Chrome and all these browsers had the same issue.

Now I don't see any unwanted pop up any more.

 

Thank you very very much for your help and time!

 

Best regards,

 

Amy


  • 0

#10
zep516
Posted 17 September 2015 - 08:07 PM

zep516

    Trusted Helper

  • Malware Removal
  • 8,093 posts
You're welcome.

One last detail to do, defix Will remove all tools we downloaded and log files created.

Please follow through, then we close the topic.

Download DelFix by Xplode and save it to your desktop.
  • Run the tool by right click on the 51a5ce45263de-delfix.png icon and Run as administrator option.
  • Make sure that these ones are checked:
    • Remove disinfection tools
    • Purge system restore
    • Reset system settings
  • Push Run.
  • The program will run for a few seconds and display a notepad report.
    Paste it for my review.

  • 0

#11
horseshoe
Posted 20 September 2015 - 07:42 PM

horseshoe

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 110 posts

Hi Joe,

 

Sorry for the delay, I was out of town with limited access to my computer. below is the scan result. Thanks!

 

# DelFix v1.011 - Logfile created 20/09/2015 at 21:37:22
# Updated 18/08/2015 by Xplode
# Username : John - JOHN-PC
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
 
~ Removing disinfection tools ...
 
Deleted : C:\FRST
Deleted : C:\AdwCleaner
Deleted : C:\Users\John\Desktop\Addition.txt
Deleted : C:\Users\John\Desktop\adwcleaner_5.007.exe
Deleted : C:\Users\John\Desktop\Fixlog.txt
Deleted : C:\Users\John\Desktop\FRST.txt
Deleted : C:\Users\John\Desktop\FRST64.exe
Deleted : C:\Users\John\Desktop\JRT.txt
Deleted : C:\Users\John\Downloads\JRT.exe
Deleted : HKLM\SOFTWARE\AdwCleaner
 
~ Cleaning system restore ...
 
Deleted : RP #213 [Scheduled Checkpoint | 08/10/2015 17:17:35]
Deleted : RP #214 [Scheduled Checkpoint | 08/30/2015 15:53:50]
Deleted : RP #215 [Scheduled Checkpoint | 09/06/2015 18:01:23]
Deleted : RP #217 [Restore Point Created by FRST | 09/14/2015 22:36:24]
Deleted : RP #218 [JRT Pre-Junkware Removal | 09/15/2015 02:19:50]
 
New restore point created !
 
~ Resetting system settings ... OK
 
########## - EOF - ##########

  • 0

#12
zep516
Posted 20 September 2015 - 07:57 PM

zep516

    Trusted Helper

  • Malware Removal
  • 8,093 posts
Very good! We will close the topic now.

You usually get infected because your security settings are too low.

Here are a number of recommendations that will help tighten them, and which will contribute to making you a less likely victim:

Safe Computing Practices please read Here


Since this issue appears to be resolved ... this Topic has been closed. Glad we could help.

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.

Thanks
Joe :)
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP