Fix result of Farbar Recovery Scan Tool (x86) Version:02-08-2015 01 Ran by Alex (2015-08-05 13:52:48) Run:1 Running from C:\Users\Alex\Desktop Loaded Profiles: Alex (Available Profiles: Alex) Boot Mode: Normal ============================================== fixlist content: ***************** CustomCLSID: HKU\S-1-5-21-3050552178-2778190213-2786081387-1000_Classes\CLSID\{5EC7C511-CD0F-42E6-830C-1BD9882F3458}\InprocServer32 -> C:\IQIYI Video\LStyle\npWebPlayer.dll (?????) CustomCLSID: HKU\S-1-5-21-3050552178-2778190213-2786081387-1000_Classes\CLSID\{61CED8F3-2CB2-4C3C-9484-7530E1127A58}\InprocServer32 -> C:\IQIYI Video\LStyle\npWebPlayer.dll (?????) CustomCLSID: HKU\S-1-5-21-3050552178-2778190213-2786081387-1000_Classes\CLSID\{D96C1D26-5CDF-4506-9244-57233C3984DF}\InprocServer32 -> C:\IQIYI Video\LStyle\npWebPlayer.dll (?????) CustomCLSID: HKU\S-1-5-21-3050552178-2778190213-2786081387-1000_Classes\CLSID\{F28C2F70-47DE-4EA5-8F6D-7D1476CD1EF5}\localserver32 -> C:\Users\Alex\AppData\Local\Temp\DBE8\temp\_mp4hentai__Xpress_Train_-_01_uncen.exe () CustomCLSID: HKU\S-1-5-21-3050552178-2778190213-2786081387-1000_Classes\CLSID\{F3D0D36F-23F8-4682-A195-74C92B03D4AF-NOT}\InprocServer32 -> C:\IQIYI Video\LStyle\npWebPlayer.dll (?????) C:\IQIYI Video Task: {0C5AD787-6310-4964-AA62-9A07ED531145} - System32\Tasks\65b1263e-e246-43e3-bf46-21dd1ae42b63-5_user => C:\Program Files\CinemaPlus-3.2cV17.07\65b1263e-e246-43e3-bf46-21dd1ae42b63-5.exe <==== ATTENTION Task: {116CFB13-97FB-42D8-90F4-B7C837941460} - System32\Tasks\temp_337fb1ed-f59b-4815-8de7-a0b476c310ca-6 => C:\Program Files\CinemaPlus-3.2cV02.06\337fb1ed-f59b-4815-8de7-a0b476c310ca-6.exe <==== ATTENTION Task: {15F72CA7-88CC-407B-B1C3-782161B803DA} - System32\Tasks\60361efe-6fea-4d98-864b-9930a4c4dfc4-3 => C:\Program Files\CinemaPlus-3.2cV26.07\60361efe-6fea-4d98-864b-9930a4c4dfc4-3.exe <==== ATTENTION Task: {18C672B1-C3DC-446D-9070-43E25E532E7D} - System32\Tasks\60361efe-6fea-4d98-864b-9930a4c4dfc4-5_user => C:\Program Files\CinemaPlus-3.2cV26.07\60361efe-6fea-4d98-864b-9930a4c4dfc4-5.exe <==== ATTENTION Task: {1D4B2C7D-DF82-4733-8719-3ACE2572928F} - System32\Tasks\vKj2JFxHqfv9WOGtUya => C:\Users\Alex\AppData\Roaming\vKj2JFxHqfv9WOGtUya.exe <==== ATTENTION Task: {212D48E4-C298-4AF0-9FE9-C5C7EAF3D911} - System32\Tasks\f706a8f7-287f-4a40-893c-ca55c01ea0aa-1-6 => C:\Program Files\CinemaPlus-3.2cV29.07\f706a8f7-287f-4a40-893c-ca55c01ea0aa-1-6.exe <==== ATTENTION Task: {3687B27E-9BD9-4C08-8601-58AC50F45B00} - System32\Tasks\d131932d-2bfb-4f57-94fc-116f683bacae-1-6 => C:\Program Files\CinemaPlus-3.2cV06.07\d131932d-2bfb-4f57-94fc-116f683bacae-1-6.exe <==== ATTENTION Task: {389D93F7-B2AA-4A23-A411-9CAD41635E80} - System32\Tasks\f706a8f7-287f-4a40-893c-ca55c01ea0aa-6 => C:\Program Files\CinemaPlus-3.2cV29.07\f706a8f7-287f-4a40-893c-ca55c01ea0aa-6.exe <==== ATTENTION Task: {44BB6A88-519B-416A-8A71-22D73D75007D} - System32\Tasks\{4568873B-B6AC-429C-A271-F397F6F36772} => pcalua.exe -a C:\Users\Alex\AppData\Roaming\mystartsearch\UninstallManager.exe -c -ptid=cmi Task: {4527E12E-B199-4323-843D-F287AF8FE350} - System32\Tasks\temp_60361efe-6fea-4d98-864b-9930a4c4dfc4-10_user => C:\Program Files\CinemaPlus-3.2cV26.07\60361efe-6fea-4d98-864b-9930a4c4dfc4-10.exe <==== ATTENTION Task: {5332EE0B-4583-4BDF-9BE0-7ECE88513F12} - System32\Tasks\temp_51515474-c5d1-462f-906c-9d2743e452f1-10_user => C:\Program Files\CinemaPlus-4.2vV03.07\51515474-c5d1-462f-906c-9d2743e452f1-10.exe <==== ATTENTION Task: {54A799C9-0B93-4FAA-8015-E792A195C566} - System32\Tasks\temp_51515474-c5d1-462f-906c-9d2743e452f1-1-6 => C:\Program Files\CinemaPlus-4.2vV03.07\51515474-c5d1-462f-906c-9d2743e452f1-1-6.exe <==== ATTENTION Task: {55C37305-7F4F-4DA8-98E4-0CB75880A050} - System32\Tasks\RsDelayLauncher_{8A34248E-7D35-4832-8378-7659E0B0A380} => C:\PROGRAM FILES\RISING\RAV\rsdelaylauncher.exe [2014-05-15] (Beijing Rising Information Technology Co., Ltd.) Task: {56D3AC46-C95A-4631-85CB-E2D0EF292650} - System32\Tasks\f706a8f7-287f-4a40-893c-ca55c01ea0aa-5_user => C:\Program Files\CinemaPlus-3.2cV29.07\f706a8f7-287f-4a40-893c-ca55c01ea0aa-5.exe <==== ATTENTION Task: {57B588F8-D837-44E5-8796-8BF32FB8FE03} - System32\Tasks\65b1263e-e246-43e3-bf46-21dd1ae42b63-5 => C:\Program Files\CinemaPlus-3.2cV17.07\65b1263e-e246-43e3-bf46-21dd1ae42b63-5.exe <==== ATTENTION Task: {5DE3752D-827B-4F49-8743-D1E937547BE1} - System32\Tasks\globalUpdateUpdateTaskMachineUA => C:\Program Files\globalUpdate\Update\globalupdate.exe <==== ATTENTION Task: {6116FF07-EE30-401A-B1D2-84235B0BDE17} - System32\Tasks\d131932d-2bfb-4f57-94fc-116f683bacae-6 => C:\Program Files\CinemaPlus-3.2cV06.07\d131932d-2bfb-4f57-94fc-116f683bacae-6.exe <==== ATTENTION Task: {7619C814-76BD-422D-BE0D-884FB54958B3} - System32\Tasks\Crossbrowse => C:\Program Files\Crossbrowse\Crossbrowse\Application\utility.exe <==== ATTENTION Task: {78ED8342-617E-452E-9494-FC60B9B7373B} - System32\Tasks\d131932d-2bfb-4f57-94fc-116f683bacae-1-7 => C:\Program Files\CinemaPlus-3.2cV06.07\d131932d-2bfb-4f57-94fc-116f683bacae-1-7.exe <==== ATTENTION Task: {7966E7A1-0D33-4392-A6B7-F252B207E23D} - System32\Tasks\temp_337fb1ed-f59b-4815-8de7-a0b476c310ca-1-6 => C:\Program Files\CinemaPlus-3.2cV02.06\337fb1ed-f59b-4815-8de7-a0b476c310ca-1-6.exe <==== ATTENTION Task: {7A24EF2D-0668-40A5-B880-149E9B6114BD} - System32\Tasks\d131932d-2bfb-4f57-94fc-116f683bacae-10_user => C:\Program Files\CinemaPlus-3.2cV06.07\d131932d-2bfb-4f57-94fc-116f683bacae-10.exe <==== ATTENTION Task: {8237BCEE-23C9-4AC0-A390-A095AE805B9E} - System32\Tasks\X82FxyOAlfq82FaPhMv => C:\Users\Alex\AppData\Roaming\X82FxyOAlfq82FaPhMv.exe [2015-04-20] () <==== ATTENTION Task: {93E88428-3A04-48AC-8B7F-C98100C15300} - System32\Tasks\Bidaily Synchronize Task[973b] => c:\programdata\{c52147f3-0b53-8214-c521-147f30b51fcc}\_mp4hentai__xpress_train_-_01_uncen.exe <==== ATTENTION Task: {969CEF98-A85A-4F3B-A11A-BA8755387B84} - System32\Tasks\d131932d-2bfb-4f57-94fc-116f683bacae-5_user => C:\Program Files\CinemaPlus-3.2cV06.07\d131932d-2bfb-4f57-94fc-116f683bacae-5.exe <==== ATTENTION Task: {9A3CBD60-3012-47B7-8B69-9294641CAAD1} - System32\Tasks\60361efe-6fea-4d98-864b-9930a4c4dfc4-1-6 => C:\Program Files\CinemaPlus-3.2cV26.07\60361efe-6fea-4d98-864b-9930a4c4dfc4-1-6.exe <==== ATTENTION Task: {9CBA5ABC-E905-4DFB-8287-9D70CFE38375} - System32\Tasks\f706a8f7-287f-4a40-893c-ca55c01ea0aa-10_user => C:\Program Files\CinemaPlus-3.2cV29.07\f706a8f7-287f-4a40-893c-ca55c01ea0aa-10.exe <==== ATTENTION Task: {9F578E4C-647E-4623-BC6C-3CA908835E17} - System32\Tasks\Bidaily Synchronize Task[74c7] => c:\programdata\{2f8a2b62-bee9-309f-2f8a-a2b62beead8a}\hqghumeaylnlf.exe <==== ATTENTION Task: {A0F2CB5D-F701-4159-98FA-70D218020436} - System32\Tasks\65b1263e-e246-43e3-bf46-21dd1ae42b63-1-6 => C:\Program Files\CinemaPlus-3.2cV17.07\65b1263e-e246-43e3-bf46-21dd1ae42b63-1-6.exe <==== ATTENTION Task: {AE770A31-69A5-46EB-9E7F-06D2A6D8AC09} - System32\Tasks\f706a8f7-287f-4a40-893c-ca55c01ea0aa-7 => C:\Program Files\CinemaPlus-3.2cV29.07\f706a8f7-287f-4a40-893c-ca55c01ea0aa-7.exe <==== ATTENTION Task: {CD8F0AE4-FA7A-43F5-95A5-E1D1D171F46A} - System32\Tasks\f706a8f7-287f-4a40-893c-ca55c01ea0aa-1-7 => C:\Program Files\CinemaPlus-3.2cV29.07\f706a8f7-287f-4a40-893c-ca55c01ea0aa-1-7.exe <==== ATTENTION Task: {DE925C0A-9AF7-401A-BC7A-33679051EE95} - System32\Tasks\globalUpdateUpdateTaskMachineCore => C:\Program Files\globalUpdate\Update\globalupdate.exe <==== ATTENTION Task: {EC9F0473-0F49-4557-8EE6-35E82FA60BC9} - System32\Tasks\temp_f706a8f7-287f-4a40-893c-ca55c01ea0aa-1-6 => C:\Program Files\CinemaPlus-3.2cV29.07\f706a8f7-287f-4a40-893c-ca55c01ea0aa-1-6.exe <==== ATTENTION Task: {EEE33474-BDAA-40D7-903E-806959CBF39E} - System32\Tasks\65b1263e-e246-43e3-bf46-21dd1ae42b63-6 => C:\Program Files\CinemaPlus-3.2cV17.07\65b1263e-e246-43e3-bf46-21dd1ae42b63-6.exe <==== ATTENTION Task: {F209F725-51CB-4022-B07F-D0080C8A05F3} - System32\Tasks\f706a8f7-287f-4a40-893c-ca55c01ea0aa-5 => C:\Program Files\CinemaPlus-3.2cV29.07\f706a8f7-287f-4a40-893c-ca55c01ea0aa-5.exe <==== ATTENTION Task: {F4AF0E7E-6517-421D-AE8A-A64C10741B9E} - System32\Tasks\GoogleUpdateTaskMachineUA1d09a038b4810b3 => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-05-29] (Google Inc.) Task: {FF4DAA8E-F16E-4E24-8F10-16E11B1B9FEE} - System32\Tasks\SmartWeb Upgrade Trigger Task => C:\Users\Alex\AppData\Local\SmartWeb\SmartWebHelper.exe <==== ATTENTION Task: C:\Windows\Tasks\Bidaily Synchronize Task[74c7].job => c:\programdata\{2f8a2b62-bee9-309f-2f8a-a2b62beead8a}\hqghumeaylnlf.exe <==== ATTENTION Task: C:\Windows\Tasks\Bidaily Synchronize Task[973b].job => c:\programdata\{c52147f3-0b53-8214-c521-147f30b51fcc}\_mp4hentai__xpress_train_-_01_uncen.exe <==== ATTENTION Task: C:\Windows\Tasks\Crossbrowse.job => C:\Program Files\Crossbrowse\Crossbrowse\Application\utility.exe <==== ATTENTION Task: C:\Windows\Tasks\globalUpdateUpdateTaskMachineCore.job => C:\Program Files\globalUpdate\Update\globalupdate.exe <==== ATTENTION Task: C:\Windows\Tasks\globalUpdateUpdateTaskMachineUA.job => C:\Program Files\globalUpdate\Update\globalupdate.exe <==== ATTENTION C:\Program Files\globalUpdate Task: C:\Windows\Tasks\vKj2JFxHqfv9WOGtUya.job => C:\Users\Alex\AppData\Roaming\vKj2JFxHqfv9WOGtUya.exe <==== ATTENTION Task: C:\Windows\Tasks\X82FxyOAlfq82FaPhMv.job => C:\Users\Alex\AppData\Roaming\X82FxyOAlfq82FaPhMv.exe <==== ATTENTION C:\Users\Alex\AppData\Roaming\X82FxyOAlfq82FaPhMv.exe C:\Users\Alex\AppData\Roaming\vKj2JFxHqfv9WOGtUya.exe C:\Program Files\Crossbrowse c:\programdata\{c52147f3-0b53-8214-c521-147f30b51fcc} c:\programdata\{2f8a2b62-bee9-309f-2f8a-a2b62beead8a} C:\Users\Alex\AppData\Local\SmartWeb C:\Program Files\CinemaPlus-3.2cV29.07 C:\PROGRAM FILES\RISING C:\Users\Alex\AppData\Roaming\mystartsearch C:\ProgramData\iWinManProi C:\Program Files\MiuiTab C:\Program Files\baidu HKLM\...\Run: [RSDTRAY] => C:\Program Files\Rising\RSD\popwndexe.exe [126808 2012-09-25] (Beijing Rising Information Technology Co., Ltd.) HKLM\...\Run: [RavTRAY] => C:\Program Files\Rising\RAV\RSTRAY.EXE [111000 2014-05-15] (Beijing Rising Information Technology Co., Ltd.) HKU\S-1-5-21-3050552178-2778190213-2786081387-1000\...\Run: [GoogleChromeAutoLaunch_3281FCF30DCFA21CFEF4D2ECFEF8608D] => "C:\Program Files\Crossbrowse\Crossbrowse\Application\crossbrowse.exe" --no-startup-window HKU\S-1-5-21-3050552178-2778190213-2786081387-1000\...\Run: [apphide] => C:\Program Files\baidu\baidu.exe [69632 2015-07-22] () HKU\S-1-5-21-3050552178-2778190213-2786081387-1000\...\Run: [HCDNClient] => C:\IQIYI Video\Common\QyKernel.exe [576104 2015-05-12] (iQIYI.COM) CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hao123.co...98388105_hao_pg HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.istartsur...q={searchTerms} HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.istartsur...M3DXXXX9QM22M3D HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.istartsur...q={searchTerms} HKU\S-1-5-21-3050552178-2778190213-2786081387-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.mystartse...q={searchTerms} HKU\S-1-5-21-3050552178-2778190213-2786081387-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hao123.co...98388105_hao_pg HKU\S-1-5-21-3050552178-2778190213-2786081387-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.istartsur...M3DXXXX9QM22M3D HKU\S-1-5-21-3050552178-2778190213-2786081387-1000\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.mystartse...q={searchTerms} SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.istartsur...q={searchTerms} SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.istartsur...q={searchTerms} SearchScopes: HKU\S-1-5-21-3050552178-2778190213-2786081387-1000 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.istartsur...q={searchTerms} SearchScopes: HKU\S-1-5-21-3050552178-2778190213-2786081387-1000 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.istartsur...q={searchTerms} BHO: Rising Web Helper -> {14A5E567-034B-471A-89D8-598A6A93B24B} -> C:\Program Files\Rising\RAV\rsscrbho.dll [2012-11-13] (Beijing Rising Information Technology Co., Ltd.) BHO: °®ĆćŇŐÖúĘÖ -> {FB4F6285-4C32-49F2-950F-A5998F9CEC6C} -> C:\IQIYI Video\Common\Accelerator\IEHelper.dll [2015-04-29] (???) StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe http://www.mystartse...M3DXXXX9QM22M3D FF Plugin: @iqiyi.com/npclient -> C:\IQIYI Video\LStyle\npclient.dll [2015-05-12] () FF Plugin: @iqiyi.com/npWebPlayer -> C:\IQIYI Video\LStyle\npWebPlayer.dll [2015-04-29] (?????) FF Plugin: @qq.com/QQPCMgr -> C:\Program Files\Tencent\QQPCMgr\10.7.16066.216\npQMExtensionsMozilla.dll [2015-08-04] (Tencent Technology (Shenzhen) Company Limited) FF Plugin: @rising.com.cn/nprising -> C:\Program Files\Rising\RAV\nprising.dll [2013-06-27] (Beijing Rising Information Technology Co., Ltd.) FF Plugin: @staging.google.com/globalUpdate Update;version=10 -> C:\Program Files\globalUpdate\Update\1.3.25.0\npglobalupdateUpdate4.dll No File FF Plugin: @staging.google.com/globalUpdate Update;version=4 -> C:\Program Files\globalUpdate\Update\1.3.25.0\npglobalupdateUpdate4.dll No File FF Plugin HKU\S-1-5-21-3050552178-2778190213-2786081387-1000: @iqiyi.com/npWebPlayer -> C:\IQIYI Video\LStyle\npWebPlayer.dll [2015-04-29] (?????) FF Plugin HKU\S-1-5-21-3050552178-2778190213-2786081387-1000: @rising.com.cn/nprising -> C:\Program Files\Rising\RAV\nprising.dll [2013-06-27] (Beijing Rising Information Technology Co., Ltd.) R2 IHProtect Service; C:\Program Files\MiuiTab\ProtectService.exe [125112 2015-07-30] (XTab system) R2 QQPCRTP; C:\Program Files\Tencent\QQPCMgr\10.7.16066.216\QQPCRTP.exe [297608 2015-08-04] (Tencent) C:\Program Files\Tencent R2 RsMgrSvc; C:\Program Files\Rising\RSD\RsMgrSvc.exe [179992 2014-09-02] (Beijing Rising Information Technology Co., Ltd.) R2 RsRavMon; C:\Program Files\Rising\RAV\ravmond.exe [277552 2014-05-15] (Beijing Rising Information Technology Co., Ltd.) R3 TAOFrame; C:\Program Files\Tencent\QQPCMgr\10.7.16066.216\TAOFrame.exe [293728 2015-08-04] (Tencent) R2 WindowsMangerProtect; C:\ProgramData\iWinManProi\ProtectWindowsManager.exe [708264 2015-08-01] (DTools LIMITED) <==== ATTENTION R2 copofute; C:\Program Files\00000000-1433171668-0000-0000-1C6F6547AC60\knsr96FA.tmp [X] R2 fivyzipo; C:\Users\Alex\AppData\Roaming\00000000-1433171668-0000-0000-1C6F6547AC60\hnsgA1ED.tmp [X] S2 globalUpdate; C:\Program Files\globalUpdate\Update\globalupdate.exe /svc [X] <==== ATTENTION S3 globalUpdatem; C:\Program Files\globalUpdate\Update\globalupdate.exe /medsvc [X] <==== ATTENTION S2 tyvozyno; C:\Users\Alex\AppData\Roaming\00000000-1433171668-0000-0000-1C6F6547AC60\jnsb8CC6.tmp [X] C:\Users\Alex\AppData\Roaming\00000000-1433171668-0000-0000-1C6F6547AC60 C:\Program Files\00000000-1433171668-0000-0000-1C6F6547AC60 R1 kguard; C:\Windows\System32\DRIVERS\kguard.sys [68376 2014-05-14] (Beijing Rising Information Technology Co., Ltd.) R1 QMIEProtect; C:\Program Files\Tencent\QQPCMgr\10.7.16066.216\QMIEProtect.sys [49080 2015-08-04] () R1 QMUdisk; C:\Program Files\Tencent\QQPCMgr\10.7.16066.216\QMUdisk.sys [60600 2015-08-04] (Tencent) S1 QQPCHelper; C:\Program Files\Tencent\QQPCMgr\10.7.16066.216\QQPCHelper.sys [22360 2015-08-04] (Tencent) R2 QQSysMon; C:\Program Files\Tencent\QQPCMgr\10.7.16066.216\QQSysMon.sys [108344 2015-08-04] (????) R2 rsdsys; C:\Windows\system32\drivers\protreg.sys [24120 2014-05-28] (Beijing Rising Information Technology Co., Ltd.) R1 rsutils; C:\Windows\System32\DRIVERS\rsutils.sys [58664 2014-08-15] (Beijing Rising Information Technology Co., Ltd.) R0 sysmon; C:\Windows\System32\DRIVERS\sysmon.sys [156144 2014-09-10] (Beijing Rising Information Technology Co., Ltd.) R2 TAOAccelerator; C:\Windows\system32\Drivers\TAOAccelerator.sys [77016 2015-08-04] (Tencent) R1 TAOKernelDriver; C:\Windows\System32\Drivers\TAOKernel.sys [138552 2015-08-04] (Tencent Technology(Shenzhen) Company Limited) R3 TFsFlt; C:\Windows\System32\Drivers\TFsFlt.sys [149944 2015-08-04] (????) R3 TS888; C:\Program Files\Tencent\QQPCMgr\10.7.16066.216\TS888.sys [30392 2015-08-04] (Tencent) R1 TSCPM; C:\Program Files\Tencent\QQPCMgr\10.7.16066.216\tscpm.sys [43448 2015-08-04] (????) R1 TSDefenseBt; C:\Windows\System32\DRIVERS\TSDefenseBt.sys [14008 2015-08-04] (Tencent) R0 TsFltMgr; C:\Windows\System32\drivers\TsFltMgr.sys [128120 2015-08-04] (????) R1 TSKSP; C:\Program Files\Tencent\QQPCMgr\10.7.16066.216\TSKsp.sys [204312 2015-08-04] (????) R1 TSSysKit; C:\Program Files\Tencent\QQPCMgr\10.7.16066.216\TSSysKit.sys [101560 2015-08-04] (????) S1 innfd_1_10_0_14; system32\drivers\innfd_1_10_0_14.sys [X] S1 wsafd_1_10_0_19; system32\drivers\wsafd_1_10_0_19.sys [X] C:\Windows\system32\Drivers\TS888.sys 2015-08-04 10:37 - 2015-08-04 10:37 - 00000000 ____D C:\ProgramData\TXQMPC 2015-08-04 10:09 - 2015-08-04 10:09 - 00000132 __RSH C:\rising.ini 2015-08-04 10:09 - 2015-08-04 10:09 - 00000122 _____ C:\Windows\system32\BsMain.ini 2015-08-04 10:09 - 2015-08-04 10:09 - 00000000 ___RD C:\RavBin 2015-08-04 10:09 - 2014-09-10 08:11 - 00156144 ____N (Beijing Rising Information Technology Co., Ltd.) C:\Windows\system32\Drivers\sysmon.sys 2015-08-04 10:09 - 2014-08-15 03:22 - 00058664 ____N (Beijing Rising Information Technology Co., Ltd.) C:\Windows\system32\Drivers\rsutils.sys 2015-08-04 10:09 - 2014-07-30 04:44 - 00091928 ____N (Beijing Rising Information Technology Co., Ltd.) C:\Windows\system32\vpatch.dll 2015-08-04 10:09 - 2014-05-14 04:02 - 00068376 ____N (Beijing Rising Information Technology Co., Ltd.) C:\Windows\system32\Drivers\kguard.sys 2015-08-04 10:09 - 2013-12-30 09:33 - 00256280 ____N (Beijing Rising Information Technology Co., Ltd.) C:\Windows\system32\ravext.dll 2015-08-04 10:09 - 2012-09-06 02:30 - 00240472 ____N (Beijing Rising Information Technology Co., Ltd.) C:\Windows\system32\bsmain.exe 2015-08-04 10:09 - 2012-02-29 09:49 - 00010808 ____N (Beijing Rising Information Technology Co., Ltd.) C:\Windows\system32\Drivers\rsndisp.sys 2015-08-04 10:08 - 2015-08-04 10:09 - 00000000 ____D C:\ProgramData\Rising 2015-08-04 10:08 - 2015-08-04 10:08 - 00000000 ____D C:\Program Files\Rising 2015-08-04 10:08 - 2014-05-28 09:37 - 00024120 ____N (Beijing Rising Information Technology Co., Ltd.) C:\Windows\system32\Drivers\protreg.sys 2015-08-04 10:07 - 2015-08-04 10:06 - 00138552 _____ (Tencent Technology(Shenzhen) Company Limited) C:\Windows\system32\Drivers\TAOKernel.sys 2015-08-04 10:07 - 2015-08-04 10:06 - 00077016 _____ (Tencent) C:\Windows\system32\Drivers\TAOAccelerator.sys 2015-08-04 10:07 - 2015-08-04 10:06 - 00014008 _____ (Tencent) C:\Windows\system32\Drivers\TSDefenseBt.sys 2015-08-04 10:06 - 2015-08-04 10:51 - 00000000 ____D C:\Users\Alex\AppData\Roaming\Tencent 2015-08-04 10:06 - 2015-08-04 10:51 - 00000000 ____D C:\ProgramData\Tencent 2015-08-04 10:06 - 2015-08-04 10:07 - 00000000 ____D C:\Program Files\Common Files\Tencent 2015-08-04 10:06 - 2015-08-04 10:06 - 00149944 _____ (????) C:\Windows\system32\Drivers\TFsFlt.sys 2015-08-04 10:06 - 2015-08-04 10:06 - 00128120 _____ (????) C:\Windows\system32\Drivers\TsFltMgr.sys 2015-08-04 10:06 - 2015-08-04 10:06 - 00000000 ____D C:\Users\Alex\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\???? 2015-08-04 10:06 - 2015-08-04 10:06 - 00000000 ____D C:\Program Files\Tencent 2015-08-04 09:35 - 2015-08-04 09:35 - 00000000 ____D C:\Users\Alex\AppData\Local\SysassistByHotWheel 2015-08-04 09:34 - 2015-08-04 11:07 - 00000000 ____D C:\Users\Alex\AppData\Local\Unity 2015-08-04 09:33 - 2015-08-04 11:07 - 00000000 ____D C:\ProgramData\IQIYI Video 2015-08-04 09:33 - 2015-08-04 11:03 - 00000000 ____D C:\Users\Alex\AppData\Roaming\IQIYI Video 2015-08-04 09:33 - 2015-08-04 11:02 - 00000000 ____D C:\IQIYI Video 2015-08-04 09:33 - 2015-08-04 09:33 - 00000000 ____D C:\Users\Public\QiYi C:\ProgramData\6WinManPro6 Reg: reg delete "HKU\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes" /f Reg: reg delete "HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes" /f Reg: reg delete "HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes" /f EmptyTemp: ***************** "HKU\S-1-5-21-3050552178-2778190213-2786081387-1000_Classes\CLSID\{5EC7C511-CD0F-42E6-830C-1BD9882F3458}" => key removed successfully. "HKU\S-1-5-21-3050552178-2778190213-2786081387-1000_Classes\CLSID\{61CED8F3-2CB2-4C3C-9484-7530E1127A58}" => key removed successfully. "HKU\S-1-5-21-3050552178-2778190213-2786081387-1000_Classes\CLSID\{D96C1D26-5CDF-4506-9244-57233C3984DF}" => key removed successfully. "HKU\S-1-5-21-3050552178-2778190213-2786081387-1000_Classes\CLSID\{F28C2F70-47DE-4EA5-8F6D-7D1476CD1EF5}" => key removed successfully. "HKU\S-1-5-21-3050552178-2778190213-2786081387-1000_Classes\CLSID\{F3D0D36F-23F8-4682-A195-74C92B03D4AF-NOT}" => key removed successfully. "C:\IQIYI Video" folder move: Could not move "C:\IQIYI Video" => Scheduled to move on reboot. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0C5AD787-6310-4964-AA62-9A07ED531145}" => key removed successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0C5AD787-6310-4964-AA62-9A07ED531145}" => key removed successfully. C:\Windows\System32\Tasks\65b1263e-e246-43e3-bf46-21dd1ae42b63-5_user => moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\65b1263e-e246-43e3-bf46-21dd1ae42b63-5_user" => key removed successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{116CFB13-97FB-42D8-90F4-B7C837941460}" => key removed successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{116CFB13-97FB-42D8-90F4-B7C837941460}" => key removed successfully. C:\Windows\System32\Tasks\temp_337fb1ed-f59b-4815-8de7-a0b476c310ca-6 => moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\temp_337fb1ed-f59b-4815-8de7-a0b476c310ca-6" => key removed successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{15F72CA7-88CC-407B-B1C3-782161B803DA}" => key removed successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{15F72CA7-88CC-407B-B1C3-782161B803DA}" => key removed successfully. C:\Windows\System32\Tasks\60361efe-6fea-4d98-864b-9930a4c4dfc4-3 => moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\60361efe-6fea-4d98-864b-9930a4c4dfc4-3" => key removed successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{18C672B1-C3DC-446D-9070-43E25E532E7D}" => key removed successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{18C672B1-C3DC-446D-9070-43E25E532E7D}" => key removed successfully. C:\Windows\System32\Tasks\60361efe-6fea-4d98-864b-9930a4c4dfc4-5_user => moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\60361efe-6fea-4d98-864b-9930a4c4dfc4-5_user" => key removed successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{1D4B2C7D-DF82-4733-8719-3ACE2572928F}" => key removed successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1D4B2C7D-DF82-4733-8719-3ACE2572928F}" => key removed successfully. C:\Windows\System32\Tasks\vKj2JFxHqfv9WOGtUya => moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\vKj2JFxHqfv9WOGtUya" => key removed successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{212D48E4-C298-4AF0-9FE9-C5C7EAF3D911}" => key removed successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{212D48E4-C298-4AF0-9FE9-C5C7EAF3D911}" => key removed successfully. C:\Windows\System32\Tasks\f706a8f7-287f-4a40-893c-ca55c01ea0aa-1-6 => moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\f706a8f7-287f-4a40-893c-ca55c01ea0aa-1-6" => key removed successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{3687B27E-9BD9-4C08-8601-58AC50F45B00}" => key removed successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3687B27E-9BD9-4C08-8601-58AC50F45B00}" => key removed successfully. C:\Windows\System32\Tasks\d131932d-2bfb-4f57-94fc-116f683bacae-1-6 => moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\d131932d-2bfb-4f57-94fc-116f683bacae-1-6" => key removed successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{389D93F7-B2AA-4A23-A411-9CAD41635E80}" => key removed successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{389D93F7-B2AA-4A23-A411-9CAD41635E80}" => key removed successfully. C:\Windows\System32\Tasks\f706a8f7-287f-4a40-893c-ca55c01ea0aa-6 => moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\f706a8f7-287f-4a40-893c-ca55c01ea0aa-6" => key removed successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{44BB6A88-519B-416A-8A71-22D73D75007D}" => key removed successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{44BB6A88-519B-416A-8A71-22D73D75007D}" => key removed successfully. C:\Windows\System32\Tasks\{4568873B-B6AC-429C-A271-F397F6F36772} => moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{4568873B-B6AC-429C-A271-F397F6F36772}" => key removed successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{4527E12E-B199-4323-843D-F287AF8FE350}" => key removed successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4527E12E-B199-4323-843D-F287AF8FE350}" => key removed successfully. C:\Windows\System32\Tasks\temp_60361efe-6fea-4d98-864b-9930a4c4dfc4-10_user => moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\temp_60361efe-6fea-4d98-864b-9930a4c4dfc4-10_user" => key removed successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{5332EE0B-4583-4BDF-9BE0-7ECE88513F12}" => key removed successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5332EE0B-4583-4BDF-9BE0-7ECE88513F12}" => key removed successfully. C:\Windows\System32\Tasks\temp_51515474-c5d1-462f-906c-9d2743e452f1-10_user => moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\temp_51515474-c5d1-462f-906c-9d2743e452f1-10_user" => key removed successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{54A799C9-0B93-4FAA-8015-E792A195C566}" => key removed successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{54A799C9-0B93-4FAA-8015-E792A195C566}" => key removed successfully. C:\Windows\System32\Tasks\temp_51515474-c5d1-462f-906c-9d2743e452f1-1-6 => moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\temp_51515474-c5d1-462f-906c-9d2743e452f1-1-6" => key removed successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{55C37305-7F4F-4DA8-98E4-0CB75880A050}" => key removed successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{55C37305-7F4F-4DA8-98E4-0CB75880A050}" => key removed successfully. C:\Windows\System32\Tasks\RsDelayLauncher_{8A34248E-7D35-4832-8378-7659E0B0A380} => moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\RsDelayLauncher_{8A34248E-7D35-4832-8378-7659E0B0A380}" => key removed successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{56D3AC46-C95A-4631-85CB-E2D0EF292650}" => key removed successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{56D3AC46-C95A-4631-85CB-E2D0EF292650}" => key removed successfully. C:\Windows\System32\Tasks\f706a8f7-287f-4a40-893c-ca55c01ea0aa-5_user => moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\f706a8f7-287f-4a40-893c-ca55c01ea0aa-5_user" => key removed successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{57B588F8-D837-44E5-8796-8BF32FB8FE03}" => key removed successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{57B588F8-D837-44E5-8796-8BF32FB8FE03}" => key removed successfully. C:\Windows\System32\Tasks\65b1263e-e246-43e3-bf46-21dd1ae42b63-5 => moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\65b1263e-e246-43e3-bf46-21dd1ae42b63-5" => key removed successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{5DE3752D-827B-4F49-8743-D1E937547BE1}" => key removed successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5DE3752D-827B-4F49-8743-D1E937547BE1}" => key removed successfully. C:\Windows\System32\Tasks\globalUpdateUpdateTaskMachineUA => moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\globalUpdateUpdateTaskMachineUA" => key removed successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{6116FF07-EE30-401A-B1D2-84235B0BDE17}" => key removed successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6116FF07-EE30-401A-B1D2-84235B0BDE17}" => key removed successfully. C:\Windows\System32\Tasks\d131932d-2bfb-4f57-94fc-116f683bacae-6 => moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\d131932d-2bfb-4f57-94fc-116f683bacae-6" => key removed successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{7619C814-76BD-422D-BE0D-884FB54958B3}" => key removed successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7619C814-76BD-422D-BE0D-884FB54958B3}" => key removed successfully. C:\Windows\System32\Tasks\Crossbrowse => moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Crossbrowse" => key removed successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{78ED8342-617E-452E-9494-FC60B9B7373B}" => key removed successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{78ED8342-617E-452E-9494-FC60B9B7373B}" => key removed successfully. C:\Windows\System32\Tasks\d131932d-2bfb-4f57-94fc-116f683bacae-1-7 => moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\d131932d-2bfb-4f57-94fc-116f683bacae-1-7" => key removed successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{7966E7A1-0D33-4392-A6B7-F252B207E23D}" => key removed successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7966E7A1-0D33-4392-A6B7-F252B207E23D}" => key removed successfully. C:\Windows\System32\Tasks\temp_337fb1ed-f59b-4815-8de7-a0b476c310ca-1-6 => moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\temp_337fb1ed-f59b-4815-8de7-a0b476c310ca-1-6" => key removed successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{7A24EF2D-0668-40A5-B880-149E9B6114BD}" => key removed successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7A24EF2D-0668-40A5-B880-149E9B6114BD}" => key removed successfully. C:\Windows\System32\Tasks\d131932d-2bfb-4f57-94fc-116f683bacae-10_user => moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\d131932d-2bfb-4f57-94fc-116f683bacae-10_user" => key removed successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{8237BCEE-23C9-4AC0-A390-A095AE805B9E}" => key removed successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8237BCEE-23C9-4AC0-A390-A095AE805B9E}" => key removed successfully. C:\Windows\System32\Tasks\X82FxyOAlfq82FaPhMv => moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\X82FxyOAlfq82FaPhMv" => key removed successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{93E88428-3A04-48AC-8B7F-C98100C15300}" => key removed successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{93E88428-3A04-48AC-8B7F-C98100C15300}" => key removed successfully. C:\Windows\System32\Tasks\Bidaily Synchronize Task[973b] => moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Bidaily Synchronize Task[973b]" => key removed successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{969CEF98-A85A-4F3B-A11A-BA8755387B84}" => key removed successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{969CEF98-A85A-4F3B-A11A-BA8755387B84}" => key removed successfully. C:\Windows\System32\Tasks\d131932d-2bfb-4f57-94fc-116f683bacae-5_user => moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\d131932d-2bfb-4f57-94fc-116f683bacae-5_user" => key removed successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{9A3CBD60-3012-47B7-8B69-9294641CAAD1}" => key removed successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9A3CBD60-3012-47B7-8B69-9294641CAAD1}" => key removed successfully. C:\Windows\System32\Tasks\60361efe-6fea-4d98-864b-9930a4c4dfc4-1-6 => moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\60361efe-6fea-4d98-864b-9930a4c4dfc4-1-6" => key removed successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{9CBA5ABC-E905-4DFB-8287-9D70CFE38375}" => key removed successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9CBA5ABC-E905-4DFB-8287-9D70CFE38375}" => key removed successfully. C:\Windows\System32\Tasks\f706a8f7-287f-4a40-893c-ca55c01ea0aa-10_user => moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\f706a8f7-287f-4a40-893c-ca55c01ea0aa-10_user" => key removed successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{9F578E4C-647E-4623-BC6C-3CA908835E17}" => key removed successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9F578E4C-647E-4623-BC6C-3CA908835E17}" => key removed successfully. C:\Windows\System32\Tasks\Bidaily Synchronize Task[74c7] => moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Bidaily Synchronize Task[74c7]" => key removed successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A0F2CB5D-F701-4159-98FA-70D218020436}" => key removed successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A0F2CB5D-F701-4159-98FA-70D218020436}" => key removed successfully. C:\Windows\System32\Tasks\65b1263e-e246-43e3-bf46-21dd1ae42b63-1-6 => moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\65b1263e-e246-43e3-bf46-21dd1ae42b63-1-6" => key removed successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{AE770A31-69A5-46EB-9E7F-06D2A6D8AC09}" => key removed successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AE770A31-69A5-46EB-9E7F-06D2A6D8AC09}" => key removed successfully. C:\Windows\System32\Tasks\f706a8f7-287f-4a40-893c-ca55c01ea0aa-7 => moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\f706a8f7-287f-4a40-893c-ca55c01ea0aa-7" => key removed successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{CD8F0AE4-FA7A-43F5-95A5-E1D1D171F46A}" => key removed successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CD8F0AE4-FA7A-43F5-95A5-E1D1D171F46A}" => key removed successfully. C:\Windows\System32\Tasks\f706a8f7-287f-4a40-893c-ca55c01ea0aa-1-7 => moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\f706a8f7-287f-4a40-893c-ca55c01ea0aa-1-7" => key removed successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{DE925C0A-9AF7-401A-BC7A-33679051EE95}" => key removed successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DE925C0A-9AF7-401A-BC7A-33679051EE95}" => key removed successfully. C:\Windows\System32\Tasks\globalUpdateUpdateTaskMachineCore => moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\globalUpdateUpdateTaskMachineCore" => key removed successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{EC9F0473-0F49-4557-8EE6-35E82FA60BC9}" => key removed successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EC9F0473-0F49-4557-8EE6-35E82FA60BC9}" => key removed successfully. C:\Windows\System32\Tasks\temp_f706a8f7-287f-4a40-893c-ca55c01ea0aa-1-6 => moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\temp_f706a8f7-287f-4a40-893c-ca55c01ea0aa-1-6" => key removed successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{EEE33474-BDAA-40D7-903E-806959CBF39E}" => key removed successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EEE33474-BDAA-40D7-903E-806959CBF39E}" => key removed successfully. C:\Windows\System32\Tasks\65b1263e-e246-43e3-bf46-21dd1ae42b63-6 => moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\65b1263e-e246-43e3-bf46-21dd1ae42b63-6" => key removed successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F209F725-51CB-4022-B07F-D0080C8A05F3}" => key removed successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F209F725-51CB-4022-B07F-D0080C8A05F3}" => key removed successfully. C:\Windows\System32\Tasks\f706a8f7-287f-4a40-893c-ca55c01ea0aa-5 => moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\f706a8f7-287f-4a40-893c-ca55c01ea0aa-5" => key removed successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F4AF0E7E-6517-421D-AE8A-A64C10741B9E}" => key removed successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F4AF0E7E-6517-421D-AE8A-A64C10741B9E}" => key removed successfully. C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA1d09a038b4810b3 => moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineUA1d09a038b4810b3" => key removed successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{FF4DAA8E-F16E-4E24-8F10-16E11B1B9FEE}" => key removed successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FF4DAA8E-F16E-4E24-8F10-16E11B1B9FEE}" => key removed successfully. C:\Windows\System32\Tasks\SmartWeb Upgrade Trigger Task => moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SmartWeb Upgrade Trigger Task" => key removed successfully. C:\Windows\Tasks\Bidaily Synchronize Task[74c7].job => moved successfully. C:\Windows\Tasks\Bidaily Synchronize Task[973b].job => moved successfully. C:\Windows\Tasks\Crossbrowse.job => moved successfully. C:\Windows\Tasks\globalUpdateUpdateTaskMachineCore.job => moved successfully. C:\Windows\Tasks\globalUpdateUpdateTaskMachineUA.job => moved successfully. "C:\Program Files\globalUpdate" => File/Folder not found. C:\Windows\Tasks\vKj2JFxHqfv9WOGtUya.job => moved successfully. C:\Windows\Tasks\X82FxyOAlfq82FaPhMv.job => moved successfully. C:\Users\Alex\AppData\Roaming\X82FxyOAlfq82FaPhMv.exe => moved successfully. "C:\Users\Alex\AppData\Roaming\vKj2JFxHqfv9WOGtUya.exe" => File/Folder not found. "C:\Program Files\Crossbrowse" => File/Folder not found. "c:\programdata\{c52147f3-0b53-8214-c521-147f30b51fcc}" => File/Folder not found. "c:\programdata\{2f8a2b62-bee9-309f-2f8a-a2b62beead8a}" => File/Folder not found. C:\Users\Alex\AppData\Local\SmartWeb => moved successfully. "C:\Program Files\CinemaPlus-3.2cV29.07" => File/Folder not found. "C:\PROGRAM FILES\RISING" folder move: Could not move "C:\PROGRAM FILES\RISING" => Scheduled to move on reboot. "C:\Users\Alex\AppData\Roaming\mystartsearch" => File/Folder not found. C:\ProgramData\iWinManProi => moved successfully. C:\Program Files\MiuiTab => moved successfully. C:\Program Files\baidu => moved successfully. HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\RSDTRAY => value removed successfully. HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\RavTRAY => value could not remove. HKU\S-1-5-21-3050552178-2778190213-2786081387-1000\Software\Microsoft\Windows\CurrentVersion\Run\\GoogleChromeAutoLaunch_3281FCF30DCFA21CFEF4D2ECFEF8608D => value removed successfully. HKU\S-1-5-21-3050552178-2778190213-2786081387-1000\Software\Microsoft\Windows\CurrentVersion\Run\\apphide => value removed successfully. HKU\S-1-5-21-3050552178-2778190213-2786081387-1000\Software\Microsoft\Windows\CurrentVersion\Run\\HCDNClient => value removed successfully. "HKLM\SOFTWARE\Policies\Google" => key removed successfully. HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => Error setting value. HKLM\Software\\Microsoft\Internet Explorer\Main\\Search Page => value restored successfully HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Page_URL => value restored successfully HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Search_URL => value restored successfully HKU\S-1-5-21-3050552178-2778190213-2786081387-1000\Software\Microsoft\Internet Explorer\Main\\Search Page => value restored successfully HKU\S-1-5-21-3050552178-2778190213-2786081387-1000\Software\Microsoft\Internet Explorer\Main\\Start Page => Error setting value. HKU\S-1-5-21-3050552178-2778190213-2786081387-1000\Software\Microsoft\Internet Explorer\Main\\Default_Page_URL => value restored successfully HKU\S-1-5-21-3050552178-2778190213-2786081387-1000\Software\Microsoft\Internet Explorer\Main\\Default_Search_URL => value restored successfully HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully "HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}" => key removed successfully. HKCR\CLSID\{33BB0A4E-99AF-4226-BDF6-49120163DE86} => key not found. HKU\S-1-5-21-3050552178-2778190213-2786081387-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully. "HKU\S-1-5-21-3050552178-2778190213-2786081387-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}" => key removed successfully. HKCR\CLSID\{33BB0A4E-99AF-4226-BDF6-49120163DE86} => key not found. "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{14A5E567-034B-471A-89D8-598A6A93B24B}" => key removed successfully. "HKCR\CLSID\{14A5E567-034B-471A-89D8-598A6A93B24B}" => key removed successfully. "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FB4F6285-4C32-49F2-950F-A5998F9CEC6C}" => key removed successfully. "HKCR\CLSID\{FB4F6285-4C32-49F2-950F-A5998F9CEC6C}" => key removed successfully. HKLM\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command\\Default => value restored successfully "HKLM\Software\MozillaPlugins\@iqiyi.com/npclient" => key removed successfully. C:\IQIYI Video\LStyle\npclient.dll => moved successfully. "HKLM\Software\MozillaPlugins\@iqiyi.com/npWebPlayer" => key removed successfully. C:\IQIYI Video\LStyle\npWebPlayer.dll => moved successfully. "HKLM\Software\MozillaPlugins\@qq.com/QQPCMgr" => key removed successfully. Could not move "C:\Program Files\Tencent\QQPCMgr\10.7.16066.216\npQMExtensionsMozilla.dll" => Scheduled to move on reboot. "HKLM\Software\MozillaPlugins\@rising.com.cn/nprising" => key removed successfully. Could not move "C:\Program Files\Rising\RAV\nprising.dll" => Scheduled to move on reboot. "HKLM\Software\MozillaPlugins\@staging.google.com/globalUpdate Update;version=10" => key removed successfully. "HKLM\Software\MozillaPlugins\@staging.google.com/globalUpdate Update;version=4" => key removed successfully. "HKU\S-1-5-21-3050552178-2778190213-2786081387-1000\Software\MozillaPlugins\@iqiyi.com/npWebPlayer" => key removed successfully. C:\IQIYI Video\LStyle\npWebPlayer.dll not found. "HKU\S-1-5-21-3050552178-2778190213-2786081387-1000\Software\MozillaPlugins\@rising.com.cn/nprising" => key removed successfully. Could not move "C:\Program Files\Rising\RAV\nprising.dll" => Scheduled to move on reboot. IHProtect Service => Service stopped successfully. IHProtect Service => service removed successfully. QQPCRTP => Unable to stop service. QQPCRTP => service could not remove "C:\Program Files\Tencent" folder move: Could not move "C:\Program Files\Tencent" => Scheduled to move on reboot. RsMgrSvc => Service stopped successfully. RsMgrSvc => service removed successfully. RsRavMon => Unable to stop service. RsRavMon => service could not remove TAOFrame => Service stopped successfully. TAOFrame => service removed successfully. WindowsMangerProtect => Service stopped successfully. WindowsMangerProtect => service removed successfully. copofute => service removed successfully. fivyzipo => Service stopped successfully. fivyzipo => service removed successfully. globalUpdate => service removed successfully. globalUpdatem => service removed successfully. tyvozyno => service removed successfully. C:\Users\Alex\AppData\Roaming\00000000-1433171668-0000-0000-1C6F6547AC60 => moved successfully. C:\Program Files\00000000-1433171668-0000-0000-1C6F6547AC60 => moved successfully. kguard => Unable to stop service. kguard => service removed successfully. QMIEProtect => Service stopped successfully. QMIEProtect => service removed successfully. QMUdisk => Unable to stop service. QMUdisk => service removed successfully. QQPCHelper => service removed successfully. QQSysMon => Unable to stop service. QQSysMon => service could not remove rsdsys => Service stopped successfully. rsdsys => service removed successfully. rsutils => Unable to stop service. rsutils => service removed successfully. sysmon => Unable to stop service. sysmon => service could not remove TAOAccelerator => Service stopped successfully. TAOAccelerator => service removed successfully. TAOKernelDriver => Unable to stop service. TAOKernelDriver => service removed successfully. TFsFlt => Unable to stop service. TFsFlt => service could not remove TS888 => Service stopped successfully. TS888 => service removed successfully. TSCPM => Unable to stop service. TSCPM => service removed successfully. TSDefenseBt => Service stopped successfully. TSDefenseBt => service could not remove TsFltMgr => Unable to stop service. TsFltMgr => service could not remove TSKSP => Unable to stop service. TSKSP => service could not remove TSSysKit => Unable to stop service. TSSysKit => service could not remove innfd_1_10_0_14 => service removed successfully. wsafd_1_10_0_19 => service removed successfully. C:\Windows\system32\Drivers\TS888.sys => moved successfully. C:\ProgramData\TXQMPC => moved successfully. C:\rising.ini => moved successfully. Could not move "C:\Windows\system32\BsMain.ini" => Scheduled to move on reboot. "C:\RavBin" folder move: Could not move "C:\RavBin" => Scheduled to move on reboot. Could not move "C:\Windows\system32\Drivers\sysmon.sys" => Scheduled to move on reboot. Could not move "C:\Windows\system32\Drivers\rsutils.sys" => Scheduled to move on reboot. C:\Windows\system32\vpatch.dll => moved successfully. Could not move "C:\Windows\system32\Drivers\kguard.sys" => Scheduled to move on reboot. C:\Windows\system32\ravext.dll => moved successfully. Could not move "C:\Windows\system32\bsmain.exe" => Scheduled to move on reboot. Could not move "C:\Windows\system32\Drivers\rsndisp.sys" => Scheduled to move on reboot. "C:\ProgramData\Rising" folder move: Could not move "C:\ProgramData\Rising" => Scheduled to move on reboot. "C:\Program Files\Rising" folder move: Could not move "C:\Program Files\Rising" => Scheduled to move on reboot. C:\Windows\system32\Drivers\protreg.sys => moved successfully. C:\Windows\system32\Drivers\TAOKernel.sys => moved successfully. C:\Windows\system32\Drivers\TAOAccelerator.sys => moved successfully. Could not move "C:\Windows\system32\Drivers\TSDefenseBt.sys" => Scheduled to move on reboot. "C:\Users\Alex\AppData\Roaming\Tencent" folder move: Could not move "C:\Users\Alex\AppData\Roaming\Tencent" => Scheduled to move on reboot. "C:\ProgramData\Tencent" folder move: Could not move "C:\ProgramData\Tencent" => Scheduled to move on reboot. "C:\Program Files\Common Files\Tencent" folder move: Could not move "C:\Program Files\Common Files\Tencent" => Scheduled to move on reboot. Could not move "C:\Windows\system32\Drivers\TFsFlt.sys" => Scheduled to move on reboot. Could not move "C:\Windows\system32\Drivers\TsFltMgr.sys" => Scheduled to move on reboot. "C:\Users\Alex\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\????" folder move: Could not move "C:\Users\Alex\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\????" => Scheduled to move on reboot. "C:\Program Files\Tencent" folder move: Could not move "C:\Program Files\Tencent" => Scheduled to move on reboot. C:\Users\Alex\AppData\Local\SysassistByHotWheel => moved successfully. C:\Users\Alex\AppData\Local\Unity => moved successfully. C:\ProgramData\IQIYI Video => moved successfully. C:\Users\Alex\AppData\Roaming\IQIYI Video => moved successfully. "C:\IQIYI Video" folder move: Could not move "C:\IQIYI Video" => Scheduled to move on reboot. C:\Users\Public\QiYi => moved successfully. C:\ProgramData\6WinManPro6 => moved successfully. ========= reg delete "HKU\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete "HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete "HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= EmptyTemp: => 6.2 GB temporary data Removed. Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 2015-08-05 14:44:06)<= C:\IQIYI Video => moved successfully C:\PROGRAM FILES\RISING => moved successfully "C:\Program Files\Tencent\QQPCMgr\10.7.16066.216\npQMExtensionsMozilla.dll" => Could not move C:\Program Files\Rising\RAV\nprising.dll => is moved successfully C:\Program Files\Rising\RAV\nprising.dll => is moved successfully "C:\Program Files\Tencent" => Could not move C:\Windows\system32\BsMain.ini => moved successfully C:\RavBin => moved successfully C:\Windows\system32\Drivers\sysmon.sys => moved successfully C:\Windows\system32\Drivers\rsutils.sys => moved successfully C:\Windows\system32\Drivers\kguard.sys => moved successfully C:\Windows\system32\bsmain.exe => moved successfully C:\Windows\system32\Drivers\rsndisp.sys => moved successfully C:\ProgramData\Rising => moved successfully C:\Program Files\Rising => is moved successfully "C:\Windows\system32\Drivers\TSDefenseBt.sys" => Could not move C:\Users\Alex\AppData\Roaming\Tencent => moved successfully "C:\ProgramData\Tencent" => Could not move "C:\Program Files\Common Files\Tencent" => Could not move "C:\Windows\system32\Drivers\TFsFlt.sys" => Could not move "C:\Windows\system32\Drivers\TsFltMgr.sys" => Could not move "C:\Users\Alex\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\????" => Could not move "C:\Program Files\Tencent" => Could not move C:\IQIYI Video => is moved successfully ==== End of Fixlog 14:44:24 ====