Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 06-05-2015 01 Ran by sylwester at 2015-05-07 10:57:57 Run:3 Running from C:\Users\sylwester\Downloads Loaded Profiles: sylwester (Available profiles: sylwester) Boot Mode: Safe Mode (minimal) ============================================== Content of fixlist: ***************** CloseProcesses: (Microsoft Corporation) C:\Windows\explorer.exe S3 SWDUMon; C:\Windows\System32\DRIVERS\SWDUMon.sys [16152 2015-01-24] () R1 QMUdisk; C:\Program Files (x86)\Tencent\QQPCMgr\10.8.16208.227\QMUdisk64.sys [62264 2015-04-17] (Tencent) R2 QQPCRTP; C:\Program Files (x86)\Tencent\QQPCMgr\10.8.16208.227\QQPCRtp.exe [297608 2015-05-05] (Tencent) R2 QQSysMonX64; C:\Program Files (x86)\Tencent\QQPCMgr\10.8.16208.227\QQSysMonX64.sys [127800 2015-05-05] (电脑管家) R2 TAOAccelerator; C:\Windows\system32\Drivers\TAOAccelerator64.sys [99640 2015-05-05] (Tencent) S3 TAOFrame; C:\Program Files (x86)\Tencent\QQPCMgr\10.8.16208.227\TAOFrame.exe [293728 2015-05-05] (Tencent) R1 TAOKernelDriver; C:\Windows\System32\Drivers\TAOKernel64.sys [174392 2015-05-05] (Tencent Technology(Shenzhen) Company Limited) R3 TFsFlt; C:\Windows\System32\Drivers\TFsFltX64.sys [87864 2015-05-05] (电脑管家) R3 TS888x64; C:\Program Files (x86)\Tencent\QQPCMgr\10.8.16208.227\TS888x64.sys [28984 2015-05-06] (Tencent) R1 TSCPM; C:\Program Files (x86)\Tencent\QQPCMgr\10.8.16208.227\tscpm64.sys [42296 2015-05-05] (电脑管家) R1 TSDefenseBt; C:\Program Files (x86)\Tencent\QQPCMgr\10.8.16208.227\TsDefenseBT64.sys [28472 2015-05-05] (Tencent) R3 TSSKX64; C:\Windows\System32\drivers\tsskx64.sys [38200 2015-05-05] (电脑管家) R1 TSSysKit; C:\Program Files (x86)\Tencent\QQPCMgr\10.8.16208.227\TSSysKit64.sys [87352 2015-05-05] (电脑管家) S2 lydeteku; C:\Users\sylwester\AppData\Roaming\1F97B14F-1430815727-E411-B2A0-F0761C0D1586\nsfEC0E.tmp [X] HKU\S-1-5-21-2770005542-1391010283-3734432884-1000\...\Run: [apphide] => C:\Program Files (x86)\baidu\baidu.exe [65536 2015-04-06] () ShellIconOverlayIdentifiers: [.QMDeskTopGCIcon] -> {B7667919-3765-4815-A66D-98A09BE662D6} => C:\Program Files (x86)\Tencent\QQPCMgr\10.8.16208.227\QMGCShellExt64.dll [2015-04-07] (Tencent) HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://isearch.omiga-plus.com/?type=hppp&ts=1421788717&from=cor&uid=WDCXWD10S21X-24R1BT0-SSHD-8GB_WD-WX91AB3H5653H5653 HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.hao123.com/?tn=91932766_hao_pg HKU\S-1-5-21-2770005542-1391010283-3734432884-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hao123.com/?tn=91932766_hao_pg BHO: 电脑管家网页防火墙 -> {7C260B4B-F7A0-40B5-B403-BEFCDC6A4C3B} -> C:\Program Files (x86)\Tencent\QQPCMgr\10.8.16208.227\TSWebMon64.dat [2015-05-05] (Tencent) BHO-x32: No Name -> {1bb456da-878f-44a5-b013-4bfe0ae02fce} -> No File BHO-x32: No Name -> {b608cc98-54de-4775-96c9-097de398500c} -> No File Task: {756652E3-BAE3-4AE0-9C93-D72337257920} - System32\Tasks\GoogleUpdateTaskMachineUA1d04057e810189 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe AV: 电脑管家系统防护 (Enabled - Up to date) {6F9C3F92-B625-0E47-F0B1-447602EC65F5} AS: 电脑管家系统防护 (Enabled - Up to date) {D4FDDE76-901F-01C9-CA01-7F04796B2F48} C:\Program Files (x86)\baidu C:\Program Files (x86)\Google C:\Program Files (x86)\SlimDrivers C:\Program Files (x86)\Smart File Advisor C:\Program Files (x86)\Tencent C:\Program Files\Common Files\Tencent C:\Program Files (x86)\Common Files\Baidu C:\Program Files (x86)\Common Files\Tencent C:\ProgramData\APN C:\ProgramData\Baidu C:\ProgramData\KingSoft C:\ProgramData\IHProtectUpDate C:\ProgramData\McAfee C:\ProgramData\Orbit C:\ProgramData\Roaming C:\ProgramData\Tencent C:\ProgramData\TXQMPC C:\ProgramData\WindowsMangerProtect C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GAMESDESKTOP C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Smart File Advisor C:\Users\sylwester\AppData\Local\1F97B14F-1430823141-E411-B2A0-F0761C0D1586 C:\Users\sylwester\AppData\Local\CrashRpt C:\Users\sylwester\AppData\Local\ESET C:\Users\sylwester\AppData\Local\Gameo C:\Users\sylwester\AppData\Local\Google C:\Users\sylwester\AppData\Local\Installer C:\Users\sylwester\AppData\Local\SlimWare Utilities Inc C:\Users\sylwester\AppData\Roaming\Baidu C:\Users\sylwester\AppData\Roaming\Dropbox C:\Users\sylwester\AppData\Roaming\Gameo C:\Users\sylwester\AppData\Roaming\KC Softwares C:\Users\sylwester\AppData\Roaming\omiga-plus C:\Users\sylwester\AppData\Roaming\PriceFountain C:\Users\sylwester\AppData\Roaming\systweak C:\Users\sylwester\AppData\Roaming\Tencent C:\Users\sylwester\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Play Games Online.url C:\Users\sylwester\Downloads\*(*)-dp*.exe C:\Users\sylwester\Downloads\*Alcohol*.exe C:\Windows\d3dx.dat C:\Windows\system32\roboot64.exe C:\Windows\system32\Drivers\bd0001.sys C:\Windows\System32\Drivers\SWDUMon.sys C:\Windows\system32\Drivers\TAOAccelerator64.sys C:\Windows\System32\Drivers\TAOKernel64.sys C:\Windows\System32\Drivers\TFsFltX64.sys C:\Windows\system32\Drivers\TSSKX64.sys C:\Windows\SysWOW64\Drivers\TS888x64.sys Folder: C:\Users\sylwester\AppData\Roaming\InstallShield Reg: reg add HKCR\Unknown\shell\openas\command /ve /t REG_EXPAND_SZ /d "%SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1" /f Reg: reg add HKCR\Unknown\shell\opendlg\command /ve /t REG_EXPAND_SZ /d "%SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1" /f Reg: reg delete HKCR\Unknown\shell\openas\command /v sfa_backup /f Reg: reg delete HKCR\Unknown\shell\opendlg\command /v sfa_backup /f Reg: reg delete HKCU\Software\1Q1F1S1C1P1E1C1F1N1C1T1H2UtF1E1I /f Reg: reg delete HKCU\Software\dobreprogramy /f Reg: reg delete HKCU\Software\Google /f Reg: reg delete HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\mountpoints2 /f Reg: reg delete HKLM\SOFTWARE\Wow6432Node\Google /f Reg: reg delete HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}{be0fb33b} /f Reg: reg delete HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\gmsd_pl_109_is1 /f Reg: reg delete "HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Smart File Advisor_is1" /f ***************** Processes closed successfully. [312] C:\Windows\explorer.exe => Process closed successfully. SWDUMon => Service deleted successfully. QMUdisk => Service deleted successfully. QQPCRTP => Service deleted successfully. QQSysMonX64 => Service deleted successfully. TAOAccelerator => Service deleted successfully. TAOFrame => Service deleted successfully. TAOKernelDriver => Service deleted successfully. TFsFlt => Service deleted successfully. TS888x64 => Service deleted successfully. TSCPM => Service deleted successfully. TSDefenseBt => Service deleted successfully. TSSKX64 => Service deleted successfully. TSSysKit => Service deleted successfully. lydeteku => Service deleted successfully. HKU\S-1-5-21-2770005542-1391010283-3734432884-1000\Software\Microsoft\Windows\CurrentVersion\Run\\apphide => value deleted successfully. "HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\.QMDeskTopGCIcon" => Key deleted successfully. "HKCR\CLSID\{B7667919-3765-4815-A66D-98A09BE662D6}" => Key deleted successfully. HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully. HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully. HKU\S-1-5-21-2770005542-1391010283-3734432884-1000\Software\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully. "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7C260B4B-F7A0-40B5-B403-BEFCDC6A4C3B}" => Key deleted successfully. "HKCR\CLSID\{7C260B4B-F7A0-40B5-B403-BEFCDC6A4C3B}" => Key deleted successfully. "HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1bb456da-878f-44a5-b013-4bfe0ae02fce}" => Key deleted successfully. HKCR\Wow6432Node\CLSID\{1bb456da-878f-44a5-b013-4bfe0ae02fce} => Key not found. "HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b608cc98-54de-4775-96c9-097de398500c}" => Key deleted successfully. HKCR\Wow6432Node\CLSID\{b608cc98-54de-4775-96c9-097de398500c} => Key not found. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{756652E3-BAE3-4AE0-9C93-D72337257920}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{756652E3-BAE3-4AE0-9C93-D72337257920}" => Key deleted successfully. C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA1d04057e810189 => Moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineUA1d04057e810189" => Key deleted successfully. AV: 电脑管家系统防护 (Enabled - Up to date) {6F9C3F92-B625-0E47-F0B1-447602EC65F5} => The item is protected. Make sure the software is uninstalled and its services is removed. AS: 电脑管家系统防护 (Enabled - Up to date) {D4FDDE76-901F-01C9-CA01-7F04796B2F48} => The item is protected. Make sure the software is uninstalled and its services is removed. C:\Program Files (x86)\baidu => Moved successfully. C:\Program Files (x86)\Google => Moved successfully. C:\Program Files (x86)\SlimDrivers => Moved successfully. "C:\Program Files (x86)\Smart File Advisor" => File/Directory not found. C:\Program Files (x86)\Tencent => Moved successfully. C:\Program Files\Common Files\Tencent => Moved successfully. C:\Program Files (x86)\Common Files\Baidu => Moved successfully. C:\Program Files (x86)\Common Files\Tencent => Moved successfully. C:\ProgramData\APN => Moved successfully. C:\ProgramData\Baidu => Moved successfully. C:\ProgramData\KingSoft => Moved successfully. C:\ProgramData\IHProtectUpDate => Moved successfully. C:\ProgramData\McAfee => Moved successfully. C:\ProgramData\Orbit => Moved successfully. C:\ProgramData\Roaming => Moved successfully. C:\ProgramData\Tencent => Moved successfully. C:\ProgramData\TXQMPC => Moved successfully. C:\ProgramData\WindowsMangerProtect => Moved successfully. C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GAMESDESKTOP => Moved successfully. "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Smart File Advisor" => File/Directory not found. C:\Users\sylwester\AppData\Local\1F97B14F-1430823141-E411-B2A0-F0761C0D1586 => Moved successfully. C:\Users\sylwester\AppData\Local\CrashRpt => Moved successfully. C:\Users\sylwester\AppData\Local\ESET => Moved successfully. C:\Users\sylwester\AppData\Local\Gameo => Moved successfully. C:\Users\sylwester\AppData\Local\Google => Moved successfully. C:\Users\sylwester\AppData\Local\Installer => Moved successfully. C:\Users\sylwester\AppData\Local\SlimWare Utilities Inc => Moved successfully. C:\Users\sylwester\AppData\Roaming\Baidu => Moved successfully. C:\Users\sylwester\AppData\Roaming\Dropbox => Moved successfully. C:\Users\sylwester\AppData\Roaming\Gameo => Moved successfully. C:\Users\sylwester\AppData\Roaming\KC Softwares => Moved successfully. C:\Users\sylwester\AppData\Roaming\omiga-plus => Moved successfully. C:\Users\sylwester\AppData\Roaming\PriceFountain => Moved successfully. C:\Users\sylwester\AppData\Roaming\systweak => Moved successfully. C:\Users\sylwester\AppData\Roaming\Tencent => Moved successfully. C:\Users\sylwester\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Play Games Online.url => Moved successfully. C:\Users\sylwester\Downloads\*(*)-dp*.exe => Moved successfully. C:\Users\sylwester\Downloads\*Alcohol*.exe => Moved successfully. C:\Windows\d3dx.dat => Moved successfully. C:\Windows\system32\roboot64.exe => Moved successfully. C:\Windows\system32\Drivers\bd0001.sys => Moved successfully. C:\Windows\System32\Drivers\SWDUMon.sys => Moved successfully. C:\Windows\system32\Drivers\TAOAccelerator64.sys => Moved successfully. C:\Windows\System32\Drivers\TAOKernel64.sys => Moved successfully. C:\Windows\System32\Drivers\TFsFltX64.sys => Moved successfully. C:\Windows\system32\Drivers\TSSKX64.sys => Moved successfully. C:\Windows\SysWOW64\Drivers\TS888x64.sys => Moved successfully. ========================= Folder: C:\Users\sylwester\AppData\Roaming\InstallShield ======================== 2015-12-31 20:20 - 2015-12-31 20:20 - 0000000 ____D () C:\Users\sylwester\AppData\Roaming\InstallShield\ISEngine12.0 ====== End of Folder: ====== ========= reg add HKCR\Unknown\shell\openas\command /ve /t REG_EXPAND_SZ /d "%SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg add HKCR\Unknown\shell\opendlg\command /ve /t REG_EXPAND_SZ /d "%SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete HKCR\Unknown\shell\openas\command /v sfa_backup /f ========= Bť¤D: System nie znalazˆ w rejestrze okre˜lonego klucza albo warto˜ci. ========= End of Reg: ========= ========= reg delete HKCR\Unknown\shell\opendlg\command /v sfa_backup /f ========= Bť¤D: System nie znalazˆ w rejestrze okre˜lonego klucza albo warto˜ci. ========= End of Reg: ========= ========= reg delete HKCU\Software\1Q1F1S1C1P1E1C1F1N1C1T1H2UtF1E1I /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete HKCU\Software\dobreprogramy /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete HKCU\Software\Google /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\mountpoints2 /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete HKLM\SOFTWARE\Wow6432Node\Google /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}{be0fb33b} /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\gmsd_pl_109_is1 /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete "HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Smart File Advisor_is1" /f ========= Bť¤D: System nie znalazˆ w rejestrze okre˜lonego klucza albo warto˜ci. ========= End of Reg: ========= The system needed a reboot. ==== End of Fixlog 10:58:04 ====