Fix result of Farbar Recovery Scan Tool (x64) Version:13-07-2015 Ran by Jasiu at 2015-07-16 17:14:51 Run:1 Running from C:\Users\Jasiu\Desktop\frst Loaded Profiles: Jasiu (Available Profiles: Jasiu) Boot Mode: Normal ============================================== fixlist content: ***************** CloseProcesses: CreateRestorePoint: U2 QQSysMonX64; \??\C:\Program Files (x86)\Tencent\QQPCMgr\10.10.16434.218\QQSysMonX64.sys [X] S1 TSDefenseBt; \??\C:\Program Files (x86)\Tencent\QQPCMgr\10.10.16434.218\TSDefenseBT64.sys [X] HKLM-x32\...\Run: [] => [X] HKLM-x32\...\Run: [ QQPCTray] => "C:\Program Files (x86)\Tencent\QQPCMgr\10.10.16434.218\QQPCTRAY.EXE" /regrun /qqrepair HKLM-x32\...\Run: [mcui_exe] => "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey HKU\S-1-5-21-3625697315-574066735-3411081838-1001\...\Run: [apphide] => C:\Program Files (x86)\baidu\baidu.exe [61440 2015-06-20] () HKU\S-1-5-21-3625697315-574066735-3411081838-1001\...\Policies\Explorer: [] ShellIconOverlayIdentifiers: [.QMDeskTopGCIcon] -> {B7667919-3765-4815-A66D-98A09BE662D6} => C:\Program Files (x86)\Tencent\QQPCMgr\10.10.16434.218\QMGCShellExt64.dll No File HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = StartMenuInternet: IEXPLORE.EXE - iexplore.exe FF Plugin: @iqiyi.com/npclient -> C:\IQIYI Video\LStyle\npclient.dll No File FF Plugin: @iqiyi.com/npWebPlayer -> C:\IQIYI Video\LStyle\npWebPlayer.dll No File FF Plugin-x32: @iqiyi.com/npclient -> C:\IQIYI Video\LStyle\npclient.dll No File FF Plugin-x32: @iqiyi.com/npWebPlayer -> C:\IQIYI Video\LStyle\npWebPlayer.dll No File FF Plugin-x32: @qq.com/QQPCMgr -> C:\Program Files (x86)\Tencent\QQPCMgr\10.10.16434.218\npQMExtensionsMozilla.dll No File FF Plugin HKU\S-1-5-21-3625697315-574066735-3411081838-1001: @iqiyi.com/npWebPlayer -> C:\IQIYI Video\LStyle\npWebPlayer.dll No File CustomCLSID: HKU\S-1-5-21-3625697315-574066735-3411081838-1001_Classes\CLSID\{0B628DE4-07AD-4284-81CA-5B439F67C5E6}\localserver32 -> D:\Autocad\AutoCAD 2015\acad.exe /Automation No File CustomCLSID: HKU\S-1-5-21-3625697315-574066735-3411081838-1001_Classes\CLSID\{149DD748-EA85-45A6-93C5-AC50D0260C98}\localserver32 -> D:\Autocad\AutoCAD 2015\acad.exe No File CustomCLSID: HKU\S-1-5-21-3625697315-574066735-3411081838-1001_Classes\CLSID\{E2C40589-DE61-11ce-BAE0-0020AF6D7005}\InprocServer32 -> D:\Autocad\AutoCAD 2015\pl-PL\acadficn.dll No File Task: {1903686A-82DF-4BF6-9F48-B4A3FD1C32FA} - System32\Tasks\{93676F8E-D262-4403-8682-F1482494E4F6} => pcalua.exe -a "C:\Team17\Worms Armageddon\wa.exe" -d "c:\Team17\Worms Armageddon" Task: {BBC97DBF-3158-4580-9856-6EE7EB9B85D7} - System32\Tasks\{AB774A4A-99AC-48A2-B8F5-28CE0353E177} => pcalua.exe -a C:\Users\Jasiu\Downloads\raidcall_v7.3.6.exe -d C:\Users\Jasiu\Downloads Task: {BDF5EAF1-2D83-462A-B472-7F321D2C77CC} - System32\Tasks\{AC834C79-C1E1-4C87-ADD4-D586D8A7EDB3} => pcalua.exe -a D:\Bwgen\Bwgen.exe -d D:\Bwgen HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\str => ""="service" C:\ppsfile C:\qycache C:\Program Files (x86)\baidu C:\ProgramData\Temp C:\ProgramData\Tencent C:\ProgramData\TXQMPC C:\Users\Jasiu\AppData\Local\SysassistByHotWheel C:\Users\Jasiu\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\爱奇艺万能播放器.lnk C:\Users\Jasiu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\腾讯软件 C:\Users\Jasiu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\爱奇艺万能播放器.lnk C:\Users\Jasiu\AppData\Roaming\ppslog C:\Users\Jasiu\Downloads\*(*)-dp*.* C:\Users\Jasiu\Downloads\Gbooks__1598_i1558290670_il360.exe.zip C:\Users\Jasiu\Downloads\Google Books Downloader Lite.exe C:\Users\Public\QiYi C:\WINDOWS\system32\Drivers\TFsFltX64.sys Reg: reg delete HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\mountpoints2 /f Reg: reg delete HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run /v mcpltui_exe /f Reg: reg delete HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run /v mcui_exe /f Reg: reg delete HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32 /v " QQPCTray" /f Reg: reg delete HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32 /v fst_pl_121 /f Reg: reg delete HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32 /v mcui_exe /f Reg: reg delete HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32 /v SunJavaUpdateSched /f Reg: reg delete HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32 /v "mobilegeni daemon" /f Reg: reg delete HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run /v apphide /f Reg: reg delete HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run /v LiveSupport /f Reg: reg delete HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run /v "DAEMON Tools Lite" /f Reg: reg delete "HKU\S-1-5-18\Software\Microsoft\Internet Explorer\Main" /f Reg: reg delete "HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main" /f Reg: reg delete "HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main" /f Reg: reg delete "HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes" /f Reg: reg delete "HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes" /f Reg: reg delete "HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes" /f CMD: netsh advfirewall reset EmptyTemp: ***************** Processes closed successfully. Restore point was successfully created. QQSysMonX64 => Service removed successfully TSDefenseBt => Service removed successfully HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value removed successfully HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ QQPCTray => value removed successfully HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\mcui_exe => value removed successfully HKU\S-1-5-21-3625697315-574066735-3411081838-1001\Software\Microsoft\Windows\CurrentVersion\Run\\apphide => value removed successfully HKU\S-1-5-21-3625697315-574066735-3411081838-1001\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\ => value removed successfully "HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\.QMDeskTopGCIcon" => key removed successfully "HKCR\CLSID\{B7667919-3765-4815-A66D-98A09BE662D6}" => key removed successfully "HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully HKLM\Software\\Microsoft\Internet Explorer\Main\\Search Page => value restored successfully HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Search Page => value restored successfully HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Page_URL => value restored successfully HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL => value restored successfully HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Search_URL => value restored successfully HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Search_URL => value restored successfully HKLM\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command\\Default => value restored successfully "HKLM\Software\MozillaPlugins\@iqiyi.com/npclient" => key removed successfully "HKLM\Software\MozillaPlugins\@iqiyi.com/npWebPlayer" => key removed successfully "HKLM\Software\Wow6432Node\MozillaPlugins\@iqiyi.com/npclient" => key removed successfully "HKLM\Software\Wow6432Node\MozillaPlugins\@iqiyi.com/npWebPlayer" => key removed successfully "HKLM\Software\Wow6432Node\MozillaPlugins\@qq.com/QQPCMgr" => key removed successfully "HKU\S-1-5-21-3625697315-574066735-3411081838-1001\Software\MozillaPlugins\@iqiyi.com/npWebPlayer" => key removed successfully C:\IQIYI Video\LStyle\npWebPlayer.dll not found. "HKU\S-1-5-21-3625697315-574066735-3411081838-1001_Classes\CLSID\{0B628DE4-07AD-4284-81CA-5B439F67C5E6}" => key removed successfully "HKU\S-1-5-21-3625697315-574066735-3411081838-1001_Classes\CLSID\{149DD748-EA85-45A6-93C5-AC50D0260C98}" => key removed successfully "HKU\S-1-5-21-3625697315-574066735-3411081838-1001_Classes\CLSID\{E2C40589-DE61-11ce-BAE0-0020AF6D7005}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1903686A-82DF-4BF6-9F48-B4A3FD1C32FA}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1903686A-82DF-4BF6-9F48-B4A3FD1C32FA}" => key removed successfully C:\Windows\System32\Tasks\{93676F8E-D262-4403-8682-F1482494E4F6} => moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{93676F8E-D262-4403-8682-F1482494E4F6}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{BBC97DBF-3158-4580-9856-6EE7EB9B85D7}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BBC97DBF-3158-4580-9856-6EE7EB9B85D7}" => key removed successfully C:\Windows\System32\Tasks\{AB774A4A-99AC-48A2-B8F5-28CE0353E177} => moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{AB774A4A-99AC-48A2-B8F5-28CE0353E177}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{BDF5EAF1-2D83-462A-B472-7F321D2C77CC}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BDF5EAF1-2D83-462A-B472-7F321D2C77CC}" => key removed successfully C:\Windows\System32\Tasks\{AC834C79-C1E1-4C87-ADD4-D586D8A7EDB3} => moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{AC834C79-C1E1-4C87-ADD4-D586D8A7EDB3}" => key removed successfully "HKLM\System\CurrentControlSet\Control\SafeBoot\Network\str" => key removed successfully C:\ppsfile => moved successfully. C:\qycache => moved successfully. C:\Program Files (x86)\baidu => moved successfully. C:\ProgramData\Temp => moved successfully. C:\ProgramData\Tencent => moved successfully. C:\ProgramData\TXQMPC => moved successfully. C:\Users\Jasiu\AppData\Local\SysassistByHotWheel => moved successfully. C:\Users\Jasiu\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\爱奇艺万能播放器.lnk => moved successfully. C:\Users\Jasiu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\腾讯软件 => moved successfully. C:\Users\Jasiu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\爱奇艺万能播放器.lnk => moved successfully. C:\Users\Jasiu\AppData\Roaming\ppslog => moved successfully. C:\Users\Jasiu\Downloads\*(*)-dp*.* => moved successfully. C:\Users\Jasiu\Downloads\Gbooks__1598_i1558290670_il360.exe.zip => moved successfully. C:\Users\Jasiu\Downloads\Google Books Downloader Lite.exe => moved successfully. C:\Users\Public\QiYi => moved successfully. C:\WINDOWS\system32\Drivers\TFsFltX64.sys => moved successfully. ========= reg delete HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\mountpoints2 /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run /v mcpltui_exe /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run /v mcui_exe /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32 /v " QQPCTray" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32 /v fst_pl_121 /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32 /v mcui_exe /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32 /v SunJavaUpdateSched /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32 /v "mobilegeni daemon" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run /v apphide /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run /v LiveSupport /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run /v "DAEMON Tools Lite" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete "HKU\S-1-5-18\Software\Microsoft\Internet Explorer\Main" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete "HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main" /f ========= ERROR: The system was unable to find the specified registry key or value. ========= End of Reg: ========= ========= reg delete "HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main" /f ========= ERROR: The system was unable to find the specified registry key or value. ========= End of Reg: ========= ========= reg delete "HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete "HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete "HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= netsh advfirewall reset ========= Ok. ========= End of CMD: =========