script zhpfix
R0 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://123.sogou.com/  =>PUP.Optional.Sogou
R0 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://123.sogou.com/  =>PUP.Optional.Sogou
R0 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://123.sogou.com/  =>PUP.Optional.Sogou
HKLM\SOFTWARE\Wow6432Node\QuickSearch
O69 - SBI: prefs.js [stacy - 5k3qc42l.default] user_pref("extensions.enabledAddons", "yahooprotected%40gmail.com:1.0.1.1042,deskCutv2%40gmail.com:0.1.13,%7B972ce4c6-7e08-4474-a2[...]  =>PUP.Optional.DeskCut
O43 - CFD: 30/09/2015 - [] D -- C:\Users\stacy\AppData\Roaming\Reg
O23 - Service: ADSafe Host Service (ADSafeSvc) . (...) - C:\Program Files (x86)\ADSafe\ADSvc.exe (.not file.)
O2 - BHO: TSWebMon [64Bits] - {7C260B4B-F7A0-40B5-B403-BEFCDC6A4C3B}  (Orphean)
O43 - CFD: 14/06/2015 - [] D -- C:\ProgramData\boost_interprocess
O43 - CFD: 13/12/2015 - [0] D -- C:\ProgramData\TXPCMGR
O87 - FAEL: "TCP Query User{2CB631D2-6B6F-4652-BA30-3011D8CB984D}C:\program files (x86)\disney interactive\disney infinity 2.0 pc\disneyinfinity2.exe" [In-None-P6-TRUE] .(...) -- C:\program files (x86)\disney interactive\disney infinity 2.0 pc\disneyinfinity2.exe (.not file.)
O87 - FAEL: "UDP Query User{9809C272-C2FA-40EB-A604-F1239487AFCB}C:\program files (x86)\disney interactive\disney infinity 2.0 pc\disneyinfinity2.exe" [In-None-P17-TRUE] .(...) -- C:\program files (x86)\disney interactive\disney infinity 2.0 pc\disneyinfinity2.exe (.not file.)
O87 - FAEL: "TCP Query User{1C5E27FF-5176-44AE-9A03-D6ADB90D3CFC}E:\heroes of the storm\heroes of the storm\versions\base37351\heroesofthestorm_x64.exe" [In-None-P6-TRUE] .(...) -- E:\heroes of the storm\heroes of the storm\versions\base37351\heroesofthestorm_x64.exe (.not file.)
O87 - FAEL: "UDP Query User{DC005B78-3780-4F65-A5D6-FF8DFF8F5AD0}E:\heroes of the storm\heroes of the storm\versions\base37351\heroesofthestorm_x64.exe" [In-None-P17-TRUE] .(...) -- E:\heroes of the storm\heroes of the storm\versions\base37351\heroesofthestorm_x64.exe (.not file.)
O87 - FAEL: "{8568A486-52AE-48CD-A8CD-DE4084C9370B}" [In-None-P6-TRUE] .(...) -- C:\Program Files\DriversCloud.com\MCDetection.exe (.not file.)
O87 - FAEL: "{8A687724-6AE4-4D38-8484-EFA2E2C29C86}" [In-None-P17-TRUE] .(...) -- C:\Program Files\DriversCloud.com\MCDetection.exe (.not file.)
O87 - FAEL: "TCP Query User{BA27EE24-AC71-4FB3-9BF3-EFCDCD0DBBF5}C:\program files (x86)\adsafe\adsafe.exe" [In-None-P6-TRUE] .(...) -- C:\program files (x86)\adsafe\adsafe.exe (.not file.)
O87 - FAEL: "UDP Query User{60BBC209-4BC4-4167-9EB9-0B4B1F29E6E3}C:\program files (x86)\adsafe\adsafe.exe" [In-None-P17-TRUE] .(...) -- C:\program files (x86)\adsafe\adsafe.exe (.not file.)
O87 - FAEL: "{A104F190-9C96-427D-BCAD-E081DDEE378E}" [In-None-P17-TRUE] .(...) -- C:\Program Files (x86)\ADSafe\ADSvc.exe (.not file.)
O87 - FAEL: "{F4C8FFE0-FD11-4FA9-8DB4-BC769FC034AC}" [In-None-P17-TRUE] .(...) -- C:\Program Files (x86)\ADSafe\ADSafe.exe (.not file.)
P2 - EXT FILE: (...) -- C:\Users\stacy\AppData\Roaming\Mozilla\Firefox\Profiles\5k3qc42l.default\searchplugins\yahoo-ysp.xml
HKCU\SOFTWARE\ADSafe
HKCU\SOFTWARE\STA
O43 - CFD: 13/12/2015 - [] D -- C:\Program Files (x86)\ADSafe
O43 - CFD: 13/12/2015 - [] D -- C:\Program Files (x86)\MTV20151125
O43 - CFD: 13/12/2015 - [] D -- C:\Users\stacy\AppData\Roaming\ADSafe3
O43 - CFD: 13/12/2015 - [0] D -- C:\Users\stacy\AppData\Roaming\dissect
O43 - CFD: 13/12/2015 - [] D -- C:\Users\stacy\AppData\Local\Trick or Treat
O53 - SMSR:HKLM\...\startupreg\MTview  [Key] . (.STA - MTview.) -- C:\Program Files (x86)\MTV20151125\MTview.exe
O58 - SDL:2015/07/10 06:31:12 A . (.Copyright (C) 2015 - DMProtec.) -- C:\Windows\System32\drivers\DMProtect64.sys   [28416] {715450C7E0DB6CAD9CCD5ABEFD83B46D}
O58 - SDL:2015/12/13 11:43:05 A . (.???? - ????-TSSK Driver.) -- C:\Windows\System32\drivers\TSSKX64.sys   [38200] {7170BD93CF3F189AE6452B514C49340E}
emptytemp
emptyprefetch
emptyclsid
emptyflash
sysrestore
shortcutfix