Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Keep getting fake update popups


  • This topic is locked This topic is locked
18 replies to this topic

#1 aliciaswr

aliciaswr

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:06:03 PM

Posted 17 November 2014 - 04:26 AM

Hi,

 

I keep getting fake update popups.  Malwarebytes Anti-malware scanned and found nothing wrong.  There are no suspicious programs on my add/remove program list as well.  I do not know where to locate and remove this virus.  I notice the popups are titled vxmclient.  Please help.

 

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.17420  BrowserJavaVersion: 10.60.2
Run by aliciaswr at 17:21:10 on 2014-11-17
Microsoft Windows 7 Home Premium   6.1.7601.1.936.86.1033.18.4078.1951 [GMT 8:00]
.
AV: avast! Antivirus *Enabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: avast! Antivirus *Enabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Acer\Acer Updater\UpdaterService.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
C:\Program Files\SoftEther VPN Client\vpnclient_x64.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
C:\Windows\SysWOW64\svchost.exe -k SDDUpdate
C:\Program Files\SoftEther VPN Client\vpnclient_x64.exe
C:\Program Files\SoftEther VPN Client\vpncmgr_x64.exe
C:\Program Files\AVAST Software\Avast\avastui.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe
C:\OEM\USBDECTION\USBS3S4Detection.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe
C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe
C:\Program Files (x86)\Windows Optimizer\P2\optimizer.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe
C:\Windows\SysWOW64\svchost -k XLServicePlatform
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\WUDFHost.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
C:\Program Files\AVAST Software\Avast\ng\ngservice.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Nero\Update\NASvc.exe
C:\Program Files (x86)\Windows Media Player\wmplayer.exe
C:\Program Files (x86)\Tencent\QQ\QQProtect\Bin\QQProtect.exe
C:\Program Files (x86)\Tencent\QQ\bin\QQ.exe
C:\Program Files (x86)\Tencent\QQ\Bin\TXPlatform.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\splwow64.exe
C:\Program Files (x86)\Windows Network Accelerater\v3\winvxm.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_223.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_223.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
uSearch Bar = Preserve
mStart Page = about:blank
mWinlogon: Userinit = userinit.exe,
BHO: {3049C3E9-B461-4BC5-8870-4C09146192CA} - <orphaned>
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: {889D2FEB-5411-4565-8998-1DD2C5261283} - <orphaned>
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: QQ?????úê??ˉàà?÷???t: {C9C7334B-5657-41e1-8F79-F6AACECA05F4} - C:\Program Files (x86)\Common Files\Tencent\QQMiniDL\49\Browser\QQIEHelper01.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: {DDD362CF-523B-4BC9-8FDC-58F93B6BC945} - <orphaned>
BHO: {DE05CF4A-7B0A-4775-B5E5-396244938679} - <orphaned>
uRun: [AdobeBridge] <no file>
mRun: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
mRun: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun: [SuiteTray] "C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
mRun: [Hotkey Utility] C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe
mRun: [EgisUpdate] "C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe" -d
mRun: [EgisTecPMMUpdate] "C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [AdobeCS6ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
dRunOnce: [IsMyWinLockerReboot] msiexec.exe /qn /x{voidguid}
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SOFTET~1.LNK - C:\Program Files\SoftEther VPN Client\vpncmgr_x64.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: SoftwareSASGeneration = dword:1
IE: 使用QQ下载助手下载 - C:\Program Files (x86)\Common Files\Tencent\QQMiniDL\49\Browser\xfgeturl.htm
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
Trusted Zone: gogobox.com.tw
Trusted Zone: gogobox.com.tw
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_45-windows-i586.cab
DPF: {99CAAA27-FA0C-4FA4-B88A-4AB1CC7A17FE} - hxxp://www.netgame.com/mplugin/mglaunch_USAv1005.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0017-0000-0045-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_45-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_45-windows-i586.cab
TCP: NameServer = 192.168.1.254
TCP: Interfaces\{56BF460F-4CB3-4149-94A7-0C03C55E89BD} : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{56BF460F-4CB3-4149-94A7-0C03C55E89BD}\75942554C4543535D2E4544575F425B4 : DHCPNameServer = 192.168.0.1
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.111\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-mStart Page = about:blank
x64-BHO: 迅雷下载支持: {004B0726-A010-4ABF-8556-FCDB7F1FCA1E} - C:\Program Files (x86)\Thunder Network\Thunder\BHO\XunleiBHO647.9.16.4670.dll
x64-BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-TB: avast! Online Security: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - LocalServer32 - <no file>
x64-Run: [SoftEther VPN Client UI Helper] "C:\Program Files\SoftEther VPN Client\vpnclient_x64.exe" /uihelp
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\aliciaswr\AppData\Roaming\Mozilla\Firefox\Profiles\taxqrwy2.default\
FF - prefs.js: browser.startup.homepage - yahoo.com
FF - prefs.js: network.proxy.type - 2
FF - plugin: C:\Program Files (x86)\115\115com\np_115download_plugin.dll
FF - plugin: C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\npAdobeExManDetectX86.dll
FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll
FF - plugin: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll
FF - plugin: C:\Program Files (x86)\Common Files\Tencent\Npchrome\npactivex.dll
FF - plugin: C:\Program Files (x86)\Common Files\Tencent\QQMiniDL\49\Browser\npXFMiniDLPlugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
FF - plugin: C:\Program Files (x86)\QQMailPlugin\npQQMailWebKit.dll
FF - plugin: C:\Program Files (x86)\QQMailPlugin\nptxftnWebKit.dll
FF - plugin: c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll
FF - plugin: C:\Program Files (x86)\Tencent\QQMusic\QzoneMusic\npQzoneMusic.dll
FF - plugin: C:\Program Files (x86)\Tencent\Qzone\npQQPhotoDrawEx.dll
FF - plugin: C:\Program Files (x86)\Thunder Network\Thunder\Data\npxunlei1.0.0.2.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll
FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll
FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll
FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll
FF - plugin: C:\Users\aliciaswr\AppData\Local\Zettamedia\PdClubBox\npZmLauncher.dll
FF - plugin: C:\Users\aliciaswr\AppData\Roaming\baidu\Baidu Uploader\npUploader.dll
FF - plugin: C:\Users\aliciaswr\AppData\Roaming\baidu\BaiduYunGuanjia\npyunwebdetect.dll
FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1213153.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_223.dll
.
============= SERVICES / DRIVERS ===============
.
R0 aswRvrt;avast! Revert;C:\Windows\System32\drivers\aswRvrt.sys [2013-8-7 65776]
R0 aswVmm;avast! VM Monitor;C:\Windows\System32\drivers\aswVmm.sys [2013-8-7 267632]
R0 nvpciflt;nvpciflt;C:\Windows\System32\drivers\nvpciflt.sys [2011-6-3 23704]
R1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswsnx.sys [2011-9-27 1050432]
R1 aswSP;aswSP;C:\Windows\System32\drivers\aswsp.sys [2011-9-27 436624]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\System32\drivers\dtsoftbus01.sys [2014-2-5 283064]
R1 HssDRV6;Hotspot Shield Routing Driver 6;C:\Windows\System32\drivers\hssdrv6.sys [2013-10-12 46792]
R1 mwlPSDFilter;mwlPSDFilter;C:\Windows\System32\drivers\mwlPSDFilter.sys [2011-3-24 22912]
R1 mwlPSDNServ;mwlPSDNServ;C:\Windows\System32\drivers\mwlPSDNserv.sys [2011-3-24 20328]
R1 mwlPSDVDisk;mwlPSDVDisk;C:\Windows\System32\drivers\mwlPSDVDisk.sys [2011-3-24 62584]
R2 aswHwid;avast! HardwareID;C:\Windows\System32\drivers\aswHwid.sys [2014-8-15 29208]
R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswmonflt.sys [2011-9-27 83280]
R2 aswStm;aswStm;C:\Windows\System32\drivers\aswStm.sys [2014-3-30 116728]
R2 KuaiZipDrive;KuaiZipDrive;C:\Windows\System32\drivers\KuaiZipDrive.sys [2012-11-17 93992]
R2 VBoxAswDrv;VBoxAsw Support Driver;C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [2014-10-23 270728]
R2 YLMFVDISK;YLMF Virtual Diskette V1;C:\Windows\System32\drivers\VirtDisk64.sys [2011-12-21 23896]
R3 Neo_VPN;VPN Client Device Driver - VPN;C:\Windows\System32\drivers\Neo_0105.sys [2014-2-8 28768]
R3 netr28x;Ralink 802.11n Extensible Wireless Driver;C:\Windows\System32\drivers\netr28x.sys [2011-3-24 1014624]
R3 taphss6;Anchorfree HSS VPN Adapter;C:\Windows\System32\drivers\taphss6.sys [2013-6-21 42184]
S3 anvsnddrv;AnvSoft Virtual Sound Device;C:\Windows\System32\drivers\anvsnddrv.sys [2014-2-5 33872]
S3 DigiartyVirtualCDBus;Digiarty Virtual Driver;C:\Windows\System32\drivers\DigiartyVirtualCDBus.sys [2011-11-18 276256]
S3 hitmanpro37;HitmanPro 3.7 Support Driver;C:\Windows\System32\drivers\hitmanpro37.sys [2013-11-8 43664]
S3 HTCAND64;HTC Device Driver;C:\Windows\System32\drivers\ANDROIDUSB.sys [2009-11-1 33736]
S3 htcnprot;HTC NDIS Protocol Driver;C:\Windows\System32\drivers\htcnprot.sys [2010-6-25 36928]
S3 Neo_VPN-JP;VPN Client Device Driver - VPN-JP;C:\Windows\System32\drivers\Neo_0117.sys [2014-2-6 28768]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2012-11-28 19456]
S3 tapoas;TAP-Win32 Adapter OAS;C:\Windows\System32\drivers\tapoas.sys [2011-8-19 30720]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2014-2-25 56832]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2012-11-28 30208]
S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\System32\drivers\wdcsam64.sys [2008-5-6 14464]
.
=============== Created Last 30 ================
.
2014-11-17 08:16:02    --------    d-----w-    C:\Program Files (x86)\Windows Network Accelerater
2014-11-17 06:23:34    --------    d-----w-    C:\ProgramData\Optimizer
2014-11-15 07:53:11    --------    d-----w-    C:\Users\aliciaswr\AppData\Local\Diagnostics
2014-11-15 07:37:10    --------    d-sh--w-    C:\Users\aliciaswr\AppData\Local\EmieBrowserModeList
2014-11-13 06:50:51    --------    d-----w-    C:\Users\aliciaswr\AppData\Roaming\KunlunInput
2014-11-13 06:50:45    --------    d-----w-    C:\Users\aliciaswr\AppData\Roaming\Kunlun
2014-11-13 06:31:24    424448    ----a-w-    C:\Windows\System32\aeinv.dll
2014-11-13 06:31:24    304640    ----a-w-    C:\Windows\System32\generaltel.dll
2014-11-13 06:31:24    228864    ----a-w-    C:\Windows\System32\aepdu.dll
2014-11-13 06:31:13    683520    ----a-w-    C:\Windows\System32\termsrv.dll
2014-11-13 06:31:13    681984    ----a-w-    C:\Windows\System32\adtschema.dll
2014-11-13 06:31:13    155064    ----a-w-    C:\Windows\System32\drivers\ksecpkg.sys
2014-11-13 06:31:12    96768    ----a-w-    C:\Windows\SysWow64\sspicli.dll
2014-11-13 06:31:12    681984    ----a-w-    C:\Windows\SysWow64\adtschema.dll
2014-11-13 06:31:12    22016    ----a-w-    C:\Windows\SysWow64\secur32.dll
2014-11-13 06:31:12    146432    ----a-w-    C:\Windows\SysWow64\msaudite.dll
2014-11-13 06:31:12    146432    ----a-w-    C:\Windows\System32\msaudite.dll
2014-11-13 06:31:12    1460736    ----a-w-    C:\Windows\System32\lsasrv.dll
2014-11-13 06:29:57    342016    ----a-w-    C:\Windows\System32\schannel.dll
2014-11-13 06:28:57    3241984    ----a-w-    C:\Windows\System32\msi.dll
2014-11-13 06:28:57    2363904    ----a-w-    C:\Windows\SysWow64\msi.dll
2014-11-13 06:28:47    861696    ----a-w-    C:\Windows\System32\oleaut32.dll
2014-11-13 06:28:47    571904    ----a-w-    C:\Windows\SysWow64\oleaut32.dll
2014-11-13 05:41:59    --------    d-----w-    C:\Windows\System32\catroot2
2014-11-13 04:47:14    19392    ----a-w-    C:\Windows\System32\roboot64.exe
2014-11-13 04:30:43    --------    d-----w-    C:\Windows\CheckSur
2014-11-13 03:53:57    --------    d-----w-    C:\Users\aliciaswr\AppData\Roaming\ParetoLogic
2014-11-13 03:53:57    --------    d-----w-    C:\Users\aliciaswr\AppData\Roaming\DriverCure
2014-11-13 03:53:47    --------    d-----w-    C:\ProgramData\ParetoLogic
2014-11-13 03:32:46    147456    ----a-w-    C:\Windows\System32\initpki.dll
2014-11-12 18:07:51    8199504    ----a-w-    C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2014-11-12 18:07:48    11627712    ----a-w-    C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{8FC8FA45-5747-4D76-A3C8-DA49E9938653}\mpengine.dll
2014-11-12 18:07:45    11627712    ------w-    C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Updates\mpengine.dll
2014-11-12 13:30:37    --------    d-----w-    C:\Program Files\MPC-HC
2014-11-11 12:57:23    --------    d-----w-    C:\Users\aliciaswr\AppData\Roaming\NCH Software
2014-11-11 12:57:20    --------    d-----w-    C:\Program Files (x86)\NCH Software
2014-11-11 06:43:33    37624    ----a-w-    C:\Windows\System32\drivers\TrueSight.sys
2014-11-11 06:43:28    --------    d-----w-    C:\ProgramData\RogueKiller
2014-11-11 06:28:54    --------    d-----w-    C:\ProgramData\SUPERSetup
2014-11-10 23:17:29    --------    d-----w-    C:\ProgramData\HitmanPro
2014-11-09 08:25:45    --------    d-----w-    C:\AdwCleaner
2014-11-07 07:41:09    --------    d-----w-    C:\Users\aliciaswr\AppData\Local\Mozilla
2014-11-07 07:41:00    --------    d-----w-    C:\Program Files (x86)\Mozilla Maintenance Service
2014-11-05 10:28:51    71344    ----a-w-    C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-11-05 10:28:51    701104    ----a-w-    C:\Windows\SysWow64\FlashPlayerApp.exe
2014-11-05 07:27:44    --------    d-----w-    C:\Users\aliciaswr\dwhelper
2014-10-31 06:19:08    --------    d-----w-    C:\Users\aliciaswr\AppData\Roaming\JAM Software
2014-10-31 06:18:59    --------    d-----w-    C:\Program Files (x86)\JAM Software
2014-10-31 06:12:04    129752    ----a-w-    C:\Windows\System32\drivers\MBAMSwissArmy.sys
2014-10-31 06:11:45    93400    ----a-w-    C:\Windows\System32\drivers\mbamchameleon.sys
2014-10-31 06:11:45    63704    ----a-w-    C:\Windows\System32\drivers\mwac.sys
2014-10-31 06:11:45    25816    ----a-w-    C:\Windows\System32\drivers\mbam.sys
2014-10-31 06:11:44    --------    d-----w-    C:\ProgramData\Malwarebytes
2014-10-31 06:11:44    --------    d-----w-    C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-10-24 14:24:48    --------    d-----w-    C:\Users\aliciaswr\AppData\Local\iTudou_V3
2014-10-23 07:54:21    --------    d-----w-    C:\Users\aliciaswr\AppData\Roaming\LavasoftStatistics
2014-10-23 07:23:47    --------    d-----w-    C:\Windows\SysWow64\vbox
2014-10-23 07:23:47    --------    d-----w-    C:\Windows\System32\vbox
2014-10-23 04:50:43    43152    ----a-w-    C:\Windows\avastSS.scr
2014-10-23 04:13:54    1351168    ----a-w-    C:\Windows\SysWow64\GdiPlus.dll
2014-10-23 04:13:38    1690624    ----a-w-    C:\Windows\System32\GdiPlus.dll
2014-10-21 17:26:12    156824    ----a-w-    C:\Windows\SysWow64\mscorier.dll
2014-10-21 17:26:11    81560    ----a-w-    C:\Windows\SysWow64\mscories.dll
2014-10-21 17:26:11    73880    ----a-w-    C:\Windows\System32\mscories.dll
2014-10-21 17:26:11    1943696    ----a-w-    C:\Windows\System32\dfshim.dll
2014-10-21 17:26:11    156312    ----a-w-    C:\Windows\System32\mscorier.dll
2014-10-21 17:26:11    1131664    ----a-w-    C:\Windows\SysWow64\dfshim.dll
2014-10-21 17:22:08    3179520    ----a-w-    C:\Windows\System32\rdpcorets.dll
2014-10-21 17:21:25    424448    ----a-w-    C:\Windows\System32\rastls.dll
2014-10-21 17:21:24    372736    ----a-w-    C:\Windows\SysWow64\rastls.dll
2014-10-21 17:20:41    235520    ----a-w-    C:\Windows\System32\winsta.dll
2014-10-21 17:20:41    212480    ----a-w-    C:\Windows\System32\drivers\rdpwd.sys
2014-10-21 17:20:41    157696    ----a-w-    C:\Windows\SysWow64\winsta.dll
2014-10-21 17:20:41    150528    ----a-w-    C:\Windows\System32\rdpcorekmts.dll
2014-10-21 17:20:40    455168    ----a-w-    C:\Windows\System32\winlogon.exe
2014-10-21 17:20:28    39936    ----a-w-    C:\Windows\System32\drivers\tssecsrv.sys
2014-10-21 17:20:08    6584320    ----a-w-    C:\Windows\System32\mstscax.dll
2014-10-21 17:20:06    5703168    ----a-w-    C:\Windows\SysWow64\mstscax.dll
.
==================== Find3M  ====================
.
2014-11-15 08:20:01    135736    ----a-w-    C:\Windows\System32\vpncmd.exe
2014-11-10 23:45:46    43664    ----a-w-    C:\Windows\System32\drivers\hitmanpro37.sys
2014-11-06 04:04:03    2724864    ----a-w-    C:\Windows\System32\mshtml.tlb
2014-11-06 04:03:50    4096    ----a-w-    C:\Windows\System32\ieetwcollectorres.dll
2014-11-06 03:47:03    66560    ----a-w-    C:\Windows\System32\iesetup.dll
2014-11-06 03:46:12    580096    ----a-w-    C:\Windows\System32\vbscript.dll
2014-11-06 03:46:12    48640    ----a-w-    C:\Windows\System32\ieetwproxystub.dll
2014-11-06 03:44:28    88064    ----a-w-    C:\Windows\System32\MshtmlDac.dll
2014-11-06 03:30:22    144384    ----a-w-    C:\Windows\System32\ieUnatt.exe
2014-11-06 03:30:08    114688    ----a-w-    C:\Windows\System32\ieetwcollector.exe
2014-11-06 03:29:18    814080    ----a-w-    C:\Windows\System32\jscript9diag.dll
2014-11-06 03:28:20    2724864    ----a-w-    C:\Windows\SysWow64\mshtml.tlb
2014-11-06 03:23:57    6040064    ----a-w-    C:\Windows\System32\jscript9.dll
2014-11-06 03:20:18    968704    ----a-w-    C:\Windows\System32\MsSpellCheckingFacility.exe
2014-11-06 03:13:43    501248    ----a-w-    C:\Windows\SysWow64\vbscript.dll
2014-11-06 03:13:36    62464    ----a-w-    C:\Windows\SysWow64\iesetup.dll
2014-11-06 03:12:44    47616    ----a-w-    C:\Windows\SysWow64\ieetwproxystub.dll
2014-11-06 03:10:58    64000    ----a-w-    C:\Windows\SysWow64\MshtmlDac.dll
2014-11-06 03:07:29    77824    ----a-w-    C:\Windows\System32\JavaScriptCollectionAgent.dll
2014-11-06 02:59:36    115712    ----a-w-    C:\Windows\SysWow64\ieUnatt.exe
2014-11-06 02:58:38    620032    ----a-w-    C:\Windows\SysWow64\jscript9diag.dll
2014-11-06 02:42:36    60416    ----a-w-    C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
2014-11-06 02:39:39    1359360    ----a-w-    C:\Windows\System32\mshtmlmedia.dll
2014-11-06 02:38:25    2124288    ----a-w-    C:\Windows\System32\inetcpl.cpl
2014-11-06 02:21:49    4298240    ----a-w-    C:\Windows\SysWow64\jscript9.dll
2014-11-06 02:21:25    2051072    ----a-w-    C:\Windows\SysWow64\inetcpl.cpl
2014-11-06 02:20:37    1155072    ----a-w-    C:\Windows\SysWow64\mshtmlmedia.dll
2014-11-06 02:17:24    2365440    ----a-w-    C:\Windows\System32\wininet.dll
2014-11-06 01:52:35    1892864    ----a-w-    C:\Windows\SysWow64\wininet.dll
2014-11-04 06:30:58    275080    ------w-    C:\Windows\System32\MpSigStub.exe
2014-11-01 04:37:33    83280    ----a-w-    C:\Windows\System32\drivers\aswmonflt.sys
2014-11-01 04:37:02    1050432    ----a-w-    C:\Windows\System32\drivers\aswsnx.sys
2014-10-25 01:57:59    77824    ----a-w-    C:\Windows\System32\packager.dll
2014-10-25 01:32:37    67584    ----a-w-    C:\Windows\SysWow64\packager.dll
2014-10-23 04:50:49    116728    ----a-w-    C:\Windows\System32\drivers\aswStm.sys
2014-10-23 04:50:48    65776    ----a-w-    C:\Windows\System32\drivers\aswRvrt.sys
2014-10-23 04:50:48    29208    ----a-w-    C:\Windows\System32\drivers\aswHwid.sys
2014-10-23 04:50:48    267632    ----a-w-    C:\Windows\System32\drivers\aswVmm.sys
2014-10-23 04:50:47    93568    ----a-w-    C:\Windows\System32\drivers\aswRdr2.sys
2014-10-10 00:57:42    3198976    ----a-w-    C:\Windows\System32\win32k.sys
2014-10-03 02:12:00    500224    ----a-w-    C:\Windows\System32\AUDIOKSE.dll
2014-10-03 02:11:54    284672    ----a-w-    C:\Windows\System32\EncDump.dll
2014-10-03 02:11:51    680960    ----a-w-    C:\Windows\System32\audiosrv.dll
2014-10-03 02:11:51    440832    ----a-w-    C:\Windows\System32\AudioEng.dll
2014-10-03 02:11:51    296448    ----a-w-    C:\Windows\System32\AudioSes.dll
2014-10-03 01:44:42    442880    ----a-w-    C:\Windows\SysWow64\AUDIOKSE.dll
2014-10-03 01:44:26    374784    ----a-w-    C:\Windows\SysWow64\AudioEng.dll
2014-10-03 01:44:26    195584    ----a-w-    C:\Windows\SysWow64\AudioSes.dll
2014-09-26 08:06:58    89888    ----a-w-    C:\Windows\System32\NicInstC.dll
2014-09-26 08:06:58    73480    ----a-w-    C:\Windows\System32\e1cmsg.dll
2014-09-26 08:06:58    495376    ----a-w-    C:\Windows\System32\drivers\e1c62x64.sys
2014-09-25 02:08:38    371712    ----a-w-    C:\Windows\System32\qdvd.dll
2014-09-25 01:40:50    519680    ----a-w-    C:\Windows\SysWow64\qdvd.dll
2014-09-19 09:42:52    210944    ----a-w-    C:\Windows\System32\wdigest.dll
2014-09-19 09:42:51    86528    ----a-w-    C:\Windows\System32\TSpkg.dll
2014-09-19 09:42:47    314880    ----a-w-    C:\Windows\System32\msv1_0.dll
2014-09-19 09:42:47    309760    ----a-w-    C:\Windows\System32\ncrypt.dll
2014-09-19 09:42:44    728064    ----a-w-    C:\Windows\System32\kerberos.dll
2014-09-19 09:42:41    22016    ----a-w-    C:\Windows\System32\credssp.dll
2014-09-19 09:23:55    172032    ----a-w-    C:\Windows\SysWow64\wdigest.dll
2014-09-19 09:23:52    65536    ----a-w-    C:\Windows\SysWow64\TSpkg.dll
2014-09-19 09:23:49    248832    ----a-w-    C:\Windows\SysWow64\schannel.dll
2014-09-19 09:23:46    221184    ----a-w-    C:\Windows\SysWow64\ncrypt.dll
2014-09-19 09:23:45    259584    ----a-w-    C:\Windows\SysWow64\msv1_0.dll
2014-09-19 09:23:42    550912    ----a-w-    C:\Windows\SysWow64\kerberos.dll
2014-09-19 09:23:36    17408    ----a-w-    C:\Windows\SysWow64\credssp.dll
2014-09-18 12:23:38    447752    ----a-w-    C:\Windows\SysWow64\vp6vfw.dll
2014-09-09 22:11:04    2048    ----a-w-    C:\Windows\System32\tzres.dll
2014-09-09 21:47:10    2048    ----a-w-    C:\Windows\SysWow64\tzres.dll
2014-08-23 02:07:00    404480    ----a-w-    C:\Windows\System32\gdi32.dll
2014-08-23 01:45:55    311808    ----a-w-    C:\Windows\SysWow64\gdi32.dll
2014-08-21 06:43:26    1882624    ----a-w-    C:\Windows\System32\msxml3.dll
2014-08-21 06:40:32    2048    ----a-w-    C:\Windows\System32\msxml3r.dll
2014-08-21 06:26:21    1237504    ----a-w-    C:\Windows\SysWow64\msxml3.dll
2014-08-21 06:23:10    2048    ----a-w-    C:\Windows\SysWow64\msxml3r.dll
2013-02-17 03:27:32    2174976    ----a-w-    C:\Program Files (x86)\Common Files\atimpenc.dll
2005-07-14 04:31:20    32256    --sh--w-    C:\Windows\SysWOW64\AVSredirect.dll
.
============= FINISH: 17:23:22.15 ===============
 

Attached Files



BC AdBot (Login to Remove)

 


m

#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,549 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:03 AM

Posted 22 November 2014 - 04:30 AM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/556490 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from the following link if you no longer have it available and save it to your destop.

    DDS.com Download Link
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control can be found HERE.

As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 aliciaswr

aliciaswr
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:06:03 PM

Posted 23 November 2014 - 12:32 AM

I keep getting fake update popups asking me to download and updates programs like adobe, firefox.  I noticed that these update popups are caused by vxmclient,exe and winvxm.exe.

 

I found suspicious files in two folders (Windows Network Accelerator and Windows Optimizer respectively) and deleted those files.  I haven't had popups after that for 2-3days but would still like someone to look through to see whether there are leftovers virus/trojans.

 

I do not have the original windows dvd.

 

As requested, here is the new DDS log:

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.17420  BrowserJavaVersion: 10.60.2
Run by aliciaswr at 13:28:16 on 2014-11-23
Microsoft Windows 7 Home Premium   6.1.7601.1.936.86.1033.18.4078.2097 [GMT 8:00]
.
AV: avast! Antivirus *Enabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: avast! Antivirus *Enabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Acer\Acer Updater\UpdaterService.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Windows\system32\taskhost.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
C:\Windows\SysWOW64\svchost.exe -k SDDUpdate
C:\Program Files\SoftEther VPN Client\vpnclient_x64.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\OEM\USBDECTION\USBS3S4Detection.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\SoftEther VPN Client\vpnclient_x64.exe
C:\Windows\SysWOW64\svchost -k XLServicePlatform
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\AVAST Software\Avast\avastui.exe
C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe
C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\AVAST Software\Avast\ng\ngservice.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\WUDFHost.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Nero\Update\NASvc.exe
C:\Program Files (x86)\FreeTime\FormatFactory\FormatFactory.exe
C:\Program Files (x86)\FreeTime\FormatFactory\FFModules\Encoder\mencoder.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Program Files (x86)\K-Lite Codec Pack\Media Player Classic\mpc-hc_nvo.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\notepad.exe
C:\Windows\system32\taskeng.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
uSearch Bar = Preserve
mStart Page = about:blank
mWinlogon: Userinit = userinit.exe,
BHO: {3049C3E9-B461-4BC5-8870-4C09146192CA} - <orphaned>
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: {889D2FEB-5411-4565-8998-1DD2C5261283} - <orphaned>
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: QQ?????úê??ˉàà?÷???t: {C9C7334B-5657-41e1-8F79-F6AACECA05F4} - C:\Program Files (x86)\Common Files\Tencent\QQMiniDL\49\Browser\QQIEHelper01.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
uRun: [AdobeBridge] <no file>
mRun: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
mRun: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun: [SuiteTray] "C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
mRun: [Hotkey Utility] C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe
mRun: [EgisUpdate] "C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe" -d
mRun: [EgisTecPMMUpdate] "C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [AdobeCS6ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
dRunOnce: [IsMyWinLockerReboot] msiexec.exe /qn /x{voidguid}
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SOFTET~1.LNK - C:\Program Files\SoftEther VPN Client\vpncmgr_x64.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: SoftwareSASGeneration = dword:1
IE: 使用QQ下载助手下载 - C:\Program Files (x86)\Common Files\Tencent\QQMiniDL\49\Browser\xfgeturl.htm
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
Trusted Zone: gogobox.com.tw
Trusted Zone: gogobox.com.tw
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_45-windows-i586.cab
DPF: {99CAAA27-FA0C-4FA4-B88A-4AB1CC7A17FE} - hxxp://www.netgame.com/mplugin/mglaunch_USAv1005.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0017-0000-0045-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_45-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_45-windows-i586.cab
TCP: NameServer = 192.168.1.254
TCP: Interfaces\{80A6A55D-9782-4543-BD44-86C679C22D42} : DHCPNameServer = 192.168.1.254
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.65\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-mStart Page = about:blank
x64-BHO: 迅雷下载支持: {004B0726-A010-4ABF-8556-FCDB7F1FCA1E} - C:\Program Files (x86)\Thunder Network\Thunder\BHO\XunleiBHO647.9.16.4670.dll
x64-BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-TB: avast! Online Security: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - LocalServer32 - <no file>
x64-Run: [SoftEther VPN Client UI Helper] "C:\Program Files\SoftEther VPN Client\vpnclient_x64.exe" /uihelp
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\aliciaswr\AppData\Roaming\Mozilla\Firefox\Profiles\taxqrwy2.default\
FF - prefs.js: browser.startup.homepage - yahoo.com
FF - prefs.js: network.proxy.type - 2
FF - plugin: C:\Program Files (x86)\115\115com\np_115download_plugin.dll
FF - plugin: C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\npAdobeExManDetectX86.dll
FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll
FF - plugin: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll
FF - plugin: C:\Program Files (x86)\Common Files\Tencent\Npchrome\npactivex.dll
FF - plugin: C:\Program Files (x86)\Common Files\Tencent\QQMiniDL\49\Browser\npXFMiniDLPlugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
FF - plugin: C:\Program Files (x86)\QQMailPlugin\npQQMailWebKit.dll
FF - plugin: C:\Program Files (x86)\QQMailPlugin\nptxftnWebKit.dll
FF - plugin: c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll
FF - plugin: C:\Program Files (x86)\Tencent\QQMusic\QzoneMusic\npQzoneMusic.dll
FF - plugin: C:\Program Files (x86)\Tencent\Qzone\npQQPhotoDrawEx.dll
FF - plugin: C:\Program Files (x86)\Thunder Network\Thunder\Data\npxunlei1.0.0.2.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll
FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll
FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll
FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll
FF - plugin: C:\Users\aliciaswr\AppData\Local\Zettamedia\PdClubBox\npZmLauncher.dll
FF - plugin: C:\Users\aliciaswr\AppData\Roaming\baidu\Baidu Uploader\npUploader.dll
FF - plugin: C:\Users\aliciaswr\AppData\Roaming\baidu\BaiduYunGuanjia\npyunwebdetect.dll
FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1213153.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_223.dll
.
============= SERVICES / DRIVERS ===============
.
R0 aswRvrt;avast! Revert;C:\Windows\System32\drivers\aswRvrt.sys [2013-8-7 65776]
R0 aswVmm;avast! VM Monitor;C:\Windows\System32\drivers\aswVmm.sys [2013-8-7 267632]
R0 nvpciflt;nvpciflt;C:\Windows\System32\drivers\nvpciflt.sys [2011-6-3 23704]
R1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswsnx.sys [2011-9-27 1050432]
R1 aswSP;aswSP;C:\Windows\System32\drivers\aswsp.sys [2011-9-27 436624]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\System32\drivers\dtsoftbus01.sys [2014-2-5 283064]
R1 mwlPSDFilter;mwlPSDFilter;C:\Windows\System32\drivers\mwlPSDFilter.sys [2011-3-24 22912]
R1 mwlPSDNServ;mwlPSDNServ;C:\Windows\System32\drivers\mwlPSDNserv.sys [2011-3-24 20328]
R1 mwlPSDVDisk;mwlPSDVDisk;C:\Windows\System32\drivers\mwlPSDVDisk.sys [2011-3-24 62584]
R2 aswHwid;avast! HardwareID;C:\Windows\System32\drivers\aswHwid.sys [2014-8-15 29208]
R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswmonflt.sys [2011-9-27 83280]
R2 aswStm;aswStm;C:\Windows\System32\drivers\aswStm.sys [2014-3-30 116728]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2014-10-23 50344]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-6-3 13336]
R2 KuaiZipDrive;KuaiZipDrive;C:\Windows\System32\drivers\KuaiZipDrive.sys [2012-11-17 93992]
R2 Live Updater Service;Live Updater Service;C:\Program Files\Acer\Acer Updater\UpdaterService.exe [2012-5-20 255376]
R2 NAUpdate;Nero Update;C:\Program Files (x86)\Nero\Update\NASvc.exe [2010-5-5 503080]
R2 PassThru Service;Internet Pass-Through Service;C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [2010-9-16 80896]
R2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [2012-11-29 38608]
R2 SDDUpdate;SDDUpdate;C:\Windows\System32\svchost.exe -k SDDUpdate [2009-7-14 27136]
R2 SEVPNCLIENT;SoftEther VPN Client;C:\Program Files\SoftEther VPN Client\vpnclient_x64.exe [2014-2-6 4374072]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-3-9 378472]
R2 USBS3S4Detection;USBS3S4Detection;C:\OEM\USBDECTION\USBS3S4Detection.exe [2009-12-14 76320]
R2 VBoxAswDrv;VBoxAsw Support Driver;C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [2014-10-23 270728]
R2 XLServicePlatform;XLServicePlatform;C:\Windows\System32\svchost -k XLServicePlatform --> C:\Windows\System32\svchost -k XLServicePlatform [?]
R2 YLMFVDISK;YLMF Virtual Diskette V1;C:\Windows\System32\drivers\VirtDisk64.sys [2011-12-21 23896]
R3 AvastVBoxSvc;AvastVBox COM Service;C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [2014-10-23 4012248]
R3 Neo_VPN;VPN Client Device Driver - VPN;C:\Windows\System32\drivers\Neo_0053.sys [2014-11-21 28768]
R3 netr28x;Ralink 802.11n Extensible Wireless Driver;C:\Windows\System32\drivers\netr28x.sys [2011-3-24 1014624]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2014-4-3 315008]
S2 WindowsOptimizer_P2;Windows Optimizer Services (P2);C:\Program Files (x86)\Windows Optimizer\P2\optimizer.exe --> C:\Program Files (x86)\Windows Optimizer\P2\optimizer.exe [?]
S2 WindowsVNT_R3;Windows Virtual Network (WVN3); [x]
S3 anvsnddrv;AnvSoft Virtual Sound Device;C:\Windows\System32\drivers\anvsnddrv.sys [2014-2-5 33872]
S3 DigiartyVirtualCDBus;Digiarty Virtual Driver;C:\Windows\System32\drivers\DigiartyVirtualCDBus.sys [2011-11-18 276256]
S3 EgisTec Ticket Service;EgisTec Ticket Service;C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe [2010-9-28 172912]
S3 hitmanpro37;HitmanPro 3.7 Support Driver;C:\Windows\System32\drivers\hitmanpro37.sys [2013-11-8 43664]
S3 HTCAND64;HTC Device Driver;C:\Windows\System32\drivers\ANDROIDUSB.sys [2009-11-1 33736]
S3 htcnprot;HTC NDIS Protocol Driver;C:\Windows\System32\drivers\htcnprot.sys [2010-6-25 36928]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-11-13 114688]
S3 Neo_VPN-JP;VPN Client Device Driver - VPN-JP;C:\Windows\System32\drivers\Neo_0117.sys [2014-2-6 28768]
S3 npggsvc;nProtect GameGuard Service;C:\Windows\System32\GameMon.des -service --> C:\Windows\System32\GameMon.des -service [?]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2012-11-28 19456]
S3 SwitchBoard;SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 tapoas;TAP-Win32 Adapter OAS;C:\Windows\System32\drivers\tapoas.sys [2011-8-19 30720]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2014-2-25 56832]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2012-11-28 30208]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-8-9 1255736]
S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\System32\drivers\wdcsam64.sys [2008-5-6 14464]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-23 57184]
.
=============== Created Last 30 ================
.
2014-11-21 11:56:53    28768    ----a-w-    C:\Windows\System32\drivers\Neo_0053.sys
2014-11-21 11:49:37    28768    ----a-w-    C:\Windows\System32\drivers\Neo_0105.sys
2014-11-19 03:04:44    728064    ----a-w-    C:\Windows\System32\kerberos.dll
2014-11-19 03:04:44    241152    ----a-w-    C:\Windows\System32\pku2u.dll
2014-11-19 03:04:44    186880    ----a-w-    C:\Windows\SysWow64\pku2u.dll
2014-11-19 03:04:42    550912    ----a-w-    C:\Windows\SysWow64\kerberos.dll
2014-11-18 10:43:27    --------    d-----w-    C:\Users\aliciaswr\AppData\Local\DriverToolkit
2014-11-18 10:28:58    --------    d-----w-    C:\ProgramData\Ralink Driver
2014-11-18 06:36:45    --------    d-----w-    C:\Program Files\Reason
2014-11-17 06:23:34    --------    d-----w-    C:\ProgramData\Optimizer
2014-11-15 07:53:11    --------    d-----w-    C:\Users\aliciaswr\AppData\Local\Diagnostics
2014-11-15 07:37:10    --------    d-sh--w-    C:\Users\aliciaswr\AppData\Local\EmieBrowserModeList
2014-11-13 06:50:51    --------    d-----w-    C:\Users\aliciaswr\AppData\Roaming\KunlunInput
2014-11-13 06:50:45    --------    d-----w-    C:\Users\aliciaswr\AppData\Roaming\Kunlun
2014-11-13 06:31:24    424448    ----a-w-    C:\Windows\System32\aeinv.dll
2014-11-13 06:31:24    304640    ----a-w-    C:\Windows\System32\generaltel.dll
2014-11-13 06:31:24    228864    ----a-w-    C:\Windows\System32\aepdu.dll
2014-11-13 06:31:13    683520    ----a-w-    C:\Windows\System32\termsrv.dll
2014-11-13 06:31:13    681984    ----a-w-    C:\Windows\System32\adtschema.dll
2014-11-13 06:31:13    155064    ----a-w-    C:\Windows\System32\drivers\ksecpkg.sys
2014-11-13 06:31:12    96768    ----a-w-    C:\Windows\SysWow64\sspicli.dll
2014-11-13 06:31:12    681984    ----a-w-    C:\Windows\SysWow64\adtschema.dll
2014-11-13 06:31:12    22016    ----a-w-    C:\Windows\SysWow64\secur32.dll
2014-11-13 06:31:12    146432    ----a-w-    C:\Windows\SysWow64\msaudite.dll
2014-11-13 06:31:12    146432    ----a-w-    C:\Windows\System32\msaudite.dll
2014-11-13 06:31:12    1460736    ----a-w-    C:\Windows\System32\lsasrv.dll
2014-11-13 06:29:57    342016    ----a-w-    C:\Windows\System32\schannel.dll
2014-11-13 06:28:57    3241984    ----a-w-    C:\Windows\System32\msi.dll
2014-11-13 06:28:57    2363904    ----a-w-    C:\Windows\SysWow64\msi.dll
2014-11-13 06:28:47    861696    ----a-w-    C:\Windows\System32\oleaut32.dll
2014-11-13 06:28:47    571904    ----a-w-    C:\Windows\SysWow64\oleaut32.dll
2014-11-13 05:41:59    --------    d-----w-    C:\Windows\System32\catroot2
2014-11-13 04:47:14    19392    ----a-w-    C:\Windows\System32\roboot64.exe
2014-11-13 04:30:43    --------    d-----w-    C:\Windows\CheckSur
2014-11-13 03:53:57    --------    d-----w-    C:\Users\aliciaswr\AppData\Roaming\ParetoLogic
2014-11-13 03:53:57    --------    d-----w-    C:\Users\aliciaswr\AppData\Roaming\DriverCure
2014-11-13 03:32:46    147456    ----a-w-    C:\Windows\System32\initpki.dll
2014-11-12 18:07:51    8199504    ----a-w-    C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2014-11-12 18:07:48    11627712    ----a-w-    C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{8FC8FA45-5747-4D76-A3C8-DA49E9938653}\mpengine.dll
2014-11-12 18:07:45    11627712    ------w-    C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Updates\mpengine.dll
2014-11-12 13:30:37    --------    d-----w-    C:\Program Files\MPC-HC
2014-11-11 12:57:23    --------    d-----w-    C:\Users\aliciaswr\AppData\Roaming\NCH Software
2014-11-11 12:57:20    --------    d-----w-    C:\Program Files (x86)\NCH Software
2014-11-11 06:43:33    37624    ----a-w-    C:\Windows\System32\drivers\TrueSight.sys
2014-11-11 06:43:28    --------    d-----w-    C:\ProgramData\RogueKiller
2014-11-11 06:28:54    --------    d-----w-    C:\ProgramData\SUPERSetup
2014-11-10 23:17:29    --------    d-----w-    C:\ProgramData\HitmanPro
2014-11-09 08:25:45    --------    d-----w-    C:\AdwCleaner
2014-11-07 07:41:09    --------    d-----w-    C:\Users\aliciaswr\AppData\Local\Mozilla
2014-11-07 07:41:00    --------    d-----w-    C:\Program Files (x86)\Mozilla Maintenance Service
2014-11-05 10:28:51    71344    ----a-w-    C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-11-05 10:28:51    701104    ----a-w-    C:\Windows\SysWow64\FlashPlayerApp.exe
2014-10-31 06:19:08    --------    d-----w-    C:\Users\aliciaswr\AppData\Roaming\JAM Software
2014-10-31 06:18:59    --------    d-----w-    C:\Program Files (x86)\JAM Software
2014-10-31 06:12:04    129752    ----a-w-    C:\Windows\System32\drivers\MBAMSwissArmy.sys
2014-10-31 06:11:45    93400    ----a-w-    C:\Windows\System32\drivers\mbamchameleon.sys
2014-10-31 06:11:45    63704    ----a-w-    C:\Windows\System32\drivers\mwac.sys
2014-10-31 06:11:45    25816    ----a-w-    C:\Windows\System32\drivers\mbam.sys
2014-10-31 06:11:44    --------    d-----w-    C:\ProgramData\Malwarebytes
2014-10-31 06:11:44    --------    d-----w-    C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-10-24 14:24:48    --------    d-----w-    C:\Users\aliciaswr\AppData\Local\iTudou_V3
.
==================== Find3M  ====================
.
2014-11-22 03:38:07    1050432    ----a-w-    C:\Windows\System32\drivers\aswsnx.sys
2014-11-21 11:46:58    135736    ----a-w-    C:\Windows\System32\vpncmd.exe
2014-11-10 23:45:46    43664    ----a-w-    C:\Windows\System32\drivers\hitmanpro37.sys
2014-11-06 04:04:03    2724864    ----a-w-    C:\Windows\System32\mshtml.tlb
2014-11-06 04:03:50    4096    ----a-w-    C:\Windows\System32\ieetwcollectorres.dll
2014-11-06 03:47:03    66560    ----a-w-    C:\Windows\System32\iesetup.dll
2014-11-06 03:46:12    580096    ----a-w-    C:\Windows\System32\vbscript.dll
2014-11-06 03:46:12    48640    ----a-w-    C:\Windows\System32\ieetwproxystub.dll
2014-11-06 03:44:28    88064    ----a-w-    C:\Windows\System32\MshtmlDac.dll
2014-11-06 03:30:22    144384    ----a-w-    C:\Windows\System32\ieUnatt.exe
2014-11-06 03:30:08    114688    ----a-w-    C:\Windows\System32\ieetwcollector.exe
2014-11-06 03:29:18    814080    ----a-w-    C:\Windows\System32\jscript9diag.dll
2014-11-06 03:28:20    2724864    ----a-w-    C:\Windows\SysWow64\mshtml.tlb
2014-11-06 03:23:57    6040064    ----a-w-    C:\Windows\System32\jscript9.dll
2014-11-06 03:20:18    968704    ----a-w-    C:\Windows\System32\MsSpellCheckingFacility.exe
2014-11-06 03:13:43    501248    ----a-w-    C:\Windows\SysWow64\vbscript.dll
2014-11-06 03:13:36    62464    ----a-w-    C:\Windows\SysWow64\iesetup.dll
2014-11-06 03:12:44    47616    ----a-w-    C:\Windows\SysWow64\ieetwproxystub.dll
2014-11-06 03:10:58    64000    ----a-w-    C:\Windows\SysWow64\MshtmlDac.dll
2014-11-06 03:07:29    77824    ----a-w-    C:\Windows\System32\JavaScriptCollectionAgent.dll
2014-11-06 02:59:36    115712    ----a-w-    C:\Windows\SysWow64\ieUnatt.exe
2014-11-06 02:58:38    620032    ----a-w-    C:\Windows\SysWow64\jscript9diag.dll
2014-11-06 02:42:36    60416    ----a-w-    C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
2014-11-06 02:39:39    1359360    ----a-w-    C:\Windows\System32\mshtmlmedia.dll
2014-11-06 02:38:25    2124288    ----a-w-    C:\Windows\System32\inetcpl.cpl
2014-11-06 02:21:49    4298240    ----a-w-    C:\Windows\SysWow64\jscript9.dll
2014-11-06 02:21:25    2051072    ----a-w-    C:\Windows\SysWow64\inetcpl.cpl
2014-11-06 02:20:37    1155072    ----a-w-    C:\Windows\SysWow64\mshtmlmedia.dll
2014-11-06 02:17:24    2365440    ----a-w-    C:\Windows\System32\wininet.dll
2014-11-06 01:52:35    1892864    ----a-w-    C:\Windows\SysWow64\wininet.dll
2014-11-04 06:30:58    275080    ------w-    C:\Windows\System32\MpSigStub.exe
2014-11-01 04:37:33    83280    ----a-w-    C:\Windows\System32\drivers\aswmonflt.sys
2014-10-25 01:57:59    77824    ----a-w-    C:\Windows\System32\packager.dll
2014-10-25 01:32:37    67584    ----a-w-    C:\Windows\SysWow64\packager.dll
2014-10-23 04:50:49    116728    ----a-w-    C:\Windows\System32\drivers\aswStm.sys
2014-10-23 04:50:48    65776    ----a-w-    C:\Windows\System32\drivers\aswRvrt.sys
2014-10-23 04:50:48    29208    ----a-w-    C:\Windows\System32\drivers\aswHwid.sys
2014-10-23 04:50:48    267632    ----a-w-    C:\Windows\System32\drivers\aswVmm.sys
2014-10-23 04:50:47    93568    ----a-w-    C:\Windows\System32\drivers\aswRdr2.sys
2014-10-23 04:50:43    43152    ----a-w-    C:\Windows\avastSS.scr
2014-10-23 04:14:02    1351168    ----a-w-    C:\Windows\SysWow64\GdiPlus.dll
2014-10-23 04:13:54    1690624    ----a-w-    C:\Windows\System32\GdiPlus.dll
2014-10-10 00:57:42    3198976    ----a-w-    C:\Windows\System32\win32k.sys
2014-10-03 02:12:00    500224    ----a-w-    C:\Windows\System32\AUDIOKSE.dll
2014-10-03 02:11:54    284672    ----a-w-    C:\Windows\System32\EncDump.dll
2014-10-03 02:11:51    680960    ----a-w-    C:\Windows\System32\audiosrv.dll
2014-10-03 02:11:51    440832    ----a-w-    C:\Windows\System32\AudioEng.dll
2014-10-03 02:11:51    296448    ----a-w-    C:\Windows\System32\AudioSes.dll
2014-10-03 01:44:42    442880    ----a-w-    C:\Windows\SysWow64\AUDIOKSE.dll
2014-10-03 01:44:26    374784    ----a-w-    C:\Windows\SysWow64\AudioEng.dll
2014-10-03 01:44:26    195584    ----a-w-    C:\Windows\SysWow64\AudioSes.dll
2014-09-26 08:06:58    89888    ----a-w-    C:\Windows\System32\NicInstC.dll
2014-09-26 08:06:58    73480    ----a-w-    C:\Windows\System32\e1cmsg.dll
2014-09-26 08:06:58    495376    ----a-w-    C:\Windows\System32\drivers\e1c62x64.sys
2014-09-25 02:08:38    371712    ----a-w-    C:\Windows\System32\qdvd.dll
2014-09-25 01:40:50    519680    ----a-w-    C:\Windows\SysWow64\qdvd.dll
2014-09-19 09:42:52    210944    ----a-w-    C:\Windows\System32\wdigest.dll
2014-09-19 09:42:51    86528    ----a-w-    C:\Windows\System32\TSpkg.dll
2014-09-19 09:42:47    314880    ----a-w-    C:\Windows\System32\msv1_0.dll
2014-09-19 09:42:47    309760    ----a-w-    C:\Windows\System32\ncrypt.dll
2014-09-19 09:42:41    22016    ----a-w-    C:\Windows\System32\credssp.dll
2014-09-19 09:23:55    172032    ----a-w-    C:\Windows\SysWow64\wdigest.dll
2014-09-19 09:23:52    65536    ----a-w-    C:\Windows\SysWow64\TSpkg.dll
2014-09-19 09:23:49    248832    ----a-w-    C:\Windows\SysWow64\schannel.dll
2014-09-19 09:23:46    221184    ----a-w-    C:\Windows\SysWow64\ncrypt.dll
2014-09-19 09:23:45    259584    ----a-w-    C:\Windows\SysWow64\msv1_0.dll
2014-09-19 09:23:36    17408    ----a-w-    C:\Windows\SysWow64\credssp.dll
2014-09-18 12:23:38    447752    ----a-w-    C:\Windows\SysWow64\vp6vfw.dll
2014-09-09 22:11:04    2048    ----a-w-    C:\Windows\System32\tzres.dll
2014-09-09 21:47:10    2048    ----a-w-    C:\Windows\SysWow64\tzres.dll
2014-09-05 02:11:09    6584320    ----a-w-    C:\Windows\System32\mstscax.dll
2014-09-05 01:52:41    5703168    ----a-w-    C:\Windows\SysWow64\mstscax.dll
2014-09-04 05:23:20    424448    ----a-w-    C:\Windows\System32\rastls.dll
2014-09-04 05:04:15    372736    ----a-w-    C:\Windows\SysWow64\rastls.dll
2014-08-29 02:07:13    3179520    ----a-w-    C:\Windows\System32\rdpcorets.dll
2013-02-17 03:27:32    2174976    ----a-w-    C:\Program Files (x86)\Common Files\atimpenc.dll
2005-07-14 04:31:20    32256    --sh--w-    C:\Windows\SysWOW64\AVSredirect.dll
.
============= FINISH: 13:31:13.01 ===============
 



#4 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,499 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:04:03 AM

Posted 23 November 2014 - 08:37 PM

Hello aliciaswr,

  • Welcome to Bleeping Computer.
  • My name is fireman4it and I will be helping you with your Malware problem.

    Please take note of some guidelines for this fix:
  • Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools.
      
  • If you do not understand any step(s) provided, please do not hesitate to ask before continuing.
      
  • Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean".
  • In the upper right hand corner of the topic you will see a button called Follow This Topic.I suggest you click it and select Immediate E-Mail notification and click on Follow This Topic. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

      
  • Finally, please reply using the Post  button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply, unless they do not fit into the post.

 

 

1.

Please download AdwCleaner by Xplode and save to your Desktop.

  • Double click on AdwCleaner.exe to run the tool .
  • Click on the Scan button.
  • AdwCleaner will begin to scan your computer.
  • After the scan has finished...
  • Click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[S#].txt) will open automatically (where the largest value of # represents the most recent report).
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.

 

2.

Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will produce a log called FRST.txt in the same directory the tool is run from.
  • Please copy and paste log back here.
  • The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#5 aliciaswr

aliciaswr
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:06:03 PM

Posted 23 November 2014 - 10:58 PM

Hi fireman, thanks for helping.

 

Here is the AdwCleaner log:

 

# AdwCleaner v4.102 - Report created 24/11/2014 at 11:49:24
# Updated 23/11/2014 by Xplode
# Database : 2014-11-23.7 [Live]
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : aliciaswr - NALIC3
# Running from : C:\Users\aliciaswr\Desktop\avsw\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

[x] Not Deleted : C:\ProgramData\NCH Software
[x] Not Deleted : C:\ProgramData\tencent
[x] Not Deleted : C:\Program Files (x86)\NCH Software
[x] Not Deleted : C:\Program Files (x86)\tencent
[x] Not Deleted : C:\Program Files (x86)\Common Files\tencent
[x] Not Deleted : C:\Users\aliciaswr\AppData\Local\tencent
[x] Not Deleted : C:\Users\aliciaswr\AppData\LocalLow\tencent
[x] Not Deleted : C:\Users\aliciaswr\AppData\Roaming\baidu
Folder Deleted : C:\Users\aliciaswr\AppData\Roaming\DriverCure
[x] Not Deleted : C:\Users\aliciaswr\AppData\Roaming\NCH Software
Folder Deleted : C:\Users\aliciaswr\AppData\Roaming\ParetoLogic
[x] Not Deleted : C:\Users\aliciaswr\AppData\Roaming\tencent
[x] Not Deleted : C:\Users\All Users\NCH Software
[x] Not Deleted : C:\Users\All Users\tencent
[x] Not Deleted : C:\Users\All Users\Documents\tencent
[x] Not Deleted : C:\Users\Public\Documents\tencent
File Deleted : C:\Windows\System32\roboot64.exe

***** [ Scheduled Tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7854F00C-DC77-477E-A10E-603F48442D3B}
Key Deleted : HKCU\Software\ParetoLogic
Key Deleted : HKCU\Software\Tencent
Key Deleted : HKLM\SOFTWARE\ParetoLogic

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17420


-\\ Mozilla Firefox v33.1.1 (x86 en-US)


-\\ Google Chrome v39.0.2171.65


*************************

AdwCleaner[R1].txt - [4678 octets] - [09/11/2014 16:25:47]
AdwCleaner[R2].txt - [1886 octets] - [11/11/2014 07:16:28]
AdwCleaner[R3].txt - [2255 octets] - [24/11/2014 11:46:10]
AdwCleaner[S1].txt - [4780 octets] - [09/11/2014 16:31:19]
AdwCleaner[S2].txt - [1856 octets] - [11/11/2014 07:22:49]
AdwCleaner[S3].txt - [2146 octets] - [24/11/2014 11:49:24]

########## EOF - C:\AdwCleaner\AdwCleaner[S3].txt - [2206 octets] ##########
 

 

 

Here is the FRST log:

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 23-11-2014 01
Ran by aliciaswr (administrator) on NALIC3 on 24-11-2014 11:53:23
Running from C:\Users\aliciaswr\Desktop\avsw
Loaded Profile: aliciaswr (Available profiles: aliciaswr & fbwuser)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\wisptis.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Microsoft Corporation) C:\Windows\System32\wisptis.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\VS7DEBUG\MDM.EXE
() C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
() C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(SoftEther VPN Project at University of Tsukuba, Japan.) C:\Program Files\SoftEther VPN Client\vpnclient_x64.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
() C:\OEM\USBDECTION\USBS3S4Detection.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(SoftEther VPN Project at University of Tsukuba, Japan.) C:\Program Files\SoftEther VPN Client\vpnclient_x64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(SoftEther VPN Project at University of Tsukuba, Japan.) C:\Program Files\SoftEther VPN Client\vpncmgr_x64.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
() C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Avast Software) C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\ng\ngservice.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\ink\InputPersonalization.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SoftEther VPN Client UI Helper] => C:\Program Files\SoftEther VPN Client\vpnclient_x64.exe [4374072 2014-11-21] (SoftEther VPN Project at University of Tsukuba, Japan.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11580520 2010-11-11] (Realtek Semiconductor)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [444904 2012-09-20] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5223016 2014-11-01] (AVAST Software)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SuiteTray] => C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe [340336 2010-09-28] (Egis Technology Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [283160 2010-11-06] (Intel Corporation)
HKLM-x32\...\Run: [Hotkey Utility] => C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe [620136 2011-01-19] ()
HKLM-x32\...\Run: [EgisUpdate] => C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe [201584 2010-09-18] (Egis Technology Inc.)
HKLM-x32\...\Run: [EgisTecPMMUpdate] => C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe [407920 2010-09-18] (Egis Technology Inc.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1075296 2013-04-25] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-22] (Adobe Systems Incorporated)
HKU\S-1-5-19\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid}
HKU\S-1-5-20\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid}
HKU\S-1-5-21-3077078221-4219268691-1026116933-1001\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-3077078221-4219268691-1026116933-1001\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3675352 2013-10-28] (Disc Soft Ltd)
HKU\S-1-5-21-3077078221-4219268691-1026116933-1001\...\MountPoints2: {d883c428-d2a7-11e0-bd88-c89cdc28a8aa} - I:\LaunchU3.exe -a
HKU\S-1-5-18\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid}
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SoftEther VPN Client Manager Startup.lnk
ShortcutTarget: SoftEther VPN Client Manager Startup.lnk -> C:\Program Files\SoftEther VPN Client\vpncmgr_x64.exe (SoftEther VPN Project at University of Tsukuba, Japan.)
ShellIconOverlayIdentifiers: [        CloudBoxOverlay2Error] -> {24E14F82-4372-4e68-A408-B3F68EA4DA78} =>  No File
ShellIconOverlayIdentifiers: [!IconOverlay_Conflict] -> {486C8576-C2C5-42AD-87C6-5E9681633935} => C:\Users\aliciaswr\AppData\Roaming\115\Box\Sync115Ext64.dll (广东雨林木风计算机科技有限公司)
ShellIconOverlayIdentifiers: [!IconOverlay_ForbidSync] -> {683617F1-0DD4-4B24-B87F-73CE23B8440C} => C:\Users\aliciaswr\AppData\Roaming\115\Box\Sync115Ext64.dll (广东雨林木风计算机科技有限公司)
ShellIconOverlayIdentifiers: [!IconOverlay_LargeFile] -> {6B3CB227-0A30-418E-A673-FF1F142D9327} =>  No File
ShellIconOverlayIdentifiers: [!IconOverlay_Synced] -> {B2AF7140-40A1-449E-82B9-2C0876C97AF4} => C:\Users\aliciaswr\AppData\Roaming\115\Box\Sync115Ext64.dll (广东雨林木风计算机科技有限公司)
ShellIconOverlayIdentifiers: [!IconOverlay_Syncing] -> {F3E9E0C3-F30E-4EB1-9926-A5DA9DC2F68D} => C:\Users\aliciaswr\AppData\Roaming\115\Box\Sync115Ext64.dll (广东雨林木风计算机科技有限公司)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
ShellIconOverlayIdentifiers: [115ErrorOverlayIcon] -> {361F6990-0582-4B1B-88D1-294640A2AB65} => C:\Program Files (x86)\115\115com\Shell_x64.dll (广东一一五科技有限公司)
ShellIconOverlayIdentifiers: [115ProcessOverlayIcon] -> {52F2EEDF-65F7-4685-8C30-10F56E1080E6} => C:\Program Files (x86)\115\115com\Shell_x64.dll (广东一一五科技有限公司)
ShellIconOverlayIdentifiers: [115SucceedOverlayIcon] -> {E6DDA755-8C6C-4D06-8765-FEA0DC7F2660} => C:\Program Files (x86)\115\115com\Shell_x64.dll (广东一一五科技有限公司)
ShellIconOverlayIdentifiers: [AAADesktopTips] -> {4562B511-62E9-4533-B7B2-56A8BB10B482} => C:\Users\Public\Thunder Network\KanKan\reghelper\xappex.1.1.1.82.(69).dll (深圳市迅雷网络技术有限公司)
ShellIconOverlayIdentifiers: [FunOverlay] -> {A5662DF9-0C2E-4A56-9FE1-BACFF6966D88} => C:\Users\Public\Fundata\FunSeed64V237.dll (Funshion)
ShellIconOverlayIdentifiers: [KzShlobj] -> {AAA0C5B8-933F-4200-93AD-B143D7FFF9F2} => C:\Program Files\KuaiZip\KZipShell.dll ()
ShellIconOverlayIdentifiers-x32: [AAADesktopTips] -> {4562B511-62E9-4533-B7B2-56A8BB10B482} =>  No File

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-3077078221-4219268691-1026116933-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM-x32 -> DefaultScope value is missing.
SearchScopes: HKU\S-1-5-21-3077078221-4219268691-1026116933-1001 -> DefaultScope {88A5DA86-30CE-4EA4-B0D5-E4F892E7CD21} URL = https://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-3077078221-4219268691-1026116933-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3077078221-4219268691-1026116933-1001 -> {88A5DA86-30CE-4EA4-B0D5-E4F892E7CD21} URL = https://www.google.com/search?q={searchTerms}
BHO: 迅雷下载支持 -> {004B0726-A010-4ABF-8556-FCDB7F1FCA1E} -> C:\Program Files (x86)\Thunder Network\Thunder\BHO\XunleiBHO647.9.16.4670.dll (深圳市迅雷网络技术有限公司)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: No Name -> {3049C3E9-B461-4BC5-8870-4C09146192CA} ->  No File
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: No Name -> {889D2FEB-5411-4565-8998-1DD2C5261283} ->  No File
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: QQÏÂÔØÖúÊÖä¯ÀÀÆ÷¿Ø¼þ -> {C9C7334B-5657-41e1-8F79-F6AACECA05F4} -> C:\Program Files (x86)\Common Files\Tencent\QQMiniDL\49\Browser\QQIEHelper01.dll (Tencent Technology (Shenzhen) Company Limited)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
DPF: HKLM-x32 {99CAAA27-FA0C-4FA4-B88A-4AB1CC7A17FE} http://www.netgame.com/mplugin/mglaunch_USAv1005.cab
DPF: HKLM-x32 {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
Handler-x32: http - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: http - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Hosts: Hosts file not detected in the default directory
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254

FireFox:
========
FF ProfilePath: C:\Users\aliciaswr\AppData\Roaming\Mozilla\Firefox\Profiles\taxqrwy2.default
FF Homepage: yahoo.com
FF NetworkProxy: "autoconfig_url", "resource://jid1-zv8ehywtdnutwq-at-jetpack/unblock-youku/data/proxy.pac"
FF NetworkProxy: "type", 2
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_223.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @qvod.com/QvodShare -> C:\Program Files (x86)\QvodPlayer\npShareModule_x64.dll No File
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems)
FF Plugin: adobe.com/AdobeExManDetect -> C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\Win64Plugin\npAdobeExManDetectX64.dll (Adobe Systems)
FF Plugin-x32: @115.com/CheckPluginEx -> C:\Program Files (x86)\115\115com\np_115download_plugin.dll (115.COM Inc.)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_223.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1213153.dll (Adobe Systems, Inc.)
FF Plugin-x32: @baidu.com/npxbdyy -> C:\Program Files\风云影音\BaiduPlayer\npxbdyy.dll No File
FF Plugin-x32: @baidu.com/UploadPlugin -> C:\Users\aliciaswr\AppData\Roaming\baidu\Baidu Uploader\npUploader.dll (Baidu.com, Inc.)
FF Plugin-x32: @baidu.com/YunWebDetectPlugin -> C:\Users\aliciaswr\AppData\Roaming\baidu\BaiduYunGuanjia\npYunWebDetect.dll (Baidu.com, Inc.)
FF Plugin-x32: @funshion.com/npFunshion -> C:\Users\aliciaswr\funshion\funshiontools\npFunshion.dll No File
FF Plugin-x32: @java.com/DTPlugin,version=10.60.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.60.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin-x32: @qq.com/npqscall -> C:\Program Files (x86)\Common Files\Tencent\Npchrome\npactivex.dll (Tencent)
FF Plugin-x32: @qq.com/QQMiniDLPlugin -> C:\Program Files (x86)\Common Files\Tencent\QQMiniDL\49\Browser\npXFMiniDLPlugin.dll (Tencent Technology (Shenzhen) Company Limited)
FF Plugin-x32: @qq.com/QQPhotoDrawEx -> C:\Program Files (x86)\Tencent\Qzone\npQQPhotoDrawEx.dll ()
FF Plugin-x32: @qq.com/QzoneMusic -> C:\Program Files (x86)\Tencent\QQMusic\QzoneMusic\npQzoneMusic.dll (Tencent)
FF Plugin-x32: @qvod.com/QvodInsert -> C:\Program Files\风云影音\qvod\npQvodInsert.dll No File
FF Plugin-x32: @real.com/nppl3260;version=16.0.0.282 -> c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlchromebrowserrecordext;version=1.3.0 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlhtml5videoshim;version=1.3.0 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlpepperflashvideoshim;version=1.3.0 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpchromebrowserrecordext;version=15.0.4.53 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprphtml5videoshim;version=15.0.4.53 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpplugin;version=16.0.0.282 -> c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF Plugin-x32: @realnetworks.com/npdlplugin;version=1 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF Plugin-x32: @tencent.com/npQQMailWebKit,version=1.0.0.1 -> C:\Program Files (x86)\QQMailPlugin\npQQMailWebKit.dll (Tencent)
FF Plugin-x32: @tencent.com/nptxftnWebKit,version=1.0.0.1 -> C:\Program Files (x86)\QQMailPlugin\nptxftnWebKit.dll (Tencent Technology (Shenzhen) Company Limited)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.8 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @xunlei.com/npxluser -> C:\Program Files (x86)\Common Files\Thunder Network\UserAgent\npxluser2.0.2.3.dll No File
FF Plugin-x32: @xunlei.com/npxunlei;version=1.0.0.2 -> C:\Program Files (x86)\Thunder Network\Thunder\Data\npxunlei1.0.0.2.dll ( )
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
FF Plugin-x32: adobe.com/AdobeExManDetect -> C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\npAdobeExManDetectX86.dll (Adobe Systems)
FF Plugin HKU\S-1-5-21-3077078221-4219268691-1026116933-1001: @xunlei.com/npxluser -> C:\Program Files (x86)\Common Files\Thunder Network\UserAgent\npxluser2.0.2.3.dll No File
FF Plugin HKU\S-1-5-21-3077078221-4219268691-1026116933-1001: @xunlei.com/npxunlei;version=1.0.0.2 -> C:\Program Files (x86)\Thunder Network\Thunder\Data\npxunlei1.0.0.2.dll ( )
FF Plugin HKU\S-1-5-21-3077078221-4219268691-1026116933-1001: pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin HKU\S-1-5-21-3077078221-4219268691-1026116933-1001: zettamedia.co.kr/ZmLauncher -> C:\Users\aliciaswr\AppData\Local\Zettamedia\PdClubBox\npZmLauncher.dll (Zettamedia Co.,Ltd.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Extension: DownloadHelper - C:\Users\aliciaswr\AppData\Roaming\Mozilla\Firefox\Profiles\taxqrwy2.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2014-11-17]
FF Extension: Translate This! - C:\Users\aliciaswr\AppData\Roaming\Mozilla\Firefox\Profiles\taxqrwy2.default\Extensions\jid0-k75TfRGfOXPHfEZmJ9cKu5eCgLc@jetpack.xpi [2014-11-19]
FF Extension: Unblock Youku - C:\Users\aliciaswr\AppData\Roaming\Mozilla\Firefox\Profiles\taxqrwy2.default\Extensions\jid1-zV8eHYwTDNUtwQ@jetpack.xpi [2014-11-19]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\afurladvisor@anchorfree.com [2014-11-17]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2011-09-27]
FF HKLM-x32\...\Firefox\Extensions: [{34712C68-7391-4c47-94F3-8F88D49AD632}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2012-12-26]
FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF HKLM-x32\...\Firefox\Extensions: [{b9bfaf1c-a63f-47cd-0829-29526ced3775}] - C:\Program Files (x86)\Mozilla Firefox\extension\\freeyoubutetomp3.xpi
FF HKLM-x32\...\Firefox\Extensions: [{b9bfaf1c-a63f-47cd-0829-29526ced3667}] - C:\Program Files (x86)\Mozilla Firefox\extension\\getvideosoft.xpi
FF Extension: YouTube Downloader and Converter - C:\Program Files (x86)\Mozilla Firefox\extension\\getvideosoft.xpi [2014-11-17]
FF HKLM-x32\...\Mozilla Firefox 30.0\Extensions: [{b9bfaf1c-a63f-47cd-0829-29526ced3775}] - C:\Program Files (x86)\Mozilla Firefox\extension\\freeyoubutetomp3.xpi
FF HKLM-x32\...\Mozilla Firefox 30.0\Extensions: [{b9bfaf1c-a63f-47cd-0829-29526ced3667}] - C:\Program Files (x86)\Mozilla Firefox\extension\\getvideosoft.xpi

Chrome:
=======
CHR Profile: C:\Users\aliciaswr\AppData\Local\Google\Chrome\User Data\Profile 1
CHR Extension: (Google Slides) - C:\Users\aliciaswr\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-10-23]
CHR Extension: (优酷一键通Sotapit) - C:\Users\aliciaswr\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\alddjbjplgobbllfolehibiclbhmomla [2014-10-23]
CHR Extension: (Google Docs) - C:\Users\aliciaswr\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2014-10-23]
CHR Extension: (Google Drive) - C:\Users\aliciaswr\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-10-23]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\aliciaswr\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-10-23]
CHR Extension: (YouTube) - C:\Users\aliciaswr\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-10-23]
CHR Extension: (Google Search) - C:\Users\aliciaswr\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-10-23]
CHR Extension: (Google Sheets) - C:\Users\aliciaswr\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-10-23]
CHR Extension: (XKit) - C:\Users\aliciaswr\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\fpfgeeomkfdefkckijiabdbogjkdaecd [2014-10-23]
CHR Extension: (Avast Online Security) - C:\Users\aliciaswr\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-10-23]
CHR Extension: (RealDownloader) - C:\Users\aliciaswr\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji [2014-10-23]
CHR Extension: (Google Wallet) - C:\Users\aliciaswr\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-10-23]
CHR Extension: (Unblock Youku) - C:\Users\aliciaswr\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pdnfnkhpgegpcingjbfihlkjeighnddk [2014-10-23]
CHR Extension: (Gmail) - C:\Users\aliciaswr\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-10-23]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-10-23]
CHR HKLM-x32\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2012-11-29]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-10-23] (AVAST Software)
R3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [4012248 2014-10-23] (Avast Software)
S3 npggsvc; C:\Windows\SysWOW64\GameMon.des [4071928 2011-09-16] (INCA Internet Co., Ltd.) [File not signed]
R2 NVSvc; C:\Windows\system32\nvvsvc.exe [1002904 2011-03-09] (NVIDIA Corporation) [File not signed]
R2 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [80896 2010-09-16] () [File not signed]
R2 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [38608 2012-11-29] ()
R2 SDDUpdate; C:\Users\aliciaswr\AppData\Roaming\SNDA\SDUpdate\SDDUpdateSvc.dll [227224 2012-12-26] (SNDA)
R2 SEVPNCLIENT; C:\Program Files\SoftEther VPN Client\vpnclient_x64.exe [4374072 2014-11-21] (SoftEther VPN Project at University of Tsukuba, Japan.)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
R2 USBS3S4Detection; C:\OEM\USBDECTION\USBS3S4Detection.exe [76320 2009-12-09] ()
R2 XLServicePlatform; C:\Program Files (x86)\Common Files\Thunder Network\ServicePlatform\XLSP.dll [174208 2013-12-06] (ShenZhen Xunlei Networking Technologies,LTD)
S2 WindowsOptimizer_P2; C:\Program Files (x86)\Windows Optimizer\P2\optimizer.exe [X]
S2 WindowsVNT_R3; No ImagePath

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 1394hub; C:\Windows\System32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
S3 anvsnddrv; C:\Windows\System32\drivers\anvsnddrv.sys [33872 2012-05-17] (AnvSoft Inc.)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-10-23] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [83280 2014-11-01] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-10-23] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-10-23] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1050432 2014-11-22] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [436624 2014-10-23] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [116728 2014-10-23] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [267632 2014-10-23] ()
S3 DigiartyVirtualCDBus; C:\Windows\System32\drivers\DigiartyVirtualCDBus.sys [276256 2011-11-22] (Digiarty Software, Inc.)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2014-02-05] (Disc Soft Ltd)
S3 hitmanpro37; C:\Windows\system32\drivers\hitmanpro37.sys [43664 2014-11-11] ()
R2 KuaiZipDrive; C:\Windows\system32\drivers\KuaiZipDrive.sys [93992 2011-04-15] (KuaiZip International Inc)
R3 Neo_VPN; C:\Windows\System32\DRIVERS\Neo_0053.sys [28768 2014-11-21] (SoftEther VPN Project at University of Tsukuba, Japan.)
S3 Neo_VPN-JP; C:\Windows\System32\DRIVERS\Neo_0117.sys [28768 2014-02-06] (SoftEther VPN Project at University of Tsukuba, Japan.)
S3 NPPTNT2; C:\Windows\SysWOW64\npptNT2.sys [4682 2005-01-03] (INCA Internet Co., Ltd.) [File not signed]
S3 Serial; C:\Windows\system32\drivers\serial.sys [94208 2009-07-14] (Brother Industries Ltd.)
S3 tapoas; C:\Windows\System32\DRIVERS\tapoas.sys [30720 2011-08-19] (The OpenVPN Project)
R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [270728 2014-10-23] (Avast Software)
R2 YLMFVDISK; C:\Windows\System32\drivers\VirtDisk64.sys [23896 2011-12-09] ()
U2 TMAgent; No ImagePath
S3 VBoxNetFlt; system32\DRIVERS\VBoxNetFlt.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-24 11:53 - 2014-11-24 11:53 - 00000000 ____D () C:\FRST
2014-11-24 01:13 - 2014-11-24 01:13 - 00001364 _____ () C:\Users\aliciaswr\Documents\cc_20141124_011338.reg
2014-11-24 01:06 - 2014-11-24 01:06 - 00000536 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\京东商城.url
2014-11-24 01:06 - 2014-11-24 01:06 - 00000000 ____D () C:\ProgramData\urls
2014-11-22 22:41 - 2014-11-22 22:44 - 00000000 ____D () C:\Users\aliciaswr\Documents\SubtitleWorkshop_6.0b_131121_portable
2014-11-21 20:07 - 2014-11-21 20:07 - 00000000 ____D () C:\Users\aliciaswr\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\NIJI
2014-11-21 19:56 - 2014-11-21 19:56 - 00028768 _____ (SoftEther VPN Project at University of Tsukuba, Japan.) C:\Windows\system32\Drivers\Neo_0053.sys
2014-11-21 19:49 - 2014-11-21 19:49 - 00028768 _____ (SoftEther VPN Project at University of Tsukuba, Japan.) C:\Windows\system32\Drivers\Neo_0105.sys
2014-11-21 19:46 - 2014-11-21 19:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SoftEther VPN Client
2014-11-19 11:04 - 2014-11-11 11:08 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-11-19 11:04 - 2014-11-11 11:08 - 00241152 _____ (Microsoft Corporation) C:\Windows\system32\pku2u.dll
2014-11-19 11:04 - 2014-11-11 10:44 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-11-19 11:04 - 2014-11-11 10:44 - 00186880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pku2u.dll
2014-11-19 01:12 - 2014-11-19 01:12 - 00000000 ____D () C:\Users\aliciaswr\Documents\vobm252eng
2014-11-18 18:44 - 2014-11-18 18:44 - 00000366 _____ () C:\Windows\Tasks\DriverToolkit Autorun.job
2014-11-18 18:43 - 2014-11-18 18:43 - 00000000 ____D () C:\Users\aliciaswr\AppData\Local\DriverToolkit
2014-11-18 18:28 - 2014-11-18 18:28 - 00000000 ____D () C:\Users\aliciaswr\AppData\Roaming\InstallShield
2014-11-18 18:28 - 2014-11-18 18:28 - 00000000 ____D () C:\ProgramData\Ralink Driver
2014-11-18 18:28 - 2010-08-11 11:35 - 00014051 _____ () C:\Windows\SysWOW64\RaCoInst.dat
2014-11-18 14:36 - 2014-11-18 14:36 - 00000000 ____D () C:\Program Files\Reason
2014-11-18 13:04 - 2014-11-24 11:50 - 00003344 _____ () C:\Windows\System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-3077078221-4219268691-1026116933-1001
2014-11-18 13:04 - 2014-11-24 11:50 - 00003218 _____ () C:\Windows\System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-3077078221-4219268691-1026116933-1001
2014-11-17 14:23 - 2014-11-18 17:56 - 00000000 ____D () C:\ProgramData\Optimizer
2014-11-17 13:28 - 2014-11-17 13:28 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-11-15 15:39 - 2014-11-24 02:28 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-11-15 15:39 - 2014-11-15 16:28 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-11-15 15:37 - 2014-11-15 15:37 - 00000000 __SHD () C:\Users\aliciaswr\AppData\Local\EmieBrowserModeList
2014-11-13 14:50 - 2014-11-13 15:30 - 00000000 ____D () C:\Users\aliciaswr\AppData\Roaming\Kunlun
2014-11-13 14:50 - 2014-11-13 14:50 - 00000000 ____D () C:\Users\aliciaswr\AppData\Roaming\KunlunInput
2014-11-13 14:35 - 2014-11-08 03:49 - 00388272 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-11-13 14:35 - 2014-11-08 03:23 - 00341168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-11-13 14:35 - 2014-11-06 12:04 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-11-13 14:35 - 2014-11-06 12:03 - 25110016 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-11-13 14:35 - 2014-11-06 12:03 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-11-13 14:35 - 2014-11-06 11:47 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-11-13 14:35 - 2014-11-06 11:46 - 00580096 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-11-13 14:35 - 2014-11-06 11:46 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-11-13 14:35 - 2014-11-06 11:44 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-11-13 14:35 - 2014-11-06 11:43 - 02884096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-11-13 14:35 - 2014-11-06 11:36 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-11-13 14:35 - 2014-11-06 11:35 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-11-13 14:35 - 2014-11-06 11:31 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-11-13 14:35 - 2014-11-06 11:30 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-11-13 14:35 - 2014-11-06 11:30 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-11-13 14:35 - 2014-11-06 11:29 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-11-13 14:35 - 2014-11-06 11:28 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-11-13 14:35 - 2014-11-06 11:23 - 06040064 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-11-13 14:35 - 2014-11-06 11:20 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-11-13 14:35 - 2014-11-06 11:16 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-11-13 14:35 - 2014-11-06 11:13 - 00501248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-11-13 14:35 - 2014-11-06 11:13 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-11-13 14:35 - 2014-11-06 11:12 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-11-13 14:35 - 2014-11-06 11:10 - 19781632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-11-13 14:35 - 2014-11-06 11:10 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-11-13 14:35 - 2014-11-06 11:07 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-11-13 14:35 - 2014-11-06 11:05 - 02277376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-11-13 14:35 - 2014-11-06 11:04 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-11-13 14:35 - 2014-11-06 11:03 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-11-13 14:35 - 2014-11-06 11:02 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-11-13 14:35 - 2014-11-06 11:00 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-11-13 14:35 - 2014-11-06 11:00 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-11-13 14:35 - 2014-11-06 10:59 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-11-13 14:35 - 2014-11-06 10:58 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-11-13 14:35 - 2014-11-06 10:57 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-11-13 14:35 - 2014-11-06 10:48 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-11-13 14:35 - 2014-11-06 10:42 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-11-13 14:35 - 2014-11-06 10:41 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-11-13 14:35 - 2014-11-06 10:41 - 00716800 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-11-13 14:35 - 2014-11-06 10:39 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-11-13 14:35 - 2014-11-06 10:38 - 02124288 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-11-13 14:35 - 2014-11-06 10:37 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-11-13 14:35 - 2014-11-06 10:36 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-11-13 14:35 - 2014-11-06 10:34 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-11-13 14:35 - 2014-11-06 10:30 - 14390272 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-11-13 14:35 - 2014-11-06 10:22 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-11-13 14:35 - 2014-11-06 10:21 - 04298240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-11-13 14:35 - 2014-11-06 10:21 - 02051072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-11-13 14:35 - 2014-11-06 10:20 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-11-13 14:35 - 2014-11-06 10:17 - 02365440 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-11-13 14:35 - 2014-11-06 10:04 - 01550336 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-11-13 14:35 - 2014-11-06 10:03 - 12819456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-11-13 14:35 - 2014-11-06 09:53 - 00799232 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-11-13 14:35 - 2014-11-06 09:52 - 01892864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-11-13 14:35 - 2014-11-06 09:48 - 01310208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-11-13 14:35 - 2014-11-06 09:47 - 00708096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-11-13 14:31 - 2014-11-06 01:56 - 00304640 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2014-11-13 14:31 - 2014-11-06 01:56 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-11-13 14:31 - 2014-11-06 01:52 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-11-13 14:31 - 2014-10-14 10:16 - 00155064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-11-13 14:31 - 2014-10-14 10:13 - 00683520 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2014-11-13 14:31 - 2014-10-14 10:12 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-11-13 14:31 - 2014-10-14 10:09 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2014-11-13 14:31 - 2014-10-14 10:07 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2014-11-13 14:31 - 2014-10-14 09:50 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-11-13 14:31 - 2014-10-14 09:49 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-11-13 14:31 - 2014-10-14 09:47 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2014-11-13 14:31 - 2014-10-14 09:46 - 00681984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2014-11-13 14:30 - 2014-10-03 10:12 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2014-11-13 14:30 - 2014-10-03 10:11 - 00680960 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2014-11-13 14:30 - 2014-10-03 10:11 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2014-11-13 14:30 - 2014-10-03 10:11 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2014-11-13 14:30 - 2014-10-03 10:11 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2014-11-13 14:30 - 2014-10-03 09:44 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2014-11-13 14:30 - 2014-10-03 09:44 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2014-11-13 14:30 - 2014-10-03 09:44 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2014-11-13 14:30 - 2014-08-21 14:43 - 01882624 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-11-13 14:30 - 2014-08-21 14:40 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-11-13 14:30 - 2014-08-21 14:26 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-11-13 14:30 - 2014-08-21 14:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2014-11-13 14:30 - 2014-08-12 10:02 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10K.DLL
2014-11-13 14:30 - 2014-08-12 09:36 - 00701440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IMJP10K.DLL
2014-11-13 14:29 - 2014-10-25 09:57 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-11-13 14:29 - 2014-10-25 09:32 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2014-11-13 14:29 - 2014-10-10 08:57 - 03198976 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-11-13 14:29 - 2014-09-19 17:42 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-11-13 14:29 - 2014-09-19 17:42 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-11-13 14:29 - 2014-09-19 17:42 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2014-11-13 14:29 - 2014-09-19 17:42 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-11-13 14:29 - 2014-09-19 17:42 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-11-13 14:29 - 2014-09-19 17:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-11-13 14:29 - 2014-09-19 17:23 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-11-13 14:29 - 2014-09-19 17:23 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-11-13 14:29 - 2014-09-19 17:23 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2014-11-13 14:29 - 2014-09-19 17:23 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-11-13 14:29 - 2014-09-19 17:23 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-11-13 14:29 - 2014-09-19 17:23 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-11-13 14:28 - 2014-10-18 10:05 - 00861696 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2014-11-13 14:28 - 2014-10-18 09:33 - 00571904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2014-11-13 14:28 - 2014-10-14 10:13 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-11-13 14:28 - 2014-10-14 09:50 - 02363904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-11-13 12:48 - 2014-11-13 12:48 - 00327896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wucltui.dll
2014-11-13 12:30 - 2014-11-13 12:30 - 00000000 ____D () C:\Windows\CheckSur
2014-11-13 11:33 - 2014-11-13 11:33 - 00120288 _____ (Microsoft Corporation) C:\Windows\system32\wuweb.dll
2014-11-13 11:32 - 2014-11-13 11:32 - 00147456 _____ (Microsoft Corporation) C:\Windows\system32\initpki.dll
2014-11-13 11:31 - 2014-11-13 11:31 - 00118552 _____ (Microsoft Corporation) C:\Windows\system32\wucltui.dll
2014-11-12 21:30 - 2014-11-12 21:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MPC-HC x64
2014-11-12 21:30 - 2014-11-12 21:30 - 00000000 ____D () C:\Program Files\MPC-HC
2014-11-12 15:00 - 2014-11-12 15:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mp3tag
2014-11-11 20:57 - 2014-11-11 20:57 - 00001130 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Debut Video Capture Software.lnk
2014-11-11 20:57 - 2014-11-11 20:57 - 00000000 ____D () C:\Users\aliciaswr\AppData\Roaming\NCH Software
2014-11-11 20:57 - 2014-11-11 20:57 - 00000000 ____D () C:\ProgramData\NCH Software
2014-11-11 20:57 - 2014-11-11 20:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NCH Software Suite
2014-11-11 20:57 - 2014-11-11 20:57 - 00000000 ____D () C:\Program Files (x86)\NCH Software
2014-11-11 14:43 - 2014-11-18 17:56 - 00000000 ____D () C:\ProgramData\RogueKiller
2014-11-11 14:43 - 2014-11-11 14:43 - 00037624 _____ () C:\Windows\system32\Drivers\TrueSight.sys
2014-11-11 14:28 - 2014-11-11 14:29 - 00000000 ____D () C:\ProgramData\SUPERSetup
2014-11-11 07:47 - 2014-11-24 11:53 - 00000000 ____D () C:\Users\aliciaswr\Desktop\avsw
2014-11-11 07:17 - 2014-11-18 17:56 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-11-09 16:32 - 2014-11-24 11:50 - 00283770 _____ () C:\Windows\PFRO.log
2014-11-09 16:25 - 2014-11-24 11:49 - 00000000 ____D () C:\AdwCleaner
2014-11-07 19:22 - 2014-11-24 11:50 - 00003528 _____ () C:\Windows\setupact.log
2014-11-07 19:22 - 2014-11-07 19:22 - 00000000 _____ () C:\Windows\setuperr.log
2014-11-07 15:41 - 2014-11-18 13:22 - 00000000 ____D () C:\Users\aliciaswr\AppData\Local\Mozilla
2014-11-07 15:41 - 2014-11-18 13:02 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-11-07 15:41 - 2014-11-07 15:41 - 00001167 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-11-07 15:41 - 2014-11-07 15:41 - 00000000 ____D () C:\Users\aliciaswr\AppData\Roaming\Mozilla
2014-11-06 16:54 - 2014-11-06 16:54 - 00000000 ____D () C:\Users\aliciaswr\Documents\FormatFactory
2014-11-05 18:28 - 2014-11-15 16:28 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-11-05 18:28 - 2014-11-15 16:28 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-11-01 12:57 - 2014-11-01 12:57 - 00000197 _____ () C:\Windows\system32\2014-11-01-04-57-06.042-AvastVBoxSVC.exe-3996.log
2014-11-01 12:50 - 2014-11-01 12:50 - 00000197 _____ () C:\Windows\system32\2014-11-01-04-50-17.020-AvastVBoxSVC.exe-488.log
2014-11-01 12:40 - 2014-11-01 12:41 - 00000197 _____ () C:\Windows\system32\2014-11-01-04-40-44.039-AvastVBoxSVC.exe-6024.log
2014-11-01 12:21 - 2014-11-01 12:21 - 00000197 _____ () C:\Windows\system32\2014-11-01-04-21-15.005-AvastVBoxSVC.exe-4028.log
2014-10-31 14:19 - 2014-10-31 14:19 - 00000000 ____D () C:\Users\aliciaswr\AppData\Roaming\JAM Software
2014-10-31 14:19 - 2014-10-31 14:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TreeSize Free
2014-10-31 14:18 - 2014-10-31 14:18 - 00000000 ____D () C:\Program Files (x86)\JAM Software
2014-10-31 14:12 - 2014-11-17 16:57 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-10-31 14:11 - 2014-10-31 14:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-10-31 14:11 - 2014-10-31 14:11 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-10-31 14:11 - 2014-10-31 14:11 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-10-31 14:11 - 2014-10-01 11:11 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-10-31 14:11 - 2014-10-01 11:11 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-10-31 14:11 - 2014-10-01 11:11 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-10-29 13:29 - 2014-10-29 13:29 - 00000197 _____ () C:\Windows\system32\2014-10-29-05-29-36.067-AvastVBoxSVC.exe-4004.log
2014-10-28 11:50 - 2014-10-28 11:51 - 00000197 _____ () C:\Windows\system32\2014-10-28-03-50-57.006-AvastVBoxSVC.exe-3848.log
2014-10-26 13:44 - 2014-10-26 13:45 - 00000197 _____ () C:\Windows\system32\2014-10-26-05-44-34.088-AvastVBoxSVC.exe-3132.log
2014-10-25 13:51 - 2014-10-25 13:51 - 00000197 _____ () C:\Windows\system32\2014-10-25-05-51-05.079-AvastVBoxSVC.exe-3248.log

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-24 11:53 - 2012-05-16 06:07 - 01235436 _____ () C:\Windows\WindowsUpdate.log
2014-11-24 11:51 - 2014-02-06 18:52 - 00000000 ____D () C:\Program Files\SoftEther VPN Client
2014-11-24 11:50 - 2014-01-30 10:17 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-11-24 11:50 - 2011-06-03 22:06 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-11-24 11:50 - 2009-07-14 13:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-11-24 11:48 - 2009-07-14 12:45 - 00024608 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-11-24 11:48 - 2009-07-14 12:45 - 00024608 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-11-24 11:41 - 2013-08-07 17:09 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-11-24 02:10 - 2014-01-30 10:17 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-11-23 23:26 - 2014-02-06 20:13 - 00029906 _____ () C:\Users\aliciaswr\Desktop\SZ_TVradio.txt
2014-11-23 23:15 - 2011-08-07 14:53 - 00000000 ____D () C:\Users\aliciaswr\AppData\Roaming\vlc
2014-11-23 21:31 - 2012-11-14 20:18 - 00000000 ___RD () C:\Users\aliciaswr\Desktop\ArtWorks
2014-11-23 19:28 - 2011-08-07 14:15 - 00069378 _____ () C:\Users\aliciaswr\Desktop\Jchannel.xlsx
2014-11-23 17:37 - 2014-03-06 03:39 - 00000000 ____D () C:\Users\aliciaswr\Documents\Tencent Files
2014-11-23 13:48 - 2009-07-14 13:13 - 00837166 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-11-23 13:34 - 2014-01-07 11:49 - 00000000 ___RD () C:\Users\aliciaswr\Desktop\Kikuchi Tsunetoshi
2014-11-23 11:56 - 2014-08-17 02:00 - 00000000 ____D () C:\Users\aliciaswr\AppData\Local\Adobe
2014-11-23 00:43 - 2012-02-11 09:23 - 00000000 ____D () C:\Users\aliciaswr\AppData\Roaming\Skype
2014-11-22 22:45 - 2011-08-07 14:15 - 00046944 _____ () C:\Users\aliciaswr\Desktop\メモ.txt
2014-11-22 21:47 - 2011-03-24 15:44 - 00000000 ____D () C:\ProgramData\Skype
2014-11-22 14:44 - 2011-08-07 14:34 - 00000000 ___RD () C:\Users\aliciaswr\Desktop\Audio
2014-11-22 11:38 - 2011-09-27 21:54 - 01050432 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys
2014-11-21 20:48 - 2013-12-30 15:02 - 00000000 ____D () C:\Program Files (x86)\niji
2014-11-21 19:46 - 2014-02-06 18:52 - 00135736 _____ (SoftEther VPN Project at University of Tsukuba, Japan.) C:\Windows\system32\vpncmd.exe
2014-11-21 19:46 - 2014-02-06 18:52 - 00001903 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\SoftEther VPN Client Manager.lnk
2014-11-21 19:39 - 2011-08-07 14:58 - 00000000 ____D () C:\Program Files\Common Files\Adobe
2014-11-21 02:01 - 2014-05-16 17:19 - 00000000 ____D () C:\Users\aliciaswr\AppData\Local\CrashDumps
2014-11-20 22:53 - 2013-06-13 12:30 - 00000000 ____D () C:\Users\aliciaswr\AppData\Roaming\BaiduYunGuanjia
2014-11-20 12:49 - 2011-08-12 22:42 - 00000000 ____D () C:\Users\aliciaswr\AppData\Roaming\Mp3tag
2014-11-19 14:09 - 2013-12-30 18:07 - 00000000 ___RD () C:\Users\aliciaswr\Desktop\FumaKen
2014-11-18 20:57 - 2012-01-05 03:21 - 00000000 ____D () C:\Windows\System32\Tasks\NCH Software
2014-11-18 18:29 - 2011-06-03 22:12 - 00006737 _____ () C:\Windows\system32\RaCoInst.log
2014-11-18 18:28 - 2011-03-24 15:48 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-11-18 18:26 - 2009-07-14 11:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-11-18 17:56 - 2012-10-09 09:48 - 00000000 ____D () C:\ProgramData\PMB Files
2014-11-18 17:56 - 2012-06-16 10:56 - 00000000 ____D () C:\Users\aliciaswr\AppData\Local\Alexander_Nikiforov
2014-11-18 17:56 - 2012-03-11 06:16 - 00000000 ____D () C:\ProgramData\PWD
2014-11-18 17:56 - 2009-07-14 11:20 - 00000000 ____D () C:\Windows\registration
2014-11-18 17:55 - 2011-08-07 13:55 - 00000000 ____D () C:\Users\aliciaswr
2014-11-16 03:05 - 2014-01-30 10:17 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-11-16 03:05 - 2014-01-30 10:17 - 00003642 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-11-15 15:40 - 2014-09-24 19:16 - 00000666 _____ () C:\Users\aliciaswr\.swfinfo
2014-11-15 12:44 - 2014-02-05 16:29 - 00000000 ____D () C:\Users\aliciaswr\Documents\rtmpdumphelper
2014-11-13 17:58 - 2009-07-14 11:20 - 00000000 ____D () C:\Windows\rescache
2014-11-13 14:41 - 2009-07-14 12:45 - 13655376 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-11-13 14:39 - 2014-05-07 18:13 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-11-13 12:27 - 2014-03-05 17:40 - 00000000 ____D () C:\Windows\pss
2014-11-13 01:09 - 2011-08-07 16:31 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-11-13 01:08 - 2013-08-15 02:40 - 00000000 ____D () C:\Windows\system32\MRT
2014-11-13 01:01 - 2011-08-14 09:56 - 103374192 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-11-13 01:01 - 2009-07-14 11:20 - 00000000 ____D () C:\Windows\system32\CatRoot2.old
2014-11-12 15:00 - 2011-08-07 16:18 - 00000000 ____D () C:\Program Files (x86)\Mp3tag
2014-11-11 14:27 - 2011-08-07 13:55 - 00000000 ____D () C:\Users\aliciaswr\AppData\Local\VirtualStore
2014-11-11 07:45 - 2013-11-08 15:09 - 00043664 _____ () C:\Windows\system32\Drivers\hitmanpro37.sys
2014-11-11 07:44 - 2013-11-08 15:07 - 00000692 _____ () C:\Windows\system32\.crusader
2014-11-10 04:56 - 2011-08-07 16:48 - 00000000 ____D () C:\Users\aliciaswr\AppData\Roaming\uTorrent
2014-11-08 00:16 - 2012-12-24 19:46 - 00001976 _____ () C:\Windows\wininit.ini
2014-11-07 15:17 - 2011-08-07 14:09 - 00000000 ___RD () C:\Users\aliciaswr\Desktop\ALIC3
2014-11-05 16:03 - 2014-06-08 20:07 - 00001071 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\LINE.lnk
2014-11-05 16:03 - 2014-06-08 20:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LINE
2014-11-04 14:30 - 2010-11-21 11:27 - 00275080 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-11-01 12:37 - 2011-09-27 21:54 - 00083280 _____ (AVAST Software) C:\Windows\system32\Drivers\aswmonflt.sys
2014-11-01 12:18 - 2009-07-14 11:20 - 00000000 ____D () C:\Windows\L2Schemas
2014-10-27 22:12 - 2012-06-29 16:34 - 00000000 ____D () C:\Users\aliciaswr\AppData\Roaming\Audacity

Some content of TEMP:
====================
C:\Users\aliciaswr\AppData\Local\Temp\qqsafeud.exe
C:\Users\aliciaswr\AppData\Local\Temp\Quarantine.exe
C:\Users\aliciaswr\AppData\Local\Temp\sqlite3.dll
C:\Users\aliciaswr\AppData\Local\Temp\vlc-2.1.5-win32.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-11-15 01:41

==================== End Of Log ============================

 

 

Here is the Addition.txt:

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 23-11-2014 01
Ran by aliciaswr at 2014-11-24 11:55:11
Running from C:\Users\aliciaswr\Desktop\avsw
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-3077078221-4219268691-1026116933-1001\...\uTorrent) (Version: 3.4.2.34944 - BitTorrent Inc.)
115浏览器 (HKLM-x32\...\115网盘云备份) (Version: 4.1.0.15 - 广东一一五科技有限公司)
360云盘 (HKLM-x32\...\360云盘(网盘版)) (Version: 3.7.3.2250 - 360安全中心)
Acer eRecovery Management (HKLM-x32\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 5.00.3002 - Acer Incorporated)
Acer ScreenSaver (HKLM-x32\...\Acer Screensaver) (Version: 1.1.0225.2011 - Acer Incorporated)
Acer Updater (HKLM-x32\...\{EE171732-BEB4-4576-887D-CB62727F01CA}) (Version: 1.02.3502 - Acer Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 4.0.0.1390 - Adobe Systems Incorporated)
Adobe Download Assistant (HKLM-x32\...\com.adobe.downloadassistant.AdobeDownloadAssistant) (Version: 1.2.2 - Adobe Systems Incorporated)
Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.223 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.223 - Adobe Systems Incorporated)
Adobe Media Player (HKLM-x32\...\com.adobe.amp.E7BED6E5DDA59983786DD72EBFA46B1598278E07.1) (Version: 1.8 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.09) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.3.153 - Adobe Systems, Inc.)
Aegisub 2.1.8 (HKLM-x32\...\{24BC8B57-716C-444F-B46B-A3349B9164C5}_is1) (Version: 2.1.8 - Aegisub Team)
Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Audacity 2.0.5 (HKLM-x32\...\Audacity_is1) (Version: 2.0.5 - Audacity Team)
Avast Free Antivirus (HKLM-x32\...\avast) (Version: 10.0.2206 - AVAST Software)
AviSynth 2.5 (HKLM-x32\...\AviSynth) (Version:  - )
BDlot DVD ISO Master 3.0.0 (HKLM-x32\...\BDlot DVD ISO Master_is1) (Version:  - LotSoft)
CCleaner (HKLM\...\CCleaner) (Version: 4.18 - Piriform)
Clubbox 파일전송관리자 (HKLM-x32\...\Clubbox 파일전송관리자) (Version:  - )
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.48.1.0347 - Disc Soft Ltd)
Debut Video Capture Software (HKLM-x32\...\Debut) (Version: 2.03 - NCH Software)
Defraggler (HKLM\...\Defraggler) (Version: 2.18 - Piriform)
Dropbox (HKU\S-1-5-21-3077078221-4219268691-1026116933-1001\...\Dropbox) (Version: 2.10.30 - Dropbox, Inc.)
Easy GIF Animator 6.0 (HKLM-x32\...\Easy GIF Animator_is1) (Version: Easy GIF Animator 6.0 - Karlis Blumentals)
FFmpeg v0.6.2 for Audacity (HKLM-x32\...\FFmpeg for Audacity_is1) (Version:  - )
FormatFactory 3.3.5.0 (HKLM-x32\...\FormatFactory) (Version: 3.3.5.0 - Format Factory)
Fotogalerija Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galeria de Fotografias do Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galería fotográfica de Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galeria fotogràfica del Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galeria fotografii usługi Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galerie de photos Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galerie foto Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 39.0.2171.65 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Hotkey Utility (HKLM-x32\...\Hotkey Utility) (Version: 2.05.3014 - Acer Incorporated)
HTC BMP USB Driver (HKLM-x32\...\{31A559C1-9E4D-423B-9DD3-34A6C5398752}) (Version: 1.0.5375 - HTC)
HTC Driver Installer (HKLM-x32\...\{6D6664A9-3342-4948-9B7E-034EFE366F0F}) (Version: 3.0.0.005 - HTC Corporation)
IconArt (HKLM-x32\...\IconArt) (Version: 2.0.1 - ConWare)
Identity Card (HKLM-x32\...\Identity Card) (Version: 1.00.3006 - Acer Incorporated)
ImRe 2.1 (HKLM-x32\...\ImRe_is1) (Version:  - Vicky's Cool Softwares)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.1.0.1008 - Intel Corporation)
iTudou (HKLM-x32\...\iTudou) (Version: 3.7.3.12232 - www.tudou.com)
IZArc 4.1.8 (HKLM-x32\...\{97C82B44-D408-4F14-9252-47FC1636D23E}_is1) (Version: 4.1.8 - Ivan Zahariev)
Japanese Fonts Support For Adobe Reader X (HKLM-x32\...\{AC76BA86-7AD7-5760-0000-A00000000003}) (Version: 10.0.0 - Adobe Systems Incorporated)
Java 7 Update 60 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217060FF}) (Version: 7.0.600 - Oracle)
JavaFX 2.1.1 (HKLM-x32\...\{1111706F-666A-4037-7777-211328764D10}) (Version: 2.1.1 - Oracle Corporation)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
KeyHoleTV (HKLM-x32\...\KeyHoleTV) (Version:  - )
K-Lite Codec Pack 10.1.5 Full (HKLM-x32\...\KLiteCodecPack_is1) (Version: 10.1.5 - )
KuaiZip (HKLM-x32\...\KuaiZip) (Version:  - )
LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version:  - )
LINE (HKLM-x32\...\LINE) (Version: 3.7.6.116 - LINE Corporation)
Malwarebytes Anti-Malware version 2.0.3.1025 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation)
Media Player Codec Pack 4.2.4 (HKLM-x32\...\Media Player - Codec Pack) (Version: 4.2.4 - Media Player Codec Pack)
MediaInfo 0.7.69 (HKLM\...\MediaInfo) (Version: 0.7.69 - MediaArea.net)
Medieval CUE Splitter (HKLM-x32\...\{B96D2269-568B-4CBF-9332-12FAE8B158F7}) (Version: 1.2.0 - Medieval Software)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft AppLocale (HKLM-x32\...\{394BE3D9-7F57-4638-A8D1-1D88671913B7}) (Version: 1.0.0 - MS)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office FrontPage 2003 (HKLM-x32\...\{90170409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (HKLM-x32\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 Redistributable - x64 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 Redistributable - x86 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Mozilla Firefox 33.1.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 33.1.1 (x86 en-US)) (Version: 33.1.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 33.0.3 - Mozilla)
Mp3tag v2.65a (HKLM-x32\...\Mp3tag) (Version: v2.65a - Florian Heidenreich)
MP4Joiner v2.1.2 (HKLM-x32\...\MP4Joiner_is1) (Version:  - )
MPC-HC 1.7.7 (64-bit) (HKLM\...\{2ACBF1FA-F5C3-4B19-A774-B22A31F231B9}_is1) (Version: 1.7.7 - MPC-HC Team)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2721691) (HKLM-x32\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB973685) (HKLM-x32\...\{859DFA95-E4A6-48CD-B88E-A3E483E89B44}) (Version: 4.30.2107.0 - Microsoft Corporation)
MyWinLocker (Version: 4.0.14.11 - Egis Technology Inc.) Hidden
MyWinLocker 4 (x32 Version: 4.0.14.11 - Egis Technology Inc.) Hidden
MyWinLocker Suite (HKLM-x32\...\InstallShield_{17DF9714-60C9-43C9-A9C2-32BCAED44CBE}) (Version: 4.0.14.11 - Egis Technology Inc.)
MyWinLocker Suite (x32 Version: 4.0.14.11 - Egis Technology Inc.) Hidden
Nero DiscSpeed 10 (HKLM-x32\...\{34490F4E-48D0-492E-8249-B48BECF0537C}) (Version: 6.2.10500.2.100 - Nero AG)
Nero Express 10 (HKLM-x32\...\{70550193-1C22-445C-8FA4-564E155DB1A7}) (Version: 10.2.12000.21.100 - Nero AG)
Nero Multimedia Suite 10 Essentials (HKLM-x32\...\{62BF4BD3-B1F6-4FA2-8388-CC0647ACBF86}) (Version: 10.5.10300 - Nero AG)
Nero StartSmart 10 (HKLM-x32\...\{F61D489E-6C44-49AC-AD02-7DA8ACA73A65}) (Version: 10.2.11600.14.100 - Nero AG)
Nero Update (HKLM-x32\...\{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}) (Version: 1.0.0018 - Nero AG)
Niji Show 2.0.6 (HKLM-x32\...\Niji Show) (Version: 2.0.6 - Niji Show Studio.)
NVIDIA Graphics Driver 267.60 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 267.60 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.2.22.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.2.22.1 - NVIDIA Corporation)
NVIDIA Stereoscopic 3D Driver (HKLM-x32\...\NVIDIAStereo) (Version: 7.17.12.6760 - NVIDIA Corporation)
Pando Media Booster (HKLM-x32\...\{980A182F-E0A2-4A40-94C1-AE0C1235902E}) (Version: 2.6.0.8 - Pando Networks Inc.)
Poczta usługi Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Podstawowe programy Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Pošta Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
Raccolta foto di Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Ralink RT2860 Wireless LAN Card (HKLM-x32\...\{E883ECE4-1189-413A-894D-B7C4B17F0607}) (Version: 1.0.7.0 - Ralink)
RealDownloader (x32 Version: 1.3.0 - RealNetworks, Inc.) Hidden
RealNetworks - Microsoft Visual C++ 2008 Runtime (x32 Version: 9.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (x32 Version: 10.0 - RealNetworks, Inc) Hidden
RealPlayer (HKLM-x32\...\RealPlayer 16.0) (Version: 16.0.0 - RealNetworks)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6242 - Realtek Semiconductor Corp.)
RealUpgrade 1.1 (x32 Version: 1.1.0 - RealNetworks, Inc.) Hidden
ReNamer (HKLM-x32\...\ReNamer_is1) (Version: 5.50 - [den4b] Denis Kozlov)
Shredder (Version: 2.0.8.7 - Egis Technology Inc.) Hidden
Shredder (x32 Version: 2.0.8.7 - Egis Technology Inc.) Hidden
Skype™ 6.21 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.21.104 - Skype Technologies S.A.)
SoftEther VPN Client (HKLM\...\softether_sevpnclient) (Version: 4.12.9514 - SoftEther VPN Project)
SolveigMM Video Splitter Business Edition (HKLM-x32\...\SolveigMM Video Splitter Business Edition 4.0.1401.28) (Version: 4.0.1401.28 - Solveig Multimedia)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Tagaini Jisho (HKLM-x32\...\Tagaini Jisho) (Version:  - )
TreeSize Free V3.2.1 (HKLM-x32\...\TreeSize Free_is1) (Version: 3.2.1 - JAM Software)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
VisiPics V1.31 (HKLM-x32\...\VisiPics_is1) (Version:  - Ozone)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
Welcome Center (HKLM-x32\...\Acer Welcome Center) (Version: 1.02.3102 - Acer Incorporated)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX control for remote connections (HKLM-x32\...\{C5398A89-516C-4DAF-BA07-EE7949090E56}) (Version: 15.4.5722.2 - Microsoft Corporation)
WinRAR 4.01 (64-bit) (HKLM\...\WinRAR archiver) (Version: 4.01.0 - win.rar GmbH)
WinX DVD Ripper 5.5.14 (HKLM-x32\...\WinX DVD Ripper_is1) (Version:  - Digiarty Software, Inc.)
Xilisoft Video Converter Ultimate (HKLM-x32\...\Xilisoft Video Converter Ultimate) (Version: 7.7.2.20130217 - Xilisoft)
XviD4PSP 5.10.330.0 (HKLM-x32\...\XviD4PSP5_is1) (Version:  - Winnydows & fcp team)
Συλλογή φωτογραφιών του Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Основные компоненты Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Почта Windows Live (x32 Version: 15.4.3502.0922 - Корпорация Майкрософт) Hidden
Фотоальбом Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Фотогалерия на Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
גלריית התמונות של Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
بريد Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
معرض صور Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
乔叼冠胶/努反冠胶 力芭 (HKU\S-1-5-21-3077078221-4219268691-1026116933-1001\...\PdClubBox) (Version:  - Zettamedia)
优酷客户端 (HKLM-x32\...\YoukuClient) (Version: 3.2.1.8174 - youku, Inc.)
新浪网视频下载(xmlbar)(仅移除) (HKLM-x32\...\Xmlbar SinaDownloader) (Version:  - )
百度云上传控件 2.0.0 (HKLM-x32\...\百度云上传控件) (Version: 2.0.0 - 百度在线网络技术(北京)有限公司)
百度云管家 (HKLM-x32\...\百度云管家) (Version: 4.8.2 - 百度在线网络技术(北京)有限公司)
腾讯QQ (HKLM-x32\...\{052CFB79-9D62-42E3-8A15-DE66C2C97C3E}) (Version: 5.4.11066.0 - 腾讯科技(深圳)有限公司)
迅雷7 (HKLM-x32\...\thunder_is1) (Version:  - 迅雷网络技术有限公司)
迅雷快传插件 1.0 (HKLM-x32\...\迅雷快传插件) (Version: 1.0 - Thunder, Inc.)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-3077078221-4219268691-1026116933-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\aliciaswr\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3077078221-4219268691-1026116933-1001_Classes\CLSID\{01249E9F-88FF-45d5-82DB-A1BEE06E123C}\InprocServer32 -> C:\Windows\system32\shdocvw.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3077078221-4219268691-1026116933-1001_Classes\CLSID\{324D60B7-A0E4-45A7-9EA8-A00C315C0688}\InprocServer32 -> C:\Windows\system32\shdocvw.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3077078221-4219268691-1026116933-1001_Classes\CLSID\{679F137C-3162-45da-BE3C-2F9C3D093F64}\InprocServer32 -> C:\Windows\system32\shdocvw.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3077078221-4219268691-1026116933-1001_Classes\CLSID\{A1ADE6F7-2CBC-4A3C-8C3B-4B219A4B06D9}\InprocServer32 -> C:\Windows\system32\shdocvw.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3077078221-4219268691-1026116933-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\aliciaswr\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3077078221-4219268691-1026116933-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\aliciaswr\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3077078221-4219268691-1026116933-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\aliciaswr\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3077078221-4219268691-1026116933-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\aliciaswr\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3077078221-4219268691-1026116933-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\aliciaswr\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3077078221-4219268691-1026116933-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\aliciaswr\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3077078221-4219268691-1026116933-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\aliciaswr\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3077078221-4219268691-1026116933-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\aliciaswr\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)

==================== Restore Points  =========================

15-11-2014 17:37:16 Scheduled Checkpoint
18-11-2014 07:20:35 herdProtect before 9 removals
18-11-2014 09:52:53 Restore Operation
18-11-2014 10:28:19 Installed Ralink RT2860 Wireless LAN Card
19-11-2014 03:04:56 Windows Update
21-11-2014 11:49:46 Device Driver Package Install: SoftEther VPN Project Network adapters
21-11-2014 11:57:00 Device Driver Package Install: SoftEther VPN Project Network adapters
22-11-2014 14:31:00 Installed SubCreator

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {0B5B4B27-C374-4D50-95A5-DC05CE2CABBE} - System32\Tasks\Launch HTC Sync Loader => C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe
Task: {50D8ED53-7221-47E7-B2BB-51738E4D461C} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe
Task: {5F34B65B-2CC9-473E-9734-62C814A3DDD5} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-10-23] (AVAST Software)
Task: {5F7790D6-4D0F-406D-B485-3D54287101CB} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-11-15] (Adobe Systems Incorporated)
Task: {65895A6C-42EE-4073-AF4C-56126DDEE324} - System32\Tasks\Microsoft\Windows\TabletPC\InputPersonalization => C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe [2009-07-14] (Microsoft Corporation)
Task: {A51C9E7C-EB07-48CA-B4AD-8DC84E021931} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-3077078221-4219268691-1026116933-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2012-11-30] (RealNetworks, Inc.)
Task: {B7145E6F-5C0F-48DF-88BA-FDD8475F538A} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-01-30] (Google Inc.)
Task: {CCD0C70C-CAAD-4723-B633-C96DAFD0DBDE} - System32\Tasks\UALU notificatin => C:\Program Files\Acer\Acer Updater\UALU.exe [2012-04-05] (Acer Incorporated)
Task: {D5BA263C-FE86-4C01-AFB7-9C72680FBC96} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-3077078221-4219268691-1026116933-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2012-11-30] (RealNetworks, Inc.)
Task: {E4C6AE9B-55C9-4E68-92A7-3764CEAD245A} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-09-26] (Piriform Ltd)
Task: {F613D4C6-331D-4CED-9A3E-DB89C9A72946} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-01-30] (Google Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\DriverToolkit Autorun.job => C:\Program Files (x86)\DriverToolkit\DriverToolkit.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2014-08-11 14:15 - 2014-08-25 10:45 - 00253896 _____ () C:\Users\aliciaswr\AppData\Roaming\baidu\BaiduYunGuanjia\YunShellExt64.dll
2011-08-07 15:11 - 2011-05-28 22:05 - 00164864 _____ () C:\Program Files\WinRAR\rarext.dll
2014-01-31 04:19 - 2012-07-20 14:39 - 02469888 _____ () C:\Program Files (x86)\IZArc\IZArcCM64.dll
2010-09-16 14:06 - 2010-09-16 14:06 - 00080896 _____ () C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
2012-11-29 20:31 - 2012-11-29 20:31 - 00038608 _____ () C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
2009-12-14 10:19 - 2009-12-09 17:24 - 00076320 _____ () C:\OEM\USBDECTION\USBS3S4Detection.exe
2011-01-19 09:08 - 2011-01-19 09:08 - 00620136 _____ () C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe
2014-10-23 12:49 - 2014-10-23 12:49 - 00388208 _____ () C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxDDU.dll
2014-10-23 12:49 - 2014-10-23 12:49 - 05846160 _____ () C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxRT.dll
2014-11-24 11:40 - 2014-11-24 11:40 - 02903552 _____ () C:\Program Files\AVAST Software\Avast\defs\14112301\algo.dll
2014-10-23 12:50 - 2014-10-23 12:50 - 04491192 _____ () C:\Program Files\AVAST Software\Avast\ng\vbox\x86\VBoxRT-x86.dll
2012-11-27 00:54 - 2013-12-06 22:44 - 00021504 _____ () c:\program files (x86)\common files\thunder network\serviceplatform\minizip.dll
2013-12-06 22:45 - 2013-12-06 22:44 - 00684032 _____ () c:\program files (x86)\common files\thunder network\serviceplatform\libexpat.dll
2014-10-23 12:50 - 2014-10-23 12:50 - 38561576 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2011-01-19 09:08 - 2011-01-19 09:08 - 00151656 _____ () C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyHook.dll
2014-11-17 13:28 - 2014-11-17 13:28 - 03649648 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2014-10-22 17:46 - 2014-10-22 17:46 - 00169472 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\ad4c4edfdad8e430af19da64ab282d96\IsdiInterop.ni.dll
2011-06-03 22:13 - 2010-11-06 14:50 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\ProgramData\Temp:0888F409
AlternateDataStreams: C:\ProgramData\Temp:3440EB47
AlternateDataStreams: C:\ProgramData\Temp:66633281

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)


========================= Accounts: ==========================

Administrator (S-1-5-21-3077078221-4219268691-1026116933-500 - Administrator - Disabled)
aliciaswr (S-1-5-21-3077078221-4219268691-1026116933-1001 - Administrator - Enabled) => C:\Users\aliciaswr
fbwuser (S-1-5-21-3077078221-4219268691-1026116933-1005 - Limited - Enabled) => C:\Users\fbwuser
Guest (S-1-5-21-3077078221-4219268691-1026116933-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3077078221-4219268691-1026116933-1004 - Limited - Enabled)
UpdatusUser (S-1-5-21-3077078221-4219268691-1026116933-1000 - Limited - Enabled)

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (11/24/2014 11:50:54 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/24/2014 11:41:10 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/23/2014 11:55:41 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/22/2014 11:37:04 AM) (Source: .NET Runtime) (EventID: 1022) (User: )
Description: .NET Runtime version 4.0.30319.18444 - There was a failure initializing profiling API attach infrastructure.  This process will not allow a profiler to attach.  HRESULT: 0x80004005.  Process ID (decimal): 5476.  Message ID: [0x2509].

Error: (11/22/2014 11:32:57 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/21/2014 08:10:14 PM) (Source: .NET Runtime) (EventID: 1022) (User: )
Description: .NET Runtime version 4.0.30319.18444 - There was a failure initializing profiling API attach infrastructure.  This process will not allow a profiler to attach.  HRESULT: 0x80004005.  Process ID (decimal): 7200.  Message ID: [0x2509].

Error: (11/21/2014 08:06:26 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/21/2014 11:20:02 AM) (Source: .NET Runtime) (EventID: 1022) (User: )
Description: .NET Runtime version 4.0.30319.18444 - There was a failure initializing profiling API attach infrastructure.  This process will not allow a profiler to attach.  HRESULT: 0x80004005.  Process ID (decimal): 5228.  Message ID: [0x2509].

Error: (11/21/2014 11:16:48 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/21/2014 02:01:06 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Explorer.EXE, version: 6.1.7601.17567, time stamp: 0x4d672ee4
Faulting module name: DropboxExt64.24.dll, version: 1.0.0.24, time stamp: 0x53a8c70f
Exception code: 0xc000041d
Fault offset: 0x0000000000008d57
Faulting process id: 0x598
Faulting application start time: 0xExplorer.EXE0
Faulting application path: Explorer.EXE1
Faulting module path: Explorer.EXE2
Report Id: Explorer.EXE3


System errors:
=============
Error: (11/24/2014 11:51:21 AM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.

Error: (11/24/2014 11:51:16 AM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.

Error: (11/24/2014 11:51:07 AM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.

Error: (11/24/2014 11:51:02 AM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.

Error: (11/24/2014 11:51:01 AM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.

Error: (11/24/2014 11:50:58 AM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.

Error: (11/24/2014 11:50:33 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Virtual Network (WVN3) service failed to start due to the following error:
%%3

Error: (11/24/2014 11:50:33 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Optimizer Services (P2) service failed to start due to the following error:
%%2

Error: (11/24/2014 11:50:26 AM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.

Error: (11/24/2014 11:50:25 AM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.


Microsoft Office Sessions:
=========================

==================== Memory info ===========================

Processor: Intel® Core™ i3-2100 CPU @ 3.10GHz
Percentage of memory in use: 57%
Total physical RAM: 4078.01 MB
Available physical RAM: 1750.99 MB
Total Pagefile: 8154.2 MB
Available Pagefile: 5848.86 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB

==================== Drives ================================

Drive c: (Acer) (Fixed) (Total:222.95 GB) (Free:63.34 GB) NTFS
Drive d: (Nakajima) (Fixed) (Total:223.71 GB) (Free:104.6 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 934593AD)
Partition 1: (Not Active) - (Size=19 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=223 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=223.7 GB) - (Type=07 NTFS)

==================== End Of Log ============================



#6 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,499 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:04:03 AM

Posted 23 November 2014 - 11:56 PM

 

[x] Not Deleted : C:\Users\aliciaswr\AppData\Roaming\tencent
[x] Not Deleted : C:\Users\All Users\NCH Software
[x] Not Deleted : C:\Users\All Users\tencent
[x] Not Deleted : C:\Users\All Users\Documents\tencent
[x] Not Deleted : C:\Users\Public\Documents\tencent

i see these where not deleted please re run adwcleaner and let it delete everything it finds.

 

 

 

Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will produce a log called FRST.txt in the same directory the tool is run from.
  • Please copy and paste log back here.
  • The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.

 

Attached File  fixlist.txt   6.37KB   3 downloads

 

 


Edited by fireman4it, 24 November 2014 - 12:27 AM.

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#7 aliciaswr

aliciaswr
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:06:03 PM

Posted 24 November 2014 - 12:50 AM

As requested.  Here's the new AdwCleaner log

 

# AdwCleaner v4.102 - Report created 24/11/2014 at 13:45:58
# Updated 23/11/2014 by Xplode
# Database : 2014-11-23.7 [Live]
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : aliciaswr - NALIC3
# Running from : C:\Users\aliciaswr\Desktop\avsw\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\NCH Software
Folder Deleted : C:\ProgramData\tencent
Folder Deleted : C:\Program Files (x86)\NCH Software
Folder Deleted : C:\Program Files (x86)\tencent
Folder Deleted : C:\Program Files (x86)\Common Files\tencent
Folder Deleted : C:\Users\aliciaswr\AppData\Local\tencent
Folder Deleted : C:\Users\aliciaswr\AppData\LocalLow\tencent
Folder Deleted : C:\Users\aliciaswr\AppData\Roaming\baidu
Folder Deleted : C:\Users\aliciaswr\AppData\Roaming\NCH Software
Folder Deleted : C:\Users\aliciaswr\AppData\Roaming\tencent
Folder Deleted : C:\Users\All Users\Documents\tencent

***** [ Scheduled Tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKCU\Software\Tencent

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17420


-\\ Mozilla Firefox v33.1.1 (x86 en-US)


-\\ Google Chrome v39.0.2171.65


*************************

AdwCleaner[R1].txt - [4678 octets] - [09/11/2014 16:25:47]
AdwCleaner[R2].txt - [1886 octets] - [11/11/2014 07:16:28]
AdwCleaner[R3].txt - [2255 octets] - [24/11/2014 11:46:10]
AdwCleaner[R4].txt - [1971 octets] - [24/11/2014 13:43:36]
AdwCleaner[S1].txt - [4780 octets] - [09/11/2014 16:31:19]
AdwCleaner[S2].txt - [1856 octets] - [11/11/2014 07:22:49]
AdwCleaner[S3].txt - [2286 octets] - [24/11/2014 11:49:24]
AdwCleaner[S4].txt - [1734 octets] - [24/11/2014 13:45:58]

########## EOF - C:\AdwCleaner\AdwCleaner[S4].txt - [1794 octets] ##########
 

 

 

Do I still need to run Farbar Recovery Scan Tool since I've run it earlier



#8 aliciaswr

aliciaswr
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:06:03 PM

Posted 24 November 2014 - 01:10 AM

Well, I'll just re-run Farbar.  Here's the log:

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 23-11-2014 01
Ran by aliciaswr (administrator) on NALIC3 on 24-11-2014 14:08:59
Running from C:\Users\aliciaswr\Desktop\avsw
Loaded Profile: aliciaswr (Available profiles: aliciaswr & fbwuser)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\VS7DEBUG\MDM.EXE
() C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
() C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(SoftEther VPN Project at University of Tsukuba, Japan.) C:\Program Files\SoftEther VPN Client\vpnclient_x64.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
() C:\OEM\USBDECTION\USBS3S4Detection.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(SoftEther VPN Project at University of Tsukuba, Japan.) C:\Program Files\SoftEther VPN Client\vpnclient_x64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
() C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe
(Avast Software) C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
(Microsoft Corporation) C:\Windows\System32\wisptis.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\ng\ngservice.exe
(Microsoft Corporation) C:\Windows\System32\wisptis.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_223.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_223.exe
(MPC-HC Team) C:\Program Files (x86)\K-Lite Codec Pack\Media Player Classic\mpc-hc_nvo.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SoftEther VPN Client UI Helper] => C:\Program Files\SoftEther VPN Client\vpnclient_x64.exe [4374072 2014-11-21] (SoftEther VPN Project at University of Tsukuba, Japan.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11580520 2010-11-11] (Realtek Semiconductor)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [444904 2012-09-20] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5223016 2014-11-01] (AVAST Software)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SuiteTray] => C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe [340336 2010-09-28] (Egis Technology Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [283160 2010-11-06] (Intel Corporation)
HKLM-x32\...\Run: [Hotkey Utility] => C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe [620136 2011-01-19] ()
HKLM-x32\...\Run: [EgisUpdate] => C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe [201584 2010-09-18] (Egis Technology Inc.)
HKLM-x32\...\Run: [EgisTecPMMUpdate] => C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe [407920 2010-09-18] (Egis Technology Inc.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1075296 2013-04-25] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-22] (Adobe Systems Incorporated)
HKU\S-1-5-19\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid}
HKU\S-1-5-20\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid}
HKU\S-1-5-21-3077078221-4219268691-1026116933-1001\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-3077078221-4219268691-1026116933-1001\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3675352 2013-10-28] (Disc Soft Ltd)
HKU\S-1-5-21-3077078221-4219268691-1026116933-1001\...\MountPoints2: {d883c428-d2a7-11e0-bd88-c89cdc28a8aa} - I:\LaunchU3.exe -a
HKU\S-1-5-18\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid}
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SoftEther VPN Client Manager Startup.lnk
ShortcutTarget: SoftEther VPN Client Manager Startup.lnk -> C:\Program Files\SoftEther VPN Client\vpncmgr_x64.exe (SoftEther VPN Project at University of Tsukuba, Japan.)
ShellIconOverlayIdentifiers: [        CloudBoxOverlay2Error] -> {24E14F82-4372-4e68-A408-B3F68EA4DA78} =>  No File
ShellIconOverlayIdentifiers: [!IconOverlay_Conflict] -> {486C8576-C2C5-42AD-87C6-5E9681633935} => C:\Users\aliciaswr\AppData\Roaming\115\Box\Sync115Ext64.dll (广东雨林木风计算机科技有限公司)
ShellIconOverlayIdentifiers: [!IconOverlay_ForbidSync] -> {683617F1-0DD4-4B24-B87F-73CE23B8440C} => C:\Users\aliciaswr\AppData\Roaming\115\Box\Sync115Ext64.dll (广东雨林木风计算机科技有限公司)
ShellIconOverlayIdentifiers: [!IconOverlay_LargeFile] -> {6B3CB227-0A30-418E-A673-FF1F142D9327} =>  No File
ShellIconOverlayIdentifiers: [!IconOverlay_Synced] -> {B2AF7140-40A1-449E-82B9-2C0876C97AF4} => C:\Users\aliciaswr\AppData\Roaming\115\Box\Sync115Ext64.dll (广东雨林木风计算机科技有限公司)
ShellIconOverlayIdentifiers: [!IconOverlay_Syncing] -> {F3E9E0C3-F30E-4EB1-9926-A5DA9DC2F68D} => C:\Users\aliciaswr\AppData\Roaming\115\Box\Sync115Ext64.dll (广东雨林木风计算机科技有限公司)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
ShellIconOverlayIdentifiers: [115ErrorOverlayIcon] -> {361F6990-0582-4B1B-88D1-294640A2AB65} => C:\Program Files (x86)\115\115com\Shell_x64.dll (广东一一五科技有限公司)
ShellIconOverlayIdentifiers: [115ProcessOverlayIcon] -> {52F2EEDF-65F7-4685-8C30-10F56E1080E6} => C:\Program Files (x86)\115\115com\Shell_x64.dll (广东一一五科技有限公司)
ShellIconOverlayIdentifiers: [115SucceedOverlayIcon] -> {E6DDA755-8C6C-4D06-8765-FEA0DC7F2660} => C:\Program Files (x86)\115\115com\Shell_x64.dll (广东一一五科技有限公司)
ShellIconOverlayIdentifiers: [AAADesktopTips] -> {4562B511-62E9-4533-B7B2-56A8BB10B482} => C:\Users\Public\Thunder Network\KanKan\reghelper\xappex.1.1.1.82.(69).dll (深圳市迅雷网络技术有限公司)
ShellIconOverlayIdentifiers: [FunOverlay] -> {A5662DF9-0C2E-4A56-9FE1-BACFF6966D88} => C:\Users\Public\Fundata\FunSeed64V237.dll (Funshion)
ShellIconOverlayIdentifiers: [KzShlobj] -> {AAA0C5B8-933F-4200-93AD-B143D7FFF9F2} => C:\Program Files\KuaiZip\KZipShell.dll ()
ShellIconOverlayIdentifiers-x32: [AAADesktopTips] -> {4562B511-62E9-4533-B7B2-56A8BB10B482} =>  No File

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-3077078221-4219268691-1026116933-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM-x32 -> DefaultScope value is missing.
SearchScopes: HKU\S-1-5-21-3077078221-4219268691-1026116933-1001 -> DefaultScope {88A5DA86-30CE-4EA4-B0D5-E4F892E7CD21} URL = https://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-3077078221-4219268691-1026116933-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3077078221-4219268691-1026116933-1001 -> {88A5DA86-30CE-4EA4-B0D5-E4F892E7CD21} URL = https://www.google.com/search?q={searchTerms}
BHO: 迅雷下载支持 -> {004B0726-A010-4ABF-8556-FCDB7F1FCA1E} -> C:\Program Files (x86)\Thunder Network\Thunder\BHO\XunleiBHO647.9.16.4670.dll (深圳市迅雷网络技术有限公司)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: No Name -> {3049C3E9-B461-4BC5-8870-4C09146192CA} ->  No File
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: No Name -> {889D2FEB-5411-4565-8998-1DD2C5261283} ->  No File
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: QQÏÂÔØÖúÊÖä¯ÀÀÆ÷¿Ø¼þ -> {C9C7334B-5657-41e1-8F79-F6AACECA05F4} -> C:\Program Files (x86)\Common Files\Tencent\QQMiniDL\49\Browser\QQIEHelper01.dll No File
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
DPF: HKLM-x32 {99CAAA27-FA0C-4FA4-B88A-4AB1CC7A17FE} http://www.netgame.com/mplugin/mglaunch_USAv1005.cab
DPF: HKLM-x32 {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
Handler-x32: http - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: http - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Hosts: Hosts file not detected in the default directory
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254

FireFox:
========
FF ProfilePath: C:\Users\aliciaswr\AppData\Roaming\Mozilla\Firefox\Profiles\taxqrwy2.default
FF Homepage: yahoo.com
FF NetworkProxy: "autoconfig_url", "resource://jid1-zv8ehywtdnutwq-at-jetpack/unblock-youku/data/proxy.pac"
FF NetworkProxy: "type", 2
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_223.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @qvod.com/QvodShare -> C:\Program Files (x86)\QvodPlayer\npShareModule_x64.dll No File
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems)
FF Plugin: adobe.com/AdobeExManDetect -> C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\Win64Plugin\npAdobeExManDetectX64.dll (Adobe Systems)
FF Plugin-x32: @115.com/CheckPluginEx -> C:\Program Files (x86)\115\115com\np_115download_plugin.dll (115.COM Inc.)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_223.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1213153.dll (Adobe Systems, Inc.)
FF Plugin-x32: @baidu.com/npxbdyy -> C:\Program Files\风云影音\BaiduPlayer\npxbdyy.dll No File
FF Plugin-x32: @baidu.com/UploadPlugin -> C:\Users\aliciaswr\AppData\Roaming\baidu\Baidu Uploader\npUploader.dll No File
FF Plugin-x32: @baidu.com/YunWebDetectPlugin -> C:\Users\aliciaswr\AppData\Roaming\baidu\BaiduYunGuanjia\npYunWebDetect.dll No File
FF Plugin-x32: @funshion.com/npFunshion -> C:\Users\aliciaswr\funshion\funshiontools\npFunshion.dll No File
FF Plugin-x32: @java.com/DTPlugin,version=10.60.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.60.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin-x32: @qq.com/npqscall -> C:\Program Files (x86)\Common Files\Tencent\Npchrome\npactivex.dll No File
FF Plugin-x32: @qq.com/QQMiniDLPlugin -> C:\Program Files (x86)\Common Files\Tencent\QQMiniDL\49\Browser\npXFMiniDLPlugin.dll No File
FF Plugin-x32: @qq.com/QQPhotoDrawEx -> C:\Program Files (x86)\Tencent\Qzone\npQQPhotoDrawEx.dll No File
FF Plugin-x32: @qq.com/QzoneMusic -> C:\Program Files (x86)\Tencent\QQMusic\QzoneMusic\npQzoneMusic.dll No File
FF Plugin-x32: @qvod.com/QvodInsert -> C:\Program Files\风云影音\qvod\npQvodInsert.dll No File
FF Plugin-x32: @real.com/nppl3260;version=16.0.0.282 -> c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlchromebrowserrecordext;version=1.3.0 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlhtml5videoshim;version=1.3.0 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlpepperflashvideoshim;version=1.3.0 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpchromebrowserrecordext;version=15.0.4.53 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprphtml5videoshim;version=15.0.4.53 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpplugin;version=16.0.0.282 -> c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF Plugin-x32: @realnetworks.com/npdlplugin;version=1 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF Plugin-x32: @tencent.com/npQQMailWebKit,version=1.0.0.1 -> C:\Program Files (x86)\QQMailPlugin\npQQMailWebKit.dll (Tencent)
FF Plugin-x32: @tencent.com/nptxftnWebKit,version=1.0.0.1 -> C:\Program Files (x86)\QQMailPlugin\nptxftnWebKit.dll (Tencent Technology (Shenzhen) Company Limited)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.8 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @xunlei.com/npxluser -> C:\Program Files (x86)\Common Files\Thunder Network\UserAgent\npxluser2.0.2.3.dll No File
FF Plugin-x32: @xunlei.com/npxunlei;version=1.0.0.2 -> C:\Program Files (x86)\Thunder Network\Thunder\Data\npxunlei1.0.0.2.dll ( )
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
FF Plugin-x32: adobe.com/AdobeExManDetect -> C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\npAdobeExManDetectX86.dll (Adobe Systems)
FF Plugin HKU\S-1-5-21-3077078221-4219268691-1026116933-1001: @xunlei.com/npxluser -> C:\Program Files (x86)\Common Files\Thunder Network\UserAgent\npxluser2.0.2.3.dll No File
FF Plugin HKU\S-1-5-21-3077078221-4219268691-1026116933-1001: @xunlei.com/npxunlei;version=1.0.0.2 -> C:\Program Files (x86)\Thunder Network\Thunder\Data\npxunlei1.0.0.2.dll ( )
FF Plugin HKU\S-1-5-21-3077078221-4219268691-1026116933-1001: pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin HKU\S-1-5-21-3077078221-4219268691-1026116933-1001: zettamedia.co.kr/ZmLauncher -> C:\Users\aliciaswr\AppData\Local\Zettamedia\PdClubBox\npZmLauncher.dll (Zettamedia Co.,Ltd.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Extension: DownloadHelper - C:\Users\aliciaswr\AppData\Roaming\Mozilla\Firefox\Profiles\taxqrwy2.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2014-11-17]
FF Extension: Translate This! - C:\Users\aliciaswr\AppData\Roaming\Mozilla\Firefox\Profiles\taxqrwy2.default\Extensions\jid0-k75TfRGfOXPHfEZmJ9cKu5eCgLc@jetpack.xpi [2014-11-19]
FF Extension: Unblock Youku - C:\Users\aliciaswr\AppData\Roaming\Mozilla\Firefox\Profiles\taxqrwy2.default\Extensions\jid1-zV8eHYwTDNUtwQ@jetpack.xpi [2014-11-19]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\afurladvisor@anchorfree.com [2014-11-17]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2011-09-27]
FF HKLM-x32\...\Firefox\Extensions: [{34712C68-7391-4c47-94F3-8F88D49AD632}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2012-12-26]
FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF HKLM-x32\...\Firefox\Extensions: [{b9bfaf1c-a63f-47cd-0829-29526ced3775}] - C:\Program Files (x86)\Mozilla Firefox\extension\\freeyoubutetomp3.xpi
FF HKLM-x32\...\Firefox\Extensions: [{b9bfaf1c-a63f-47cd-0829-29526ced3667}] - C:\Program Files (x86)\Mozilla Firefox\extension\\getvideosoft.xpi
FF Extension: YouTube Downloader and Converter - C:\Program Files (x86)\Mozilla Firefox\extension\\getvideosoft.xpi [2014-11-17]
FF HKLM-x32\...\Mozilla Firefox 30.0\Extensions: [{b9bfaf1c-a63f-47cd-0829-29526ced3775}] - C:\Program Files (x86)\Mozilla Firefox\extension\\freeyoubutetomp3.xpi
FF HKLM-x32\...\Mozilla Firefox 30.0\Extensions: [{b9bfaf1c-a63f-47cd-0829-29526ced3667}] - C:\Program Files (x86)\Mozilla Firefox\extension\\getvideosoft.xpi

Chrome:
=======
CHR Profile: C:\Users\aliciaswr\AppData\Local\Google\Chrome\User Data\Profile 1
CHR Extension: (Google Slides) - C:\Users\aliciaswr\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-10-23]
CHR Extension: (优酷一键通Sotapit) - C:\Users\aliciaswr\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\alddjbjplgobbllfolehibiclbhmomla [2014-10-23]
CHR Extension: (Google Docs) - C:\Users\aliciaswr\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2014-10-23]
CHR Extension: (Google Drive) - C:\Users\aliciaswr\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-10-23]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\aliciaswr\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-10-23]
CHR Extension: (YouTube) - C:\Users\aliciaswr\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-10-23]
CHR Extension: (Google Search) - C:\Users\aliciaswr\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-10-23]
CHR Extension: (Google Sheets) - C:\Users\aliciaswr\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-10-23]
CHR Extension: (XKit) - C:\Users\aliciaswr\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\fpfgeeomkfdefkckijiabdbogjkdaecd [2014-10-23]
CHR Extension: (Avast Online Security) - C:\Users\aliciaswr\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-10-23]
CHR Extension: (RealDownloader) - C:\Users\aliciaswr\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji [2014-10-23]
CHR Extension: (Google Wallet) - C:\Users\aliciaswr\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-10-23]
CHR Extension: (Unblock Youku) - C:\Users\aliciaswr\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pdnfnkhpgegpcingjbfihlkjeighnddk [2014-10-23]
CHR Extension: (Gmail) - C:\Users\aliciaswr\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-10-23]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-10-23]
CHR HKLM-x32\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2012-11-29]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-10-23] (AVAST Software)
R3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [4012248 2014-10-23] (Avast Software)
S3 npggsvc; C:\Windows\SysWOW64\GameMon.des [4071928 2011-09-16] (INCA Internet Co., Ltd.) [File not signed]
R2 NVSvc; C:\Windows\system32\nvvsvc.exe [1002904 2011-03-09] (NVIDIA Corporation) [File not signed]
R2 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [80896 2010-09-16] () [File not signed]
R2 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [38608 2012-11-29] ()
R2 SDDUpdate; C:\Users\aliciaswr\AppData\Roaming\SNDA\SDUpdate\SDDUpdateSvc.dll [227224 2012-12-26] (SNDA)
R2 SEVPNCLIENT; C:\Program Files\SoftEther VPN Client\vpnclient_x64.exe [4374072 2014-11-21] (SoftEther VPN Project at University of Tsukuba, Japan.)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
R2 USBS3S4Detection; C:\OEM\USBDECTION\USBS3S4Detection.exe [76320 2009-12-09] ()
R2 XLServicePlatform; C:\Program Files (x86)\Common Files\Thunder Network\ServicePlatform\XLSP.dll [174208 2013-12-06] (ShenZhen Xunlei Networking Technologies,LTD)
S2 WindowsOptimizer_P2; C:\Program Files (x86)\Windows Optimizer\P2\optimizer.exe [X]
S2 WindowsVNT_R3; No ImagePath

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 1394hub; C:\Windows\System32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
S3 anvsnddrv; C:\Windows\System32\drivers\anvsnddrv.sys [33872 2012-05-17] (AnvSoft Inc.)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-10-23] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [83280 2014-11-01] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-10-23] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-10-23] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1050432 2014-11-22] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [436624 2014-10-23] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [116728 2014-10-23] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [267632 2014-10-23] ()
S3 DigiartyVirtualCDBus; C:\Windows\System32\drivers\DigiartyVirtualCDBus.sys [276256 2011-11-22] (Digiarty Software, Inc.)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2014-02-05] (Disc Soft Ltd)
S3 hitmanpro37; C:\Windows\system32\drivers\hitmanpro37.sys [43664 2014-11-11] ()
R2 KuaiZipDrive; C:\Windows\system32\drivers\KuaiZipDrive.sys [93992 2011-04-15] (KuaiZip International Inc)
R3 Neo_VPN; C:\Windows\System32\DRIVERS\Neo_0053.sys [28768 2014-11-21] (SoftEther VPN Project at University of Tsukuba, Japan.)
S3 Neo_VPN-JP; C:\Windows\System32\DRIVERS\Neo_0117.sys [28768 2014-02-06] (SoftEther VPN Project at University of Tsukuba, Japan.)
S3 NPPTNT2; C:\Windows\SysWOW64\npptNT2.sys [4682 2005-01-03] (INCA Internet Co., Ltd.) [File not signed]
S3 Serial; C:\Windows\system32\drivers\serial.sys [94208 2009-07-14] (Brother Industries Ltd.)
S3 tapoas; C:\Windows\System32\DRIVERS\tapoas.sys [30720 2011-08-19] (The OpenVPN Project)
R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [270728 2014-10-23] (Avast Software)
R2 YLMFVDISK; C:\Windows\System32\drivers\VirtDisk64.sys [23896 2011-12-09] ()
U2 TMAgent; No ImagePath
S3 VBoxNetFlt; system32\DRIVERS\VBoxNetFlt.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-24 14:00 - 2014-11-24 14:02 - 11142688 _____ () C:\Users\aliciaswr\Desktop\BaiduYunGuanjia_5.0.1.exe
2014-11-24 13:59 - 2014-11-24 13:59 - 01569856 _____ (NCH Software) C:\Users\aliciaswr\Desktop\debutsetup.exe
2014-11-24 13:58 - 2014-11-24 13:58 - 58687672 _____ (Tencent) C:\Users\aliciaswr\Desktop\QQ6.6.exe
2014-11-24 13:53 - 2014-11-24 13:53 - 00000000 ____D () C:\Users\aliciaswr\AppData\Roaming\Tencent
2014-11-24 11:53 - 2014-11-24 14:09 - 00000000 ____D () C:\FRST
2014-11-24 01:06 - 2014-11-24 01:06 - 00000000 ____D () C:\ProgramData\urls
2014-11-22 22:41 - 2014-11-22 22:44 - 00000000 ____D () C:\Users\aliciaswr\Documents\SubtitleWorkshop_6.0b_131121_portable
2014-11-21 20:07 - 2014-11-21 20:07 - 00000000 ____D () C:\Users\aliciaswr\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\NIJI
2014-11-21 19:56 - 2014-11-21 19:56 - 00028768 _____ (SoftEther VPN Project at University of Tsukuba, Japan.) C:\Windows\system32\Drivers\Neo_0053.sys
2014-11-21 19:49 - 2014-11-21 19:49 - 00028768 _____ (SoftEther VPN Project at University of Tsukuba, Japan.) C:\Windows\system32\Drivers\Neo_0105.sys
2014-11-21 19:46 - 2014-11-21 19:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SoftEther VPN Client
2014-11-19 11:04 - 2014-11-11 11:08 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-11-19 11:04 - 2014-11-11 11:08 - 00241152 _____ (Microsoft Corporation) C:\Windows\system32\pku2u.dll
2014-11-19 11:04 - 2014-11-11 10:44 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-11-19 11:04 - 2014-11-11 10:44 - 00186880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pku2u.dll
2014-11-19 01:12 - 2014-11-19 01:12 - 00000000 ____D () C:\Users\aliciaswr\Documents\vobm252eng
2014-11-18 18:44 - 2014-11-18 18:44 - 00000366 _____ () C:\Windows\Tasks\DriverToolkit Autorun.job
2014-11-18 18:43 - 2014-11-18 18:43 - 00000000 ____D () C:\Users\aliciaswr\AppData\Local\DriverToolkit
2014-11-18 18:28 - 2014-11-18 18:28 - 00000000 ____D () C:\Users\aliciaswr\AppData\Roaming\InstallShield
2014-11-18 18:28 - 2014-11-18 18:28 - 00000000 ____D () C:\ProgramData\Ralink Driver
2014-11-18 18:28 - 2010-08-11 11:35 - 00014051 _____ () C:\Windows\SysWOW64\RaCoInst.dat
2014-11-18 14:36 - 2014-11-18 14:36 - 00000000 ____D () C:\Program Files\Reason
2014-11-18 13:04 - 2014-11-24 13:48 - 00003344 _____ () C:\Windows\System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-3077078221-4219268691-1026116933-1001
2014-11-18 13:04 - 2014-11-24 13:48 - 00003218 _____ () C:\Windows\System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-3077078221-4219268691-1026116933-1001
2014-11-17 14:23 - 2014-11-18 17:56 - 00000000 ____D () C:\ProgramData\Optimizer
2014-11-17 13:28 - 2014-11-17 13:28 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-11-15 15:39 - 2014-11-24 13:28 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-11-15 15:39 - 2014-11-15 16:28 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-11-15 15:37 - 2014-11-15 15:37 - 00000000 __SHD () C:\Users\aliciaswr\AppData\Local\EmieBrowserModeList
2014-11-13 14:50 - 2014-11-13 15:30 - 00000000 ____D () C:\Users\aliciaswr\AppData\Roaming\Kunlun
2014-11-13 14:50 - 2014-11-13 14:50 - 00000000 ____D () C:\Users\aliciaswr\AppData\Roaming\KunlunInput
2014-11-13 14:35 - 2014-11-08 03:49 - 00388272 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-11-13 14:35 - 2014-11-08 03:23 - 00341168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-11-13 14:35 - 2014-11-06 12:04 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-11-13 14:35 - 2014-11-06 12:03 - 25110016 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-11-13 14:35 - 2014-11-06 12:03 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-11-13 14:35 - 2014-11-06 11:47 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-11-13 14:35 - 2014-11-06 11:46 - 00580096 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-11-13 14:35 - 2014-11-06 11:46 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-11-13 14:35 - 2014-11-06 11:44 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-11-13 14:35 - 2014-11-06 11:43 - 02884096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-11-13 14:35 - 2014-11-06 11:36 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-11-13 14:35 - 2014-11-06 11:35 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-11-13 14:35 - 2014-11-06 11:31 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-11-13 14:35 - 2014-11-06 11:30 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-11-13 14:35 - 2014-11-06 11:30 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-11-13 14:35 - 2014-11-06 11:29 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-11-13 14:35 - 2014-11-06 11:28 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-11-13 14:35 - 2014-11-06 11:23 - 06040064 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-11-13 14:35 - 2014-11-06 11:20 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-11-13 14:35 - 2014-11-06 11:16 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-11-13 14:35 - 2014-11-06 11:13 - 00501248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-11-13 14:35 - 2014-11-06 11:13 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-11-13 14:35 - 2014-11-06 11:12 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-11-13 14:35 - 2014-11-06 11:10 - 19781632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-11-13 14:35 - 2014-11-06 11:10 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-11-13 14:35 - 2014-11-06 11:07 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-11-13 14:35 - 2014-11-06 11:05 - 02277376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-11-13 14:35 - 2014-11-06 11:04 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-11-13 14:35 - 2014-11-06 11:03 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-11-13 14:35 - 2014-11-06 11:02 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-11-13 14:35 - 2014-11-06 11:00 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-11-13 14:35 - 2014-11-06 11:00 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-11-13 14:35 - 2014-11-06 10:59 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-11-13 14:35 - 2014-11-06 10:58 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-11-13 14:35 - 2014-11-06 10:57 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-11-13 14:35 - 2014-11-06 10:48 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-11-13 14:35 - 2014-11-06 10:42 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-11-13 14:35 - 2014-11-06 10:41 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-11-13 14:35 - 2014-11-06 10:41 - 00716800 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-11-13 14:35 - 2014-11-06 10:39 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-11-13 14:35 - 2014-11-06 10:38 - 02124288 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-11-13 14:35 - 2014-11-06 10:37 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-11-13 14:35 - 2014-11-06 10:36 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-11-13 14:35 - 2014-11-06 10:34 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-11-13 14:35 - 2014-11-06 10:30 - 14390272 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-11-13 14:35 - 2014-11-06 10:22 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-11-13 14:35 - 2014-11-06 10:21 - 04298240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-11-13 14:35 - 2014-11-06 10:21 - 02051072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-11-13 14:35 - 2014-11-06 10:20 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-11-13 14:35 - 2014-11-06 10:17 - 02365440 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-11-13 14:35 - 2014-11-06 10:04 - 01550336 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-11-13 14:35 - 2014-11-06 10:03 - 12819456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-11-13 14:35 - 2014-11-06 09:53 - 00799232 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-11-13 14:35 - 2014-11-06 09:52 - 01892864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-11-13 14:35 - 2014-11-06 09:48 - 01310208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-11-13 14:35 - 2014-11-06 09:47 - 00708096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-11-13 14:31 - 2014-11-06 01:56 - 00304640 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2014-11-13 14:31 - 2014-11-06 01:56 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-11-13 14:31 - 2014-11-06 01:52 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-11-13 14:31 - 2014-10-14 10:16 - 00155064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-11-13 14:31 - 2014-10-14 10:13 - 00683520 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2014-11-13 14:31 - 2014-10-14 10:12 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-11-13 14:31 - 2014-10-14 10:09 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2014-11-13 14:31 - 2014-10-14 10:07 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2014-11-13 14:31 - 2014-10-14 09:50 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-11-13 14:31 - 2014-10-14 09:49 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-11-13 14:31 - 2014-10-14 09:47 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2014-11-13 14:31 - 2014-10-14 09:46 - 00681984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2014-11-13 14:30 - 2014-10-03 10:12 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2014-11-13 14:30 - 2014-10-03 10:11 - 00680960 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2014-11-13 14:30 - 2014-10-03 10:11 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2014-11-13 14:30 - 2014-10-03 10:11 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2014-11-13 14:30 - 2014-10-03 10:11 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2014-11-13 14:30 - 2014-10-03 09:44 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2014-11-13 14:30 - 2014-10-03 09:44 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2014-11-13 14:30 - 2014-10-03 09:44 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2014-11-13 14:30 - 2014-08-21 14:43 - 01882624 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-11-13 14:30 - 2014-08-21 14:40 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-11-13 14:30 - 2014-08-21 14:26 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-11-13 14:30 - 2014-08-21 14:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2014-11-13 14:30 - 2014-08-12 10:02 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10K.DLL
2014-11-13 14:30 - 2014-08-12 09:36 - 00701440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IMJP10K.DLL
2014-11-13 14:29 - 2014-10-25 09:57 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-11-13 14:29 - 2014-10-25 09:32 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2014-11-13 14:29 - 2014-10-10 08:57 - 03198976 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-11-13 14:29 - 2014-09-19 17:42 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-11-13 14:29 - 2014-09-19 17:42 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-11-13 14:29 - 2014-09-19 17:42 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2014-11-13 14:29 - 2014-09-19 17:42 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-11-13 14:29 - 2014-09-19 17:42 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-11-13 14:29 - 2014-09-19 17:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-11-13 14:29 - 2014-09-19 17:23 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-11-13 14:29 - 2014-09-19 17:23 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-11-13 14:29 - 2014-09-19 17:23 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2014-11-13 14:29 - 2014-09-19 17:23 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-11-13 14:29 - 2014-09-19 17:23 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-11-13 14:29 - 2014-09-19 17:23 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-11-13 14:28 - 2014-10-18 10:05 - 00861696 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2014-11-13 14:28 - 2014-10-18 09:33 - 00571904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2014-11-13 14:28 - 2014-10-14 10:13 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-11-13 14:28 - 2014-10-14 09:50 - 02363904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-11-13 12:48 - 2014-11-13 12:48 - 00327896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wucltui.dll
2014-11-13 12:30 - 2014-11-13 12:30 - 00000000 ____D () C:\Windows\CheckSur
2014-11-13 11:33 - 2014-11-13 11:33 - 00120288 _____ (Microsoft Corporation) C:\Windows\system32\wuweb.dll
2014-11-13 11:32 - 2014-11-13 11:32 - 00147456 _____ (Microsoft Corporation) C:\Windows\system32\initpki.dll
2014-11-13 11:31 - 2014-11-13 11:31 - 00118552 _____ (Microsoft Corporation) C:\Windows\system32\wucltui.dll
2014-11-12 21:30 - 2014-11-12 21:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MPC-HC x64
2014-11-12 21:30 - 2014-11-12 21:30 - 00000000 ____D () C:\Program Files\MPC-HC
2014-11-12 15:00 - 2014-11-12 15:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mp3tag
2014-11-11 14:43 - 2014-11-18 17:56 - 00000000 ____D () C:\ProgramData\RogueKiller
2014-11-11 14:43 - 2014-11-11 14:43 - 00037624 _____ () C:\Windows\system32\Drivers\TrueSight.sys
2014-11-11 14:28 - 2014-11-11 14:29 - 00000000 ____D () C:\ProgramData\SUPERSetup
2014-11-11 07:47 - 2014-11-24 14:08 - 00000000 ____D () C:\Users\aliciaswr\Desktop\avsw
2014-11-11 07:17 - 2014-11-18 17:56 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-11-09 16:32 - 2014-11-24 13:47 - 00284088 _____ () C:\Windows\PFRO.log
2014-11-09 16:25 - 2014-11-24 13:46 - 00000000 ____D () C:\AdwCleaner
2014-11-07 19:22 - 2014-11-24 13:48 - 00003584 _____ () C:\Windows\setupact.log
2014-11-07 19:22 - 2014-11-07 19:22 - 00000000 _____ () C:\Windows\setuperr.log
2014-11-07 15:41 - 2014-11-18 13:22 - 00000000 ____D () C:\Users\aliciaswr\AppData\Local\Mozilla
2014-11-07 15:41 - 2014-11-18 13:02 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-11-07 15:41 - 2014-11-07 15:41 - 00001167 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-11-07 15:41 - 2014-11-07 15:41 - 00000000 ____D () C:\Users\aliciaswr\AppData\Roaming\Mozilla
2014-11-06 16:54 - 2014-11-06 16:54 - 00000000 ____D () C:\Users\aliciaswr\Documents\FormatFactory
2014-11-05 18:28 - 2014-11-15 16:28 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-11-05 18:28 - 2014-11-15 16:28 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-11-01 12:57 - 2014-11-01 12:57 - 00000197 _____ () C:\Windows\system32\2014-11-01-04-57-06.042-AvastVBoxSVC.exe-3996.log
2014-11-01 12:50 - 2014-11-01 12:50 - 00000197 _____ () C:\Windows\system32\2014-11-01-04-50-17.020-AvastVBoxSVC.exe-488.log
2014-11-01 12:40 - 2014-11-01 12:41 - 00000197 _____ () C:\Windows\system32\2014-11-01-04-40-44.039-AvastVBoxSVC.exe-6024.log
2014-11-01 12:21 - 2014-11-01 12:21 - 00000197 _____ () C:\Windows\system32\2014-11-01-04-21-15.005-AvastVBoxSVC.exe-4028.log
2014-10-31 14:19 - 2014-10-31 14:19 - 00000000 ____D () C:\Users\aliciaswr\AppData\Roaming\JAM Software
2014-10-31 14:19 - 2014-10-31 14:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TreeSize Free
2014-10-31 14:18 - 2014-10-31 14:18 - 00000000 ____D () C:\Program Files (x86)\JAM Software
2014-10-31 14:12 - 2014-11-17 16:57 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-10-31 14:11 - 2014-10-31 14:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-10-31 14:11 - 2014-10-31 14:11 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-10-31 14:11 - 2014-10-31 14:11 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-10-31 14:11 - 2014-10-01 11:11 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-10-31 14:11 - 2014-10-01 11:11 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-10-31 14:11 - 2014-10-01 11:11 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-10-29 13:29 - 2014-10-29 13:29 - 00000197 _____ () C:\Windows\system32\2014-10-29-05-29-36.067-AvastVBoxSVC.exe-4004.log
2014-10-28 11:50 - 2014-10-28 11:51 - 00000197 _____ () C:\Windows\system32\2014-10-28-03-50-57.006-AvastVBoxSVC.exe-3848.log
2014-10-26 13:44 - 2014-10-26 13:45 - 00000197 _____ () C:\Windows\system32\2014-10-26-05-44-34.088-AvastVBoxSVC.exe-3132.log
2014-10-25 13:51 - 2014-10-25 13:51 - 00000197 _____ () C:\Windows\system32\2014-10-25-05-51-05.079-AvastVBoxSVC.exe-3248.log

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-24 13:56 - 2009-07-14 12:45 - 00024608 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-11-24 13:56 - 2009-07-14 12:45 - 00024608 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-11-24 13:54 - 2011-08-07 14:15 - 00047056 _____ () C:\Users\aliciaswr\Desktop\メモ.txt
2014-11-24 13:48 - 2014-08-17 02:00 - 00000000 ____D () C:\Users\aliciaswr\AppData\Local\Adobe
2014-11-24 13:48 - 2014-02-06 18:52 - 00000000 ____D () C:\Program Files\SoftEther VPN Client
2014-11-24 13:48 - 2014-01-30 10:17 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-11-24 13:48 - 2011-06-03 22:06 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-11-24 13:48 - 2009-07-14 13:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-11-24 13:46 - 2012-05-16 06:07 - 01244633 _____ () C:\Windows\WindowsUpdate.log
2014-11-24 13:10 - 2014-01-30 10:17 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-11-24 12:48 - 2014-03-06 03:39 - 00000000 ____D () C:\Users\aliciaswr\Documents\Tencent Files
2014-11-24 11:41 - 2013-08-07 17:09 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-11-23 23:26 - 2014-02-06 20:13 - 00029906 _____ () C:\Users\aliciaswr\Desktop\SZ_TVradio.txt
2014-11-23 23:15 - 2011-08-07 14:53 - 00000000 ____D () C:\Users\aliciaswr\AppData\Roaming\vlc
2014-11-23 21:31 - 2012-11-14 20:18 - 00000000 ___RD () C:\Users\aliciaswr\Desktop\ArtWorks
2014-11-23 19:28 - 2011-08-07 14:15 - 00069378 _____ () C:\Users\aliciaswr\Desktop\Jchannel.xlsx
2014-11-23 13:48 - 2009-07-14 13:13 - 00837166 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-11-23 13:34 - 2014-01-07 11:49 - 00000000 ___RD () C:\Users\aliciaswr\Desktop\Kikuchi Tsunetoshi
2014-11-23 00:43 - 2012-02-11 09:23 - 00000000 ____D () C:\Users\aliciaswr\AppData\Roaming\Skype
2014-11-22 21:47 - 2011-03-24 15:44 - 00000000 ____D () C:\ProgramData\Skype
2014-11-22 14:44 - 2011-08-07 14:34 - 00000000 ___RD () C:\Users\aliciaswr\Desktop\Audio
2014-11-22 11:38 - 2011-09-27 21:54 - 01050432 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys
2014-11-21 20:48 - 2013-12-30 15:02 - 00000000 ____D () C:\Program Files (x86)\niji
2014-11-21 19:46 - 2014-02-06 18:52 - 00135736 _____ (SoftEther VPN Project at University of Tsukuba, Japan.) C:\Windows\system32\vpncmd.exe
2014-11-21 19:46 - 2014-02-06 18:52 - 00001903 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\SoftEther VPN Client Manager.lnk
2014-11-21 19:39 - 2011-08-07 14:58 - 00000000 ____D () C:\Program Files\Common Files\Adobe
2014-11-21 02:01 - 2014-05-16 17:19 - 00000000 ____D () C:\Users\aliciaswr\AppData\Local\CrashDumps
2014-11-20 22:53 - 2013-06-13 12:30 - 00000000 ____D () C:\Users\aliciaswr\AppData\Roaming\BaiduYunGuanjia
2014-11-20 12:49 - 2011-08-12 22:42 - 00000000 ____D () C:\Users\aliciaswr\AppData\Roaming\Mp3tag
2014-11-19 14:09 - 2013-12-30 18:07 - 00000000 ___RD () C:\Users\aliciaswr\Desktop\FumaKen
2014-11-18 20:57 - 2012-01-05 03:21 - 00000000 ____D () C:\Windows\System32\Tasks\NCH Software
2014-11-18 18:29 - 2011-06-03 22:12 - 00006737 _____ () C:\Windows\system32\RaCoInst.log
2014-11-18 18:28 - 2011-03-24 15:48 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-11-18 18:26 - 2009-07-14 11:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-11-18 17:56 - 2012-10-09 09:48 - 00000000 ____D () C:\ProgramData\PMB Files
2014-11-18 17:56 - 2012-06-16 10:56 - 00000000 ____D () C:\Users\aliciaswr\AppData\Local\Alexander_Nikiforov
2014-11-18 17:56 - 2012-03-11 06:16 - 00000000 ____D () C:\ProgramData\PWD
2014-11-18 17:56 - 2009-07-14 11:20 - 00000000 ____D () C:\Windows\registration
2014-11-18 17:55 - 2011-08-07 13:55 - 00000000 ____D () C:\Users\aliciaswr
2014-11-16 03:05 - 2014-01-30 10:17 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-11-16 03:05 - 2014-01-30 10:17 - 00003642 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-11-15 15:40 - 2014-09-24 19:16 - 00000666 _____ () C:\Users\aliciaswr\.swfinfo
2014-11-15 12:44 - 2014-02-05 16:29 - 00000000 ____D () C:\Users\aliciaswr\Documents\rtmpdumphelper
2014-11-13 17:58 - 2009-07-14 11:20 - 00000000 ____D () C:\Windows\rescache
2014-11-13 14:41 - 2009-07-14 12:45 - 13655376 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-11-13 14:39 - 2014-05-07 18:13 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-11-13 12:27 - 2014-03-05 17:40 - 00000000 ____D () C:\Windows\pss
2014-11-13 01:09 - 2011-08-07 16:31 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-11-13 01:08 - 2013-08-15 02:40 - 00000000 ____D () C:\Windows\system32\MRT
2014-11-13 01:01 - 2011-08-14 09:56 - 103374192 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-11-13 01:01 - 2009-07-14 11:20 - 00000000 ____D () C:\Windows\system32\CatRoot2.old
2014-11-12 15:00 - 2011-08-07 16:18 - 00000000 ____D () C:\Program Files (x86)\Mp3tag
2014-11-11 14:27 - 2011-08-07 13:55 - 00000000 ____D () C:\Users\aliciaswr\AppData\Local\VirtualStore
2014-11-11 07:45 - 2013-11-08 15:09 - 00043664 _____ () C:\Windows\system32\Drivers\hitmanpro37.sys
2014-11-11 07:44 - 2013-11-08 15:07 - 00000692 _____ () C:\Windows\system32\.crusader
2014-11-10 04:56 - 2011-08-07 16:48 - 00000000 ____D () C:\Users\aliciaswr\AppData\Roaming\uTorrent
2014-11-08 00:16 - 2012-12-24 19:46 - 00001976 _____ () C:\Windows\wininit.ini
2014-11-07 15:17 - 2011-08-07 14:09 - 00000000 ___RD () C:\Users\aliciaswr\Desktop\ALIC3
2014-11-05 16:03 - 2014-06-08 20:07 - 00001071 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\LINE.lnk
2014-11-05 16:03 - 2014-06-08 20:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LINE
2014-11-04 14:30 - 2010-11-21 11:27 - 00275080 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-11-01 12:37 - 2011-09-27 21:54 - 00083280 _____ (AVAST Software) C:\Windows\system32\Drivers\aswmonflt.sys
2014-11-01 12:18 - 2009-07-14 11:20 - 00000000 ____D () C:\Windows\L2Schemas
2014-10-27 22:12 - 2012-06-29 16:34 - 00000000 ____D () C:\Users\aliciaswr\AppData\Roaming\Audacity

Some content of TEMP:
====================
C:\Users\aliciaswr\AppData\Local\Temp\qqsafeud.exe
C:\Users\aliciaswr\AppData\Local\Temp\Quarantine.exe
C:\Users\aliciaswr\AppData\Local\Temp\sqlite3.dll
C:\Users\aliciaswr\AppData\Local\Temp\vlc-2.1.5-win32.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-11-15 01:41

==================== End Of Log ============================



#9 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,499 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:04:03 AM

Posted 24 November 2014 - 01:23 AM

Download attached fixlist.txt file and save it to the Desktop.

NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST/FRST64 and press the Fix button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

 

Attached File  fixlist.txt   6.37KB   1 downloads

 

 


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#10 aliciaswr

aliciaswr
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:06:03 PM

Posted 24 November 2014 - 01:27 AM

As requested, here's the fixlog.txt:

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 23-11-2014 01
Ran by aliciaswr at 2014-11-24 14:25:53 Run:1
Running from C:\Users\aliciaswr\Desktop\avsw
Loaded Profile: aliciaswr (Available profiles: aliciaswr & fbwuser)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
ShellIconOverlayIdentifiers: [        CloudBoxOverlay2Error] -> {24E14F82-4372-4e68-A408-B3F68EA4DA78} =>  No File
ShellIconOverlayIdentifiers: [!IconOverlay_LargeFile] -> {6B3CB227-0A30-418E-A673-FF1F142D9327} =>  No File
ShellIconOverlayIdentifiers-x32: [AAADesktopTips] -> {4562B511-62E9-4533-B7B2-56A8BB10B482} =>  No File
SearchScopes: HKLM-x32 -> DefaultScope value is missing.
BHO: 迅雷下载支持 -> {004B0726-A010-4ABF-8556-FCDB7F1FCA1E} -> C:\Program Files (x86)\Thunder Network\Thunder\BHO\XunleiBHO647.9.16.4670.dll (深圳市迅雷网络技术有限公司)
C:\Program Files (x86)\Thunder Network
BHO-x32: No Name -> {889D2FEB-5411-4565-8998-1DD2C5261283} ->  No File
BHO-x32: QQÏÂÔØÖúÊÖä¯ÀÀÆ÷¿Ø¼þ -> {C9C7334B-5657-41e1-8F79-F6AACECA05F4} -> C:\Program Files (x86)\Common Files\Tencent\QQMiniDL\49\Browser\QQIEHelper01.dll (Tencent Technology (Shenzhen) Company Limited)
C:\Program Files (x86)\Common Files\Tencent
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
FF Plugin: @qvod.com/QvodShare -> C:\Program Files (x86)\QvodPlayer\npShareModule_x64.dll No File
FF Plugin-x32: @baidu.com/npxbdyy -> C:\Program Files\风云影音\BaiduPlayer\npxbdyy.dll No File
FF Plugin-x32: @funshion.com/npFunshion -> C:\Users\aliciaswr\funshion\funshiontools\npFunshion.dll No File
FF Plugin-x32: @qq.com/npqscall -> C:\Program Files (x86)\Common Files\Tencent\Npchrome\npactivex.dll (Tencent)
FF Plugin-x32: @qq.com/QQMiniDLPlugin -> C:\Program Files (x86)\Common Files\Tencent\QQMiniDL\49\Browser\npXFMiniDLPlugin.dll (Tencent Technology (Shenzhen) Company Limited)
FF Plugin-x32: @qq.com/QQPhotoDrawEx -> C:\Program Files (x86)\Tencent\Qzone\npQQPhotoDrawEx.dll ()
FF Plugin-x32: @qq.com/QzoneMusic -> C:\Program Files (x86)\Tencent\QQMusic\QzoneMusic\npQzoneMusic.dll (Tencent)
FF Plugin-x32: @qvod.com/QvodInsert -> C:\Program Files\风云影音\qvod\npQvodInsert.dll No File
FF Plugin-x32: @tencent.com/npQQMailWebKit,version=1.0.0.1 -> C:\Program Files (x86)\QQMailPlugin\npQQMailWebKit.dll (Tencent)
FF Plugin-x32: @tencent.com/nptxftnWebKit,version=1.0.0.1 -> C:\Program Files (x86)\QQMailPlugin\nptxftnWebKit.dll (Tencent Technology (Shenzhen) Company Limited)
FF Plugin-x32: @xunlei.com/npxluser -> C:\Program Files (x86)\Common Files\Thunder Network\UserAgent\npxluser2.0.2.3.dll No File
FF Plugin HKU\S-1-5-21-3077078221-4219268691-1026116933-1001: @xunlei.com/npxluser -> C:\Program Files (x86)\Common Files\Thunder Network\UserAgent\npxluser2.0.2.3.dll No File
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\afurladvisor@anchorfree.com [2014-11-17]
S2 WindowsOptimizer_P2; C:\Program Files (x86)\Windows Optimizer\P2\optimizer.exe [X]
S2 WindowsVNT_R3; No ImagePath
U2 TMAgent; No ImagePath
S3 VBoxNetFlt; system32\DRIVERS\VBoxNetFlt.sys [X]
2014-11-17 14:23 - 2014-11-18 17:56 - 00000000 ____D () C:\ProgramData\Optimizer
C:\Users\aliciaswr\AppData\Local\Temp\qqsafeud.exe
C:\Users\aliciaswr\AppData\Local\Temp\Quarantine.exe
C:\Users\aliciaswr\AppData\Local\Temp\sqlite3.dll
C:\Users\aliciaswr\AppData\Local\Temp\vlc-2.1.5-win32.exe
AlternateDataStreams: C:\ProgramData\Temp:0888F409
AlternateDataStreams: C:\ProgramData\Temp:3440EB47
AlternateDataStreams: C:\ProgramData\Temp:66633281
*****************

"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\        CloudBoxOverlay2Error" => Key deleted successfully.
"HKCR\CLSID\{24E14F82-4372-4e68-A408-B3F68EA4DA78}" => Key not found.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\!IconOverlay_LargeFile" => Key deleted successfully.
"HKCR\CLSID\{6B3CB227-0A30-418E-A673-FF1F142D9327}" => Key deleted successfully.
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\AAADesktopTips" => Key deleted successfully.
"HKCR\Wow6432Node\CLSID\{4562B511-62E9-4533-B7B2-56A8BB10B482}" => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{004B0726-A010-4ABF-8556-FCDB7F1FCA1E}" => Key deleted successfully.
"HKCR\CLSID\{004B0726-A010-4ABF-8556-FCDB7F1FCA1E}" => Key deleted successfully.
C:\Program Files (x86)\Thunder Network => Moved successfully.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{889D2FEB-5411-4565-8998-1DD2C5261283}" => Key deleted successfully.
"HKCR\Wow6432Node\CLSID\{889D2FEB-5411-4565-8998-1DD2C5261283}" => Key not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C9C7334B-5657-41e1-8F79-F6AACECA05F4}" => Key deleted successfully.
"HKCR\Wow6432Node\CLSID\{C9C7334B-5657-41e1-8F79-F6AACECA05F4}" => Key deleted successfully.
"C:\Program Files (x86)\Common Files\Tencent" => File/Directory not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} => value deleted successfully.
"HKCR\CLSID\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5}" => Key deleted successfully.
"HKLM\Software\MozillaPlugins\@qvod.com/QvodShare" => Key deleted successfully.
"HKLM\Software\Wow6432Node\MozillaPlugins\@baidu.com/npxbdyy" => Key deleted successfully.
"HKLM\Software\Wow6432Node\MozillaPlugins\@funshion.com/npFunshion" => Key deleted successfully.
"HKLM\Software\Wow6432Node\MozillaPlugins\@qq.com/npqscall" => Key deleted successfully.
C:\Program Files (x86)\Common Files\Tencent\Npchrome\npactivex.dll not found.
"HKLM\Software\Wow6432Node\MozillaPlugins\@qq.com/QQMiniDLPlugin" => Key deleted successfully.
C:\Program Files (x86)\Common Files\Tencent\QQMiniDL\49\Browser\npXFMiniDLPlugin.dll not found.
"HKLM\Software\Wow6432Node\MozillaPlugins\@qq.com/QQPhotoDrawEx" => Key deleted successfully.
C:\Program Files (x86)\Tencent\Qzone\npQQPhotoDrawEx.dll not found.
"HKLM\Software\Wow6432Node\MozillaPlugins\@qq.com/QzoneMusic" => Key deleted successfully.
C:\Program Files (x86)\Tencent\QQMusic\QzoneMusic\npQzoneMusic.dll not found.
"HKLM\Software\Wow6432Node\MozillaPlugins\@qvod.com/QvodInsert" => Key deleted successfully.
"HKLM\Software\Wow6432Node\MozillaPlugins\@tencent.com/npQQMailWebKit,version=1.0.0.1" => Key deleted successfully.
C:\Program Files (x86)\QQMailPlugin\npQQMailWebKit.dll => Moved successfully.
"HKLM\Software\Wow6432Node\MozillaPlugins\@tencent.com/nptxftnWebKit,version=1.0.0.1" => Key deleted successfully.
C:\Program Files (x86)\QQMailPlugin\nptxftnWebKit.dll => Moved successfully.
"HKLM\Software\Wow6432Node\MozillaPlugins\@xunlei.com/npxluser" => Key deleted successfully.
"HKU\S-1-5-21-3077078221-4219268691-1026116933-1001\Software\MozillaPlugins\@xunlei.com/npxluser" => Key deleted successfully.
C:\Program Files (x86)\Common Files\Thunder Network\UserAgent\npxluser2.0.2.3.dll not found.
C:\Program Files (x86)\Mozilla Firefox\browser\extensions\afurladvisor@anchorfree.com => Moved successfully.
WindowsOptimizer_P2 => Service deleted successfully.
WindowsVNT_R3 => Service deleted successfully.
TMAgent => Service deleted successfully.
VBoxNetFlt => Service deleted successfully.
C:\ProgramData\Optimizer => Moved successfully.
C:\Users\aliciaswr\AppData\Local\Temp\qqsafeud.exe => Moved successfully.
C:\Users\aliciaswr\AppData\Local\Temp\Quarantine.exe => Moved successfully.
C:\Users\aliciaswr\AppData\Local\Temp\sqlite3.dll => Moved successfully.
C:\Users\aliciaswr\AppData\Local\Temp\vlc-2.1.5-win32.exe => Moved successfully.
C:\ProgramData\Temp => ":0888F409" ADS removed successfully.
C:\ProgramData\Temp => ":3440EB47" ADS removed successfully.
C:\ProgramData\Temp => ":66633281" ADS removed successfully.

==== End of Fixlog ====



#11 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,499 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:04:03 AM

Posted 24 November 2014 - 01:31 AM

Please run FRST AS you did the first time you ren it and post the new FRST.txt. How is the machine running now?


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#12 aliciaswr

aliciaswr
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:06:03 PM

Posted 24 November 2014 - 01:36 AM

The machine is doing well, there have been no fake popups so far.

 

Here's the new FRST log:

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 23-11-2014 01
Ran by aliciaswr (administrator) on NALIC3 on 24-11-2014 14:34:36
Running from C:\Users\aliciaswr\Desktop\avsw
Loaded Profile: aliciaswr (Available profiles: aliciaswr & fbwuser)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\VS7DEBUG\MDM.EXE
() C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
() C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(SoftEther VPN Project at University of Tsukuba, Japan.) C:\Program Files\SoftEther VPN Client\vpnclient_x64.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
() C:\OEM\USBDECTION\USBS3S4Detection.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(SoftEther VPN Project at University of Tsukuba, Japan.) C:\Program Files\SoftEther VPN Client\vpnclient_x64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
() C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe
(Avast Software) C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
(Microsoft Corporation) C:\Windows\System32\wisptis.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\ng\ngservice.exe
(Microsoft Corporation) C:\Windows\System32\wisptis.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(MPC-HC Team) C:\Program Files (x86)\K-Lite Codec Pack\Media Player Classic\mpc-hc_nvo.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SoftEther VPN Client UI Helper] => C:\Program Files\SoftEther VPN Client\vpnclient_x64.exe [4374072 2014-11-21] (SoftEther VPN Project at University of Tsukuba, Japan.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11580520 2010-11-11] (Realtek Semiconductor)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [444904 2012-09-20] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5223016 2014-11-01] (AVAST Software)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SuiteTray] => C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe [340336 2010-09-28] (Egis Technology Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [283160 2010-11-06] (Intel Corporation)
HKLM-x32\...\Run: [Hotkey Utility] => C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe [620136 2011-01-19] ()
HKLM-x32\...\Run: [EgisUpdate] => C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe [201584 2010-09-18] (Egis Technology Inc.)
HKLM-x32\...\Run: [EgisTecPMMUpdate] => C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe [407920 2010-09-18] (Egis Technology Inc.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1075296 2013-04-25] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-22] (Adobe Systems Incorporated)
HKU\S-1-5-19\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid}
HKU\S-1-5-20\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid}
HKU\S-1-5-21-3077078221-4219268691-1026116933-1001\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-3077078221-4219268691-1026116933-1001\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3675352 2013-10-28] (Disc Soft Ltd)
HKU\S-1-5-21-3077078221-4219268691-1026116933-1001\...\MountPoints2: {d883c428-d2a7-11e0-bd88-c89cdc28a8aa} - I:\LaunchU3.exe -a
HKU\S-1-5-18\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid}
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SoftEther VPN Client Manager Startup.lnk
ShortcutTarget: SoftEther VPN Client Manager Startup.lnk -> C:\Program Files\SoftEther VPN Client\vpncmgr_x64.exe (SoftEther VPN Project at University of Tsukuba, Japan.)
ShellIconOverlayIdentifiers: [!IconOverlay_Conflict] -> {486C8576-C2C5-42AD-87C6-5E9681633935} => C:\Users\aliciaswr\AppData\Roaming\115\Box\Sync115Ext64.dll (广东雨林木风计算机科技有限公司)
ShellIconOverlayIdentifiers: [!IconOverlay_ForbidSync] -> {683617F1-0DD4-4B24-B87F-73CE23B8440C} => C:\Users\aliciaswr\AppData\Roaming\115\Box\Sync115Ext64.dll (广东雨林木风计算机科技有限公司)
ShellIconOverlayIdentifiers: [!IconOverlay_Synced] -> {B2AF7140-40A1-449E-82B9-2C0876C97AF4} => C:\Users\aliciaswr\AppData\Roaming\115\Box\Sync115Ext64.dll (广东雨林木风计算机科技有限公司)
ShellIconOverlayIdentifiers: [!IconOverlay_Syncing] -> {F3E9E0C3-F30E-4EB1-9926-A5DA9DC2F68D} => C:\Users\aliciaswr\AppData\Roaming\115\Box\Sync115Ext64.dll (广东雨林木风计算机科技有限公司)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
ShellIconOverlayIdentifiers: [115ErrorOverlayIcon] -> {361F6990-0582-4B1B-88D1-294640A2AB65} => C:\Program Files (x86)\115\115com\Shell_x64.dll (广东一一五科技有限公司)
ShellIconOverlayIdentifiers: [115ProcessOverlayIcon] -> {52F2EEDF-65F7-4685-8C30-10F56E1080E6} => C:\Program Files (x86)\115\115com\Shell_x64.dll (广东一一五科技有限公司)
ShellIconOverlayIdentifiers: [115SucceedOverlayIcon] -> {E6DDA755-8C6C-4D06-8765-FEA0DC7F2660} => C:\Program Files (x86)\115\115com\Shell_x64.dll (广东一一五科技有限公司)
ShellIconOverlayIdentifiers: [AAADesktopTips] -> {4562B511-62E9-4533-B7B2-56A8BB10B482} => C:\Users\Public\Thunder Network\KanKan\reghelper\xappex.1.1.1.82.(69).dll (深圳市迅雷网络技术有限公司)
ShellIconOverlayIdentifiers: [FunOverlay] -> {A5662DF9-0C2E-4A56-9FE1-BACFF6966D88} => C:\Users\Public\Fundata\FunSeed64V237.dll (Funshion)
ShellIconOverlayIdentifiers: [KzShlobj] -> {AAA0C5B8-933F-4200-93AD-B143D7FFF9F2} => C:\Program Files\KuaiZip\KZipShell.dll ()

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-3077078221-4219268691-1026116933-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKU\S-1-5-21-3077078221-4219268691-1026116933-1001 -> DefaultScope {88A5DA86-30CE-4EA4-B0D5-E4F892E7CD21} URL = https://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-3077078221-4219268691-1026116933-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3077078221-4219268691-1026116933-1001 -> {88A5DA86-30CE-4EA4-B0D5-E4F892E7CD21} URL = https://www.google.com/search?q={searchTerms}
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: No Name -> {3049C3E9-B461-4BC5-8870-4C09146192CA} ->  No File
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
DPF: HKLM-x32 {99CAAA27-FA0C-4FA4-B88A-4AB1CC7A17FE} http://www.netgame.com/mplugin/mglaunch_USAv1005.cab
DPF: HKLM-x32 {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
Handler-x32: http - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: http - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Hosts: Hosts file not detected in the default directory
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254

FireFox:
========
FF ProfilePath: C:\Users\aliciaswr\AppData\Roaming\Mozilla\Firefox\Profiles\taxqrwy2.default
FF Homepage: yahoo.com
FF NetworkProxy: "autoconfig_url", "resource://jid1-zv8ehywtdnutwq-at-jetpack/unblock-youku/data/proxy.pac"
FF NetworkProxy: "type", 2
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_223.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems)
FF Plugin: adobe.com/AdobeExManDetect -> C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\Win64Plugin\npAdobeExManDetectX64.dll (Adobe Systems)
FF Plugin-x32: @115.com/CheckPluginEx -> C:\Program Files (x86)\115\115com\np_115download_plugin.dll (115.COM Inc.)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_223.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1213153.dll (Adobe Systems, Inc.)
FF Plugin-x32: @baidu.com/UploadPlugin -> C:\Users\aliciaswr\AppData\Roaming\baidu\Baidu Uploader\npUploader.dll No File
FF Plugin-x32: @baidu.com/YunWebDetectPlugin -> C:\Users\aliciaswr\AppData\Roaming\baidu\BaiduYunGuanjia\npYunWebDetect.dll No File
FF Plugin-x32: @java.com/DTPlugin,version=10.60.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.60.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin-x32: @real.com/nppl3260;version=16.0.0.282 -> c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlchromebrowserrecordext;version=1.3.0 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlhtml5videoshim;version=1.3.0 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlpepperflashvideoshim;version=1.3.0 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpchromebrowserrecordext;version=15.0.4.53 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprphtml5videoshim;version=15.0.4.53 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpplugin;version=16.0.0.282 -> c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF Plugin-x32: @realnetworks.com/npdlplugin;version=1 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.8 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @xunlei.com/npxunlei;version=1.0.0.2 -> C:\Program Files (x86)\Thunder Network\Thunder\Data\npxunlei1.0.0.2.dll No File
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
FF Plugin-x32: adobe.com/AdobeExManDetect -> C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\npAdobeExManDetectX86.dll (Adobe Systems)
FF Plugin HKU\S-1-5-21-3077078221-4219268691-1026116933-1001: @xunlei.com/npxunlei;version=1.0.0.2 -> C:\Program Files (x86)\Thunder Network\Thunder\Data\npxunlei1.0.0.2.dll No File
FF Plugin HKU\S-1-5-21-3077078221-4219268691-1026116933-1001: pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin HKU\S-1-5-21-3077078221-4219268691-1026116933-1001: zettamedia.co.kr/ZmLauncher -> C:\Users\aliciaswr\AppData\Local\Zettamedia\PdClubBox\npZmLauncher.dll (Zettamedia Co.,Ltd.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Extension: DownloadHelper - C:\Users\aliciaswr\AppData\Roaming\Mozilla\Firefox\Profiles\taxqrwy2.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2014-11-17]
FF Extension: Translate This! - C:\Users\aliciaswr\AppData\Roaming\Mozilla\Firefox\Profiles\taxqrwy2.default\Extensions\jid0-k75TfRGfOXPHfEZmJ9cKu5eCgLc@jetpack.xpi [2014-11-19]
FF Extension: Unblock Youku - C:\Users\aliciaswr\AppData\Roaming\Mozilla\Firefox\Profiles\taxqrwy2.default\Extensions\jid1-zV8eHYwTDNUtwQ@jetpack.xpi [2014-11-19]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2011-09-27]
FF HKLM-x32\...\Firefox\Extensions: [{34712C68-7391-4c47-94F3-8F88D49AD632}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2012-12-26]
FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF HKLM-x32\...\Firefox\Extensions: [{b9bfaf1c-a63f-47cd-0829-29526ced3775}] - C:\Program Files (x86)\Mozilla Firefox\extension\\freeyoubutetomp3.xpi
FF HKLM-x32\...\Firefox\Extensions: [{b9bfaf1c-a63f-47cd-0829-29526ced3667}] - C:\Program Files (x86)\Mozilla Firefox\extension\\getvideosoft.xpi
FF Extension: YouTube Downloader and Converter - C:\Program Files (x86)\Mozilla Firefox\extension\\getvideosoft.xpi [2014-11-17]
FF HKLM-x32\...\Mozilla Firefox 30.0\Extensions: [{b9bfaf1c-a63f-47cd-0829-29526ced3775}] - C:\Program Files (x86)\Mozilla Firefox\extension\\freeyoubutetomp3.xpi
FF HKLM-x32\...\Mozilla Firefox 30.0\Extensions: [{b9bfaf1c-a63f-47cd-0829-29526ced3667}] - C:\Program Files (x86)\Mozilla Firefox\extension\\getvideosoft.xpi

Chrome:
=======
CHR Profile: C:\Users\aliciaswr\AppData\Local\Google\Chrome\User Data\Profile 1
CHR Extension: (Google Slides) - C:\Users\aliciaswr\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-10-23]
CHR Extension: (优酷一键通Sotapit) - C:\Users\aliciaswr\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\alddjbjplgobbllfolehibiclbhmomla [2014-10-23]
CHR Extension: (Google Docs) - C:\Users\aliciaswr\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2014-10-23]
CHR Extension: (Google Drive) - C:\Users\aliciaswr\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-10-23]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\aliciaswr\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-10-23]
CHR Extension: (YouTube) - C:\Users\aliciaswr\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-10-23]
CHR Extension: (Google Search) - C:\Users\aliciaswr\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-10-23]
CHR Extension: (Google Sheets) - C:\Users\aliciaswr\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-10-23]
CHR Extension: (XKit) - C:\Users\aliciaswr\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\fpfgeeomkfdefkckijiabdbogjkdaecd [2014-10-23]
CHR Extension: (Avast Online Security) - C:\Users\aliciaswr\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-10-23]
CHR Extension: (RealDownloader) - C:\Users\aliciaswr\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji [2014-10-23]
CHR Extension: (Google Wallet) - C:\Users\aliciaswr\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-10-23]
CHR Extension: (Unblock Youku) - C:\Users\aliciaswr\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pdnfnkhpgegpcingjbfihlkjeighnddk [2014-10-23]
CHR Extension: (Gmail) - C:\Users\aliciaswr\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-10-23]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-10-23]
CHR HKLM-x32\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2012-11-29]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-10-23] (AVAST Software)
R3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [4012248 2014-10-23] (Avast Software)
S3 npggsvc; C:\Windows\SysWOW64\GameMon.des [4071928 2011-09-16] (INCA Internet Co., Ltd.) [File not signed]
R2 NVSvc; C:\Windows\system32\nvvsvc.exe [1002904 2011-03-09] (NVIDIA Corporation) [File not signed]
R2 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [80896 2010-09-16] () [File not signed]
R2 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [38608 2012-11-29] ()
R2 SDDUpdate; C:\Users\aliciaswr\AppData\Roaming\SNDA\SDUpdate\SDDUpdateSvc.dll [227224 2012-12-26] (SNDA)
R2 SEVPNCLIENT; C:\Program Files\SoftEther VPN Client\vpnclient_x64.exe [4374072 2014-11-21] (SoftEther VPN Project at University of Tsukuba, Japan.)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
R2 USBS3S4Detection; C:\OEM\USBDECTION\USBS3S4Detection.exe [76320 2009-12-09] ()
R2 XLServicePlatform; C:\Program Files (x86)\Common Files\Thunder Network\ServicePlatform\XLSP.dll [174208 2013-12-06] (ShenZhen Xunlei Networking Technologies,LTD)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 1394hub; C:\Windows\System32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
S3 anvsnddrv; C:\Windows\System32\drivers\anvsnddrv.sys [33872 2012-05-17] (AnvSoft Inc.)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-10-23] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [83280 2014-11-01] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-10-23] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-10-23] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1050432 2014-11-22] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [436624 2014-10-23] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [116728 2014-10-23] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [267632 2014-10-23] ()
S3 DigiartyVirtualCDBus; C:\Windows\System32\drivers\DigiartyVirtualCDBus.sys [276256 2011-11-22] (Digiarty Software, Inc.)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2014-02-05] (Disc Soft Ltd)
S3 hitmanpro37; C:\Windows\system32\drivers\hitmanpro37.sys [43664 2014-11-11] ()
R2 KuaiZipDrive; C:\Windows\system32\drivers\KuaiZipDrive.sys [93992 2011-04-15] (KuaiZip International Inc)
R3 Neo_VPN; C:\Windows\System32\DRIVERS\Neo_0053.sys [28768 2014-11-21] (SoftEther VPN Project at University of Tsukuba, Japan.)
S3 Neo_VPN-JP; C:\Windows\System32\DRIVERS\Neo_0117.sys [28768 2014-02-06] (SoftEther VPN Project at University of Tsukuba, Japan.)
S3 NPPTNT2; C:\Windows\SysWOW64\npptNT2.sys [4682 2005-01-03] (INCA Internet Co., Ltd.) [File not signed]
S3 Serial; C:\Windows\system32\drivers\serial.sys [94208 2009-07-14] (Brother Industries Ltd.)
S3 tapoas; C:\Windows\System32\DRIVERS\tapoas.sys [30720 2011-08-19] (The OpenVPN Project)
R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [270728 2014-10-23] (Avast Software)
R2 YLMFVDISK; C:\Windows\System32\drivers\VirtDisk64.sys [23896 2011-12-09] ()

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-24 14:29 - 2014-11-24 14:32 - 31789512 _____ (深圳市迅雷网络技术有限公司) C:\Users\aliciaswr\Desktop\Thunder_dl_7.9.29.4852.1415848356.exe
2014-11-24 14:00 - 2014-11-24 14:02 - 11142688 _____ () C:\Users\aliciaswr\Desktop\BaiduYunGuanjia_5.0.1.exe
2014-11-24 13:59 - 2014-11-24 13:59 - 01569856 _____ (NCH Software) C:\Users\aliciaswr\Desktop\debutsetup.exe
2014-11-24 13:58 - 2014-11-24 13:58 - 58687672 _____ (Tencent) C:\Users\aliciaswr\Desktop\QQ6.6.exe
2014-11-24 13:53 - 2014-11-24 13:53 - 00000000 ____D () C:\Users\aliciaswr\AppData\Roaming\Tencent
2014-11-24 11:53 - 2014-11-24 14:34 - 00000000 ____D () C:\FRST
2014-11-24 01:06 - 2014-11-24 01:06 - 00000000 ____D () C:\ProgramData\urls
2014-11-22 22:41 - 2014-11-22 22:44 - 00000000 ____D () C:\Users\aliciaswr\Documents\SubtitleWorkshop_6.0b_131121_portable
2014-11-21 20:07 - 2014-11-21 20:07 - 00000000 ____D () C:\Users\aliciaswr\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\NIJI
2014-11-21 19:56 - 2014-11-21 19:56 - 00028768 _____ (SoftEther VPN Project at University of Tsukuba, Japan.) C:\Windows\system32\Drivers\Neo_0053.sys
2014-11-21 19:49 - 2014-11-21 19:49 - 00028768 _____ (SoftEther VPN Project at University of Tsukuba, Japan.) C:\Windows\system32\Drivers\Neo_0105.sys
2014-11-21 19:46 - 2014-11-21 19:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SoftEther VPN Client
2014-11-19 11:04 - 2014-11-11 11:08 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-11-19 11:04 - 2014-11-11 11:08 - 00241152 _____ (Microsoft Corporation) C:\Windows\system32\pku2u.dll
2014-11-19 11:04 - 2014-11-11 10:44 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-11-19 11:04 - 2014-11-11 10:44 - 00186880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pku2u.dll
2014-11-19 01:12 - 2014-11-19 01:12 - 00000000 ____D () C:\Users\aliciaswr\Documents\vobm252eng
2014-11-18 18:44 - 2014-11-18 18:44 - 00000366 _____ () C:\Windows\Tasks\DriverToolkit Autorun.job
2014-11-18 18:43 - 2014-11-18 18:43 - 00000000 ____D () C:\Users\aliciaswr\AppData\Local\DriverToolkit
2014-11-18 18:28 - 2014-11-18 18:28 - 00000000 ____D () C:\Users\aliciaswr\AppData\Roaming\InstallShield
2014-11-18 18:28 - 2014-11-18 18:28 - 00000000 ____D () C:\ProgramData\Ralink Driver
2014-11-18 18:28 - 2010-08-11 11:35 - 00014051 _____ () C:\Windows\SysWOW64\RaCoInst.dat
2014-11-18 14:36 - 2014-11-18 14:36 - 00000000 ____D () C:\Program Files\Reason
2014-11-18 13:04 - 2014-11-24 13:48 - 00003344 _____ () C:\Windows\System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-3077078221-4219268691-1026116933-1001
2014-11-18 13:04 - 2014-11-24 13:48 - 00003218 _____ () C:\Windows\System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-3077078221-4219268691-1026116933-1001
2014-11-17 13:28 - 2014-11-17 13:28 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-11-15 15:39 - 2014-11-24 14:28 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-11-15 15:39 - 2014-11-15 16:28 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-11-15 15:37 - 2014-11-15 15:37 - 00000000 __SHD () C:\Users\aliciaswr\AppData\Local\EmieBrowserModeList
2014-11-13 14:50 - 2014-11-13 15:30 - 00000000 ____D () C:\Users\aliciaswr\AppData\Roaming\Kunlun
2014-11-13 14:50 - 2014-11-13 14:50 - 00000000 ____D () C:\Users\aliciaswr\AppData\Roaming\KunlunInput
2014-11-13 14:35 - 2014-11-08 03:49 - 00388272 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-11-13 14:35 - 2014-11-08 03:23 - 00341168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-11-13 14:35 - 2014-11-06 12:04 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-11-13 14:35 - 2014-11-06 12:03 - 25110016 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-11-13 14:35 - 2014-11-06 12:03 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-11-13 14:35 - 2014-11-06 11:47 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-11-13 14:35 - 2014-11-06 11:46 - 00580096 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-11-13 14:35 - 2014-11-06 11:46 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-11-13 14:35 - 2014-11-06 11:44 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-11-13 14:35 - 2014-11-06 11:43 - 02884096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-11-13 14:35 - 2014-11-06 11:36 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-11-13 14:35 - 2014-11-06 11:35 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-11-13 14:35 - 2014-11-06 11:31 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-11-13 14:35 - 2014-11-06 11:30 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-11-13 14:35 - 2014-11-06 11:30 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-11-13 14:35 - 2014-11-06 11:29 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-11-13 14:35 - 2014-11-06 11:28 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-11-13 14:35 - 2014-11-06 11:23 - 06040064 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-11-13 14:35 - 2014-11-06 11:20 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-11-13 14:35 - 2014-11-06 11:16 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-11-13 14:35 - 2014-11-06 11:13 - 00501248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-11-13 14:35 - 2014-11-06 11:13 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-11-13 14:35 - 2014-11-06 11:12 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-11-13 14:35 - 2014-11-06 11:10 - 19781632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-11-13 14:35 - 2014-11-06 11:10 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-11-13 14:35 - 2014-11-06 11:07 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-11-13 14:35 - 2014-11-06 11:05 - 02277376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-11-13 14:35 - 2014-11-06 11:04 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-11-13 14:35 - 2014-11-06 11:03 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-11-13 14:35 - 2014-11-06 11:02 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-11-13 14:35 - 2014-11-06 11:00 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-11-13 14:35 - 2014-11-06 11:00 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-11-13 14:35 - 2014-11-06 10:59 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-11-13 14:35 - 2014-11-06 10:58 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-11-13 14:35 - 2014-11-06 10:57 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-11-13 14:35 - 2014-11-06 10:48 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-11-13 14:35 - 2014-11-06 10:42 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-11-13 14:35 - 2014-11-06 10:41 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-11-13 14:35 - 2014-11-06 10:41 - 00716800 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-11-13 14:35 - 2014-11-06 10:39 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-11-13 14:35 - 2014-11-06 10:38 - 02124288 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-11-13 14:35 - 2014-11-06 10:37 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-11-13 14:35 - 2014-11-06 10:36 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-11-13 14:35 - 2014-11-06 10:34 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-11-13 14:35 - 2014-11-06 10:30 - 14390272 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-11-13 14:35 - 2014-11-06 10:22 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-11-13 14:35 - 2014-11-06 10:21 - 04298240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-11-13 14:35 - 2014-11-06 10:21 - 02051072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-11-13 14:35 - 2014-11-06 10:20 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-11-13 14:35 - 2014-11-06 10:17 - 02365440 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-11-13 14:35 - 2014-11-06 10:04 - 01550336 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-11-13 14:35 - 2014-11-06 10:03 - 12819456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-11-13 14:35 - 2014-11-06 09:53 - 00799232 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-11-13 14:35 - 2014-11-06 09:52 - 01892864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-11-13 14:35 - 2014-11-06 09:48 - 01310208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-11-13 14:35 - 2014-11-06 09:47 - 00708096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-11-13 14:31 - 2014-11-06 01:56 - 00304640 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2014-11-13 14:31 - 2014-11-06 01:56 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-11-13 14:31 - 2014-11-06 01:52 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-11-13 14:31 - 2014-10-14 10:16 - 00155064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-11-13 14:31 - 2014-10-14 10:13 - 00683520 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2014-11-13 14:31 - 2014-10-14 10:12 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-11-13 14:31 - 2014-10-14 10:09 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2014-11-13 14:31 - 2014-10-14 10:07 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2014-11-13 14:31 - 2014-10-14 09:50 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-11-13 14:31 - 2014-10-14 09:49 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-11-13 14:31 - 2014-10-14 09:47 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2014-11-13 14:31 - 2014-10-14 09:46 - 00681984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2014-11-13 14:30 - 2014-10-03 10:12 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2014-11-13 14:30 - 2014-10-03 10:11 - 00680960 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2014-11-13 14:30 - 2014-10-03 10:11 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2014-11-13 14:30 - 2014-10-03 10:11 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2014-11-13 14:30 - 2014-10-03 10:11 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2014-11-13 14:30 - 2014-10-03 09:44 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2014-11-13 14:30 - 2014-10-03 09:44 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2014-11-13 14:30 - 2014-10-03 09:44 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2014-11-13 14:30 - 2014-08-21 14:43 - 01882624 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-11-13 14:30 - 2014-08-21 14:40 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-11-13 14:30 - 2014-08-21 14:26 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-11-13 14:30 - 2014-08-21 14:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2014-11-13 14:30 - 2014-08-12 10:02 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10K.DLL
2014-11-13 14:30 - 2014-08-12 09:36 - 00701440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IMJP10K.DLL
2014-11-13 14:29 - 2014-10-25 09:57 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-11-13 14:29 - 2014-10-25 09:32 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2014-11-13 14:29 - 2014-10-10 08:57 - 03198976 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-11-13 14:29 - 2014-09-19 17:42 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-11-13 14:29 - 2014-09-19 17:42 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-11-13 14:29 - 2014-09-19 17:42 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2014-11-13 14:29 - 2014-09-19 17:42 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-11-13 14:29 - 2014-09-19 17:42 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-11-13 14:29 - 2014-09-19 17:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-11-13 14:29 - 2014-09-19 17:23 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-11-13 14:29 - 2014-09-19 17:23 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-11-13 14:29 - 2014-09-19 17:23 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2014-11-13 14:29 - 2014-09-19 17:23 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-11-13 14:29 - 2014-09-19 17:23 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-11-13 14:29 - 2014-09-19 17:23 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-11-13 14:28 - 2014-10-18 10:05 - 00861696 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2014-11-13 14:28 - 2014-10-18 09:33 - 00571904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2014-11-13 14:28 - 2014-10-14 10:13 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-11-13 14:28 - 2014-10-14 09:50 - 02363904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-11-13 12:48 - 2014-11-13 12:48 - 00327896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wucltui.dll
2014-11-13 12:30 - 2014-11-13 12:30 - 00000000 ____D () C:\Windows\CheckSur
2014-11-13 11:33 - 2014-11-13 11:33 - 00120288 _____ (Microsoft Corporation) C:\Windows\system32\wuweb.dll
2014-11-13 11:32 - 2014-11-13 11:32 - 00147456 _____ (Microsoft Corporation) C:\Windows\system32\initpki.dll
2014-11-13 11:31 - 2014-11-13 11:31 - 00118552 _____ (Microsoft Corporation) C:\Windows\system32\wucltui.dll
2014-11-12 21:30 - 2014-11-12 21:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MPC-HC x64
2014-11-12 21:30 - 2014-11-12 21:30 - 00000000 ____D () C:\Program Files\MPC-HC
2014-11-12 15:00 - 2014-11-12 15:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mp3tag
2014-11-11 14:43 - 2014-11-18 17:56 - 00000000 ____D () C:\ProgramData\RogueKiller
2014-11-11 14:43 - 2014-11-11 14:43 - 00037624 _____ () C:\Windows\system32\Drivers\TrueSight.sys
2014-11-11 14:28 - 2014-11-11 14:29 - 00000000 ____D () C:\ProgramData\SUPERSetup
2014-11-11 07:47 - 2014-11-24 14:34 - 00000000 ____D () C:\Users\aliciaswr\Desktop\avsw
2014-11-11 07:17 - 2014-11-18 17:56 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-11-09 16:32 - 2014-11-24 13:47 - 00284088 _____ () C:\Windows\PFRO.log
2014-11-09 16:25 - 2014-11-24 13:46 - 00000000 ____D () C:\AdwCleaner
2014-11-07 19:22 - 2014-11-24 13:48 - 00003584 _____ () C:\Windows\setupact.log
2014-11-07 19:22 - 2014-11-07 19:22 - 00000000 _____ () C:\Windows\setuperr.log
2014-11-07 15:41 - 2014-11-18 13:22 - 00000000 ____D () C:\Users\aliciaswr\AppData\Local\Mozilla
2014-11-07 15:41 - 2014-11-18 13:02 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-11-07 15:41 - 2014-11-07 15:41 - 00001167 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-11-07 15:41 - 2014-11-07 15:41 - 00000000 ____D () C:\Users\aliciaswr\AppData\Roaming\Mozilla
2014-11-06 16:54 - 2014-11-06 16:54 - 00000000 ____D () C:\Users\aliciaswr\Documents\FormatFactory
2014-11-05 18:28 - 2014-11-15 16:28 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-11-05 18:28 - 2014-11-15 16:28 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-11-01 12:57 - 2014-11-01 12:57 - 00000197 _____ () C:\Windows\system32\2014-11-01-04-57-06.042-AvastVBoxSVC.exe-3996.log
2014-11-01 12:50 - 2014-11-01 12:50 - 00000197 _____ () C:\Windows\system32\2014-11-01-04-50-17.020-AvastVBoxSVC.exe-488.log
2014-11-01 12:40 - 2014-11-01 12:41 - 00000197 _____ () C:\Windows\system32\2014-11-01-04-40-44.039-AvastVBoxSVC.exe-6024.log
2014-11-01 12:21 - 2014-11-01 12:21 - 00000197 _____ () C:\Windows\system32\2014-11-01-04-21-15.005-AvastVBoxSVC.exe-4028.log
2014-10-31 14:19 - 2014-10-31 14:19 - 00000000 ____D () C:\Users\aliciaswr\AppData\Roaming\JAM Software
2014-10-31 14:19 - 2014-10-31 14:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TreeSize Free
2014-10-31 14:18 - 2014-10-31 14:18 - 00000000 ____D () C:\Program Files (x86)\JAM Software
2014-10-31 14:12 - 2014-11-17 16:57 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-10-31 14:11 - 2014-10-31 14:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-10-31 14:11 - 2014-10-31 14:11 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-10-31 14:11 - 2014-10-31 14:11 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-10-31 14:11 - 2014-10-01 11:11 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-10-31 14:11 - 2014-10-01 11:11 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-10-31 14:11 - 2014-10-01 11:11 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-10-29 13:29 - 2014-10-29 13:29 - 00000197 _____ () C:\Windows\system32\2014-10-29-05-29-36.067-AvastVBoxSVC.exe-4004.log
2014-10-28 11:50 - 2014-10-28 11:51 - 00000197 _____ () C:\Windows\system32\2014-10-28-03-50-57.006-AvastVBoxSVC.exe-3848.log
2014-10-26 13:44 - 2014-10-26 13:45 - 00000197 _____ () C:\Windows\system32\2014-10-26-05-44-34.088-AvastVBoxSVC.exe-3132.log
2014-10-25 13:51 - 2014-10-25 13:51 - 00000197 _____ () C:\Windows\system32\2014-10-25-05-51-05.079-AvastVBoxSVC.exe-3248.log

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-24 14:26 - 2014-03-21 18:26 - 00000000 ____D () C:\Program Files (x86)\QQMailPlugin
2014-11-24 14:25 - 2014-05-16 17:19 - 00000000 ____D () C:\Users\aliciaswr\AppData\Local\CrashDumps
2014-11-24 14:10 - 2014-01-30 10:17 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-11-24 13:56 - 2009-07-14 12:45 - 00024608 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-11-24 13:56 - 2009-07-14 12:45 - 00024608 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-11-24 13:54 - 2011-08-07 14:15 - 00047056 _____ () C:\Users\aliciaswr\Desktop\メモ.txt
2014-11-24 13:53 - 2012-05-16 06:07 - 01244633 _____ () C:\Windows\WindowsUpdate.log
2014-11-24 13:48 - 2014-08-17 02:00 - 00000000 ____D () C:\Users\aliciaswr\AppData\Local\Adobe
2014-11-24 13:48 - 2014-02-06 18:52 - 00000000 ____D () C:\Program Files\SoftEther VPN Client
2014-11-24 13:48 - 2014-01-30 10:17 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-11-24 13:48 - 2011-06-03 22:06 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-11-24 13:48 - 2009-07-14 13:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-11-24 12:48 - 2014-03-06 03:39 - 00000000 ____D () C:\Users\aliciaswr\Documents\Tencent Files
2014-11-24 11:41 - 2013-08-07 17:09 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-11-23 23:26 - 2014-02-06 20:13 - 00029906 _____ () C:\Users\aliciaswr\Desktop\SZ_TVradio.txt
2014-11-23 23:15 - 2011-08-07 14:53 - 00000000 ____D () C:\Users\aliciaswr\AppData\Roaming\vlc
2014-11-23 21:31 - 2012-11-14 20:18 - 00000000 ___RD () C:\Users\aliciaswr\Desktop\ArtWorks
2014-11-23 19:28 - 2011-08-07 14:15 - 00069378 _____ () C:\Users\aliciaswr\Desktop\Jchannel.xlsx
2014-11-23 13:48 - 2009-07-14 13:13 - 00837166 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-11-23 13:34 - 2014-01-07 11:49 - 00000000 ___RD () C:\Users\aliciaswr\Desktop\Kikuchi Tsunetoshi
2014-11-23 00:43 - 2012-02-11 09:23 - 00000000 ____D () C:\Users\aliciaswr\AppData\Roaming\Skype
2014-11-22 21:47 - 2011-03-24 15:44 - 00000000 ____D () C:\ProgramData\Skype
2014-11-22 14:44 - 2011-08-07 14:34 - 00000000 ___RD () C:\Users\aliciaswr\Desktop\Audio
2014-11-22 11:38 - 2011-09-27 21:54 - 01050432 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys
2014-11-21 20:48 - 2013-12-30 15:02 - 00000000 ____D () C:\Program Files (x86)\niji
2014-11-21 19:46 - 2014-02-06 18:52 - 00135736 _____ (SoftEther VPN Project at University of Tsukuba, Japan.) C:\Windows\system32\vpncmd.exe
2014-11-21 19:46 - 2014-02-06 18:52 - 00001903 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\SoftEther VPN Client Manager.lnk
2014-11-21 19:39 - 2011-08-07 14:58 - 00000000 ____D () C:\Program Files\Common Files\Adobe
2014-11-20 22:53 - 2013-06-13 12:30 - 00000000 ____D () C:\Users\aliciaswr\AppData\Roaming\BaiduYunGuanjia
2014-11-20 12:49 - 2011-08-12 22:42 - 00000000 ____D () C:\Users\aliciaswr\AppData\Roaming\Mp3tag
2014-11-19 14:09 - 2013-12-30 18:07 - 00000000 ___RD () C:\Users\aliciaswr\Desktop\FumaKen
2014-11-18 20:57 - 2012-01-05 03:21 - 00000000 ____D () C:\Windows\System32\Tasks\NCH Software
2014-11-18 18:29 - 2011-06-03 22:12 - 00006737 _____ () C:\Windows\system32\RaCoInst.log
2014-11-18 18:28 - 2011-03-24 15:48 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-11-18 18:26 - 2009-07-14 11:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-11-18 17:56 - 2012-10-09 09:48 - 00000000 ____D () C:\ProgramData\PMB Files
2014-11-18 17:56 - 2012-06-16 10:56 - 00000000 ____D () C:\Users\aliciaswr\AppData\Local\Alexander_Nikiforov
2014-11-18 17:56 - 2012-03-11 06:16 - 00000000 ____D () C:\ProgramData\PWD
2014-11-18 17:56 - 2009-07-14 11:20 - 00000000 ____D () C:\Windows\registration
2014-11-18 17:55 - 2011-08-07 13:55 - 00000000 ____D () C:\Users\aliciaswr
2014-11-16 03:05 - 2014-01-30 10:17 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-11-16 03:05 - 2014-01-30 10:17 - 00003642 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-11-15 15:40 - 2014-09-24 19:16 - 00000666 _____ () C:\Users\aliciaswr\.swfinfo
2014-11-15 12:44 - 2014-02-05 16:29 - 00000000 ____D () C:\Users\aliciaswr\Documents\rtmpdumphelper
2014-11-13 17:58 - 2009-07-14 11:20 - 00000000 ____D () C:\Windows\rescache
2014-11-13 14:41 - 2009-07-14 12:45 - 13655376 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-11-13 14:39 - 2014-05-07 18:13 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-11-13 12:27 - 2014-03-05 17:40 - 00000000 ____D () C:\Windows\pss
2014-11-13 01:09 - 2011-08-07 16:31 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-11-13 01:08 - 2013-08-15 02:40 - 00000000 ____D () C:\Windows\system32\MRT
2014-11-13 01:01 - 2011-08-14 09:56 - 103374192 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-11-13 01:01 - 2009-07-14 11:20 - 00000000 ____D () C:\Windows\system32\CatRoot2.old
2014-11-12 15:00 - 2011-08-07 16:18 - 00000000 ____D () C:\Program Files (x86)\Mp3tag
2014-11-11 14:27 - 2011-08-07 13:55 - 00000000 ____D () C:\Users\aliciaswr\AppData\Local\VirtualStore
2014-11-11 07:45 - 2013-11-08 15:09 - 00043664 _____ () C:\Windows\system32\Drivers\hitmanpro37.sys
2014-11-11 07:44 - 2013-11-08 15:07 - 00000692 _____ () C:\Windows\system32\.crusader
2014-11-10 04:56 - 2011-08-07 16:48 - 00000000 ____D () C:\Users\aliciaswr\AppData\Roaming\uTorrent
2014-11-08 00:16 - 2012-12-24 19:46 - 00001976 _____ () C:\Windows\wininit.ini
2014-11-07 15:17 - 2011-08-07 14:09 - 00000000 ___RD () C:\Users\aliciaswr\Desktop\ALIC3
2014-11-05 16:03 - 2014-06-08 20:07 - 00001071 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\LINE.lnk
2014-11-05 16:03 - 2014-06-08 20:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LINE
2014-11-04 14:30 - 2010-11-21 11:27 - 00275080 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-11-01 12:37 - 2011-09-27 21:54 - 00083280 _____ (AVAST Software) C:\Windows\system32\Drivers\aswmonflt.sys
2014-11-01 12:18 - 2009-07-14 11:20 - 00000000 ____D () C:\Windows\L2Schemas
2014-10-27 22:12 - 2012-06-29 16:34 - 00000000 ____D () C:\Users\aliciaswr\AppData\Roaming\Audacity

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-11-15 01:41

==================== End Of Log ============================



#13 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,499 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:04:03 AM

Posted 24 November 2014 - 01:47 AM

  • Download Emsisoft Emergency Kit and save it to your desktop.
  • Double click on the EmsisoftEmergencyKit.exe icon, click Run then Extract
  • Double click the Start Emsisoft Emergency Kit icon that will appear after extraction
  • Click Yes to update the program
  • Once the update is completed click the Back button
  • Click on 2. Scan (not Quick Scan or Smart Scan)
  • Click Yes to detect Potentially Unwanted Programs (PUPs)
  • Patiently wait for the thorough scan to complete, this can be a lengthy process
  • Once completed click Quarantine selected objects (if computer is clean you will not have this option) then click OK
  • Click View Report
  • Attach the report to your reply
  • Close the program then click Close


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#14 aliciaswr

aliciaswr
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:06:03 PM

Posted 24 November 2014 - 04:15 AM

As requested, you can find the report of Emsisoft Emergency Kit scan attached.

Attached Files



#15 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,499 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:04:03 AM

Posted 24 November 2014 - 12:12 PM

How is your machine running now?


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users