Jump to content

silent_orchestra91

Honorary Members
 View Profile  See their activity

  • Posts

    42

  • Joined

  • Last visited

Reputation

0 Neutral
  1. silent_orchestra91
    Dear Kevin, So sorry for the late reply. Was involved in a production. Anyway I have already ran the steps above. Will this be the end of the disinfection? Thank you for your help.
  2. silent_orchestra91
    Dear Kevin, Sorry for the late reply. As of now there are no issues or concerns. So with this, I can be sure that the threats have already been removed from my computer? If so, we can start to clean up. Thank you.
  3. silent_orchestra91
    Dear Kevin, I have already created the .bat file and ran it. How do I proceed from here? Thank you.
  4. silent_orchestra91
    Dear Kevin, I just finished running the scan and this is what ESET detected. I also put a checked next to the 2 options to scan for and potentially dangerous/unwanted progs before running the scan. So I am guessing the results below may be false positives? ___________________________________________________- C:\Users\Joon Kiat\AppData\Local\Temp\foxC2F4.tmp\Foxit Reader en5.4.5.124(toolbar) Setup.exe multiple threats D:\FoxitReader542.0901_enu_Setup.exe a variant of Win32/Bundled.Toolbar.Ask application
  5. silent_orchestra91
    Dear Kevin, Pardon my slow and late replies as I am really busy these few days. I will reply you by this saturday with a log of the scan. Sorry.
  6. silent_orchestra91
    Dear Kevin, This message came up when I was using IE to run ESET. Should I proceed as I seem to need to download an additional utility. Thank you. Internet browser supportYou are trying to launch ESET Online Scanner in a different browser than Internet Explorer. Please agree to the download of ESET Smart Installer - an application which installs and launches ESET Online Scanner in a separate window. At the end of the scan, there will be an option to uninstall ESET Online Scanner and all its components. To download ESET Smart Installer click the link below. esetsmartinstaller_enu.exeAfter successful installation of ESET Smart Installer is ESET Online Scanner launched in a new window.
  7. silent_orchestra91
    Dear Kevin, I have attached the logs as requested. Sorry about the slow replies, am busy with work. Just a question, what does the fixing do? Thank you. _______________________________________ Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 29-01-2014 Ran by Joon Kiat at 2014-01-29 16:40:25 Run:1 Running from C:\Users\Joon Kiat\Desktop Boot Mode: Normal ============================================== Content of fixlist: ***************** Start HKLM-x32\...\Run: [mobilegeni daemon] - C:\Program Files (x86)\Mobogenie\DaemonProcess.exe C:\Program Files (x86)\Mobogenie CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION U3 BcmSqlStartupSvc; U2 CLKMSVC10_3A60B698; U2 CLKMSVC10_C3B3B687; U2 DriverService; U2 iATAgentService; U2 idealife Update Service; U3 IGRS; U2 IviRegMgr; U2 Oasis2Service; U2 PCCarerService; U2 ReadyComm.DirectRouter; U2 RichVideo; U2 RtLedService; U2 SeaPort; U2 SoftwareService; U3 SQLWriter; C:\Users\Joon Kiat\AppData\Local\Temp\BackupSetup.exe C:\Users\Joon Kiat\AppData\Local\Temp\Checkupdate.exe C:\Users\Joon Kiat\AppData\Local\Temp\Foxit Reader Updater.exe C:\Users\Joon Kiat\AppData\Local\Temp\Foxit Updater.exe C:\Users\Joon Kiat\AppData\Local\Temp\gcapi_dll.dll C:\Users\Joon Kiat\AppData\Local\Temp\gtapi_signed.dll C:\Users\Joon Kiat\AppData\Local\Temp\jre-7u11-windows-i586-iftw.exe C:\Users\Joon Kiat\AppData\Local\Temp\jre-7u17-windows-i586-iftw.exe C:\Users\Joon Kiat\AppData\Local\Temp\jre-7u21-windows-i586-iftw.exe C:\Users\Joon Kiat\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe C:\Users\Joon Kiat\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe C:\Users\Joon Kiat\AppData\Local\Temp\OfficeSetup.exe C:\Users\Joon Kiat\AppData\Local\Temp\vcredist_x64.exe C:\Users\Joon Kiat\AppData\Local\Temp\vlc-2.0.4-win32.exe C:\Users\Joon Kiat\AppData\Local\Temp\vlc-2.0.5-win32.exe C:\Users\Joon Kiat\AppData\Local\Temp\vlc-2.0.7-win32.exe C:\Users\Joon Kiat\AppData\Local\Temp\vlc-2.0.8-win32.exe C:\Users\Joon Kiat\AppData\Local\Temp\vlc-2.1.1-win32.exe C:\Users\Joon Kiat\AppData\Local\Temp\vlc-2.1.2-win32.exe 2014-01-29 01:30 - 2014-01-29 01:30 - 00098816 _____ () C:\Users\Joon Kiat\AppData\Local\Temp\_MEI65282\win32api.pyd 2014-01-29 01:30 - 2014-01-29 01:30 - 00110080 _____ () C:\Users\Joon Kiat\AppData\Local\Temp\_MEI65282\PyWinTypes27.dll 2014-01-29 01:30 - 2014-01-29 01:30 - 00364544 _____ () C:\Users\Joon Kiat\AppData\Local\Temp\_MEI65282\pythoncom27.dll 2014-01-29 01:30 - 2014-01-29 01:30 - 00044032 _____ () C:\Users\Joon Kiat\AppData\Local\Temp\_MEI65282\_socket.pyd 2014-01-29 01:30 - 2014-01-29 01:30 - 01153024 _____ () C:\Users\Joon Kiat\AppData\Local\Temp\_MEI65282\_ssl.pyd 2014-01-29 01:30 - 2014-01-29 01:30 - 00320512 _____ () C:\Users\Joon Kiat\AppData\Local\Temp\_MEI65282\win32com.shell.shell.pyd 2014-01-29 01:30 - 2014-01-29 01:30 - 00711680 _____ () C:\Users\Joon Kiat\AppData\Local\Temp\_MEI65282\_hashlib.pyd 2014-01-29 01:30 - 2014-01-29 01:30 - 01175040 _____ () C:\Users\Joon Kiat\AppData\Local\Temp\_MEI65282\wx._core_.pyd 2014-01-29 01:30 - 2014-01-29 01:30 - 00805888 _____ () C:\Users\Joon Kiat\AppData\Local\Temp\_MEI65282\wx._gdi_.pyd 2014-01-29 01:30 - 2014-01-29 01:30 - 00811008 _____ () C:\Users\Joon Kiat\AppData\Local\Temp\_MEI65282\wx._windows_.pyd 2014-01-29 01:30 - 2014-01-29 01:30 - 01062400 _____ () C:\Users\Joon Kiat\AppData\Local\Temp\_MEI65282\wx._controls_.pyd 2014-01-29 01:30 - 2014-01-29 01:30 - 00735232 _____ () C:\Users\Joon Kiat\AppData\Local\Temp\_MEI65282\wx._misc_.pyd 2014-01-29 01:30 - 2014-01-29 01:30 - 00128512 _____ () C:\Users\Joon Kiat\AppData\Local\Temp\_MEI65282\_elementtree.pyd 2014-01-29 01:30 - 2014-01-29 01:30 - 00127488 _____ () C:\Users\Joon Kiat\AppData\Local\Temp\_MEI65282\pyexpat.pyd 2014-01-29 01:30 - 2014-01-29 01:30 - 00557056 _____ () C:\Users\Joon Kiat\AppData\Local\Temp\_MEI65282\pysqlite2._sqlite.pyd 2014-01-29 01:30 - 2014-01-29 01:30 - 00087040 _____ () C:\Users\Joon Kiat\AppData\Local\Temp\_MEI65282\_ctypes.pyd 2014-01-29 01:30 - 2014-01-29 01:30 - 00119808 _____ () C:\Users\Joon Kiat\AppData\Local\Temp\_MEI65282\win32file.pyd 2014-01-29 01:30 - 2014-01-29 01:30 - 00108544 _____ () C:\Users\Joon Kiat\AppData\Local\Temp\_MEI65282\win32security.pyd 2014-01-29 01:30 - 2014-01-29 01:30 - 00018432 _____ () C:\Users\Joon Kiat\AppData\Local\Temp\_MEI65282\win32event.pyd 2014-01-29 01:30 - 2014-01-29 01:30 - 00038912 _____ () C:\Users\Joon Kiat\AppData\Local\Temp\_MEI65282\win32inet.pyd 2014-01-29 01:30 - 2014-01-29 01:30 - 00122368 _____ () C:\Users\Joon Kiat\AppData\Local\Temp\_MEI65282\wx._wizard.pyd 2014-01-29 01:30 - 2014-01-29 01:30 - 00026624 _____ () C:\Users\Joon Kiat\AppData\Local\Temp\_MEI65282\_multiprocessing.pyd 2014-01-29 01:30 - 2014-01-29 01:30 - 00070656 _____ () C:\Users\Joon Kiat\AppData\Local\Temp\_MEI65282\wx._html2.pyd 2014-01-29 01:30 - 2014-01-29 01:30 - 00010240 _____ () C:\Users\Joon Kiat\AppData\Local\Temp\_MEI65282\select.pyd 2014-01-29 01:30 - 2014-01-29 01:30 - 00686080 _____ () C:\Users\Joon Kiat\AppData\Local\Temp\_MEI65282\unicodedata.pyd 2014-01-29 01:30 - 2014-01-29 01:30 - 00025600 _____ () C:\Users\Joon Kiat\AppData\Local\Temp\_MEI65282\win32pdh.pyd 2014-01-29 01:30 - 2014-01-29 01:30 - 00521680 _____ () C:\Users\Joon Kiat\AppData\Local\Temp\_MEI65282\windows._lib_cacheinvalidation.pyd 2014-01-29 01:30 - 2014-01-29 01:30 - 00011264 _____ () C:\Users\Joon Kiat\AppData\Local\Temp\_MEI65282\win32crypt.pyd 2014-01-29 01:30 - 2014-01-29 01:30 - 00024064 _____ () C:\Users\Joon Kiat\AppData\Local\Temp\_MEI65282\win32pipe.pyd 2014-01-29 01:30 - 2014-01-29 01:30 - 00035840 _____ () C:\Users\Joon Kiat\AppData\Local\Temp\_MEI65282\win32process.pyd 2014-01-29 01:30 - 2014-01-29 01:30 - 00017408 _____ () C:\Users\Joon Kiat\AppData\Local\Temp\_MEI65282\win32profile.pyd 2014-01-29 01:30 - 2014-01-29 01:30 - 00022528 _____ () C:\Users\Joon Kiat\AppData\Local\Temp\_MEI65282\win32ts.pyd AlternateDataStreams: C:\ProgramData\Temp:56E2E879 AlternateDataStreams: C:\ProgramData\Temp:5C321E34 End ***************** HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\mobilegeni daemon => Value deleted successfully. "C:\Program Files (x86)\Mobogenie" => File/Directory not found. HKLM\SOFTWARE\Policies\Google => Key deleted successfully. BcmSqlStartupSvc => Service deleted successfully. CLKMSVC10_3A60B698 => Service deleted successfully. CLKMSVC10_C3B3B687 => Service deleted successfully. DriverService => Service deleted successfully. iATAgentService => Service deleted successfully. idealife Update Service => Service deleted successfully. IGRS => Service deleted successfully. IviRegMgr => Service deleted successfully. Oasis2Service => Service deleted successfully. PCCarerService => Service deleted successfully. ReadyComm.DirectRouter => Service deleted successfully. RichVideo => Service deleted successfully. RtLedService => Service deleted successfully. SeaPort => Service deleted successfully. SoftwareService => Service deleted successfully. SQLWriter => Service deleted successfully. C:\Users\Joon Kiat\AppData\Local\Temp\BackupSetup.exe => Moved successfully. C:\Users\Joon Kiat\AppData\Local\Temp\Checkupdate.exe => Moved successfully. C:\Users\Joon Kiat\AppData\Local\Temp\Foxit Reader Updater.exe => Moved successfully. C:\Users\Joon Kiat\AppData\Local\Temp\Foxit Updater.exe => Moved successfully. C:\Users\Joon Kiat\AppData\Local\Temp\gcapi_dll.dll => Moved successfully. C:\Users\Joon Kiat\AppData\Local\Temp\gtapi_signed.dll => Moved successfully. C:\Users\Joon Kiat\AppData\Local\Temp\jre-7u11-windows-i586-iftw.exe => Moved successfully. C:\Users\Joon Kiat\AppData\Local\Temp\jre-7u17-windows-i586-iftw.exe => Moved successfully. C:\Users\Joon Kiat\AppData\Local\Temp\jre-7u21-windows-i586-iftw.exe => Moved successfully. C:\Users\Joon Kiat\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe => Moved successfully. C:\Users\Joon Kiat\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe => Moved successfully. C:\Users\Joon Kiat\AppData\Local\Temp\OfficeSetup.exe => Moved successfully. C:\Users\Joon Kiat\AppData\Local\Temp\vcredist_x64.exe => Moved successfully. C:\Users\Joon Kiat\AppData\Local\Temp\vlc-2.0.4-win32.exe => Moved successfully. C:\Users\Joon Kiat\AppData\Local\Temp\vlc-2.0.5-win32.exe => Moved successfully. C:\Users\Joon Kiat\AppData\Local\Temp\vlc-2.0.7-win32.exe => Moved successfully. C:\Users\Joon Kiat\AppData\Local\Temp\vlc-2.0.8-win32.exe => Moved successfully. C:\Users\Joon Kiat\AppData\Local\Temp\vlc-2.1.1-win32.exe => Moved successfully. C:\Users\Joon Kiat\AppData\Local\Temp\vlc-2.1.2-win32.exe => Moved successfully. C:\Users\Joon Kiat\AppData\Local\Temp\_MEI65282\win32api.pyd => Moved successfully. "C:\Users\Joon Kiat\AppData\Local\Temp\_MEI65282\PyWinTypes27.dll" => File/Directory not found. "C:\Users\Joon Kiat\AppData\Local\Temp\_MEI65282\pythoncom27.dll" => File/Directory not found. C:\Users\Joon Kiat\AppData\Local\Temp\_MEI65282\_socket.pyd => Moved successfully. C:\Users\Joon Kiat\AppData\Local\Temp\_MEI65282\_ssl.pyd => Moved successfully. C:\Users\Joon Kiat\AppData\Local\Temp\_MEI65282\win32com.shell.shell.pyd => Moved successfully. C:\Users\Joon Kiat\AppData\Local\Temp\_MEI65282\_hashlib.pyd => Moved successfully. C:\Users\Joon Kiat\AppData\Local\Temp\_MEI65282\wx._core_.pyd => Moved successfully. C:\Users\Joon Kiat\AppData\Local\Temp\_MEI65282\wx._gdi_.pyd => Moved successfully. C:\Users\Joon Kiat\AppData\Local\Temp\_MEI65282\wx._windows_.pyd => Moved successfully. C:\Users\Joon Kiat\AppData\Local\Temp\_MEI65282\wx._controls_.pyd => Moved successfully. C:\Users\Joon Kiat\AppData\Local\Temp\_MEI65282\wx._misc_.pyd => Moved successfully. C:\Users\Joon Kiat\AppData\Local\Temp\_MEI65282\_elementtree.pyd => Moved successfully. "C:\Users\Joon Kiat\AppData\Local\Temp\_MEI65282\pyexpat.pyd" => File/Directory not found. "C:\Users\Joon Kiat\AppData\Local\Temp\_MEI65282\pysqlite2._sqlite.pyd" => File/Directory not found. C:\Users\Joon Kiat\AppData\Local\Temp\_MEI65282\_ctypes.pyd => Moved successfully. C:\Users\Joon Kiat\AppData\Local\Temp\_MEI65282\win32file.pyd => Moved successfully. C:\Users\Joon Kiat\AppData\Local\Temp\_MEI65282\win32security.pyd => Moved successfully. C:\Users\Joon Kiat\AppData\Local\Temp\_MEI65282\win32event.pyd => Moved successfully. C:\Users\Joon Kiat\AppData\Local\Temp\_MEI65282\win32inet.pyd => Moved successfully. C:\Users\Joon Kiat\AppData\Local\Temp\_MEI65282\wx._wizard.pyd => Moved successfully. C:\Users\Joon Kiat\AppData\Local\Temp\_MEI65282\_multiprocessing.pyd => Moved successfully. C:\Users\Joon Kiat\AppData\Local\Temp\_MEI65282\wx._html2.pyd => Moved successfully. C:\Users\Joon Kiat\AppData\Local\Temp\_MEI65282\select.pyd => Moved successfully. C:\Users\Joon Kiat\AppData\Local\Temp\_MEI65282\unicodedata.pyd => Moved successfully. C:\Users\Joon Kiat\AppData\Local\Temp\_MEI65282\win32pdh.pyd => Moved successfully. C:\Users\Joon Kiat\AppData\Local\Temp\_MEI65282\windows._lib_cacheinvalidation.pyd => Moved successfully. C:\Users\Joon Kiat\AppData\Local\Temp\_MEI65282\win32crypt.pyd => Moved successfully. C:\Users\Joon Kiat\AppData\Local\Temp\_MEI65282\win32pipe.pyd => Moved successfully. C:\Users\Joon Kiat\AppData\Local\Temp\_MEI65282\win32process.pyd => Moved successfully. C:\Users\Joon Kiat\AppData\Local\Temp\_MEI65282\win32profile.pyd => Moved successfully. C:\Users\Joon Kiat\AppData\Local\Temp\_MEI65282\win32ts.pyd => Moved successfully. C:\ProgramData\Temp => ":56E2E879" ADS removed successfully. C:\ProgramData\Temp => ":5C321E34" ADS removed successfully. ==== End of Fixlog ==== _______________________________________________ Malwarebytes Anti-Malware 1.75.0.1300 www.malwarebytes.org Database version: v2014.01.29.02 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 11.0.9600.16476 Joon Kiat :: JOONKIAT-PC [administrator] 29/1/2014 4:41:24 PM mbam-log-2014-01-29 (16-41-24).txt Scan type: Full scan (C:\|D:\|Q:\|) Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 508879 Time elapsed: 1 hour(s), 27 minute(s), 6 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) __________________________________________________
  8. silent_orchestra91
    Dear Kevin, I have proceeded with the steps. AdwCleaner seems to have found lesser items upon the second scan but nonetheless, I went ahead with it and removed those items. The logs are as follow. What should I do from here? Thank you for your help. _____________________________________________ # AdwCleaner v3.010 - Report created 29/01/2014 at 01:23:24 # Updated 20/10/2013 by Xplode # Operating System : Windows 7 Home Premium Service Pack 1 (64 bits) # Username : Joon Kiat - JOONKIAT-PC # Running from : C:\Users\Joon Kiat\Desktop\AdwCleaner.exe # Option : Clean ***** [ Services ] ***** ***** [ Files / Folders ] ***** Folder Deleted : C:\Program Files (x86)\MyPC Backup ***** [ Shortcuts ] ***** ***** [ Registry ] ***** Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1 Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32 Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS ***** [ Browsers ] ***** -\\ Internet Explorer v11.0.9600.16428 -\\ Mozilla Firefox v26.0 (en-US) [ File : C:\Users\Joon Kiat\AppData\Roaming\Mozilla\Firefox\Profiles\o608gk9v.default\prefs.js ] -\\ Google Chrome v32.0.1700.76 [ File : C:\Users\Joon Kiat\AppData\Local\Google\Chrome\User Data\Default\preferences ] ************************* AdwCleaner[R0].txt - [1711 octets] - [28/01/2014 18:42:54] AdwCleaner[R1].txt - [1325 octets] - [29/01/2014 01:17:28] AdwCleaner[R2].txt - [1385 octets] - [29/01/2014 01:18:01] AdwCleaner[R3].txt - [1445 octets] - [29/01/2014 01:20:02] AdwCleaner[s0].txt - [1329 octets] - [29/01/2014 01:23:24] ########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [1389 octets] ########## ________________________________________________ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Thisisu Version: 6.1.0 (01.07.2014:1) OS: Windows 7 Home Premium x64 Ran by Joon Kiat on 29/01/2014 Wed at 1:39:49.87 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Start Page Successfully repaired: [Registry Value] HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Start Page Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main\\Start Page Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\Main\\Start Page Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\Main\\Start Page Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-21-1795884077-2746576003-4273307639-1001\Software\Microsoft\Internet Explorer\Main\\Start Page ~~~ Registry Keys ~~~ Files Successfully deleted: [File] C:\Windows\syswow64\sho759D.tmp Successfully deleted: [File] C:\Windows\syswow64\sho85A2.tmp Successfully deleted: [File] C:\Windows\syswow64\shoD5F5.tmp Successfully deleted: [File] C:\Windows\syswow64\shoF47D.tmp Successfully deleted: [File] C:\Windows\syswow64\shoF5FF.tmp ~~~ Folders Successfully deleted: [Empty Folder] C:\Users\Joon Kiat\appdata\local\{256562D3-EA6D-4D7E-ABDC-F62702E6BF3D} Successfully deleted: [Empty Folder] C:\Users\Joon Kiat\appdata\local\{4A49FE04-425D-4A8B-99B2-A1352E43B0A8} Successfully deleted: [Empty Folder] C:\Users\Joon Kiat\appdata\local\{616623D6-31EB-45D2-8326-53B761D24C97} Successfully deleted: [Empty Folder] C:\Users\Joon Kiat\appdata\local\{7DD21454-997B-46A5-8619-074AB21982EC} Successfully deleted: [Empty Folder] C:\Users\Joon Kiat\appdata\local\{8EB92DDE-897F-4B59-B1FB-2714B3FFCDA9} Successfully deleted: [Empty Folder] C:\Users\Joon Kiat\appdata\local\{C58791D2-BA5D-4147-8F1C-EF92CE6B1FFC} Successfully deleted: [Empty Folder] C:\Users\Joon Kiat\appdata\local\{C749B263-6B2C-4F8B-95B5-4B807C300371} Successfully deleted: [Empty Folder] C:\Users\Joon Kiat\appdata\local\{D4C4846A-418C-405E-958B-6872E95E7823} Successfully deleted: [Empty Folder] C:\Users\Joon Kiat\appdata\local\{E82E398B-F735-48C2-A42B-3D31254888BD} Successfully deleted: [Empty Folder] C:\Users\Joon Kiat\appdata\local\{EF43F0E6-6EDB-4112-9C38-5636C0DC02E5} ~~~ FireFox Emptied folder: C:\Users\Joon Kiat\AppData\Roaming\mozilla\firefox\profiles\o608gk9v.default\minidumps [92 files] ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on 29/01/2014 Wed at 1:46:17.14 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ___________________________________________________________________ Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 27-01-2014 02 Ran by Joon Kiat (administrator) on JOONKIAT-PC on 29-01-2014 01:47:15 Running from C:\Users\Joon Kiat\Desktop\Logs Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US) Internet Explorer Version 11 Boot Mode: Normal The only official download link for FRST: Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ Download link from any site other than Bleeping Computer is unpermitted or outdated. See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe (Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe (Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Lenovo (Beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe (Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\utility.exe (Lenovo) C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe () C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeySupport.exe (Synaptics) C:\Program Files\Synaptics\SynTP\SynLenovoGestureMgr.exe (Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\afwServ.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE (Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe ( ) C:\Program Files (x86)\LockKey\LockKey.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe () C:\Program Files\Lenovo\Intelligent Touchpad\TouchZone.exe (CyberLink) C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe (Lenovo) C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe (Nullsoft, Inc.) C:\Program Files (x86)\Winamp\winampa.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe () C:\Program Files\Realtek\Audio\HDA\FMAPP.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (CANON INC.) C:\Windows\System32\spool\drivers\x64\3\CNAP2LAK.EXE (CANON INC.) C:\Windows\System32\spool\drivers\x64\3\CNAP2RPK.EXE (CANON INC.) C:\Windows\System32\spool\drivers\x64\3\CNABCSWK.EXE (CANON INC.) C:\Windows\System32\spool\drivers\x64\3\CNABCSWK.EXE (Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe (Speedbit Ltd.) C:\Program Files (x86)\DAP\DAP.exe (Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe (Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe (Dropbox, Inc.) C:\Users\Joon Kiat\AppData\Roaming\Dropbox\bin\Dropbox.exe (Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe (Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\BTStackServer.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe (Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\WINWORD.EXE ==================== Registry (Whitelisted) ================== HKLM\...\Run: [synTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2866960 2011-12-16] (Synaptics Incorporated) HKLM\...\Run: [synLenovoGestureMgr] - C:\Program Files\Synaptics\SynTP\SynLenovoGestureMgr.exe [410896 2011-12-16] (Synaptics) HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12343400 2011-12-27] (Realtek Semiconductor) HKLM\...\Run: [RtHDVBg_Dolby] - C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1156712 2011-11-15] (Realtek Semiconductor) HKLM\...\Run: [OnekeyStudio] - C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe [789856 2012-03-29] (Lenovo) HKLM\...\Run: [updatePRCShortCut] - C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe [222504 2009-05-14] (CyberLink Corp.) HKLM\...\Run: [Energy Management] - C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [8076848 2012-03-29] (Lenovo (Beijing) Limited) HKLM\...\Run: [EnergyUtility] - C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe [6199344 2012-03-29] (Lenovo(beijing) Limited) HKLM\...\Run: [Lenovo EE Boot Optimizer] - C:\Program Files (x86)\Lenovo\Boot Optimizer\PopWnd.exe [206176 2012-03-29] (Lenovo) HKLM\...\Run: [CNAP2 Launcher] - C:\Windows\system32\spool\DRIVERS\x64\3\CNAP2LAK.EXE [226784 2010-01-11] (CANON INC.) HKLM-x32\...\Run: [uSB3MON] - C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291096 2011-12-05] (Intel Corporation) HKLM-x32\...\Run: [LockKey] - C:\Program Files (x86)\LockKey\LockKey.exe [337776 2011-08-26] ( ) HKLM-x32\...\Run: [iAStorIcon] - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284440 2011-11-30] (Intel Corporation) HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-22] (Adobe Systems Incorporated) HKLM-x32\...\Run: [intelligent Touchpad] - C:\Program Files\Lenovo\Intelligent Touchpad\TouchZone.exe [291272 2011-12-09] () HKLM-x32\...\Run: [YouCam Mirage] - C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe [136488 2011-01-29] (CyberLink) HKLM-x32\...\Run: [YouCam Tray] - C:\Program Files (x86)\Lenovo\YouCam\YouCam.exe [228448 2011-01-29] (CyberLink Corp.) HKLM-x32\...\Run: [updateP2GShortCut] - C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [222504 2010-07-27] (CyberLink Corp.) HKLM-x32\...\Run: [VeriFaceManager] - C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe [329056 2012-03-29] (Lenovo) HKLM-x32\...\Run: [updatePRCShortCut] - C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe [222504 2009-05-14] (CyberLink Corp.) HKLM-x32\...\Run: [WinampAgent] - C:\Program Files (x86)\Winamp\winampa.exe [74752 2012-06-28] (Nullsoft, Inc.) HKLM-x32\...\Run: [amd_dc_opt] - C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe [77824 2008-07-22] (AMD) HKLM-x32\...\Run: [AvastUI.exe] - C:\Program Files\AVAST Software\Avast\AvastUI.exe [3767096 2014-01-26] (AVAST Software) HKLM-x32\...\Run: [sunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation) HKLM-x32\...\Run: [mobilegeni daemon] - C:\Program Files (x86)\Mobogenie\DaemonProcess.exe Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) HKCU\...\Run: [steam] - C:\Program Files (x86)\Steam\steam.exe [1815976 2014-01-28] (Valve Corporation) HKCU\...\Run: [DownloadAccelerator] - C:\Program Files (x86)\DAP\DAP.EXE [3811544 2012-12-29] (Speedbit Ltd.) HKCU\...\Run: [Google Update] - C:\Users\Joon Kiat\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2012-09-24] (Google Inc.) HKCU\...\Run: [GoogleDriveSync] - C:\Program Files (x86)\Google\Drive\googledrivesync.exe [20203904 2013-12-06] (Google) HKU\UpdatusUser\...\Run: [Power2GoExpress] - NA AppInit_DLLs: C:\Windows\System32\nvinitx.dll,C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [246024 2012-12-29] (NVIDIA Corporation) AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [201728 2012-12-29] (NVIDIA Corporation) Lsa: [Notification Packages] scecli C:\Program Files\Lenovo\Bluetooth Software\BtwProximityCP.dll Startup: C:\Users\Joon Kiat\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk ShortcutTarget: Dropbox.lnk -> C:\Users\Joon Kiat\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://xin.msn.com/ HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x57EA3C2A7E1BCF01 HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-SG HKLM\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com/ HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com/ SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = BHO: avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software) BHO: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation) BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software) BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation) BHO: TmBpIeBHO Class - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\Module\20002\7.1.1104\7.1.1104\TmBpIe64.dll No File BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation) BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO-x32: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL (Microsoft Corporation) BHO-x32: TmBpIeBHO Class - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\Module\20002\7.1.1104\7.1.1104\TmBpIe32.dll No File BHO-x32: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software) Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) Toolbar: HKLM - avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software) Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) Toolbar: HKLM-x32 - avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab Handler: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\Module\20002\7.1.1104\7.1.1104\TmBpIe64.dll No File Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation) Handler-x32: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\Module\20002\7.1.1104\7.1.1104\TmBpIe32.dll No File Tcpip\Parameters: [DhcpNameServer] 137.132.0.254 137.132.0.252 FireFox: ======== FF ProfilePath: C:\Users\Joon Kiat\AppData\Roaming\Mozilla\Firefox\Profiles\o608gk9v.default FF DefaultSearchEngine: user_pref("browser.search.defaultenginename", ""); FF SelectedSearchEngine: user_pref("browser.search.selectedEngine", ""); FF Homepage: https://www.google.com.sg/ FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_43.dll () FF Plugin: @java.com/DTPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @microsoft.com/GENUINE - disabled No File FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_43.dll () FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf - C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll (Foxit Corporation) FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf - C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll (Foxit Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.52 - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation) FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @microsoft.com/GENUINE - disabled No File FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @videolan.org/vlc,version=2.0.8 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: @videolan.org/vlc,version=2.1.1 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: @videolan.org/vlc,version=2.1.2 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin HKCU: @talk.google.com/GoogleTalkPlugin - C:\Users\Joon Kiat\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google) FF Plugin HKCU: @talk.google.com/O1DPlugin - C:\Users\Joon Kiat\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google) FF Plugin HKCU: @talk.google.com/O3DPlugin - C:\Users\Joon Kiat\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll () FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Joon Kiat\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.) FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Joon Kiat\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll (Nullsoft, Inc.) FF Plugin ProgramFiles/Appdata: C:\Users\Joon Kiat\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google) FF Plugin ProgramFiles/Appdata: C:\Users\Joon Kiat\AppData\Roaming\mozilla\plugins\npgtpo3dautoplugin.dll () FF Plugin ProgramFiles/Appdata: C:\Users\Joon Kiat\AppData\Roaming\mozilla\plugins\npo1d.dll (Google) FF Extension: No Name - C:\Users\Joon Kiat\AppData\Roaming\Mozilla\Firefox\Profiles\o608gk9v.default\Extensions\trash [2014-01-27] FF Extension: WOT - C:\Users\Joon Kiat\AppData\Roaming\Mozilla\Firefox\Profiles\o608gk9v.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2013-11-27] FF Extension: NoScript - C:\Users\Joon Kiat\AppData\Roaming\Mozilla\Firefox\Profiles\o608gk9v.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2012-09-01] FF Extension: Adblock Plus - C:\Users\Joon Kiat\AppData\Roaming\Mozilla\Firefox\Profiles\o608gk9v.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012-09-01] FF HKLM-x32\...\Firefox\Extensions: [{38783831-6098-4faa-A9C9-1EE1E343F4D2}] - C:\Program Files\Trend Micro\AMSP\Module\20002\7.1.1104\7.1.1104\firefoxextension FF HKLM-x32\...\Firefox\Extensions: [daplinkchecker@speedbit.com] - C:\Program Files (x86)\DAP\daplinkchecker FF Extension: DAP Link Checker - C:\Program Files (x86)\DAP\daplinkchecker [2012-12-29] FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2013-11-03] FF HKCU\...\Firefox\Extensions: [{F17C1572-C9EC-4e5c-A542-D05CBB5C5A08}] - C:\Program Files (x86)\DAP\DAPFireFox FF Extension: Download Accelerator Plus (DAP) extension - C:\Program Files (x86)\DAP\DAPFireFox [2012-12-29] Chrome: ======= CHR DefaultSearchKeyword: google.com.sg CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.89\PepperFlash\pepflashplayer.dll No File CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.76\gcswf32.dll No File CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_265.dll No File CHR Plugin: (Remoting Viewer) - internal-remoting-viewer CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.76\ppGoogleNaClPluginChrome.dll () CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.76\pdf.dll () CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.) CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation) CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation) CHR Plugin: (Windows Live Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll No File CHR Extension: (Google Drive) - C:\Users\Joon Kiat\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2012-10-05] CHR Extension: (WOT) - C:\Users\Joon Kiat\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp [2012-10-09] CHR Extension: (YouTube) - C:\Users\Joon Kiat\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-09-01] CHR Extension: (DAP Link Checker) - C:\Users\Joon Kiat\AppData\Local\Google\Chrome\User Data\Default\Extensions\bodfdknjhecmadheclfjkhhiofeagdbh [2012-12-30] CHR Extension: (Facebook) - C:\Users\Joon Kiat\AppData\Local\Google\Chrome\User Data\Default\Extensions\boeajhmfdjldchidhphikilcgdacljfm [2012-09-01] CHR Extension: (Google+) - C:\Users\Joon Kiat\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlppkpafhbajpcmmoheippocdidnckmm [2012-10-05] CHR Extension: (Google Calendar) - C:\Users\Joon Kiat\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn [2012-09-01] CHR Extension: (101 Smart Goals) - C:\Users\Joon Kiat\AppData\Local\Google\Chrome\User Data\Default\Extensions\fbjcponjocgnggkadollnheobeipihfo [2013-10-26] CHR Extension: (AdBlock) - C:\Users\Joon Kiat\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2012-09-01] CHR Extension: (Dictionary by Dictionary.com) - C:\Users\Joon Kiat\AppData\Local\Google\Chrome\User Data\Default\Extensions\gikhgcaliglmioibbockkmjknfnepbdh [2012-09-12] CHR Extension: (avast! Online Security) - C:\Users\Joon Kiat\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2013-11-03] CHR Extension: (Lone Tree) - C:\Users\Joon Kiat\AppData\Local\Google\Chrome\User Data\Default\Extensions\hfmkllfplegemejikoabfpjdaoncphip [2013-09-20] CHR Extension: (Dropbox) - C:\Users\Joon Kiat\AppData\Local\Google\Chrome\User Data\Default\Extensions\ioekoebejdcmnlefjiknokhhafglcjdl [2013-03-31] CHR Extension: (Google Maps) - C:\Users\Joon Kiat\AppData\Local\Google\Chrome\User Data\Default\Extensions\lneaknkopdijkpnocmklfnjbeapigfbh [2012-10-05] CHR Extension: (DotA 2 Match Ticker) - C:\Users\Joon Kiat\AppData\Local\Google\Chrome\User Data\Default\Extensions\nejdjlaibiicicciokonbbkecjleilon [2013-10-25] CHR Extension: (Google Wallet) - C:\Users\Joon Kiat\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-02] CHR Extension: (My Chrome Theme) - C:\Users\Joon Kiat\AppData\Local\Google\Chrome\User Data\Default\Extensions\oehpjpccmlcalbenfhnacjeocbjdonic [2012-10-05] CHR Extension: (Gmail) - C:\Users\Joon Kiat\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-09-01] CHR HKLM-x32\...\Chrome\Extension: [bodfdknjhecmadheclfjkhhiofeagdbh] - C:\Program Files (x86)\DAP\daplinkchecker.crx [2012-12-29] CHR HKLM-x32\...\Chrome\Extension: [ffdcfjdljhbehggjdkdioajnknjcpbjb] - C:\Program Files (x86)\DAP\DAPChrome\DAPChrome6.crx [2012-12-29] CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2013-11-03] CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION ==================== Services (Whitelisted) ================= R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-01-26] (AVAST Software) R2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [113704 2014-01-26] (AVAST Software) R2 btwdins; C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe [1086752 2011-12-23] (Broadcom Corporation.) R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [161560 2011-12-17] (Intel Corporation) R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation) S2 NSDSvc; C:\Windows\System32\NSDSvc.exe [120160 2011-12-24] (Lenovo) R2 OfficeSvc; C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [1907896 2013-10-31] (Microsoft Corporation) ==================== Drivers (Whitelisted) ==================== R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [28184 2013-11-03] (AVAST Software) R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [78648 2014-01-26] (AVAST Software) R1 aswNdisFlt; C:\Windows\System32\DRIVERS\aswNdisFlt.sys [440672 2014-01-26] (AVAST Software) R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [92544 2013-11-03] (AVAST Software) R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2013-11-03] () R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1038072 2014-01-26] (AVAST Software) R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [421704 2014-01-26] (AVAST Software) S3 aswStm; C:\Windows\system32\drivers\aswStm.sys [80184 2014-01-26] (AVAST Software) R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [207904 2014-01-08] () R3 bcbtums; C:\Windows\System32\drivers\bcbtums.sys [134696 2011-12-23] (Broadcom Corporation.) R3 BTWDPAN; C:\Windows\System32\DRIVERS\btwdpan.sys [89640 2011-12-23] (Broadcom Corporation.) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation) R0 NSD; C:\Windows\System32\drivers\nsd.sys [24160 2011-12-24] (Lenovo Corporation") R1 Nsdfltr; C:\Windows\System32\drivers\Nsdfltr.sys [59488 2011-12-22] (Lenovo Corporation) R3 rtsuvc; C:\Windows\System32\DRIVERS\rtsuvc.sys [8208488 2011-09-06] (Realtek Semiconductor Corp.) R0 sptd; C:\Windows\System32\Drivers\sptd.sys [564824 2012-12-01] (Duplex Secure Ltd.) U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation) U3 BcmSqlStartupSvc; U2 CLKMSVC10_3A60B698; U2 CLKMSVC10_C3B3B687; U2 DriverService; U2 iATAgentService; U2 idealife Update Service; U3 IGRS; U2 IviRegMgr; U2 Oasis2Service; U2 PCCarerService; U2 ReadyComm.DirectRouter; U2 RichVideo; U2 RtLedService; U2 SeaPort; U2 SoftwareService; U3 SQLWriter; ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-01-29 01:47 - 2014-01-29 01:47 - 00000000 ____D C:\FRST 2014-01-29 01:46 - 2014-01-29 01:46 - 00002915 _____ C:\Users\Joon Kiat\Desktop\JRT.txt 2014-01-29 01:25 - 2014-01-29 01:25 - 00001469 _____ C:\Users\Joon Kiat\Desktop\AdwCleaner[s0].txt 2014-01-29 01:21 - 2014-01-29 01:21 - 00012288 ___SH C:\Users\Joon Kiat\Thumbs.db 2014-01-29 01:16 - 2014-01-29 01:19 - 01060070 _____ C:\Users\Joon Kiat\Desktop\AdwCleaner.exe 2014-01-28 18:42 - 2014-01-29 01:23 - 00000000 ____D C:\AdwCleaner 2014-01-21 18:39 - 2014-01-21 18:39 - 00000000 ____D C:\Users\Public\Foxit Software 2014-01-21 18:35 - 2014-01-21 18:35 - 00002065 _____ C:\Users\Public\Desktop\Foxit Reader.lnk 2014-01-21 18:35 - 2014-01-21 18:35 - 00000000 ____D C:\Program Files (x86)\FOXIT SOFTWARE 2014-01-20 21:25 - 2014-01-29 01:34 - 00063029 _____ C:\FaceProv.log 2014-01-20 21:19 - 2014-01-20 21:19 - 00000000 ____D C:\Program Files\WinDjView 2014-01-20 18:00 - 2014-01-21 22:55 - 00011719 _____ C:\Users\Joon Kiat\Desktop\Sheares Production Front of House Schedule.xlsx 2014-01-18 22:14 - 2013-12-18 21:09 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll 2014-01-18 22:14 - 2013-12-18 21:04 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe 2014-01-18 22:14 - 2013-12-18 21:04 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe 2014-01-18 22:14 - 2013-12-18 21:03 - 00174504 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe 2014-01-18 22:13 - 2014-01-18 22:14 - 00005146 _____ C:\Windows\SysWOW64\jupdate-1.7.0_51-b13.log 2014-01-15 14:02 - 2014-01-28 20:24 - 00011429 _____ C:\Users\Joon Kiat\Desktop\Tshirt sizes.xlsx 2014-01-15 11:22 - 2013-11-27 09:41 - 00343040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys 2014-01-15 11:22 - 2013-11-27 09:41 - 00325120 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys 2014-01-15 11:22 - 2013-11-27 09:41 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys 2014-01-15 11:22 - 2013-11-27 09:41 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys 2014-01-15 11:22 - 2013-11-27 09:41 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys 2014-01-15 11:22 - 2013-11-27 09:41 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys 2014-01-15 11:22 - 2013-11-27 09:41 - 00007808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys 2014-01-15 11:22 - 2013-11-26 19:40 - 00376768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys 2014-01-15 11:22 - 2013-11-26 18:32 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2014-01-13 22:02 - 2014-01-13 22:02 - 00013918 _____ C:\Users\Joon Kiat\Desktop\IHG 1314 Contact List.xlsx 2014-01-13 00:53 - 2014-01-13 00:54 - 00004717 _____ C:\Windows\SysWOW64\jupdate-1.7.0_45-b18.log 2014-01-13 00:52 - 2014-01-18 22:14 - 00000000 ____D C:\ProgramData\Oracle 2014-01-13 00:52 - 2014-01-13 00:52 - 00312744 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe 2014-01-13 00:52 - 2014-01-13 00:52 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe 2014-01-13 00:52 - 2014-01-13 00:52 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\java.exe 2014-01-13 00:52 - 2014-01-13 00:52 - 00108968 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll 2014-01-13 00:52 - 2014-01-13 00:52 - 00000000 ____D C:\Program Files\Java 2014-01-08 18:12 - 2014-01-26 22:23 - 00080184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswstm.sys 2014-01-03 13:31 - 2014-01-03 13:31 - 00000000 ____D C:\Users\Joon Kiat\AppData\Local\Foxit Reader ==================== One Month Modified Files and Folders ======= 2014-01-29 01:47 - 2014-01-29 01:47 - 00000000 ____D C:\FRST 2014-01-29 01:46 - 2014-01-29 01:46 - 00002915 _____ C:\Users\Joon Kiat\Desktop\JRT.txt 2014-01-29 01:37 - 2009-07-14 12:45 - 00032064 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-01-29 01:37 - 2009-07-14 12:45 - 00032064 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-01-29 01:36 - 2012-03-29 08:57 - 01807169 _____ C:\Windows\WindowsUpdate.log 2014-01-29 01:35 - 2012-10-01 00:53 - 00000924 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1795884077-2746576003-4273307639-1001UA.job 2014-01-29 01:34 - 2014-01-20 21:25 - 00063029 _____ C:\FaceProv.log 2014-01-29 01:32 - 2013-03-17 22:56 - 00000000 ____D C:\Users\Joon Kiat\AppData\Roaming\Dropbox 2014-01-29 01:32 - 2012-09-30 22:43 - 00000000 ____D C:\Users\Joon Kiat\Desktop\Sheares Production 2014-01-29 01:31 - 2013-03-17 22:59 - 00000000 ___RD C:\Users\Joon Kiat\Dropbox 2014-01-29 01:30 - 2013-10-31 23:52 - 00000000 ___RD C:\Users\Joon Kiat\Google Drive 2014-01-29 01:30 - 2012-12-29 17:22 - 00000000 ____D C:\Users\Joon Kiat\AppData\Roaming\EQATEC Analytics 2014-01-29 01:30 - 2012-09-01 18:23 - 00000000 ____D C:\Program Files (x86)\Steam 2014-01-29 01:30 - 2012-09-01 17:55 - 00000000 ___RD C:\Users\Joon Kiat\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup 2014-01-29 01:29 - 2012-03-29 09:40 - 00156056 _____ C:\Windows\system32\fastboot.set 2014-01-29 01:29 - 2012-03-29 09:39 - 00000908 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-01-29 01:29 - 2012-03-29 09:35 - 00000000 ____D C:\ProgramData\VeriFace 2014-01-29 01:28 - 2009-07-14 13:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2014-01-29 01:28 - 2009-07-14 12:51 - 00075902 _____ C:\Windows\setupact.log 2014-01-29 01:25 - 2014-01-29 01:25 - 00001469 _____ C:\Users\Joon Kiat\Desktop\AdwCleaner[s0].txt 2014-01-29 01:23 - 2014-01-28 18:42 - 00000000 ____D C:\AdwCleaner 2014-01-29 01:21 - 2014-01-29 01:21 - 00012288 ___SH C:\Users\Joon Kiat\Thumbs.db 2014-01-29 01:21 - 2012-09-01 17:52 - 00000000 ____D C:\Users\Joon Kiat 2014-01-29 01:20 - 2012-03-29 09:39 - 00000912 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-01-29 01:19 - 2014-01-29 01:16 - 01060070 _____ C:\Users\Joon Kiat\Desktop\AdwCleaner.exe 2014-01-29 01:15 - 2013-12-27 14:12 - 00000000 ____D C:\Users\Joon Kiat\Desktop\New folder 2014-01-29 01:15 - 2013-05-15 16:33 - 00000000 ____D C:\Users\Joon Kiat\Desktop\CV_Resume 2014-01-29 01:14 - 2012-09-01 20:16 - 00000000 ____D C:\Users\Joon Kiat\AppData\Roaming\vlc 2014-01-29 01:13 - 2013-11-03 01:52 - 00004182 _____ C:\Windows\System32\Tasks\avast! Emergency Update 2014-01-28 20:27 - 2013-11-02 22:17 - 00000000 ____D C:\Users\Joon Kiat\Desktop\Literature 2014-01-28 20:27 - 2013-01-05 17:51 - 00000000 ____D C:\Users\Joon Kiat\Desktop\NUS 2014-01-28 20:24 - 2014-01-15 14:02 - 00011429 _____ C:\Users\Joon Kiat\Desktop\Tshirt sizes.xlsx 2014-01-28 17:59 - 2010-11-21 11:47 - 01501108 _____ C:\Windows\PFRO.log 2014-01-28 16:35 - 2012-10-01 00:53 - 00000872 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1795884077-2746576003-4273307639-1001Core.job 2014-01-28 13:08 - 2013-10-13 12:42 - 00000000 ____D C:\Users\Joon Kiat\AppData\Local\CrashDumps 2014-01-26 22:24 - 2013-11-03 01:53 - 00002043 _____ C:\Users\Public\Desktop\avast! SafeZone.lnk 2014-01-26 22:24 - 2013-11-03 01:53 - 00001983 _____ C:\Users\Public\Desktop\avast! Internet Security.lnk 2014-01-26 22:23 - 2014-01-08 18:12 - 00080184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswstm.sys 2014-01-26 22:23 - 2013-11-03 01:52 - 01038072 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys 2014-01-26 22:23 - 2013-11-03 01:52 - 00421704 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys 2014-01-26 22:23 - 2013-11-03 01:52 - 00078648 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys 2014-01-26 22:23 - 2013-11-03 01:51 - 00440672 _____ (AVAST Software) C:\Windows\system32\Drivers\aswNdisFlt.sys 2014-01-26 22:23 - 2013-11-03 01:51 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr 2014-01-26 22:23 - 2013-09-03 00:13 - 00334136 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe 2014-01-26 19:34 - 2012-09-01 17:17 - 00000000 ____D C:\Users\Joon Kiat\AppData\Roaming\Mozilla 2014-01-26 15:05 - 2009-07-14 13:13 - 00795320 _____ C:\Windows\system32\PerfStringBackup.INI 2014-01-22 21:39 - 2012-09-01 17:44 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2014-01-22 21:39 - 2012-09-01 17:44 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2014-01-21 22:55 - 2014-01-20 18:00 - 00011719 _____ C:\Users\Joon Kiat\Desktop\Sheares Production Front of House Schedule.xlsx 2014-01-21 18:39 - 2014-01-21 18:39 - 00000000 ____D C:\Users\Public\Foxit Software 2014-01-21 18:35 - 2014-01-21 18:35 - 00002065 _____ C:\Users\Public\Desktop\Foxit Reader.lnk 2014-01-21 18:35 - 2014-01-21 18:35 - 00000000 ____D C:\Program Files (x86)\FOXIT SOFTWARE 2014-01-21 18:35 - 2012-10-12 20:58 - 00000000 ____D C:\Users\Joon Kiat\AppData\Roaming\Foxit Software 2014-01-20 21:19 - 2014-01-20 21:19 - 00000000 ____D C:\Program Files\WinDjView 2014-01-19 22:04 - 2009-07-14 12:45 - 00364888 _____ C:\Windows\system32\FNTCACHE.DAT 2014-01-19 20:28 - 2013-01-02 01:32 - 00000000 ____D C:\Users\Joon Kiat\AppData\Local\Deployment 2014-01-19 20:28 - 2012-09-01 17:55 - 00076856 _____ C:\Users\Joon Kiat\AppData\Local\GDIPFONTCACHEV1.DAT 2014-01-19 16:12 - 2012-09-01 17:59 - 00000000 ____D C:\Users\Joon Kiat\Documents\Bluetooth Exchange Folder 2014-01-18 22:14 - 2014-01-18 22:13 - 00005146 _____ C:\Windows\SysWOW64\jupdate-1.7.0_51-b13.log 2014-01-18 22:14 - 2014-01-13 00:52 - 00000000 ____D C:\ProgramData\Oracle 2014-01-18 22:14 - 2013-09-03 02:31 - 00000000 ____D C:\Program Files (x86)\Java 2014-01-18 13:46 - 2013-03-17 22:59 - 00001044 _____ C:\Users\Joon Kiat\Desktop\Dropbox.lnk 2014-01-18 13:46 - 2013-03-17 22:57 - 00000000 ____D C:\Users\Joon Kiat\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox 2014-01-17 10:47 - 2012-03-29 09:39 - 00002194 _____ C:\Users\Public\Desktop\Google Chrome.lnk 2014-01-17 01:13 - 2013-09-08 18:08 - 00000000 ____D C:\Program Files\Microsoft Office 15 2014-01-16 10:55 - 2013-08-16 09:07 - 00000000 ____D C:\Windows\system32\MRT 2014-01-16 10:52 - 2012-09-01 17:20 - 86054176 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2014-01-13 22:02 - 2014-01-13 22:02 - 00013918 _____ C:\Users\Joon Kiat\Desktop\IHG 1314 Contact List.xlsx 2014-01-13 00:54 - 2014-01-13 00:53 - 00004717 _____ C:\Windows\SysWOW64\jupdate-1.7.0_45-b18.log 2014-01-13 00:52 - 2014-01-13 00:52 - 00312744 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe 2014-01-13 00:52 - 2014-01-13 00:52 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe 2014-01-13 00:52 - 2014-01-13 00:52 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\java.exe 2014-01-13 00:52 - 2014-01-13 00:52 - 00108968 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll 2014-01-13 00:52 - 2014-01-13 00:52 - 00000000 ____D C:\Program Files\Java 2014-01-08 18:12 - 2013-11-03 01:52 - 00207904 _____ C:\Windows\system32\Drivers\aswVmm.sys 2014-01-08 10:53 - 2012-03-29 09:11 - 00000000 ____D C:\Windows\SysWOW64\NV 2014-01-08 10:53 - 2012-03-29 09:11 - 00000000 ____D C:\Windows\system32\NV 2014-01-08 10:53 - 2012-03-29 09:06 - 00000000 ____D C:\ProgramData\NVIDIA 2014-01-06 20:38 - 2009-07-14 13:09 - 00000000 ____D C:\Windows\System32\Tasks\WPD 2014-01-06 20:37 - 2012-09-01 17:17 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2014-01-05 16:08 - 2013-09-08 14:00 - 00001081 _____ C:\Users\Public\Desktop\VLC media player.lnk 2014-01-03 13:31 - 2014-01-03 13:31 - 00000000 ____D C:\Users\Joon Kiat\AppData\Local\Foxit Reader Some content of TEMP: ==================== C:\Users\Joon Kiat\AppData\Local\Temp\BackupSetup.exe C:\Users\Joon Kiat\AppData\Local\Temp\Checkupdate.exe C:\Users\Joon Kiat\AppData\Local\Temp\Foxit Reader Updater.exe C:\Users\Joon Kiat\AppData\Local\Temp\Foxit Updater.exe C:\Users\Joon Kiat\AppData\Local\Temp\gcapi_dll.dll C:\Users\Joon Kiat\AppData\Local\Temp\gtapi_signed.dll C:\Users\Joon Kiat\AppData\Local\Temp\jre-7u11-windows-i586-iftw.exe C:\Users\Joon Kiat\AppData\Local\Temp\jre-7u17-windows-i586-iftw.exe C:\Users\Joon Kiat\AppData\Local\Temp\jre-7u21-windows-i586-iftw.exe C:\Users\Joon Kiat\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe C:\Users\Joon Kiat\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe C:\Users\Joon Kiat\AppData\Local\Temp\OfficeSetup.exe C:\Users\Joon Kiat\AppData\Local\Temp\vcredist_x64.exe C:\Users\Joon Kiat\AppData\Local\Temp\vlc-2.0.4-win32.exe C:\Users\Joon Kiat\AppData\Local\Temp\vlc-2.0.5-win32.exe C:\Users\Joon Kiat\AppData\Local\Temp\vlc-2.0.7-win32.exe C:\Users\Joon Kiat\AppData\Local\Temp\vlc-2.0.8-win32.exe C:\Users\Joon Kiat\AppData\Local\Temp\vlc-2.1.1-win32.exe C:\Users\Joon Kiat\AppData\Local\Temp\vlc-2.1.2-win32.exe ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\rpcss.dll => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2014-01-19 14:01 ==================== End Of Log ============================ ______________________________________________________________ Additional scan result of Farbar Recovery Scan Tool (x64) Version: 27-01-2014 02 Ran by Joon Kiat at 2014-01-29 01:47:42 Running from C:\Users\Joon Kiat\Desktop\Logs Boot Mode: Normal ========================================================== ==================== Security Center ======================== AV: avast! Internet Security (Disabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B} AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: avast! Internet Security (Disabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736} FW: avast! Internet Security (Disabled) {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0} ==================== Installed Programs ====================== Adobe Flash Player 12 Plugin (x32 Version: 12.0.0.43 - Adobe Systems Incorporated) Adobe Reader X (10.1.9) (x32 Version: 10.1.9 - Adobe Systems Incorporated) Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver (x32 Version: 2.0.9.9 - Atheros Communications Inc.) Atheros WLAN Client Installation Program (x32 Version: 7.0 - Atheros) avast! Internet Security (x32 Version: 9.0.2013 - Avast Software) Burnout Paradise: The Ultimate Box (x32 Version: - Criterion Games) Canon LBP6000/LBP6018 (Version: - ) CloudReading (x32 Version: 1.1.47.1220 - Foxit Corporation) Counter-Strike (x32 Version: - Valve) D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden Dead Space (x32 Version: - EA Redwood Shores) Dota 2 (x32 Version: - ) Download Accelerator Plus (DAP) (x32 Version: - ) Dropbox (HKCU Version: 2.4.11 - Dropbox, Inc.) Dual-Core Optimizer (x32 Version: 1.1.4.0169 - AMD) Energy Management (x32 Version: 7.0.3.2 - Lenovo) Energy Management (x32 Version: 7.0.3.2 - Lenovo) Hidden ERUNT 1.1j (x32 Version: - Lars Hederer) Foxit Reader (x32 Version: 6.1.2.1224 - Foxit Corporation) Google Chrome (x32 Version: 32.0.1700.76 - Google Inc.) Google Drive (x32 Version: 1.13.5782.599 - Google, Inc.) Google Talk Plugin (x32 Version: 4.9.1.16010 - Google) Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden Google Toolbar for Internet Explorer (x32 Version: 7.5.4805.320 - Google Inc.) Google Update Helper (x32 Version: 1.3.22.3 - Google Inc.) Hidden IBM SPSS Statistics 20 (x32 Version: 20.0.0.0 - IBM Corp) Intel® Control Center (x32 Version: 1.2.1.1007 - Intel Corporation) Intel® Management Engine Components (x32 Version: 8.0.0.1351 - Intel Corporation) Intel® OpenCL CPU Runtime (x32 Version: - Intel Corporation) Intel® Processor Graphics (x32 Version: 8.15.10.2598 - Intel Corporation) Intel® Rapid Storage Technology (x32 Version: 11.0.0.1032 - Intel Corporation) Intel® USB 3.0 eXtensible Host Controller Driver (x32 Version: 1.0.0.199 - Intel Corporation) Intel® Trusted Connect Service Client (Version: 1.23.216.0 - Intel Corporation) Intelligent Touchpad (x32 Version: 1.00.0108 - Lenovo) Java 7 Update 45 (64-bit) (Version: 7.0.450 - Oracle) Java 7 Update 51 (x32 Version: 7.0.510 - Oracle) Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden JMicron Flash Media Controller Driver (x32 Version: 1.0.64.1 - JMicron Technology Corp.) Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Left 4 Dead 2 (x32 Version: - Valve) Lenovo Bluetooth with Enhanced Data Rate Software (Version: 6.5.0.3500 - Broadcom Corporation) Lenovo EasyCamera (x32 Version: 6.1.7600.117 - Realtek Semiconductor Corp.) Lenovo EE Boot Optimizer (Version: 0.0.1.9 - Lenovo) Lenovo OneKey Recovery (Version: 7.0.0.3212 - CyberLink Corp.) Hidden Lenovo OneKey Recovery (x32 Version: 7.0.0.3212 - CyberLink Corp.) Lenovo YouCam (x32 Version: 3.1.3728 - CyberLink Corp.) Lenovo YouCam (x32 Version: 3.1.3728 - CyberLink Corp.) Hidden LockKey (x32 Version: 1.38.1.2 - Lenovo) LockKey (x32 Version: 1.38.1.2 - Lenovo) Hidden Malwarebytes Anti-Malware version 1.75.0.1300 (x32 Version: 1.75.0.1300 - Malwarebytes Corporation) Medal of Honor Single Player (x32 Version: - Electronic Arts) Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation) Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation) Hidden Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden Microsoft Office Click-to-Run 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden Microsoft Office Click-to-Run 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation) Microsoft Office Home and Student 2013 - en-us (Version: 15.0.4551.1512 - Microsoft Corporation) Microsoft Silverlight (Version: 5.1.20913.0 - Microsoft Corporation) Microsoft SkyDrive (HKCU Version: 16.4.6012.0828 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.59192 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (x32 Version: 9.0.21022 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219 - Microsoft Corporation) Mozilla Firefox 26.0 (x86 en-US) (x32 Version: 26.0 - Mozilla) Mozilla Maintenance Service (x32 Version: 26.0 - Mozilla) MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden Nsd (x32 Version: 1.0.1.7 - Lenovo) NUS (Unofficial) Timetable Builder (HKCU Version: 1.3.6.3 - NUS (Unofficial) Timetable Builder) NVIDIA Control Panel 310.90 (Version: 310.90 - NVIDIA Corporation) Hidden NVIDIA Graphics Driver 310.90 (Version: 310.90 - NVIDIA Corporation) NVIDIA Install Application (Version: 2.1002.95.599 - NVIDIA Corporation) Hidden NVIDIA Optimus 1.11.3 (Version: 1.11.3 - NVIDIA Corporation) Hidden NVIDIA PhysX (x32 Version: 9.12.1031 - NVIDIA Corporation) Hidden NVIDIA PhysX System Software 9.12.1031 (Version: 9.12.1031 - NVIDIA Corporation) NVIDIA Update 1.11.3 (Version: 1.11.3 - NVIDIA Corporation) NVIDIA Update Components (Version: 1.11.3 - NVIDIA Corporation) Hidden Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4551.1512 - Microsoft Corporation) Hidden Office 15 Click-to-Run Licensing Component (Version: 15.0.4551.1512 - Microsoft Corporation) Hidden Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4551.1512 - Microsoft Corporation) Hidden Onekey Theater (x32 Version: 2.0.2.9 - Lenovo) Onekey Theater (x32 Version: 2.0.2.9 - Lenovo) Hidden Power2Go (x32 Version: 5.6.0.7303 - CyberLink Corp.) Realtek High Definition Audio Driver (x32 Version: 6.0.1.6543 - Realtek Semiconductor Corp.) SpywareBlaster 5.0 (x32 Version: 5.0.0 - BrightFort LLC) Steam (x32 Version: 1.0.0.0 - Valve Corporation) Synaptics Pointing Device Driver (Version: 15.3.38.0 - Synaptics Incorporated) Team Fortress 2 (x32 Version: - Valve) Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1 - Microsoft Corporation) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1 - Microsoft Corporation) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1 - Microsoft Corporation) Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (x32 Version: 1 - Microsoft Corporation) Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (x32 Version: 3 - Microsoft Corporation) Update for Microsoft .NET Framework 4 Extended (KB2468871) (x32 Version: 1 - Microsoft Corporation) Update for Microsoft .NET Framework 4 Extended (KB2533523) (x32 Version: 1 - Microsoft Corporation) Update for Microsoft .NET Framework 4 Extended (KB2600217) (x32 Version: 1 - Microsoft Corporation) Update for Microsoft .NET Framework 4 Extended (KB2836939) (x32 Version: 1 - Microsoft Corporation) Update for Microsoft .NET Framework 4 Extended (KB2836939v3) (x32 Version: 3 - Microsoft Corporation) UserGuide (x32 Version: 1.0.0.6 - Lenovo) UserGuide (x32 Version: 1.0.0.6 - Lenovo) Hidden VeriFace (x32 Version: 4.0.1.1230 - Lenovo) VLC media player 2.1.2 (x32 Version: 2.1.2 - VideoLAN) Winamp (x32 Version: 5.63 - Nullsoft, Inc) Winamp Detector Plug-in (HKCU Version: 1.0.0.1 - Nullsoft, Inc) WinDjView 2.0.2 (Version: 2.0.2 - Andrew Zhezherun) Windows Driver Package - Lenovo (ACPIVPC) System (12/15/2011 7.1.0.1) (Version: 12/15/2011 7.1.0.1 - Lenovo) Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live ID Sign-in Assistant (Version: 7.250.4225.0 - Microsoft Corporation) Hidden Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Language Selector (Version: 15.4.3508.1109 - Microsoft Corporation) Hidden Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Mesh (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Mesh ActiveX Control for Remote Connections (x32 Version: 15.4.5722.2 - Microsoft Corporation) Windows Live Messenger (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live 影像中心 (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live 照片库 (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live 程式集 (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live 程式集 (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Windows Live 软件包 (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden WinRAR 4.20 (64-bit) (Version: 4.20.0 - win.rar GmbH) 用于远程连接的 Windows Live Mesh ActiveX 控件(简体中文) (x32 Version: 15.4.5722.2 - Microsoft Corporation) 適用遠端連線的 Windows Live Mesh ActiveX 控制項 (x32 Version: 15.4.5722.2 - Microsoft Corporation) ==================== Restore Points ========================= 18-01-2014 14:13:17 Installed Java 7 Update 51 22-01-2014 02:59:32 Windows Update 25-01-2014 03:02:25 Windows Update 26-01-2014 14:21:12 avast! antivirus system restore point 26-01-2014 14:24:11 Device Driver Package Install: Avast Network Service ==================== Hosts content: ========================== 2009-07-14 10:34 - 2013-01-05 09:53 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts 127.0.0.1 localhost ==================== Scheduled Tasks (whitelisted) ============= Task: {10B0848D-1C20-41AB-A3CB-3B957B38D942} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-01-26] (AVAST Software) Task: {3908D0DB-E4F8-4A18-8249-D96600D7A865} - System32\Tasks\MirageAgent => C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe [2011-01-29] (CyberLink) Task: {7C886721-0BDA-4C69-902C-0E6E8087AC55} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [2013-10-31] (Microsoft Corporation) Task: {A12B7C44-FDD5-4D15-B795-9C37BDD635AD} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1795884077-2746576003-4273307639-1001Core => C:\Users\Joon Kiat\AppData\Local\Google\Update\GoogleUpdate.exe [2012-09-24] (Google Inc.) Task: {BA3E35D9-85BE-4C0B-AD81-F3B041C36D94} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-03-29] (Google Inc.) Task: {C5A66CC4-849E-4392-89A1-73EC14AA949A} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1795884077-2746576003-4273307639-1001UA => C:\Users\Joon Kiat\AppData\Local\Google\Update\GoogleUpdate.exe [2012-09-24] (Google Inc.) Task: {F9F8E670-385B-4C64-B5C7-9EB4B3DF5E7E} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-03-29] (Google Inc.) Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1795884077-2746576003-4273307639-1001Core.job => C:\Users\Joon Kiat\AppData\Local\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1795884077-2746576003-4273307639-1001UA.job => C:\Users\Joon Kiat\AppData\Local\Google\Update\GoogleUpdate.exe ==================== Loaded Modules (whitelisted) ============= 2011-06-03 04:58 - 2011-06-03 04:58 - 00201568 _____ () C:\Program Files (x86)\Lenovo\Onekey Theater\ActiveDetect64.dll 2011-06-03 04:59 - 2011-06-03 04:59 - 00156000 _____ () C:\Program Files (x86)\Lenovo\Onekey Theater\WindowsApiHookDll64.dll 2008-12-20 18:20 - 2012-03-29 09:40 - 00054088 _____ () C:\Program Files (x86)\Lenovo\Energy Management\HookLib.dll 2012-02-05 08:44 - 2012-03-29 09:40 - 01496920 _____ () C:\Program Files (x86)\Lenovo\Energy Management\EMWpfUI.dll 2008-12-20 18:20 - 2012-03-29 09:40 - 00054088 _____ () C:\Program Files (x86)\Lenovo\Energy Management\kbdhook.dll 2012-01-05 11:47 - 2011-12-16 06:34 - 00094208 _____ () C:\Windows\system32\IccLibDll_x64.dll 2014-01-17 01:12 - 2014-01-17 01:12 - 08866472 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll 2014-01-29 01:14 - 2014-01-29 00:44 - 02166272 _____ () C:\Program Files\AVAST Software\Avast\defs\14012801\algo.dll 2011-06-03 04:57 - 2011-06-03 04:57 - 00161120 _____ () C:\Program Files (x86)\Lenovo\Onekey Theater\ActiveDetect32.dll 2011-06-03 04:58 - 2011-06-03 04:58 - 00132448 _____ () C:\Program Files (x86)\Lenovo\Onekey Theater\WindowsApiHookDll32.dll 2012-03-29 09:35 - 2012-03-29 09:35 - 00013664 _____ () C:\Program Files (x86)\Lenovo\VeriFace\ChooseLang.dll 2013-11-03 01:51 - 2013-11-03 01:51 - 19336120 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll 2012-03-29 09:06 - 2011-12-24 23:19 - 00004096 _____ () C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll 2014-01-08 09:57 - 2013-12-13 06:19 - 00142848 _____ () C:\Program Files (x86)\Steam\libavresample-1.dll 2014-01-08 09:57 - 2013-11-05 09:12 - 00890592 _____ () C:\Program Files (x86)\Steam\libavutil-52.dll 2013-03-12 17:10 - 2014-01-11 07:33 - 00717312 _____ () C:\Program Files (x86)\Steam\SDL2.dll 2012-09-01 20:56 - 2014-01-28 03:02 - 01138088 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL 2012-09-01 20:56 - 2014-01-11 07:33 - 20625832 _____ () C:\Program Files (x86)\Steam\bin\libcef.dll 2012-09-01 20:56 - 2013-06-15 07:49 - 01100800 _____ () C:\Program Files (x86)\Steam\bin\avcodec-53.dll 2012-09-01 20:56 - 2013-06-15 07:49 - 00124416 _____ () C:\Program Files (x86)\Steam\bin\avutil-51.dll 2012-09-01 20:56 - 2013-06-15 07:49 - 00192000 _____ () C:\Program Files (x86)\Steam\bin\avformat-53.dll 2012-12-29 17:22 - 2012-12-29 17:22 - 00009216 _____ () C:\ProgramData\Speedbit\DAP\Plugins\AddonsCondition.dll 2012-12-29 17:22 - 2014-01-18 13:42 - 00011776 _____ () C:\ProgramData\Speedbit\DAP\Plugins\189AE673-13C1-4133-A470-8C4DDD1ACB8C\1.0.1.3_0\fivegiganet.dll 2012-12-29 17:22 - 2014-01-18 13:42 - 00010240 _____ () C:\ProgramData\Speedbit\DAP\Plugins\189AE673-13C1-4133-A470-8C4DDD1ACB8C\1.0.1.3_0\MegaUploadCom.dll 2012-12-29 17:22 - 2014-01-18 13:42 - 00012800 _____ () C:\ProgramData\Speedbit\DAP\Plugins\189AE673-13C1-4133-A470-8C4DDD1ACB8C\1.0.1.3_0\SpdFileCom.dll 2012-12-29 17:22 - 2014-01-18 13:42 - 00012800 _____ () C:\ProgramData\Speedbit\DAP\Plugins\189AE673-13C1-4133-A470-8C4DDD1ACB8C\1.0.1.3_0\XSevenTo.dll 2012-12-29 17:22 - 2014-01-18 13:42 - 00010752 _____ () C:\ProgramData\Speedbit\DAP\Plugins\189AE673-13C1-4133-A470-8C4DDD1ACB8C\1.0.1.3_0\zsharenet.dll 2013-10-19 07:55 - 2013-10-19 07:55 - 25100288 _____ () C:\Users\Joon Kiat\AppData\Roaming\Dropbox\bin\libcef.dll 2014-01-29 01:30 - 2014-01-29 01:30 - 00098816 _____ () C:\Users\Joon Kiat\AppData\Local\Temp\_MEI65282\win32api.pyd 2014-01-29 01:30 - 2014-01-29 01:30 - 00110080 _____ () C:\Users\Joon Kiat\AppData\Local\Temp\_MEI65282\PyWinTypes27.dll 2014-01-29 01:30 - 2014-01-29 01:30 - 00364544 _____ () C:\Users\Joon Kiat\AppData\Local\Temp\_MEI65282\pythoncom27.dll 2014-01-29 01:30 - 2014-01-29 01:30 - 00044032 _____ () C:\Users\Joon Kiat\AppData\Local\Temp\_MEI65282\_socket.pyd 2014-01-29 01:30 - 2014-01-29 01:30 - 01153024 _____ () C:\Users\Joon Kiat\AppData\Local\Temp\_MEI65282\_ssl.pyd 2014-01-29 01:30 - 2014-01-29 01:30 - 00320512 _____ () C:\Users\Joon Kiat\AppData\Local\Temp\_MEI65282\win32com.shell.shell.pyd 2014-01-29 01:30 - 2014-01-29 01:30 - 00711680 _____ () C:\Users\Joon Kiat\AppData\Local\Temp\_MEI65282\_hashlib.pyd 2014-01-29 01:30 - 2014-01-29 01:30 - 01175040 _____ () C:\Users\Joon Kiat\AppData\Local\Temp\_MEI65282\wx._core_.pyd 2014-01-29 01:30 - 2014-01-29 01:30 - 00805888 _____ () C:\Users\Joon Kiat\AppData\Local\Temp\_MEI65282\wx._gdi_.pyd 2014-01-29 01:30 - 2014-01-29 01:30 - 00811008 _____ () C:\Users\Joon Kiat\AppData\Local\Temp\_MEI65282\wx._windows_.pyd 2014-01-29 01:30 - 2014-01-29 01:30 - 01062400 _____ () C:\Users\Joon Kiat\AppData\Local\Temp\_MEI65282\wx._controls_.pyd 2014-01-29 01:30 - 2014-01-29 01:30 - 00735232 _____ () C:\Users\Joon Kiat\AppData\Local\Temp\_MEI65282\wx._misc_.pyd 2014-01-29 01:30 - 2014-01-29 01:30 - 00128512 _____ () C:\Users\Joon Kiat\AppData\Local\Temp\_MEI65282\_elementtree.pyd 2014-01-29 01:30 - 2014-01-29 01:30 - 00127488 _____ () C:\Users\Joon Kiat\AppData\Local\Temp\_MEI65282\pyexpat.pyd 2014-01-29 01:30 - 2014-01-29 01:30 - 00557056 _____ () C:\Users\Joon Kiat\AppData\Local\Temp\_MEI65282\pysqlite2._sqlite.pyd 2014-01-29 01:30 - 2014-01-29 01:30 - 00087040 _____ () C:\Users\Joon Kiat\AppData\Local\Temp\_MEI65282\_ctypes.pyd 2014-01-29 01:30 - 2014-01-29 01:30 - 00119808 _____ () C:\Users\Joon Kiat\AppData\Local\Temp\_MEI65282\win32file.pyd 2014-01-29 01:30 - 2014-01-29 01:30 - 00108544 _____ () C:\Users\Joon Kiat\AppData\Local\Temp\_MEI65282\win32security.pyd 2014-01-29 01:30 - 2014-01-29 01:30 - 00018432 _____ () C:\Users\Joon Kiat\AppData\Local\Temp\_MEI65282\win32event.pyd 2014-01-29 01:30 - 2014-01-29 01:30 - 00038912 _____ () C:\Users\Joon Kiat\AppData\Local\Temp\_MEI65282\win32inet.pyd 2014-01-29 01:30 - 2014-01-29 01:30 - 00122368 _____ () C:\Users\Joon Kiat\AppData\Local\Temp\_MEI65282\wx._wizard.pyd 2014-01-29 01:30 - 2014-01-29 01:30 - 00026624 _____ () C:\Users\Joon Kiat\AppData\Local\Temp\_MEI65282\_multiprocessing.pyd 2014-01-29 01:30 - 2014-01-29 01:30 - 00070656 _____ () C:\Users\Joon Kiat\AppData\Local\Temp\_MEI65282\wx._html2.pyd 2014-01-29 01:30 - 2014-01-29 01:30 - 00010240 _____ () C:\Users\Joon Kiat\AppData\Local\Temp\_MEI65282\select.pyd 2014-01-29 01:30 - 2014-01-29 01:30 - 00686080 _____ () C:\Users\Joon Kiat\AppData\Local\Temp\_MEI65282\unicodedata.pyd 2014-01-29 01:30 - 2014-01-29 01:30 - 00025600 _____ () C:\Users\Joon Kiat\AppData\Local\Temp\_MEI65282\win32pdh.pyd 2014-01-29 01:30 - 2014-01-29 01:30 - 00521680 _____ () C:\Users\Joon Kiat\AppData\Local\Temp\_MEI65282\windows._lib_cacheinvalidation.pyd 2014-01-29 01:30 - 2014-01-29 01:30 - 00011264 _____ () C:\Users\Joon Kiat\AppData\Local\Temp\_MEI65282\win32crypt.pyd 2014-01-29 01:30 - 2014-01-29 01:30 - 00024064 _____ () C:\Users\Joon Kiat\AppData\Local\Temp\_MEI65282\win32pipe.pyd 2014-01-29 01:30 - 2014-01-29 01:30 - 00035840 _____ () C:\Users\Joon Kiat\AppData\Local\Temp\_MEI65282\win32process.pyd 2014-01-29 01:30 - 2014-01-29 01:30 - 00017408 _____ () C:\Users\Joon Kiat\AppData\Local\Temp\_MEI65282\win32profile.pyd 2014-01-29 01:30 - 2014-01-29 01:30 - 00022528 _____ () C:\Users\Joon Kiat\AppData\Local\Temp\_MEI65282\win32ts.pyd 2013-08-16 19:31 - 2013-08-16 19:31 - 00172032 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\5dcd22545c6da7fd288acb6816d7b2ec\IsdiInterop.ni.dll 2012-03-29 09:12 - 2011-11-30 11:00 - 00059392 _____ () C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll 2012-03-29 09:13 - 2011-12-17 01:39 - 01198872 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll 2013-11-15 12:25 - 2013-11-15 13:01 - 00316584 _____ () C:\Program Files\Microsoft Office 15\Root\Office15\AppVIsvStream32.dll 2014-01-17 01:12 - 2014-01-17 01:12 - 00359592 _____ () C:\Program Files\Microsoft Office 15\Root\Office15\c2r32.dll ==================== Alternate Data Streams (whitelisted) ========= AlternateDataStreams: C:\ProgramData\Temp:56E2E879 AlternateDataStreams: C:\ProgramData\Temp:5C321E34 ==================== Safe Mode (whitelisted) =================== ==================== Faulty Device Manager Devices ============= Name: avast! Firewall NDIS Filter Miniport Description: avast! Firewall NDIS Filter Miniport Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: ALWIL Software Service: aswNdis Problem: : Windows cannot start this hardware device because its configuration information (in the registry) is incomplete or damaged. (Code 19) Resolution: A registry problem was detected. This can occur when more than one service is defined for a device, if there is a failure opening the service subkey, or if the driver name cannot be obtained from the service subkey. Try these options: On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard. Click "Uninstall", and then click "Scan for hardware changes" to load a usable driver. ==================== Event log errors: ========================= Application errors: ================== System errors: ============= Microsoft Office Sessions: ========================= CodeIntegrity Errors: =================================== Date: 2014-01-28 21:26:19.937 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system. Date: 2014-01-28 21:26:19.774 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system. Date: 2014-01-28 21:21:26.582 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system. Date: 2014-01-28 21:21:26.456 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system. Date: 2014-01-28 21:20:36.044 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system. Date: 2014-01-28 21:20:35.924 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system. Date: 2014-01-28 19:00:41.243 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system. Date: 2014-01-28 19:00:41.135 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system. Date: 2014-01-28 18:59:59.881 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system. Date: 2014-01-28 18:59:59.763 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system. ==================== Memory info =========================== Percentage of memory in use: 32% Total physical RAM: 8094.36 MB Available physical RAM: 5451.89 MB Total Pagefile: 16186.89 MB Available Pagefile: 13232.85 MB Total Virtual: 8192 MB Available Virtual: 8191.81 MB ==================== Drives ================================ Drive c: (Windows7_OS) (Fixed) (Total:653.44 GB) (Free:388.72 GB) NTFS ==>[system with boot components (obtained from reading drive)] Drive d: (LENOVO) (Fixed) (Total:25.47 GB) (Free:21.56 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 699 GB) (Disk ID: 8C2DE9D8) Partition 1: (Active) - (Size=200 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=653 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=25 GB) - (Type=07 NTFS) Partition 4: (Not Active) - (Size=20 GB) - (Type=12) ==================== End Of Log ============================
  9. silent_orchestra91
    Sorry here is the MBAM log following removal, I have posted the wrong one earlier. ____________________________________ Malwarebytes Anti-Malware 1.75.0.1300 www.malwarebytes.org Database version: v2014.01.28.03 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 11.0.9600.16476 Joon Kiat :: JOONKIAT-PC [administrator] 28/1/2014 4:11:53 PM mbam-log-2014-01-28 (16-11-53).txt Scan type: Full scan (C:\|D:\|Q:\|) Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 508555 Time elapsed: 1 hour(s), 27 minute(s), 45 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 1 HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|NextLive (PUP.Optional.NextLive.A) -> Data: C:\Windows\SysWOW64\rundll32.exe "C:\Users\Joon Kiat\AppData\Roaming\newnext.me\nengine.dll",EntryPoint -m l -> Quarantined and deleted successfully. Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 2 D:\DTLite4461-0327.exe (PUP.Optional.OpenCandy) -> Quarantined and deleted successfully. D:\winamp563_full_emusic-7plus_en-us.exe (PUP.Optional.OpenCandy) -> Quarantined and deleted successfully. (end)
  10. silent_orchestra91
    Dear Kevin, Thanks for replying. I have attached the MBAM and AdwCleaner logs below. For MBAM, I have already checked the 3 items and removed them. I am not sure which file/folders and registry items that AdwCleaner detected are safe for deleting, hence, do advise on this so that I can proceed with the next step. Thank you. ___________________________________ Malwarebytes Anti-Malware 1.75.0.1300 www.malwarebytes.org Database version: v2014.01.28.03 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 11.0.9600.16476 Joon Kiat :: JOONKIAT-PC [administrator] 28/1/2014 4:11:53 PM MBAM-log-2014-01-28 (17-58-13).txt Scan type: Full scan (C:\|D:\|Q:\|) Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 508555 Time elapsed: 1 hour(s), 27 minute(s), 45 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 1 HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|NextLive (PUP.Optional.NextLive.A) -> Data: C:\Windows\SysWOW64\rundll32.exe "C:\Users\Joon Kiat\AppData\Roaming\newnext.me\nengine.dll",EntryPoint -m l -> No action taken. Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 2 D:\DTLite4461-0327.exe (PUP.Optional.OpenCandy) -> No action taken. D:\winamp563_full_emusic-7plus_en-us.exe (PUP.Optional.OpenCandy) -> No action taken. (end) ___________________________________ AdwCleaner Log # AdwCleaner v3.017 - Report created 28/01/2014 at 18:42:54 # Updated 12/01/2014 by Xplode # Operating System : Windows 7 Home Premium Service Pack 1 (64 bits) # Username : Joon Kiat - JOONKIAT-PC # Running from : C:\Users\Joon Kiat\Desktop\adwcleaner.exe # Option : Scan ***** [ Services ] ***** ***** [ Files / Folders ] ***** Folder Found C:\Program Files (x86)\MyPC Backup Folder Found C:\Users\Joon Kiat\AppData\Local\genienext Folder Found C:\Users\Joon Kiat\AppData\Local\Mobogenie Folder Found C:\Users\Joon Kiat\Documents\Mobogenie ***** [ Shortcuts ] ***** ***** [ Registry ] ***** Key Found : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323} Key Found : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777} Key Found : HKLM\SOFTWARE\Classes\protector_dll.protectorbho Key Found : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1 Key Found : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32 Key Found : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\MobogenieAdd Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [mobilegeni daemon] ***** [ Browsers ] ***** -\\ Internet Explorer v11.0.9600.16428 -\\ Mozilla Firefox v26.0 (en-US) [ File : C:\Users\Joon Kiat\AppData\Roaming\Mozilla\Firefox\Profiles\o608gk9v.default\prefs.js ] -\\ Google Chrome v32.0.1700.76 [ File : C:\Users\Joon Kiat\AppData\Local\Google\Chrome\User Data\Default\preferences ] ************************* AdwCleaner[R0].txt - [1571 octets] - [28/01/2014 18:42:54] ########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [1631 octets] ##########
  11. silent_orchestra91
    Dear Support Team, The recent log of my MBAM scan showed the following results. Is there anyway that I can completely remove the following programs from my system? Thank you. ____________________________________________ Malwarebytes Anti-Malware 1.75.0.1300 www.malwarebytes.org Database version: v2014.01.24.06 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 11.0.9600.16476 Joon Kiat :: JOONKIAT-PC [administrator] 27/1/2014 11:06:15 PM MBAM-log-2014-01-27 (23-16-06).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 245652 Time elapsed: 6 minute(s), 46 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 1 C:\Users\Joon Kiat\AppData\Roaming\newnext.me\nengine.dll (PUP.Optional.NextLive.A) -> No action taken. Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 1 HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|NextLive (PUP.Optional.NextLive.A) -> Data: C:\Windows\SysWOW64\rundll32.exe "C:\Users\Joon Kiat\AppData\Roaming\newnext.me\nengine.dll",EntryPoint -m l -> No action taken. Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 4 C:\Users\Joon Kiat\AppData\Roaming\newnext.me (PUP.Optional.NextLive.A) -> No action taken. C:\Users\Joon Kiat\AppData\Roaming\newnext.me\cache (PUP.Optional.NextLive.A) -> No action taken. C:\Users\Joon Kiat\AppData\Local\TNT2 (PUP.Optional.TidyNetwork.A) -> No action taken. C:\Users\Joon Kiat\AppData\Local\TNT2\2.0.0.1702 (PUP.Optional.TidyNetwork.A) -> No action taken. Files Detected: 20 C:\Users\Joon Kiat\AppData\Local\Temp\nsn113E.exe (PUP.Optional.SearchProtect.A) -> No action taken. C:\Users\Joon Kiat\AppData\Local\Temp\nsn192B.exe (PUP.Optional.SearchProtect.A) -> No action taken. C:\Users\Joon Kiat\AppData\Local\Temp\nsn583F.exe (PUP.Optional.SearchProtect.A) -> No action taken. C:\Users\Joon Kiat\AppData\Local\Temp\nss5071.exe (PUP.Optional.SearchProtect.A) -> No action taken. C:\Users\Joon Kiat\AppData\Local\Temp\nsx4315.exe (PUP.Optional.SearchProtect.A) -> No action taken. C:\Users\Joon Kiat\AppData\Local\Temp\nsx5BD8.exe (PUP.Optional.SearchProtect.A) -> No action taken. C:\Users\Joon Kiat\AppData\Local\Temp\nsx941.exe (PUP.Optional.SearchProtect.A) -> No action taken. C:\Users\Joon Kiat\AppData\Roaming\newnext.me\nengine.dll (PUP.Optional.NextLive.A) -> No action taken. C:\Users\Joon Kiat\AppData\Roaming\newnext.me\nengine.cookie (PUP.Optional.NextLive.A) -> No action taken. C:\Users\Joon Kiat\AppData\Roaming\newnext.me\cache\spark.bin (PUP.Optional.NextLive.A) -> No action taken. C:\Users\Joon Kiat\AppData\Local\TNT2\2.0.0.1702\crx.tar (PUP.Optional.TidyNetwork.A) -> No action taken. C:\Users\Joon Kiat\AppData\Local\TNT2\2.0.0.1702\GLOBALUNINSTALL.TNT (PUP.Optional.TidyNetwork.A) -> No action taken. C:\Users\Joon Kiat\AppData\Local\TNT2\2.0.0.1702\INSTALL.TNT (PUP.Optional.TidyNetwork.A) -> No action taken. C:\Users\Joon Kiat\AppData\Local\TNT2\2.0.0.1702\PARTNER.TNT (PUP.Optional.TidyNetwork.A) -> No action taken. C:\Users\Joon Kiat\AppData\Local\TNT2\2.0.0.1702\pinnedSearch.htm (PUP.Optional.TidyNetwork.A) -> No action taken. C:\Users\Joon Kiat\AppData\Local\TNT2\2.0.0.1702\pinnedSearch_FindWide.htm (PUP.Optional.TidyNetwork.A) -> No action taken. C:\Users\Joon Kiat\AppData\Local\TNT2\2.0.0.1702\RemoteSkin.wms (PUP.Optional.TidyNetwork.A) -> No action taken. C:\Users\Joon Kiat\AppData\Local\TNT2\2.0.0.1702\UNINSTALL.TNT (PUP.Optional.TidyNetwork.A) -> No action taken. C:\Users\Joon Kiat\AppData\Local\TNT2\2.0.0.1702\UPDATE.TNT (PUP.Optional.TidyNetwork.A) -> No action taken. C:\Users\Joon Kiat\AppData\Local\TNT2\2.0.0.1702\xpi.tar (PUP.Optional.TidyNetwork.A) -> No action taken. (end) I have checked all of the above items for removal except for the HKCU PUP as I am not sure if that is safe to delete. Upon reboot, a windows error message that says that it cannot detect the rundll for mobogenie appears. Hence, I believe that there are still traces of the PUP in my computer and I wish to completely remove them. How do I go about doing this? Thank you.
  12. silent_orchestra91
    Dear Support Team, The recent log of my MBAM scan showed the following results. Is there anyway that I can completely remove the following programs from my system? Thank you. ____________________________________________ Malwarebytes Anti-Malware 1.75.0.1300 www.malwarebytes.org Database version: v2014.01.24.06 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 11.0.9600.16476 Joon Kiat :: JOONKIAT-PC [administrator] 27/1/2014 11:06:15 PM MBAM-log-2014-01-27 (23-16-06).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 245652 Time elapsed: 6 minute(s), 46 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 1 C:\Users\Joon Kiat\AppData\Roaming\newnext.me\nengine.dll (PUP.Optional.NextLive.A) -> No action taken. Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 1 HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|NextLive (PUP.Optional.NextLive.A) -> Data: C:\Windows\SysWOW64\rundll32.exe "C:\Users\Joon Kiat\AppData\Roaming\newnext.me\nengine.dll",EntryPoint -m l -> No action taken. Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 4 C:\Users\Joon Kiat\AppData\Roaming\newnext.me (PUP.Optional.NextLive.A) -> No action taken. C:\Users\Joon Kiat\AppData\Roaming\newnext.me\cache (PUP.Optional.NextLive.A) -> No action taken. C:\Users\Joon Kiat\AppData\Local\TNT2 (PUP.Optional.TidyNetwork.A) -> No action taken. C:\Users\Joon Kiat\AppData\Local\TNT2\2.0.0.1702 (PUP.Optional.TidyNetwork.A) -> No action taken. Files Detected: 20 C:\Users\Joon Kiat\AppData\Local\Temp\nsn113E.exe (PUP.Optional.SearchProtect.A) -> No action taken. C:\Users\Joon Kiat\AppData\Local\Temp\nsn192B.exe (PUP.Optional.SearchProtect.A) -> No action taken. C:\Users\Joon Kiat\AppData\Local\Temp\nsn583F.exe (PUP.Optional.SearchProtect.A) -> No action taken. C:\Users\Joon Kiat\AppData\Local\Temp\nss5071.exe (PUP.Optional.SearchProtect.A) -> No action taken. C:\Users\Joon Kiat\AppData\Local\Temp\nsx4315.exe (PUP.Optional.SearchProtect.A) -> No action taken. C:\Users\Joon Kiat\AppData\Local\Temp\nsx5BD8.exe (PUP.Optional.SearchProtect.A) -> No action taken. C:\Users\Joon Kiat\AppData\Local\Temp\nsx941.exe (PUP.Optional.SearchProtect.A) -> No action taken. C:\Users\Joon Kiat\AppData\Roaming\newnext.me\nengine.dll (PUP.Optional.NextLive.A) -> No action taken. C:\Users\Joon Kiat\AppData\Roaming\newnext.me\nengine.cookie (PUP.Optional.NextLive.A) -> No action taken. C:\Users\Joon Kiat\AppData\Roaming\newnext.me\cache\spark.bin (PUP.Optional.NextLive.A) -> No action taken. C:\Users\Joon Kiat\AppData\Local\TNT2\2.0.0.1702\crx.tar (PUP.Optional.TidyNetwork.A) -> No action taken. C:\Users\Joon Kiat\AppData\Local\TNT2\2.0.0.1702\GLOBALUNINSTALL.TNT (PUP.Optional.TidyNetwork.A) -> No action taken. C:\Users\Joon Kiat\AppData\Local\TNT2\2.0.0.1702\INSTALL.TNT (PUP.Optional.TidyNetwork.A) -> No action taken. C:\Users\Joon Kiat\AppData\Local\TNT2\2.0.0.1702\PARTNER.TNT (PUP.Optional.TidyNetwork.A) -> No action taken. C:\Users\Joon Kiat\AppData\Local\TNT2\2.0.0.1702\pinnedSearch.htm (PUP.Optional.TidyNetwork.A) -> No action taken. C:\Users\Joon Kiat\AppData\Local\TNT2\2.0.0.1702\pinnedSearch_FindWide.htm (PUP.Optional.TidyNetwork.A) -> No action taken. C:\Users\Joon Kiat\AppData\Local\TNT2\2.0.0.1702\RemoteSkin.wms (PUP.Optional.TidyNetwork.A) -> No action taken. C:\Users\Joon Kiat\AppData\Local\TNT2\2.0.0.1702\UNINSTALL.TNT (PUP.Optional.TidyNetwork.A) -> No action taken. C:\Users\Joon Kiat\AppData\Local\TNT2\2.0.0.1702\UPDATE.TNT (PUP.Optional.TidyNetwork.A) -> No action taken. C:\Users\Joon Kiat\AppData\Local\TNT2\2.0.0.1702\xpi.tar (PUP.Optional.TidyNetwork.A) -> No action taken. (end)
  13. silent_orchestra91
    Hi Maurice, Also could you elaborate further on what you mean by the bad guys are pinging. Is there anyway to stop this? Thanks.
  14. silent_orchestra91
    Dear Maurice, Thank you for your help. How long does one license last? Also, what features are disabled in the free version? Is there still IP blocking? So after I have cleared everything, I can wrap this up right.
  15. silent_orchestra91
    System is running well now. The only infrequent IP blocks are get are the incoming ones from svchost.exe. I've yet to encounter any outgoing blocks from coreserviceshell.exe. What do I do from here? Thanks.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.