[Infected Registry - Help - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|NextLive]

Dear Kevin,

 

So sorry for the late reply. Was involved in a production. Anyway I have already ran the steps above. Will this be the end of the disinfection? Thank you for your help.

[Infected Registry - Help - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|NextLive]

Dear Kevin,

 

Sorry for the late reply. As of now there are no issues or concerns. So with this, I can be sure that the threats have already been removed from my computer? If so, we can start to clean up. Thank you.

[Infected Registry - Help - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|NextLive]

Dear Kevin,

 

I have already created the .bat file and ran it. How do I proceed from here? Thank you.

[Infected Registry - Help - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|NextLive]

Dear Kevin,

 

I just finished running the scan and this is what ESET detected. I also put a checked next to the 2 options to scan for and potentially dangerous/unwanted progs before running the scan. So I am guessing the results below may be false positives?

 

___________________________________________________-

 

C:\Users\Joon Kiat\AppData\Local\Temp\foxC2F4.tmp\Foxit Reader en5.4.5.124(toolbar) Setup.exe    multiple threats
D:\FoxitReader542.0901_enu_Setup.exe    a variant of Win32/Bundled.Toolbar.Ask application
 

[Infected Registry - Help - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|NextLive]

Dear Kevin,

 

Pardon my slow and late replies as I am really busy these few days. I will reply you by this saturday with a log of the scan. Sorry.

[Infected Registry - Help - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|NextLive]

Dear Kevin,

 

This message came up when I was using IE to run ESET. Should I proceed as I seem to need to download an additional utility. Thank you.

 

Internet browser support

You are trying to launch ESET Online Scanner in a different browser than Internet Explorer. Please agree to the download of ESET Smart Installer - an application which installs and launches ESET Online Scanner in a separate window. At the end of the scan, there will be an option to uninstall ESET Online Scanner and all its components.

To download ESET Smart Installer click the link below.

• esetsmartinstaller_enu.exe

After successful installation of ESET Smart Installer is ESET Online Scanner launched in a new window.

 

 

[Infected Registry - Help - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|NextLive]

Dear Kevin,

 

I have attached the logs as requested. Sorry about the slow replies, am busy with work. Just a question, what does the fixing do? Thank you.

 

_______________________________________

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 29-01-2014
Ran by Joon Kiat at 2014-01-29 16:40:25 Run:1
Running from C:\Users\Joon Kiat\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
Start
HKLM-x32\...\Run: [mobilegeni daemon] - C:\Program Files (x86)\Mobogenie\DaemonProcess.exe
C:\Program Files (x86)\Mobogenie
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
U3 BcmSqlStartupSvc;
U2 CLKMSVC10_3A60B698;
U2 CLKMSVC10_C3B3B687;
U2 DriverService;
U2 iATAgentService;
U2 idealife Update Service;
U3 IGRS;
U2 IviRegMgr;
U2 Oasis2Service;
U2 PCCarerService;
U2 ReadyComm.DirectRouter;
U2 RichVideo;
U2 RtLedService;
U2 SeaPort;
U2 SoftwareService;
U3 SQLWriter;
C:\Users\Joon Kiat\AppData\Local\Temp\BackupSetup.exe
C:\Users\Joon Kiat\AppData\Local\Temp\Checkupdate.exe
C:\Users\Joon Kiat\AppData\Local\Temp\Foxit Reader Updater.exe
C:\Users\Joon Kiat\AppData\Local\Temp\Foxit Updater.exe
C:\Users\Joon Kiat\AppData\Local\Temp\gcapi_dll.dll
C:\Users\Joon Kiat\AppData\Local\Temp\gtapi_signed.dll
C:\Users\Joon Kiat\AppData\Local\Temp\jre-7u11-windows-i586-iftw.exe
C:\Users\Joon Kiat\AppData\Local\Temp\jre-7u17-windows-i586-iftw.exe
C:\Users\Joon Kiat\AppData\Local\Temp\jre-7u21-windows-i586-iftw.exe
C:\Users\Joon Kiat\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe
C:\Users\Joon Kiat\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe
C:\Users\Joon Kiat\AppData\Local\Temp\OfficeSetup.exe
C:\Users\Joon Kiat\AppData\Local\Temp\vcredist_x64.exe
C:\Users\Joon Kiat\AppData\Local\Temp\vlc-2.0.4-win32.exe
C:\Users\Joon Kiat\AppData\Local\Temp\vlc-2.0.5-win32.exe
C:\Users\Joon Kiat\AppData\Local\Temp\vlc-2.0.7-win32.exe
C:\Users\Joon Kiat\AppData\Local\Temp\vlc-2.0.8-win32.exe
C:\Users\Joon Kiat\AppData\Local\Temp\vlc-2.1.1-win32.exe
C:\Users\Joon Kiat\AppData\Local\Temp\vlc-2.1.2-win32.exe
2014-01-29 01:30 - 2014-01-29 01:30 - 00098816 _____ () C:\Users\Joon Kiat\AppData\Local\Temp\_MEI65282\win32api.pyd
2014-01-29 01:30 - 2014-01-29 01:30 - 00110080 _____ () C:\Users\Joon Kiat\AppData\Local\Temp\_MEI65282\PyWinTypes27.dll
2014-01-29 01:30 - 2014-01-29 01:30 - 00364544 _____ () C:\Users\Joon Kiat\AppData\Local\Temp\_MEI65282\pythoncom27.dll
2014-01-29 01:30 - 2014-01-29 01:30 - 00044032 _____ () C:\Users\Joon Kiat\AppData\Local\Temp\_MEI65282\_socket.pyd
2014-01-29 01:30 - 2014-01-29 01:30 - 01153024 _____ () C:\Users\Joon Kiat\AppData\Local\Temp\_MEI65282\_ssl.pyd
2014-01-29 01:30 - 2014-01-29 01:30 - 00320512 _____ () C:\Users\Joon Kiat\AppData\Local\Temp\_MEI65282\win32com.shell.shell.pyd
2014-01-29 01:30 - 2014-01-29 01:30 - 00711680 _____ () C:\Users\Joon Kiat\AppData\Local\Temp\_MEI65282\_hashlib.pyd
2014-01-29 01:30 - 2014-01-29 01:30 - 01175040 _____ () C:\Users\Joon Kiat\AppData\Local\Temp\_MEI65282\wx._core_.pyd
2014-01-29 01:30 - 2014-01-29 01:30 - 00805888 _____ () C:\Users\Joon Kiat\AppData\Local\Temp\_MEI65282\wx._gdi_.pyd
2014-01-29 01:30 - 2014-01-29 01:30 - 00811008 _____ () C:\Users\Joon Kiat\AppData\Local\Temp\_MEI65282\wx._windows_.pyd
2014-01-29 01:30 - 2014-01-29 01:30 - 01062400 _____ () C:\Users\Joon Kiat\AppData\Local\Temp\_MEI65282\wx._controls_.pyd
2014-01-29 01:30 - 2014-01-29 01:30 - 00735232 _____ () C:\Users\Joon Kiat\AppData\Local\Temp\_MEI65282\wx._misc_.pyd
2014-01-29 01:30 - 2014-01-29 01:30 - 00128512 _____ () C:\Users\Joon Kiat\AppData\Local\Temp\_MEI65282\_elementtree.pyd
2014-01-29 01:30 - 2014-01-29 01:30 - 00127488 _____ () C:\Users\Joon Kiat\AppData\Local\Temp\_MEI65282\pyexpat.pyd
2014-01-29 01:30 - 2014-01-29 01:30 - 00557056 _____ () C:\Users\Joon Kiat\AppData\Local\Temp\_MEI65282\pysqlite2._sqlite.pyd
2014-01-29 01:30 - 2014-01-29 01:30 - 00087040 _____ () C:\Users\Joon Kiat\AppData\Local\Temp\_MEI65282\_ctypes.pyd
2014-01-29 01:30 - 2014-01-29 01:30 - 00119808 _____ () C:\Users\Joon Kiat\AppData\Local\Temp\_MEI65282\win32file.pyd
2014-01-29 01:30 - 2014-01-29 01:30 - 00108544 _____ () C:\Users\Joon Kiat\AppData\Local\Temp\_MEI65282\win32security.pyd
2014-01-29 01:30 - 2014-01-29 01:30 - 00018432 _____ () C:\Users\Joon Kiat\AppData\Local\Temp\_MEI65282\win32event.pyd
2014-01-29 01:30 - 2014-01-29 01:30 - 00038912 _____ () C:\Users\Joon Kiat\AppData\Local\Temp\_MEI65282\win32inet.pyd
2014-01-29 01:30 - 2014-01-29 01:30 - 00122368 _____ () C:\Users\Joon Kiat\AppData\Local\Temp\_MEI65282\wx._wizard.pyd
2014-01-29 01:30 - 2014-01-29 01:30 - 00026624 _____ () C:\Users\Joon Kiat\AppData\Local\Temp\_MEI65282\_multiprocessing.pyd
2014-01-29 01:30 - 2014-01-29 01:30 - 00070656 _____ () C:\Users\Joon Kiat\AppData\Local\Temp\_MEI65282\wx._html2.pyd
2014-01-29 01:30 - 2014-01-29 01:30 - 00010240 _____ () C:\Users\Joon Kiat\AppData\Local\Temp\_MEI65282\select.pyd
2014-01-29 01:30 - 2014-01-29 01:30 - 00686080 _____ () C:\Users\Joon Kiat\AppData\Local\Temp\_MEI65282\unicodedata.pyd
2014-01-29 01:30 - 2014-01-29 01:30 - 00025600 _____ () C:\Users\Joon Kiat\AppData\Local\Temp\_MEI65282\win32pdh.pyd
2014-01-29 01:30 - 2014-01-29 01:30 - 00521680 _____ () C:\Users\Joon Kiat\AppData\Local\Temp\_MEI65282\windows._lib_cacheinvalidation.pyd
2014-01-29 01:30 - 2014-01-29 01:30 - 00011264 _____ () C:\Users\Joon Kiat\AppData\Local\Temp\_MEI65282\win32crypt.pyd
2014-01-29 01:30 - 2014-01-29 01:30 - 00024064 _____ () C:\Users\Joon Kiat\AppData\Local\Temp\_MEI65282\win32pipe.pyd
2014-01-29 01:30 - 2014-01-29 01:30 - 00035840 _____ () C:\Users\Joon Kiat\AppData\Local\Temp\_MEI65282\win32process.pyd
2014-01-29 01:30 - 2014-01-29 01:30 - 00017408 _____ () C:\Users\Joon Kiat\AppData\Local\Temp\_MEI65282\win32profile.pyd
2014-01-29 01:30 - 2014-01-29 01:30 - 00022528 _____ () C:\Users\Joon Kiat\AppData\Local\Temp\_MEI65282\win32ts.pyd
AlternateDataStreams: C:\ProgramData\Temp:56E2E879
AlternateDataStreams: C:\ProgramData\Temp:5C321E34
End
*****************

HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\mobilegeni daemon => Value deleted successfully.
"C:\Program Files (x86)\Mobogenie" => File/Directory not found.
HKLM\SOFTWARE\Policies\Google => Key deleted successfully.
BcmSqlStartupSvc => Service deleted successfully.
CLKMSVC10_3A60B698 => Service deleted successfully.
CLKMSVC10_C3B3B687 => Service deleted successfully.
DriverService => Service deleted successfully.
iATAgentService => Service deleted successfully.
idealife Update Service => Service deleted successfully.
IGRS => Service deleted successfully.
IviRegMgr => Service deleted successfully.
Oasis2Service => Service deleted successfully.
PCCarerService => Service deleted successfully.
ReadyComm.DirectRouter => Service deleted successfully.
RichVideo => Service deleted successfully.
RtLedService => Service deleted successfully.
SeaPort => Service deleted successfully.
SoftwareService => Service deleted successfully.
SQLWriter => Service deleted successfully.
C:\Users\Joon Kiat\AppData\Local\Temp\BackupSetup.exe => Moved successfully.
C:\Users\Joon Kiat\AppData\Local\Temp\Checkupdate.exe => Moved successfully.
C:\Users\Joon Kiat\AppData\Local\Temp\Foxit Reader Updater.exe => Moved successfully.
C:\Users\Joon Kiat\AppData\Local\Temp\Foxit Updater.exe => Moved successfully.
C:\Users\Joon Kiat\AppData\Local\Temp\gcapi_dll.dll => Moved successfully.
C:\Users\Joon Kiat\AppData\Local\Temp\gtapi_signed.dll => Moved successfully.
C:\Users\Joon Kiat\AppData\Local\Temp\jre-7u11-windows-i586-iftw.exe => Moved successfully.
C:\Users\Joon Kiat\AppData\Local\Temp\jre-7u17-windows-i586-iftw.exe => Moved successfully.
C:\Users\Joon Kiat\AppData\Local\Temp\jre-7u21-windows-i586-iftw.exe => Moved successfully.
C:\Users\Joon Kiat\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe => Moved successfully.
C:\Users\Joon Kiat\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe => Moved successfully.
C:\Users\Joon Kiat\AppData\Local\Temp\OfficeSetup.exe => Moved successfully.
C:\Users\Joon Kiat\AppData\Local\Temp\vcredist_x64.exe => Moved successfully.
C:\Users\Joon Kiat\AppData\Local\Temp\vlc-2.0.4-win32.exe => Moved successfully.
C:\Users\Joon Kiat\AppData\Local\Temp\vlc-2.0.5-win32.exe => Moved successfully.
C:\Users\Joon Kiat\AppData\Local\Temp\vlc-2.0.7-win32.exe => Moved successfully.
C:\Users\Joon Kiat\AppData\Local\Temp\vlc-2.0.8-win32.exe => Moved successfully.
C:\Users\Joon Kiat\AppData\Local\Temp\vlc-2.1.1-win32.exe => Moved successfully.
C:\Users\Joon Kiat\AppData\Local\Temp\vlc-2.1.2-win32.exe => Moved successfully.
C:\Users\Joon Kiat\AppData\Local\Temp\_MEI65282\win32api.pyd => Moved successfully.
"C:\Users\Joon Kiat\AppData\Local\Temp\_MEI65282\PyWinTypes27.dll" => File/Directory not found.
"C:\Users\Joon Kiat\AppData\Local\Temp\_MEI65282\pythoncom27.dll" => File/Directory not found.
C:\Users\Joon Kiat\AppData\Local\Temp\_MEI65282\_socket.pyd => Moved successfully.
C:\Users\Joon Kiat\AppData\Local\Temp\_MEI65282\_ssl.pyd => Moved successfully.
C:\Users\Joon Kiat\AppData\Local\Temp\_MEI65282\win32com.shell.shell.pyd => Moved successfully.
C:\Users\Joon Kiat\AppData\Local\Temp\_MEI65282\_hashlib.pyd => Moved successfully.
C:\Users\Joon Kiat\AppData\Local\Temp\_MEI65282\wx._core_.pyd => Moved successfully.
C:\Users\Joon Kiat\AppData\Local\Temp\_MEI65282\wx._gdi_.pyd => Moved successfully.
C:\Users\Joon Kiat\AppData\Local\Temp\_MEI65282\wx._windows_.pyd => Moved successfully.
C:\Users\Joon Kiat\AppData\Local\Temp\_MEI65282\wx._controls_.pyd => Moved successfully.
C:\Users\Joon Kiat\AppData\Local\Temp\_MEI65282\wx._misc_.pyd => Moved successfully.
C:\Users\Joon Kiat\AppData\Local\Temp\_MEI65282\_elementtree.pyd => Moved successfully.
"C:\Users\Joon Kiat\AppData\Local\Temp\_MEI65282\pyexpat.pyd" => File/Directory not found.
"C:\Users\Joon Kiat\AppData\Local\Temp\_MEI65282\pysqlite2._sqlite.pyd" => File/Directory not found.
C:\Users\Joon Kiat\AppData\Local\Temp\_MEI65282\_ctypes.pyd => Moved successfully.
C:\Users\Joon Kiat\AppData\Local\Temp\_MEI65282\win32file.pyd => Moved successfully.
C:\Users\Joon Kiat\AppData\Local\Temp\_MEI65282\win32security.pyd => Moved successfully.
C:\Users\Joon Kiat\AppData\Local\Temp\_MEI65282\win32event.pyd => Moved successfully.
C:\Users\Joon Kiat\AppData\Local\Temp\_MEI65282\win32inet.pyd => Moved successfully.
C:\Users\Joon Kiat\AppData\Local\Temp\_MEI65282\wx._wizard.pyd => Moved successfully.
C:\Users\Joon Kiat\AppData\Local\Temp\_MEI65282\_multiprocessing.pyd => Moved successfully.
C:\Users\Joon Kiat\AppData\Local\Temp\_MEI65282\wx._html2.pyd => Moved successfully.
C:\Users\Joon Kiat\AppData\Local\Temp\_MEI65282\select.pyd => Moved successfully.
C:\Users\Joon Kiat\AppData\Local\Temp\_MEI65282\unicodedata.pyd => Moved successfully.
C:\Users\Joon Kiat\AppData\Local\Temp\_MEI65282\win32pdh.pyd => Moved successfully.
C:\Users\Joon Kiat\AppData\Local\Temp\_MEI65282\windows._lib_cacheinvalidation.pyd => Moved successfully.
C:\Users\Joon Kiat\AppData\Local\Temp\_MEI65282\win32crypt.pyd => Moved successfully.
C:\Users\Joon Kiat\AppData\Local\Temp\_MEI65282\win32pipe.pyd => Moved successfully.
C:\Users\Joon Kiat\AppData\Local\Temp\_MEI65282\win32process.pyd => Moved successfully.
C:\Users\Joon Kiat\AppData\Local\Temp\_MEI65282\win32profile.pyd => Moved successfully.
C:\Users\Joon Kiat\AppData\Local\Temp\_MEI65282\win32ts.pyd => Moved successfully.
C:\ProgramData\Temp => ":56E2E879" ADS removed successfully.
C:\ProgramData\Temp => ":5C321E34" ADS removed successfully.

==== End of Fixlog ====

 

_______________________________________________

 

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2014.01.29.02

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.16476
Joon Kiat :: JOONKIAT-PC [administrator]

29/1/2014 4:41:24 PM
mbam-log-2014-01-29 (16-41-24).txt

Scan type: Full scan (C:\|D:\|Q:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 508879
Time elapsed: 1 hour(s), 27 minute(s), 6 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

__________________________________________________

[Infected Registry - Help - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|NextLive]

Dear Kevin,

 

I have proceeded with the steps. AdwCleaner seems to have found lesser items upon the second scan but nonetheless, I went ahead with it and removed those items.

The logs are as follow. What should I do from here? Thank you for your help.

 

_____________________________________________

 

# AdwCleaner v3.010 - Report created 29/01/2014 at 01:23:24
# Updated 20/10/2013 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Joon Kiat - JOONKIAT-PC
# Running from : C:\Users\Joon Kiat\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\Program Files (x86)\MyPC Backup

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.16428


-\\ Mozilla Firefox v26.0 (en-US)

[ File : C:\Users\Joon Kiat\AppData\Roaming\Mozilla\Firefox\Profiles\o608gk9v.default\prefs.js ]


-\\ Google Chrome v32.0.1700.76

[ File : C:\Users\Joon Kiat\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [1711 octets] - [28/01/2014 18:42:54]
AdwCleaner[R1].txt - [1325 octets] - [29/01/2014 01:17:28]
AdwCleaner[R2].txt - [1385 octets] - [29/01/2014 01:18:01]
AdwCleaner[R3].txt - [1445 octets] - [29/01/2014 01:20:02]
AdwCleaner[s0].txt - [1329 octets] - [29/01/2014 01:23:24]

########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [1389 octets] ##########
 

________________________________________________

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.0 (01.07.2014:1)
OS: Windows 7 Home Premium x64
Ran by Joon Kiat on 29/01/2014 Wed at  1:39:49.87
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-21-1795884077-2746576003-4273307639-1001\Software\Microsoft\Internet Explorer\Main\\Start Page



~~~ Registry Keys



~~~ Files

Successfully deleted: [File] C:\Windows\syswow64\sho759D.tmp
Successfully deleted: [File] C:\Windows\syswow64\sho85A2.tmp
Successfully deleted: [File] C:\Windows\syswow64\shoD5F5.tmp
Successfully deleted: [File] C:\Windows\syswow64\shoF47D.tmp
Successfully deleted: [File] C:\Windows\syswow64\shoF5FF.tmp



~~~ Folders

Successfully deleted: [Empty Folder] C:\Users\Joon Kiat\appdata\local\{256562D3-EA6D-4D7E-ABDC-F62702E6BF3D}
Successfully deleted: [Empty Folder] C:\Users\Joon Kiat\appdata\local\{4A49FE04-425D-4A8B-99B2-A1352E43B0A8}
Successfully deleted: [Empty Folder] C:\Users\Joon Kiat\appdata\local\{616623D6-31EB-45D2-8326-53B761D24C97}
Successfully deleted: [Empty Folder] C:\Users\Joon Kiat\appdata\local\{7DD21454-997B-46A5-8619-074AB21982EC}
Successfully deleted: [Empty Folder] C:\Users\Joon Kiat\appdata\local\{8EB92DDE-897F-4B59-B1FB-2714B3FFCDA9}
Successfully deleted: [Empty Folder] C:\Users\Joon Kiat\appdata\local\{C58791D2-BA5D-4147-8F1C-EF92CE6B1FFC}
Successfully deleted: [Empty Folder] C:\Users\Joon Kiat\appdata\local\{C749B263-6B2C-4F8B-95B5-4B807C300371}
Successfully deleted: [Empty Folder] C:\Users\Joon Kiat\appdata\local\{D4C4846A-418C-405E-958B-6872E95E7823}
Successfully deleted: [Empty Folder] C:\Users\Joon Kiat\appdata\local\{E82E398B-F735-48C2-A42B-3D31254888BD}
Successfully deleted: [Empty Folder] C:\Users\Joon Kiat\appdata\local\{EF43F0E6-6EDB-4112-9C38-5636C0DC02E5}



~~~ FireFox

Emptied folder: C:\Users\Joon Kiat\AppData\Roaming\mozilla\firefox\profiles\o608gk9v.default\minidumps [92 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 29/01/2014 Wed at  1:46:17.14
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

___________________________________________________________________

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 27-01-2014 02
Ran by Joon Kiat (administrator) on JOONKIAT-PC on 29-01-2014 01:47:15
Running from C:\Users\Joon Kiat\Desktop\Logs
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Lenovo (Beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\utility.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
() C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeySupport.exe
(Synaptics) C:\Program Files\Synaptics\SynTP\SynLenovoGestureMgr.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\afwServ.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
( ) C:\Program Files (x86)\LockKey\LockKey.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
() C:\Program Files\Lenovo\Intelligent Touchpad\TouchZone.exe
(CyberLink) C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe
(Lenovo) C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe
(Nullsoft, Inc.) C:\Program Files (x86)\Winamp\winampa.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
() C:\Program Files\Realtek\Audio\HDA\FMAPP.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(CANON INC.) C:\Windows\System32\spool\drivers\x64\3\CNAP2LAK.EXE
(CANON INC.) C:\Windows\System32\spool\drivers\x64\3\CNAP2RPK.EXE
(CANON INC.) C:\Windows\System32\spool\drivers\x64\3\CNABCSWK.EXE
(CANON INC.) C:\Windows\System32\spool\drivers\x64\3\CNABCSWK.EXE
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Speedbit Ltd.) C:\Program Files (x86)\DAP\DAP.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe
(Dropbox, Inc.) C:\Users\Joon Kiat\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\BTStackServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\WINWORD.EXE


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [synTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2866960 2011-12-16] (Synaptics Incorporated)
HKLM\...\Run: [synLenovoGestureMgr] - C:\Program Files\Synaptics\SynTP\SynLenovoGestureMgr.exe [410896 2011-12-16] (Synaptics)
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12343400 2011-12-27] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] - C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1156712 2011-11-15] (Realtek Semiconductor)
HKLM\...\Run: [OnekeyStudio] - C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe [789856 2012-03-29] (Lenovo)
HKLM\...\Run: [updatePRCShortCut] - C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe [222504 2009-05-14] (CyberLink Corp.)
HKLM\...\Run: [Energy Management] - C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [8076848 2012-03-29] (Lenovo (Beijing) Limited)
HKLM\...\Run: [EnergyUtility] - C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe [6199344 2012-03-29] (Lenovo(beijing) Limited)
HKLM\...\Run: [Lenovo EE Boot Optimizer] - C:\Program Files (x86)\Lenovo\Boot Optimizer\PopWnd.exe [206176 2012-03-29] (Lenovo)
HKLM\...\Run: [CNAP2 Launcher] - C:\Windows\system32\spool\DRIVERS\x64\3\CNAP2LAK.EXE [226784 2010-01-11] (CANON INC.)
HKLM-x32\...\Run: [uSB3MON] - C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291096 2011-12-05] (Intel Corporation)
HKLM-x32\...\Run: [LockKey] - C:\Program Files (x86)\LockKey\LockKey.exe [337776 2011-08-26] ( )
HKLM-x32\...\Run: [iAStorIcon] - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284440 2011-11-30] (Intel Corporation)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-22] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [intelligent Touchpad] - C:\Program Files\Lenovo\Intelligent Touchpad\TouchZone.exe [291272 2011-12-09] ()
HKLM-x32\...\Run: [YouCam Mirage] - C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe [136488 2011-01-29] (CyberLink)
HKLM-x32\...\Run: [YouCam Tray] - C:\Program Files (x86)\Lenovo\YouCam\YouCam.exe [228448 2011-01-29] (CyberLink Corp.)
HKLM-x32\...\Run: [updateP2GShortCut] - C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [222504 2010-07-27] (CyberLink Corp.)
HKLM-x32\...\Run: [VeriFaceManager] - C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe [329056 2012-03-29] (Lenovo)
HKLM-x32\...\Run: [updatePRCShortCut] - C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe [222504 2009-05-14] (CyberLink Corp.)
HKLM-x32\...\Run: [WinampAgent] - C:\Program Files (x86)\Winamp\winampa.exe [74752 2012-06-28] (Nullsoft, Inc.)
HKLM-x32\...\Run: [amd_dc_opt] - C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe [77824 2008-07-22] (AMD)
HKLM-x32\...\Run: [AvastUI.exe] - C:\Program Files\AVAST Software\Avast\AvastUI.exe [3767096 2014-01-26] (AVAST Software)
HKLM-x32\...\Run: [sunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [mobilegeni daemon] - C:\Program Files (x86)\Mobogenie\DaemonProcess.exe
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKCU\...\Run: [steam] - C:\Program Files (x86)\Steam\steam.exe [1815976 2014-01-28] (Valve Corporation)
HKCU\...\Run: [DownloadAccelerator] - C:\Program Files (x86)\DAP\DAP.EXE [3811544 2012-12-29] (Speedbit Ltd.)
HKCU\...\Run: [Google Update] - C:\Users\Joon Kiat\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2012-09-24] (Google Inc.)
HKCU\...\Run: [GoogleDriveSync] - C:\Program Files (x86)\Google\Drive\googledrivesync.exe [20203904 2013-12-06] (Google)
HKU\UpdatusUser\...\Run: [Power2GoExpress] - NA
AppInit_DLLs: C:\Windows\System32\nvinitx.dll,C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [246024 2012-12-29] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [201728 2012-12-29] (NVIDIA Corporation)
Lsa: [Notification Packages] scecli C:\Program Files\Lenovo\Bluetooth Software\BtwProximityCP.dll
Startup: C:\Users\Joon Kiat\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Joon Kiat\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://xin.msn.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x57EA3C2A7E1BCF01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-SG
HKLM\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com/
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com/
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
BHO: avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: TmBpIeBHO Class - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\Module\20002\7.1.1104\7.1.1104\TmBpIe64.dll No File
BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: TmBpIeBHO Class - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\Module\20002\7.1.1104\7.1.1104\TmBpIe32.dll No File
BHO-x32: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM - avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKLM-x32 - avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab
Handler: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\Module\20002\7.1.1104\7.1.1104\TmBpIe64.dll No File
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Handler-x32: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\Module\20002\7.1.1104\7.1.1104\TmBpIe32.dll No File
Tcpip\Parameters: [DhcpNameServer] 137.132.0.254 137.132.0.252

FireFox:
========
FF ProfilePath: C:\Users\Joon Kiat\AppData\Roaming\Mozilla\Firefox\Profiles\o608gk9v.default
FF DefaultSearchEngine: user_pref("browser.search.defaultenginename", "");
FF SelectedSearchEngine: user_pref("browser.search.selectedEngine", "");
FF Homepage: https://www.google.com.sg/
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_43.dll ()
FF Plugin: @java.com/DTPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_43.dll ()
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf - C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf - C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.52 - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.8 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.1 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @talk.google.com/GoogleTalkPlugin - C:\Users\Joon Kiat\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKCU: @talk.google.com/O1DPlugin - C:\Users\Joon Kiat\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF Plugin HKCU: @talk.google.com/O3DPlugin - C:\Users\Joon Kiat\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Joon Kiat\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Joon Kiat\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll (Nullsoft, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Joon Kiat\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Joon Kiat\AppData\Roaming\mozilla\plugins\npgtpo3dautoplugin.dll ()
FF Plugin ProgramFiles/Appdata: C:\Users\Joon Kiat\AppData\Roaming\mozilla\plugins\npo1d.dll (Google)
FF Extension: No Name - C:\Users\Joon Kiat\AppData\Roaming\Mozilla\Firefox\Profiles\o608gk9v.default\Extensions\trash [2014-01-27]
FF Extension: WOT - C:\Users\Joon Kiat\AppData\Roaming\Mozilla\Firefox\Profiles\o608gk9v.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2013-11-27]
FF Extension: NoScript - C:\Users\Joon Kiat\AppData\Roaming\Mozilla\Firefox\Profiles\o608gk9v.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2012-09-01]
FF Extension: Adblock Plus - C:\Users\Joon Kiat\AppData\Roaming\Mozilla\Firefox\Profiles\o608gk9v.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012-09-01]
FF HKLM-x32\...\Firefox\Extensions: [{38783831-6098-4faa-A9C9-1EE1E343F4D2}] - C:\Program Files\Trend Micro\AMSP\Module\20002\7.1.1104\7.1.1104\firefoxextension
FF HKLM-x32\...\Firefox\Extensions: [daplinkchecker@speedbit.com] - C:\Program Files (x86)\DAP\daplinkchecker
FF Extension: DAP Link Checker - C:\Program Files (x86)\DAP\daplinkchecker [2012-12-29]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2013-11-03]
FF HKCU\...\Firefox\Extensions: [{F17C1572-C9EC-4e5c-A542-D05CBB5C5A08}] - C:\Program Files (x86)\DAP\DAPFireFox
FF Extension: Download Accelerator Plus (DAP) extension - C:\Program Files (x86)\DAP\DAPFireFox [2012-12-29]

Chrome:
=======

CHR DefaultSearchKeyword: google.com.sg
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.89\PepperFlash\pepflashplayer.dll No File
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.76\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_265.dll No File
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.76\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.76\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
CHR Plugin: (Windows Live Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll No File
CHR Extension: (Google Drive) - C:\Users\Joon Kiat\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2012-10-05]
CHR Extension: (WOT) - C:\Users\Joon Kiat\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp [2012-10-09]
CHR Extension: (YouTube) - C:\Users\Joon Kiat\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-09-01]
CHR Extension: (DAP Link Checker) - C:\Users\Joon Kiat\AppData\Local\Google\Chrome\User Data\Default\Extensions\bodfdknjhecmadheclfjkhhiofeagdbh [2012-12-30]
CHR Extension: (Facebook) - C:\Users\Joon Kiat\AppData\Local\Google\Chrome\User Data\Default\Extensions\boeajhmfdjldchidhphikilcgdacljfm [2012-09-01]
CHR Extension: (Google+) - C:\Users\Joon Kiat\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlppkpafhbajpcmmoheippocdidnckmm [2012-10-05]
CHR Extension: (Google Calendar) - C:\Users\Joon Kiat\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn [2012-09-01]
CHR Extension: (101 Smart Goals) - C:\Users\Joon Kiat\AppData\Local\Google\Chrome\User Data\Default\Extensions\fbjcponjocgnggkadollnheobeipihfo [2013-10-26]
CHR Extension: (AdBlock) - C:\Users\Joon Kiat\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2012-09-01]
CHR Extension: (Dictionary by Dictionary.com) - C:\Users\Joon Kiat\AppData\Local\Google\Chrome\User Data\Default\Extensions\gikhgcaliglmioibbockkmjknfnepbdh [2012-09-12]
CHR Extension: (avast! Online Security) - C:\Users\Joon Kiat\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2013-11-03]
CHR Extension: (Lone Tree) - C:\Users\Joon Kiat\AppData\Local\Google\Chrome\User Data\Default\Extensions\hfmkllfplegemejikoabfpjdaoncphip [2013-09-20]
CHR Extension: (Dropbox) - C:\Users\Joon Kiat\AppData\Local\Google\Chrome\User Data\Default\Extensions\ioekoebejdcmnlefjiknokhhafglcjdl [2013-03-31]
CHR Extension: (Google Maps) - C:\Users\Joon Kiat\AppData\Local\Google\Chrome\User Data\Default\Extensions\lneaknkopdijkpnocmklfnjbeapigfbh [2012-10-05]
CHR Extension: (DotA 2 Match Ticker) - C:\Users\Joon Kiat\AppData\Local\Google\Chrome\User Data\Default\Extensions\nejdjlaibiicicciokonbbkecjleilon [2013-10-25]
CHR Extension: (Google Wallet) - C:\Users\Joon Kiat\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-02]
CHR Extension: (My Chrome Theme) - C:\Users\Joon Kiat\AppData\Local\Google\Chrome\User Data\Default\Extensions\oehpjpccmlcalbenfhnacjeocbjdonic [2012-10-05]
CHR Extension: (Gmail) - C:\Users\Joon Kiat\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-09-01]
CHR HKLM-x32\...\Chrome\Extension: [bodfdknjhecmadheclfjkhhiofeagdbh] - C:\Program Files (x86)\DAP\daplinkchecker.crx [2012-12-29]
CHR HKLM-x32\...\Chrome\Extension: [ffdcfjdljhbehggjdkdioajnknjcpbjb] - C:\Program Files (x86)\DAP\DAPChrome\DAPChrome6.crx [2012-12-29]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2013-11-03]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Services (Whitelisted) =================

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-01-26] (AVAST Software)
R2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [113704 2014-01-26] (AVAST Software)
R2 btwdins; C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe [1086752 2011-12-23] (Broadcom Corporation.)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [161560 2011-12-17] (Intel Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
S2 NSDSvc; C:\Windows\System32\NSDSvc.exe [120160 2011-12-24] (Lenovo)
R2 OfficeSvc; C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [1907896 2013-10-31] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [28184 2013-11-03] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [78648 2014-01-26] (AVAST Software)
R1 aswNdisFlt; C:\Windows\System32\DRIVERS\aswNdisFlt.sys [440672 2014-01-26] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [92544 2013-11-03] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2013-11-03] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1038072 2014-01-26] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [421704 2014-01-26] (AVAST Software)
S3 aswStm; C:\Windows\system32\drivers\aswStm.sys [80184 2014-01-26] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [207904 2014-01-08] ()
R3 bcbtums; C:\Windows\System32\drivers\bcbtums.sys [134696 2011-12-23] (Broadcom Corporation.)
R3 BTWDPAN; C:\Windows\System32\DRIVERS\btwdpan.sys [89640 2011-12-23] (Broadcom Corporation.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R0 NSD; C:\Windows\System32\drivers\nsd.sys [24160 2011-12-24] (Lenovo Corporation")
R1 Nsdfltr; C:\Windows\System32\drivers\Nsdfltr.sys [59488 2011-12-22] (Lenovo Corporation)
R3 rtsuvc; C:\Windows\System32\DRIVERS\rtsuvc.sys [8208488 2011-09-06] (Realtek Semiconductor Corp.)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [564824 2012-12-01] (Duplex Secure Ltd.)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
U3 BcmSqlStartupSvc;
U2 CLKMSVC10_3A60B698;
U2 CLKMSVC10_C3B3B687;
U2 DriverService;
U2 iATAgentService;
U2 idealife Update Service;
U3 IGRS;
U2 IviRegMgr;
U2 Oasis2Service;
U2 PCCarerService;
U2 ReadyComm.DirectRouter;
U2 RichVideo;
U2 RtLedService;
U2 SeaPort;
U2 SoftwareService;
U3 SQLWriter;

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-01-29 01:47 - 2014-01-29 01:47 - 00000000 ____D C:\FRST
2014-01-29 01:46 - 2014-01-29 01:46 - 00002915 _____ C:\Users\Joon Kiat\Desktop\JRT.txt
2014-01-29 01:25 - 2014-01-29 01:25 - 00001469 _____ C:\Users\Joon Kiat\Desktop\AdwCleaner[s0].txt
2014-01-29 01:21 - 2014-01-29 01:21 - 00012288 ___SH C:\Users\Joon Kiat\Thumbs.db
2014-01-29 01:16 - 2014-01-29 01:19 - 01060070 _____ C:\Users\Joon Kiat\Desktop\AdwCleaner.exe
2014-01-28 18:42 - 2014-01-29 01:23 - 00000000 ____D C:\AdwCleaner
2014-01-21 18:39 - 2014-01-21 18:39 - 00000000 ____D C:\Users\Public\Foxit Software
2014-01-21 18:35 - 2014-01-21 18:35 - 00002065 _____ C:\Users\Public\Desktop\Foxit Reader.lnk
2014-01-21 18:35 - 2014-01-21 18:35 - 00000000 ____D C:\Program Files (x86)\FOXIT SOFTWARE
2014-01-20 21:25 - 2014-01-29 01:34 - 00063029 _____ C:\FaceProv.log
2014-01-20 21:19 - 2014-01-20 21:19 - 00000000 ____D C:\Program Files\WinDjView
2014-01-20 18:00 - 2014-01-21 22:55 - 00011719 _____ C:\Users\Joon Kiat\Desktop\Sheares Production Front of House Schedule.xlsx
2014-01-18 22:14 - 2013-12-18 21:09 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-01-18 22:14 - 2013-12-18 21:04 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-01-18 22:14 - 2013-12-18 21:04 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-01-18 22:14 - 2013-12-18 21:03 - 00174504 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-01-18 22:13 - 2014-01-18 22:14 - 00005146 _____ C:\Windows\SysWOW64\jupdate-1.7.0_51-b13.log
2014-01-15 14:02 - 2014-01-28 20:24 - 00011429 _____ C:\Users\Joon Kiat\Desktop\Tshirt sizes.xlsx
2014-01-15 11:22 - 2013-11-27 09:41 - 00343040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2014-01-15 11:22 - 2013-11-27 09:41 - 00325120 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2014-01-15 11:22 - 2013-11-27 09:41 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2014-01-15 11:22 - 2013-11-27 09:41 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2014-01-15 11:22 - 2013-11-27 09:41 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2014-01-15 11:22 - 2013-11-27 09:41 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys
2014-01-15 11:22 - 2013-11-27 09:41 - 00007808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2014-01-15 11:22 - 2013-11-26 19:40 - 00376768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2014-01-15 11:22 - 2013-11-26 18:32 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-01-13 22:02 - 2014-01-13 22:02 - 00013918 _____ C:\Users\Joon Kiat\Desktop\IHG 1314 Contact List.xlsx
2014-01-13 00:53 - 2014-01-13 00:54 - 00004717 _____ C:\Windows\SysWOW64\jupdate-1.7.0_45-b18.log
2014-01-13 00:52 - 2014-01-18 22:14 - 00000000 ____D C:\ProgramData\Oracle
2014-01-13 00:52 - 2014-01-13 00:52 - 00312744 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-01-13 00:52 - 2014-01-13 00:52 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-01-13 00:52 - 2014-01-13 00:52 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-01-13 00:52 - 2014-01-13 00:52 - 00108968 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2014-01-13 00:52 - 2014-01-13 00:52 - 00000000 ____D C:\Program Files\Java
2014-01-08 18:12 - 2014-01-26 22:23 - 00080184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswstm.sys
2014-01-03 13:31 - 2014-01-03 13:31 - 00000000 ____D C:\Users\Joon Kiat\AppData\Local\Foxit Reader

==================== One Month Modified Files and Folders =======

2014-01-29 01:47 - 2014-01-29 01:47 - 00000000 ____D C:\FRST
2014-01-29 01:46 - 2014-01-29 01:46 - 00002915 _____ C:\Users\Joon Kiat\Desktop\JRT.txt
2014-01-29 01:37 - 2009-07-14 12:45 - 00032064 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-01-29 01:37 - 2009-07-14 12:45 - 00032064 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-01-29 01:36 - 2012-03-29 08:57 - 01807169 _____ C:\Windows\WindowsUpdate.log
2014-01-29 01:35 - 2012-10-01 00:53 - 00000924 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1795884077-2746576003-4273307639-1001UA.job
2014-01-29 01:34 - 2014-01-20 21:25 - 00063029 _____ C:\FaceProv.log
2014-01-29 01:32 - 2013-03-17 22:56 - 00000000 ____D C:\Users\Joon Kiat\AppData\Roaming\Dropbox
2014-01-29 01:32 - 2012-09-30 22:43 - 00000000 ____D C:\Users\Joon Kiat\Desktop\Sheares Production
2014-01-29 01:31 - 2013-03-17 22:59 - 00000000 ___RD C:\Users\Joon Kiat\Dropbox
2014-01-29 01:30 - 2013-10-31 23:52 - 00000000 ___RD C:\Users\Joon Kiat\Google Drive
2014-01-29 01:30 - 2012-12-29 17:22 - 00000000 ____D C:\Users\Joon Kiat\AppData\Roaming\EQATEC Analytics
2014-01-29 01:30 - 2012-09-01 18:23 - 00000000 ____D C:\Program Files (x86)\Steam
2014-01-29 01:30 - 2012-09-01 17:55 - 00000000 ___RD C:\Users\Joon Kiat\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-01-29 01:29 - 2012-03-29 09:40 - 00156056 _____ C:\Windows\system32\fastboot.set
2014-01-29 01:29 - 2012-03-29 09:39 - 00000908 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-01-29 01:29 - 2012-03-29 09:35 - 00000000 ____D C:\ProgramData\VeriFace
2014-01-29 01:28 - 2009-07-14 13:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2014-01-29 01:28 - 2009-07-14 12:51 - 00075902 _____ C:\Windows\setupact.log
2014-01-29 01:25 - 2014-01-29 01:25 - 00001469 _____ C:\Users\Joon Kiat\Desktop\AdwCleaner[s0].txt
2014-01-29 01:23 - 2014-01-28 18:42 - 00000000 ____D C:\AdwCleaner
2014-01-29 01:21 - 2014-01-29 01:21 - 00012288 ___SH C:\Users\Joon Kiat\Thumbs.db
2014-01-29 01:21 - 2012-09-01 17:52 - 00000000 ____D C:\Users\Joon Kiat
2014-01-29 01:20 - 2012-03-29 09:39 - 00000912 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-01-29 01:19 - 2014-01-29 01:16 - 01060070 _____ C:\Users\Joon Kiat\Desktop\AdwCleaner.exe
2014-01-29 01:15 - 2013-12-27 14:12 - 00000000 ____D C:\Users\Joon Kiat\Desktop\New folder
2014-01-29 01:15 - 2013-05-15 16:33 - 00000000 ____D C:\Users\Joon Kiat\Desktop\CV_Resume
2014-01-29 01:14 - 2012-09-01 20:16 - 00000000 ____D C:\Users\Joon Kiat\AppData\Roaming\vlc
2014-01-29 01:13 - 2013-11-03 01:52 - 00004182 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2014-01-28 20:27 - 2013-11-02 22:17 - 00000000 ____D C:\Users\Joon Kiat\Desktop\Literature
2014-01-28 20:27 - 2013-01-05 17:51 - 00000000 ____D C:\Users\Joon Kiat\Desktop\NUS
2014-01-28 20:24 - 2014-01-15 14:02 - 00011429 _____ C:\Users\Joon Kiat\Desktop\Tshirt sizes.xlsx
2014-01-28 17:59 - 2010-11-21 11:47 - 01501108 _____ C:\Windows\PFRO.log
2014-01-28 16:35 - 2012-10-01 00:53 - 00000872 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1795884077-2746576003-4273307639-1001Core.job
2014-01-28 13:08 - 2013-10-13 12:42 - 00000000 ____D C:\Users\Joon Kiat\AppData\Local\CrashDumps
2014-01-26 22:24 - 2013-11-03 01:53 - 00002043 _____ C:\Users\Public\Desktop\avast! SafeZone.lnk
2014-01-26 22:24 - 2013-11-03 01:53 - 00001983 _____ C:\Users\Public\Desktop\avast! Internet Security.lnk
2014-01-26 22:23 - 2014-01-08 18:12 - 00080184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswstm.sys
2014-01-26 22:23 - 2013-11-03 01:52 - 01038072 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2014-01-26 22:23 - 2013-11-03 01:52 - 00421704 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2014-01-26 22:23 - 2013-11-03 01:52 - 00078648 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-01-26 22:23 - 2013-11-03 01:51 - 00440672 _____ (AVAST Software) C:\Windows\system32\Drivers\aswNdisFlt.sys
2014-01-26 22:23 - 2013-11-03 01:51 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-01-26 22:23 - 2013-09-03 00:13 - 00334136 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-01-26 19:34 - 2012-09-01 17:17 - 00000000 ____D C:\Users\Joon Kiat\AppData\Roaming\Mozilla
2014-01-26 15:05 - 2009-07-14 13:13 - 00795320 _____ C:\Windows\system32\PerfStringBackup.INI
2014-01-22 21:39 - 2012-09-01 17:44 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-01-22 21:39 - 2012-09-01 17:44 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-01-21 22:55 - 2014-01-20 18:00 - 00011719 _____ C:\Users\Joon Kiat\Desktop\Sheares Production Front of House Schedule.xlsx
2014-01-21 18:39 - 2014-01-21 18:39 - 00000000 ____D C:\Users\Public\Foxit Software
2014-01-21 18:35 - 2014-01-21 18:35 - 00002065 _____ C:\Users\Public\Desktop\Foxit Reader.lnk
2014-01-21 18:35 - 2014-01-21 18:35 - 00000000 ____D C:\Program Files (x86)\FOXIT SOFTWARE
2014-01-21 18:35 - 2012-10-12 20:58 - 00000000 ____D C:\Users\Joon Kiat\AppData\Roaming\Foxit Software
2014-01-20 21:19 - 2014-01-20 21:19 - 00000000 ____D C:\Program Files\WinDjView
2014-01-19 22:04 - 2009-07-14 12:45 - 00364888 _____ C:\Windows\system32\FNTCACHE.DAT
2014-01-19 20:28 - 2013-01-02 01:32 - 00000000 ____D C:\Users\Joon Kiat\AppData\Local\Deployment
2014-01-19 20:28 - 2012-09-01 17:55 - 00076856 _____ C:\Users\Joon Kiat\AppData\Local\GDIPFONTCACHEV1.DAT
2014-01-19 16:12 - 2012-09-01 17:59 - 00000000 ____D C:\Users\Joon Kiat\Documents\Bluetooth Exchange Folder
2014-01-18 22:14 - 2014-01-18 22:13 - 00005146 _____ C:\Windows\SysWOW64\jupdate-1.7.0_51-b13.log
2014-01-18 22:14 - 2014-01-13 00:52 - 00000000 ____D C:\ProgramData\Oracle
2014-01-18 22:14 - 2013-09-03 02:31 - 00000000 ____D C:\Program Files (x86)\Java
2014-01-18 13:46 - 2013-03-17 22:59 - 00001044 _____ C:\Users\Joon Kiat\Desktop\Dropbox.lnk
2014-01-18 13:46 - 2013-03-17 22:57 - 00000000 ____D C:\Users\Joon Kiat\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-01-17 10:47 - 2012-03-29 09:39 - 00002194 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2014-01-17 01:13 - 2013-09-08 18:08 - 00000000 ____D C:\Program Files\Microsoft Office 15
2014-01-16 10:55 - 2013-08-16 09:07 - 00000000 ____D C:\Windows\system32\MRT
2014-01-16 10:52 - 2012-09-01 17:20 - 86054176 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-01-13 22:02 - 2014-01-13 22:02 - 00013918 _____ C:\Users\Joon Kiat\Desktop\IHG 1314 Contact List.xlsx
2014-01-13 00:54 - 2014-01-13 00:53 - 00004717 _____ C:\Windows\SysWOW64\jupdate-1.7.0_45-b18.log
2014-01-13 00:52 - 2014-01-13 00:52 - 00312744 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-01-13 00:52 - 2014-01-13 00:52 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-01-13 00:52 - 2014-01-13 00:52 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-01-13 00:52 - 2014-01-13 00:52 - 00108968 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2014-01-13 00:52 - 2014-01-13 00:52 - 00000000 ____D C:\Program Files\Java
2014-01-08 18:12 - 2013-11-03 01:52 - 00207904 _____ C:\Windows\system32\Drivers\aswVmm.sys
2014-01-08 10:53 - 2012-03-29 09:11 - 00000000 ____D C:\Windows\SysWOW64\NV
2014-01-08 10:53 - 2012-03-29 09:11 - 00000000 ____D C:\Windows\system32\NV
2014-01-08 10:53 - 2012-03-29 09:06 - 00000000 ____D C:\ProgramData\NVIDIA
2014-01-06 20:38 - 2009-07-14 13:09 - 00000000 ____D C:\Windows\System32\Tasks\WPD
2014-01-06 20:37 - 2012-09-01 17:17 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2014-01-05 16:08 - 2013-09-08 14:00 - 00001081 _____ C:\Users\Public\Desktop\VLC media player.lnk
2014-01-03 13:31 - 2014-01-03 13:31 - 00000000 ____D C:\Users\Joon Kiat\AppData\Local\Foxit Reader

Some content of TEMP:
====================
C:\Users\Joon Kiat\AppData\Local\Temp\BackupSetup.exe
C:\Users\Joon Kiat\AppData\Local\Temp\Checkupdate.exe
C:\Users\Joon Kiat\AppData\Local\Temp\Foxit Reader Updater.exe
C:\Users\Joon Kiat\AppData\Local\Temp\Foxit Updater.exe
C:\Users\Joon Kiat\AppData\Local\Temp\gcapi_dll.dll
C:\Users\Joon Kiat\AppData\Local\Temp\gtapi_signed.dll
C:\Users\Joon Kiat\AppData\Local\Temp\jre-7u11-windows-i586-iftw.exe
C:\Users\Joon Kiat\AppData\Local\Temp\jre-7u17-windows-i586-iftw.exe
C:\Users\Joon Kiat\AppData\Local\Temp\jre-7u21-windows-i586-iftw.exe
C:\Users\Joon Kiat\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe
C:\Users\Joon Kiat\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe
C:\Users\Joon Kiat\AppData\Local\Temp\OfficeSetup.exe
C:\Users\Joon Kiat\AppData\Local\Temp\vcredist_x64.exe
C:\Users\Joon Kiat\AppData\Local\Temp\vlc-2.0.4-win32.exe
C:\Users\Joon Kiat\AppData\Local\Temp\vlc-2.0.5-win32.exe
C:\Users\Joon Kiat\AppData\Local\Temp\vlc-2.0.7-win32.exe
C:\Users\Joon Kiat\AppData\Local\Temp\vlc-2.0.8-win32.exe
C:\Users\Joon Kiat\AppData\Local\Temp\vlc-2.1.1-win32.exe
C:\Users\Joon Kiat\AppData\Local\Temp\vlc-2.1.2-win32.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-01-19 14:01

==================== End Of Log ============================

 

______________________________________________________________

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 27-01-2014 02
Ran by Joon Kiat at 2014-01-29 01:47:42
Running from C:\Users\Joon Kiat\Desktop\Logs
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: avast! Internet Security (Disabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Internet Security (Disabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
FW: avast! Internet Security (Disabled) {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0}

==================== Installed Programs ======================

Adobe Flash Player 12 Plugin (x32 Version: 12.0.0.43 - Adobe Systems Incorporated)
Adobe Reader X (10.1.9) (x32 Version: 10.1.9 - Adobe Systems Incorporated)
Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver (x32 Version: 2.0.9.9 - Atheros Communications Inc.)
Atheros WLAN Client Installation Program (x32 Version: 7.0 - Atheros)
avast! Internet Security (x32 Version: 9.0.2013 - Avast Software)
Burnout Paradise: The Ultimate Box (x32 Version:  - Criterion Games)
Canon LBP6000/LBP6018 (Version:  - )
CloudReading (x32 Version: 1.1.47.1220 - Foxit Corporation)
Counter-Strike (x32 Version:  - Valve)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dead Space (x32 Version:  - EA Redwood Shores)
Dota 2 (x32 Version:  - )
Download Accelerator Plus (DAP) (x32 Version:  - )
Dropbox (HKCU Version: 2.4.11 - Dropbox, Inc.)
Dual-Core Optimizer (x32 Version: 1.1.4.0169 - AMD)
Energy Management (x32 Version: 7.0.3.2 - Lenovo)
Energy Management (x32 Version: 7.0.3.2 - Lenovo) Hidden
ERUNT 1.1j (x32 Version:  - Lars Hederer)
Foxit Reader (x32 Version: 6.1.2.1224 - Foxit Corporation)
Google Chrome (x32 Version: 32.0.1700.76 - Google Inc.)
Google Drive (x32 Version: 1.13.5782.599 - Google, Inc.)
Google Talk Plugin (x32 Version: 4.9.1.16010 - Google)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Toolbar for Internet Explorer (x32 Version: 7.5.4805.320 - Google Inc.)
Google Update Helper (x32 Version: 1.3.22.3 - Google Inc.) Hidden
IBM SPSS Statistics 20 (x32 Version: 20.0.0.0 - IBM Corp)
Intel® Control Center (x32 Version: 1.2.1.1007 - Intel Corporation)
Intel® Management Engine Components (x32 Version: 8.0.0.1351 - Intel Corporation)
Intel® OpenCL CPU Runtime (x32 Version:  - Intel Corporation)
Intel® Processor Graphics (x32 Version: 8.15.10.2598 - Intel Corporation)
Intel® Rapid Storage Technology (x32 Version: 11.0.0.1032 - Intel Corporation)
Intel® USB 3.0 eXtensible Host Controller Driver (x32 Version: 1.0.0.199 - Intel Corporation)
Intel® Trusted Connect Service Client (Version: 1.23.216.0 - Intel Corporation)
Intelligent Touchpad (x32 Version: 1.00.0108 - Lenovo)
Java 7 Update 45 (64-bit) (Version: 7.0.450 - Oracle)
Java 7 Update 51 (x32 Version: 7.0.510 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
JMicron Flash Media Controller Driver (x32 Version: 1.0.64.1 - JMicron Technology Corp.)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Left 4 Dead 2 (x32 Version:  - Valve)
Lenovo Bluetooth with Enhanced Data Rate Software (Version: 6.5.0.3500 - Broadcom Corporation)
Lenovo EasyCamera (x32 Version: 6.1.7600.117 - Realtek Semiconductor Corp.)
Lenovo EE Boot Optimizer (Version: 0.0.1.9 - Lenovo)
Lenovo OneKey Recovery (Version: 7.0.0.3212 - CyberLink Corp.) Hidden
Lenovo OneKey Recovery (x32 Version: 7.0.0.3212 - CyberLink Corp.)
Lenovo YouCam (x32 Version: 3.1.3728 - CyberLink Corp.)
Lenovo YouCam (x32 Version: 3.1.3728 - CyberLink Corp.) Hidden
LockKey (x32 Version: 1.38.1.2 - Lenovo)
LockKey (x32 Version: 1.38.1.2 - Lenovo) Hidden
Malwarebytes Anti-Malware version 1.75.0.1300 (x32 Version: 1.75.0.1300 - Malwarebytes Corporation)
Medal of Honor Single Player (x32 Version:  - Electronic Arts)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office Click-to-Run 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Click-to-Run 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Home and Student 2013 - en-us (Version: 15.0.4551.1512 - Microsoft Corporation)
Microsoft Silverlight (Version: 5.1.20913.0 - Microsoft Corporation)
Microsoft SkyDrive (HKCU Version: 16.4.6012.0828 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (x32 Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 26.0 (x86 en-US) (x32 Version: 26.0 - Mozilla)
Mozilla Maintenance Service (x32 Version: 26.0 - Mozilla)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
Nsd (x32 Version: 1.0.1.7 - Lenovo)
NUS (Unofficial) Timetable Builder (HKCU Version: 1.3.6.3 - NUS (Unofficial) Timetable Builder)
NVIDIA Control Panel 310.90 (Version: 310.90 - NVIDIA Corporation) Hidden
NVIDIA Graphics Driver 310.90 (Version: 310.90 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.95.599 - NVIDIA Corporation) Hidden
NVIDIA Optimus 1.11.3 (Version: 1.11.3 - NVIDIA Corporation) Hidden
NVIDIA PhysX (x32 Version: 9.12.1031 - NVIDIA Corporation) Hidden
NVIDIA PhysX System Software 9.12.1031 (Version: 9.12.1031 - NVIDIA Corporation)
NVIDIA Update 1.11.3 (Version: 1.11.3 - NVIDIA Corporation)
NVIDIA Update Components (Version: 1.11.3 - NVIDIA Corporation) Hidden
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4551.1512 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4551.1512 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4551.1512 - Microsoft Corporation) Hidden
Onekey Theater (x32 Version: 2.0.2.9 - Lenovo)
Onekey Theater (x32 Version: 2.0.2.9 - Lenovo) Hidden
Power2Go (x32 Version: 5.6.0.7303 - CyberLink Corp.)
Realtek High Definition Audio Driver (x32 Version: 6.0.1.6543 - Realtek Semiconductor Corp.)
SpywareBlaster 5.0 (x32 Version: 5.0.0 - BrightFort LLC)
Steam (x32 Version: 1.0.0.0 - Valve Corporation)
Synaptics Pointing Device Driver (Version: 15.3.38.0 - Synaptics Incorporated)
Team Fortress 2 (x32 Version:  - Valve)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (x32 Version: 3 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2836939) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2836939v3) (x32 Version: 3 - Microsoft Corporation)
UserGuide (x32 Version: 1.0.0.6 - Lenovo)
UserGuide (x32 Version: 1.0.0.6 - Lenovo) Hidden
VeriFace (x32 Version: 4.0.1.1230 - Lenovo)
VLC media player 2.1.2 (x32 Version: 2.1.2 - VideoLAN)
Winamp (x32 Version: 5.63  - Nullsoft, Inc)
Winamp Detector Plug-in (HKCU Version: 1.0.0.1 - Nullsoft, Inc)
WinDjView 2.0.2 (Version: 2.0.2 - Andrew Zhezherun)
Windows Driver Package - Lenovo (ACPIVPC) System  (12/15/2011 7.1.0.1) (Version: 12/15/2011 7.1.0.1 - Lenovo)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh ActiveX Control for Remote Connections (x32 Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Messenger (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live 影像中心 (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live 照片库 (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live 程式集 (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live 程式集 (x32 Version: 15.4.3508.1109 - Microsoft Corporation)
Windows Live 软件包 (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
WinRAR 4.20 (64-bit) (Version: 4.20.0 - win.rar GmbH)
用于远程连接的 Windows Live Mesh ActiveX 控件(简体中文) (x32 Version: 15.4.5722.2 - Microsoft Corporation)
適用遠端連線的 Windows Live Mesh ActiveX 控制項 (x32 Version: 15.4.5722.2 - Microsoft Corporation)

==================== Restore Points  =========================

18-01-2014 14:13:17 Installed Java 7 Update 51
22-01-2014 02:59:32 Windows Update
25-01-2014 03:02:25 Windows Update
26-01-2014 14:21:12 avast! antivirus system restore point
26-01-2014 14:24:11 Device Driver Package Install: Avast Network Service

==================== Hosts content: ==========================

2009-07-14 10:34 - 2013-01-05 09:53 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============

Task: {10B0848D-1C20-41AB-A3CB-3B957B38D942} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-01-26] (AVAST Software)
Task: {3908D0DB-E4F8-4A18-8249-D96600D7A865} - System32\Tasks\MirageAgent => C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe [2011-01-29] (CyberLink)
Task: {7C886721-0BDA-4C69-902C-0E6E8087AC55} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [2013-10-31] (Microsoft Corporation)
Task: {A12B7C44-FDD5-4D15-B795-9C37BDD635AD} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1795884077-2746576003-4273307639-1001Core => C:\Users\Joon Kiat\AppData\Local\Google\Update\GoogleUpdate.exe [2012-09-24] (Google Inc.)
Task: {BA3E35D9-85BE-4C0B-AD81-F3B041C36D94} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-03-29] (Google Inc.)
Task: {C5A66CC4-849E-4392-89A1-73EC14AA949A} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1795884077-2746576003-4273307639-1001UA => C:\Users\Joon Kiat\AppData\Local\Google\Update\GoogleUpdate.exe [2012-09-24] (Google Inc.)
Task: {F9F8E670-385B-4C64-B5C7-9EB4B3DF5E7E} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-03-29] (Google Inc.)
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1795884077-2746576003-4273307639-1001Core.job => C:\Users\Joon Kiat\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1795884077-2746576003-4273307639-1001UA.job => C:\Users\Joon Kiat\AppData\Local\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2011-06-03 04:58 - 2011-06-03 04:58 - 00201568 _____ () C:\Program Files (x86)\Lenovo\Onekey Theater\ActiveDetect64.dll
2011-06-03 04:59 - 2011-06-03 04:59 - 00156000 _____ () C:\Program Files (x86)\Lenovo\Onekey Theater\WindowsApiHookDll64.dll
2008-12-20 18:20 - 2012-03-29 09:40 - 00054088 _____ () C:\Program Files (x86)\Lenovo\Energy Management\HookLib.dll
2012-02-05 08:44 - 2012-03-29 09:40 - 01496920 _____ () C:\Program Files (x86)\Lenovo\Energy Management\EMWpfUI.dll
2008-12-20 18:20 - 2012-03-29 09:40 - 00054088 _____ () C:\Program Files (x86)\Lenovo\Energy Management\kbdhook.dll
2012-01-05 11:47 - 2011-12-16 06:34 - 00094208 _____ () C:\Windows\system32\IccLibDll_x64.dll
2014-01-17 01:12 - 2014-01-17 01:12 - 08866472 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2014-01-29 01:14 - 2014-01-29 00:44 - 02166272 _____ () C:\Program Files\AVAST Software\Avast\defs\14012801\algo.dll
2011-06-03 04:57 - 2011-06-03 04:57 - 00161120 _____ () C:\Program Files (x86)\Lenovo\Onekey Theater\ActiveDetect32.dll
2011-06-03 04:58 - 2011-06-03 04:58 - 00132448 _____ () C:\Program Files (x86)\Lenovo\Onekey Theater\WindowsApiHookDll32.dll
2012-03-29 09:35 - 2012-03-29 09:35 - 00013664 _____ () C:\Program Files (x86)\Lenovo\VeriFace\ChooseLang.dll
2013-11-03 01:51 - 2013-11-03 01:51 - 19336120 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2012-03-29 09:06 - 2011-12-24 23:19 - 00004096 _____ () C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll
2014-01-08 09:57 - 2013-12-13 06:19 - 00142848 _____ () C:\Program Files (x86)\Steam\libavresample-1.dll
2014-01-08 09:57 - 2013-11-05 09:12 - 00890592 _____ () C:\Program Files (x86)\Steam\libavutil-52.dll
2013-03-12 17:10 - 2014-01-11 07:33 - 00717312 _____ () C:\Program Files (x86)\Steam\SDL2.dll
2012-09-01 20:56 - 2014-01-28 03:02 - 01138088 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL
2012-09-01 20:56 - 2014-01-11 07:33 - 20625832 _____ () C:\Program Files (x86)\Steam\bin\libcef.dll
2012-09-01 20:56 - 2013-06-15 07:49 - 01100800 _____ () C:\Program Files (x86)\Steam\bin\avcodec-53.dll
2012-09-01 20:56 - 2013-06-15 07:49 - 00124416 _____ () C:\Program Files (x86)\Steam\bin\avutil-51.dll
2012-09-01 20:56 - 2013-06-15 07:49 - 00192000 _____ () C:\Program Files (x86)\Steam\bin\avformat-53.dll
2012-12-29 17:22 - 2012-12-29 17:22 - 00009216 _____ () C:\ProgramData\Speedbit\DAP\Plugins\AddonsCondition.dll
2012-12-29 17:22 - 2014-01-18 13:42 - 00011776 _____ () C:\ProgramData\Speedbit\DAP\Plugins\189AE673-13C1-4133-A470-8C4DDD1ACB8C\1.0.1.3_0\fivegiganet.dll
2012-12-29 17:22 - 2014-01-18 13:42 - 00010240 _____ () C:\ProgramData\Speedbit\DAP\Plugins\189AE673-13C1-4133-A470-8C4DDD1ACB8C\1.0.1.3_0\MegaUploadCom.dll
2012-12-29 17:22 - 2014-01-18 13:42 - 00012800 _____ () C:\ProgramData\Speedbit\DAP\Plugins\189AE673-13C1-4133-A470-8C4DDD1ACB8C\1.0.1.3_0\SpdFileCom.dll
2012-12-29 17:22 - 2014-01-18 13:42 - 00012800 _____ () C:\ProgramData\Speedbit\DAP\Plugins\189AE673-13C1-4133-A470-8C4DDD1ACB8C\1.0.1.3_0\XSevenTo.dll
2012-12-29 17:22 - 2014-01-18 13:42 - 00010752 _____ () C:\ProgramData\Speedbit\DAP\Plugins\189AE673-13C1-4133-A470-8C4DDD1ACB8C\1.0.1.3_0\zsharenet.dll
2013-10-19 07:55 - 2013-10-19 07:55 - 25100288 _____ () C:\Users\Joon Kiat\AppData\Roaming\Dropbox\bin\libcef.dll
2014-01-29 01:30 - 2014-01-29 01:30 - 00098816 _____ () C:\Users\Joon Kiat\AppData\Local\Temp\_MEI65282\win32api.pyd
2014-01-29 01:30 - 2014-01-29 01:30 - 00110080 _____ () C:\Users\Joon Kiat\AppData\Local\Temp\_MEI65282\PyWinTypes27.dll
2014-01-29 01:30 - 2014-01-29 01:30 - 00364544 _____ () C:\Users\Joon Kiat\AppData\Local\Temp\_MEI65282\pythoncom27.dll
2014-01-29 01:30 - 2014-01-29 01:30 - 00044032 _____ () C:\Users\Joon Kiat\AppData\Local\Temp\_MEI65282\_socket.pyd
2014-01-29 01:30 - 2014-01-29 01:30 - 01153024 _____ () C:\Users\Joon Kiat\AppData\Local\Temp\_MEI65282\_ssl.pyd
2014-01-29 01:30 - 2014-01-29 01:30 - 00320512 _____ () C:\Users\Joon Kiat\AppData\Local\Temp\_MEI65282\win32com.shell.shell.pyd
2014-01-29 01:30 - 2014-01-29 01:30 - 00711680 _____ () C:\Users\Joon Kiat\AppData\Local\Temp\_MEI65282\_hashlib.pyd
2014-01-29 01:30 - 2014-01-29 01:30 - 01175040 _____ () C:\Users\Joon Kiat\AppData\Local\Temp\_MEI65282\wx._core_.pyd
2014-01-29 01:30 - 2014-01-29 01:30 - 00805888 _____ () C:\Users\Joon Kiat\AppData\Local\Temp\_MEI65282\wx._gdi_.pyd
2014-01-29 01:30 - 2014-01-29 01:30 - 00811008 _____ () C:\Users\Joon Kiat\AppData\Local\Temp\_MEI65282\wx._windows_.pyd
2014-01-29 01:30 - 2014-01-29 01:30 - 01062400 _____ () C:\Users\Joon Kiat\AppData\Local\Temp\_MEI65282\wx._controls_.pyd
2014-01-29 01:30 - 2014-01-29 01:30 - 00735232 _____ () C:\Users\Joon Kiat\AppData\Local\Temp\_MEI65282\wx._misc_.pyd
2014-01-29 01:30 - 2014-01-29 01:30 - 00128512 _____ () C:\Users\Joon Kiat\AppData\Local\Temp\_MEI65282\_elementtree.pyd
2014-01-29 01:30 - 2014-01-29 01:30 - 00127488 _____ () C:\Users\Joon Kiat\AppData\Local\Temp\_MEI65282\pyexpat.pyd
2014-01-29 01:30 - 2014-01-29 01:30 - 00557056 _____ () C:\Users\Joon Kiat\AppData\Local\Temp\_MEI65282\pysqlite2._sqlite.pyd
2014-01-29 01:30 - 2014-01-29 01:30 - 00087040 _____ () C:\Users\Joon Kiat\AppData\Local\Temp\_MEI65282\_ctypes.pyd
2014-01-29 01:30 - 2014-01-29 01:30 - 00119808 _____ () C:\Users\Joon Kiat\AppData\Local\Temp\_MEI65282\win32file.pyd
2014-01-29 01:30 - 2014-01-29 01:30 - 00108544 _____ () C:\Users\Joon Kiat\AppData\Local\Temp\_MEI65282\win32security.pyd
2014-01-29 01:30 - 2014-01-29 01:30 - 00018432 _____ () C:\Users\Joon Kiat\AppData\Local\Temp\_MEI65282\win32event.pyd
2014-01-29 01:30 - 2014-01-29 01:30 - 00038912 _____ () C:\Users\Joon Kiat\AppData\Local\Temp\_MEI65282\win32inet.pyd
2014-01-29 01:30 - 2014-01-29 01:30 - 00122368 _____ () C:\Users\Joon Kiat\AppData\Local\Temp\_MEI65282\wx._wizard.pyd
2014-01-29 01:30 - 2014-01-29 01:30 - 00026624 _____ () C:\Users\Joon Kiat\AppData\Local\Temp\_MEI65282\_multiprocessing.pyd
2014-01-29 01:30 - 2014-01-29 01:30 - 00070656 _____ () C:\Users\Joon Kiat\AppData\Local\Temp\_MEI65282\wx._html2.pyd
2014-01-29 01:30 - 2014-01-29 01:30 - 00010240 _____ () C:\Users\Joon Kiat\AppData\Local\Temp\_MEI65282\select.pyd
2014-01-29 01:30 - 2014-01-29 01:30 - 00686080 _____ () C:\Users\Joon Kiat\AppData\Local\Temp\_MEI65282\unicodedata.pyd
2014-01-29 01:30 - 2014-01-29 01:30 - 00025600 _____ () C:\Users\Joon Kiat\AppData\Local\Temp\_MEI65282\win32pdh.pyd
2014-01-29 01:30 - 2014-01-29 01:30 - 00521680 _____ () C:\Users\Joon Kiat\AppData\Local\Temp\_MEI65282\windows._lib_cacheinvalidation.pyd
2014-01-29 01:30 - 2014-01-29 01:30 - 00011264 _____ () C:\Users\Joon Kiat\AppData\Local\Temp\_MEI65282\win32crypt.pyd
2014-01-29 01:30 - 2014-01-29 01:30 - 00024064 _____ () C:\Users\Joon Kiat\AppData\Local\Temp\_MEI65282\win32pipe.pyd
2014-01-29 01:30 - 2014-01-29 01:30 - 00035840 _____ () C:\Users\Joon Kiat\AppData\Local\Temp\_MEI65282\win32process.pyd
2014-01-29 01:30 - 2014-01-29 01:30 - 00017408 _____ () C:\Users\Joon Kiat\AppData\Local\Temp\_MEI65282\win32profile.pyd
2014-01-29 01:30 - 2014-01-29 01:30 - 00022528 _____ () C:\Users\Joon Kiat\AppData\Local\Temp\_MEI65282\win32ts.pyd
2013-08-16 19:31 - 2013-08-16 19:31 - 00172032 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\5dcd22545c6da7fd288acb6816d7b2ec\IsdiInterop.ni.dll
2012-03-29 09:12 - 2011-11-30 11:00 - 00059392 _____ () C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll
2012-03-29 09:13 - 2011-12-17 01:39 - 01198872 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll
2013-11-15 12:25 - 2013-11-15 13:01 - 00316584 _____ () C:\Program Files\Microsoft Office 15\Root\Office15\AppVIsvStream32.dll
2014-01-17 01:12 - 2014-01-17 01:12 - 00359592 _____ () C:\Program Files\Microsoft Office 15\Root\Office15\c2r32.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\ProgramData\Temp:56E2E879
AlternateDataStreams: C:\ProgramData\Temp:5C321E34

==================== Safe Mode (whitelisted) ===================


==================== Faulty Device Manager Devices =============

Name: avast! Firewall NDIS Filter Miniport
Description: avast! Firewall NDIS Filter Miniport
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: ALWIL Software
Service: aswNdis
Problem: : Windows cannot start this hardware device because its configuration information (in the registry) is incomplete or damaged. (Code 19)
Resolution: A registry problem was detected.
 This can occur when more than one service is defined for a device, if there is a failure opening the service subkey, or if the driver name cannot be obtained from the service subkey. Try these options:
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
Click "Uninstall", and then click "Scan for hardware changes" to load a usable driver.


==================== Event log errors: =========================

Application errors:
==================

System errors:
=============

Microsoft Office Sessions:
=========================

CodeIntegrity Errors:
===================================
  Date: 2014-01-28 21:26:19.937
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-01-28 21:26:19.774
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-01-28 21:21:26.582
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-01-28 21:21:26.456
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-01-28 21:20:36.044
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-01-28 21:20:35.924
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-01-28 19:00:41.243
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-01-28 19:00:41.135
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-01-28 18:59:59.881
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-01-28 18:59:59.763
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Percentage of memory in use: 32%
Total physical RAM: 8094.36 MB
Available physical RAM: 5451.89 MB
Total Pagefile: 16186.89 MB
Available Pagefile: 13232.85 MB
Total Virtual: 8192 MB
Available Virtual: 8191.81 MB

==================== Drives ================================

Drive c: (Windows7_OS) (Fixed) (Total:653.44 GB) (Free:388.72 GB) NTFS ==>[system with boot components (obtained from reading drive)]
Drive d: (LENOVO) (Fixed) (Total:25.47 GB) (Free:21.56 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 699 GB) (Disk ID: 8C2DE9D8)
Partition 1: (Active) - (Size=200 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=653 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=25 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=20 GB) - (Type=12)

==================== End Of Log ============================

[Infected Registry - Help - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|NextLive]

Sorry here is the MBAM log following removal, I have posted the wrong one earlier.

 

____________________________________

 

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2014.01.28.03

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.16476
Joon Kiat :: JOONKIAT-PC [administrator]

28/1/2014 4:11:53 PM
mbam-log-2014-01-28 (16-11-53).txt

Scan type: Full scan (C:\|D:\|Q:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 508555
Time elapsed: 1 hour(s), 27 minute(s), 45 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|NextLive (PUP.Optional.NextLive.A) -> Data: C:\Windows\SysWOW64\rundll32.exe "C:\Users\Joon Kiat\AppData\Roaming\newnext.me\nengine.dll",EntryPoint -m l -> Quarantined and deleted successfully.

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 2
D:\DTLite4461-0327.exe (PUP.Optional.OpenCandy) -> Quarantined and deleted successfully.
D:\winamp563_full_emusic-7plus_en-us.exe (PUP.Optional.OpenCandy) -> Quarantined and deleted successfully.

(end)
 

[Infected Registry - Help - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|NextLive]

Dear Kevin,

 

Thanks for replying. I have attached the MBAM and AdwCleaner logs below. For MBAM, I have already checked the 3 items and removed them. I am not sure which file/folders and registry items that AdwCleaner detected are safe for deleting, hence, do advise on this so that I can proceed with the next step. Thank you.

 

___________________________________

 

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2014.01.28.03

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.16476
Joon Kiat :: JOONKIAT-PC [administrator]

28/1/2014 4:11:53 PM
MBAM-log-2014-01-28 (17-58-13).txt

Scan type: Full scan (C:\|D:\|Q:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 508555
Time elapsed: 1 hour(s), 27 minute(s), 45 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|NextLive (PUP.Optional.NextLive.A) -> Data: C:\Windows\SysWOW64\rundll32.exe "C:\Users\Joon Kiat\AppData\Roaming\newnext.me\nengine.dll",EntryPoint -m l -> No action taken.

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 2
D:\DTLite4461-0327.exe (PUP.Optional.OpenCandy) -> No action taken.
D:\winamp563_full_emusic-7plus_en-us.exe (PUP.Optional.OpenCandy) -> No action taken.

(end)
 

 

___________________________________

 

AdwCleaner Log

 

# AdwCleaner v3.017 - Report created 28/01/2014 at 18:42:54
# Updated 12/01/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Joon Kiat - JOONKIAT-PC
# Running from : C:\Users\Joon Kiat\Desktop\adwcleaner.exe
# Option : Scan

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Found C:\Program Files (x86)\MyPC Backup
Folder Found C:\Users\Joon Kiat\AppData\Local\genienext
Folder Found C:\Users\Joon Kiat\AppData\Local\Mobogenie
Folder Found C:\Users\Joon Kiat\Documents\Mobogenie

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Found : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777}
Key Found : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Key Found : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\MobogenieAdd
Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [mobilegeni daemon]

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.16428


-\\ Mozilla Firefox v26.0 (en-US)

[ File : C:\Users\Joon Kiat\AppData\Roaming\Mozilla\Firefox\Profiles\o608gk9v.default\prefs.js ]


-\\ Google Chrome v32.0.1700.76

[ File : C:\Users\Joon Kiat\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [1571 octets] - [28/01/2014 18:42:54]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [1631 octets] ##########
 

[Infected Registry - Help - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|NextLive]

Dear Support Team,

 

The recent log of my MBAM scan showed the following results. Is there anyway that I can completely remove the following programs from my system? Thank you.

 

____________________________________________

 

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2014.01.24.06

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.16476
Joon Kiat :: JOONKIAT-PC [administrator]

27/1/2014 11:06:15 PM
MBAM-log-2014-01-27 (23-16-06).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 245652
Time elapsed: 6 minute(s), 46 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 1
C:\Users\Joon Kiat\AppData\Roaming\newnext.me\nengine.dll (PUP.Optional.NextLive.A) -> No action taken.

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|NextLive (PUP.Optional.NextLive.A) -> Data: C:\Windows\SysWOW64\rundll32.exe "C:\Users\Joon Kiat\AppData\Roaming\newnext.me\nengine.dll",EntryPoint -m l -> No action taken.

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 4
C:\Users\Joon Kiat\AppData\Roaming\newnext.me (PUP.Optional.NextLive.A) -> No action taken.
C:\Users\Joon Kiat\AppData\Roaming\newnext.me\cache (PUP.Optional.NextLive.A) -> No action taken.
C:\Users\Joon Kiat\AppData\Local\TNT2 (PUP.Optional.TidyNetwork.A) -> No action taken.
C:\Users\Joon Kiat\AppData\Local\TNT2\2.0.0.1702 (PUP.Optional.TidyNetwork.A) -> No action taken.

Files Detected: 20
C:\Users\Joon Kiat\AppData\Local\Temp\nsn113E.exe (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Users\Joon Kiat\AppData\Local\Temp\nsn192B.exe (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Users\Joon Kiat\AppData\Local\Temp\nsn583F.exe (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Users\Joon Kiat\AppData\Local\Temp\nss5071.exe (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Users\Joon Kiat\AppData\Local\Temp\nsx4315.exe (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Users\Joon Kiat\AppData\Local\Temp\nsx5BD8.exe (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Users\Joon Kiat\AppData\Local\Temp\nsx941.exe (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Users\Joon Kiat\AppData\Roaming\newnext.me\nengine.dll (PUP.Optional.NextLive.A) -> No action taken.
C:\Users\Joon Kiat\AppData\Roaming\newnext.me\nengine.cookie (PUP.Optional.NextLive.A) -> No action taken.
C:\Users\Joon Kiat\AppData\Roaming\newnext.me\cache\spark.bin (PUP.Optional.NextLive.A) -> No action taken.
C:\Users\Joon Kiat\AppData\Local\TNT2\2.0.0.1702\crx.tar (PUP.Optional.TidyNetwork.A) -> No action taken.
C:\Users\Joon Kiat\AppData\Local\TNT2\2.0.0.1702\GLOBALUNINSTALL.TNT (PUP.Optional.TidyNetwork.A) -> No action taken.
C:\Users\Joon Kiat\AppData\Local\TNT2\2.0.0.1702\INSTALL.TNT (PUP.Optional.TidyNetwork.A) -> No action taken.
C:\Users\Joon Kiat\AppData\Local\TNT2\2.0.0.1702\PARTNER.TNT (PUP.Optional.TidyNetwork.A) -> No action taken.
C:\Users\Joon Kiat\AppData\Local\TNT2\2.0.0.1702\pinnedSearch.htm (PUP.Optional.TidyNetwork.A) -> No action taken.
C:\Users\Joon Kiat\AppData\Local\TNT2\2.0.0.1702\pinnedSearch_FindWide.htm (PUP.Optional.TidyNetwork.A) -> No action taken.
C:\Users\Joon Kiat\AppData\Local\TNT2\2.0.0.1702\RemoteSkin.wms (PUP.Optional.TidyNetwork.A) -> No action taken.
C:\Users\Joon Kiat\AppData\Local\TNT2\2.0.0.1702\UNINSTALL.TNT (PUP.Optional.TidyNetwork.A) -> No action taken.
C:\Users\Joon Kiat\AppData\Local\TNT2\2.0.0.1702\UPDATE.TNT (PUP.Optional.TidyNetwork.A) -> No action taken.
C:\Users\Joon Kiat\AppData\Local\TNT2\2.0.0.1702\xpi.tar (PUP.Optional.TidyNetwork.A) -> No action taken.

(end)

 

I have checked all of the above items for removal except for the HKCU PUP as I am not sure if that is safe to delete. Upon reboot, a windows error message that says that it cannot detect the rundll for mobogenie appears. Hence, I believe that there are still traces of the PUP in my computer and I wish to completely remove them. How do I go about doing this? Thank you.

[Infected Registry - Help - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|NextLive]

Dear Support Team,

 

The recent log of my MBAM scan showed the following results. Is there anyway that I can completely remove the following programs from my system? Thank you.

 

____________________________________________

 

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2014.01.24.06

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.16476
Joon Kiat :: JOONKIAT-PC [administrator]

27/1/2014 11:06:15 PM
MBAM-log-2014-01-27 (23-16-06).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 245652
Time elapsed: 6 minute(s), 46 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 1
C:\Users\Joon Kiat\AppData\Roaming\newnext.me\nengine.dll (PUP.Optional.NextLive.A) -> No action taken.

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|NextLive (PUP.Optional.NextLive.A) -> Data: C:\Windows\SysWOW64\rundll32.exe "C:\Users\Joon Kiat\AppData\Roaming\newnext.me\nengine.dll",EntryPoint -m l -> No action taken.

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 4
C:\Users\Joon Kiat\AppData\Roaming\newnext.me (PUP.Optional.NextLive.A) -> No action taken.
C:\Users\Joon Kiat\AppData\Roaming\newnext.me\cache (PUP.Optional.NextLive.A) -> No action taken.
C:\Users\Joon Kiat\AppData\Local\TNT2 (PUP.Optional.TidyNetwork.A) -> No action taken.
C:\Users\Joon Kiat\AppData\Local\TNT2\2.0.0.1702 (PUP.Optional.TidyNetwork.A) -> No action taken.

Files Detected: 20
C:\Users\Joon Kiat\AppData\Local\Temp\nsn113E.exe (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Users\Joon Kiat\AppData\Local\Temp\nsn192B.exe (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Users\Joon Kiat\AppData\Local\Temp\nsn583F.exe (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Users\Joon Kiat\AppData\Local\Temp\nss5071.exe (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Users\Joon Kiat\AppData\Local\Temp\nsx4315.exe (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Users\Joon Kiat\AppData\Local\Temp\nsx5BD8.exe (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Users\Joon Kiat\AppData\Local\Temp\nsx941.exe (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Users\Joon Kiat\AppData\Roaming\newnext.me\nengine.dll (PUP.Optional.NextLive.A) -> No action taken.
C:\Users\Joon Kiat\AppData\Roaming\newnext.me\nengine.cookie (PUP.Optional.NextLive.A) -> No action taken.
C:\Users\Joon Kiat\AppData\Roaming\newnext.me\cache\spark.bin (PUP.Optional.NextLive.A) -> No action taken.
C:\Users\Joon Kiat\AppData\Local\TNT2\2.0.0.1702\crx.tar (PUP.Optional.TidyNetwork.A) -> No action taken.
C:\Users\Joon Kiat\AppData\Local\TNT2\2.0.0.1702\GLOBALUNINSTALL.TNT (PUP.Optional.TidyNetwork.A) -> No action taken.
C:\Users\Joon Kiat\AppData\Local\TNT2\2.0.0.1702\INSTALL.TNT (PUP.Optional.TidyNetwork.A) -> No action taken.
C:\Users\Joon Kiat\AppData\Local\TNT2\2.0.0.1702\PARTNER.TNT (PUP.Optional.TidyNetwork.A) -> No action taken.
C:\Users\Joon Kiat\AppData\Local\TNT2\2.0.0.1702\pinnedSearch.htm (PUP.Optional.TidyNetwork.A) -> No action taken.
C:\Users\Joon Kiat\AppData\Local\TNT2\2.0.0.1702\pinnedSearch_FindWide.htm (PUP.Optional.TidyNetwork.A) -> No action taken.
C:\Users\Joon Kiat\AppData\Local\TNT2\2.0.0.1702\RemoteSkin.wms (PUP.Optional.TidyNetwork.A) -> No action taken.
C:\Users\Joon Kiat\AppData\Local\TNT2\2.0.0.1702\UNINSTALL.TNT (PUP.Optional.TidyNetwork.A) -> No action taken.
C:\Users\Joon Kiat\AppData\Local\TNT2\2.0.0.1702\UPDATE.TNT (PUP.Optional.TidyNetwork.A) -> No action taken.
C:\Users\Joon Kiat\AppData\Local\TNT2\2.0.0.1702\xpi.tar (PUP.Optional.TidyNetwork.A) -> No action taken.

(end)
 

[IP Blocked Coreserviceshell.exe HELP!]

Hi Maurice,

Also could you elaborate further on what you mean by the bad guys are pinging. Is there anyway to stop this? Thanks.

[IP Blocked Coreserviceshell.exe HELP!]

Dear Maurice,

Thank you for your help. How long does one license last? Also, what features are disabled in the free version? Is there still IP blocking? So after I have cleared everything, I can wrap this up right.

[IP Blocked Coreserviceshell.exe HELP!]

System is running well now. The only infrequent IP blocks are get are the incoming ones from svchost.exe. I've yet to encounter any outgoing blocks from coreserviceshell.exe. What do I do from here? Thanks.

[IP Blocked Coreserviceshell.exe HELP!]

Malwarebytes Anti-Malware (Trial) 1.70.0.1100

www.malwarebytes.org

Database version: v2013.01.10.01

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 9.0.8112.16421

Joon Kiat :: JOONKIAT-PC [administrator]

Protection: Enabled

10/1/2013 12:33:31 PM

mbam-log-2013-01-10 (12-33-31).txt

Scan type: Full scan (C:\|D:\|Q:\|)

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 422570

Time elapsed: 1 hour(s), 3 minute(s), 22 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

[IP Blocked Coreserviceshell.exe HELP!]

aswMBR version 0.9.9.1707 Copyright© 2011 AVAST Software

Run date: 2013-01-08 13:43:22

-----------------------------

13:43:22.552 OS Version: Windows x64 6.1.7601 Service Pack 1

13:43:22.553 Number of processors: 8 586 0x3A09

13:43:22.554 ComputerName: JOONKIAT-PC UserName: Joon Kiat

13:43:23.773 Initialize success

13:43:48.394 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1

13:43:48.397 Disk 0 Vendor: WDC_WD75 03.0 Size: 715404MB BusType: 3

13:43:48.416 Disk 0 MBR read successfully

13:43:48.420 Disk 0 MBR scan

13:43:48.424 Disk 0 Windows 7 default MBR code

13:43:48.427 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 200 MB offset 2048

13:43:48.445 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 669122 MB offset 411648

13:43:48.481 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 26080 MB offset 1370773504

13:43:48.499 Disk 0 Partition 4 00 12 Compaq diag NTFS 20001 MB offset 1424185344

13:43:48.542 Disk 0 scanning C:\Windows\system32\drivers

13:43:53.979 Service scanning

13:44:15.064 Modules scanning

13:44:15.076 Scan finished successfully

13:44:28.921 Disk 0 MBR has been saved successfully to "C:\Users\Joon Kiat\Desktop\Cleanup\MBR.dat"

13:44:28.927 The log file has been saved successfully to "C:\Users\Joon Kiat\Desktop\Cleanup\aswMBR.txt"

[IP Blocked Coreserviceshell.exe HELP!]

I've yet to notice a significant change in the system's performance yet but I might over time. Here are the logs.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Thisisu

Version: 4.4.1 (01.06.2013:2)

OS: Windows 7 Home Premium x64

Ran by Joon Kiat on 08/01/2013 Tue at 13:34:11.86

Blog: http://thisisudax.blogspot.com

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

~~~ Registry Values

Successfully repaired: [Registry Value] hkey_current_user\software\microsoft\internet explorer\searchscopes\\DefaultScope

Successfully repaired: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\searchscopes\\DefaultScope

Successfully repaired: [Registry Value] hkey_users\.default\software\microsoft\internet explorer\searchscopes\\DefaultScope

Successfully repaired: [Registry Value] hkey_users\s-1-5-18\software\microsoft\internet explorer\searchscopes\\DefaultScope

Successfully repaired: [Registry Value] hkey_users\s-1-5-19\software\microsoft\internet explorer\searchscopes\\DefaultScope

Successfully repaired: [Registry Value] hkey_users\s-1-5-20\software\microsoft\internet explorer\searchscopes\\DefaultScope

Successfully repaired: [Registry Value] hkey_users\S-1-5-21-1795884077-2746576003-4273307639-1001\software\microsoft\internet explorer\searchscopes\\DefaultScope

~~~ Registry Keys

~~~ Files

Successfully deleted: [File] C:\eula.1028.txt

Successfully deleted: [File] C:\eula.1031.txt

Successfully deleted: [File] C:\eula.1033.txt

Successfully deleted: [File] C:\eula.1036.txt

Successfully deleted: [File] C:\eula.1040.txt

Successfully deleted: [File] C:\eula.1041.txt

Successfully deleted: [File] C:\eula.1042.txt

Successfully deleted: [File] C:\eula.2052.txt

Successfully deleted: [File] C:\install.res.1028.dll

Successfully deleted: [File] C:\install.res.1031.dll

Successfully deleted: [File] C:\install.res.1033.dll

Successfully deleted: [File] C:\install.res.1036.dll

Successfully deleted: [File] C:\install.res.1040.dll

Successfully deleted: [File] C:\install.res.1041.dll

Successfully deleted: [File] C:\install.res.1042.dll

Successfully deleted: [File] C:\install.res.2052.dll

Successfully deleted: [File] C:\install.res.3082.dll

~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\partner"

~~~ FireFox

Emptied folder: C:\Users\Joon Kiat\AppData\Roaming\mozilla\firefox\profiles\o608gk9v.default\minidumps [14 files]

~~~ Event Viewer Logs were cleared

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan was completed on 08/01/2013 Tue at 13:41:14.56

End of JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

[IP Blocked Coreserviceshell.exe HELP!]

2013/01/06 09:56:16 +0800 JOONKIAT-PC (null) MESSAGE Starting protection

2013/01/06 09:56:16 +0800 JOONKIAT-PC (null) MESSAGE Protection started successfully

2013/01/06 09:56:16 +0800 JOONKIAT-PC (null) MESSAGE Starting IP protection

2013/01/06 09:56:16 +0800 JOONKIAT-PC (null) MESSAGE IP Protection started successfully

2013/01/06 10:11:26 +0800 JOONKIAT-PC Joon Kiat MESSAGE Executing scheduled update: Daily

2013/01/06 10:11:34 +0800 JOONKIAT-PC Joon Kiat MESSAGE Scheduled update executed successfully: database updated from version v2013.01.04.07 to version v2013.01.06.01

2013/01/06 10:11:34 +0800 JOONKIAT-PC Joon Kiat MESSAGE Starting database refresh

2013/01/06 10:11:34 +0800 JOONKIAT-PC Joon Kiat MESSAGE Stopping IP protection

2013/01/06 10:11:35 +0800 JOONKIAT-PC Joon Kiat MESSAGE IP Protection stopped successfully

2013/01/06 10:11:36 +0800 JOONKIAT-PC Joon Kiat MESSAGE Database refreshed successfully

2013/01/06 10:11:36 +0800 JOONKIAT-PC Joon Kiat MESSAGE Starting IP protection

2013/01/06 10:11:37 +0800 JOONKIAT-PC Joon Kiat MESSAGE IP Protection started successfully

2013/01/06 10:18:33 +0800 JOONKIAT-PC Joon Kiat IP-BLOCK 59.106.65.145 (Type: outgoing, Port: 49591, Process: coreserviceshell.exe)

2013/01/06 10:18:33 +0800 JOONKIAT-PC Joon Kiat IP-BLOCK 59.106.65.145 (Type: outgoing, Port: 49644, Process: coreserviceshell.exe)

2013/01/06 10:18:33 +0800 JOONKIAT-PC Joon Kiat IP-BLOCK 59.106.65.145 (Type: outgoing, Port: 49646, Process: coreserviceshell.exe)

2013/01/06 10:24:02 +0800 JOONKIAT-PC Joon Kiat IP-BLOCK 91.205.43.85 (Type: outgoing, Port: 49940, Process: coreserviceshell.exe)

2013/01/06 10:24:02 +0800 JOONKIAT-PC Joon Kiat IP-BLOCK 91.205.43.85 (Type: outgoing, Port: 49942, Process: coreserviceshell.exe)

2013/01/06 22:39:11 +0800 JOONKIAT-PC (null) MESSAGE Starting protection

2013/01/06 22:39:11 +0800 JOONKIAT-PC (null) MESSAGE Protection started successfully

2013/01/06 22:39:11 +0800 JOONKIAT-PC (null) MESSAGE Starting IP protection

2013/01/06 22:39:12 +0800 JOONKIAT-PC (null) MESSAGE IP Protection started successfully

I can't remember what websites I was surfing but I know that they are random sites in the sense that I was basically clicking around and they are not the usual sites that I surf. When there is nothing running, the IP blocks do not come up when I leave it alone for 30mins - running firefox and chrome btw.

[IP Blocked Coreserviceshell.exe HELP!]

2013/01/05 00:20:28 +0800 JOONKIAT-PC Joon Kiat IP-BLOCK 222.186.52.44 (Type: incoming, Port: 1433, Process: svchost.exe)

2013/01/05 02:54:14 +0800 JOONKIAT-PC Joon Kiat MESSAGE Executing scheduled update: Daily

2013/01/05 02:54:25 +0800 JOONKIAT-PC Joon Kiat MESSAGE Scheduled update executed successfully: database updated from version v2013.01.03.05 to version v2013.01.04.07

2013/01/05 02:54:25 +0800 JOONKIAT-PC Joon Kiat MESSAGE Starting database refresh

2013/01/05 02:54:25 +0800 JOONKIAT-PC Joon Kiat MESSAGE Stopping IP protection

2013/01/05 02:54:25 +0800 JOONKIAT-PC Joon Kiat MESSAGE IP Protection stopped successfully

2013/01/05 02:54:27 +0800 JOONKIAT-PC Joon Kiat MESSAGE Database refreshed successfully

2013/01/05 02:54:27 +0800 JOONKIAT-PC Joon Kiat MESSAGE Starting IP protection

2013/01/05 02:54:27 +0800 JOONKIAT-PC Joon Kiat MESSAGE IP Protection started successfully

2013/01/05 09:36:06 +0800 JOONKIAT-PC Joon Kiat MESSAGE Stopping protection

2013/01/05 09:36:06 +0800 JOONKIAT-PC Joon Kiat MESSAGE Protection stopped successfully

2013/01/05 09:36:07 +0800 JOONKIAT-PC Joon Kiat MESSAGE Stopping IP protection

2013/01/05 09:36:07 +0800 JOONKIAT-PC Joon Kiat MESSAGE IP Protection stopped successfully

2013/01/05 09:58:24 +0800 JOONKIAT-PC Joon Kiat MESSAGE Starting protection

2013/01/05 09:58:24 +0800 JOONKIAT-PC Joon Kiat MESSAGE Protection started successfully

2013/01/05 09:58:24 +0800 JOONKIAT-PC Joon Kiat MESSAGE Starting IP protection

2013/01/05 09:58:25 +0800 JOONKIAT-PC Joon Kiat MESSAGE IP Protection started successfully

2013/01/05 09:59:42 +0800 JOONKIAT-PC Joon Kiat MESSAGE Stopping protection

2013/01/05 09:59:42 +0800 JOONKIAT-PC Joon Kiat MESSAGE Protection stopped successfully

2013/01/05 09:59:42 +0800 JOONKIAT-PC Joon Kiat MESSAGE Stopping IP protection

2013/01/05 09:59:42 +0800 JOONKIAT-PC Joon Kiat MESSAGE IP Protection stopped successfully

2013/01/05 09:59:42 +0800 JOONKIAT-PC Joon Kiat MESSAGE Protection stopped

2013/01/05 10:00:02 +0800 JOONKIAT-PC Joon Kiat MESSAGE Starting protection

2013/01/05 10:00:02 +0800 JOONKIAT-PC Joon Kiat MESSAGE Protection started successfully

2013/01/05 10:00:02 +0800 JOONKIAT-PC Joon Kiat MESSAGE Starting IP protection

2013/01/05 10:00:02 +0800 JOONKIAT-PC Joon Kiat MESSAGE IP Protection started successfully

2013/01/05 10:15:11 +0800 JOONKIAT-PC Joon Kiat IP-BLOCK 213.131.252.251 (Type: outgoing, Port: 50120, Process: coreserviceshell.exe)

2013/01/05 13:17:15 +0800 JOONKIAT-PC (null) MESSAGE Starting protection

2013/01/05 13:17:15 +0800 JOONKIAT-PC (null) MESSAGE Protection started successfully

2013/01/05 13:17:15 +0800 JOONKIAT-PC (null) MESSAGE Starting IP protection

2013/01/05 13:17:16 +0800 JOONKIAT-PC (null) MESSAGE IP Protection started successfully

2013/01/05 15:29:05 +0800 JOONKIAT-PC Joon Kiat IP-BLOCK 199.80.55.135 (Type: outgoing, Port: 52363, Process: coreserviceshell.exe)

2013/01/05 15:29:05 +0800 JOONKIAT-PC Joon Kiat IP-BLOCK 199.80.55.135 (Type: outgoing, Port: 52365, Process: coreserviceshell.exe)

2013/01/05 18:42:24 +0800 JOONKIAT-PC Joon Kiat IP-BLOCK 217.199.218.131 (Type: outgoing, Port: 56647, Process: coreserviceshell.exe)

2013/01/05 18:42:24 +0800 JOONKIAT-PC Joon Kiat IP-BLOCK 217.199.218.131 (Type: outgoing, Port: 56651, Process: coreserviceshell.exe)

2013/01/05 18:42:32 +0800 JOONKIAT-PC Joon Kiat IP-BLOCK 217.199.218.131 (Type: outgoing, Port: 56671, Process: coreserviceshell.exe)

2013/01/05 18:42:32 +0800 JOONKIAT-PC Joon Kiat IP-BLOCK 217.199.218.131 (Type: outgoing, Port: 56673, Process: coreserviceshell.exe)

2013/01/05 18:42:32 +0800 JOONKIAT-PC Joon Kiat IP-BLOCK 217.199.218.131 (Type: outgoing, Port: 56685, Process: coreserviceshell.exe)

2013/01/05 18:42:32 +0800 JOONKIAT-PC Joon Kiat IP-BLOCK 217.199.218.131 (Type: outgoing, Port: 56689, Process: coreserviceshell.exe)

[IP Blocked Coreserviceshell.exe HELP!]

Hi Maurice,

Thank you for answering my questions, you have been really nice and helpful. Thanks a bunch. So how do I proceed from here?

[IP Blocked Coreserviceshell.exe HELP!]

By the way, the outgoing IP blocks from coreserviceshell.exe are still occuring. Is still a concern? My guess is that it has something to with Trend Micro's security features working in conflict with MBAM which MBAM attempts to block? Thanks.

[IP Blocked Coreserviceshell.exe HELP!]

Hi Maurice,

I have already ran the combofix scan and the results are posted above. I have a few questions which I hope you can answer, thanks.

1. At the end of the scan, a log popped up and combofix did not prompt for any deletion or restart so I did a manual restart is the correct?

2. What do the results of the combofix scan show?

3. The system seems a little smoother now but I have yet to notice any obvious changes except for the fact that some system settings have been restored to default. Is this normal?

4. How's my PC now and are the IP blocks anything to be worried about?

5. If one day I should want to restore my HOSTS files back to the original windows ones, how do I go about doing it?

Sorry for the long string of question but I hope you can answer them.

[IP Blocked Coreserviceshell.exe HELP!]

ComboFix 13-01-03.05 - Joon Kiat 1/2013 Sat 9:47.1.8 - x64

Microsoft Windows 7 Home Premium 6.1.7601.1.949.82.1033.18.8094.5986 [GMT 8:00]

Running from: c:\users\Joon Kiat\Desktop\ComboFix.exe

AV: Trend Micro Titanium Internet Security 2012 *Disabled/Updated* {B7599298-8445-728A-A5C7-A26A082C8BDA}

SP: Trend Micro Titanium Internet Security 2012 *Disabled/Updated* {0C38737C-A27F-7D04-9F77-991873ABC167}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

* Created a new restore point

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

C:\Install.exe

c:\users\Joon Kiat\AppData\Roaming\RasWin

c:\users\Joon Kiat\AppData\Roaming\RasWin\RasWin.flg

D:\setup.exe

.

.

((((((((((((((((((((((((( Files Created from 2012-12-05 to 2013-01-05 )))))))))))))))))))))))))))))))

.

.

2013-01-03 10:15 . 2013-01-03 10:15 -------- d-----w- c:\program files (x86)\ESET

2013-01-02 12:03 . 2013-01-02 12:03 -------- d-----w- c:\program files (x86)\ERUNT

2013-01-01 17:32 . 2013-01-01 17:32 -------- d-----w- c:\users\Joon Kiat\AppData\Local\IsolatedStorage

2013-01-01 17:32 . 2013-01-04 07:16 -------- d-----w- c:\users\Joon Kiat\AppData\Local\Deployment

2013-01-01 17:32 . 2013-01-01 17:32 -------- d-----w- c:\users\Joon Kiat\AppData\Local\Apps

2012-12-30 02:33 . 2012-12-30 02:33 -------- d-----w- c:\users\Joon Kiat\AppData\Roaming\Malwarebytes

2012-12-30 02:32 . 2012-12-30 02:32 -------- d-----w- c:\programdata\Malwarebytes

2012-12-30 02:32 . 2012-12-30 02:32 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2012-12-30 02:32 . 2012-12-14 08:49 24176 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-12-30 02:32 . 2012-12-30 02:32 -------- d-----w- c:\users\Joon Kiat\AppData\Local\Programs

2012-12-29 09:22 . 2013-01-01 14:16 -------- d-----w- c:\users\Joon Kiat\AppData\Roaming\EQATEC Analytics

2012-12-29 09:21 . 2012-12-29 09:21 -------- d-----w- c:\programdata\SpeedBit

2012-12-29 09:21 . 2012-12-29 09:21 -------- d-----w- c:\program files (x86)\DAP

2012-12-29 09:21 . 2012-12-29 09:21 172032 ----a-w- c:\windows\SysWow64\AniGIF.ocx

2012-12-29 09:20 . 2012-12-29 09:20 -------- d-----w- c:\program files (x86)\Common Files\SpeedBit

2012-12-21 19:00 . 2012-12-16 17:11 46080 ----a-w- c:\windows\system32\atmlib.dll

2012-12-21 19:00 . 2012-12-16 14:13 34304 ----a-w- c:\windows\SysWow64\atmlib.dll

2012-12-21 19:00 . 2012-12-16 14:45 367616 ----a-w- c:\windows\system32\atmfd.dll

2012-12-21 19:00 . 2012-12-16 14:13 295424 ----a-w- c:\windows\SysWow64\atmfd.dll

2012-12-12 12:12 . 2012-11-09 05:45 2048 ----a-w- c:\windows\system32\tzres.dll

2012-12-12 12:11 . 2012-11-02 05:59 478208 ----a-w- c:\windows\system32\dpnet.dll

2012-12-12 12:11 . 2012-11-02 05:11 376832 ----a-w- c:\windows\SysWow64\dpnet.dll

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-12-13 04:42 . 2012-09-01 09:44 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2012-12-13 04:42 . 2012-09-01 09:44 697272 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2012-12-13 03:11 . 2012-09-01 09:20 67413224 ----a-w- c:\windows\system32\MRT.exe

2012-12-04 09:04 . 2012-12-04 09:04 90824 ----a-w- c:\windows\SysWow64\EasyHook32.dll

2012-12-01 09:25 . 2012-12-01 09:25 564824 ----a-w- c:\windows\system32\drivers\sptd.sys

2012-11-20 13:08 . 2012-11-20 13:08 95208 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll

2012-11-20 13:08 . 2012-11-20 13:08 821736 ----a-w- c:\windows\SysWow64\npDeployJava1.dll

2012-11-20 13:08 . 2012-11-20 13:08 746984 ----a-w- c:\windows\SysWow64\deployJava1.dll

2012-10-16 08:38 . 2012-11-28 01:59 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll

2012-10-16 08:38 . 2012-11-28 01:59 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll

2012-10-16 07:39 . 2012-11-28 01:59 561664 ----a-w- c:\windows\apppatch\AcLayers.dll

2012-10-09 18:17 . 2012-11-14 06:20 55296 ----a-w- c:\windows\system32\dhcpcsvc6.dll

2012-10-09 18:17 . 2012-11-14 06:20 226816 ----a-w- c:\windows\system32\dhcpcore6.dll

2012-10-09 17:40 . 2012-11-14 06:20 44032 ----a-w- c:\windows\SysWow64\dhcpcsvc6.dll

2012-10-09 17:40 . 2012-11-14 06:20 193536 ----a-w- c:\windows\SysWow64\dhcpcore6.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Steam"="c:\program files (x86)\Steam\Steam.exe" [2012-12-05 1354736]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]

"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2012-03-29 39408]

"DownloadAccelerator"="c:\program files (x86)\DAP\DAP.EXE" [2012-12-29 3811544]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"USB3MON"="c:\program files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2011-12-05 291096]

"LockKey"="c:\program files (x86)\LockKey\LockKey.exe" [2011-08-26 337776]

"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2011-11-30 284440]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]

"Intelligent Touchpad"="c:\program files\Lenovo\Intelligent Touchpad\TouchZone.exe" [2011-12-08 291272]

"YouCam Mirage"="c:\program files (x86)\Lenovo\YouCam\YCMMirage.exe" [2011-01-29 136488]

"YouCam Tray"="c:\program files (x86)\Lenovo\YouCam\YouCam.exe" [2011-01-29 228448]

"UpdateP2GShortCut"="c:\program files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe" [2010-07-26 222504]

"VeriFaceManager"="c:\program files (x86)\Lenovo\VeriFace\PManage.exe" [2012-03-29 329056]

"UpdatePRCShortCut"="c:\program files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe" [2009-05-13 222504]

"WinampAgent"="c:\program files (x86)\Winamp\winampa.exe" [2012-06-28 74752]

"amd_dc_opt"="c:\program files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]

.

c:\users\Joon Kiat\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

OpenOffice.org 3.4.1.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2012-8-13 1199104]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Bluetooth.lnk - c:\program files\Lenovo\Bluetooth Software\BTTray.exe [2011-12-23 1344288]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]

"LoadAppInit_DLLs"=1 (0x1)

"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]

"aux"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Notification Packages REG_MULTI_SZ scecli c:\program files\Lenovo\Bluetooth Software\BtwProximityCP.dll

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

@=""

.

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 NSDSvc;Fast boot service of lenovo;c:\windows\System32\NSDSvc.exe [2011-12-24 120160]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]

R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-09-01 1255736]

R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [2008-05-06 14464]

R3 wsvd;wsvd;c:\windows\system32\DRIVERS\wsvd.sys [2009-07-21 121840]

R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]

S0 fbfmon;fbfmon;c:\windows\system32\drivers\fbfmon.sys [2012-03-29 57952]

S0 iusb3hcs;Intel® USB 3.0 Host Controller Switch Driver;c:\windows\system32\DRIVERS\iusb3hcs.sys [2011-12-05 16152]

S0 LHDmgr;LHDmgr;c:\windows\System32\DRIVERS\LhdX64.sys [2012-03-29 39008]

S0 NSD;NSD;c:\windows\system32\drivers\nsd.sys [2011-12-24 24160]

S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys [2011-12-24 28992]

S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]

S1 BPntDrv;BPntDrv;c:\windows\system32\drivers\BPntDrv.sys [2012-03-29 13408]

S1 Nsdfltr;Nsdfltr;c:\windows\system32\drivers\Nsdfltr.sys [2011-12-22 59488]

S1 tmevtmgr;tmevtmgr;c:\windows\system32\DRIVERS\tmevtmgr.sys [2012-09-24 77184]

S2 Amsp;Trend Micro Solution Platform;c:\program files\Trend Micro\AMSP\coreServiceShell.exe coreFrameworkHost.exe [x]

S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]

S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-11-30 13592]

S2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe [2011-12-08 607456]

S2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [2011-12-16 161560]

S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-12-14 398184]

S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-12-14 682344]

S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]

S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-12-16 363800]

S3 ACPIVPC;Lenovo Virtual Power Controller Driver;c:\windows\system32\DRIVERS\AcpiVpc.sys [2012-03-29 30816]

S3 bcbtums;Bluetooth RAM Firmware Download USB Filter;c:\windows\system32\drivers\bcbtums.sys [2011-12-23 134696]

S3 btwampfl;btwampfl Bluetooth filter driver;c:\windows\system32\drivers\btwampfl.sys [2011-12-23 621096]

S3 BTWDPAN;Bluetooth Personal Area Network;c:\windows\system32\DRIVERS\btwdpan.sys [2011-12-23 89640]

S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2011-12-23 39976]

S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys [2011-01-29 31088]

S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2011-12-06 331264]

S3 iusb3hub;Intel® USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\iusb3hub.sys [2011-12-05 355096]

S3 iusb3xhc;Intel® USB 3.0 eXtensible Host Controller Driver;c:\windows\system32\DRIVERS\iusb3xhc.sys [2011-12-05 785688]

S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [2011-08-25 173656]

S3 L1C;NDIS Miniport Driver for Atheros AR81xx PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [2011-11-15 111216]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-12-14 24176]

S3 rtsuvc;Lenovo EasyCamera;c:\windows\system32\DRIVERS\rtsuvc.sys [2011-09-06 8208488]

S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264]

S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648]

S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960]

S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376]

S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]

S3 tmeevw;tmeevw;c:\windows\system32\DRIVERS\tmeevw.sys [2011-08-02 67344]

S3 tmnciesc;tmnciesc;c:\windows\system32\DRIVERS\tmnciesc.sys [2011-08-02 210704]

.

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - 84983101

*Deregistered* - 84983101

.

Contents of the 'Scheduled Tasks' folder

.

2013-01-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-03-29 01:39]

.

2013-01-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-03-29 01:39]

.

2013-01-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1795884077-2746576003-4273307639-1001Core.job

- c:\users\Joon Kiat\AppData\Local\Google\Update\GoogleUpdate.exe [2012-09-30 16:22]

.

2013-01-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1795884077-2746576003-4273307639-1001UA.job

- c:\users\Joon Kiat\AppData\Local\Google\Update\GoogleUpdate.exe [2012-09-30 16:22]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\VeriFace Enc]

@="{771C7324-DA80-49D3-8017-753B0AF60951}"

[HKEY_CLASSES_ROOT\CLSID\{771C7324-DA80-49D3-8017-753B0AF60951}]

2012-03-29 01:35 1508192 ----a-w- c:\windows\System32\IcnOvrly.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-12-28 170264]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-12-28 398104]

"Persistence"="c:\windows\system32\igfxpers.exe" [2011-12-28 440600]

"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-12-27 12343400]

"RtHDVBg_Dolby"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-11-15 1156712]

"OnekeyStudio"="c:\program files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe" [2012-03-29 789856]

"UpdatePRCShortCut"="c:\program files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe" [2009-05-13 222504]

"Energy Management"="c:\program files (x86)\Lenovo\Energy Management\Energy Management.exe" [2012-03-29 8076848]

"EnergyUtility"="c:\program files (x86)\Lenovo\Energy Management\Utility.exe" [2012-03-29 6199344]

"Lenovo EE Boot Optimizer"="c:\program files (x86)\Lenovo\Boot Optimizer\PopWnd.exe" [2012-03-29 206176]

"CNAP2 Launcher"="c:\windows\system32\spool\DRIVERS\x64\3\CNAP2LAK.EXE" [2010-01-11 226784]

"Trend Micro Titanium"="c:\program files\Trend Micro\Titanium\UIFramework\uiWinMgr.exe" [2012-09-08 1304824]

"Trend Micro Client Framework"="c:\program files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe" [2012-02-27 213824]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"AppInit_DLLs"=c:\windows\System32\nvinitx.dll

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.com/ig/redirectdomain?brand=LENN&bmod=LENN

uLocal Page = c:\windows\system32\blank.htm

mStart Page = hxxp://lenovo.msn.com

mLocal Page = c:\windows\SysWOW64\blank.htm

IE: &Download with &DAP - c:\program files (x86)\DAP\dapextie.htm

IE: &Verify with DAP - c:\program files (x86)\DAP\dapverify.htm

IE: Download &all with DAP - c:\program files (x86)\DAP\dapextie2.htm

IE: Send image to &Bluetooth Device... - c:\program files\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm

IE: Send page to &Bluetooth Device... - c:\program files\Lenovo\Bluetooth Software\btsendto_ie.htm

TCP: DhcpNameServer = 137.132.0.254 137.132.0.252

Name-Space Handler: ftp\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\program files (x86)\DAP\dapie.dll

Name-Space Handler: http\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\program files (x86)\DAP\dapie.dll

FF - ProfilePath - c:\users\Joon Kiat\AppData\Roaming\Mozilla\Firefox\Profiles\o608gk9v.default\

FF - prefs.js: browser.startup.homepage - hxxps://www.google.com.sg/

FF - ExtSQL: 2012-12-29 17:21; {F17C1572-C9EC-4e5c-A542-D05CBB5C5A08}; c:\program files (x86)\DAP\DAPFireFox

FF - ExtSQL: 2012-12-29 17:21; daplinkchecker@speedbit.com; c:\program files (x86)\DAP\daplinkchecker

.

.

------- File Associations -------

.

.scr=RasWin.Script

.

- - - - ORPHANS REMOVED - - - -

.

Toolbar-Locked - (no file)

Toolbar-Locked - (no file)

HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe

HKLM-Run-SynLenovoGestureMgr - c:\program files (x86)\Synaptics\SynTP\SynLenovoGestureMgr.exe

AddRemove-{9D15E813-0C26-41E7-ABC5-3EB06FF1B3CF} - c:\program files (x86)\InstallShield Installation Information\{9D15E813-0C26-41E7-ABC5-3EB06FF1B3CF}\setup.exe

.

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Completion time: 2013-01-05 09:55:51

ComboFix-quarantined-files.txt 2013-01-05 01:55

.

Pre-Run: 489,416,617,984 bytes free

Post-Run: 489,880,559,616 bytes free

.

- - End Of File - - E04BE8190494EC77C079FD0AA7B7B238

[IP Blocked Coreserviceshell.exe HELP!]

Hi Maurice,

Yes I have already run the ESET online scan and it says that there are no threats found. By the way are there any precautions that I should take note of when running combofix? I'm worried that I may accidentally erase the wrong files. Thanks.