Jump to content

pup.instalbrain and coupondropdown ads


Recommended Posts

Hi,

I recently experienced ads by this coupondropdown. Ads persists after removing using malwarebytes,though a second scan shows that the coupondropdown does not exist anymore.

Also discovered this PUP.installbrain. Appreciate your help.

 

Below the DDS.txt, Attach.txt and RougeKiller 64-bit log.

 

 

 

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64 

Internet Explorer: 10.0.9200.16635
Run by Ong Huan Yi at 1:00:37 on 2013-07-21
Microsoft Windows 7 Home Premium   6.1.7601.1.936.65.1033.18.8169.4089 [GMT 8:00]
.
AV: Trend Micro Titanium Internet Security *Disabled/Updated* {68F968AC-2AA0-091D-848C-803E83E35902}
SP: Trend Micro Titanium Internet Security *Disabled/Updated* {D3988948-0C9A-0693-BE3C-BB4CF86413BF}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Trend Micro Firewall Booster *Disabled* {50C2E989-60CF-0845-AFD3-290B7D301E79}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\FBAgent.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe
C:\Program Files (x86)\Seagate\SeagateManager\Sync\FreeAgentService.exe
C:\Windows\system32\dmwu.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Intel\TurboBoost\TurboBoost.exe
C:\Program Files\Web Assistant\ExtensionUpdaterService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\BlueStacks\HD-Service.exe
C:\Windows\system32\Dwm.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\BlueStacks\HD-Network.exe
C:\Windows\SysWOW64\jmdp\stij.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\BlueStacks\HD-BlockDevice.exe
C:\Program Files (x86)\BlueStacks\HD-SharedFolder.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\P4G\BatteryLife.exe
C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe
C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
C:\Windows\system32\taskeng.exe
C:\Windows\SysWOW64\ACEngSvr.exe
C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
C:\Program Files\Elantech\ETDCtrl.exe
C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
C:\Program Files\Elantech\ETDCtrlHelper.exe
C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\Samsung\Kies\Kies.exe
C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
C:\Users\Ong Huan Yi\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe
C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
C:\Program Files (x86)\BlueStacks\HD-Agent.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\AsScrPro.exe
C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Trend Micro\Titanium\TiMiniService.exe
C:\Program Files\Trend Micro\Titanium\TiResumeSrv.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\wuauclt.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uURLSearchHooks: SimilarSites: {FE69C007-C452-4d3e-86D2-1730DF8BC871} - C:\Program Files (x86)\SimilarSites\similarsites.dll
uURLSearchHooks: {7473b6bd-4691-4744-a82b-7854eb3d70b6} - <orphaned>
uURLSearchHooks: <No Name>:  - LocalServer32 - <no file>
mURLSearchHooks: <No Name>:  - LocalServer32 - <no file>
mURLSearchHooks: SimilarSites: {FE69C007-C452-4d3e-86D2-1730DF8BC871} - C:\Program Files (x86)\SimilarSites\similarsites.dll
mWinlogon: Userinit = userinit.exe,
BHO: TmIEPlugInBHO Class: {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\module\20004\1.5.1381\6.5.1234\TmIEPlg32.dll
BHO: Web Assistant: {336D0C35-8A85-403a-B9D2-65C292C39087} - C:\Program Files\Web Assistant\Extension32.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: CIESpeechBHO Class: {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: TmBpIeBHO Class: {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\module\20002\6.5.1234\6.5.1234\TmBpIe32.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - 
BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - 
TB: SimilarSites: {FE69C007-C452-4d3e-86D2-1730DF8BC871} - C:\Program Files (x86)\SimilarSites\similarsites.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
EB: SimilarSites: {FE69C007-C452-4d3e-86D2-1730DF8BC871} - C:\Program Files (x86)\SimilarSites\similarsites.dll
uRun: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [chromium] C:\Program Files (x86)\Google\Chrome\Application\chrome.exe --no-startup-window
uRun: [KiesPreload] C:\Program Files (x86)\Samsung\Kies\Kies.exe /preload
uRun: [KiesAirMessage] C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe -startup
uRun: [KiesPDLR] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
uRunOnce: [FlashPlayerUpdate] C:\Windows\System32\Macromed\Flash\FlashUtil64_11_5_502_149_ActiveX.exe -update activex
mRun: [Nuance PDF Reader-reminder] "C:\Program Files (x86)\Nuance\PDF Reader\Ereg\Ereg.exe" -r "C:\ProgramData\Nuance\PDF Reader\Ereg\Ereg.ini"
mRun: [ASUSPRP] "C:\Program Files (x86)\ASUS\APRP\APRP.EXE"
mRun: [ASUSWebStorage] C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.84.161\AsusWSPanel.exe /S
mRun: [sonicMasterTray] C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe
mRun: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
mRun: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
mRun: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
mRun: [Wireless Console 3] C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
mRun: [updateLBPShortCut] "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"
mRun: [updateP2GoShortCut] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
mRun: [MaxMenuMgr] "C:\Program Files (x86)\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe"
mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [HTC Sync Loader] "C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe" -startup
mRun: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
mRun: [blueStacks Agent] C:\Program Files (x86)\BlueStacks\HD-Agent.exe
StartupFolder: C:\Users\ONGHUA~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Ong Huan Yi\AppData\Roaming\Dropbox\bin\Dropbox.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\ASUSVI~1.LNK - C:\Program Files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\FANCYS~1.LNK - C:\Windows\Installer\{2B81872B-A054-48DA-BE3B-FA5C164C303A}\_C4A2FC3E3722966204FDD8.exe
uPolicies-Explorer: NoDriveAutoRun = dword:0
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll
IE: {7815BE26-237D-41A8-A98F-F7BD75F71086} - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
IE: {807DF5E0-4EF7-48a8-A405-239F3E29FFA9} - {FE69C007-C452-4d3e-86D2-1730DF8BC871} - C:\Program Files (x86)\SimilarSites\similarsites.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
TCP: NameServer = 192.168.1.254
TCP: Interfaces\{9B36DDA8-D01C-4875-A74B-2CAAD909043C} : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{9B36DDA8-D01C-4875-A74B-2CAAD909043C}\75962756C6563737043574 : DHCPNameServer = 165.21.83.88
TCP: Interfaces\{9B36DDA8-D01C-4875-A74B-2CAAD909043C}\8445340205F627471626C6560284F6473707F647 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{D70A623F-5E52-424C-81BE-8D8BA70B4E91} : DHCPNameServer = 192.168.42.129
TCP: Interfaces\{F4129D77-97E2-4B91-B5CB-A1DCE00ADDA5} : DHCPNameServer = 192.168.42.129
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\module\20002\6.5.1234\6.5.1234\TmBpIe32.dll
Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\module\20004\1.5.1381\6.5.1234\TmIEPlg32.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.72\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: TmIEPlugInBHO Class: {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\module\20004\1.5.1381\6.5.1234\TmIEPlg.dll
x64-BHO: Web Assistant: {336D0C35-8A85-403a-B9D2-65C292C39087} - C:\Program Files\Web Assistant\Extension64.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-BHO: TmBpIeBHO Class: {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\module\20002\6.5.1234\6.5.1234\TmBpIe64.dll
x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-Run: [VizorHtmlDialog.exe] "C:\Program Files\Trend Micro\Titanium\UIFramework\VizorHtmlDialog.exe" "DEF" "EULA" "C:\Program Files\Trend Micro\Titanium\UI\Installer.cmpt\resources\preinstall_01_welcome_trial.html" "DEF" "DEF" "DEF"
x64-Run: [Trend Micro Client Framework] "C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe"
x64-Run: [Trend Micro Titanium] C:\Program Files\Trend Micro\Titanium\VizorShortCut.exe -ReFlush "none" "none"
x64-Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /SF3 
x64-Run: [ETDCtrl] C:\Program Files (x86)\Elantech\ETDCtrl.exe
x64-Run: [AtherosBtStack] "C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe"
x64-Run: [AthBtTray] "C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe"
x64-Run: [intelTBRunOnce] wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs"
x64-Run: [setwallpaper] c:\programdata\SetWallpaper.cmd
x64-Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - <orphaned>
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\module\20002\6.5.1234\6.5.1234\TmBpIe64.dll
x64-Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\module\20004\1.5.1381\6.5.1234\TmIEPlg.dll
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R1 ATKWMIACPIIO;ATKWMIACPI Driver;C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [2011-5-26 17536]
R1 tmlwf;Trend Micro NDIS 6.0 Filter Driver;C:\Windows\System32\drivers\tmlwf.sys [2013-7-19 194640]
R2 AFBAgent;AFBAgent;C:\Windows\System32\FBAgent.exe [2011-8-23 379520]
R2 ASMMAP64;ASMMAP64;C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-7-3 15416]
R2 Atheros Bt&Wlan Coex Agent;Atheros Bt&Wlan Coex Agent;C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [2011-3-14 138400]
R2 AtherosSvc;AtherosSvc;C:\Program Files (x86)\Bluetooth Suite\AdminService.exe [2011-3-14 74912]
R2 BstHdAndroidSvc;BlueStacks Android Service;C:\Program Files (x86)\BlueStacks\HD-Service.exe [2013-5-13 393032]
R2 BstHdDrv;BlueStacks Hypervisor;C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [2013-5-13 70984]
R2 BstHdLogRotatorSvc;BlueStacks Log Rotator Service;C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [2013-5-13 384840]
R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624]
R2 FreeAgentGoNext Service;Seagate Service;C:\Program Files (x86)\Seagate\SeagateManager\Sync\FreeAgentService.exe [2009-5-1 181544]
R2 IBUpdaterService;IBUpdaterService;C:\Windows\System32\dmwu.exe [2012-9-13 1455408]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-7-19 418376]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-7-19 701512]
R2 PassThru Service;Internet Pass-Through Service;C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [2013-2-27 167424]
R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-6-5 378472]
R2 tmevtmgr;tmevtmgr;C:\Windows\System32\drivers\tmevtmgr.sys [2011-4-2 67664]
R2 tmwfp;Trend Micro WFP Callout Driver;C:\Windows\System32\drivers\tmwfp.sys [2013-7-19 339536]
R2 TurboB;Turbo Boost UI Monitor driver;C:\Windows\System32\drivers\TurboB.sys [2010-4-17 13832]
R2 TurboBoost;Intel® Turbo Boost Technology Monitor;C:\Program Files\Intel\TurboBoost\TurboBoost.exe [2010-4-17 134928]
R2 Web Assistant;Web Assistant;C:\Program Files\Web Assistant\ExtensionUpdaterService.exe [2012-9-13 188760]
R3 asmthub3;ASMedia USB3 Hub Service;C:\Windows\System32\drivers\asmthub3.sys [2011-6-3 128488]
R3 asmtxhci;ASMEDIA XHCI Service;C:\Windows\System32\drivers\asmtxhci.sys [2011-6-3 401896]
R3 BTATH_BUS;Atheros Bluetooth Bus;C:\Windows\System32\drivers\btath_bus.sys [2011-3-14 28832]
R3 ETD;ELAN PS/2 Port Input Device;C:\Windows\System32\drivers\ETD.sys [2011-7-11 142632]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2013-7-19 25928]
R3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\rtsuvstor.sys [2011-8-23 311400]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-8-23 413800]
R3 Sftfs;Sftfs;C:\Windows\System32\drivers\Sftfslh.sys [2011-10-1 764264]
R3 Sftplay;Sftplay;C:\Windows\System32\drivers\Sftplaylh.sys [2011-10-1 268648]
R3 Sftredir;Sftredir;C:\Windows\System32\drivers\Sftredirlh.sys [2011-10-1 25960]
R3 Sftvol;Sftvol;C:\Windows\System32\drivers\Sftvollh.sys [2011-10-1 22376]
R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496]
R3 TiMiniService;TiMiniService;C:\Program Files\Trend Micro\Titanium\TiMiniService.exe [2010-10-27 241488]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-1-8 161536]
S3 Amsp;Trend Micro Solution Platform;C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe [2011-4-2 267480]
S3 AthBTPort;Atheros Virtual Bluetooth Class;C:\Windows\System32\drivers\btath_flt.sys [2011-3-14 36000]
S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-3-2 183560]
S3 BTATH_A2DP;Bluetooth A2DP Audio Driver;C:\Windows\System32\drivers\btath_a2dp.sys [2011-3-14 298656]
S3 BTATH_HCRP;Bluetooth HCRP Server driver;C:\Windows\System32\drivers\btath_hcrp.sys [2011-3-14 201376]
S3 BTATH_LWFLT;Bluetooth LWFLT Device;C:\Windows\System32\drivers\btath_lwflt.sys [2011-3-14 55456]
S3 BTATH_RCP;Bluetooth AVRCP Device;C:\Windows\System32\drivers\btath_rcp.sys [2011-3-14 154272]
S3 BtFilter;BtFilter;C:\Windows\System32\drivers\btfilter.sys [2011-3-14 280224]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\Windows\System32\drivers\ssudbus.sys [2013-2-6 102936]
S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2012-7-18 48488]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2012-3-8 1492840]
S3 HTCAND64;HTC Device Driver;C:\Windows\System32\drivers\ANDROIDUSB.sys [2009-11-2 33736]
S3 htcnprot;HTC NDIS Protocol Driver;C:\Windows\System32\drivers\htcnprot.sys [2012-12-7 36928]
S3 hwusbfake;Huawei DataCard USB Fake;C:\Windows\System32\drivers\ewusbfake.sys [2011-12-8 116224]
S3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);C:\Windows\System32\drivers\L1C62x64.sys [2009-6-11 57344]
S3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;C:\Windows\System32\drivers\SiSG664.sys [2009-6-11 56832]
S3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);C:\Windows\System32\drivers\ssudmdm.sys [2013-2-6 203544]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-2-19 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2011-2-19 31232]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-9-5 1255736]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-23 57184]
.
=============== Created Last 30 ================
.
2013-07-20 14:22:45 76232 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{D577256A-49DE-47A3-8203-58700C074F3D}\offreg.dll
2013-07-20 04:43:19 9460976 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{D577256A-49DE-47A3-8203-58700C074F3D}\mpengine.dll
2013-07-19 07:12:23 -------- d-----w- C:\Users\Ong Huan Yi\AppData\Roaming\Malwarebytes
2013-07-19 07:12:06 -------- d-----w- C:\ProgramData\Malwarebytes
2013-07-19 07:12:04 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
2013-07-19 07:12:04 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-07-19 07:05:26 339536 ----a-w- C:\Windows\System32\drivers\tmwfp.sys
2013-07-19 07:05:26 194640 ----a-w- C:\Windows\System32\drivers\tmlwf.sys
2013-07-19 06:55:41 -------- d-----w- C:\Users\Ong Huan Yi\AppData\Local\{3D35FA79-9E60-420C-9AC5-F5C784460116}
2013-07-11 06:27:52 9216 ----a-w- C:\Program Files (x86)\Windows Defender\MpAsDesc.dll
2013-07-11 06:27:52 571904 ----a-w- C:\Program Files\Windows Defender\MpClient.dll
2013-07-11 06:27:52 54784 ----a-w- C:\Program Files (x86)\Windows Defender\MpOAV.dll
2013-07-11 06:27:52 4608 ----a-w- C:\Program Files (x86)\Windows Defender\MsMpLics.dll
2013-07-11 06:27:52 392704 ----a-w- C:\Program Files (x86)\Windows Defender\MpClient.dll
2013-07-11 06:27:52 314880 ----a-w- C:\Program Files\Windows Defender\MpCommu.dll
2013-07-11 06:27:52 1011712 ----a-w- C:\Program Files\Windows Defender\MpSvc.dll
2013-07-11 06:27:46 624128 ----a-w- C:\Windows\System32\qedit.dll
2013-07-11 06:27:46 509440 ----a-w- C:\Windows\SysWow64\qedit.dll
2013-07-11 06:27:40 1887744 ----a-w- C:\Windows\System32\WMVDECOD.DLL
2013-07-11 06:27:40 1620480 ----a-w- C:\Windows\SysWow64\WMVDECOD.DLL
2013-07-11 06:26:39 3153920 ----a-w- C:\Windows\System32\win32k.sys
2013-07-11 06:26:38 936448 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\ink\journal.dll
2013-07-11 06:26:38 1732608 ----a-w- C:\Program Files\Windows Journal\NBDoc.DLL
2013-07-11 06:26:38 1402880 ----a-w- C:\Program Files\Windows Journal\JNWDRV.dll
2013-07-11 06:26:38 1393152 ----a-w- C:\Program Files\Windows Journal\JNTFiltr.dll
2013-07-11 06:26:38 1367040 ----a-w- C:\Program Files\Common Files\Microsoft Shared\ink\journal.dll
2013-07-11 06:25:18 1643520 ----a-w- C:\Windows\System32\DWrite.dll
2013-07-11 06:25:18 1247744 ----a-w- C:\Windows\SysWow64\DWrite.dll
.
==================== Find3M  ====================
.
2013-07-20 13:00:33 45056 ----a-w- C:\Windows\System32\acovcnt.exe
2013-06-11 23:43:37 1767936 ----a-w- C:\Windows\SysWow64\wininet.dll
2013-06-11 23:43:00 2877440 ----a-w- C:\Windows\SysWow64\jscript9.dll
2013-06-11 23:42:58 61440 ----a-w- C:\Windows\SysWow64\iesetup.dll
2013-06-11 23:42:58 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll
2013-06-11 23:26:20 2241024 ----a-w- C:\Windows\System32\wininet.dll
2013-06-11 23:25:16 3958784 ----a-w- C:\Windows\System32\jscript9.dll
2013-06-11 23:25:13 67072 ----a-w- C:\Windows\System32\iesetup.dll
2013-06-11 23:25:13 136704 ----a-w- C:\Windows\System32\iesysprep.dll
2013-06-11 22:51:45 71680 ----a-w- C:\Windows\SysWow64\RegisterIEPKEYs.exe
2013-06-11 22:50:58 89600 ----a-w- C:\Windows\System32\RegisterIEPKEYs.exe
2013-06-07 03:22:18 2706432 ----a-w- C:\Windows\System32\mshtml.tlb
2013-06-07 02:37:52 2706432 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2013-05-13 05:51:01 184320 ----a-w- C:\Windows\System32\cryptsvc.dll
2013-05-13 05:51:00 1464320 ----a-w- C:\Windows\System32\crypt32.dll
2013-05-13 05:51:00 139776 ----a-w- C:\Windows\System32\cryptnet.dll
2013-05-13 05:50:40 52224 ----a-w- C:\Windows\System32\certenc.dll
2013-05-13 04:45:55 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll
2013-05-13 04:45:55 1160192 ----a-w- C:\Windows\SysWow64\crypt32.dll
2013-05-13 04:45:55 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll
2013-05-13 03:43:55 1192448 ----a-w- C:\Windows\System32\certutil.exe
2013-05-13 03:08:10 903168 ----a-w- C:\Windows\SysWow64\certutil.exe
2013-05-13 03:08:06 43008 ----a-w- C:\Windows\SysWow64\certenc.dll
2013-05-10 05:49:27 30720 ----a-w- C:\Windows\System32\cryptdlg.dll
2013-05-10 03:20:54 24576 ----a-w- C:\Windows\SysWow64\cryptdlg.dll
2013-05-08 06:39:01 1910632 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2013-05-01 18:06:08 278800 ------w- C:\Windows\System32\MpSigStub.exe
2013-04-26 05:51:36 751104 ----a-w- C:\Windows\System32\win32spl.dll
2013-04-26 04:55:21 492544 ----a-w- C:\Windows\SysWow64\win32spl.dll
2013-04-25 23:30:32 1505280 ----a-w- C:\Windows\SysWow64\d3d11.dll
.
============= FINISH:  1:00:57.57 ===============
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium 
Boot Device: \Device\HarddiskVolume2
Install Date: 3/9/2011 11:18:09 AM
System Uptime: 20/7/2013 8:59:56 PM (5 hours ago)
.
Motherboard: ASUSTeK Computer Inc. |  | K43SV
Processor: Intel® Core i7-2630QM CPU @ 2.00GHz | CPU 1 | 2001/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 259 GiB total, 161.485 GiB free.
D: is FIXED (NTFS) - 312 GiB total, 310.576 GiB free.
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP182: 25/6/2013 8:31:10 PM - Windows Update
RP183: 28/6/2013 8:34:55 PM - Windows Update
RP184: 3/7/2013 12:18:51 PM - Windows Update
RP185: 9/7/2013 2:54:36 PM - Windows Update
RP186: 11/7/2013 3:16:00 PM - Windows Update
RP187: 15/7/2013 3:44:12 PM - Windows Update
RP188: 19/7/2013 2:59:02 PM - 删除了 用于远程连接的 Windows Live Mesh ActiveX 控件(简体中文)
RP191: 19/7/2013 3:00:45 PM - 已移除 適用遠端連線的 Windows Live Mesh ActiveX 控制項
RP192: 19/7/2013 3:01:30 PM - Quitado Control ActiveX de Windows Live Mesh para conexiones remotas
RP193: 19/7/2013 3:02:01 PM - Removed Windows Live Mesh ActiveX Control for Remote Connections
RP194: 20/7/2013 12:42:23 PM - Windows Update
.
==== Installed Programs ======================
.
 Update for Microsoft Office 2007 (KB2508958)
7-Zip 9.22beta
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
AhnLab Online Security
Asmedia ASM104x USB 3.0 Host Controller Driver
ASUS AI Recovery
ASUS FancyStart
ASUS K3 Series ScreenSaver
ASUS LifeFrame3
ASUS Live Update
ASUS Power4Gear Hybrid
ASUS SmartLogon
ASUS Splendid Video Enhancement Technology
ASUS Virtual Camera
ASUS WebStorage
AsusVibe2.0
Atheros Client Installation Program
ATK Package
Bing Bar
BlueStacks App Player
BlueStacks Notification Center
Bluetooth Win7 Suite (64)
Canon MP Navigator 2.0
Canon MP450
Carbon
CyberLink LabelPrint
CyberLink Power2Go
D3DX10
Dropbox
ETDWare PS/2-X64 8.0.5.3_WHQL
Fast Boot
Galeria de Fotografias do Windows Live
Galería fotográfica de Windows Live
Galerie de photos Windows Live
Google Chrome
Google Toolbar for Internet Explorer
Google Update Helper
Hotfix for Microsoft .NET Framework 4 Client Profile (KB2461678)
HTC BMP USB Driver
HTC Driver Installer
HTC Sync
IB Updater Service
Intel® Turbo Boost Technology Monitor
IPTInstaller
Java Auto Updater
Java 6 Update 37
Junk Mail filter update
Malwarebytes Anti-Malware version 1.75.0.1300
MapleStorySEA version v1.06
Mesh Runtime
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office 2010
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Click-to-Run 2010
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office Office 64-bit Components 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared 64-bit MUI (English) 2007
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Starter 2010 - English
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Mobile Broadband Modem
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP3 Parser (KB2758694)
Nuance PDF Reader
NVIDIA 3D Vision Driver 268.83
NVIDIA Control Panel 268.83
NVIDIA Graphics Driver 268.83
NVIDIA HD Audio Driver 1.2.23.3
NVIDIA Install Application
NVIDIA Stereoscopic 3D Driver
Realtek Ethernet Controller Driver
Realtek High Definition Audio Driver
Realtek USB 2.0 Reader Driver
Remote Access Viewer Ver 4.5.1
Samsung Kies
SAMSUNG USB Driver for Mobile Phones
Seagate Manager Installer
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628)
Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687309) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2687311) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2687439) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2687499) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2760416) 32-Bit Edition 
Security Update for Microsoft Office Excel 2007 (KB2687307) 32-Bit Edition 
Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition 
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2597971) 32-Bit Edition 
Security Update for Microsoft Office Word 2007 (KB2760421) 32-Bit Edition 
SimilarSites
Skype? 6.1
Sonic Focus
syncables desktop SE
Trend Micro Titanium Internet Security
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596802) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2817563) 32-Bit Edition
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
VLC media player 2.0.6
Web Assistant 2.0.0.572
Windows Live
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Language Selector
Windows Live Mail
Windows Live Mesh
Windows Live Messenger
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Remote Client
Windows Live Remote Client Resources
Windows Live Remote Service
Windows Live Remote Service Resources
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Windows Live 影像中心
Windows Live 照片库
Windows Live 程式集
Windows Live 软件包
Windows Media Player Firefox Plugin
WinFlash
Wireless Console 3
.
==== Event Viewer Messages From Past Week ========
.
21/7/2013 12:09:31 AM, Error: Disk [11]  - The driver detected a controller error on \Device\Harddisk1\DR4.
19/7/2013 10:26:06 AM, Error: BTHUSB [17]  - The local Bluetooth adapter has failed in an undetermined manner and will not be used. The driver has been unloaded.
18/7/2013 7:26:26 PM, Error: Service Control Manager [7023]  - The BlueStacks Android Service service terminated with the following error:  An exception occurred in the service when handling the control request.
18/7/2013 2:30:12 PM, Error: Disk [11]  - The driver detected a controller error on \Device\Harddisk1\DR1.
18/7/2013 10:36:23 PM, Error: Disk [11]  - The driver detected a controller error on \Device\Harddisk1\DR7.
18/7/2013 10:35:57 PM, Error: Disk [11]  - The driver detected a controller error on \Device\Harddisk1\DR3.
18/7/2013 10:35:53 PM, Error: Disk [11]  - The driver detected a controller error on \Device\Harddisk1\DR2.
.
==== End Of File ===========================
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
RogueKiller V8.6.3 _x64_ [Jul 17 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
 
Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Ong Huan Yi [Admin rights]
Mode : Scan -- Date : 07/21/2013 01:11:02
| ARK || FAK || MBR |
 
¤¤¤ Bad processes : 1 ¤¤¤
[sERVICE] IBUpdaterService -- C:\Windows\System32\dmwu.exe [x] -> ERROR [1052]
 
¤¤¤ Registry Entries : 5 ¤¤¤
[sERVICE][bLVALUE] HKLM\[...]\CCSet\[...]\Services : IBUpdaterService (C:\Windows\System32\dmwu.exe [7]) -> FOUND
[sERVICE][bLVALUE] HKLM\[...]\CS001\[...]\Services : IBUpdaterService (C:\Windows\System32\dmwu.exe [7]) -> FOUND
[sERVICE][bLVALUE] HKLM\[...]\CS002\[...]\Services : IBUpdaterService (C:\Windows\System32\dmwu.exe [7]) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
 
¤¤¤ Scheduled tasks : 0 ¤¤¤
 
¤¤¤ Startup Entries : 0 ¤¤¤
 
¤¤¤ Web browsers : 0 ¤¤¤
 
¤¤¤ Particular Files / Folders: ¤¤¤
 
¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤
 
¤¤¤ External Hives: ¤¤¤
 
¤¤¤ Infection :  ¤¤¤
 
¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts
 
 
 
 
¤¤¤ MBR Check: ¤¤¤
 
+++++ PhysicalDrive0: Hitachi HTS547564A9E384 +++++
--- User ---
[MBR] 393469542cb348f26f9a89bcd8736cc6
[bSP] 2df4e4393ef6efc24351e5bc0934916b : Windows 7/8 MBR Code
Partition table:
0 - [XXXXXX] FAT32-LBA (0x1c) [HIDDEN!] Offset (sectors): 2048 | Size: 25600 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 52430848 | Size: 265395 Mo
2 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 595959808 | Size: 319484 Mo
User = LL1 ... OK!
User = LL2 ... OK!
 
Finished : << RKreport[0]_S_07212013_011102.txt >>
 
 
Link to post
Share on other sites

Hello brownhy and :welcome:! My name is Borislav and I will be glad to help you solve your malware problem.

Please note:

  • If you are a paying customer, you have the privilege to contact the help desk at Consumer Support. If you choose this option to get help, please let me know.
  • I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
  • Make sure you read all of the instructions and fixes thoroughly before continuing with them.
  • Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
  • Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.
  • Do not perform any kind of scanning and fixing without my instructions. If you want to proceed on your own, please let me know.
Step 1

Please uninstall this application: SimilarSites

Step 2

Please download Junkware Removal Tool to your desktop.

  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select Run as Administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
Step 3

Please download AdwCleaner by Xplode onto your desktop.

  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[s1].txt as well.
Step 4
  • Launch Malwarebytes' Anti-Malware
  • Go to Update tab and select Check for Updates. If an update is found, it will download and install the latest version.
  • Go to Scanner tab and select Perform Quick Scan, then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer,please do so immediately.

In your next reply, post the following log files:

  • Junkware Removal Tool log
  • AdwCleaner log
  • Malwarebytes' Anti-Malware log
  • a new fresh DDS log
Link to post
Share on other sites

Hi Borislav,

Just for info, the computer was not responding when I first run the AdwCleaner and I had to do a cold restart. Upon restart, I ran the program again and it works. I am inserting both logs from both sessions of AdwCleaner.

See below for the logs requested.

 

 

 

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 5.1.6 (07.17.2013:4)
OS: Windows 7 Home Premium x64
Ran by Ong Huan Yi on 21/07/2013 Sun at  1:36:00.29
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
Failed to stop: [service] ibupdaterservice 
 
 
 
~~~ Registry Values
 
Successfully deleted: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\New Windows\Allow\\*.crossrider.com
Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\New Windows\Allow\\*.crossrider.com
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\\DisplayName
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\\URL
 
 
 
~~~ Registry Keys
 
Successfully deleted: [Registry Key] "HKEY_CURRENT_USER\Software\Microsoft\internet explorer\internetregistry\registry\user\S-1-5-21-3289639598-2459867880-2544685933-1000\software\web assistant"
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\appid\extension.dll
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\appid\secman.dll
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\appid\{4d076ab4-7562-427a-b5d2-bd96e19dee56}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\appid\{bdb69379-802f-4eaf-b541-f8de92dd98db}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\clsid\{2eecd738-5844-4a99-b4b6-146bf802613b}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\clsid\{3c471948-f874-49f5-b338-4f214a2ee0b1}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\clsid\{66eef543-a9ac-4a9d-aa3c-1ed148ac8eee}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\clsid\{826d7151-8d99-434b-8540-082b8c2ae556}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\clsid\{e46c8196-b634-44a1-af6e-957c64278ab1}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\interface\{66eef543-a9ac-4a9d-aa3c-1ed148ac8eee}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\typelib\{11549fe4-7c5a-4c17-9fc3-56fc5162a994}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\babylon
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\conduit
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\conduit
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\cr_installer
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\freeze.com
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\im
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\iminstaller
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\softonic
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\web assistant
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\wnlt
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\conduit
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\conduitsearchscopes
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\crossrider
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\smartbar
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\windows\currentversion\ext\settings\{2eecd738-5844-4a99-b4b6-146bf802613b}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\windows\currentversion\ext\settings\{97f2ff5b-260c-4ccf-834a-2dda4e29e39e}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\windows\currentversion\ext\stats\{2eecd738-5844-4a99-b4b6-146bf802613b}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\bbylntlbr.bbylntlbrhlpr
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\bbylntlbr.bbylntlbrhlpr.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\extension.extensionhelperobject
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\extension.extensionhelperobject.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\prod.cap
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\apnstub_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\apnstub_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\askpartnercobrandingtool_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\askpartnercobrandingtool_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\i want this_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\i want this_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\incredibar_install_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\incredibar_install_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\incredibartoolbar_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\incredibartoolbar_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\mybabylontb_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\mybabylontb_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\classes\Toolbar.CT3220468
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{336D0C35-8A85-403A-B9D2-65C292C39087}
 
 
 
~~~ Files
 
 
 
~~~ Folders
 
Successfully deleted: [Folder] "C:\ProgramData\babylon"
Successfully deleted: [Folder] "C:\ProgramData\partner"
Successfully deleted: [Folder] "C:\ProgramData\premium"
Successfully deleted: [Folder] "C:\Users\Ong Huan Yi\AppData\Roaming\babylon"
Successfully deleted: [Folder] "C:\Users\Ong Huan Yi\appdata\local\apn"
Successfully deleted: [Folder] "C:\Users\Ong Huan Yi\appdata\local\conduit"
Successfully deleted: [Folder] "C:\Users\Ong Huan Yi\appdata\locallow\babylontoolbar"
Successfully deleted: [Folder] "C:\Users\Ong Huan Yi\appdata\locallow\conduit"
Successfully deleted: [Folder] "C:\Users\Ong Huan Yi\appdata\locallow\coolyou"
Successfully deleted: [Folder] "C:\Users\Ong Huan Yi\appdata\locallow\incredibar.com"
Successfully deleted: [Folder] "C:\Program Files (x86)\chatzum toolbar"
Successfully deleted: [Folder] "C:\Program Files (x86)\conduit"
Successfully deleted: [Folder] "C:\Windows\syswow64\arfc"
Failed to delete: [Folder] "C:\Windows\syswow64\jmdp"
Successfully deleted: [Empty Folder] C:\Users\Ong Huan Yi\appdata\local\{01CE31C5-152B-46F3-B5B8-85C4EDA7DC5C}
Successfully deleted: [Empty Folder] C:\Users\Ong Huan Yi\appdata\local\{02E5C93D-A507-4C20-AEDA-4E62FA2AE9E6}
Successfully deleted: [Empty Folder] C:\Users\Ong Huan Yi\appdata\local\{03276D5E-94B3-4653-A815-D65834CEE8DC}
Successfully deleted: [Empty Folder] C:\Users\Ong Huan Yi\appdata\local\{05024832-ABDB-4BFE-AC9E-DC653E3C5FED}
Successfully deleted: [Empty Folder] C:\Users\Ong Huan Yi\appdata\local\{058CC7EB-A4F8-48E9-B87D-1AC49EDB746C}
Successfully deleted: [Empty Folder] C:\Users\Ong Huan Yi\appdata\local\{07E06736-AEF8-489E-9286-4E17EC705AA1}
Successfully deleted: [Empty Folder] C:\Users\Ong Huan Yi\appdata\local\{08353646-41AD-434A-8962-C23E6020D9D1}
Successfully deleted: [Empty Folder] C:\Users\Ong Huan Yi\appdata\local\{08630A69-A0FF-4366-ABFF-83DF83407423}
Successfully deleted: [Empty Folder] C:\Users\Ong Huan Yi\appdata\local\{08CBADD3-79D3-4980-A68E-C0452AB45254}
Successfully deleted: [Empty Folder] C:\Users\Ong Huan Yi\appdata\local\{08F545F2-1A55-471F-B57A-627F75A1E1D3}
Successfully deleted: [Empty Folder] C:\Users\Ong Huan Yi\appdata\local\{09A30A75-52C7-473F-8876-81D9DCA069C4}
Successfully deleted: [Empty Folder] C:\Users\Ong Huan Yi\appdata\local\{09FFAC1D-5221-434D-9517-B089B25C4D22}
Successfully deleted: [Empty Folder] C:\Users\Ong Huan Yi\appdata\local\{0E8F619F-9EDC-406A-AEF8-BD82B196529D}
Successfully deleted: [Empty Folder] C:\Users\Ong Huan Yi\appdata\local\{10773ADB-4762-497A-B2D2-D11B2AD1629C}
Successfully deleted: [Empty Folder] C:\Users\Ong Huan Yi\appdata\local\{10C8F3FC-9017-4432-AF7A-0D3036D97CA8}
Successfully deleted: [Empty Folder] C:\Users\Ong Huan Yi\appdata\local\{1105526D-6C65-460C-A535-6C4CE16C5110}
Successfully deleted: [Empty Folder] C:\Users\Ong Huan Yi\appdata\local\{11BF1F6F-EC60-41AD-8E17-6DDE9C940A96}
Successfully deleted: [Empty Folder] C:\Users\Ong Huan Yi\appdata\local\{12809893-42EE-4590-B3D1-A1D7E1ABBE33}
Successfully deleted: [Empty Folder] C:\Users\Ong Huan Yi\appdata\local\{136C7904-3099-4137-9CB2-88166498A307}
Successfully deleted: [Empty Folder] C:\Users\Ong Huan Yi\appdata\local\{15903E6D-B944-4387-98A3-2FD936876E8D}
Successfully deleted: [Empty Folder] C:\Users\Ong Huan Yi\appdata\local\{15BD8971-5E10-4E0F-A8BD-82CFADE279CC}
Successfully deleted: [Empty Folder] C:\Users\Ong Huan Yi\appdata\local\{1889714F-881F-4999-9830-CE249D11F47A}
Successfully deleted: [Empty Folder] C:\Users\Ong Huan Yi\appdata\local\{1F809ABF-A876-49F1-9C91-CA33141F6316}
Successfully deleted: [Empty Folder] C:\Users\Ong Huan Yi\appdata\local\{207632D0-44FF-4D48-A0FF-6FC5905B5195}
Successfully deleted: [Empty Folder] C:\Users\Ong Huan Yi\appdata\local\{209C44E3-2F28-4FF3-8661-CE165FF58036}
Successfully deleted: [Empty Folder] C:\Users\Ong Huan Yi\appdata\local\{21522891-25B5-41A4-AAE6-2B2FACCD88C3}
Successfully deleted: [Empty Folder] C:\Users\Ong Huan Yi\appdata\local\{246DE4C5-CF08-40C9-8F83-EB5E5C258D7F}
Successfully deleted: [Empty Folder] C:\Users\Ong Huan Yi\appdata\local\{253EAE4E-78D6-43DA-9328-924B1C00C390}
Successfully deleted: [Empty Folder] C:\Users\Ong Huan Yi\appdata\local\{26BFECDA-1264-45DF-9F32-00B4529DF594}
Successfully deleted: [Empty Folder] C:\Users\Ong Huan Yi\appdata\local\{282EDB2E-A597-49A4-93F3-7507484B9901}
Successfully deleted: [Empty Folder] C:\Users\Ong Huan Yi\appdata\local\{2A181414-5E59-4832-AC90-D5319E56CCE8}
Successfully deleted: [Empty Folder] C:\Users\Ong Huan Yi\appdata\local\{2A1F3072-29C9-4DAF-A985-E5969ECC2A94}
Successfully deleted: [Empty Folder] C:\Users\Ong Huan Yi\appdata\local\{2E5FF2F9-1ED5-4B33-9907-251CD28BAD3F}
Successfully deleted: [Empty Folder] C:\Users\Ong Huan Yi\appdata\local\{2EAE6AE2-BD38-4C53-A3D6-4C5C052DA085}
Successfully deleted: [Empty Folder] C:\Users\Ong Huan Yi\appdata\local\{300F2E47-1064-40C2-BF79-342779E31079}
Successfully deleted: [Empty Folder] C:\Users\Ong Huan Yi\appdata\local\{30E1F22D-40AF-4B1B-A04E-0B31DD64DA54}
Successfully deleted: [Empty Folder] C:\Users\Ong Huan Yi\appdata\local\{30E78A66-33BE-497C-B66B-A1EDDE0081C1}
Successfully deleted: [Empty Folder] C:\Users\Ong Huan Yi\appdata\local\{3202EE73-0C31-43F4-AFB1-8C454EF218A2}
Successfully deleted: [Empty Folder] C:\Users\Ong Huan Yi\appdata\local\{33BB707D-A05D-406D-84E2-3834E4C8A861}
Successfully deleted: [Empty Folder] C:\Users\Ong Huan Yi\appdata\local\{34EFF2E8-F9AD-41CE-9294-BEF87563B58D}
Successfully deleted: [Empty Folder] C:\Users\Ong Huan Yi\appdata\local\{3517D9F3-400C-48D0-83E1-E77DB26CCA21}
Successfully deleted: [Empty Folder] C:\Users\Ong Huan Yi\appdata\local\{35C4D097-4BD4-4620-B832-2917E41B7BE8}
Successfully deleted: [Empty Folder] C:\Users\Ong Huan Yi\appdata\local\{37CC27F1-8EF9-4C7A-8E0D-193310C57E93}
Successfully deleted: [Empty Folder] C:\Users\Ong Huan Yi\appdata\local\{3D35FA79-9E60-420C-9AC5-F5C784460116}
Successfully deleted: [Empty Folder] C:\Users\Ong Huan Yi\appdata\local\{3E102E59-4079-4E18-8381-B622AFE5899E}
Successfully deleted: [Empty Folder] C:\Users\Ong Huan Yi\appdata\local\{3E6EF6B6-60E6-4A96-8B8C-9A9D65E29BC2}
Successfully deleted: [Empty Folder] C:\Users\Ong Huan Yi\appdata\local\{3FF4E95C-7B8E-44C2-8D5F-5D04B95E8362}
Successfully deleted: [Empty Folder] C:\Users\Ong Huan Yi\appdata\local\{417F6E68-B96C-4D8C-B212-4BCD883AFA2A}
Successfully deleted: [Empty Folder] C:\Users\Ong Huan Yi\appdata\local\{41A58073-C66C-484C-B526-B32ECD78A6D7}
Successfully deleted: [Empty Folder] C:\Users\Ong Huan Yi\appdata\local\{48CA81B8-4D09-40C4-8A01-23E3A6A6E395}
Successfully deleted: [Empty Folder] C:\Users\Ong Huan Yi\appdata\local\{498A7C37-0402-4862-AD2D-115E85CC486F}
Successfully deleted: [Empty Folder] C:\Users\Ong Huan Yi\appdata\local\{4B9FC4EC-341E-4446-8D1F-A9524C35515D}
Successfully deleted: [Empty Folder] C:\Users\Ong Huan Yi\appdata\local\{4C6E45DC-C407-4088-8B00-94F4701C318D}
Successfully deleted: [Empty Folder] C:\Users\Ong Huan Yi\appdata\local\{4C8F2AD2-3247-45B5-A7DA-9EC7861CD8AC}
Successfully deleted: [Empty Folder] C:\Users\Ong Huan Yi\appdata\local\{4CD079B1-2710-44E0-BFA5-3D41B5C4A5B1}
Successfully deleted: [Empty Folder] C:\Users\Ong Huan Yi\appdata\local\{4E19463E-3E54-400A-82C0-7975721D2E5A}
Successfully deleted: [Empty Folder] C:\Users\Ong Huan Yi\appdata\local\{4E668AAB-2D33-494C-84AD-445971E9D16E}
Successfully deleted: [Empty Folder] C:\Users\Ong Huan Yi\appdata\local\{51923C3F-EF48-42CF-ABBA-73FEB5F10BB9}
Successfully deleted: [Empty Folder] C:\Users\Ong Huan Yi\appdata\local\{5293DB47-22F9-4D43-BAED-0D6E0CFC6020}
Successfully deleted: [Empty Folder] C:\Users\Ong Huan Yi\appdata\local\{53D1CAFE-05F2-4335-BBE5-27103382EAAF}
Successfully deleted: [Empty Folder] C:\Users\Ong Huan Yi\appdata\local\{546957FC-4205-4183-B402-8DCAE2090C3E}
Successfully deleted: [Empty Folder] C:\Users\Ong Huan Yi\appdata\local\{56B07CF3-F425-4054-8E9E-10DB8E148D16}
Successfully deleted: [Empty Folder] C:\Users\Ong Huan Yi\appdata\local\{56DBDE15-C0F1-4C74-AC85-A277268E2349}
Successfully deleted: [Empty Folder] C:\Users\Ong Huan Yi\appdata\local\{56EF8726-62A0-4C7E-8C14-943B2D27B5A3}
Successfully deleted: [Empty Folder] C:\Users\Ong Huan Yi\appdata\local\{597609CE-9C4F-4F29-B1A2-2567D73B1A0B}
Successfully deleted: [Empty Folder] C:\Users\Ong Huan Yi\appdata\local\{59E578D7-1CE4-496D-A358-9D0021E39DB2}
Successfully deleted: [Empty Folder] C:\Users\Ong Huan Yi\appdata\local\{59FB2CA2-68A3-4417-8BD4-7303C89171CF}
Successfully deleted: [Empty Folder] C:\Users\Ong Huan Yi\appdata\local\{5E9A62D3-E41D-423F-9BCC-B3927940D4F4}
Successfully deleted: [Empty Folder] C:\Users\Ong Huan Yi\appdata\local\{60ED2CF4-BA79-451B-ABD2-0D72543E9FC7}
Successfully deleted: [Empty Folder] C:\Users\Ong Huan Yi\appdata\local\{612A0AE8-BA6C-46D4-A102-05984BA406C4}
Successfully deleted: [Empty Folder] C:\Users\Ong Huan Yi\appdata\local\{62846899-4A21-4362-B3CF-6F07B9302F52}
Successfully deleted: [Empty Folder] C:\Users\Ong Huan Yi\appdata\local\{6417C730-2204-4E38-BD78-435961CE4CFF}
Successfully deleted: [Empty Folder] C:\Users\Ong Huan Yi\appdata\local\{642E8DD7-9587-4D41-B109-DC07022D63E2}
Successfully deleted: [Empty Folder] C:\Users\Ong Huan Yi\appdata\local\{66F52FFB-D306-4018-8D86-E097687D953E}
Successfully deleted: [Empty Folder] C:\Users\Ong Huan Yi\appdata\local\{6963D691-89C3-4863-990D-016A703D240D}
Successfully deleted: [Empty Folder] C:\Users\Ong Huan Yi\appdata\local\{698D0E3F-9BDB-4AD9-8BF1-2A2DD08CF136}
Successfully deleted: [Empty Folder] C:\Users\Ong Huan Yi\appdata\local\{6C4EB308-F487-4950-8F62-C1FB27F49CBD}
Successfully deleted: [Empty Folder] C:\Users\Ong Huan Yi\appdata\local\{6C60DFCC-4FF6-4B7A-8895-9337101846D2}
Successfully deleted: [Empty Folder] C:\Users\Ong Huan Yi\appdata\local\{6F9D311B-286F-4BEB-9614-B759E09FE68E}
Successfully deleted: [Empty Folder] C:\Users\Ong Huan Yi\appdata\local\{70558C25-298B-4B84-86EF-3C04A4F9965C}
Successfully deleted: [Empty Folder] C:\Users\Ong Huan Yi\appdata\local\{72D8E2D5-4F9C-4979-BF41-8579090478D3}
Successfully deleted: [Empty Folder] C:\Users\Ong Huan Yi\appdata\local\{73429DA0-AFD6-4FD2-99F2-F741E486A862}
Successfully deleted: [Empty Folder] C:\Users\Ong Huan Yi\appdata\local\{750BBE33-2990-48C0-A02D-CA27D7631078}
Successfully deleted: [Empty Folder] C:\Users\Ong Huan Yi\appdata\local\{781650BC-8A67-4AE2-8BF4-40783BEBCBBD}
Successfully deleted: [Empty Folder] C:\Users\Ong Huan Yi\appdata\local\{7978F237-025F-45BC-AF52-A668866F66B8}
Successfully deleted: [Empty Folder] C:\Users\Ong Huan Yi\appdata\local\{799802A5-737C-4F1B-95B4-1D5BC0609C06}
Successfully deleted: [Empty Folder] C:\Users\Ong Huan Yi\appdata\local\{7C532C66-2950-4947-80F6-0342D6160B9E}
Successfully deleted: [Empty Folder] C:\Users\Ong Huan Yi\appdata\local\{7D4754F7-8C11-4B09-9861-03D517FCDDA4}
Successfully deleted: [Empty Folder] C:\Users\Ong Huan Yi\appdata\local\{7DE70D83-D8EB-4C15-8FD3-9582A55C5330}
Successfully deleted: [Empty Folder] C:\Users\Ong Huan Yi\appdata\local\{825C47C1-8C9B-4DF8-8C92-730EDC7F5CA8}
Successfully deleted: [Empty Folder] C:\Users\Ong Huan Yi\appdata\local\{8814B43F-ED78-4B4D-8A20-95667A93AD7C}
Successfully deleted: [Empty Folder] C:\Users\Ong Huan Yi\appdata\local\{8A3C9246-63EF-41C3-B8EC-ABB00AF4C432}
Successfully deleted: [Empty Folder] C:\Users\Ong Huan Yi\appdata\local\{8BC13620-6CB8-4FF1-854E-0BCA0E3CB9FA}
Successfully deleted: [Empty Folder] C:\Users\Ong Huan Yi\appdata\local\{8CECC54B-921E-4B14-9F6D-6695C9B565B9}
Successfully deleted: [Empty Folder] C:\Users\Ong Huan Yi\appdata\local\{90919E4C-7AD1-43EF-BA13-8558087DAB8B}
Successfully deleted: [Empty Folder] C:\Users\Ong Huan Yi\appdata\local\{912E6AEF-07BC-460C-9335-3F50CF3F80DB}
Successfully deleted: [Empty Folder] C:\Users\Ong Huan Yi\appdata\local\{955E6D71-2A75-435B-9AB7-762844357BE6}
Successfully deleted: [Empty Folder] C:\Users\Ong Huan Yi\appdata\local\{95F8A98A-5827-4147-A31C-1469CA93E55E}
Successfully deleted: [Empty Folder] C:\Users\Ong Huan Yi\appdata\local\{97BE8637-1518-4518-A035-B5946F954457}
Successfully deleted: [Empty Folder] C:\Users\Ong Huan Yi\appdata\local\{98BA2539-45D4-4F83-ABE4-83265019E790}
Successfully deleted: [Empty Folder] C:\Users\Ong Huan Yi\appdata\local\{994C6A13-2EB9-45EB-B2F0-A0274957692F}
Successfully deleted: [Empty Folder] C:\Users\Ong Huan Yi\appdata\local\{997F7401-AEAC-45B4-87D9-18C2DAAB9528}
Successfully deleted: [Empty Folder] C:\Users\Ong Huan Yi\appdata\local\{99A1929E-1DDC-478F-9A81-13533F4FF2BD}
Successfully deleted: [Empty Folder] C:\Users\Ong Huan Yi\appdata\local\{99B0FF75-0BAC-4ABD-AC91-18604176F9ED}
Successfully deleted: [Empty Folder] C:\Users\Ong Huan Yi\appdata\local\{9B7A84B9-999E-4D78-8370-7DF25D8C3699}
Successfully deleted: [Empty Folder] C:\Users\Ong Huan Yi\appdata\local\{9C43BA5E-B943-4AB0-9C72-6558145D558F}
Successfully deleted: [Empty Folder] C:\Users\Ong Huan Yi\appdata\local\{9E0FBA48-CB99-4F54-9F2D-7F7A25AE3B77}
Successfully deleted: [Empty Folder] C:\Users\Ong Huan Yi\appdata\local\{9E2DBAB8-9484-4A5C-B828-429AED900B81}
Successfully deleted: [Empty Folder] C:\Users\Ong Huan Yi\appdata\local\{9E4D9D11-10DC-46CB-8A3D-B0CBD2422CE2}
Successfully deleted: [Empty Folder] C:\Users\Ong Huan Yi\appdata\local\{9F0FB0A6-5918-4FC5-9A14-B75412B546F5}
Successfully deleted: [Empty Folder] C:\Users\Ong Huan Yi\appdata\local\{A03A5B77-BB70-4DEF-A112-9332486B6FC9}
Successfully deleted: [Empty Folder] C:\Users\Ong Huan Yi\appdata\local\{A1F5EB11-13EE-4F91-A3CF-AD4B7CD57384}
Successfully deleted: [Empty Folder] C:\Users\Ong Huan Yi\appdata\local\{A27C420D-7A0B-4AFA-ADF1-AAC926176CB5}
Successfully deleted: [Empty Folder] C:\Users\Ong Huan Yi\appdata\local\{A7471E18-6C81-4C66-9211-8D59EC2B9DD2}
Successfully deleted: [Empty Folder] C:\Users\Ong Huan Yi\appdata\local\{AB37A76D-6DC7-4532-8804-2078CA74169D}
Successfully deleted: [Empty Folder] C:\Users\Ong Huan Yi\appdata\local\{ABCF4ACF-2428-4E72-A42C-A48F82FB71E9}
Successfully deleted: [Empty Folder] C:\Users\Ong Huan Yi\appdata\local\{ABE5214A-A7D9-44FC-9436-6D68470C8981}
Successfully deleted: [Empty Folder] C:\Users\Ong Huan Yi\appdata\local\{AE242331-00C4-487E-98D0-6401422CB190}
Successfully deleted: [Empty Folder] C:\Users\Ong Huan Yi\appdata\local\{AE2B6E89-9A0F-490B-9958-2B648E3C5135}
Successfully deleted: [Empty Folder] C:\Users\Ong Huan Yi\appdata\local\{AE3C30DC-FE32-4F8F-AAD3-89A4738B717C}
Successfully deleted: [Empty Folder] C:\Users\Ong Huan Yi\appdata\local\{B267B842-34A8-4D1A-B6EC-ED1E032F910A}
Successfully deleted: [Empty Folder] C:\Users\Ong Huan Yi\appdata\local\{B2B8F08E-4293-40C5-A876-1A1459CBDA4B}
Successfully deleted: [Empty Folder] C:\Users\Ong Huan Yi\appdata\local\{B46B6CA2-CE09-4E29-96D8-33B7EF0B0E81}
Successfully deleted: [Empty Folder] C:\Users\Ong Huan Yi\appdata\local\{B47F68B5-E763-47A4-A141-02B4C100C272}
Successfully deleted: [Empty Folder] C:\Users\Ong Huan Yi\appdata\local\{B5830F6C-E534-4CB1-A496-51BD985E11B8}
Successfully deleted: [Empty Folder] C:\Users\Ong Huan Yi\appdata\local\{B5FD3BD3-1F8C-4C9D-BA78-563FE026367A}
Successfully deleted: [Empty Folder] C:\Users\Ong Huan Yi\appdata\local\{B661CEE0-DC3A-425A-92D2-17265D75E525}
Successfully deleted: [Empty Folder] C:\Users\Ong Huan Yi\appdata\local\{B6803681-E20B-4736-B8FF-87C8314B37D5}
Successfully deleted: [Empty Folder] C:\Users\Ong Huan Yi\appdata\local\{B7CCDA2A-2FDA-4D8F-B00D-FDD7019CC7B4}
Successfully deleted: [Empty Folder] C:\Users\Ong Huan Yi\appdata\local\{B8112722-5AD9-48A9-8814-3B4D66EFDFFD}
Successfully deleted: [Empty Folder] C:\Users\Ong Huan Yi\appdata\local\{B8AD3B02-5551-4980-B059-56E4B45364F2}
Successfully deleted: [Empty Folder] C:\Users\Ong Huan Yi\appdata\local\{BBA5A7D8-31BC-4328-8952-DA47B4CF751C}
Successfully deleted: [Empty Folder] C:\Users\Ong Huan Yi\appdata\local\{BCC3A32B-445A-46D7-B663-22090A3F81DA}
Successfully deleted: [Empty Folder] C:\Users\Ong Huan Yi\appdata\local\{BFEBD203-DB96-4660-A284-1299905E6974}
Successfully deleted: [Empty Folder] C:\Users\Ong Huan Yi\appdata\local\{C0716737-537A-4C4F-9FEA-031B84C47BC8}
Successfully deleted: [Empty Folder] C:\Users\Ong Huan Yi\appdata\local\{C34008F2-8735-4C05-81C5-7A773BC9F514}
Successfully deleted: [Empty Folder] C:\Users\Ong Huan Yi\appdata\local\{C34592BA-7807-43A4-A183-D0C34D76FA28}
Successfully deleted: [Empty Folder] C:\Users\Ong Huan Yi\appdata\local\{C3FC99B6-4C38-47F0-8D15-BB90358F2B2B}
Successfully deleted: [Empty Folder] C:\Users\Ong Huan Yi\appdata\local\{C6C6DFD5-BCA7-441A-9964-5DCE7867C214}
Successfully deleted: [Empty Folder] C:\Users\Ong Huan Yi\appdata\local\{C75F68AA-212D-4A89-A78F-BF9AEC6C8845}
Successfully deleted: [Empty Folder] C:\Users\Ong Huan Yi\appdata\local\{C78841BC-3070-471E-800C-A40BDEFE5961}
Successfully deleted: [Empty Folder] C:\Users\Ong Huan Yi\appdata\local\{C7D5E132-2FB7-47ED-A87E-D75AFA16CCA1}
Successfully deleted: [Empty Folder] C:\Users\Ong Huan Yi\appdata\local\{C8610ECB-0435-4A26-B1F0-DC41598671DC}
Successfully deleted: [Empty Folder] C:\Users\Ong Huan Yi\appdata\local\{C952B539-81BE-4338-A507-F4E79DFC6B70}
Successfully deleted: [Empty Folder] C:\Users\Ong Huan Yi\appdata\local\{CA9FE305-AD6E-47B8-96C6-344FB1BF11B9}
Successfully deleted: [Empty Folder] C:\Users\Ong Huan Yi\appdata\local\{CAACBDAE-E3ED-4997-84FF-1524AD3D9B07}
Successfully deleted: [Empty Folder] C:\Users\Ong Huan Yi\appdata\local\{CC0CBAD8-E39D-4E8F-92FF-A1DC22755D9C}
Successfully deleted: [Empty Folder] C:\Users\Ong Huan Yi\appdata\local\{CC48AFDD-5EE0-4BB5-94BC-DC0A224E4B6B}
Successfully deleted: [Empty Folder] C:\Users\Ong Huan Yi\appdata\local\{D10B5658-5A48-44AC-9B8A-EAA0EA0F2F9C}
Successfully deleted: [Empty Folder] C:\Users\Ong Huan Yi\appdata\local\{D1A48D69-BF2A-4FC6-809B-7EA0676F767B}
Successfully deleted: [Empty Folder] C:\Users\Ong Huan Yi\appdata\local\{D33DCCB4-E99C-4F74-B538-E98A7454189C}
Successfully deleted: [Empty Folder] C:\Users\Ong Huan Yi\appdata\local\{D823D18C-AE41-4749-917D-5BEE422E98B6}
Successfully deleted: [Empty Folder] C:\Users\Ong Huan Yi\appdata\local\{D8258310-7426-4273-A38A-3FF27478560C}
Successfully deleted: [Empty Folder] C:\Users\Ong Huan Yi\appdata\local\{D8F22D66-7F04-48F7-99C9-6422FB92A46D}
Successfully deleted: [Empty Folder] C:\Users\Ong Huan Yi\appdata\local\{D9515198-2BC8-47DF-91E3-45CC4CBA2DA6}
Successfully deleted: [Empty Folder] C:\Users\Ong Huan Yi\appdata\local\{DA3DCCC1-4950-46EE-ACF3-05064E6FB2AA}
Successfully deleted: [Empty Folder] C:\Users\Ong Huan Yi\appdata\local\{DA41851D-68B7-455A-9950-B1D293EF2CE1}
Successfully deleted: [Empty Folder] C:\Users\Ong Huan Yi\appdata\local\{DAD1984C-B260-4393-A31D-998EFA9D9D71}
Successfully deleted: [Empty Folder] C:\Users\Ong Huan Yi\appdata\local\{DBB744F0-30FB-44EF-90C8-66CB83E995FC}
Successfully deleted: [Empty Folder] C:\Users\Ong Huan Yi\appdata\local\{DCAD89C7-DCFE-4220-AFF7-EF971297C8E2}
Successfully deleted: [Empty Folder] C:\Users\Ong Huan Yi\appdata\local\{DD0A93E0-131C-4DCC-9535-40DBFF379280}
Successfully deleted: [Empty Folder] C:\Users\Ong Huan Yi\appdata\local\{DE56E37E-6F00-4693-9479-52C90024A669}
Successfully deleted: [Empty Folder] C:\Users\Ong Huan Yi\appdata\local\{E04C75F9-4293-4EAE-99E6-581AFDA84330}
Successfully deleted: [Empty Folder] C:\Users\Ong Huan Yi\appdata\local\{E1CE4402-8FA4-4658-82B8-C22C18E46128}
Successfully deleted: [Empty Folder] C:\Users\Ong Huan Yi\appdata\local\{E1DEE605-D051-4F1A-ACFB-39F75E6EB549}
Successfully deleted: [Empty Folder] C:\Users\Ong Huan Yi\appdata\local\{E25CAD27-E2CE-4F18-A073-4906EF7FB963}
Successfully deleted: [Empty Folder] C:\Users\Ong Huan Yi\appdata\local\{E2AFF207-68DA-4B31-B7F7-CDFA09861A11}
Successfully deleted: [Empty Folder] C:\Users\Ong Huan Yi\appdata\local\{E501C832-86B3-4483-8497-46C2B98CC9CF}
Successfully deleted: [Empty Folder] C:\Users\Ong Huan Yi\appdata\local\{E55806AB-CC15-43B4-9A32-78CFE6CF21F9}
Successfully deleted: [Empty Folder] C:\Users\Ong Huan Yi\appdata\local\{E5CDEC06-E46D-4AF2-878F-6DE6ECAFEA79}
Successfully deleted: [Empty Folder] C:\Users\Ong Huan Yi\appdata\local\{E74A96E7-8D62-4B45-991B-E46EB398F87B}
Successfully deleted: [Empty Folder] C:\Users\Ong Huan Yi\appdata\local\{E805D5CD-2536-4179-AE34-48DDF5156101}
Successfully deleted: [Empty Folder] C:\Users\Ong Huan Yi\appdata\local\{E8515C44-A291-4A2D-AE11-9E15B93259D6}
Successfully deleted: [Empty Folder] C:\Users\Ong Huan Yi\appdata\local\{E8CEC1D4-D458-4BE2-9CF9-D11E3C0B3AA4}
Successfully deleted: [Empty Folder] C:\Users\Ong Huan Yi\appdata\local\{EAA89B08-45F5-4A48-957D-659DE41EB048}
Successfully deleted: [Empty Folder] C:\Users\Ong Huan Yi\appdata\local\{EC8C35EE-A99E-45AA-9166-4770F4816676}
Successfully deleted: [Empty Folder] C:\Users\Ong Huan Yi\appdata\local\{ED7D624E-C893-495D-9E24-5174B2C84FA2}
Successfully deleted: [Empty Folder] C:\Users\Ong Huan Yi\appdata\local\{F1BAACC8-4E87-4317-8CA5-7D803BD25FBD}
Successfully deleted: [Empty Folder] C:\Users\Ong Huan Yi\appdata\local\{F435C82E-B46F-403E-AB3F-17D1AC745A7C}
Successfully deleted: [Empty Folder] C:\Users\Ong Huan Yi\appdata\local\{F45C5D66-B76A-42C3-A638-CA4A60D43C6C}
Successfully deleted: [Empty Folder] C:\Users\Ong Huan Yi\appdata\local\{F523BC37-42F4-4621-BA18-CDB20F7148F5}
Successfully deleted: [Empty Folder] C:\Users\Ong Huan Yi\appdata\local\{F6B869ED-1526-4AB1-A53F-26356EAA0001}
Successfully deleted: [Empty Folder] C:\Users\Ong Huan Yi\appdata\local\{F7E2A949-1ADE-467E-931E-FB6B18BA231D}
Successfully deleted: [Empty Folder] C:\Users\Ong Huan Yi\appdata\local\{F820924B-8FD7-486D-BABD-8568561B68A8}
Successfully deleted: [Empty Folder] C:\Users\Ong Huan Yi\appdata\local\{F82F2BB1-6269-4E41-8799-539E166238D0}
Successfully deleted: [Empty Folder] C:\Users\Ong Huan Yi\appdata\local\{F92F38A8-9A41-469C-B233-0FEDC4E8AFDE}
Successfully deleted: [Empty Folder] C:\Users\Ong Huan Yi\appdata\local\{FBF8AFB5-6A44-431A-97A0-213BCAD78431}
Successfully deleted: [Empty Folder] C:\Users\Ong Huan Yi\appdata\local\{FD7B5278-93C6-4240-B6EB-E83B565BF1D6}
 
 
 
~~~ Chrome
 
Successfully deleted: [Folder] C:\Users\Ong Huan Yi\appdata\local\Google\Chrome\User Data\Default\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Google\Chrome\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Google\Chrome\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 21/07/2013 Sun at  1:42:21.53
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
 
 
 
 
 
From 1st AdwCleaner Session:
 
 
 
# AdwCleaner v2.306 - Logfile created 07/21/2013 at 01:47:20
# Updated 19/07/2013 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Ong Huan Yi - ONGHUANYI-PC
# Boot Mode : Normal
# Running from : C:\Users\Ong Huan Yi\Desktop\AdwCleaner.exe
# Option [Delete]
 
 
***** [services] *****
 
Stopped & Deleted : IBUpdaterService
Stopped & Deleted : Web Assistant
 
***** [Files / Folders] *****
 
 
 
 
 
 
 
 
From 2nd AdwCleaner Session:
 
 
# AdwCleaner v2.306 - Logfile created 07/21/2013 at 02:04:01
# Updated 19/07/2013 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Ong Huan Yi - ONGHUANYI-PC
# Boot Mode : Normal
# Running from : C:\Users\Ong Huan Yi\Desktop\AdwCleaner.exe
# Option [Delete]
 
 
***** [services] *****
 
 
***** [Files / Folders] *****
 
File Deleted : C:\user.js
Folder Deleted : C:\Program Files\Web Assistant
Folder Deleted : C:\Users\ONGHUA~1\AppData\Local\Temp\BabylonToolbar
Folder Deleted : C:\Windows\SysWOW64\jmdp
Folder Deleted : C:\Windows\SysWOW64\WNLT
 
***** [Registry] *****
 
Key Deleted : HKCU\Software\ChatZum Toolbar
Key Deleted : HKCU\Software\InstallCore
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{336D0C35-8A85-403A-B9D2-65C292C39087}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FE69C007-C452-4D3E-86D2-1730DF8BC871}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{336D0C35-8A85-403A-B9D2-65C292C39087}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FE69C007-C452-4D3E-86D2-1730DF8BC871}
Key Deleted : HKCU\Software\WNLT
Key Deleted : HKLM\Software\ChatZum Toolbar
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B302A1BD-0157-49FA-90F1-4E94F22C7B4B}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{1D5A4199-956E-49BC-B89F-6A35C57C0D13}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{CCA8F2AB-BE4E-41F0-A289-4D960CEA58EA}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{FE69C007-C452-4D3E-86D2-1730DF8BC871}
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apntoolbarinstaller_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apntoolbarinstaller_RASMANCS
Key Deleted : HKLM\Software\SimilarSites
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{336D0C35-8A85-403A-B9D2-65C292C39087}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{FE69C007-C452-4D3E-86D2-1730DF8BC871}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{A36867C6-302D-49FC-9D8E-1EB037B5F1AB}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{A36BCB13-778D-4A40-99C1-D686086D268F}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\WNLT
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{336D0C35-8A85-403A-B9D2-65C292C39087}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A36867C6-302D-49FC-9D8E-1EB037B5F1AB}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A36BCB13-778D-4A40-99C1-D686086D268F}
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{336D0C35-8A85-403A-B9D2-65C292C39087}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{336D0C35-8A85-403a-B9D2-65C292C39087}_is1
Key Deleted : HKLM\SOFTWARE\Web Assistant
Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\extensions [{336D0C35-8A85-403a-B9D2-65C292C39087}]
Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\extensions [{FE1DEEEA-DB6D-44b8-83F0-34FC0F9D1052}]
 
***** [internet Browsers] *****
 
-\\ Internet Explorer v10.0.9200.16635
 
[OK] Registry is clean.
 
-\\ Google Chrome v28.0.1500.72
 
File : C:\Users\Ong Huan Yi\AppData\Local\Google\Chrome\User Data\Default\Preferences
 
[OK] File is clean.
 
*************************
 
AdwCleaner[s1].txt - [442 octets] - [21/07/2013 01:47:20]
AdwCleaner[s2].txt - [3966 octets] - [21/07/2013 02:04:01]
 
########## EOF - C:\AdwCleaner[s2].txt - [4026 octets] ##########
 
 
 
 
 
 
 
 
 
 
 
 
Malwarebytes Anti-Malware (Trial) 1.75.0.1300
www.malwarebytes.org
 
Database version: v2013.07.20.05
 
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16635
Ong Huan Yi :: ONGHUANYI-PC [administrator]
 
Protection: Disabled
 
21/7/2013 2:10:03 AM
mbam-log-2013-07-21 (02-10-03).txt
 
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 221573
Time elapsed: 5 minute(s), 23 second(s)
 
Memory Processes Detected: 0
(No malicious items detected)
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 0
(No malicious items detected)
 
Registry Values Detected: 0
(No malicious items detected)
 
Registry Data Items Detected: 0
(No malicious items detected)
 
Folders Detected: 0
(No malicious items detected)
 
Files Detected: 1
C:\Users\Ong Huan Yi\AppData\Local\Temp\9494486.Uninstall\Uninstall.exe (PUP.Adware.Installcore) -> Quarantined and deleted successfully.
 
(end)
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 10.0.9200.16635
Run by Ong Huan Yi at 2:20:28 on 2013-07-21
Microsoft Windows 7 Home Premium   6.1.7601.1.936.65.1033.18.8169.6459 [GMT 8:00]
.
AV: Trend Micro Titanium Internet Security *Disabled/Updated* {68F968AC-2AA0-091D-848C-803E83E35902}
SP: Trend Micro Titanium Internet Security *Disabled/Updated* {D3988948-0C9A-0693-BE3C-BB4CF86413BF}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Trend Micro Firewall Booster *Disabled* {50C2E989-60CF-0845-AFD3-290B7D301E79}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\FBAgent.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe
C:\Program Files (x86)\Seagate\SeagateManager\Sync\FreeAgentService.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Intel\TurboBoost\TurboBoost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\P4G\BatteryLife.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe
C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe
C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
C:\Windows\SysWOW64\ACEngSvr.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\servicing\TrustedInstaller.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
C:\Program Files\Elantech\ETDCtrl.exe
C:\Program Files\Elantech\ETDCtrlHelper.exe
C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Windows\AsScrPro.exe
C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Trend Micro\Titanium\TiMiniService.exe
C:\Program Files (x86)\Samsung\Kies\Kies.exe
C:\Program Files\Trend Micro\Titanium\TiResumeSrv.exe
C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
C:\Program Files (x86)\ASUS\APRP\aprp.exe
C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
C:\Program Files (x86)\Seagate\SeagateManager\FreeAgent Status\stxmenumgr.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe
C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
C:\Program Files (x86)\BlueStacks\HD-Agent.exe
C:\Users\Ong Huan Yi\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uURLSearchHooks: {7473b6bd-4691-4744-a82b-7854eb3d70b6} - <orphaned>
uURLSearchHooks: <No Name>:  - LocalServer32 - <no file>
mURLSearchHooks: <No Name>:  - LocalServer32 - <no file>
mWinlogon: Userinit = userinit.exe,
BHO: TmIEPlugInBHO Class: {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\module\20004\1.5.1381\6.5.1234\TmIEPlg32.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: CIESpeechBHO Class: {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: TmBpIeBHO Class: {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\module\20002\6.5.1234\6.5.1234\TmBpIe32.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - 
BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - 
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
uRun: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [chromium] C:\Program Files (x86)\Google\Chrome\Application\chrome.exe --no-startup-window
uRun: [KiesPreload] C:\Program Files (x86)\Samsung\Kies\Kies.exe /preload
uRun: [KiesAirMessage] C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe -startup
uRun: [KiesPDLR] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
mRun: [Nuance PDF Reader-reminder] "C:\Program Files (x86)\Nuance\PDF Reader\Ereg\Ereg.exe" -r "C:\ProgramData\Nuance\PDF Reader\Ereg\Ereg.ini"
mRun: [ASUSPRP] "C:\Program Files (x86)\ASUS\APRP\APRP.EXE"
mRun: [ASUSWebStorage] C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.84.161\AsusWSPanel.exe /S
mRun: [sonicMasterTray] C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe
mRun: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
mRun: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
mRun: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
mRun: [Wireless Console 3] C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
mRun: [updateLBPShortCut] "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"
mRun: [updateP2GoShortCut] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
mRun: [MaxMenuMgr] "C:\Program Files (x86)\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe"
mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [HTC Sync Loader] "C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe" -startup
mRun: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
mRun: [blueStacks Agent] C:\Program Files (x86)\BlueStacks\HD-Agent.exe
StartupFolder: C:\Users\ONGHUA~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Ong Huan Yi\AppData\Roaming\Dropbox\bin\Dropbox.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\ASUSVI~1.LNK - C:\Program Files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\FANCYS~1.LNK - C:\Windows\Installer\{2B81872B-A054-48DA-BE3B-FA5C164C303A}\_C4A2FC3E3722966204FDD8.exe
uPolicies-Explorer: NoDriveAutoRun = dword:0
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll
IE: {7815BE26-237D-41A8-A98F-F7BD75F71086} - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
TCP: NameServer = 192.168.1.254
TCP: Interfaces\{9B36DDA8-D01C-4875-A74B-2CAAD909043C} : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{9B36DDA8-D01C-4875-A74B-2CAAD909043C}\75962756C6563737043574 : DHCPNameServer = 165.21.83.88
TCP: Interfaces\{9B36DDA8-D01C-4875-A74B-2CAAD909043C}\8445340205F627471626C6560284F6473707F647 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{D70A623F-5E52-424C-81BE-8D8BA70B4E91} : DHCPNameServer = 192.168.42.129
TCP: Interfaces\{F4129D77-97E2-4B91-B5CB-A1DCE00ADDA5} : DHCPNameServer = 192.168.42.129
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\module\20002\6.5.1234\6.5.1234\TmBpIe32.dll
Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\module\20004\1.5.1381\6.5.1234\TmIEPlg32.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.72\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: TmIEPlugInBHO Class: {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\module\20004\1.5.1381\6.5.1234\TmIEPlg.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-BHO: TmBpIeBHO Class: {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\module\20002\6.5.1234\6.5.1234\TmBpIe64.dll
x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-Run: [VizorHtmlDialog.exe] "C:\Program Files\Trend Micro\Titanium\UIFramework\VizorHtmlDialog.exe" "DEF" "EULA" "C:\Program Files\Trend Micro\Titanium\UI\Installer.cmpt\resources\preinstall_01_welcome_trial.html" "DEF" "DEF" "DEF"
x64-Run: [Trend Micro Client Framework] "C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe"
x64-Run: [Trend Micro Titanium] C:\Program Files\Trend Micro\Titanium\VizorShortCut.exe -ReFlush "none" "none"
x64-Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /SF3 
x64-Run: [ETDCtrl] C:\Program Files (x86)\Elantech\ETDCtrl.exe
x64-Run: [AtherosBtStack] "C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe"
x64-Run: [AthBtTray] "C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe"
x64-Run: [intelTBRunOnce] wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs"
x64-Run: [setwallpaper] c:\programdata\SetWallpaper.cmd
x64-Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - <orphaned>
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\module\20002\6.5.1234\6.5.1234\TmBpIe64.dll
x64-Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\module\20004\1.5.1381\6.5.1234\TmIEPlg.dll
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R1 ATKWMIACPIIO;ATKWMIACPI Driver;C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [2011-5-26 17536]
R1 tmlwf;Trend Micro NDIS 6.0 Filter Driver;C:\Windows\System32\drivers\tmlwf.sys [2013-7-19 194640]
R2 AFBAgent;AFBAgent;C:\Windows\System32\FBAgent.exe [2011-8-23 379520]
R2 ASMMAP64;ASMMAP64;C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-7-3 15416]
R2 Atheros Bt&Wlan Coex Agent;Atheros Bt&Wlan Coex Agent;C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [2011-3-14 138400]
R2 AtherosSvc;AtherosSvc;C:\Program Files (x86)\Bluetooth Suite\AdminService.exe [2011-3-14 74912]
R2 BstHdDrv;BlueStacks Hypervisor;C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [2013-5-13 70984]
R2 BstHdLogRotatorSvc;BlueStacks Log Rotator Service;C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [2013-5-13 384840]
R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624]
R2 FreeAgentGoNext Service;Seagate Service;C:\Program Files (x86)\Seagate\SeagateManager\Sync\FreeAgentService.exe [2009-5-1 181544]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-7-19 418376]
R2 PassThru Service;Internet Pass-Through Service;C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [2013-2-27 167424]
R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-6-5 378472]
R2 tmevtmgr;tmevtmgr;C:\Windows\System32\drivers\tmevtmgr.sys [2011-4-2 67664]
R2 tmwfp;Trend Micro WFP Callout Driver;C:\Windows\System32\drivers\tmwfp.sys [2013-7-19 339536]
R2 TurboB;Turbo Boost UI Monitor driver;C:\Windows\System32\drivers\TurboB.sys [2010-4-17 13832]
R2 TurboBoost;Intel® Turbo Boost Technology Monitor;C:\Program Files\Intel\TurboBoost\TurboBoost.exe [2010-4-17 134928]
R3 asmthub3;ASMedia USB3 Hub Service;C:\Windows\System32\drivers\asmthub3.sys [2011-6-3 128488]
R3 asmtxhci;ASMEDIA XHCI Service;C:\Windows\System32\drivers\asmtxhci.sys [2011-6-3 401896]
R3 BTATH_BUS;Atheros Bluetooth Bus;C:\Windows\System32\drivers\btath_bus.sys [2011-3-14 28832]
R3 ETD;ELAN PS/2 Port Input Device;C:\Windows\System32\drivers\ETD.sys [2011-7-11 142632]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2013-7-19 25928]
R3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\rtsuvstor.sys [2011-8-23 311400]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-8-23 413800]
R3 Sftfs;Sftfs;C:\Windows\System32\drivers\Sftfslh.sys [2011-10-1 764264]
R3 Sftplay;Sftplay;C:\Windows\System32\drivers\Sftplaylh.sys [2011-10-1 268648]
R3 Sftredir;Sftredir;C:\Windows\System32\drivers\Sftredirlh.sys [2011-10-1 25960]
R3 Sftvol;Sftvol;C:\Windows\System32\drivers\Sftvollh.sys [2011-10-1 22376]
R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496]
R3 TiMiniService;TiMiniService;C:\Program Files\Trend Micro\Titanium\TiMiniService.exe [2010-10-27 241488]
S2 BstHdAndroidSvc;BlueStacks Android Service;C:\Program Files (x86)\BlueStacks\HD-Service.exe [2013-5-13 393032]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-7-19 701512]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-1-8 161536]
S3 Amsp;Trend Micro Solution Platform;C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe [2011-4-2 267480]
S3 AthBTPort;Atheros Virtual Bluetooth Class;C:\Windows\System32\drivers\btath_flt.sys [2011-3-14 36000]
S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-3-2 183560]
S3 BTATH_A2DP;Bluetooth A2DP Audio Driver;C:\Windows\System32\drivers\btath_a2dp.sys [2011-3-14 298656]
S3 BTATH_HCRP;Bluetooth HCRP Server driver;C:\Windows\System32\drivers\btath_hcrp.sys [2011-3-14 201376]
S3 BTATH_LWFLT;Bluetooth LWFLT Device;C:\Windows\System32\drivers\btath_lwflt.sys [2011-3-14 55456]
S3 BTATH_RCP;Bluetooth AVRCP Device;C:\Windows\System32\drivers\btath_rcp.sys [2011-3-14 154272]
S3 BtFilter;BtFilter;C:\Windows\System32\drivers\btfilter.sys [2011-3-14 280224]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\Windows\System32\drivers\ssudbus.sys [2013-2-6 102936]
S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2012-7-18 48488]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2012-3-8 1492840]
S3 HTCAND64;HTC Device Driver;C:\Windows\System32\drivers\ANDROIDUSB.sys [2009-11-2 33736]
S3 htcnprot;HTC NDIS Protocol Driver;C:\Windows\System32\drivers\htcnprot.sys [2012-12-7 36928]
S3 hwusbfake;Huawei DataCard USB Fake;C:\Windows\System32\drivers\ewusbfake.sys [2011-12-8 116224]
S3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);C:\Windows\System32\drivers\L1C62x64.sys [2009-6-11 57344]
S3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;C:\Windows\System32\drivers\SiSG664.sys [2009-6-11 56832]
S3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);C:\Windows\System32\drivers\ssudmdm.sys [2013-2-6 203544]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-2-19 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2011-2-19 31232]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-9-5 1255736]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-23 57184]
.
=============== Created Last 30 ================
.
2013-07-20 17:35:57 -------- d-----w- C:\Windows\ERUNT
2013-07-20 14:22:45 76232 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{D577256A-49DE-47A3-8203-58700C074F3D}\offreg.dll
2013-07-20 04:43:19 9460976 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{D577256A-49DE-47A3-8203-58700C074F3D}\mpengine.dll
2013-07-19 07:12:23 -------- d-----w- C:\Users\Ong Huan Yi\AppData\Roaming\Malwarebytes
2013-07-19 07:12:06 -------- d-----w- C:\ProgramData\Malwarebytes
2013-07-19 07:12:04 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
2013-07-19 07:12:04 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-07-19 07:05:26 339536 ----a-w- C:\Windows\System32\drivers\tmwfp.sys
2013-07-19 07:05:26 194640 ----a-w- C:\Windows\System32\drivers\tmlwf.sys
2013-07-11 06:27:52 9216 ----a-w- C:\Program Files (x86)\Windows Defender\MpAsDesc.dll
2013-07-11 06:27:52 571904 ----a-w- C:\Program Files\Windows Defender\MpClient.dll
2013-07-11 06:27:52 54784 ----a-w- C:\Program Files (x86)\Windows Defender\MpOAV.dll
2013-07-11 06:27:52 4608 ----a-w- C:\Program Files (x86)\Windows Defender\MsMpLics.dll
2013-07-11 06:27:52 392704 ----a-w- C:\Program Files (x86)\Windows Defender\MpClient.dll
2013-07-11 06:27:52 314880 ----a-w- C:\Program Files\Windows Defender\MpCommu.dll
2013-07-11 06:27:52 1011712 ----a-w- C:\Program Files\Windows Defender\MpSvc.dll
2013-07-11 06:27:46 624128 ----a-w- C:\Windows\System32\qedit.dll
2013-07-11 06:27:46 509440 ----a-w- C:\Windows\SysWow64\qedit.dll
2013-07-11 06:27:40 1887744 ----a-w- C:\Windows\System32\WMVDECOD.DLL
2013-07-11 06:27:40 1620480 ----a-w- C:\Windows\SysWow64\WMVDECOD.DLL
2013-07-11 06:26:39 3153920 ----a-w- C:\Windows\System32\win32k.sys
2013-07-11 06:26:38 936448 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\ink\journal.dll
2013-07-11 06:26:38 1732608 ----a-w- C:\Program Files\Windows Journal\NBDoc.DLL
2013-07-11 06:26:38 1402880 ----a-w- C:\Program Files\Windows Journal\JNWDRV.dll
2013-07-11 06:26:38 1393152 ----a-w- C:\Program Files\Windows Journal\JNTFiltr.dll
2013-07-11 06:26:38 1367040 ----a-w- C:\Program Files\Common Files\Microsoft Shared\ink\journal.dll
2013-07-11 06:25:18 1643520 ----a-w- C:\Windows\System32\DWrite.dll
2013-07-11 06:25:18 1247744 ----a-w- C:\Windows\SysWow64\DWrite.dll
.
==================== Find3M  ====================
.
2013-07-20 18:18:24 45056 ----a-w- C:\Windows\System32\acovcnt.exe
2013-06-11 23:43:37 1767936 ----a-w- C:\Windows\SysWow64\wininet.dll
2013-06-11 23:43:00 2877440 ----a-w- C:\Windows\SysWow64\jscript9.dll
2013-06-11 23:42:58 61440 ----a-w- C:\Windows\SysWow64\iesetup.dll
2013-06-11 23:42:58 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll
2013-06-11 23:26:20 2241024 ----a-w- C:\Windows\System32\wininet.dll
2013-06-11 23:25:16 3958784 ----a-w- C:\Windows\System32\jscript9.dll
2013-06-11 23:25:13 67072 ----a-w- C:\Windows\System32\iesetup.dll
2013-06-11 23:25:13 136704 ----a-w- C:\Windows\System32\iesysprep.dll
2013-06-11 22:51:45 71680 ----a-w- C:\Windows\SysWow64\RegisterIEPKEYs.exe
2013-06-11 22:50:58 89600 ----a-w- C:\Windows\System32\RegisterIEPKEYs.exe
2013-06-07 03:22:18 2706432 ----a-w- C:\Windows\System32\mshtml.tlb
2013-06-07 02:37:52 2706432 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2013-05-13 05:51:01 184320 ----a-w- C:\Windows\System32\cryptsvc.dll
2013-05-13 05:51:00 1464320 ----a-w- C:\Windows\System32\crypt32.dll
2013-05-13 05:51:00 139776 ----a-w- C:\Windows\System32\cryptnet.dll
2013-05-13 05:50:40 52224 ----a-w- C:\Windows\System32\certenc.dll
2013-05-13 04:45:55 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll
2013-05-13 04:45:55 1160192 ----a-w- C:\Windows\SysWow64\crypt32.dll
2013-05-13 04:45:55 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll
2013-05-13 03:43:55 1192448 ----a-w- C:\Windows\System32\certutil.exe
2013-05-13 03:08:10 903168 ----a-w- C:\Windows\SysWow64\certutil.exe
2013-05-13 03:08:06 43008 ----a-w- C:\Windows\SysWow64\certenc.dll
2013-05-10 05:49:27 30720 ----a-w- C:\Windows\System32\cryptdlg.dll
2013-05-10 03:20:54 24576 ----a-w- C:\Windows\SysWow64\cryptdlg.dll
2013-05-08 06:39:01 1910632 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2013-05-01 18:06:08 278800 ------w- C:\Windows\System32\MpSigStub.exe
2013-04-26 05:51:36 751104 ----a-w- C:\Windows\System32\win32spl.dll
2013-04-26 04:55:21 492544 ----a-w- C:\Windows\SysWow64\win32spl.dll
2013-04-25 23:30:32 1505280 ----a-w- C:\Windows\SysWow64\d3d11.dll
.
============= FINISH:  2:21:44.30 ===============
 
 
Link to post
Share on other sites

I have a few windows updates to make after the deletions.Should I update them?

Yes, you should.

Anything else I shoulddo to prevent future infections?

Here some tips:

users.telenet.be/bluepatchy/miekiemoes/prevention.html

Can I repeat the steps if I am ever infected again?

Depends, so if you have problem start a new thread and explain your problem.

Step 1

  • Download OTC to your desktop and run it
  • Click Yes to beginning the Cleanup process and remove these components, including this application.
  • You will be asked to reboot the machine to finish the Cleanup process. Choose Yes.
Step 2
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Uninstall
  • Confirm with Yes
Step 3

Some prevention tips:

users.telenet.be/bluepatchy/miekiemoes/prevention.html

Safe surfing! :)

Link to post
Share on other sites

  • Root Admin

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.