Infected Registry - Help - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|NextLive

silent_orchestra91 · January 27, 2014

Dear Support Team,

The recent log of my MBAM scan showed the following results. Is there anyway that I can completely remove the following programs from my system? Thank you.

____________________________________________

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2014.01.24.06

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.16476
Joon Kiat :: JOONKIAT-PC [administrator]

27/1/2014 11:06:15 PM
MBAM-log-2014-01-27 (23-16-06).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 245652
Time elapsed: 6 minute(s), 46 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 1
C:\Users\Joon Kiat\AppData\Roaming\newnext.me\nengine.dll (PUP.Optional.NextLive.A) -> No action taken.

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|NextLive (PUP.Optional.NextLive.A) -> Data: C:\Windows\SysWOW64\rundll32.exe "C:\Users\Joon Kiat\AppData\Roaming\newnext.me\nengine.dll",EntryPoint -m l -> No action taken.

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 4
C:\Users\Joon Kiat\AppData\Roaming\newnext.me (PUP.Optional.NextLive.A) -> No action taken.
C:\Users\Joon Kiat\AppData\Roaming\newnext.me\cache (PUP.Optional.NextLive.A) -> No action taken.
C:\Users\Joon Kiat\AppData\Local\TNT2 (PUP.Optional.TidyNetwork.A) -> No action taken.
C:\Users\Joon Kiat\AppData\Local\TNT2\2.0.0.1702 (PUP.Optional.TidyNetwork.A) -> No action taken.

Files Detected: 20
C:\Users\Joon Kiat\AppData\Local\Temp\nsn113E.exe (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Users\Joon Kiat\AppData\Local\Temp\nsn192B.exe (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Users\Joon Kiat\AppData\Local\Temp\nsn583F.exe (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Users\Joon Kiat\AppData\Local\Temp\nss5071.exe (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Users\Joon Kiat\AppData\Local\Temp\nsx4315.exe (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Users\Joon Kiat\AppData\Local\Temp\nsx5BD8.exe (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Users\Joon Kiat\AppData\Local\Temp\nsx941.exe (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Users\Joon Kiat\AppData\Roaming\newnext.me\nengine.dll (PUP.Optional.NextLive.A) -> No action taken.
C:\Users\Joon Kiat\AppData\Roaming\newnext.me\nengine.cookie (PUP.Optional.NextLive.A) -> No action taken.
C:\Users\Joon Kiat\AppData\Roaming\newnext.me\cache\spark.bin (PUP.Optional.NextLive.A) -> No action taken.
C:\Users\Joon Kiat\AppData\Local\TNT2\2.0.0.1702\crx.tar (PUP.Optional.TidyNetwork.A) -> No action taken.
C:\Users\Joon Kiat\AppData\Local\TNT2\2.0.0.1702\GLOBALUNINSTALL.TNT (PUP.Optional.TidyNetwork.A) -> No action taken.
C:\Users\Joon Kiat\AppData\Local\TNT2\2.0.0.1702\INSTALL.TNT (PUP.Optional.TidyNetwork.A) -> No action taken.
C:\Users\Joon Kiat\AppData\Local\TNT2\2.0.0.1702\PARTNER.TNT (PUP.Optional.TidyNetwork.A) -> No action taken.
C:\Users\Joon Kiat\AppData\Local\TNT2\2.0.0.1702\pinnedSearch.htm (PUP.Optional.TidyNetwork.A) -> No action taken.
C:\Users\Joon Kiat\AppData\Local\TNT2\2.0.0.1702\pinnedSearch_FindWide.htm (PUP.Optional.TidyNetwork.A) -> No action taken.
C:\Users\Joon Kiat\AppData\Local\TNT2\2.0.0.1702\RemoteSkin.wms (PUP.Optional.TidyNetwork.A) -> No action taken.
C:\Users\Joon Kiat\AppData\Local\TNT2\2.0.0.1702\UNINSTALL.TNT (PUP.Optional.TidyNetwork.A) -> No action taken.
C:\Users\Joon Kiat\AppData\Local\TNT2\2.0.0.1702\UPDATE.TNT (PUP.Optional.TidyNetwork.A) -> No action taken.
C:\Users\Joon Kiat\AppData\Local\TNT2\2.0.0.1702\xpi.tar (PUP.Optional.TidyNetwork.A) -> No action taken.

(end)

I have checked all of the above items for removal except for the HKCU PUP as I am not sure if that is safe to delete. Upon reboot, a windows error message that says that it cannot detect the rundll for mobogenie appears. Hence, I believe that there are still traces of the PUP in my computer and I wish to completely remove them. How do I go about doing this? Thank you.

kevinf80 · January 27, 2014

Hello and

P2P/Piracy Warning:

If you're using Peer 2 Peer software such as uTorrent, BitTorrent or similar you must either fully uninstall them or completely disable them from running while being assisted here.
Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.
If you have illegal/cracked software, cracks, keygens etc. on the system, please remove or uninstall them now and read the policy on Piracy.

Run Malwarebytes, Open > Settings Tab > Scanner Settings > Under action for PUP > Select: Show in Results List and Check for removal.

Please Update and run a Full scan

Make sure that everything is checked, and click Remove Selected on any found items.

Post the produced log..

Next,

Download AdwCleaner by Xplode from here: http://www.bleepingcomputer.com/download/adwcleaner/ and save to your Desktop.

Double click on AdwCleaner.exe to run the tool.
Vista/Windows 7/8 users right-click and select Run As Administrator
Click on the Scan button.
AdwCleaner will begin...be patient as the scan may take some time to complete.
When it's done you'll see: Pending: Uncheck any elements you don't want removed.
Now click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
Look over the log especially under Files/Folders for any program you want to save.
If there's a program you want to save, just uncheck it from AdwCleaner.
If you're not sure, post the log for review.
If you're ready to clean it all up.....click the Clean button.
After rebooting, a logfile report (AdwCleaner[s0].txt) will open automatically.
Copy and paste the contents of that logfile in your next reply.
A copy of that logfile will also be saved in the C:\AdwCleaner folder.
Items that are deleted are moved to the Quarantine Folder: C:\AdwCleaner\Quarantine
To restore an item that has been deleted (if necessary):
Go to Tools > Quarantine Manager > check what you want restored > now click on Restore.

Next,

Please download Junkware Removal Tool to your desktop.

Shut down your protection software now to avoid potential conflicts.
Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
The tool will open and start scanning your system.
Please be patient as this can take a while to complete depending on your system's specifications.
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
Post the contents of JRT.txt into your next message.

Next,

Download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

Let me see those logs..

Kevin

silent_orchestra91 · January 28, 2014

Dear Kevin,

Thanks for replying. I have attached the MBAM and AdwCleaner logs below. For MBAM, I have already checked the 3 items and removed them. I am not sure which file/folders and registry items that AdwCleaner detected are safe for deleting, hence, do advise on this so that I can proceed with the next step. Thank you.

___________________________________

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2014.01.28.03

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.16476
Joon Kiat :: JOONKIAT-PC [administrator]

28/1/2014 4:11:53 PM
MBAM-log-2014-01-28 (17-58-13).txt

Scan type: Full scan (C:\|D:\|Q:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 508555
Time elapsed: 1 hour(s), 27 minute(s), 45 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|NextLive (PUP.Optional.NextLive.A) -> Data: C:\Windows\SysWOW64\rundll32.exe "C:\Users\Joon Kiat\AppData\Roaming\newnext.me\nengine.dll",EntryPoint -m l -> No action taken.

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 2
D:\DTLite4461-0327.exe (PUP.Optional.OpenCandy) -> No action taken.
D:\winamp563_full_emusic-7plus_en-us.exe (PUP.Optional.OpenCandy) -> No action taken.

(end)

___________________________________

AdwCleaner Log

# AdwCleaner v3.017 - Report created 28/01/2014 at 18:42:54
# Updated 12/01/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Joon Kiat - JOONKIAT-PC
# Running from : C:\Users\Joon Kiat\Desktop\adwcleaner.exe
# Option : Scan

***** [ Services ] *****

***** [ Files / Folders ] *****

Folder Found C:\Program Files (x86)\MyPC Backup
Folder Found C:\Users\Joon Kiat\AppData\Local\genienext
Folder Found C:\Users\Joon Kiat\AppData\Local\Mobogenie
Folder Found C:\Users\Joon Kiat\Documents\Mobogenie

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Found : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777}
Key Found : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Key Found : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\MobogenieAdd
Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [mobilegeni daemon]

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.16428

-\\ Mozilla Firefox v26.0 (en-US)

[ File : C:\Users\Joon Kiat\AppData\Roaming\Mozilla\Firefox\Profiles\o608gk9v.default\prefs.js ]

-\\ Google Chrome v32.0.1700.76

[ File : C:\Users\Joon Kiat\AppData\Local\Google\Chrome\User Data\Default\preferences ]

*************************

AdwCleaner[R0].txt - [1571 octets] - [28/01/2014 18:42:54]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [1631 octets] ##########

silent_orchestra91 · January 28, 2014

Sorry here is the MBAM log following removal, I have posted the wrong one earlier.

____________________________________

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2014.01.28.03

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.16476
Joon Kiat :: JOONKIAT-PC [administrator]

28/1/2014 4:11:53 PM
mbam-log-2014-01-28 (16-11-53).txt

Scan type: Full scan (C:\|D:\|Q:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 508555
Time elapsed: 1 hour(s), 27 minute(s), 45 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|NextLive (PUP.Optional.NextLive.A) -> Data: C:\Windows\SysWOW64\rundll32.exe "C:\Users\Joon Kiat\AppData\Roaming\newnext.me\nengine.dll",EntryPoint -m l -> Quarantined and deleted successfully.

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 2
D:\DTLite4461-0327.exe (PUP.Optional.OpenCandy) -> Quarantined and deleted successfully.
D:\winamp563_full_emusic-7plus_en-us.exe (PUP.Optional.OpenCandy) -> Quarantined and deleted successfully.

(end)

kevinf80 · January 28, 2014

Remove all found entries in AdwCleaner log as per instructions, then continue with the other steps..

Thank you,

Kevin

silent_orchestra91 · January 28, 2014

Dear Kevin,

I have proceeded with the steps. AdwCleaner seems to have found lesser items upon the second scan but nonetheless, I went ahead with it and removed those items.

The logs are as follow. What should I do from here? Thank you for your help.

_____________________________________________

# AdwCleaner v3.010 - Report created 29/01/2014 at 01:23:24
# Updated 20/10/2013 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Joon Kiat - JOONKIAT-PC
# Running from : C:\Users\Joon Kiat\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

Folder Deleted : C:\Program Files (x86)\MyPC Backup

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.16428

-\\ Mozilla Firefox v26.0 (en-US)

[ File : C:\Users\Joon Kiat\AppData\Roaming\Mozilla\Firefox\Profiles\o608gk9v.default\prefs.js ]

-\\ Google Chrome v32.0.1700.76

[ File : C:\Users\Joon Kiat\AppData\Local\Google\Chrome\User Data\Default\preferences ]

*************************

AdwCleaner[R0].txt - [1711 octets] - [28/01/2014 18:42:54]
AdwCleaner[R1].txt - [1325 octets] - [29/01/2014 01:17:28]
AdwCleaner[R2].txt - [1385 octets] - [29/01/2014 01:18:01]
AdwCleaner[R3].txt - [1445 octets] - [29/01/2014 01:20:02]
AdwCleaner[s0].txt - [1329 octets] - [29/01/2014 01:23:24]

########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [1389 octets] ##########

________________________________________________

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.0 (01.07.2014:1)
OS: Windows 7 Home Premium x64
Ran by Joon Kiat on 29/01/2014 Wed at 1:39:49.87
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-21-1795884077-2746576003-4273307639-1001\Software\Microsoft\Internet Explorer\Main\\Start Page

~~~ Registry Keys

~~~ Files

Successfully deleted: [File] C:\Windows\syswow64\sho759D.tmp
Successfully deleted: [File] C:\Windows\syswow64\sho85A2.tmp
Successfully deleted: [File] C:\Windows\syswow64\shoD5F5.tmp
Successfully deleted: [File] C:\Windows\syswow64\shoF47D.tmp
Successfully deleted: [File] C:\Windows\syswow64\shoF5FF.tmp

~~~ Folders

Successfully deleted: [Empty Folder] C:\Users\Joon Kiat\appdata\local\{256562D3-EA6D-4D7E-ABDC-F62702E6BF3D}
Successfully deleted: [Empty Folder] C:\Users\Joon Kiat\appdata\local\{4A49FE04-425D-4A8B-99B2-A1352E43B0A8}
Successfully deleted: [Empty Folder] C:\Users\Joon Kiat\appdata\local\{616623D6-31EB-45D2-8326-53B761D24C97}
Successfully deleted: [Empty Folder] C:\Users\Joon Kiat\appdata\local\{7DD21454-997B-46A5-8619-074AB21982EC}
Successfully deleted: [Empty Folder] C:\Users\Joon Kiat\appdata\local\{8EB92DDE-897F-4B59-B1FB-2714B3FFCDA9}
Successfully deleted: [Empty Folder] C:\Users\Joon Kiat\appdata\local\{C58791D2-BA5D-4147-8F1C-EF92CE6B1FFC}
Successfully deleted: [Empty Folder] C:\Users\Joon Kiat\appdata\local\{C749B263-6B2C-4F8B-95B5-4B807C300371}
Successfully deleted: [Empty Folder] C:\Users\Joon Kiat\appdata\local\{D4C4846A-418C-405E-958B-6872E95E7823}
Successfully deleted: [Empty Folder] C:\Users\Joon Kiat\appdata\local\{E82E398B-F735-48C2-A42B-3D31254888BD}
Successfully deleted: [Empty Folder] C:\Users\Joon Kiat\appdata\local\{EF43F0E6-6EDB-4112-9C38-5636C0DC02E5}

~~~ FireFox

Emptied folder: C:\Users\Joon Kiat\AppData\Roaming\mozilla\firefox\profiles\o608gk9v.default\minidumps [92 files]

~~~ Event Viewer Logs were cleared

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 29/01/2014 Wed at 1:46:17.14
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

___________________________________________________________________

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 27-01-2014 02
Ran by Joon Kiat (administrator) on JOONKIAT-PC on 29-01-2014 01:47:15
Running from C:\Users\Joon Kiat\Desktop\Logs
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Lenovo (Beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\utility.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
() C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeySupport.exe
(Synaptics) C:\Program Files\Synaptics\SynTP\SynLenovoGestureMgr.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\afwServ.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
( ) C:\Program Files (x86)\LockKey\LockKey.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
() C:\Program Files\Lenovo\Intelligent Touchpad\TouchZone.exe
(CyberLink) C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe
(Lenovo) C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe
(Nullsoft, Inc.) C:\Program Files (x86)\Winamp\winampa.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
() C:\Program Files\Realtek\Audio\HDA\FMAPP.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(CANON INC.) C:\Windows\System32\spool\drivers\x64\3\CNAP2LAK.EXE
(CANON INC.) C:\Windows\System32\spool\drivers\x64\3\CNAP2RPK.EXE
(CANON INC.) C:\Windows\System32\spool\drivers\x64\3\CNABCSWK.EXE
(CANON INC.) C:\Windows\System32\spool\drivers\x64\3\CNABCSWK.EXE
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Speedbit Ltd.) C:\Program Files (x86)\DAP\DAP.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe
(Dropbox, Inc.) C:\Users\Joon Kiat\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\BTStackServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\WINWORD.EXE

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [synTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2866960 2011-12-16] (Synaptics Incorporated)
HKLM\...\Run: [synLenovoGestureMgr] - C:\Program Files\Synaptics\SynTP\SynLenovoGestureMgr.exe [410896 2011-12-16] (Synaptics)
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12343400 2011-12-27] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] - C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1156712 2011-11-15] (Realtek Semiconductor)
HKLM\...\Run: [OnekeyStudio] - C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe [789856 2012-03-29] (Lenovo)
HKLM\...\Run: [updatePRCShortCut] - C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe [222504 2009-05-14] (CyberLink Corp.)
HKLM\...\Run: [Energy Management] - C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [8076848 2012-03-29] (Lenovo (Beijing) Limited)
HKLM\...\Run: [EnergyUtility] - C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe [6199344 2012-03-29] (Lenovo(beijing) Limited)
HKLM\...\Run: [Lenovo EE Boot Optimizer] - C:\Program Files (x86)\Lenovo\Boot Optimizer\PopWnd.exe [206176 2012-03-29] (Lenovo)
HKLM\...\Run: [CNAP2 Launcher] - C:\Windows\system32\spool\DRIVERS\x64\3\CNAP2LAK.EXE [226784 2010-01-11] (CANON INC.)
HKLM-x32\...\Run: [uSB3MON] - C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291096 2011-12-05] (Intel Corporation)
HKLM-x32\...\Run: [LockKey] - C:\Program Files (x86)\LockKey\LockKey.exe [337776 2011-08-26] ( )
HKLM-x32\...\Run: [iAStorIcon] - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284440 2011-11-30] (Intel Corporation)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-22] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [intelligent Touchpad] - C:\Program Files\Lenovo\Intelligent Touchpad\TouchZone.exe [291272 2011-12-09] ()
HKLM-x32\...\Run: [YouCam Mirage] - C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe [136488 2011-01-29] (CyberLink)
HKLM-x32\...\Run: [YouCam Tray] - C:\Program Files (x86)\Lenovo\YouCam\YouCam.exe [228448 2011-01-29] (CyberLink Corp.)
HKLM-x32\...\Run: [updateP2GShortCut] - C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [222504 2010-07-27] (CyberLink Corp.)
HKLM-x32\...\Run: [VeriFaceManager] - C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe [329056 2012-03-29] (Lenovo)
HKLM-x32\...\Run: [updatePRCShortCut] - C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe [222504 2009-05-14] (CyberLink Corp.)
HKLM-x32\...\Run: [WinampAgent] - C:\Program Files (x86)\Winamp\winampa.exe [74752 2012-06-28] (Nullsoft, Inc.)
HKLM-x32\...\Run: [amd_dc_opt] - C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe [77824 2008-07-22] (AMD)
HKLM-x32\...\Run: [AvastUI.exe] - C:\Program Files\AVAST Software\Avast\AvastUI.exe [3767096 2014-01-26] (AVAST Software)
HKLM-x32\...\Run: [sunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [mobilegeni daemon] - C:\Program Files (x86)\Mobogenie\DaemonProcess.exe
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKCU\...\Run: [steam] - C:\Program Files (x86)\Steam\steam.exe [1815976 2014-01-28] (Valve Corporation)
HKCU\...\Run: [DownloadAccelerator] - C:\Program Files (x86)\DAP\DAP.EXE [3811544 2012-12-29] (Speedbit Ltd.)
HKCU\...\Run: [Google Update] - C:\Users\Joon Kiat\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2012-09-24] (Google Inc.)
HKCU\...\Run: [GoogleDriveSync] - C:\Program Files (x86)\Google\Drive\googledrivesync.exe [20203904 2013-12-06] (Google)
HKU\UpdatusUser\...\Run: [Power2GoExpress] - NA
AppInit_DLLs: C:\Windows\System32\nvinitx.dll,C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [246024 2012-12-29] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [201728 2012-12-29] (NVIDIA Corporation)
Lsa: [Notification Packages] scecli C:\Program Files\Lenovo\Bluetooth Software\BtwProximityCP.dll
Startup: C:\Users\Joon Kiat\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Joon Kiat\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://xin.msn.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x57EA3C2A7E1BCF01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-SG
HKLM\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com/
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com/
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
BHO: avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: TmBpIeBHO Class - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\Module\20002\7.1.1104\7.1.1104\TmBpIe64.dll No File
BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: TmBpIeBHO Class - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\Module\20002\7.1.1104\7.1.1104\TmBpIe32.dll No File
BHO-x32: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM - avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKLM-x32 - avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab
Handler: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\Module\20002\7.1.1104\7.1.1104\TmBpIe64.dll No File
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Handler-x32: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\Module\20002\7.1.1104\7.1.1104\TmBpIe32.dll No File
Tcpip\Parameters: [DhcpNameServer] 137.132.0.254 137.132.0.252

FireFox:
========
FF ProfilePath: C:\Users\Joon Kiat\AppData\Roaming\Mozilla\Firefox\Profiles\o608gk9v.default
FF DefaultSearchEngine: user_pref("browser.search.defaultenginename", "");
FF SelectedSearchEngine: user_pref("browser.search.selectedEngine", "");
FF Homepage: https://www.google.com.sg/
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_43.dll ()
FF Plugin: @java.com/DTPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_43.dll ()
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf - C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf - C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.52 - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.8 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.1 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @talk.google.com/GoogleTalkPlugin - C:\Users\Joon Kiat\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKCU: @talk.google.com/O1DPlugin - C:\Users\Joon Kiat\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF Plugin HKCU: @talk.google.com/O3DPlugin - C:\Users\Joon Kiat\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Joon Kiat\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Joon Kiat\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll (Nullsoft, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Joon Kiat\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Joon Kiat\AppData\Roaming\mozilla\plugins\npgtpo3dautoplugin.dll ()
FF Plugin ProgramFiles/Appdata: C:\Users\Joon Kiat\AppData\Roaming\mozilla\plugins\npo1d.dll (Google)
FF Extension: No Name - C:\Users\Joon Kiat\AppData\Roaming\Mozilla\Firefox\Profiles\o608gk9v.default\Extensions\trash [2014-01-27]
FF Extension: WOT - C:\Users\Joon Kiat\AppData\Roaming\Mozilla\Firefox\Profiles\o608gk9v.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2013-11-27]
FF Extension: NoScript - C:\Users\Joon Kiat\AppData\Roaming\Mozilla\Firefox\Profiles\o608gk9v.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2012-09-01]
FF Extension: Adblock Plus - C:\Users\Joon Kiat\AppData\Roaming\Mozilla\Firefox\Profiles\o608gk9v.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012-09-01]
FF HKLM-x32\...\Firefox\Extensions: [{38783831-6098-4faa-A9C9-1EE1E343F4D2}] - C:\Program Files\Trend Micro\AMSP\Module\20002\7.1.1104\7.1.1104\firefoxextension
FF HKLM-x32\...\Firefox\Extensions: [daplinkchecker@speedbit.com] - C:\Program Files (x86)\DAP\daplinkchecker
FF Extension: DAP Link Checker - C:\Program Files (x86)\DAP\daplinkchecker [2012-12-29]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2013-11-03]
FF HKCU\...\Firefox\Extensions: [{F17C1572-C9EC-4e5c-A542-D05CBB5C5A08}] - C:\Program Files (x86)\DAP\DAPFireFox
FF Extension: Download Accelerator Plus (DAP) extension - C:\Program Files (x86)\DAP\DAPFireFox [2012-12-29]

Chrome:
=======

CHR DefaultSearchKeyword: google.com.sg
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.89\PepperFlash\pepflashplayer.dll No File
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.76\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_265.dll No File
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.76\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.76\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
CHR Plugin: (Windows Live Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll No File
CHR Extension: (Google Drive) - C:\Users\Joon Kiat\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2012-10-05]
CHR Extension: (WOT) - C:\Users\Joon Kiat\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp [2012-10-09]
CHR Extension: (YouTube) - C:\Users\Joon Kiat\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-09-01]
CHR Extension: (DAP Link Checker) - C:\Users\Joon Kiat\AppData\Local\Google\Chrome\User Data\Default\Extensions\bodfdknjhecmadheclfjkhhiofeagdbh [2012-12-30]
CHR Extension: (Facebook) - C:\Users\Joon Kiat\AppData\Local\Google\Chrome\User Data\Default\Extensions\boeajhmfdjldchidhphikilcgdacljfm [2012-09-01]
CHR Extension: (Google+) - C:\Users\Joon Kiat\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlppkpafhbajpcmmoheippocdidnckmm [2012-10-05]
CHR Extension: (Google Calendar) - C:\Users\Joon Kiat\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn [2012-09-01]
CHR Extension: (101 Smart Goals) - C:\Users\Joon Kiat\AppData\Local\Google\Chrome\User Data\Default\Extensions\fbjcponjocgnggkadollnheobeipihfo [2013-10-26]
CHR Extension: (AdBlock) - C:\Users\Joon Kiat\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2012-09-01]
CHR Extension: (Dictionary by Dictionary.com) - C:\Users\Joon Kiat\AppData\Local\Google\Chrome\User Data\Default\Extensions\gikhgcaliglmioibbockkmjknfnepbdh [2012-09-12]
CHR Extension: (avast! Online Security) - C:\Users\Joon Kiat\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2013-11-03]
CHR Extension: (Lone Tree) - C:\Users\Joon Kiat\AppData\Local\Google\Chrome\User Data\Default\Extensions\hfmkllfplegemejikoabfpjdaoncphip [2013-09-20]
CHR Extension: (Dropbox) - C:\Users\Joon Kiat\AppData\Local\Google\Chrome\User Data\Default\Extensions\ioekoebejdcmnlefjiknokhhafglcjdl [2013-03-31]
CHR Extension: (Google Maps) - C:\Users\Joon Kiat\AppData\Local\Google\Chrome\User Data\Default\Extensions\lneaknkopdijkpnocmklfnjbeapigfbh [2012-10-05]
CHR Extension: (DotA 2 Match Ticker) - C:\Users\Joon Kiat\AppData\Local\Google\Chrome\User Data\Default\Extensions\nejdjlaibiicicciokonbbkecjleilon [2013-10-25]
CHR Extension: (Google Wallet) - C:\Users\Joon Kiat\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-02]
CHR Extension: (My Chrome Theme) - C:\Users\Joon Kiat\AppData\Local\Google\Chrome\User Data\Default\Extensions\oehpjpccmlcalbenfhnacjeocbjdonic [2012-10-05]
CHR Extension: (Gmail) - C:\Users\Joon Kiat\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-09-01]
CHR HKLM-x32\...\Chrome\Extension: [bodfdknjhecmadheclfjkhhiofeagdbh] - C:\Program Files (x86)\DAP\daplinkchecker.crx [2012-12-29]
CHR HKLM-x32\...\Chrome\Extension: [ffdcfjdljhbehggjdkdioajnknjcpbjb] - C:\Program Files (x86)\DAP\DAPChrome\DAPChrome6.crx [2012-12-29]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2013-11-03]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Services (Whitelisted) =================

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-01-26] (AVAST Software)
R2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [113704 2014-01-26] (AVAST Software)
R2 btwdins; C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe [1086752 2011-12-23] (Broadcom Corporation.)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [161560 2011-12-17] (Intel Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
S2 NSDSvc; C:\Windows\System32\NSDSvc.exe [120160 2011-12-24] (Lenovo)
R2 OfficeSvc; C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [1907896 2013-10-31] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [28184 2013-11-03] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [78648 2014-01-26] (AVAST Software)
R1 aswNdisFlt; C:\Windows\System32\DRIVERS\aswNdisFlt.sys [440672 2014-01-26] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [92544 2013-11-03] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2013-11-03] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1038072 2014-01-26] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [421704 2014-01-26] (AVAST Software)
S3 aswStm; C:\Windows\system32\drivers\aswStm.sys [80184 2014-01-26] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [207904 2014-01-08] ()
R3 bcbtums; C:\Windows\System32\drivers\bcbtums.sys [134696 2011-12-23] (Broadcom Corporation.)
R3 BTWDPAN; C:\Windows\System32\DRIVERS\btwdpan.sys [89640 2011-12-23] (Broadcom Corporation.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R0 NSD; C:\Windows\System32\drivers\nsd.sys [24160 2011-12-24] (Lenovo Corporation")
R1 Nsdfltr; C:\Windows\System32\drivers\Nsdfltr.sys [59488 2011-12-22] (Lenovo Corporation)
R3 rtsuvc; C:\Windows\System32\DRIVERS\rtsuvc.sys [8208488 2011-09-06] (Realtek Semiconductor Corp.)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [564824 2012-12-01] (Duplex Secure Ltd.)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
U3 BcmSqlStartupSvc;
U2 CLKMSVC10_3A60B698;
U2 CLKMSVC10_C3B3B687;
U2 DriverService;
U2 iATAgentService;
U2 idealife Update Service;
U3 IGRS;
U2 IviRegMgr;
U2 Oasis2Service;
U2 PCCarerService;
U2 ReadyComm.DirectRouter;
U2 RichVideo;
U2 RtLedService;
U2 SeaPort;
U2 SoftwareService;
U3 SQLWriter;

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2014-01-29 01:47 - 2014-01-29 01:47 - 00000000 ____D C:\FRST
2014-01-29 01:46 - 2014-01-29 01:46 - 00002915 _____ C:\Users\Joon Kiat\Desktop\JRT.txt
2014-01-29 01:25 - 2014-01-29 01:25 - 00001469 _____ C:\Users\Joon Kiat\Desktop\AdwCleaner[s0].txt
2014-01-29 01:21 - 2014-01-29 01:21 - 00012288 ___SH C:\Users\Joon Kiat\Thumbs.db
2014-01-29 01:16 - 2014-01-29 01:19 - 01060070 _____ C:\Users\Joon Kiat\Desktop\AdwCleaner.exe
2014-01-28 18:42 - 2014-01-29 01:23 - 00000000 ____D C:\AdwCleaner
2014-01-21 18:39 - 2014-01-21 18:39 - 00000000 ____D C:\Users\Public\Foxit Software
2014-01-21 18:35 - 2014-01-21 18:35 - 00002065 _____ C:\Users\Public\Desktop\Foxit Reader.lnk
2014-01-21 18:35 - 2014-01-21 18:35 - 00000000 ____D C:\Program Files (x86)\FOXIT SOFTWARE
2014-01-20 21:25 - 2014-01-29 01:34 - 00063029 _____ C:\FaceProv.log
2014-01-20 21:19 - 2014-01-20 21:19 - 00000000 ____D C:\Program Files\WinDjView
2014-01-20 18:00 - 2014-01-21 22:55 - 00011719 _____ C:\Users\Joon Kiat\Desktop\Sheares Production Front of House Schedule.xlsx
2014-01-18 22:14 - 2013-12-18 21:09 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-01-18 22:14 - 2013-12-18 21:04 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-01-18 22:14 - 2013-12-18 21:04 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-01-18 22:14 - 2013-12-18 21:03 - 00174504 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-01-18 22:13 - 2014-01-18 22:14 - 00005146 _____ C:\Windows\SysWOW64\jupdate-1.7.0_51-b13.log
2014-01-15 14:02 - 2014-01-28 20:24 - 00011429 _____ C:\Users\Joon Kiat\Desktop\Tshirt sizes.xlsx
2014-01-15 11:22 - 2013-11-27 09:41 - 00343040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2014-01-15 11:22 - 2013-11-27 09:41 - 00325120 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2014-01-15 11:22 - 2013-11-27 09:41 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2014-01-15 11:22 - 2013-11-27 09:41 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2014-01-15 11:22 - 2013-11-27 09:41 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2014-01-15 11:22 - 2013-11-27 09:41 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys
2014-01-15 11:22 - 2013-11-27 09:41 - 00007808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2014-01-15 11:22 - 2013-11-26 19:40 - 00376768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2014-01-15 11:22 - 2013-11-26 18:32 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-01-13 22:02 - 2014-01-13 22:02 - 00013918 _____ C:\Users\Joon Kiat\Desktop\IHG 1314 Contact List.xlsx
2014-01-13 00:53 - 2014-01-13 00:54 - 00004717 _____ C:\Windows\SysWOW64\jupdate-1.7.0_45-b18.log
2014-01-13 00:52 - 2014-01-18 22:14 - 00000000 ____D C:\ProgramData\Oracle
2014-01-13 00:52 - 2014-01-13 00:52 - 00312744 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-01-13 00:52 - 2014-01-13 00:52 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-01-13 00:52 - 2014-01-13 00:52 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-01-13 00:52 - 2014-01-13 00:52 - 00108968 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2014-01-13 00:52 - 2014-01-13 00:52 - 00000000 ____D C:\Program Files\Java
2014-01-08 18:12 - 2014-01-26 22:23 - 00080184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswstm.sys
2014-01-03 13:31 - 2014-01-03 13:31 - 00000000 ____D C:\Users\Joon Kiat\AppData\Local\Foxit Reader

==================== One Month Modified Files and Folders =======

2014-01-29 01:47 - 2014-01-29 01:47 - 00000000 ____D C:\FRST
2014-01-29 01:46 - 2014-01-29 01:46 - 00002915 _____ C:\Users\Joon Kiat\Desktop\JRT.txt
2014-01-29 01:37 - 2009-07-14 12:45 - 00032064 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-01-29 01:37 - 2009-07-14 12:45 - 00032064 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-01-29 01:36 - 2012-03-29 08:57 - 01807169 _____ C:\Windows\WindowsUpdate.log
2014-01-29 01:35 - 2012-10-01 00:53 - 00000924 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1795884077-2746576003-4273307639-1001UA.job
2014-01-29 01:34 - 2014-01-20 21:25 - 00063029 _____ C:\FaceProv.log
2014-01-29 01:32 - 2013-03-17 22:56 - 00000000 ____D C:\Users\Joon Kiat\AppData\Roaming\Dropbox
2014-01-29 01:32 - 2012-09-30 22:43 - 00000000 ____D C:\Users\Joon Kiat\Desktop\Sheares Production
2014-01-29 01:31 - 2013-03-17 22:59 - 00000000 ___RD C:\Users\Joon Kiat\Dropbox
2014-01-29 01:30 - 2013-10-31 23:52 - 00000000 ___RD C:\Users\Joon Kiat\Google Drive
2014-01-29 01:30 - 2012-12-29 17:22 - 00000000 ____D C:\Users\Joon Kiat\AppData\Roaming\EQATEC Analytics
2014-01-29 01:30 - 2012-09-01 18:23 - 00000000 ____D C:\Program Files (x86)\Steam
2014-01-29 01:30 - 2012-09-01 17:55 - 00000000 ___RD C:\Users\Joon Kiat\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-01-29 01:29 - 2012-03-29 09:40 - 00156056 _____ C:\Windows\system32\fastboot.set
2014-01-29 01:29 - 2012-03-29 09:39 - 00000908 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-01-29 01:29 - 2012-03-29 09:35 - 00000000 ____D C:\ProgramData\VeriFace
2014-01-29 01:28 - 2009-07-14 13:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2014-01-29 01:28 - 2009-07-14 12:51 - 00075902 _____ C:\Windows\setupact.log
2014-01-29 01:25 - 2014-01-29 01:25 - 00001469 _____ C:\Users\Joon Kiat\Desktop\AdwCleaner[s0].txt
2014-01-29 01:23 - 2014-01-28 18:42 - 00000000 ____D C:\AdwCleaner
2014-01-29 01:21 - 2014-01-29 01:21 - 00012288 ___SH C:\Users\Joon Kiat\Thumbs.db
2014-01-29 01:21 - 2012-09-01 17:52 - 00000000 ____D C:\Users\Joon Kiat
2014-01-29 01:20 - 2012-03-29 09:39 - 00000912 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-01-29 01:19 - 2014-01-29 01:16 - 01060070 _____ C:\Users\Joon Kiat\Desktop\AdwCleaner.exe
2014-01-29 01:15 - 2013-12-27 14:12 - 00000000 ____D C:\Users\Joon Kiat\Desktop\New folder
2014-01-29 01:15 - 2013-05-15 16:33 - 00000000 ____D C:\Users\Joon Kiat\Desktop\CV_Resume
2014-01-29 01:14 - 2012-09-01 20:16 - 00000000 ____D C:\Users\Joon Kiat\AppData\Roaming\vlc
2014-01-29 01:13 - 2013-11-03 01:52 - 00004182 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2014-01-28 20:27 - 2013-11-02 22:17 - 00000000 ____D C:\Users\Joon Kiat\Desktop\Literature
2014-01-28 20:27 - 2013-01-05 17:51 - 00000000 ____D C:\Users\Joon Kiat\Desktop\NUS
2014-01-28 20:24 - 2014-01-15 14:02 - 00011429 _____ C:\Users\Joon Kiat\Desktop\Tshirt sizes.xlsx
2014-01-28 17:59 - 2010-11-21 11:47 - 01501108 _____ C:\Windows\PFRO.log
2014-01-28 16:35 - 2012-10-01 00:53 - 00000872 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1795884077-2746576003-4273307639-1001Core.job
2014-01-28 13:08 - 2013-10-13 12:42 - 00000000 ____D C:\Users\Joon Kiat\AppData\Local\CrashDumps
2014-01-26 22:24 - 2013-11-03 01:53 - 00002043 _____ C:\Users\Public\Desktop\avast! SafeZone.lnk
2014-01-26 22:24 - 2013-11-03 01:53 - 00001983 _____ C:\Users\Public\Desktop\avast! Internet Security.lnk
2014-01-26 22:23 - 2014-01-08 18:12 - 00080184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswstm.sys
2014-01-26 22:23 - 2013-11-03 01:52 - 01038072 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2014-01-26 22:23 - 2013-11-03 01:52 - 00421704 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2014-01-26 22:23 - 2013-11-03 01:52 - 00078648 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-01-26 22:23 - 2013-11-03 01:51 - 00440672 _____ (AVAST Software) C:\Windows\system32\Drivers\aswNdisFlt.sys
2014-01-26 22:23 - 2013-11-03 01:51 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-01-26 22:23 - 2013-09-03 00:13 - 00334136 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-01-26 19:34 - 2012-09-01 17:17 - 00000000 ____D C:\Users\Joon Kiat\AppData\Roaming\Mozilla
2014-01-26 15:05 - 2009-07-14 13:13 - 00795320 _____ C:\Windows\system32\PerfStringBackup.INI
2014-01-22 21:39 - 2012-09-01 17:44 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-01-22 21:39 - 2012-09-01 17:44 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-01-21 22:55 - 2014-01-20 18:00 - 00011719 _____ C:\Users\Joon Kiat\Desktop\Sheares Production Front of House Schedule.xlsx
2014-01-21 18:39 - 2014-01-21 18:39 - 00000000 ____D C:\Users\Public\Foxit Software
2014-01-21 18:35 - 2014-01-21 18:35 - 00002065 _____ C:\Users\Public\Desktop\Foxit Reader.lnk
2014-01-21 18:35 - 2014-01-21 18:35 - 00000000 ____D C:\Program Files (x86)\FOXIT SOFTWARE
2014-01-21 18:35 - 2012-10-12 20:58 - 00000000 ____D C:\Users\Joon Kiat\AppData\Roaming\Foxit Software
2014-01-20 21:19 - 2014-01-20 21:19 - 00000000 ____D C:\Program Files\WinDjView
2014-01-19 22:04 - 2009-07-14 12:45 - 00364888 _____ C:\Windows\system32\FNTCACHE.DAT
2014-01-19 20:28 - 2013-01-02 01:32 - 00000000 ____D C:\Users\Joon Kiat\AppData\Local\Deployment
2014-01-19 20:28 - 2012-09-01 17:55 - 00076856 _____ C:\Users\Joon Kiat\AppData\Local\GDIPFONTCACHEV1.DAT
2014-01-19 16:12 - 2012-09-01 17:59 - 00000000 ____D C:\Users\Joon Kiat\Documents\Bluetooth Exchange Folder
2014-01-18 22:14 - 2014-01-18 22:13 - 00005146 _____ C:\Windows\SysWOW64\jupdate-1.7.0_51-b13.log
2014-01-18 22:14 - 2014-01-13 00:52 - 00000000 ____D C:\ProgramData\Oracle
2014-01-18 22:14 - 2013-09-03 02:31 - 00000000 ____D C:\Program Files (x86)\Java
2014-01-18 13:46 - 2013-03-17 22:59 - 00001044 _____ C:\Users\Joon Kiat\Desktop\Dropbox.lnk
2014-01-18 13:46 - 2013-03-17 22:57 - 00000000 ____D C:\Users\Joon Kiat\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-01-17 10:47 - 2012-03-29 09:39 - 00002194 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2014-01-17 01:13 - 2013-09-08 18:08 - 00000000 ____D C:\Program Files\Microsoft Office 15
2014-01-16 10:55 - 2013-08-16 09:07 - 00000000 ____D C:\Windows\system32\MRT
2014-01-16 10:52 - 2012-09-01 17:20 - 86054176 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-01-13 22:02 - 2014-01-13 22:02 - 00013918 _____ C:\Users\Joon Kiat\Desktop\IHG 1314 Contact List.xlsx
2014-01-13 00:54 - 2014-01-13 00:53 - 00004717 _____ C:\Windows\SysWOW64\jupdate-1.7.0_45-b18.log
2014-01-13 00:52 - 2014-01-13 00:52 - 00312744 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-01-13 00:52 - 2014-01-13 00:52 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-01-13 00:52 - 2014-01-13 00:52 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-01-13 00:52 - 2014-01-13 00:52 - 00108968 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2014-01-13 00:52 - 2014-01-13 00:52 - 00000000 ____D C:\Program Files\Java
2014-01-08 18:12 - 2013-11-03 01:52 - 00207904 _____ C:\Windows\system32\Drivers\aswVmm.sys
2014-01-08 10:53 - 2012-03-29 09:11 - 00000000 ____D C:\Windows\SysWOW64\NV
2014-01-08 10:53 - 2012-03-29 09:11 - 00000000 ____D C:\Windows\system32\NV
2014-01-08 10:53 - 2012-03-29 09:06 - 00000000 ____D C:\ProgramData\NVIDIA
2014-01-06 20:38 - 2009-07-14 13:09 - 00000000 ____D C:\Windows\System32\Tasks\WPD
2014-01-06 20:37 - 2012-09-01 17:17 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2014-01-05 16:08 - 2013-09-08 14:00 - 00001081 _____ C:\Users\Public\Desktop\VLC media player.lnk
2014-01-03 13:31 - 2014-01-03 13:31 - 00000000 ____D C:\Users\Joon Kiat\AppData\Local\Foxit Reader

Some content of TEMP:
====================
C:\Users\Joon Kiat\AppData\Local\Temp\BackupSetup.exe
C:\Users\Joon Kiat\AppData\Local\Temp\Checkupdate.exe
C:\Users\Joon Kiat\AppData\Local\Temp\Foxit Reader Updater.exe
C:\Users\Joon Kiat\AppData\Local\Temp\Foxit Updater.exe
C:\Users\Joon Kiat\AppData\Local\Temp\gcapi_dll.dll
C:\Users\Joon Kiat\AppData\Local\Temp\gtapi_signed.dll
C:\Users\Joon Kiat\AppData\Local\Temp\jre-7u11-windows-i586-iftw.exe
C:\Users\Joon Kiat\AppData\Local\Temp\jre-7u17-windows-i586-iftw.exe
C:\Users\Joon Kiat\AppData\Local\Temp\jre-7u21-windows-i586-iftw.exe
C:\Users\Joon Kiat\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe
C:\Users\Joon Kiat\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe
C:\Users\Joon Kiat\AppData\Local\Temp\OfficeSetup.exe
C:\Users\Joon Kiat\AppData\Local\Temp\vcredist_x64.exe
C:\Users\Joon Kiat\AppData\Local\Temp\vlc-2.0.4-win32.exe
C:\Users\Joon Kiat\AppData\Local\Temp\vlc-2.0.5-win32.exe
C:\Users\Joon Kiat\AppData\Local\Temp\vlc-2.0.7-win32.exe
C:\Users\Joon Kiat\AppData\Local\Temp\vlc-2.0.8-win32.exe
C:\Users\Joon Kiat\AppData\Local\Temp\vlc-2.1.1-win32.exe
C:\Users\Joon Kiat\AppData\Local\Temp\vlc-2.1.2-win32.exe

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

LastRegBack: 2014-01-19 14:01

==================== End Of Log ============================

______________________________________________________________

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 27-01-2014 02
Ran by Joon Kiat at 2014-01-29 01:47:42
Running from C:\Users\Joon Kiat\Desktop\Logs
Boot Mode: Normal
==========================================================

==================== Security Center ========================

AV: avast! Internet Security (Disabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Internet Security (Disabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
FW: avast! Internet Security (Disabled) {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0}

==================== Installed Programs ======================

Adobe Flash Player 12 Plugin (x32 Version: 12.0.0.43 - Adobe Systems Incorporated)
Adobe Reader X (10.1.9) (x32 Version: 10.1.9 - Adobe Systems Incorporated)
Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver (x32 Version: 2.0.9.9 - Atheros Communications Inc.)
Atheros WLAN Client Installation Program (x32 Version: 7.0 - Atheros)
avast! Internet Security (x32 Version: 9.0.2013 - Avast Software)
Burnout Paradise: The Ultimate Box (x32 Version: - Criterion Games)
Canon LBP6000/LBP6018 (Version: - )
CloudReading (x32 Version: 1.1.47.1220 - Foxit Corporation)
Counter-Strike (x32 Version: - Valve)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dead Space (x32 Version: - EA Redwood Shores)
Dota 2 (x32 Version: - )
Download Accelerator Plus (DAP) (x32 Version: - )
Dropbox (HKCU Version: 2.4.11 - Dropbox, Inc.)
Dual-Core Optimizer (x32 Version: 1.1.4.0169 - AMD)
Energy Management (x32 Version: 7.0.3.2 - Lenovo)
Energy Management (x32 Version: 7.0.3.2 - Lenovo) Hidden
ERUNT 1.1j (x32 Version: - Lars Hederer)
Foxit Reader (x32 Version: 6.1.2.1224 - Foxit Corporation)
Google Chrome (x32 Version: 32.0.1700.76 - Google Inc.)
Google Drive (x32 Version: 1.13.5782.599 - Google, Inc.)
Google Talk Plugin (x32 Version: 4.9.1.16010 - Google)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Toolbar for Internet Explorer (x32 Version: 7.5.4805.320 - Google Inc.)
Google Update Helper (x32 Version: 1.3.22.3 - Google Inc.) Hidden
IBM SPSS Statistics 20 (x32 Version: 20.0.0.0 - IBM Corp)
Intel® Control Center (x32 Version: 1.2.1.1007 - Intel Corporation)
Intel® Management Engine Components (x32 Version: 8.0.0.1351 - Intel Corporation)
Intel® OpenCL CPU Runtime (x32 Version: - Intel Corporation)
Intel® Processor Graphics (x32 Version: 8.15.10.2598 - Intel Corporation)
Intel® Rapid Storage Technology (x32 Version: 11.0.0.1032 - Intel Corporation)
Intel® USB 3.0 eXtensible Host Controller Driver (x32 Version: 1.0.0.199 - Intel Corporation)
Intel® Trusted Connect Service Client (Version: 1.23.216.0 - Intel Corporation)
Intelligent Touchpad (x32 Version: 1.00.0108 - Lenovo)
Java 7 Update 45 (64-bit) (Version: 7.0.450 - Oracle)
Java 7 Update 51 (x32 Version: 7.0.510 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
JMicron Flash Media Controller Driver (x32 Version: 1.0.64.1 - JMicron Technology Corp.)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Left 4 Dead 2 (x32 Version: - Valve)
Lenovo Bluetooth with Enhanced Data Rate Software (Version: 6.5.0.3500 - Broadcom Corporation)
Lenovo EasyCamera (x32 Version: 6.1.7600.117 - Realtek Semiconductor Corp.)
Lenovo EE Boot Optimizer (Version: 0.0.1.9 - Lenovo)
Lenovo OneKey Recovery (Version: 7.0.0.3212 - CyberLink Corp.) Hidden
Lenovo OneKey Recovery (x32 Version: 7.0.0.3212 - CyberLink Corp.)
Lenovo YouCam (x32 Version: 3.1.3728 - CyberLink Corp.)
Lenovo YouCam (x32 Version: 3.1.3728 - CyberLink Corp.) Hidden
LockKey (x32 Version: 1.38.1.2 - Lenovo)
LockKey (x32 Version: 1.38.1.2 - Lenovo) Hidden
Malwarebytes Anti-Malware version 1.75.0.1300 (x32 Version: 1.75.0.1300 - Malwarebytes Corporation)
Medal of Honor Single Player (x32 Version: - Electronic Arts)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office Click-to-Run 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Click-to-Run 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Home and Student 2013 - en-us (Version: 15.0.4551.1512 - Microsoft Corporation)
Microsoft Silverlight (Version: 5.1.20913.0 - Microsoft Corporation)
Microsoft SkyDrive (HKCU Version: 16.4.6012.0828 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (x32 Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 26.0 (x86 en-US) (x32 Version: 26.0 - Mozilla)
Mozilla Maintenance Service (x32 Version: 26.0 - Mozilla)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
Nsd (x32 Version: 1.0.1.7 - Lenovo)
NUS (Unofficial) Timetable Builder (HKCU Version: 1.3.6.3 - NUS (Unofficial) Timetable Builder)
NVIDIA Control Panel 310.90 (Version: 310.90 - NVIDIA Corporation) Hidden
NVIDIA Graphics Driver 310.90 (Version: 310.90 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.95.599 - NVIDIA Corporation) Hidden
NVIDIA Optimus 1.11.3 (Version: 1.11.3 - NVIDIA Corporation) Hidden
NVIDIA PhysX (x32 Version: 9.12.1031 - NVIDIA Corporation) Hidden
NVIDIA PhysX System Software 9.12.1031 (Version: 9.12.1031 - NVIDIA Corporation)
NVIDIA Update 1.11.3 (Version: 1.11.3 - NVIDIA Corporation)
NVIDIA Update Components (Version: 1.11.3 - NVIDIA Corporation) Hidden
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4551.1512 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4551.1512 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4551.1512 - Microsoft Corporation) Hidden
Onekey Theater (x32 Version: 2.0.2.9 - Lenovo)
Onekey Theater (x32 Version: 2.0.2.9 - Lenovo) Hidden
Power2Go (x32 Version: 5.6.0.7303 - CyberLink Corp.)
Realtek High Definition Audio Driver (x32 Version: 6.0.1.6543 - Realtek Semiconductor Corp.)
SpywareBlaster 5.0 (x32 Version: 5.0.0 - BrightFort LLC)
Steam (x32 Version: 1.0.0.0 - Valve Corporation)
Synaptics Pointing Device Driver (Version: 15.3.38.0 - Synaptics Incorporated)
Team Fortress 2 (x32 Version: - Valve)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (x32 Version: 3 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2836939) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2836939v3) (x32 Version: 3 - Microsoft Corporation)
UserGuide (x32 Version: 1.0.0.6 - Lenovo)
UserGuide (x32 Version: 1.0.0.6 - Lenovo) Hidden
VeriFace (x32 Version: 4.0.1.1230 - Lenovo)
VLC media player 2.1.2 (x32 Version: 2.1.2 - VideoLAN)
Winamp (x32 Version: 5.63 - Nullsoft, Inc)
Winamp Detector Plug-in (HKCU Version: 1.0.0.1 - Nullsoft, Inc)
WinDjView 2.0.2 (Version: 2.0.2 - Andrew Zhezherun)
Windows Driver Package - Lenovo (ACPIVPC) System (12/15/2011 7.1.0.1) (Version: 12/15/2011 7.1.0.1 - Lenovo)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh ActiveX Control for Remote Connections (x32 Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Messenger (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live 影像中心 (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live 照片库 (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live 程式集 (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live 程式集 (x32 Version: 15.4.3508.1109 - Microsoft Corporation)
Windows Live 软件包 (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
WinRAR 4.20 (64-bit) (Version: 4.20.0 - win.rar GmbH)
用于远程连接的 Windows Live Mesh ActiveX 控件(简体中文) (x32 Version: 15.4.5722.2 - Microsoft Corporation)
適用遠端連線的 Windows Live Mesh ActiveX 控制項 (x32 Version: 15.4.5722.2 - Microsoft Corporation)

==================== Restore Points =========================

18-01-2014 14:13:17 Installed Java 7 Update 51
22-01-2014 02:59:32 Windows Update
25-01-2014 03:02:25 Windows Update
26-01-2014 14:21:12 avast! antivirus system restore point
26-01-2014 14:24:11 Device Driver Package Install: Avast Network Service

==================== Hosts content: ==========================

2009-07-14 10:34 - 2013-01-05 09:53 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost

==================== Scheduled Tasks (whitelisted) =============

Task: {10B0848D-1C20-41AB-A3CB-3B957B38D942} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-01-26] (AVAST Software)
Task: {3908D0DB-E4F8-4A18-8249-D96600D7A865} - System32\Tasks\MirageAgent => C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe [2011-01-29] (CyberLink)
Task: {7C886721-0BDA-4C69-902C-0E6E8087AC55} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [2013-10-31] (Microsoft Corporation)
Task: {A12B7C44-FDD5-4D15-B795-9C37BDD635AD} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1795884077-2746576003-4273307639-1001Core => C:\Users\Joon Kiat\AppData\Local\Google\Update\GoogleUpdate.exe [2012-09-24] (Google Inc.)
Task: {BA3E35D9-85BE-4C0B-AD81-F3B041C36D94} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-03-29] (Google Inc.)
Task: {C5A66CC4-849E-4392-89A1-73EC14AA949A} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1795884077-2746576003-4273307639-1001UA => C:\Users\Joon Kiat\AppData\Local\Google\Update\GoogleUpdate.exe [2012-09-24] (Google Inc.)
Task: {F9F8E670-385B-4C64-B5C7-9EB4B3DF5E7E} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-03-29] (Google Inc.)
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1795884077-2746576003-4273307639-1001Core.job => C:\Users\Joon Kiat\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1795884077-2746576003-4273307639-1001UA.job => C:\Users\Joon Kiat\AppData\Local\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2011-06-03 04:58 - 2011-06-03 04:58 - 00201568 _____ () C:\Program Files (x86)\Lenovo\Onekey Theater\ActiveDetect64.dll
2011-06-03 04:59 - 2011-06-03 04:59 - 00156000 _____ () C:\Program Files (x86)\Lenovo\Onekey Theater\WindowsApiHookDll64.dll
2008-12-20 18:20 - 2012-03-29 09:40 - 00054088 _____ () C:\Program Files (x86)\Lenovo\Energy Management\HookLib.dll
2012-02-05 08:44 - 2012-03-29 09:40 - 01496920 _____ () C:\Program Files (x86)\Lenovo\Energy Management\EMWpfUI.dll
2008-12-20 18:20 - 2012-03-29 09:40 - 00054088 _____ () C:\Program Files (x86)\Lenovo\Energy Management\kbdhook.dll
2012-01-05 11:47 - 2011-12-16 06:34 - 00094208 _____ () C:\Windows\system32\IccLibDll_x64.dll
2014-01-17 01:12 - 2014-01-17 01:12 - 08866472 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2014-01-29 01:14 - 2014-01-29 00:44 - 02166272 _____ () C:\Program Files\AVAST Software\Avast\defs\14012801\algo.dll
2011-06-03 04:57 - 2011-06-03 04:57 - 00161120 _____ () C:\Program Files (x86)\Lenovo\Onekey Theater\ActiveDetect32.dll
2011-06-03 04:58 - 2011-06-03 04:58 - 00132448 _____ () C:\Program Files (x86)\Lenovo\Onekey Theater\WindowsApiHookDll32.dll
2012-03-29 09:35 - 2012-03-29 09:35 - 00013664 _____ () C:\Program Files (x86)\Lenovo\VeriFace\ChooseLang.dll
2013-11-03 01:51 - 2013-11-03 01:51 - 19336120 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2012-03-29 09:06 - 2011-12-24 23:19 - 00004096 _____ () C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll
2014-01-08 09:57 - 2013-12-13 06:19 - 00142848 _____ () C:\Program Files (x86)\Steam\libavresample-1.dll
2014-01-08 09:57 - 2013-11-05 09:12 - 00890592 _____ () C:\Program Files (x86)\Steam\libavutil-52.dll
2013-03-12 17:10 - 2014-01-11 07:33 - 00717312 _____ () C:\Program Files (x86)\Steam\SDL2.dll
2012-09-01 20:56 - 2014-01-28 03:02 - 01138088 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL
2012-09-01 20:56 - 2014-01-11 07:33 - 20625832 _____ () C:\Program Files (x86)\Steam\bin\libcef.dll
2012-09-01 20:56 - 2013-06-15 07:49 - 01100800 _____ () C:\Program Files (x86)\Steam\bin\avcodec-53.dll
2012-09-01 20:56 - 2013-06-15 07:49 - 00124416 _____ () C:\Program Files (x86)\Steam\bin\avutil-51.dll
2012-09-01 20:56 - 2013-06-15 07:49 - 00192000 _____ () C:\Program Files (x86)\Steam\bin\avformat-53.dll
2012-12-29 17:22 - 2012-12-29 17:22 - 00009216 _____ () C:\ProgramData\Speedbit\DAP\Plugins\AddonsCondition.dll
2012-12-29 17:22 - 2014-01-18 13:42 - 00011776 _____ () C:\ProgramData\Speedbit\DAP\Plugins\189AE673-13C1-4133-A470-8C4DDD1ACB8C\1.0.1.3_0\fivegiganet.dll
2012-12-29 17:22 - 2014-01-18 13:42 - 00010240 _____ () C:\ProgramData\Speedbit\DAP\Plugins\189AE673-13C1-4133-A470-8C4DDD1ACB8C\1.0.1.3_0\MegaUploadCom.dll
2012-12-29 17:22 - 2014-01-18 13:42 - 00012800 _____ () C:\ProgramData\Speedbit\DAP\Plugins\189AE673-13C1-4133-A470-8C4DDD1ACB8C\1.0.1.3_0\SpdFileCom.dll
2012-12-29 17:22 - 2014-01-18 13:42 - 00012800 _____ () C:\ProgramData\Speedbit\DAP\Plugins\189AE673-13C1-4133-A470-8C4DDD1ACB8C\1.0.1.3_0\XSevenTo.dll
2012-12-29 17:22 - 2014-01-18 13:42 - 00010752 _____ () C:\ProgramData\Speedbit\DAP\Plugins\189AE673-13C1-4133-A470-8C4DDD1ACB8C\1.0.1.3_0\zsharenet.dll
2013-10-19 07:55 - 2013-10-19 07:55 - 25100288 _____ () C:\Users\Joon Kiat\AppData\Roaming\Dropbox\bin\libcef.dll
2014-01-29 01:30 - 2014-01-29 01:30 - 00098816 _____ () C:\Users\Joon Kiat\AppData\Local\Temp\_MEI65282\win32api.pyd
2014-01-29 01:30 - 2014-01-29 01:30 - 00110080 _____ () C:\Users\Joon Kiat\AppData\Local\Temp\_MEI65282\PyWinTypes27.dll
2014-01-29 01:30 - 2014-01-29 01:30 - 00364544 _____ () C:\Users\Joon Kiat\AppData\Local\Temp\_MEI65282\pythoncom27.dll
2014-01-29 01:30 - 2014-01-29 01:30 - 00044032 _____ () C:\Users\Joon Kiat\AppData\Local\Temp\_MEI65282\_socket.pyd
2014-01-29 01:30 - 2014-01-29 01:30 - 01153024 _____ () C:\Users\Joon Kiat\AppData\Local\Temp\_MEI65282\_ssl.pyd
2014-01-29 01:30 - 2014-01-29 01:30 - 00320512 _____ () C:\Users\Joon Kiat\AppData\Local\Temp\_MEI65282\win32com.shell.shell.pyd
2014-01-29 01:30 - 2014-01-29 01:30 - 00711680 _____ () C:\Users\Joon Kiat\AppData\Local\Temp\_MEI65282\_hashlib.pyd
2014-01-29 01:30 - 2014-01-29 01:30 - 01175040 _____ () C:\Users\Joon Kiat\AppData\Local\Temp\_MEI65282\wx._core_.pyd
2014-01-29 01:30 - 2014-01-29 01:30 - 00805888 _____ () C:\Users\Joon Kiat\AppData\Local\Temp\_MEI65282\wx._gdi_.pyd
2014-01-29 01:30 - 2014-01-29 01:30 - 00811008 _____ () C:\Users\Joon Kiat\AppData\Local\Temp\_MEI65282\wx._windows_.pyd
2014-01-29 01:30 - 2014-01-29 01:30 - 01062400 _____ () C:\Users\Joon Kiat\AppData\Local\Temp\_MEI65282\wx._controls_.pyd
2014-01-29 01:30 - 2014-01-29 01:30 - 00735232 _____ () C:\Users\Joon Kiat\AppData\Local\Temp\_MEI65282\wx._misc_.pyd
2014-01-29 01:30 - 2014-01-29 01:30 - 00128512 _____ () C:\Users\Joon Kiat\AppData\Local\Temp\_MEI65282\_elementtree.pyd
2014-01-29 01:30 - 2014-01-29 01:30 - 00127488 _____ () C:\Users\Joon Kiat\AppData\Local\Temp\_MEI65282\pyexpat.pyd
2014-01-29 01:30 - 2014-01-29 01:30 - 00557056 _____ () C:\Users\Joon Kiat\AppData\Local\Temp\_MEI65282\pysqlite2._sqlite.pyd
2014-01-29 01:30 - 2014-01-29 01:30 - 00087040 _____ () C:\Users\Joon Kiat\AppData\Local\Temp\_MEI65282\_ctypes.pyd
2014-01-29 01:30 - 2014-01-29 01:30 - 00119808 _____ () C:\Users\Joon Kiat\AppData\Local\Temp\_MEI65282\win32file.pyd
2014-01-29 01:30 - 2014-01-29 01:30 - 00108544 _____ () C:\Users\Joon Kiat\AppData\Local\Temp\_MEI65282\win32security.pyd
2014-01-29 01:30 - 2014-01-29 01:30 - 00018432 _____ () C:\Users\Joon Kiat\AppData\Local\Temp\_MEI65282\win32event.pyd
2014-01-29 01:30 - 2014-01-29 01:30 - 00038912 _____ () C:\Users\Joon Kiat\AppData\Local\Temp\_MEI65282\win32inet.pyd
2014-01-29 01:30 - 2014-01-29 01:30 - 00122368 _____ () C:\Users\Joon Kiat\AppData\Local\Temp\_MEI65282\wx._wizard.pyd
2014-01-29 01:30 - 2014-01-29 01:30 - 00026624 _____ () C:\Users\Joon Kiat\AppData\Local\Temp\_MEI65282\_multiprocessing.pyd
2014-01-29 01:30 - 2014-01-29 01:30 - 00070656 _____ () C:\Users\Joon Kiat\AppData\Local\Temp\_MEI65282\wx._html2.pyd
2014-01-29 01:30 - 2014-01-29 01:30 - 00010240 _____ () C:\Users\Joon Kiat\AppData\Local\Temp\_MEI65282\select.pyd
2014-01-29 01:30 - 2014-01-29 01:30 - 00686080 _____ () C:\Users\Joon Kiat\AppData\Local\Temp\_MEI65282\unicodedata.pyd
2014-01-29 01:30 - 2014-01-29 01:30 - 00025600 _____ () C:\Users\Joon Kiat\AppData\Local\Temp\_MEI65282\win32pdh.pyd
2014-01-29 01:30 - 2014-01-29 01:30 - 00521680 _____ () C:\Users\Joon Kiat\AppData\Local\Temp\_MEI65282\windows._lib_cacheinvalidation.pyd
2014-01-29 01:30 - 2014-01-29 01:30 - 00011264 _____ () C:\Users\Joon Kiat\AppData\Local\Temp\_MEI65282\win32crypt.pyd
2014-01-29 01:30 - 2014-01-29 01:30 - 00024064 _____ () C:\Users\Joon Kiat\AppData\Local\Temp\_MEI65282\win32pipe.pyd
2014-01-29 01:30 - 2014-01-29 01:30 - 00035840 _____ () C:\Users\Joon Kiat\AppData\Local\Temp\_MEI65282\win32process.pyd
2014-01-29 01:30 - 2014-01-29 01:30 - 00017408 _____ () C:\Users\Joon Kiat\AppData\Local\Temp\_MEI65282\win32profile.pyd
2014-01-29 01:30 - 2014-01-29 01:30 - 00022528 _____ () C:\Users\Joon Kiat\AppData\Local\Temp\_MEI65282\win32ts.pyd
2013-08-16 19:31 - 2013-08-16 19:31 - 00172032 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\5dcd22545c6da7fd288acb6816d7b2ec\IsdiInterop.ni.dll
2012-03-29 09:12 - 2011-11-30 11:00 - 00059392 _____ () C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll
2012-03-29 09:13 - 2011-12-17 01:39 - 01198872 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll
2013-11-15 12:25 - 2013-11-15 13:01 - 00316584 _____ () C:\Program Files\Microsoft Office 15\Root\Office15\AppVIsvStream32.dll
2014-01-17 01:12 - 2014-01-17 01:12 - 00359592 _____ () C:\Program Files\Microsoft Office 15\Root\Office15\c2r32.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\ProgramData\Temp:56E2E879
AlternateDataStreams: C:\ProgramData\Temp:5C321E34

==================== Safe Mode (whitelisted) ===================

==================== Faulty Device Manager Devices =============

Name: avast! Firewall NDIS Filter Miniport
Description: avast! Firewall NDIS Filter Miniport
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: ALWIL Software
Service: aswNdis
Problem: : Windows cannot start this hardware device because its configuration information (in the registry) is incomplete or damaged. (Code 19)
Resolution: A registry problem was detected.
This can occur when more than one service is defined for a device, if there is a failure opening the service subkey, or if the driver name cannot be obtained from the service subkey. Try these options:
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
Click "Uninstall", and then click "Scan for hardware changes" to load a usable driver.

==================== Event log errors: =========================

Application errors:
==================

System errors:
=============

Microsoft Office Sessions:
=========================

CodeIntegrity Errors:
===================================
Date: 2014-01-28 21:26:19.937
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.

Date: 2014-01-28 21:26:19.774
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.

Date: 2014-01-28 21:21:26.582
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.

Date: 2014-01-28 21:21:26.456
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.

Date: 2014-01-28 21:20:36.044
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.

Date: 2014-01-28 21:20:35.924
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.

Date: 2014-01-28 19:00:41.243
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.

Date: 2014-01-28 19:00:41.135
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.

Date: 2014-01-28 18:59:59.881
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.

Date: 2014-01-28 18:59:59.763
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.

==================== Memory info ===========================

Percentage of memory in use: 32%
Total physical RAM: 8094.36 MB
Available physical RAM: 5451.89 MB
Total Pagefile: 16186.89 MB
Available Pagefile: 13232.85 MB
Total Virtual: 8192 MB
Available Virtual: 8191.81 MB

==================== Drives ================================

Drive c: (Windows7_OS) (Fixed) (Total:653.44 GB) (Free:388.72 GB) NTFS ==>[system with boot components (obtained from reading drive)]
Drive d: (LENOVO) (Fixed) (Total:25.47 GB) (Free:21.56 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 699 GB) (Disk ID: 8C2DE9D8)
Partition 1: (Active) - (Size=200 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=653 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=25 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=20 GB) - (Type=12)

==================== End Of Log ============================

kevinf80 · January 28, 2014

Download attached fixlist.txt file and save it to the Desktop, or the folder you saved FRST into.
NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work.

Run FRST and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

Next,

Run Malwarebytes, Open > Settings Tab > Scanner Settings > Under action for PUP > Select: Show in Results List and Check for removal.

Please Update and run a Full scan

Make sure that everything is checked, and click Remove Selected on any found items.

Post the produced log

Let me see those logs in your next reply, also let me know of any remaining issues or concerns..

Kevin

fixlist.txt

silent_orchestra91 · January 29, 2014

Dear Kevin,

I have attached the logs as requested. Sorry about the slow replies, am busy with work. Just a question, what does the fixing do? Thank you.

_______________________________________

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 29-01-2014
Ran by Joon Kiat at 2014-01-29 16:40:25 Run:1
Running from C:\Users\Joon Kiat\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
Start
HKLM-x32\...\Run: [mobilegeni daemon] - C:\Program Files (x86)\Mobogenie\DaemonProcess.exe
C:\Program Files (x86)\Mobogenie
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
U3 BcmSqlStartupSvc;
U2 CLKMSVC10_3A60B698;
U2 CLKMSVC10_C3B3B687;
U2 DriverService;
U2 iATAgentService;
U2 idealife Update Service;
U3 IGRS;
U2 IviRegMgr;
U2 Oasis2Service;
U2 PCCarerService;
U2 ReadyComm.DirectRouter;
U2 RichVideo;
U2 RtLedService;
U2 SeaPort;
U2 SoftwareService;
U3 SQLWriter;
C:\Users\Joon Kiat\AppData\Local\Temp\BackupSetup.exe
C:\Users\Joon Kiat\AppData\Local\Temp\Checkupdate.exe
C:\Users\Joon Kiat\AppData\Local\Temp\Foxit Reader Updater.exe
C:\Users\Joon Kiat\AppData\Local\Temp\Foxit Updater.exe
C:\Users\Joon Kiat\AppData\Local\Temp\gcapi_dll.dll
C:\Users\Joon Kiat\AppData\Local\Temp\gtapi_signed.dll
C:\Users\Joon Kiat\AppData\Local\Temp\jre-7u11-windows-i586-iftw.exe
C:\Users\Joon Kiat\AppData\Local\Temp\jre-7u17-windows-i586-iftw.exe
C:\Users\Joon Kiat\AppData\Local\Temp\jre-7u21-windows-i586-iftw.exe
C:\Users\Joon Kiat\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe
C:\Users\Joon Kiat\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe
C:\Users\Joon Kiat\AppData\Local\Temp\OfficeSetup.exe
C:\Users\Joon Kiat\AppData\Local\Temp\vcredist_x64.exe
C:\Users\Joon Kiat\AppData\Local\Temp\vlc-2.0.4-win32.exe
C:\Users\Joon Kiat\AppData\Local\Temp\vlc-2.0.5-win32.exe
C:\Users\Joon Kiat\AppData\Local\Temp\vlc-2.0.7-win32.exe
C:\Users\Joon Kiat\AppData\Local\Temp\vlc-2.0.8-win32.exe
C:\Users\Joon Kiat\AppData\Local\Temp\vlc-2.1.1-win32.exe
C:\Users\Joon Kiat\AppData\Local\Temp\vlc-2.1.2-win32.exe
2014-01-29 01:30 - 2014-01-29 01:30 - 00098816 _____ () C:\Users\Joon Kiat\AppData\Local\Temp\_MEI65282\win32api.pyd
2014-01-29 01:30 - 2014-01-29 01:30 - 00110080 _____ () C:\Users\Joon Kiat\AppData\Local\Temp\_MEI65282\PyWinTypes27.dll
2014-01-29 01:30 - 2014-01-29 01:30 - 00364544 _____ () C:\Users\Joon Kiat\AppData\Local\Temp\_MEI65282\pythoncom27.dll
2014-01-29 01:30 - 2014-01-29 01:30 - 00044032 _____ () C:\Users\Joon Kiat\AppData\Local\Temp\_MEI65282\_socket.pyd
2014-01-29 01:30 - 2014-01-29 01:30 - 01153024 _____ () C:\Users\Joon Kiat\AppData\Local\Temp\_MEI65282\_ssl.pyd
2014-01-29 01:30 - 2014-01-29 01:30 - 00320512 _____ () C:\Users\Joon Kiat\AppData\Local\Temp\_MEI65282\win32com.shell.shell.pyd
2014-01-29 01:30 - 2014-01-29 01:30 - 00711680 _____ () C:\Users\Joon Kiat\AppData\Local\Temp\_MEI65282\_hashlib.pyd
2014-01-29 01:30 - 2014-01-29 01:30 - 01175040 _____ () C:\Users\Joon Kiat\AppData\Local\Temp\_MEI65282\wx._core_.pyd
2014-01-29 01:30 - 2014-01-29 01:30 - 00805888 _____ () C:\Users\Joon Kiat\AppData\Local\Temp\_MEI65282\wx._gdi_.pyd
2014-01-29 01:30 - 2014-01-29 01:30 - 00811008 _____ () C:\Users\Joon Kiat\AppData\Local\Temp\_MEI65282\wx._windows_.pyd
2014-01-29 01:30 - 2014-01-29 01:30 - 01062400 _____ () C:\Users\Joon Kiat\AppData\Local\Temp\_MEI65282\wx._controls_.pyd
2014-01-29 01:30 - 2014-01-29 01:30 - 00735232 _____ () C:\Users\Joon Kiat\AppData\Local\Temp\_MEI65282\wx._misc_.pyd
2014-01-29 01:30 - 2014-01-29 01:30 - 00128512 _____ () C:\Users\Joon Kiat\AppData\Local\Temp\_MEI65282\_elementtree.pyd
2014-01-29 01:30 - 2014-01-29 01:30 - 00127488 _____ () C:\Users\Joon Kiat\AppData\Local\Temp\_MEI65282\pyexpat.pyd
2014-01-29 01:30 - 2014-01-29 01:30 - 00557056 _____ () C:\Users\Joon Kiat\AppData\Local\Temp\_MEI65282\pysqlite2._sqlite.pyd
2014-01-29 01:30 - 2014-01-29 01:30 - 00087040 _____ () C:\Users\Joon Kiat\AppData\Local\Temp\_MEI65282\_ctypes.pyd
2014-01-29 01:30 - 2014-01-29 01:30 - 00119808 _____ () C:\Users\Joon Kiat\AppData\Local\Temp\_MEI65282\win32file.pyd
2014-01-29 01:30 - 2014-01-29 01:30 - 00108544 _____ () C:\Users\Joon Kiat\AppData\Local\Temp\_MEI65282\win32security.pyd
2014-01-29 01:30 - 2014-01-29 01:30 - 00018432 _____ () C:\Users\Joon Kiat\AppData\Local\Temp\_MEI65282\win32event.pyd
2014-01-29 01:30 - 2014-01-29 01:30 - 00038912 _____ () C:\Users\Joon Kiat\AppData\Local\Temp\_MEI65282\win32inet.pyd
2014-01-29 01:30 - 2014-01-29 01:30 - 00122368 _____ () C:\Users\Joon Kiat\AppData\Local\Temp\_MEI65282\wx._wizard.pyd
2014-01-29 01:30 - 2014-01-29 01:30 - 00026624 _____ () C:\Users\Joon Kiat\AppData\Local\Temp\_MEI65282\_multiprocessing.pyd
2014-01-29 01:30 - 2014-01-29 01:30 - 00070656 _____ () C:\Users\Joon Kiat\AppData\Local\Temp\_MEI65282\wx._html2.pyd
2014-01-29 01:30 - 2014-01-29 01:30 - 00010240 _____ () C:\Users\Joon Kiat\AppData\Local\Temp\_MEI65282\select.pyd
2014-01-29 01:30 - 2014-01-29 01:30 - 00686080 _____ () C:\Users\Joon Kiat\AppData\Local\Temp\_MEI65282\unicodedata.pyd
2014-01-29 01:30 - 2014-01-29 01:30 - 00025600 _____ () C:\Users\Joon Kiat\AppData\Local\Temp\_MEI65282\win32pdh.pyd
2014-01-29 01:30 - 2014-01-29 01:30 - 00521680 _____ () C:\Users\Joon Kiat\AppData\Local\Temp\_MEI65282\windows._lib_cacheinvalidation.pyd
2014-01-29 01:30 - 2014-01-29 01:30 - 00011264 _____ () C:\Users\Joon Kiat\AppData\Local\Temp\_MEI65282\win32crypt.pyd
2014-01-29 01:30 - 2014-01-29 01:30 - 00024064 _____ () C:\Users\Joon Kiat\AppData\Local\Temp\_MEI65282\win32pipe.pyd
2014-01-29 01:30 - 2014-01-29 01:30 - 00035840 _____ () C:\Users\Joon Kiat\AppData\Local\Temp\_MEI65282\win32process.pyd
2014-01-29 01:30 - 2014-01-29 01:30 - 00017408 _____ () C:\Users\Joon Kiat\AppData\Local\Temp\_MEI65282\win32profile.pyd
2014-01-29 01:30 - 2014-01-29 01:30 - 00022528 _____ () C:\Users\Joon Kiat\AppData\Local\Temp\_MEI65282\win32ts.pyd
AlternateDataStreams: C:\ProgramData\Temp:56E2E879
AlternateDataStreams: C:\ProgramData\Temp:5C321E34
End
*****************

HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\mobilegeni daemon => Value deleted successfully.
"C:\Program Files (x86)\Mobogenie" => File/Directory not found.
HKLM\SOFTWARE\Policies\Google => Key deleted successfully.
BcmSqlStartupSvc => Service deleted successfully.
CLKMSVC10_3A60B698 => Service deleted successfully.
CLKMSVC10_C3B3B687 => Service deleted successfully.
DriverService => Service deleted successfully.
iATAgentService => Service deleted successfully.
idealife Update Service => Service deleted successfully.
IGRS => Service deleted successfully.
IviRegMgr => Service deleted successfully.
Oasis2Service => Service deleted successfully.
PCCarerService => Service deleted successfully.
ReadyComm.DirectRouter => Service deleted successfully.
RichVideo => Service deleted successfully.
RtLedService => Service deleted successfully.
SeaPort => Service deleted successfully.
SoftwareService => Service deleted successfully.
SQLWriter => Service deleted successfully.
C:\Users\Joon Kiat\AppData\Local\Temp\BackupSetup.exe => Moved successfully.
C:\Users\Joon Kiat\AppData\Local\Temp\Checkupdate.exe => Moved successfully.
C:\Users\Joon Kiat\AppData\Local\Temp\Foxit Reader Updater.exe => Moved successfully.
C:\Users\Joon Kiat\AppData\Local\Temp\Foxit Updater.exe => Moved successfully.
C:\Users\Joon Kiat\AppData\Local\Temp\gcapi_dll.dll => Moved successfully.
C:\Users\Joon Kiat\AppData\Local\Temp\gtapi_signed.dll => Moved successfully.
C:\Users\Joon Kiat\AppData\Local\Temp\jre-7u11-windows-i586-iftw.exe => Moved successfully.
C:\Users\Joon Kiat\AppData\Local\Temp\jre-7u17-windows-i586-iftw.exe => Moved successfully.
C:\Users\Joon Kiat\AppData\Local\Temp\jre-7u21-windows-i586-iftw.exe => Moved successfully.
C:\Users\Joon Kiat\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe => Moved successfully.
C:\Users\Joon Kiat\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe => Moved successfully.
C:\Users\Joon Kiat\AppData\Local\Temp\OfficeSetup.exe => Moved successfully.
C:\Users\Joon Kiat\AppData\Local\Temp\vcredist_x64.exe => Moved successfully.
C:\Users\Joon Kiat\AppData\Local\Temp\vlc-2.0.4-win32.exe => Moved successfully.
C:\Users\Joon Kiat\AppData\Local\Temp\vlc-2.0.5-win32.exe => Moved successfully.
C:\Users\Joon Kiat\AppData\Local\Temp\vlc-2.0.7-win32.exe => Moved successfully.
C:\Users\Joon Kiat\AppData\Local\Temp\vlc-2.0.8-win32.exe => Moved successfully.
C:\Users\Joon Kiat\AppData\Local\Temp\vlc-2.1.1-win32.exe => Moved successfully.
C:\Users\Joon Kiat\AppData\Local\Temp\vlc-2.1.2-win32.exe => Moved successfully.
C:\Users\Joon Kiat\AppData\Local\Temp\_MEI65282\win32api.pyd => Moved successfully.
"C:\Users\Joon Kiat\AppData\Local\Temp\_MEI65282\PyWinTypes27.dll" => File/Directory not found.
"C:\Users\Joon Kiat\AppData\Local\Temp\_MEI65282\pythoncom27.dll" => File/Directory not found.
C:\Users\Joon Kiat\AppData\Local\Temp\_MEI65282\_socket.pyd => Moved successfully.
C:\Users\Joon Kiat\AppData\Local\Temp\_MEI65282\_ssl.pyd => Moved successfully.
C:\Users\Joon Kiat\AppData\Local\Temp\_MEI65282\win32com.shell.shell.pyd => Moved successfully.
C:\Users\Joon Kiat\AppData\Local\Temp\_MEI65282\_hashlib.pyd => Moved successfully.
C:\Users\Joon Kiat\AppData\Local\Temp\_MEI65282\wx._core_.pyd => Moved successfully.
C:\Users\Joon Kiat\AppData\Local\Temp\_MEI65282\wx._gdi_.pyd => Moved successfully.
C:\Users\Joon Kiat\AppData\Local\Temp\_MEI65282\wx._windows_.pyd => Moved successfully.
C:\Users\Joon Kiat\AppData\Local\Temp\_MEI65282\wx._controls_.pyd => Moved successfully.
C:\Users\Joon Kiat\AppData\Local\Temp\_MEI65282\wx._misc_.pyd => Moved successfully.
C:\Users\Joon Kiat\AppData\Local\Temp\_MEI65282\_elementtree.pyd => Moved successfully.
"C:\Users\Joon Kiat\AppData\Local\Temp\_MEI65282\pyexpat.pyd" => File/Directory not found.
"C:\Users\Joon Kiat\AppData\Local\Temp\_MEI65282\pysqlite2._sqlite.pyd" => File/Directory not found.
C:\Users\Joon Kiat\AppData\Local\Temp\_MEI65282\_ctypes.pyd => Moved successfully.
C:\Users\Joon Kiat\AppData\Local\Temp\_MEI65282\win32file.pyd => Moved successfully.
C:\Users\Joon Kiat\AppData\Local\Temp\_MEI65282\win32security.pyd => Moved successfully.
C:\Users\Joon Kiat\AppData\Local\Temp\_MEI65282\win32event.pyd => Moved successfully.
C:\Users\Joon Kiat\AppData\Local\Temp\_MEI65282\win32inet.pyd => Moved successfully.
C:\Users\Joon Kiat\AppData\Local\Temp\_MEI65282\wx._wizard.pyd => Moved successfully.
C:\Users\Joon Kiat\AppData\Local\Temp\_MEI65282\_multiprocessing.pyd => Moved successfully.
C:\Users\Joon Kiat\AppData\Local\Temp\_MEI65282\wx._html2.pyd => Moved successfully.
C:\Users\Joon Kiat\AppData\Local\Temp\_MEI65282\select.pyd => Moved successfully.
C:\Users\Joon Kiat\AppData\Local\Temp\_MEI65282\unicodedata.pyd => Moved successfully.
C:\Users\Joon Kiat\AppData\Local\Temp\_MEI65282\win32pdh.pyd => Moved successfully.
C:\Users\Joon Kiat\AppData\Local\Temp\_MEI65282\windows._lib_cacheinvalidation.pyd => Moved successfully.
C:\Users\Joon Kiat\AppData\Local\Temp\_MEI65282\win32crypt.pyd => Moved successfully.
C:\Users\Joon Kiat\AppData\Local\Temp\_MEI65282\win32pipe.pyd => Moved successfully.
C:\Users\Joon Kiat\AppData\Local\Temp\_MEI65282\win32process.pyd => Moved successfully.
C:\Users\Joon Kiat\AppData\Local\Temp\_MEI65282\win32profile.pyd => Moved successfully.
C:\Users\Joon Kiat\AppData\Local\Temp\_MEI65282\win32ts.pyd => Moved successfully.
C:\ProgramData\Temp => ":56E2E879" ADS removed successfully.
C:\ProgramData\Temp => ":5C321E34" ADS removed successfully.

==== End of Fixlog ====

_______________________________________________

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2014.01.29.02

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.16476
Joon Kiat :: JOONKIAT-PC [administrator]

29/1/2014 4:41:24 PM
mbam-log-2014-01-29 (16-41-24).txt

Scan type: Full scan (C:\|D:\|Q:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 508879
Time elapsed: 1 hour(s), 27 minute(s), 6 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

__________________________________________________

kevinf80 · January 29, 2014

The fixing does what the name suggests, it will remove, replace or reset unwanted entries as per the script we compile from the scan results....

We need to run an online AV scan to ensure there are no remnants of any infection left on your system that we may have missed. This scan is very thorough and well worth running, it can take several hours please be patient and let it complete:

Run Eset Online Scanner

**Note** You will need to use Internet explorer for this scan - Vista and win 7 right click on IE shortcut and run as admin

Go to Eset web page http://www.eset.com/us/online-scanner/ to run an online scan from ESET.

Turn off the real time scanner of any existing antivirus program while performing the online scan
click on the Run ESET Online Scanner button
Tick the box next to YES, I accept the Terms of Use.
Click Start
When asked, allow the add/on to be installed
Click Start
Make sure that the option Remove found threats is unticked
Click on Advanced Settings, ensure the options
Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
Click Scan
wait for the virus definitions to be downloaded
Wait for the scan to finish

When the scan is complete

If no threats were found
put a checkmark in "Uninstall application on close"
close program
report to me that nothing was found

If threats were found

click on "list of threats found"
click on "export to text file" and save it as ESET SCAN and save to the desktop
Click on back
put a checkmark in "Uninstall application on close"
click on finish

close program

copy and paste the report in next reply

Let me know if your system is responding any better, also if any remaining issues or concerns...

Kevin...

silent_orchestra91 · January 30, 2014

Dear Kevin,

This message came up when I was using IE to run ESET. Should I proceed as I seem to need to download an additional utility. Thank you.

Internet browser support

You are trying to launch ESET Online Scanner in a different browser than Internet Explorer. Please agree to the download of ESET Smart Installer - an application which installs and launches ESET Online Scanner in a separate window. At the end of the scan, there will be an option to uninstall ESET Online Scanner and all its components.

To download ESET Smart Installer click the link below.

esetsmartinstaller_enu.exe

After successful installation of ESET Smart Installer is ESET Online Scanner launched in a new window.

kevinf80 · January 30, 2014

It would seem that you are not using Internet Explorer, if you use a different browser the online scanner has to be installed. If you cannot use IE for some reason then just follow the instructions, d/l the installer, install the scanner and run it...

silent_orchestra91 · January 31, 2014

Dear Kevin,

Pardon my slow and late replies as I am really busy these few days. I will reply you by this saturday with a log of the scan. Sorry.

kevinf80 · January 31, 2014

That is ok, just post back when you`re ready... Thanks for the update..

silent_orchestra91 · February 1, 2014

Dear Kevin,

I just finished running the scan and this is what ESET detected. I also put a checked next to the 2 options to scan for and potentially dangerous/unwanted progs before running the scan. So I am guessing the results below may be false positives?

___________________________________________________-

C:\Users\Joon Kiat\AppData\Local\Temp\foxC2F4.tmp\Foxit Reader en5.4.5.124(toolbar) Setup.exe multiple threats
D:\FoxitReader542.0901_enu_Setup.exe a variant of Win32/Bundled.Toolbar.Ask application

kevinf80 · February 1, 2014

Many free 3rd party applications may come with unwanted bundled extras. If you are offered an "advanced" option as opposed to a "default" option during the install, take "advanced" that option will usually let you opt out on the bundled unwanted extras.

The entries flagged by ESET are unwanted because what I just explain and need to go, do this please...

Open Notepad, select "Format" from the menu bar, make sure "Word Wrap" is not checked. Copy the text from the code box below to Notepad.

@echo offdel /f /s /q "C:\Users\Joon Kiat\AppData\Local\Temp\foxC2F4.tmp\Foxit Reader en5.4.5.124(toolbar) Setup.exe"del /f /s /q "D:\FoxitReader542.0901_enu_Setup.exe"del %0

Save the Notepad file on your desktop...as delfile.bat... save type as "All Files"
It should look like this:

<--XP

<--vista or windows 7
Double click on delfile.bat to execute it.
A black CMD window will flash, then disappear...this is normal.
The files and folders, if found...will have been deleted and the "delfile.bat" file will also be deleted.

Let me know if that completes ok, also if any remaining issues or concerns...

Thanks,

Kevin

silent_orchestra91 · February 2, 2014

Dear Kevin,

I have already created the .bat file and ran it. How do I proceed from here? Thank you.

kevinf80 · February 2, 2014

Let me know if you have any remaining issues or concerns, if none we clean up....

silent_orchestra91 · February 4, 2014

Dear Kevin,

Sorry for the late reply. As of now there are no issues or concerns. So with this, I can be sure that the threats have already been removed from my computer? If so, we can start to clean up. Thank you.

kevinf80 · February 4, 2014

We need to remove FRST, first it is very important to deal with its own Quarantine folder by using FRST itself..

OK, we continue:

Delete any fixlist.txt file previously used, continue:

Download attached fixlist.txt file and save it to the Desktop, or the folder you saved FRST into.

NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work.

Run FRST and press the Fix button just once and wait.

The tool will make a log on the Desktop (Fixlog.txt). That will confirm the removal action, delete if successful.

Next,

Delete FRST.exe from your Desktop or the folder it was saved to, navigate to and delete its folder C:\FRST

Next,

Download "Delfix by Xplode" and save it to your desktop.

Delfix link mirror

Double Click to start the program. If you are using Vista or higher, please right-click and choose run as administrator

Make Sure the following items are checked:

Remove disinfection tools
Purge System Restore

Now click on "Run" and wait patiently until the tool has completed.

The tool will create a log when it has completed. We don't need you to post this.

Let me know if those steps complete, also if any remaining issues or concerns....

Kevin

fixlist.txt

silent_orchestra91 · February 8, 2014

Dear Kevin,

So sorry for the late reply. Was involved in a production. Anyway I have already ran the steps above. Will this be the end of the disinfection? Thank you for your help.

kevinf80 · February 9, 2014

Yep if the clean up is complete and there are no remaining issues/concerns we can close out.. Read the following link to fully understand PC security and best practices, you may find it useful....

http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/#entry2316629

Take care,

Kevin...

AdvancedSetup · February 11, 2014

Glad we could help.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Infected Registry - Help - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|NextLive

Recommended Posts

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Recently Browsing 0 members

Important Information