Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

PUP.Optional.OpenCandy detected [Solved]


  • This topic is locked This topic is locked

#16
Nutloaf

Nutloaf

    Trusted Helper

  • Malware Removal
  • 1,790 posts
Good news, it was a Spybot entry, which is now uninstalled :) Defrag results to go :thumbsup:
  • 0

Advertisements


#17
Nutloaf

Nutloaf

    Trusted Helper

  • Malware Removal
  • 1,790 posts
Let me know if you are having trouble with the Defrag results :)
  • 0

#18
misshot

misshot

    Member

  • Topic Starter
  • Member
  • PipPip
  • 55 posts
Oopss...here is the uploaded xml.

http://www.filebox.com/duatfawbsyr5

Edited by misshot, 26 August 2013 - 02:47 AM.

  • 0

#19
Nutloaf

Nutloaf

    Trusted Helper

  • Malware Removal
  • 1,790 posts
Hi Misshot :) Thanks for the results......not a good website. I ran the link in a sandbox to protect my machine. The website you are using has affiliations with iLivid, which was removed from your Laptop. I was bombarded with pop-ups :lol:

The results didn't show as I planned so I ask you to run Security Check once again. No need to download if you still have the program on your Desktop. One more OTL scan should do it as far as any infections are concerened.

1. Security Check
Download Security Check from here or here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.


2. OTL Scan

  • Right click the OTL icon and select Run as Administrator.
  • Select the following boxes:
  • Scan All Users
  • Use Company-Name WhiteList
  • Skip Microsoft Files
  • Use No-Company-Name WhiteList
  • LOP Check
  • Now Click Run Scan
  • OTL will now scan your computer and produce a log file OTL.txt
  • Please post in your next reply

  • 0

#20
misshot

misshot

    Member

  • Topic Starter
  • Member
  • PipPip
  • 55 posts
My bad. Actually, I seldom upload anything online so i do not know of any good website.

Here's the result.

Results of screen317's Security Check version 0.99.72
Windows 7 Service Pack 1 x86 (UAC is enabled)
Internet Explorer 10
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
avast! Antivirus
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.75.0.1300
CCleaner
Java 7 Update 25
Adobe Flash Player 11.8.800.94
Mozilla Firefox (23.0.1)
Mozilla Thunderbird (17.0.8)
````````Process Check: objlist.exe by Laurent````````
AVAST Software Avast AvastSvc.exe
AVAST Software Avast AvastUI.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 18% Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log``````````````````````


---------------

OTL logfile created on: 27/08/2013 10:11:29 PM - Run 4
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Jc\Desktop
Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16660)
Locale: 00004809 | Country: Singapore | Language: ENE | Date Format: dd/MM/yyyy

1.99 Gb Total Physical Memory | 0.91 Gb Available Physical Memory | 45.94% Memory free
3.98 Gb Paging File | 2.77 Gb Available in Paging File | 69.53% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 141.51 Gb Total Space | 16.62 Gb Free Space | 11.75% Space Free | Partition Type: NTFS
Drive D: | 7.54 Gb Total Space | 2.38 Gb Free Space | 31.56% Space Free | Partition Type: NTFS

Computer Name: COMPAQC700 | User Name: Jc | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/08/20 13:02:59 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Jc\Desktop\OTL.exe
PRC - [2013/08/19 19:22:49 | 000,276,376 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2013/05/09 16:58:30 | 004,858,968 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2013/05/09 16:58:30 | 000,046,808 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2012/11/23 10:48:41 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2011/02/25 13:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe


========== Modules (No Company Name) ==========

MOD - [2013/08/19 19:22:48 | 003,551,640 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2012/08/27 21:33:32 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2012/08/27 21:33:08 | 001,242,512 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2009/08/16 17:06:02 | 000,141,312 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll


========== Services (SafeList) ==========

SRV - [2013/08/19 19:22:48 | 000,117,656 | ---- | M] (Mozilla Foundation) [Disabled | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/07/10 13:52:36 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/05/27 12:57:27 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2013/05/09 16:58:30 | 000,046,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2010/10/28 18:13:30 | 000,293,456 | ---- | M] (Logitech, Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2010/02/25 00:12:49 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2009/11/09 19:29:25 | 000,074,360 | ---- | M] (Autodesk, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe -- (Autodesk Licensing Service)
SRV - [2009/07/14 09:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/14 09:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\rdvgkmd.sys -- (VGPU)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\usbser_lowerfltj.sys -- (UsbserFilt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\usbser_lowerflt.sys -- (upperdev)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\tsusbhub.sys -- (tsusbhub)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\synth3dvsc.sys -- (Synth3dVsc)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\RTSTOR.SYS -- (RTSTOR)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\ccdcmbo.sys -- (nmwcdc)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\ccdcmb.sys -- (nmwcd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ewusbfake.sys -- (hwusbfake)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ewusbmdm.sys -- (hwdatacard)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\EagleNT.sys -- (EagleNT)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\Jc\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Game\SoftnyxGame\GunBoundIS\apf001.sys -- (apf001)
DRV - [2013/08/23 13:54:11 | 000,770,344 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2013/08/23 13:54:11 | 000,369,584 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2013/08/23 13:54:11 | 000,175,176 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\aswVmm.sys -- (aswVmm)
DRV - [2013/05/09 16:59:10 | 000,061,680 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr2.sys -- (aswRdr)
DRV - [2013/05/09 16:59:10 | 000,056,080 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2013/05/09 16:59:10 | 000,049,376 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\aswRvrt.sys -- (aswRvrt)
DRV - [2013/05/09 16:59:09 | 000,066,336 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2013/05/09 16:59:08 | 000,029,816 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2012/08/23 22:44:32 | 000,014,848 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV - [2012/08/23 22:40:25 | 000,049,664 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2011/07/26 19:38:28 | 000,015,544 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CPQBttn.sys -- (HBtnKey)
DRV - [2011/05/10 08:06:14 | 000,018,432 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netaapl.sys -- (Netaapl)
DRV - [2010/11/20 04:30:16 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2010/11/20 04:30:16 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010/11/20 04:30:16 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2010/11/20 01:59:46 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010/11/20 01:14:46 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010/11/20 01:14:42 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010/10/07 20:11:37 | 006,639,616 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETwLv32.sys -- (NETwLv32)
DRV - [2010/08/25 01:31:02 | 000,037,328 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2010/08/25 01:30:52 | 000,038,864 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2009/09/16 03:34:14 | 006,000,640 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw5v32.sys -- (netw5v32)
DRV - [2009/06/18 00:56:32 | 000,028,560 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LUsbFilt.sys -- (LUsbFilt)
DRV - [2008/08/26 10:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2008/07/22 07:42:58 | 000,051,200 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtnicxp.sys -- (RTL8023xp)
DRV - [2008/03/03 11:32:00 | 000,188,416 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CHDRT32.sys -- (CnxtHdAudService)
DRV - [2008/01/08 19:58:46 | 000,165,424 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2007/10/31 18:36:32 | 002,252,800 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw4v32.sys -- (NETw4v32)
DRV - [2007/07/10 06:27:56 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2007/06/29 06:07:54 | 000,163,328 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CHDART.sys -- (HdAudAddService)
DRV - [2007/06/18 16:12:04 | 000,016,768 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search
IE - HKLM\..\SearchScopes\{F3DA77C8-81F7-466E-8C43-C780B1993929}: "URL" = http://sg.search.yah...ing}&fr=hp-pvnb


IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-1179139014-3224358943-1326240950-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.facebook.com/
IE - HKU\S-1-5-21-1179139014-3224358943-1326240950-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-1179139014-3224358943-1326240950-1000\..\SearchScopes,DefaultScope = {FF501EC5-1B40-4547-B4BB-DF53730D0DA2}
IE - HKU\S-1-5-21-1179139014-3224358943-1326240950-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE10SR
IE - HKU\S-1-5-21-1179139014-3224358943-1326240950-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1179139014-3224358943-1326240950-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://goodman78.com...out/?locale=en"
FF - prefs.js..extensions.enabledAddons: %7B582195F5-92E7-40a0-A127-DB71295901D7%7D:0.6.4.1.3
FF - prefs.js..extensions.enabledAddons: %7BD4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389%7D:0.9.10
FF - prefs.js..extensions.enabledAddons: %7Be1c8879e-9db4-4adf-92d2-d4856bd434ef%7D:1.1.9.2
FF - prefs.js..extensions.enabledAddons: %7Be36db930-f18d-4449-b45f-e286cfb9e03a%7D:4.0.11120600
FF - prefs.js..extensions.enabledAddons: %7Bf01f4cbe-b8a8-4c37-94b3-119d8779e7e0%7D:2.0
FF - prefs.js..extensions.enabledAddons: status4evar%40caligonstudios.com:2013.02.16.23
FF - prefs.js..extensions.enabledAddons: %7BAA052FD6-366A-4771-A591-0D8DC551585D%7D:1.1.28
FF - prefs.js..extensions.enabledAddons: fabtab%40captaincaveman.nl:1.5.2
FF - prefs.js..extensions.enabledAddons: personas%40christopher.beard:1.7.2.1
FF - prefs.js..extensions.enabledAddons: %7B19503e42-ca3c-4c27-b1e2-9cdb2170ee34%7D:1.5.5.5
FF - prefs.js..extensions.enabledAddons: %7B1018e4d6-728f-4b20-ad56-37578a4de76b%7D:4.2.11
FF - prefs.js..extensions.enabledAddons: %7B73a6fe31-595d-460b-a920-fcc0f8843232%7D:2.6.7.1
FF - prefs.js..extensions.enabledAddons: %7Bada4b710-8346-4b82-8199-5de2b400a6ae%7D:2.1.2
FF - prefs.js..extensions.enabledAddons: wrc%40avast.com:8.0.1489
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:23.0.1
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3
FF - prefs.js..extensions.enabledItems: {AA052FD6-366A-4771-A591-0D8DC551585D}:1.1.20
FF - prefs.js..extensions.enabledItems: {0545b830-f0aa-4d7e-8820-50a4629a56fe}:4.6.5
FF - prefs.js..extensions.enabledItems: {a0faa0a4-f1a7-4098-9a74-21efc3a92372}:4.0.1
FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.8
FF - prefs.js..extensions.enabledItems: [email protected]:3.9.1Lite
FF - prefs.js..extensions.enabledItems: {1018e4d6-728f-4b20-ad56-37578a4de76b}:4.1.1
FF - prefs.js..extensions.enabledItems: {19503e42-ca3c-4c27-b1e2-9cdb2170ee34}:1.2.8.5
FF - prefs.js..extensions.enabledItems: {8620c15f-30dc-4dba-a131-7c5d20cf4a29}:3.1.2
FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:2.0.9.9
FF - prefs.js..extensions.enabledItems: [email protected]:1.6.2
FF - prefs.js..extensions.enabledItems: {ada4b710-8346-4b82-8199-5de2b400a6ae}:1.9.9.3.1
FF - prefs.js..extensions.enabledItems: {e36db930-f18d-4449-b45f-e286cfb9e03a}:4.0.11022100
FF - prefs.js..extensions.enabledItems: {e1c8879e-9db4-4adf-92d2-d4856bd434ef}:1.1.9.2
FF - prefs.js..extensions.enabledItems: {1280606b-2510-4fe0-97ef-9b5a22eafe30}:0.7.5
FF - prefs.js..extensions.enabledItems: {582195F5-92E7-40a0-A127-DB71295901D7}:0.6.4
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf: C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=8: C:\Program Files\Google\Update\1.2.183.17\npGoogleOneClick8.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.8: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2013/08/23 13:53:02 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 23.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 23.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/08/23 15:37:09 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.8\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2013/01/09 11:06:05 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.8\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2013/08/23 15:37:09 | 000,000,000 | ---D | M]

[2009/12/27 17:16:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jc\AppData\Roaming\mozilla\Extensions
[2009/12/27 17:16:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jc\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2013/08/24 21:45:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jc\AppData\Roaming\mozilla\Firefox\Profiles\l2q0i38z.default\extensions
[2013/08/11 21:24:28 | 000,000,000 | ---D | M] (Flagfox) -- C:\Users\Jc\AppData\Roaming\mozilla\Firefox\Profiles\l2q0i38z.default\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}
[2013/07/03 20:50:29 | 000,000,000 | ---D | M] (ReminderFox) -- C:\Users\Jc\AppData\Roaming\mozilla\Firefox\Profiles\l2q0i38z.default\extensions\{ada4b710-8346-4b82-8199-5de2b400a6ae}
[2010/01/25 17:21:49 | 000,000,000 | ---D | M] (text/plain) -- C:\Users\Jc\AppData\Roaming\mozilla\Firefox\Profiles\l2q0i38z.default\extensions\{e1c8879e-9db4-4adf-92d2-d4856bd434ef}
[2011/12/15 10:11:42 | 000,000,000 | ---D | M] (Wired-Marker) -- C:\Users\Jc\AppData\Roaming\mozilla\Firefox\Profiles\l2q0i38z.default\extensions\{e36db930-f18d-4449-b45f-e286cfb9e03a}
[2013/03/27 09:54:24 | 000,085,870 | ---- | M] () (No name found) -- C:\Users\Jc\AppData\Roaming\mozilla\firefox\profiles\l2q0i38z.default\extensions\[email protected]
[2013/04/29 12:11:36 | 000,346,768 | ---- | M] () (No name found) -- C:\Users\Jc\AppData\Roaming\mozilla\firefox\profiles\l2q0i38z.default\extensions\[email protected]
[2013/02/18 09:55:39 | 000,151,803 | ---- | M] () (No name found) -- C:\Users\Jc\AppData\Roaming\mozilla\firefox\profiles\l2q0i38z.default\extensions\[email protected]
[2013/06/13 09:58:52 | 000,350,663 | ---- | M] () (No name found) -- C:\Users\Jc\AppData\Roaming\mozilla\firefox\profiles\l2q0i38z.default\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}.xpi
[2012/01/06 16:39:09 | 000,244,900 | ---- | M] () (No name found) -- C:\Users\Jc\AppData\Roaming\mozilla\firefox\profiles\l2q0i38z.default\extensions\{582195F5-92E7-40a0-A127-DB71295901D7}.xpi
[2013/08/16 14:11:35 | 000,534,203 | ---- | M] () (No name found) -- C:\Users\Jc\AppData\Roaming\mozilla\firefox\profiles\l2q0i38z.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
[2013/02/18 09:55:39 | 000,201,966 | ---- | M] () (No name found) -- C:\Users\Jc\AppData\Roaming\mozilla\firefox\profiles\l2q0i38z.default\extensions\{AA052FD6-366A-4771-A591-0D8DC551585D}.xpi
[2013/08/02 10:39:50 | 000,824,302 | ---- | M] () (No name found) -- C:\Users\Jc\AppData\Roaming\mozilla\firefox\profiles\l2q0i38z.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2011/10/31 14:16:58 | 000,434,392 | ---- | M] () (No name found) -- C:\Users\Jc\AppData\Roaming\mozilla\firefox\profiles\l2q0i38z.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}.xpi
[2011/03/23 15:12:11 | 000,008,977 | ---- | M] () (No name found) -- C:\Users\Jc\AppData\Roaming\mozilla\firefox\profiles\l2q0i38z.default\extensions\{f01f4cbe-b8a8-4c37-94b3-119d8779e7e0}.xpi
[2009/09/10 17:55:27 | 000,467,548 | ---- | M] () (No name found) -- C:\Users\Jc\AppData\Roaming\mozilla\firefox\profiles\l2q0i38z.default\WiredMarker\cache\2009\09\10\17\d144047a3e1c4a47ab29763ea38d90bb\20090910175343\update_files\3.xpi
[2013/05/17 12:46:42 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2013/08/19 19:22:50 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2013/08/23 13:53:02 | 000,000,000 | ---D | M] (avast! Online Security) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
[2003/03/18 21:20:00 | 001,060,864 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\mfc71.dll
[2003/02/21 04:42:22 | 000,348,160 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\msvcr71.dll
[2011/03/21 17:41:26 | 000,155,648 | ---- | M] (IBM Corporation) -- C:\Program Files\mozilla firefox\plugins\npmfv.dll

O1 HOSTS File: ([2013/08/25 08:31:07 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (PE_IE_Helper Class) - {0941C58F-E461-4E03-BD7D-44C27392ADE1} - C:\Program Files\IBM\Lotus Forms\Viewer\3.5\PEhelper.dll (IBM Corporation)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 181
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1179139014-3224358943-1326240950-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1179139014-3224358943-1326240950-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000 File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 202.156.1.16 218.186.2.16 218.186.2.6
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{252E5999-367D-40D8-B22F-EA0BF0A48123}: DhcpNameServer = 203.116.254.150 203.116.1.94
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{34D24E04-403E-4FE4-8445-ADCFFF1AE03F}: DhcpNameServer = 202.156.1.16 218.186.2.16 218.186.2.6
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{36CACC38-458B-485F-996A-DFB707D43D62}: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DF3ED816-9351-49FB-BE63-FA53244115EF}: DhcpNameServer = 203.116.254.150 203.116.1.94
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (systempropertiesperformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O24 - Desktop WallPaper:
O24 - Desktop BackupWallPaper:
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/08/24 23:03:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Auslogics
[2013/08/24 23:02:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Auslogics
[2013/08/24 23:02:41 | 000,000,000 | ---D | C] -- C:\Program Files\Auslogics
[2013/08/23 15:39:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Foxit Reader
[2013/08/23 15:05:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[2013/08/23 13:53:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
[2013/08/23 13:53:50 | 000,029,816 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2013/08/23 13:53:49 | 000,369,584 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
[2013/08/23 13:53:44 | 000,061,680 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr2.sys
[2013/08/23 13:53:43 | 000,056,080 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2013/08/23 13:53:42 | 000,770,344 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys
[2013/08/23 13:53:33 | 000,066,336 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2013/08/23 13:53:32 | 000,229,648 | ---- | C] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
[2013/08/23 13:52:11 | 000,041,664 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2013/08/23 13:51:44 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2013/08/23 13:50:51 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2013/08/22 13:05:09 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2013/08/21 22:59:23 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013/08/21 22:51:14 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2013/08/21 22:43:04 | 000,000,000 | ---D | C] -- C:\_OTL
[2013/08/21 22:37:49 | 001,018,947 | ---- | C] (Thisisu) -- C:\Users\Jc\Desktop\JRT.exe
[2013/08/20 13:02:55 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Jc\Desktop\OTL.exe
[2013/08/20 12:46:10 | 000,000,000 | ---D | C] -- C:\Users\Jc\Documents\ProcAlyzer Dumps
[2013/08/19 19:36:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2013/08/19 19:35:06 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2013/08/19 19:35:05 | 000,000,000 | ---D | C] -- C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
[2013/08/11 21:30:59 | 000,000,000 | ---D | C] -- C:\Program Files\PDF Split And Merge Basic
[2013/08/11 21:30:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF Split And Merge Basic

========== Files - Modified Within 30 Days ==========

[2013/08/27 21:57:30 | 000,061,440 | ---- | M] ( ) -- C:\Users\Jc\Desktop\VEW.exe
[2013/08/27 21:50:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/08/27 21:36:01 | 000,000,878 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/08/27 21:28:55 | 000,018,688 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/08/27 21:28:55 | 000,018,688 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/08/27 21:21:52 | 000,000,874 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/08/27 21:21:32 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/08/25 08:31:07 | 000,000,098 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts
[2013/08/23 16:13:39 | 000,000,795 | ---- | M] () -- C:\Users\Jc\Application Data\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk
[2013/08/23 15:48:36 | 000,001,995 | ---- | M] () -- C:\Users\Jc\Application Data\Microsoft\Internet Explorer\Quick Launch\Foxit Reader (2).lnk
[2013/08/23 14:27:06 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2013/08/23 13:54:11 | 000,770,344 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys
[2013/08/23 13:54:11 | 000,369,584 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
[2013/08/23 13:54:11 | 000,175,176 | ---- | M] () -- C:\Windows\System32\drivers\aswVmm.sys
[2013/08/23 13:54:11 | 000,000,175 | ---- | M] () -- C:\Windows\System32\drivers\aswVmm.sys.sum
[2013/08/23 13:54:11 | 000,000,175 | ---- | M] () -- C:\Windows\System32\drivers\aswSP.sys.sum
[2013/08/23 13:54:11 | 000,000,175 | ---- | M] () -- C:\Windows\System32\drivers\aswSnx.sys.sum
[2013/08/23 13:40:37 | 000,000,079 | ---- | M] () -- C:\Windows\wininit.ini
[2013/08/22 13:15:45 | 000,891,115 | ---- | M] () -- C:\Users\Jc\Desktop\SecurityCheck.exe
[2013/08/22 09:46:05 | 000,628,874 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013/08/22 09:46:05 | 000,111,026 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013/08/21 22:49:51 | 000,975,858 | ---- | M] () -- C:\Users\Jc\Desktop\adwcleaner.exe
[2013/08/21 22:37:56 | 001,018,947 | ---- | M] (Thisisu) -- C:\Users\Jc\Desktop\JRT.exe
[2013/08/20 21:02:38 | 000,556,604 | ---- | M] () -- C:\Users\Jc\Desktop\3941JD- Flr plan_Before &After.dwg
[2013/08/20 21:02:31 | 000,307,955 | ---- | M] () -- C:\Users\Jc\Desktop\1st FL SAN_revised (rev 3).dwg
[2013/08/20 21:02:16 | 000,102,460 | ---- | M] () -- C:\Users\Jc\Desktop\3941JD- sec-eles.dwg
[2013/08/20 20:40:22 | 000,556,035 | ---- | M] () -- C:\Users\Jc\Desktop\3941JD- Flr plan_Before &After.bak
[2013/08/20 13:36:11 | 000,128,805 | ---- | M] () -- C:\Users\Jc\Desktop\3941JD- Flr plan 3rd sty.pdf
[2013/08/20 13:35:33 | 000,179,267 | ---- | M] () -- C:\Users\Jc\Desktop\3941JD- Flr plan 2nd sty.pdf
[2013/08/20 13:34:46 | 000,168,185 | ---- | M] () -- C:\Users\Jc\Desktop\3941JD- Flr plan 1st sty.pdf
[2013/08/20 13:02:59 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Jc\Desktop\OTL.exe
[2013/08/19 19:22:58 | 000,001,999 | ---- | M] () -- C:\Users\Jc\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2013/08/15 11:02:28 | 000,022,463 | ---- | M] () -- C:\Users\Jc\Desktop\Completed VO List - Daud.pdf
[2013/08/15 09:51:31 | 000,097,210 | ---- | M] () -- C:\Users\Jc\Desktop\Statement of VO Claim.pdf
[2013/08/11 22:00:28 | 000,057,016 | ---- | M] () -- C:\Users\Jc\Desktop\Re_ Please patch up false ceiling within this 2 days (Preparation for chinese new year).pdf
[2013/08/11 21:59:36 | 000,079,354 | ---- | M] () -- C:\Users\Jc\Desktop\Re_ 39_41 Jalan Daud - Defect item (06_12_12).pdf
[2013/08/11 21:58:06 | 000,074,563 | ---- | M] () -- C:\Users\Jc\Desktop\Re_ Defect lists.pdf
[2013/08/11 21:55:46 | 000,070,118 | ---- | M] () -- C:\Users\Jc\Desktop\Re_ Leakages from ceiling.pdf
[2013/08/11 21:44:00 | 000,002,013 | ---- | M] () -- C:\Users\Jc\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Thunderbird.lnk
[2013/08/06 11:30:46 | 000,287,011 | ---- | M] () -- C:\Users\Jc\Desktop\Defence and Counterclaim.pdf
[2013/08/05 10:18:00 | 050,715,213 | ---- | M] () -- C:\Users\Jc\Desktop\6 & 8 Jalan Redop.dwg

========== Files Created - No Company Name ==========

[2013/08/27 21:57:29 | 000,061,440 | ---- | C] ( ) -- C:\Users\Jc\Desktop\VEW.exe
[2013/08/23 15:48:36 | 000,001,995 | ---- | C] () -- C:\Users\Jc\Application Data\Microsoft\Internet Explorer\Quick Launch\Foxit Reader (2).lnk
[2013/08/23 15:39:40 | 000,216,064 | ---- | C] () -- C:\Windows\System32\gcapi_dll.dll
[2013/08/23 13:54:16 | 000,000,175 | ---- | C] () -- C:\Windows\System32\drivers\aswVmm.sys.sum
[2013/08/23 13:54:16 | 000,000,175 | ---- | C] () -- C:\Windows\System32\drivers\aswSnx.sys.sum
[2013/08/23 13:54:12 | 000,000,175 | ---- | C] () -- C:\Windows\System32\drivers\aswSP.sys.sum
[2013/08/23 13:53:41 | 000,175,176 | ---- | C] () -- C:\Windows\System32\drivers\aswVmm.sys
[2013/08/23 13:53:39 | 000,049,376 | ---- | C] () -- C:\Windows\System32\drivers\aswRvrt.sys
[2013/08/23 13:40:27 | 000,000,079 | ---- | C] () -- C:\Windows\wininit.ini
[2013/08/22 13:15:39 | 000,891,115 | ---- | C] () -- C:\Users\Jc\Desktop\SecurityCheck.exe
[2013/08/21 22:49:40 | 000,975,858 | ---- | C] () -- C:\Users\Jc\Desktop\adwcleaner.exe
[2013/08/20 20:57:30 | 000,102,460 | ---- | C] () -- C:\Users\Jc\Desktop\3941JD- sec-eles.dwg
[2013/08/20 20:21:11 | 000,307,955 | ---- | C] () -- C:\Users\Jc\Desktop\1st FL SAN_revised (rev 3).dwg
[2013/08/20 13:36:25 | 000,128,805 | ---- | C] () -- C:\Users\Jc\Desktop\3941JD- Flr plan 3rd sty.pdf
[2013/08/20 13:35:47 | 000,179,267 | ---- | C] () -- C:\Users\Jc\Desktop\3941JD- Flr plan 2nd sty.pdf
[2013/08/20 13:35:10 | 000,168,185 | ---- | C] () -- C:\Users\Jc\Desktop\3941JD- Flr plan 1st sty.pdf
[2013/08/19 20:19:21 | 000,556,604 | ---- | C] () -- C:\Users\Jc\Desktop\3941JD- Flr plan_Before &After.dwg
[2013/08/19 20:19:21 | 000,556,035 | ---- | C] () -- C:\Users\Jc\Desktop\3941JD- Flr plan_Before &After.bak
[2013/08/15 11:02:34 | 000,022,463 | ---- | C] () -- C:\Users\Jc\Desktop\Completed VO List - Daud.pdf
[2013/08/15 09:51:43 | 000,097,210 | ---- | C] () -- C:\Users\Jc\Desktop\Statement of VO Claim.pdf
[2013/08/11 21:59:57 | 000,057,016 | ---- | C] () -- C:\Users\Jc\Desktop\Re_ Please patch up false ceiling within this 2 days (Preparation for chinese new year).pdf
[2013/08/11 21:58:29 | 000,079,354 | ---- | C] () -- C:\Users\Jc\Desktop\Re_ 39_41 Jalan Daud - Defect item (06_12_12).pdf
[2013/08/11 21:56:27 | 000,074,563 | ---- | C] () -- C:\Users\Jc\Desktop\Re_ Defect lists.pdf
[2013/08/11 21:54:57 | 000,070,118 | ---- | C] () -- C:\Users\Jc\Desktop\Re_ Leakages from ceiling.pdf
[2013/08/06 14:23:44 | 050,715,213 | ---- | C] () -- C:\Users\Jc\Desktop\6 & 8 Jalan Redop.dwg
[2013/08/06 11:07:18 | 000,287,011 | ---- | C] () -- C:\Users\Jc\Desktop\Defence and Counterclaim.pdf
[2010/10/20 22:18:01 | 000,005,632 | ---- | C] () -- C:\Users\Jc\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/06/22 16:30:02 | 000,000,193 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
[2009/11/07 00:37:47 | 000,007,600 | ---- | C] () -- C:\Users\Jc\AppData\Local\resmon.resmoncfg
[2009/11/06 22:58:33 | 000,006,196 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2008/02/25 14:21:00 | 000,023,413 | ---- | C] () -- C:\Users\Jc\AppData\Roaming\UserTile.png

========== ZeroAccess Check ==========

[2009/07/14 12:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/02/27 12:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 04:19:04 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/14 09:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2010/01/06 14:41:41 | 000,000,000 | ---D | M] -- C:\Users\Jc\AppData\Roaming\Autodesk
[2009/11/06 22:29:25 | 000,000,000 | ---D | M] -- C:\Users\Jc\AppData\Roaming\Datalayer
[2009/12/27 17:20:07 | 000,000,000 | ---D | M] -- C:\Users\Jc\AppData\Roaming\FlashGet
[2013/08/23 15:40:23 | 000,000,000 | ---D | M] -- C:\Users\Jc\AppData\Roaming\Foxit Software
[2009/11/07 01:29:29 | 000,000,000 | ---D | M] -- C:\Users\Jc\AppData\Roaming\Leadertech
[2009/11/06 22:30:26 | 000,000,000 | ---D | M] -- C:\Users\Jc\AppData\Roaming\muvee Technologies
[2009/11/06 22:30:26 | 000,000,000 | ---D | M] -- C:\Users\Jc\AppData\Roaming\NewSoft
[2010/09/13 12:09:58 | 000,000,000 | ---D | M] -- C:\Users\Jc\AppData\Roaming\PC-FAX TX
[2012/03/07 13:47:15 | 000,000,000 | ---D | M] -- C:\Users\Jc\AppData\Roaming\PureEdge
[2013/06/26 17:13:44 | 000,000,000 | ---D | M] -- C:\Users\Jc\AppData\Roaming\SanDisk
[2013/06/13 09:59:51 | 000,000,000 | ---D | M] -- C:\Users\Jc\AppData\Roaming\SanDisk SecureAccess
[2010/09/13 11:37:47 | 000,000,000 | ---D | M] -- C:\Users\Jc\AppData\Roaming\ScanSoft
[2009/11/06 22:30:27 | 000,000,000 | ---D | M] -- C:\Users\Jc\AppData\Roaming\Sony
[2010/01/04 10:47:15 | 000,000,000 | ---D | M] -- C:\Users\Jc\AppData\Roaming\SystemRequirementsLab
[2009/11/06 22:30:27 | 000,000,000 | ---D | M] -- C:\Users\Jc\AppData\Roaming\Template
[2011/12/27 23:33:15 | 000,000,000 | ---D | M] -- C:\Users\Jc\AppData\Roaming\Thinstall
[2009/12/27 17:16:21 | 000,000,000 | ---D | M] -- C:\Users\Jc\AppData\Roaming\Thunderbird
[2013/08/23 17:24:34 | 000,000,000 | ---D | M] -- C:\Users\Jc\AppData\Roaming\uTorrent
[2012/03/02 15:36:17 | 000,000,000 | ---D | M] -- C:\Users\Jc\AppData\Roaming\WinAVI
[2010/09/13 11:37:59 | 000,000,000 | ---D | M] -- C:\Users\Jc\AppData\Roaming\Zeon
[2012/03/27 15:51:20 | 000,000,000 | ---D | M] -- C:\Users\Jc\AppData\Roaming\ZinioReader4.9310D8F796442B71068C511E15D70529A702D19D.1

< End of report >

Edited by misshot, 27 August 2013 - 08:27 AM.

  • 0

#21
Nutloaf

Nutloaf

    Trusted Helper

  • Malware Removal
  • 1,790 posts
Hi There Misshot thanks for those logs. I am pleased to say that the log is clean. :)

We will try to create some more disk space with the first 2 instructions and then remove our tools. I want to know in your next post how much free disk space you have.


1. Create Restore Point and Remove OTL

Copy the entire text in the Quote box below, do not include the word QUOTE and Paste into the Custom Scans/Fixes box in OTL.

:COMMANDS
[CREATERESTOREPOINT]

  • Then click Run Fix
  • When complete a log file will tell you if sucessfull. I do not need to see this, but it needs to be succesfull to carry out STEP 2
  • Now click the CleanUp button on OTL. This will delete the log files, and OTL itself.
  • Click O.K to Reboot.

2. Flush Old System Restore Points

  • Click on Start(Windows 7 Orb) >> All Programs >> Accessories >> System Tools >> right-click on Disk Cleanup and select Run as Administrator.
  • If prompted Select the system drive, C then OK.
  • Ensure the boxes for Recycle Bin, Temporary Files and Temporary Internet Files are checked.
  • Now click on the More Options tab. If not shown - Click on Clean up system files >> Select the system drive, C then OK. now click More Options Tab.
  • Under:- System Restore and Shadow Copies Click on Clean up... select Delete >> OK then Delete Files.

3. Uninstall ADWcleaner

  • Open ADWcleaner and select uninstall.


4. Delete JRT icons

  • Right click the Junkware Removal Tool Icon and select Delete
  • Click Start then Computer and double-click Local Disk (C:) and delete the JRT Folder if present.

5. Delete Security Check Icon
  • Right click the Security Check Icon and select Delete

6. Uninstall

  • Click Start then select Control Panel
  • In control panel click Uninstall a Program or Programs and Features and uninstall the following:
  • ESET Online Scanner
  • Auslogic DiskDefrag

Things I want to see in your next post.

  • How much Free Space do you have?

  • 0

#22
misshot

misshot

    Member

  • Topic Starter
  • Member
  • PipPip
  • 55 posts
I delete almost all except Auslogic DiskDefrag and ESET Online Scanner. Think i will use them often to check if the system got infected again or not.

After transferring some data and done some housekeeping, now i have 21GB of free space. :)
  • 0

#23
Nutloaf

Nutloaf

    Trusted Helper

  • Malware Removal
  • 1,790 posts
Hello there Misshot :)

I delete almost all except Auslogic DiskDefrag and ESET Online Scanner

I would like you to delete these as well:
  • ESET - I start a fresh scan each time it is used to ensure the latest definitions are in place. I never delete the scan results using ESET unless necessary. ESET can remove things it shouldn't. Best leave this to us :thumbsup:
  • Auslogic - I only used this as the Windows Defrag may not have worked with low disk space. The tool didn't work from the results also Auslogic has other tools installed that I want you to avoid. Registry Cleaners and performance boosters. Please uninstall this. :)

I am pleased that you have more room. 21 GB is much better, but you still could do with freeing up more. I am happy if you are happy with the running of the machine. Subject to no further problems I ask you to carry out these final important steps.

1. Schedule a Weekly Defrag

  • Click Start and in the search box type: defragm from the list click Defragment Your Hard Drive
  • Click Configure Schedule... in the box that appears ensure that a weekly scan is scheduled for Disk C: and click O.K
  • Now select Analyze Disk once analysis complete click Defragment Disk
  • Windows will defragment your hard drive once a week and is run in the background. I have never noticed any performance issues when running defrag.

2. ENSURE AUTOMATIC UPDATES ARE ENABLED
All security updates released by Microsoft must be Automatically Installed.
  • Click Start and in the search box type windows update and press ENTER.
  • Click Change Settings and make sure the Install updates automatically (recommended) option is selected, if not select it and click O.K to save settings.


3. Do You Need Java? Please read:
  • Java is one of the most exploited software at this time and the majority of home users can do without it. Installing the latest updates is also important
  • The easiest way to find out if Java is needed is to disable Java in your web browser. (see link below)
  • If a trusted program or webpage asks for Java then enable it, otherwise Uninstall completely using JavaRa

    Update or Remove Java

  • Use this link to download JavaRa
  • Run JavaRa.exe, then click on Remove Java Runtime.
  • Select the Java version you have from the drop down list, and then click on Run Uninstaller
  • Press Yes if it asks to uninstall the product.
  • Allow the uninstaller to remove the installed version.
  • Follow the next steps only if you want to install the latest version
  • When its finished, go back to JavaRa, and click Back
  • Click on Update Java Runtime and then select Download and install latest version.
  • Press Next
  • Press Java Manual Download.
  • A browser window will open with the Java download page.
  • Click the Windows offline link to download Java.
  • Run the installer.
  • Close JavaRa


Tips For A Clean Surf with Toolbar and Homepage free waves

Avoid the following
  • Torrent downloaders, Torrent files and Torrent sites. - Otherwise known as P2P. The files are mainly illegal, contain malware and\or adult material. Steer clear of P2P programs and files..
  • Registry Cleaners - Like CC cleaner can clean a little too much and remove needed entries. The best thing to do with the registry is leave it be.
  • PC Performance Boosters. - Programs that promise to speed up your PC. These are useless and\or come packed with Toolbars and other uneeded software that runs in the background causing, you guessed it Performance Issues!
  • Not Checking Install Screens - Dont just click next, next, next and Install when installing programs. Some of the screens may contain Browsers or Toolbars. Check each screen before clicking next.


The main thing is to Keep On Top Of Your Updates for Windows, Java, Adobe, Antivirus etc, and run Weekly Scans with Malwarebytes and Avast.

I will keep this post open for 24 hours if you need assistance. If after that you need help then please start a new Topic in the appropriate forum.


Select the following link and add it to your Favourites or Bookmark for future use. The answers to the majority of PC problems. :wave:
  • 0

#24
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP