Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Perpetually infected by viruses including Bitcoin and others [Solved]

virus malware

  • This topic is locked This topic is locked

#1
adai2020

adai2020

    Member

  • Member
  • PipPip
  • 66 posts

Hi,

 

My computer used to respond quickly to all issued commands and was very reponsive initially. However, lately my computer has dramatically slowed down in responding to inputs such as opening files, opening programs, editing pdf files, editing documents in LaTeX, and etc. The computer freezes and displays a "program not responding" sign almost every now and then.

 

My computer comes installed with TrendMicro OfficeScan. TrendMicro OfficeScan used to produce pop-ups saying "Bitcoin Trojans" were detected but was unable to remove them. Upon scouring the internet, I had then used RougeKiller and Malwarebytes tool to scan and delete all found infections. 

 

Despite using TrendMicro OfficeScan, and other virus removal tools as mentioned above, I believe my computer is still somehow getting continuously infected and the infection is slowing down the computer. My computer remains to be dramatically slow despite all scanning using virus removal tools. Just recently, Trend Micro OfficeScan again popped up saying that "Mal_Hifrm" virus was found and it continously seems to find some malwares every now and then.

 

Any help in determining the reason slowing down my computer is greatly appreciated. Thanks a lot for your help.

 

I have attached the OTL logfile below.

 

 

 

OTL logfile created on: 24/4/2014 7:39:18 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\A0033498\Desktop
 Enterprise Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00004809 | Country: Singapore | Language: ENE | Date Format: d/M/yyyy
 
3.00 Gb Total Physical Memory | 2.02 Gb Available Physical Memory | 67.21% Memory free
6.78 Gb Paging File | 4.23 Gb Available in Paging File | 62.37% Paging File free
Paging file location(s): c:\pagefile.sys 1000 4000d:\pagef [Binary data over 200 bytes]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 225.33 Gb Total Space | 107.66 Gb Free Space | 47.78% Space Free | Partition Type: NTFS
Drive D: | 225.33 Gb Total Space | 40.51 Gb Free Space | 17.98% Space Free | Partition Type: NTFS
Drive H: | 4.00 Mb Total Space | 2.26 Mb Free Space | 56.40% Space Free | Partition Type: NTFS
Drive I: | 1378.64 Gb Total Space | 269.90 Gb Free Space | 19.58% Space Free | Partition Type: NTFS
Drive U: | 4.00 Gb Total Space | 3.99 Gb Free Space | 99.85% Space Free | Partition Type: NTFS
 
Computer Name: U715025-PC | User Name: a0033498 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2014/04/24 19:38:49 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\A0033498\Desktop\OTL.exe
PRC - [2014/02/21 22:04:06 | 000,841,096 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\Macromed\Flash\FlashUtil32_12_0_0_70_ActiveX.exe
PRC - [2014/01/03 08:46:10 | 030,714,328 | ---- | M] (Dropbox, Inc.) -- C:\Users\A0033498\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2013/11/01 18:30:48 | 010,717,128 | ---- | M] () -- C:\Program Files\TeXstudio\texstudio.exe
PRC - [2013/05/23 19:29:02 | 000,458,904 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\OfficeScan Client\CNTAoSMgr.exe
PRC - [2013/05/10 15:57:36 | 000,375,872 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrobat.exe
PRC - [2013/05/10 00:57:44 | 001,465,920 | ---- | M] (Adobe Systems Incorporated) -- c:\Program Files\Adobe\Acrobat 10.0\Acrobat\AcroRd32.exe
PRC - [2013/01/04 10:59:29 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2011/08/29 03:23:20 | 001,105,744 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\OfficeScan Client\PccNTMon.exe
PRC - [2011/08/26 01:52:34 | 001,828,032 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\OfficeScan Client\TmListen.exe
PRC - [2011/08/26 01:43:18 | 001,900,904 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\OfficeScan Client\NTRtScan.exe
PRC - [2011/06/16 16:46:22 | 000,345,616 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\BM\TMBMSRV.exe
PRC - [2011/03/30 09:12:18 | 000,310,944 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
PRC - [2010/09/25 01:54:32 | 001,786,168 | ---- | M] (Piriform Ltd) -- C:\Program Files\CCleaner\CCleaner.exe
PRC - [2010/04/05 14:50:00 | 000,757,064 | R--- | M] (WinZip Computing, S.L.) -- C:\Program Files\WinZip\WzPreviewer32.exe
PRC - [2010/04/05 14:50:00 | 000,318,792 | R--- | M] (WinZip Computing, S.L.) -- C:\Program Files\WinZip\WZSRVR32.EXE
PRC - [2009/08/03 13:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/07/21 14:40:50 | 000,174,616 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\AMT\LMS.exe
PRC - [2009/07/14 09:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2009/07/14 09:14:28 | 000,031,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\prevhost.exe
PRC - [2009/06/04 19:03:06 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2014/01/03 08:45:04 | 003,558,400 | ---- | M] () -- C:\Users\A0033498\AppData\Roaming\Dropbox\bin\wxmsw28uh_vc.dll
MOD - [2013/11/01 18:30:48 | 010,717,128 | ---- | M] () -- C:\Program Files\TeXstudio\texstudio.exe
MOD - [2013/10/19 07:55:02 | 025,100,288 | ---- | M] () -- C:\Users\A0033498\AppData\Roaming\Dropbox\bin\libcef.dll
MOD - [2013/06/24 18:48:54 | 000,259,072 | ---- | M] () -- C:\Program Files\TeXstudio\liblcms2.dll
MOD - [2013/06/24 18:48:54 | 000,080,896 | ---- | M] () -- C:\Program Files\TeXstudio\libz.dll
MOD - [2013/06/24 18:48:18 | 002,020,352 | ---- | M] () -- C:\Program Files\TeXstudio\libpoppler.dll
MOD - [2013/06/24 18:48:16 | 000,409,600 | ---- | M] () -- C:\Program Files\TeXstudio\libpoppler-qt4.dll
MOD - [2013/06/24 18:48:16 | 000,260,096 | ---- | M] () -- C:\Program Files\TeXstudio\libcurl.dll
MOD - [2013/06/24 18:48:00 | 000,038,912 | ---- | M] () -- C:\Program Files\TeXstudio\libgcc_s_sjlj-1.dll
MOD - [2013/06/24 18:47:22 | 000,473,088 | ---- | M] () -- C:\Program Files\TeXstudio\libfreetype.dll
MOD - [2013/06/24 18:47:22 | 000,318,464 | ---- | M] () -- C:\Program Files\TeXstudio\libtiff3.dll
MOD - [2013/06/24 18:47:10 | 000,199,168 | ---- | M] () -- C:\Program Files\TeXstudio\libjpeg.dll
MOD - [2013/06/24 18:47:06 | 000,153,600 | ---- | M] () -- C:\Program Files\TeXstudio\libpng15.dll
MOD - [2013/06/24 18:47:06 | 000,125,952 | ---- | M] () -- C:\Program Files\TeXstudio\libopenjpeg.dll
MOD - [2013/05/10 15:57:44 | 000,305,728 | ---- | M] () -- C:\Program Files\Adobe\Acrobat 10.0\Acrobat\sqlite.dll
MOD - [2012/07/28 04:51:52 | 006,549,432 | ---- | M] () -- c:\Program Files\Adobe\Acrobat 10.0\Acrobat\authplay.dll
MOD - [2011/07/19 05:04:08 | 000,296,448 | ---- | M] () -- C:\Program Files\Notepad++\NppShell_04.dll
MOD - [2010/04/18 02:09:16 | 000,108,032 | ---- | M] () -- C:\Program Files\TeXstudio\libgcc_s_dw2-1.dll
MOD - [2009/01/11 04:32:40 | 000,011,362 | ---- | M] () -- C:\Program Files\TeXstudio\mingwm10.dll
 
 
========== Services (SafeList) ==========
 
SRV - [2014/04/19 02:38:25 | 000,766,040 | ---- | M] (Webroot) [Auto | Stopped] -- C:\Program Files\Webroot\WRSA.exe -- (WRSVC)
SRV - [2014/02/21 23:04:05 | 000,257,928 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/06/21 09:53:36 | 000,162,408 | R--- | M] (Skype Technologies) [Disabled | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013/05/10 00:57:24 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/05/06 21:33:45 | 000,408,888 | ---- | M] (Symantec Corporation) [Disabled | Stopped] -- C:\Program Files\Altiris\Altiris Agent\Agents\WMIProviderAgent\AltirisAgentProvider.exe -- (AltirisAgentProvider)
SRV - [2013/05/06 21:12:37 | 001,548,088 | ---- | M] (Symantec Corporation) [Disabled | Stopped] -- C:\Program Files\Altiris\Altiris Agent\AeXNSAgent.exe -- (AeXNSClient)
SRV - [2011/10/21 15:08:42 | 000,213,376 | ---- | M] (FileOpen Systems Inc.) [Disabled | Stopped] -- C:\Program Files\FileOpen\Services\FileOpenManagerSvc32.exe -- (FileOpenManagerSvc)
SRV - [2011/08/26 01:52:34 | 001,828,032 | ---- | M] (Trend Micro Inc.) [Auto | Running] -- C:\Program Files\Trend Micro\OfficeScan Client\TmListen.exe -- (tmlisten)
SRV - [2011/08/26 01:43:18 | 001,900,904 | ---- | M] (Trend Micro Inc.) [Auto | Running] -- C:\Program Files\Trend Micro\OfficeScan Client\NTRtScan.exe -- (ntrtscan)
SRV - [2011/06/16 16:46:22 | 000,345,616 | ---- | M] (Trend Micro Inc.) [On_Demand | Running] -- C:\Program Files\Trend Micro\BM\TMBMSRV.exe -- (TMBMServer)
SRV - [2011/04/15 12:20:54 | 000,689,680 | ---- | M] (Trend Micro Inc.) [On_Demand | Stopped] -- C:\Program Files\Trend Micro\OfficeScan Client\TmProxy.exe -- (TmProxy)
SRV - [2010/10/01 02:52:50 | 000,067,904 | ---- | M] (Nalpeiron Ltd.) [Disabled | Stopped] -- C:\Windows\System32\NLSSRV32.EXE -- (nlsX86cc)
SRV - [2010/07/19 11:18:34 | 000,250,145 | ---- | M] (INCA Internet Co., Ltd.) [Disabled | Stopped] -- C:\Windows\System32\npstartersvc.exe -- (nPStarterSVC)
SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009/07/21 14:40:56 | 002,066,968 | ---- | M] (Intel Corporation) [Disabled | Stopped] -- C:\Program Files\Common Files\Intel\Privacy Icon\UNS\UNS.exe -- (UNS)
SRV - [2009/07/21 14:40:50 | 000,174,616 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\AMT\LMS.exe -- (LMS)
SRV - [2009/07/14 09:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009/07/14 09:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/14 09:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/14 09:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009/06/04 19:03:06 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON)
SRV - [2007/01/31 04:57:12 | 001,198,080 | ---- | M] (United Devices, Inc.) [Disabled | Stopped] -- C:\Program Files\United Devices\mpagent\MPAGENT.EXE -- (mpagent)
SRV - [2002/10/04 04:02:32 | 000,118,784 | ---- | M] () [Disabled | Stopped] -- C:\Windows\System32\urtclsvc.exe -- (urtclientservice)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | Boot | Running] -- System32\drivers\WRkrn.sys -- (WRkrn)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\nvhda32v.sys -- (NVHDA)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\lmimirr.sys -- (lmimirr)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\dsNcAdpt.sys -- (dsNcAdpt)
DRV - File not found [Kernel | Auto | Stopped] --  -- (adfs)
DRV - [2014/04/24 15:53:57 | 000,107,736 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\MBAMSwissArmy.sys -- (MBAMSwissArmy)
DRV - [2013/09/02 15:58:46 | 000,263,072 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\tmcomm.sys -- (tmcomm)
DRV - [2013/08/14 15:24:22 | 000,263,968 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Program Files\Trend Micro\OfficeScan Client\TmXPFlt.sys -- (TmFilter)
DRV - [2013/08/14 15:24:10 | 000,036,128 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Program Files\Trend Micro\OfficeScan Client\tmpreflt.sys -- (TmPreFilter)
DRV - [2013/08/14 14:53:10 | 001,517,600 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Program Files\Trend Micro\OfficeScan Client\vsapiNT.sys -- (VSApiNt)
DRV - [2012/02/14 06:08:00 | 000,013,560 | ---- | M] (GFI Software) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\gfibto.sys -- (gfibto)
DRV - [2011/07/20 01:28:40 | 000,068,368 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\tmactmon.sys -- (tmactmon)
DRV - [2011/07/20 01:28:40 | 000,059,152 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\tmevtmgr.sys -- (tmevtmgr)
DRV - [2010/12/07 14:58:38 | 000,090,448 | ---- | M] (Trend Micro Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\tmtdi.sys -- (tmtdi)
DRV - [2010/09/22 16:17:32 | 000,015,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpdispm.sys -- (RDPDISPM)
DRV - [2010/07/19 11:18:23 | 000,126,048 | ---- | M] (Kings Information & Network) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\kcrtx86.sys -- (kcrtx86)
DRV - [2010/07/19 11:18:23 | 000,021,432 | ---- | M] (SoftForum Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\JRSKD24.SYS -- (JRSKD24)
DRV - [2010/07/19 11:18:23 | 000,012,728 | ---- | M] (SoftForum Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\JRSUKD25.SYS -- (JRSUKD25)
DRV - [2010/05/13 14:55:18 | 000,047,712 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\NPIdsVt.sys -- (NPIDS)
DRV - [2009/11/09 11:21:18 | 000,059,388 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\scdemu.sys -- (SCDEmu)
DRV - [2009/07/14 09:19:10 | 000,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2009/07/14 09:19:10 | 000,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2009/07/14 09:19:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2009/07/14 08:15:00 | 009,788,480 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2009/07/14 07:28:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2009/07/14 07:28:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2009/07/14 07:12:52 | 000,030,720 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tpm.sys -- (TPM)
DRV - [2009/06/23 13:28:12 | 000,040,832 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HECI.sys -- (HECI)
DRV - [2009/06/22 11:04:24 | 000,202,408 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1k6232.sys -- (e1kexpress)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com
IE - HKCU\..\SearchScopes,DefaultScope = {56D72E4E-A828-49B5-B5E4-646D5F8EEC9E}
IE - HKCU\..\SearchScopes\{56D72E4E-A828-49B5-B5E4-646D5F8EEC9E}: "URL" = http://www.google.co...1I7ADFA_enSG496
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledItems: {eaea6202-fd19-c776-c433-759de74b7e4d}:1.0
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.0
FF - prefs.js..browser.startup.homepage: "www.google.com"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_12_0_0_70.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.51.2: C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.51.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.4: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3505.0912: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.450: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.448: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.448: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:  File not found
FF - HKLM\Software\MozillaPlugins\@softforum.com/npKeyPro: C:\Windows\system32\npKeyPro.dll (SoftForum Co., Ltd.)
FF - HKLM\Software\MozillaPlugins\@softforum.com/npxwebplugins:  File not found
FF - HKLM\Software\MozillaPlugins\@softforum.com/npxwebplugins_file:  File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@wolfram.com/Mathematica: C:\Program Files\Common Files\Wolfram Research\Browser\8.0.4.2615434\npmathplugin.dll (Wolfram Research, Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\A0033498\AppData\Local\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\A0033498\AppData\Local\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}: C:\Program Files\Adobe\Adobe Contribute CS5.1\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9} [2012/06/06 15:30:35 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2013/06/05 09:01:07 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/08/21 17:05:25 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/06/05 09:01:22 | 000,000,000 | ---D | M]
 
[2010/09/23 03:07:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\A0033498\AppData\Roaming\mozilla\Extensions
[2014/04/18 22:15:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\A0033498\AppData\Roaming\mozilla\Firefox\Profiles\vwrpn3h1.default\extensions
[2014/02/17 15:10:08 | 000,000,000 | ---D | M] (No name found) -- C:\Users\A0033498\AppData\Roaming\mozilla\Firefox\Profiles\vwrpn3h1.default\extensions\staged
[2011/05/15 20:04:49 | 000,000,000 | ---D | M] (Zotero) -- C:\Users\A0033498\AppData\Roaming\mozilla\Firefox\Profiles\vwrpn3h1.default\extensions\[email protected]
[2011/05/15 20:08:26 | 000,000,000 | ---D | M] (Zotero WinWord Integration) -- C:\Users\A0033498\AppData\Roaming\mozilla\Firefox\Profiles\vwrpn3h1.default\extensions\[email protected]
[2013/02/09 00:32:06 | 000,213,444 | ---- | M] () (No name found) -- C:\Users\A0033498\AppData\Roaming\mozilla\firefox\profiles\vwrpn3h1.default\extensions\[email protected]
[2012/06/28 15:31:35 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/04/15 00:41:09 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/01/12 16:58:30 | 000,917,816 | ---- | M] (BitComet) -- C:\Program Files\mozilla firefox\plugins\npBitCometAgent.dll
[2010/01/01 16:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
 
O1 HOSTS File: ([2012/08/18 02:11:40 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (ContributeBHO Class) - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\Adobe Contribute CS5.1\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.9012.1008\swg.dll (Google Inc.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\Adobe Contribute CS5.1\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [OfficeScanNT Monitor] C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe (Trend Micro Inc.)
O4 - Startup: C:\Users\A0033498\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\A0033498\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideFastUserSwitching = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\kerberos\parameters: supportedencryptiontypes = 2147483647
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html File not found
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: nus.edu.sg ([]* in Local intranet)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.micros...n/ieawsdc32.cab (Microsoft Office Template and Media Control)
O16 - DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} http://www.caminova....le.aspx?lang=en (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.51.2)
O16 - DPF: {B479199A-1242-4E3C-AD81-7F0DF801B4AE} http://download.micr...loadManager.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.51.2)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 137.132.0.252 137.132.0.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = stf.nus.edu.sg
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DAA9E2B3-2338-4640-A43F-3A0CC84B359E}: DhcpNameServer = 137.132.0.252 137.132.0.254
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/11 05:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2008/11/11 17:41:58 | 000,000,000 | ---D | M] - I:\autocad-viewer -- [ NTFS ]
O33 - MountPoints2\{23dc31f1-c451-11df-9893-0025110a65b4}\Shell - "" = AutoRun
O33 - MountPoints2\{23dc31f1-c451-11df-9893-0025110a65b4}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O33 - MountPoints2\{619b8cd6-3baa-11e2-bdb2-0025110a65b4}\Shell - "" = AutoRun
O33 - MountPoints2\{619b8cd6-3baa-11e2-bdb2-0025110a65b4}\Shell\AutoRun\command - "" = G:\INSTALL\READER\ACRORD32.EXE PDF/MAIN.PDF
O33 - MountPoints2\{bd425607-b105-11df-bd45-0025110a65b4}\Shell - "" = AutoRun
O33 - MountPoints2\{bd425607-b105-11df-bd45-0025110a65b4}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2014/04/24 19:38:45 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\A0033498\Desktop\OTL.exe
[2014/04/20 22:44:49 | 000,000,000 | ---D | C] -- C:\Users\A0033498\AppData\Local\CrashDumps
[2014/04/19 02:38:25 | 000,000,000 | ---D | C] -- C:\Program Files\Webroot
[2014/04/19 01:18:26 | 000,000,000 | ---D | C] -- C:\FRST
[2014/04/19 00:56:06 | 000,044,424 | ---- | C] (GFI Software) -- C:\Windows\System32\sbbd.exe
[2014/04/19 00:56:06 | 000,013,560 | ---- | C] (GFI Software) -- C:\Windows\System32\drivers\gfibto.sys
[2014/04/19 00:56:03 | 000,000,000 | ---D | C] -- C:\Program Files\VIPRE
[2014/04/19 00:55:53 | 000,000,000 | ---D | C] -- C:\Users\A0033498\AppData\Roaming\VIPRE
[2014/04/19 00:55:53 | 000,000,000 | ---D | C] -- C:\Users\A0033498\AppData\Local\VIPRE
[2014/04/18 22:26:00 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2014/04/18 22:25:52 | 000,000,000 | --SD | C] -- C:\32788R22FWJFW
[2014/04/18 21:53:57 | 000,000,000 | ---D | C] -- C:\Users\A0033498\Desktop\RK_Quarantine
[2014/04/12 23:48:31 | 000,107,736 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\MBAMSwissArmy.sys
[2014/04/12 23:48:07 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes Anti-Malware
[2014/04/12 23:48:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2014/04/12 14:54:08 | 000,000,000 | ---D | C] -- C:\Program Files\Aurora
[2014/04/12 14:40:27 | 000,000,000 | ---D | C] -- C:\Users\A0033498\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Aurora
[2014/04/12 14:40:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Aurora
[1 C:\Users\A0033498\Desktop\*.tmp files -> C:\Users\A0033498\Desktop\*.tmp -> ]
[1 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2014/04/24 19:38:49 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\A0033498\Desktop\OTL.exe
[2014/04/24 19:09:02 | 000,000,920 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1086020445-1760312889-1512734326-400438UA.job
[2014/04/24 19:04:08 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/04/24 18:59:02 | 000,000,890 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/04/24 16:31:07 | 000,057,385 | ---- | M] () -- C:\Users\A0033498\Desktop\11383132255-285973481-ticket.pdf
[2014/04/24 15:53:57 | 000,107,736 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\MBAMSwissArmy.sys
[2014/04/24 03:59:03 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/04/24 00:37:07 | 000,008,966 | ---- | M] () -- C:\Windows\cfgall.ini
[2014/04/23 23:09:01 | 000,000,868 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1086020445-1760312889-1512734326-400438Core.job
[2014/04/21 12:34:09 | 000,785,712 | ---- | M] () -- C:\Windows\System32\perfh00C.dat
[2014/04/21 12:34:09 | 000,736,996 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2014/04/21 12:34:09 | 000,717,682 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2014/04/21 12:34:09 | 000,458,038 | ---- | M] () -- C:\Windows\System32\perfh011.dat
[2014/04/21 12:34:09 | 000,440,440 | ---- | M] () -- C:\Windows\System32\prfh0804.dat
[2014/04/21 12:34:09 | 000,165,012 | ---- | M] () -- C:\Windows\System32\perfc00C.dat
[2014/04/21 12:34:09 | 000,164,502 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2014/04/21 12:34:09 | 000,145,288 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2014/04/21 12:34:09 | 000,143,148 | ---- | M] () -- C:\Windows\System32\prfc0804.dat
[2014/04/21 12:34:09 | 000,137,914 | ---- | M] () -- C:\Windows\System32\perfc011.dat
[2014/04/19 01:14:03 | 000,012,048 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/04/19 01:14:03 | 000,012,048 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/04/19 01:07:27 | 000,001,000 | RHS- | M] () -- C:\Users\A0033498\ntuser.pol
[2014/04/19 01:06:57 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/04/18 21:53:30 | 003,972,608 | ---- | M] () -- C:\Users\A0033498\Desktop\RogueKiller.exe
[2014/04/13 00:32:56 | 003,970,104 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2014/04/13 00:16:14 | 000,181,272 | ---- | M] () -- C:\Windows\RegBootClean.exe
[2014/04/12 20:29:43 | 000,000,036 | ---- | M] () -- C:\Users\A0033498\AppData\Local\housecall.guid.cache
[2014/04/12 20:24:26 | 000,332,728 | ---- | M] () -- C:\Users\A0033498\AppData\Local\census.cache
[2014/04/12 20:24:12 | 000,121,676 | ---- | M] () -- C:\Users\A0033498\AppData\Local\ars.cache
[2014/04/12 20:12:02 | 000,000,010 | ---- | M] () -- C:\Users\A0033498\AppData\Local\sponge.last.runtime.cache
[2014/04/12 20:09:13 | 000,000,184 | ---- | M] () -- C:\Windows\hpbafd.ini
[2014/03/31 14:40:12 | 000,596,394 | ---- | M] () -- C:\Users\A0033498\Desktop\Radio-over-fiber systems.pdf
[2014/03/31 14:39:07 | 004,061,224 | ---- | M] () -- C:\Users\A0033498\Desktop\Hybrid Optical-Wireless Access Networks.pdf
[2014/03/31 14:36:43 | 000,734,336 | ---- | M] () -- C:\Users\A0033498\Desktop\Wireless signals transport schemes in fiber wireless systems.pdf
[1 C:\Users\A0033498\Desktop\*.tmp files -> C:\Users\A0033498\Desktop\*.tmp -> ]
[1 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2014/04/24 16:31:07 | 000,057,385 | ---- | C] () -- C:\Users\A0033498\Desktop\11383132255-285973481-ticket.pdf
[2014/04/18 21:53:27 | 003,972,608 | ---- | C] () -- C:\Users\A0033498\Desktop\RogueKiller.exe
[2014/04/12 20:24:26 | 000,332,728 | ---- | C] () -- C:\Users\A0033498\AppData\Local\census.cache
[2014/04/12 20:24:12 | 000,121,676 | ---- | C] () -- C:\Users\A0033498\AppData\Local\ars.cache
[2014/04/12 20:12:02 | 000,000,010 | ---- | C] () -- C:\Users\A0033498\AppData\Local\sponge.last.runtime.cache
[2014/04/12 20:05:19 | 000,000,036 | ---- | C] () -- C:\Users\A0033498\AppData\Local\housecall.guid.cache
[2014/03/31 14:40:12 | 000,596,394 | ---- | C] () -- C:\Users\A0033498\Desktop\Radio-over-fiber systems.pdf
[2014/03/31 14:39:07 | 004,061,224 | ---- | C] () -- C:\Users\A0033498\Desktop\Hybrid Optical-Wireless Access Networks.pdf
[2014/03/31 14:36:43 | 000,734,336 | ---- | C] () -- C:\Users\A0033498\Desktop\Wireless signals transport schemes in fiber wireless systems.pdf
[2014/02/24 14:56:47 | 000,005,472 | ---- | C] () -- C:\Users\A0033498\AppData\Local\recently-used.xbel
[2014/02/22 18:20:32 | 000,000,184 | ---- | C] () -- C:\Windows\AutoKMS.ini
[2014/02/18 00:29:18 | 000,000,086 | ---- | C] () -- C:\Users\A0033498\gsview32.ini
[2013/06/28 10:47:41 | 000,004,096 | -H-- | C] () -- C:\Users\A0033498\AppData\Local\keyfile3.drm
[2013/02/26 10:37:34 | 000,000,000 | ---- | C] () -- C:\Windows\HPMProp.INI
[2012/10/18 20:46:01 | 000,004,830 | ---- | C] () -- C:\Users\A0033498\AppData\Roaming\LTspiceIV.ini
[2012/09/25 18:45:35 | 000,000,913 | ---- | C] () -- C:\Windows\MD_MicroDiffs.INI
[2012/09/25 18:45:34 | 000,000,913 | ---- | C] () -- C:\Windows\MD_MacroDiffs.INI
[2012/09/25 18:45:34 | 000,000,817 | ---- | C] () -- C:\Windows\CFX.INI
[2012/09/25 18:45:34 | 000,000,144 | ---- | C] () -- C:\Windows\FifX_v2.INI
[2012/08/16 17:27:13 | 000,000,600 | ---- | C] () -- C:\Users\A0033498\AppData\Local\PUTTY.RND
[2012/07/21 00:11:58 | 000,181,272 | ---- | C] () -- C:\Windows\RegBootClean.exe
[2012/05/29 12:28:06 | 000,180,624 | ---- | C] () -- C:\Windows\System32\Primomonnt.dll
[2012/05/03 09:54:01 | 000,000,600 | ---- | C] () -- C:\Users\A0033498\AppData\Roaming\winscp.rnd
[2011/06/29 10:24:57 | 000,007,602 | ---- | C] () -- C:\Users\A0033498\AppData\Local\Resmon.ResmonCfg
[2010/08/10 15:49:54 | 000,001,000 | RHS- | C] () -- C:\Users\A0033498\ntuser.pol
[2009/11/18 14:49:13 | 000,011,733 | RHS- | C] () -- C:\ProgramData\ntuser.pol
 
========== ZeroAccess Check ==========
 
[2009/07/14 12:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 12:46:56 | 012,868,608 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/07/14 09:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/14 09:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2013/02/18 19:23:54 | 000,000,000 | ---D | M] -- C:\Users\A0033498\AppData\Roaming\BitComet
[2013/11/27 16:51:43 | 000,000,000 | ---D | M] -- C:\Users\A0033498\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2010/09/08 13:12:26 | 000,000,000 | ---D | M] -- C:\Users\A0033498\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2011/08/22 11:28:59 | 000,000,000 | ---D | M] -- C:\Users\A0033498\AppData\Roaming\Design Science
[2010/10/12 10:09:36 | 000,000,000 | ---D | M] -- C:\Users\A0033498\AppData\Roaming\Downloaded Installations
[2014/04/23 19:12:45 | 000,000,000 | ---D | M] -- C:\Users\A0033498\AppData\Roaming\Dropbox
[2013/11/29 00:23:33 | 000,000,000 | ---D | M] -- C:\Users\A0033498\AppData\Roaming\EndNote
[2012/10/08 13:18:33 | 000,000,000 | ---D | M] -- C:\Users\A0033498\AppData\Roaming\Eyes Relax
[2011/12/05 15:21:43 | 000,000,000 | ---D | M] -- C:\Users\A0033498\AppData\Roaming\FileOpen
[2012/05/29 11:45:12 | 000,000,000 | ---D | M] -- C:\Users\A0033498\AppData\Roaming\Foxit Software
[2014/02/27 12:54:18 | 000,000,000 | ---D | M] -- C:\Users\A0033498\AppData\Roaming\inkscape
[2012/11/09 11:02:49 | 000,000,000 | ---D | M] -- C:\Users\A0033498\AppData\Roaming\JAM Software
[2012/08/18 02:09:23 | 000,000,000 | ---D | M] -- C:\Users\A0033498\AppData\Roaming\Juniper Networks
[2013/12/20 09:51:57 | 000,000,000 | ---D | M] -- C:\Users\A0033498\AppData\Roaming\l2rshell
[2013/10/31 02:06:23 | 000,000,000 | ---D | M] -- C:\Users\A0033498\AppData\Roaming\LibreOffice
[2010/10/12 10:13:43 | 000,000,000 | ---D | M] -- C:\Users\A0033498\AppData\Roaming\Nitro PDF
[2014/01/29 12:42:03 | 000,000,000 | ---D | M] -- C:\Users\A0033498\AppData\Roaming\Notepad++
[2012/06/27 13:34:57 | 000,000,000 | ---D | M] -- C:\Users\A0033498\AppData\Roaming\PDF reDirect
[2012/05/29 12:32:12 | 000,000,000 | ---D | M] -- C:\Users\A0033498\AppData\Roaming\PrimoPDF
[2014/01/11 13:41:34 | 000,000,000 | ---D | M] -- C:\Users\A0033498\AppData\Roaming\Publish or Perish
[2012/09/25 18:41:05 | 000,000,000 | ---D | M] -- C:\Users\A0033498\AppData\Roaming\Softinterface, Inc
[2013/01/02 12:22:22 | 000,000,000 | ---D | M] -- C:\Users\A0033498\AppData\Roaming\SSH
[2012/09/19 13:03:59 | 000,000,000 | ---D | M] -- C:\Users\A0033498\AppData\Roaming\System
[2014/04/04 13:04:55 | 000,000,000 | ---D | M] -- C:\Users\A0033498\AppData\Roaming\texstudio
[2014/04/19 00:55:53 | 000,000,000 | ---D | M] -- C:\Users\A0033498\AppData\Roaming\VIPRE
[2012/08/13 20:35:26 | 000,000,000 | ---D | M] -- C:\Users\A0033498\AppData\Roaming\Windows Live Writer
[2010/08/15 16:11:22 | 000,000,000 | ---D | M] -- C:\Users\A0033498\AppData\Roaming\Windows SideBar
[2013/10/31 01:30:57 | 000,000,000 | ---D | M] -- C:\Users\A0033498\AppData\Roaming\WordKutools
[2013/11/23 14:28:29 | 000,000,000 | ---D | M] -- C:\Users\A0033498\AppData\Roaming\xm1
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 129 bytes -> C:\ProgramData\Temp:5B811727
@Alternate Data Stream - 128 bytes -> C:\Windows:nlsPreferences

< End of report >


Edited by adai2020, 24 April 2014 - 06:53 AM.

  • 0

Advertisements


#2
godawgs

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts

Hello adai2020, :wave: Welcome back to the forums!
:welcome:.  My name is godawgs and I will be assisting you with your Virus / Malware issues.
We apologize for the delay in responding to your request for help. Here at GeeksToGo we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

I need to ask a couple of questions:

1.
Do you still need assistance.
2.
Is this a work computer? I ask because it has TrendMicro OfficeScan installed. This program is mainly used by businesses.
 


  • 0

#3
adai2020

adai2020

    Member

  • Topic Starter
  • Member
  • PipPip
  • 66 posts

Dear godawgs,

 

Thanks for your assistance.

 

1. Unfortunately, yes. I still do need help. Even after the use of tools such as RougeKiller and others, the computer just seems to freeze every now and then.

 

2. Yes, this is the computer that I am allocated for work at my institution. I am also given complete administrative rights on this computer, to facilitate the management of tools/softwares needed for work.

 

Thanks,

Adai.


Edited by adai2020, 27 April 2014 - 01:09 PM.

  • 0

#4
godawgs

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts

Hi,
From our Terms of Use:

3. Geeks to Go Support Forum Rules, Policies and Disclaimers

b. We offer free computer help and tech support for home and personal use. We are not here to support others that work for profit, or to support/replace your company's IT department.

 

Having said that, we are willing to help if the company is small and doesn't have a formal IT department. As long as management is aware that we are working on their computer and gives us the ok.

Please let me know what your situation is and we will take it from there.


  • 0

#5
adai2020

adai2020

    Member

  • Topic Starter
  • Member
  • PipPip
  • 66 posts

Dear godawgs,

 

Sorry about not realizing the terms of use.

 

We do have an IT department, but they will not tend to individual issues/computers such as mine. They will be happy as long as the computer remains usable and in the worst case, they will simply instruct a complete re-installation of windows. All problems related to the computer is my own problem as long as I am using it.

 

Even if you are unable to help, I understand and thanks for the offer of help.


  • 0

#6
godawgs

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts

Hi adai2020,

If it is your responsibility to clean the computer up we will be happy to help.

I will start working on your Malware issues. This may, or may not, solve other issues you have with your machine. The fixes are specific to your problem and should only be used for this issue on this machine!

If you have since resolved the issues you were originally experiencing, or have received help elsewhere, please inform me so that this topic can be closed.
If you have not, please adhere to the guidelines below and then carefully follow all future instructions:

You must reply to posts within four days. If you haven't replied within that time, the topic will be closed! If you need additional time to complete things, just let me know.
If you're not sure, or if something unexpected happens, Do NOT continue! Stop and ask!

This board can notify you when a new reply is added to a topic. Please read this topic to find out how to do that.

Please do not run any tools unless instructed to do so.

  • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability. Do as the instructions ask, nothing extra. Do Not run things twice unless instructed.
  • Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
  • If I ask a Question just answer it, don't run anything unless directed to.

Please read every post completely before doing anything.

  • Pay special attention to the NOTE: lines, or anything in red. These entries identify an individual issue or important step in the cleanup process.
  • Please make sure you are saving and printing the instructions out prior to each fix, this way you will have them on hand just in case you are unable to access this site. Some of the steps I will be asking you to do may require you to boot into Safe Mode and this process will be much easier for you to perform if the instructions are printed out for you to follow.
  • Please do not use the Attachment feature for any log file. Do a Copy/Paste of the entire contents of the log file and submit it inside your post unless directed otherwise.

Logs from malware diagnostic or removal programs (OTL is one of them) can take some time to analyze.

  • I need you to be patient while I analyze any logs you post. Please remember, I am a volunteer, and I do have a life outside of these forum, (sometimes :lol: )
  • Attention to detail is important! Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.

Lastly, Please be aware that removing Malware is a hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. Some infections are so severe that we might encounter situations where the only recourse is to re-format and re-install your operating system. Don't worry, this only happens in severe cases, but, sadly, it does happen.
In light of this be prepared to back up your data. Have means of backing up your data available.

IMPORTANT:Change your browser(s) to download any tools to the desktop.
Follow the directions here
For FireFox check the dot beside "Always ask me where to save files."
For Chrome, check the box beside "Ask where to save each file before downloading"
NOTE: IE8 Does not support changing download locations in this manner. You will need to download the tool(s) to the default folder, usually Downloads, then copy them to the desktop.

Fabar Recovery Scan

A.
Download the Tool

  • Please click here to go to the Farbar Recovery Scan Tool download page.
  • Click the Download Now(32bit Version) button and save it to your desktop.

B.
Run the Tool
Close all open Windows and browsers

  • Right click the FRST.exe file and click Run as Administrator to run the tool.
  • When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

 

Things For Your Next Post:
Please post the logs in the order requested. Please don't attach the logs unless I request it.
1. The FRST.txt log
2. The Addition.txt log


  • 0

#7
adai2020

adai2020

    Member

  • Topic Starter
  • Member
  • PipPip
  • 66 posts

Dear godawgs,

 

Prior to receiving your previous reply (post #6), I had used AdwCleaner and Junkware Removal Tool (JRT). The computer then became more responsive to user inputs, and had lesser freezing incidents. In the past, the computer normally speeds up just after a scan by an antivirus tool, only to become sluggish again in the following days. Although the computer now feels more responsive, I am cautious and am not sure whether all viruses/malwares have been removed. I deleted all manually downloaded anti-virus/anti-malware tools to prevent cluttering of the dekstop and to prevent any clash with TrendMicro OfficeScan. This is to let you know what I have done prior to starting your help procedure.

 

Since receiving your previous reply (post #6) and starting the help procedure, I have not run or installed any anti-virus/anti-malware tools besides that in your instruction. I have attached the two logs below. I will not install tools or run scans hereafter without your instruction, so as to not cause any confusion.

 

 

FRST.txt log

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 29-04-2014

Ran by a0033498 (administrator) on U715025-PC on 29-04-2014 21:18:50

Running from C:\Users\A0033498\Desktop

Microsoft Windows 7 Enterprise (X86) OS Language: English(US)

Internet Explorer Version 8

Boot Mode: Normal

The only official download link for FRST:

Download link for 32-Bit version: http://www.bleepingc...can-tool/dl/81/

Download link for 64-Bit Version: http://www.bleepingc...can-tool/dl/82/

Download link from any site other than Bleeping Computer is unpermitted or outdated.

See tutorial for FRST: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe

(Intel Corporation) C:\Program Files\Intel\AMT\LMS.exe

(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe

(Trend Micro Inc.) C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe

(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE

(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe

(Trend Micro Inc.) C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe

(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

(Trend Micro Inc.) C:\Program Files\Trend Micro\OfficeScan Client\CNTAoSMgr.exe

(Trend Micro Inc.) C:\Program Files\Trend Micro\BM\TMBMSRV.exe

(Trend Micro Inc.) C:\Program Files\Trend Micro\OfficeScan Client\PccNTMon.exe

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe

(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe

(Google Inc.) C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

(Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe

(Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

(Design Science, Inc.) C:\Program Files\MathType\MathType.exe

(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe

(Dropbox, Inc.) C:\Users\A0033498\AppData\Roaming\Dropbox\bin\Dropbox.exe

 

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [] => [X]

HKLM\...\Run: [OfficeScanNT Monitor] => C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe [1105744 2011-08-29] (Trend Micro Inc.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [7625248 2009-07-20] (Realtek Semiconductor)

HKU\S-1-5-21-1086020445-1760312889-1512734326-400438\...\Run: [swg] => C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2012-08-12] (Google Inc.)

HKU\S-1-5-21-1086020445-1760312889-1512734326-400438\...\Run: [Google Update] => C:\Users\A0033498\AppData\Local\Google\Update\GoogleUpdate.exe [136176 2010-08-30] (Google Inc.)

HKU\S-1-5-21-1086020445-1760312889-1512734326-400438\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [20922016 2014-02-10] (Skype Technologies S.A.)

HKU\S-1-5-21-1086020445-1760312889-1512734326-400438\...\MountPoints2: {23dc31f1-c451-11df-9893-0025110a65b4} - F:\LaunchU3.exe -a

HKU\S-1-5-21-1086020445-1760312889-1512734326-400438\...\MountPoints2: {619b8cd6-3baa-11e2-bdb2-0025110a65b4} - G:\INSTALL\READER\ACRORD32.EXE PDF/MAIN.PDF

HKU\S-1-5-21-1086020445-1760312889-1512734326-400438\...\MountPoints2: {bd425607-b105-11df-bd45-0025110a65b4} - F:\LaunchU3.exe -a

Startup: C:\Users\A0033498\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk

ShortcutTarget: Dropbox.lnk -> C:\Users\A0033498\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

GroupPolicy: Group Policy on Chrome detected <======= ATTENTION

==================== Internet (Whitelisted) ====================

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

SearchScopes: HKLM - DefaultScope value is missing.

SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =

BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\Adobe Contribute CS5.1\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.)

BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)

BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)

BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)

BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)

BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.9012.1008\swg.dll (Google Inc.)

BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)

BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

BHO: SmartSelect Class - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

Toolbar: HKLM - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

Toolbar: HKLM - Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\Adobe Contribute CS5.1\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.)

Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

Toolbar: HKCU - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.micros...n/ieawsdc32.cab

DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} http://www.caminova....le.aspx?lang=en

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab

DPF: {B479199A-1242-4E3C-AD81-7F0DF801B4AE} http://download.micr...loadManager.cab

DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab

Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)

Tcpip\Parameters: [DhcpNameServer] 137.132.0.252 137.132.0.254

FireFox:

========

FF ProfilePath: C:\Users\A0033498\AppData\Roaming\Mozilla\Firefox\Profiles\vwrpn3h1.default

FF Homepage: www.google.com

FF SelectedSearchEngine: Google

FF NewTab: about:blank

FF DefaultSearchEngine: Google

FF DefaultSearchEngine: Google

FF SelectedSearchEngine: Google

FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_12_0_0_70.dll ()

FF Plugin: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)

FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)

FF Plugin: @java.com/DTPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)

FF Plugin: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF Plugin: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 - C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)

FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)

FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF Plugin: @microsoft.com/OfficeLive,version=1.4 - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)

FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)

FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF Plugin: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF Plugin: @microsoft.com/WLPG,version=16.4.3505.0912 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF Plugin: @real.com/nppl3260;version=6.0.12.450 - C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)

FF Plugin: @real.com/nprjplug;version=1.0.3.448 - C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)

FF Plugin: @real.com/nprpjplug;version=6.0.12.448 - C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)

FF Plugin: @softforum.com/npKeyPro - C:\Windows\system32\npKeyPro.dll (SoftForum Co., Ltd.)

FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)

FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)

FF Plugin: @wolfram.com/Mathematica - C:\Program Files\Common Files\Wolfram Research\Browser\8.0.4.2615434\npmathplugin.dll (Wolfram Research, Inc.)

FF Plugin: Adobe Acrobat - C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)

FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\A0033498\AppData\Local\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)

FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\A0033498\AppData\Local\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npBitCometAgent.dll (BitComet)

FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFF12.DLL (Microsoft Corporation)

FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)

FF Extension: Zotero - C:\Users\A0033498\AppData\Roaming\Mozilla\Firefox\Profiles\vwrpn3h1.default\Extensions\[email protected] [2011-05-15]

FF Extension: Zotero WinWord Integration - C:\Users\A0033498\AppData\Roaming\Mozilla\Firefox\Profiles\vwrpn3h1.default\Extensions\[email protected] [2011-05-15]

FF Extension: Torntv - C:\Users\A0033498\AppData\Roaming\Mozilla\Firefox\Profiles\vwrpn3h1.default\Extensions\[email protected] [2013-02-09]

FF HKLM\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\Program Files\Real\RealPlayer\browserrecord\firefox\ext

FF Extension: RealPlayer Browser Record Plugin - C:\Program Files\Real\RealPlayer\browserrecord\firefox\ext [2009-11-18]

FF HKLM\...\Firefox\Extensions: [{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}] - C:\Program Files\Adobe\Adobe Contribute CS5.1\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}

FF Extension: Adobe Contribute Toolbar - C:\Program Files\Adobe\Adobe Contribute CS5.1\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9} [2012-06-06]

FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn

FF Extension: Adobe Acrobat - Create PDF - C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2012-06-06]

Chrome:

=======

CHR DefaultSearchKeyword: google.com.sg

CHR Extension: (Google Docs) - C:\Users\A0033498\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-04-25]

CHR Extension: (Google Drive) - C:\Users\A0033498\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-04-25]

CHR Extension: (YouTube) - C:\Users\A0033498\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-04-25]

CHR Extension: (Google Search) - C:\Users\A0033498\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-04-25]

CHR Extension: (Google Wallet) - C:\Users\A0033498\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-04-25]

CHR Extension: (Gmail) - C:\Users\A0033498\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-04-25]

CHR StartMenuInternet: Google Chrome - C:\Users\A0033498\AppData\Local\Google\Chrome\Application\chrome.exe

CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

========================== Services (Whitelisted) =================

S4 AeXNSClient; C:\Program Files\Altiris\Altiris Agent\AeXNSAgent.exe [1548088 2013-05-06] (Symantec Corporation)

S4 AltirisAgentProvider; C:\Program Files\Altiris\Altiris Agent\Agents\WMIProviderAgent\AltirisAgentProvider.exe [408888 2013-05-06] (Symantec Corporation)

S4 mpagent; C:\Program Files\United Devices\mpagent\MPAGENT.EXE [1198080 2007-01-31] (United Devices, Inc.)

S4 nPStarterSVC; C:\Windows\system32\nPStarterSVC.exe [250145 2010-07-19] (INCA Internet Co., Ltd.)

R2 ntrtscan; C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe [1900904 2011-08-26] (Trend Micro Inc.)

R3 TMBMServer; C:\Program Files\Trend Micro\BM\TMBMSRV.exe [345616 2011-06-16] (Trend Micro Inc.)

R2 tmlisten; C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe [1828032 2011-08-26] (Trend Micro Inc.)

S3 TmProxy; C:\Program Files\Trend Micro\OfficeScan Client\TmProxy.exe [689680 2011-04-15] (Trend Micro Inc.)

S4 UNS; C:\Program Files\Common Files\Intel\Privacy Icon\UNS\UNS.exe [2066968 2009-07-21] (Intel Corporation)

S4 urtclientservice; C:\Windows\System32\urtclsvc.exe [118784 2002-10-04] ()

==================== Drivers (Whitelisted) ====================

R0 gfibto; C:\Windows\System32\drivers\gfibto.sys [13560 2012-02-14] (GFI Software)

U0 jlnjhhis; C:\Windows\System32\drivers\jawpjm.sys [52440 2014-04-25] (Malwarebytes Corporation)

S3 JRSKD24; C:\Windows\system32\JRSKD24.SYS [21432 2010-07-19] (SoftForum Corporation)

R3 JRSUKD25; C:\Windows\system32\JRSUKD25.SYS [12728 2010-07-19] (SoftForum Corporation)

S3 kcrtx86; C:\Windows\system32\kcrtx86.sys [126048 2010-07-19] (Kings Information & Network)

R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [107736 2014-04-26] (Malwarebytes Corporation)

S3 NPIDS; C:\Windows\system32\NpIdsVt.sys [47712 2010-05-13] (INCA Internet Co., Ltd.)

S3 RDPDISPM; C:\Windows\System32\DRIVERS\rdpdispm.sys [15488 2010-09-22] (Microsoft Corporation)

R2 tmactmon; C:\Windows\System32\DRIVERS\tmactmon.sys [68368 2011-07-20] (Trend Micro Inc.)

R2 tmcomm; C:\Windows\System32\DRIVERS\tmcomm.sys [263072 2013-09-02] (Trend Micro Inc.)

R2 tmevtmgr; C:\Windows\System32\DRIVERS\tmevtmgr.sys [59152 2011-07-20] (Trend Micro Inc.)

R2 TmFilter; C:\Program Files\Trend Micro\OfficeScan Client\TmXPFlt.sys [263968 2013-08-14] (Trend Micro Inc.)

R2 TmPreFilter; C:\Program Files\Trend Micro\OfficeScan Client\TmPreFlt.sys [36128 2013-08-14] (Trend Micro Inc.)

R1 tmtdi; C:\Windows\System32\DRIVERS\tmtdi.sys [90448 2010-12-07] (Trend Micro Inc.)

R2 VSApiNt; C:\Program Files\Trend Micro\OfficeScan Client\VSApiNt.sys [1517600 2013-08-14] (Trend Micro Inc.)

S2 adfs; No ImagePath

S3 dsNcAdpt; system32\DRIVERS\dsNcAdpt.sys [X]

S3 lmimirr; system32\DRIVERS\lmimirr.sys [X]

S3 NVHDA; system32\drivers\nvhda32v.sys [X]

U3 mbr; \??\C:\Users\A0033498\AppData\Local\Temp\mbr.sys [X]

==================== NetSvcs (Whitelisted) ===================

 

==================== One Month Created Files and Folders ========

2014-04-29 21:18 - 2014-04-29 21:19 - 00017127 _____ () C:\Users\A0033498\Desktop\FRST.txt

2014-04-29 21:18 - 2014-04-29 21:18 - 00000000 ____D () C:\FRST

2014-04-29 21:12 - 2014-04-29 21:12 - 00000790 _____ () C:\Users\A0033498\Desktop\New Text Document.txt

2014-04-29 21:09 - 2014-04-29 21:10 - 01049600 _____ (Farbar) C:\Users\A0033498\Desktop\FRST.exe

2014-04-25 18:00 - 2014-04-25 18:00 - 00052440 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\jawpjm.sys

2014-04-24 20:41 - 2014-04-24 20:41 - 00000000 ____D () C:\Users\A0033498\AppData\Local\Skype

2014-04-24 20:40 - 2014-04-24 20:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype

2014-04-24 20:40 - 2014-04-24 20:40 - 00000000 ____D () C:\Program Files\Common Files\Skype

2014-04-24 20:07 - 2014-04-24 20:07 - 00000000 ____D () C:\Windows\ERUNT

2014-04-20 22:44 - 2014-04-23 14:25 - 00000000 ____D () C:\Users\A0033498\AppData\Local\CrashDumps

2014-04-19 00:56 - 2012-08-04 01:22 - 00044424 _____ (GFI Software) C:\Windows\system32\sbbd.exe

2014-04-19 00:56 - 2012-02-14 06:08 - 00013560 _____ (GFI Software) C:\Windows\system32\Drivers\gfibto.sys

2014-04-19 00:55 - 2014-04-19 00:55 - 00000000 ____D () C:\Users\A0033498\AppData\Roaming\VIPRE

2014-04-19 00:55 - 2014-04-19 00:55 - 00000000 ____D () C:\Users\A0033498\AppData\Local\VIPRE

2014-04-18 22:26 - 2014-04-18 22:26 - 00000000 ____D () C:\Windows\erdnt

2014-04-18 22:25 - 2014-04-26 17:29 - 00000000 ___SD () C:\32788R22FWJFW

2014-04-12 23:48 - 2014-04-26 23:24 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys

2014-04-12 23:48 - 2014-04-12 23:48 - 00000000 ____D () C:\ProgramData\Malwarebytes

2014-04-12 20:24 - 2014-04-12 20:24 - 00332728 _____ () C:\Users\A0033498\AppData\Local\census.cache

2014-04-12 20:24 - 2014-04-12 20:24 - 00121676 _____ () C:\Users\A0033498\AppData\Local\ars.cache

2014-04-12 20:12 - 2014-04-12 20:12 - 00000010 _____ () C:\Users\A0033498\AppData\Local\sponge.last.runtime.cache

2014-04-12 20:05 - 2014-04-12 20:29 - 00000036 _____ () C:\Users\A0033498\AppData\Local\housecall.guid.cache

2014-04-12 14:54 - 2014-04-12 14:54 - 00000000 ____D () C:\Program Files\Aurora

2014-04-12 14:50 - 2014-04-29 13:00 - 00510262 ____N () C:\Windows\WindowsUpdate.log

2014-04-12 14:40 - 2014-04-12 14:40 - 00000000 ____D () C:\Users\A0033498\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Aurora

2014-04-12 14:40 - 2014-04-12 14:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Aurora

==================== One Month Modified Files and Folders =======

2014-04-29 21:19 - 2014-04-29 21:18 - 00017127 _____ () C:\Users\A0033498\Desktop\FRST.txt

2014-04-29 21:18 - 2014-04-29 21:18 - 00000000 ____D () C:\FRST

2014-04-29 21:12 - 2014-04-29 21:12 - 00000790 _____ () C:\Users\A0033498\Desktop\New Text Document.txt

2014-04-29 21:10 - 2014-04-29 21:09 - 01049600 _____ (Farbar) C:\Users\A0033498\Desktop\FRST.exe

2014-04-29 21:09 - 2010-08-30 16:34 - 00000920 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1086020445-1760312889-1512734326-400438UA.job

2014-04-29 21:05 - 2010-08-12 13:29 - 00000000 ____D () C:\Users\A0033498\AppData\Roaming\Dropbox

2014-04-29 21:04 - 2012-08-12 17:15 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job

2014-04-29 21:01 - 2010-08-12 13:31 - 00000000 ___RD () C:\Users\A0033498\Desktop\My Dropbox

2014-04-29 20:59 - 2012-08-12 17:15 - 00000890 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2014-04-29 20:51 - 2013-10-17 21:02 - 00000000 ____D () C:\Users\A0033498\Desktop\Career

2014-04-29 20:49 - 2010-08-15 17:21 - 00000000 ____D () C:\Users\A0033498\AppData\Roaming\Skype

2014-04-29 20:28 - 2009-11-18 15:05 - 09994248 _____ () C:\Windows\system32\TmInstall.log

2014-04-29 20:28 - 2009-11-18 15:05 - 00008966 _____ () C:\Windows\cfgall.ini

2014-04-29 20:24 - 2009-11-18 14:47 - 00004712 _____ () C:\Windows\system32\config\netlogon.ftl

2014-04-29 14:37 - 2012-02-26 16:20 - 05243071 _____ () C:\Users\A0033498\AppData\Local\OfflineVaultPH.log

2014-04-29 13:00 - 2014-04-12 14:50 - 00510262 ____N () C:\Windows\WindowsUpdate.log

2014-04-29 09:42 - 2009-11-18 17:41 - 00458038 _____ () C:\Windows\system32\perfh011.dat

2014-04-29 09:42 - 2009-11-18 17:41 - 00137914 _____ () C:\Windows\system32\perfc011.dat

2014-04-29 09:42 - 2009-11-18 13:29 - 00440440 _____ () C:\Windows\system32\prfh0804.dat

2014-04-29 09:42 - 2009-11-18 13:29 - 00143148 _____ () C:\Windows\system32\prfc0804.dat

2014-04-29 09:42 - 2009-11-18 12:42 - 03823894 _____ () C:\Windows\system32\PerfStringBackup.INI

2014-04-29 03:59 - 2012-08-12 17:15 - 00000886 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2014-04-28 23:09 - 2010-08-30 16:34 - 00000868 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1086020445-1760312889-1512734326-400438Core.job

2014-04-27 22:58 - 2013-11-22 15:38 - 00000000 ____D () C:\Users\A0033498\Desktop\Resume

2014-04-26 23:49 - 2010-09-08 00:06 - 00000000 ____D () C:\Users\A0033498\Desktop\NUS Graduate Affairs

2014-04-26 23:24 - 2014-04-12 23:48 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys

2014-04-26 17:29 - 2014-04-18 22:25 - 00000000 ___SD () C:\32788R22FWJFW

2014-04-25 21:59 - 2014-03-11 00:53 - 00000000 ____D () C:\Users\A0033498\Desktop\Visio diagrams

2014-04-25 20:51 - 2009-11-18 14:49 - 00011757 __RSH () C:\ProgramData\ntuser.pol

2014-04-25 18:00 - 2014-04-25 18:00 - 00052440 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\jawpjm.sys

2014-04-25 00:08 - 2010-08-17 10:55 - 00000180 _____ () C:\Windows\hpbafd.ini

2014-04-24 20:45 - 2009-07-14 12:34 - 00012048 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2014-04-24 20:45 - 2009-07-14 12:34 - 00012048 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2014-04-24 20:41 - 2014-04-24 20:41 - 00000000 ____D () C:\Users\A0033498\AppData\Local\Skype

2014-04-24 20:41 - 2010-08-15 17:20 - 00000000 ____D () C:\ProgramData\Skype

2014-04-24 20:40 - 2014-04-24 20:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype

2014-04-24 20:40 - 2014-04-24 20:40 - 00000000 ____D () C:\Program Files\Common Files\Skype

2014-04-24 20:40 - 2010-08-15 17:20 - 00000000 ___RD () C:\Program Files\Skype

2014-04-24 20:12 - 2010-08-10 15:49 - 00001000 __RSH () C:\Users\A0033498\ntuser.pol

2014-04-24 20:12 - 2010-08-10 15:49 - 00000000 ____D () C:\Users\A0033498

2014-04-24 20:11 - 2009-07-14 12:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT

2014-04-24 20:07 - 2014-04-24 20:07 - 00000000 ____D () C:\Windows\ERUNT

2014-04-24 19:31 - 2009-11-18 16:10 - 00000000 ____D () C:\Program Files\Adobe

2014-04-23 14:25 - 2014-04-20 22:44 - 00000000 ____D () C:\Users\A0033498\AppData\Local\CrashDumps

2014-04-20 13:58 - 2011-04-16 13:04 - 00000000 ____D () C:\Users\A0033498\Desktop\OriginLab85 User Files

2014-04-19 16:53 - 2010-10-01 18:06 - 00000000 ____D () C:\Users\A0033498\AppData\Local\Windows Live

2014-04-19 00:55 - 2014-04-19 00:55 - 00000000 ____D () C:\Users\A0033498\AppData\Roaming\VIPRE

2014-04-19 00:55 - 2014-04-19 00:55 - 00000000 ____D () C:\Users\A0033498\AppData\Local\VIPRE

2014-04-18 22:26 - 2014-04-18 22:26 - 00000000 ____D () C:\Windows\erdnt

2014-04-15 18:21 - 2010-09-20 12:51 - 00000000 ____D () C:\Users\A0033498\Documents\EndNote X4

2014-04-13 00:32 - 2009-11-18 17:25 - 00000000 ____D () C:\Program Files\Microsoft Silverlight

2014-04-13 00:32 - 2009-07-14 12:33 - 03970104 _____ () C:\Windows\system32\FNTCACHE.DAT

2014-04-13 00:16 - 2012-07-21 00:11 - 00181272 _____ () C:\Windows\RegBootClean.exe

2014-04-12 23:48 - 2014-04-12 23:48 - 00000000 ____D () C:\ProgramData\Malwarebytes

2014-04-12 20:29 - 2014-04-12 20:05 - 00000036 _____ () C:\Users\A0033498\AppData\Local\housecall.guid.cache

2014-04-12 20:24 - 2014-04-12 20:24 - 00332728 _____ () C:\Users\A0033498\AppData\Local\census.cache

2014-04-12 20:24 - 2014-04-12 20:24 - 00121676 _____ () C:\Users\A0033498\AppData\Local\ars.cache

2014-04-12 20:12 - 2014-04-12 20:12 - 00000010 _____ () C:\Users\A0033498\AppData\Local\sponge.last.runtime.cache

2014-04-12 17:52 - 2011-01-28 05:43 - 00000000 ____D () C:\Users\A0033498\AppData\Local\Microsoft Help

2014-04-12 15:16 - 2010-10-11 12:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight

2014-04-12 14:54 - 2014-04-12 14:54 - 00000000 ____D () C:\Program Files\Aurora

2014-04-12 14:54 - 2010-08-10 15:49 - 00139752 _____ () C:\Users\A0033498\AppData\Local\GDIPFONTCACHEV1.DAT

2014-04-12 14:40 - 2014-04-12 14:40 - 00000000 ____D () C:\Users\A0033498\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Aurora

2014-04-12 14:40 - 2014-04-12 14:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Aurora

2014-04-12 01:48 - 2013-02-18 20:01 - 00000000 ____D () C:\Program Files\MyDefrag v4.3.1

2014-04-04 13:04 - 2014-02-27 14:19 - 00000000 ____D () C:\Users\A0033498\AppData\Roaming\texstudio

2014-04-04 09:54 - 2010-10-08 14:11 - 00000000 ____D () C:\Users\A0033498\Desktop\Textbooks

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe

[2009-11-18 13:20] - [2009-08-03 13:35] - 2613248 ____A (Microsoft Corporation) B95EEB0F4E5EFBF1038A35B3351CF047

C:\Windows\system32\winlogon.exe => MD5 is legit

C:\Windows\system32\wininit.exe => MD5 is legit

C:\Windows\system32\svchost.exe => MD5 is legit

C:\Windows\system32\services.exe => MD5 is legit

C:\Windows\system32\User32.dll => MD5 is legit

C:\Windows\system32\userinit.exe => MD5 is legit

C:\Windows\system32\rpcss.dll => MD5 is legit

C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit

 

LastRegBack: 2014-04-29 00:43

==================== End Of Log ============================

 

 

Addition.txt log

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 29-04-2014

Ran by a0033498 at 2014-04-29 21:19:37

Running from C:\Users\A0033498\Desktop

Boot Mode: Normal

==========================================================

 

==================== Security Center ========================

AV: Trend Micro OfficeScan Antivirus (Enabled - Up to date) {7193B549-236F-55EE-9AEC-F65279E59A92}

AS: Trend Micro OfficeScan Anti-spyware (Enabled - Up to date) {CAF254AD-0555-5A60-A05C-CD200262D02F}

AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

Update for Microsoft Office 2007 (KB2508958) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0C5823AA-7B6F-44E1-8D5B-8FD1FF0E6438}) (Version: - Microsoft)

2007 Microsoft Office Suite Service Pack 2 (SP2) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}) (Version: - Microsoft)

2007 Microsoft Office Suite Service Pack 2 (SP2) (Version: - Microsoft) Hidden

32 Bit HP CIO Components Installer (Version: 13.1.2 - Hewlett-Packard) Hidden

Acer eRecovery Management (HKLM\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 4.05.3003 - Acer Incorporated)

Adobe Acrobat X Pro - English, Français, Deutsch (HKLM\...\{AC76BA86-1033-F400-7760-000000000005}) (Version: 10.1.7 - Adobe Systems)

Adobe AIR (HKLM\...\Adobe AIR) (Version: 2.5.1.17730 - Adobe Systems Inc.)

Adobe AIR (Version: 2.5.1.17730 - Adobe Systems Inc.) Hidden

Adobe Community Help (HKLM\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.4.980 - Adobe Systems Incorporated.)

Adobe Community Help (Version: 3.4.980 - Adobe Systems Incorporated.) Hidden

Adobe Creative Suite 5.5 Web Premium (HKLM\...\{B4749B38-C5BD-4A02-8E9F-C1EF7CCEA651}) (Version: 5.5 - Adobe Systems Incorporated)

Adobe Flash Player 12 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 12.0.0.70 - Adobe Systems Incorporated)

Adobe Flash Player 12 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 12.0.0.70 - Adobe Systems Incorporated)

Adobe Media Player (HKLM\...\com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.1 - Adobe Systems Incorporated)

Adobe Media Player (Version: 0.0.0 - Adobe Systems Incorporated) Hidden

Adobe Reader 9.2 MUI (HKLM\...\{AC76BA86-7AD7-FFFF-7B44-A91000000001}) (Version: 9.2.0 - Adobe Systems Incorporated)

Adobe Shockwave Player 11.5 (HKLM\...\Adobe Shockwave Player) (Version: 11.5.2.602 - Adobe Systems, Inc.)

Adobe Widget Browser (HKLM\...\com.adobe.WidgetBrowser.E7BED6E5DDA59983786DD72EBFA46B1598278E07.1) (Version: 2.0 Build 230 - Adobe Systems Incorporated.)

Adobe Widget Browser (Version: 2.0.230 - Adobe Systems Incorporated.) Hidden

Altiris Inventory Agent (Version: 7.1.7867.0 - Altiris Inc.) Hidden

Apple Software Update (HKLM\...\{6956856F-B6B3-4BE0-BA0B-8F495BE32033}) (Version: 2.1.1.116 - Apple Inc.)

Aurora (HKLM\...\Aurora) (Version: - )

CCleaner (HKLM\...\CCleaner) (Version: 2.36 - Piriform)

ClientKeeper KeyPro with E2E for 32bit (HKLM\...\XecureCK) (Version: - SoftForum Co. Ltd.)

CyberLink PowerDVD 8 (HKLM\...\InstallShield_{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}) (Version: 8.0.2815i.50 - CyberLink Corp.)

CyberLink PowerDVD 8 (Version: 8.0.2815i.50 - CyberLink Corp.) Hidden

D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden

Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (HKLM\...\{91140000-0057-0000-0000-0000000FF1CE}_Office14.VISIOR_{81FB7C60-565A-4869-9D90-3BE1D270E8B7}) (Version: - Microsoft)

Dropbox (HKCU\...\Dropbox) (Version: 2.4.11 - Dropbox, Inc.)

EndNote X4 (HKLM\...\{86B3F2D6-AC2B-0014-8AE1-F2F77F781B0C}) (Version: 14.0.0.4845 - Thomson Reuters)

EqualX version 0.5.1 (HKLM\...\{50D87D68-FC2B-4CE9-9A75-7250959AB1BF}_is1) (Version: 0.5.1 - Mihai Niculescu <[email protected]gmail.com>)

FileOpen Client (HKLM\...\{E21115EF-2B96-44F2-83CB-6347E017AC5F}) (Version: 3.0.67.914 - FileOpen Systems, Inc.)

Google Chrome (HKCU\...\Google Chrome) (Version: 34.0.1847.116 - Google Inc.)

Google Earth Plug-in (HKLM\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)

Google Toolbar for Internet Explorer (HKLM\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)

Google Toolbar for Internet Explorer (Version: 1.0.0 - Google Inc.) Hidden

Google Update Helper (Version: 1.3.23.9 - Google Inc.) Hidden

Harzing's Publish or Perish 4.5.0.5120 (HKLM\...\{5676F50B-9B69-415A-ACB5-E591BF48D282}) (Version: 4.5.0.5120 - Tarma Software Research Pty Ltd)

Identity Card (HKLM\...\Identity Card) (Version: 1.00.3001 - Acer Incorporated)

ImagXpress (Version: 7.0.74.0 - Nero AG) Hidden

Intel® Management Engine Interface (HKLM\...\HECI) (Version: - Intel Corporation)

Intel® Network Connections Drivers (HKLM\...\PROSet) (Version: 14.2 - Intel)

Intel® Active Management Technology (HKLM\...\MESOL) (Version: - Intel Corporation)

Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version: - Intel Corporation)

Internet Explorer (Enable DEP) (HKLM\...\{a9264802-8a7a-40fe-a135-5c6d204aed7a}.sdb) (Version: - )

JabRef 2.9.2 (HKLM\...\JabRef 2.9.2) (Version: 2.9.2 - JabRef Team)

Java 7 Update 51 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217051FF}) (Version: 7.0.510 - Oracle)

Java Auto Updater (Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden

Java™ 6 Update 17 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83216017FF}) (Version: 6.0.170 - Sun Microsystems, Inc.)

Juniper Networks, Inc. Setup Client (HKCU\...\Juniper_Setup_Client) (Version: 7.1.5.14305 - Juniper Networks, Inc.)

Juniper Networks, Inc. Setup Client Activex Control (HKLM\...\Juniper_Setup_Client Activex Control) (Version: 2.1.1.1 - Juniper Networks, Inc.)

Junk Mail filter update (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden

LTspice IV (HKLM\...\LTspice IV) (Version: - )

Mathematica Extras 8.0 (2615434) (HKLM\...\A-WIN-Extras 8.0.4 2615434_is1) (Version: 8.0.4 - Wolfram Research, Inc.)

MathType 6 (HKLM\...\DSMT6) (Version: 6.8 - Design Science, Inc.)

MATLAB R2010b (HKLM\...\MatlabR2010b) (Version: 7.11 - The MathWorks, Inc.)

MFC RunTime files (Version: 1.0.0 - Extensoft) Hidden

Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)

Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden

Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)

Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation) Hidden

Microsoft Application Error Reporting (Version: 12.0.6012.5000 - Microsoft Corporation) Hidden

Microsoft Camera Codec Pack (HKLM\...\{F55AF1BB-B493-4D78-80DA-828958B9098C}) (Version: 16.4.1734.1104 - Microsoft Corporation)

Microsoft Office Access MUI (English) 2007 (Version: 12.0.6425.1000 - Microsoft Corporation) Hidden

Microsoft Office Access Setup Metadata MUI (English) 2007 (Version: 12.0.6425.1000 - Microsoft Corporation) Hidden

Microsoft Office Communicator 2007 R2 (HKLM\...\{0D1CBBB9-F4A8-45B6-95E7-202BA61D7AF4}) (Version: 3.5.6907.56 - Microsoft Corporation)

Microsoft Office Enterprise 2007 (HKLM\...\ENTERPRISE) (Version: 12.0.6425.1000 - Microsoft Corporation)

Microsoft Office Enterprise 2007 (Version: 12.0.6425.1000 - Microsoft Corporation) Hidden

Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6425.1000 - Microsoft Corporation) Hidden

Microsoft Office Groove MUI (English) 2007 (Version: 12.0.6425.1000 - Microsoft Corporation) Hidden

Microsoft Office Groove Setup Metadata MUI (English) 2007 (Version: 12.0.6425.1000 - Microsoft Corporation) Hidden

Microsoft Office InfoPath MUI (English) 2007 (Version: 12.0.6425.1000 - Microsoft Corporation) Hidden

Microsoft Office Live Add-in 1.4 (HKLM\...\{AE3CF174-872C-46C6-B9F6-C0593F3BC7B8}) (Version: 2.0.3008.0 - Microsoft Corporation)

Microsoft Office OneNote MUI (English) 2007 (Version: 12.0.6425.1000 - Microsoft Corporation) Hidden

Microsoft Office Outlook Connector (HKLM\...\{95140000-007A-0409-0000-0000000FF1CE}) (Version: 14.0.5118.5000 - Microsoft Corporation)

Microsoft Office Outlook MUI (English) 2007 (Version: 12.0.6425.1000 - Microsoft Corporation) Hidden

Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6425.1000 - Microsoft Corporation) Hidden

Microsoft Office Proof (English) 2007 (Version: 12.0.6425.1000 - Microsoft Corporation) Hidden

Microsoft Office Proof (English) 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden

Microsoft Office Proof (French) 2007 (Version: 12.0.6425.1000 - Microsoft Corporation) Hidden

Microsoft Office Proof (French) 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden

Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6425.1000 - Microsoft Corporation) Hidden

Microsoft Office Proof (Spanish) 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden

Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden

Microsoft Office Proofing (English) 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden

Microsoft Office Publisher MUI (English) 2007 (Version: 12.0.6425.1000 - Microsoft Corporation) Hidden

Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6425.1000 - Microsoft Corporation) Hidden

Microsoft Office Shared MUI (English) 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden

Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6425.1000 - Microsoft Corporation) Hidden

Microsoft Office Shared Setup Metadata MUI (English) 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden

Microsoft Office Visio 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden

Microsoft Office Visio MUI (English) 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden

Microsoft Office Word MUI (English) 2007 (Version: 12.0.6425.1000 - Microsoft Corporation) Hidden

Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)

Microsoft SkyDrive (HKCU\...\SkyDriveSetup.exe) (Version: 17.0.2003.1112 - Microsoft Corporation)

Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)

Microsoft Visio Professional 2010 (HKLM\...\Office14.VISIOR) (Version: 14.0.4763.1000 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable - KB2467175 (HKLM\...\{a0fe116e-9a8a-466f-aee0-625cb7c207e3}) (Version: 8.0.51011 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)

Microsoft_VC80_ATL_x86 (Version: 8.0.50727.4053 - Adobe) Hidden

Microsoft_VC80_CRT_x86 (Version: 8.0.50727.4053 - Adobe) Hidden

Microsoft_VC80_MFC_x86 (Version: 8.0.50727.4053 - Adobe) Hidden

Microsoft_VC80_MFCLOC_x86 (Version: 8.0.50727.4053 - Adobe) Hidden

Microsoft_VC90_ATL_x86 (Version: 1.00.0000 - Adobe) Hidden

Microsoft_VC90_CRT_x86 (Version: 1.00.0000 - Adobe) Hidden

Microsoft_VC90_MFC_x86 (Version: 1.00.0000 - Adobe) Hidden

Microsoft_VC90_MFCLOC_x86 (Version: 1.00.0000 - Adobe) Hidden

MiKTeX 2.9 (HKLM\...\MiKTeX 2.9) (Version: 2.9 - MiKTeX.org)

Movie Maker (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden

Mozilla Firefox 4.0.1 (x86 en-GB) (HKLM\...\Mozilla Firefox 4.0.1 (x86 en-GB)) (Version: 4.0.1 - Mozilla)

MP Agent (HKLM\...\{6A0A4233-5562-4B00-A85A-6F6382D99E2D}) (Version: 5.4.0.4202 - United Devices)

MSVCRT (Version: 15.4.2862.0708 - Microsoft) Hidden

MSVCRT110 (Version: 16.4.1108.0727 - Microsoft) Hidden

MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)

MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)

MyDefrag v4.3.1 (HKLM\...\MyDefrag v4.3.1_is1) (Version: 4.0.0.0 - J.C. Kessels)

neroxml (Version: 1.0.0 - Nero AG) Hidden

Notepad++ (HKLM\...\Notepad++) (Version: 5.9.3 - )

nProtect Netizen SVC (remove only) (HKLM\...\npn5) (Version: - )

NTI Media Maker 8 (HKLM\...\InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}) (Version: 8.0.2.6329 - NewTech Infosystems)

NTI Media Maker 8 (Version: 8.0.2.6329 - NewTech Infosystems) Hidden

NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.4 - NVIDIA Corporation)

Orcad Family Release 9.2 Standalone (HKLM\...\Orcad Family Release 9.2 Standalone) (Version: - )

Origin8 (Version: 8.00.000 - OriginLab) Hidden

Origin85 (Version: 8.50.000 - OriginLab) Hidden

OriginPro 8 (HKLM\...\{A912021A-FEDD-4DA3-8DB4-245EBDA84778}) (Version: 8.00.000 - OriginLab Corporation)

OriginPro 8.5 (HKLM\...\{E0E49070-F2C7-402A-9D36-C9B87CA2E09D}) (Version: 8.5 - OriginLab Corporation)

PDF reDirect (remove only) (HKLM\...\PDF reDirect) (Version: v2.5.2 - EXP Systems LLC)

PDF Settings CS5 (Version: 10.0 - Adobe Systems Incorporated) Hidden

Photo Gallery (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden

PowerISO (HKLM\...\PowerISO) (Version: 4.6 - PowerISO Computing, Inc.)

QuickTime (HKLM\...\{A429C2AE-EBF1-4F81-A221-1C115CAADDAD}) (Version: 7.64.17.73 - Apple Inc.)

RealPlayer (HKLM\...\RealPlayer 12.0) (Version: - RealNetworks)

Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5898 - Realtek Semiconductor Corp.)

ResearchSoft Direct Export Helper (HKLM\...\ResearchSoft Direct Export Helper) (Version: - )

Screen Capturer (HKLM\...\Screen Capturer) (Version: 1.0.4.42 - ScreenCapturer.com)

Skype™ 6.14 (HKLM\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.14.104 - Skype Technologies S.A.)

Software Catalogue Client 1.2 (HKLM\...\Software Catalogue Client 1.2_is1) (Version: - )

Software Management Solution Plugin (Version: 7.1.7858.0 - Altiris Inc.) Hidden

SSH Secure Shell (HKLM\...\{74E2CD0C-D4A2-11D3-95A6-0000E86CFDE5}) (Version: - )

Symantec Enterprise Vault HTTP-only Outlook Add-In (HKLM\...\{E39FF2F6-AE40-4B2F-AC51-5F3EB4971E93}) (Version: 10.0.1316 - Symantec Corporation)

SyncBack (HKLM\...\SyncBack_is1) (Version: - 2BrightSparks)

TeXstudio 2.6.6 (HKLM\...\TeXstudio_is1) (Version: 2.6.6 - Benito van der Zander)

TreeSize Free V2.7 (HKLM\...\TreeSize Free_is1) (Version: 2.7 - JAM Software)

Trend Micro OfficeScan Client (HKLM\...\OfficeScanNT) (Version: 10.6 - Trend Micro)

TurboVNC 0.6 (HKLM\...\TurboVNC_is1) (Version: 0.6 - The VirtualGL Project)

Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)

Update for Microsoft Office 2007 Help for Common Features (KB963673) (HKLM\...\{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{AB365889-0395-4FAD-B702-CA5985D53D42}) (Version: - Microsoft)

Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{620E77C0-CDFE-4C14-AAEB-830ABB65864C}) (Version: - Microsoft)

Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{8153EC80-C988-4336-8DAF-6D99C0D26E0C}) (Version: - Microsoft)

Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version: - Microsoft)

Update for Microsoft Office 2007 System (KB2539530) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B4CEEAE-AA88-490C-BCB2-AAC3421981A4}) (Version: - Microsoft)

Update for Microsoft Office 2010 (KB2202188) (HKLM\...\{91140000-0057-0000-0000-0000000FF1CE}_Office14.VISIOR_{86B7A074-265D-420C-9E1E-7A920EF0ECA7}) (Version: - Microsoft)

Update for Microsoft Office 2010 (KB2494150) (HKLM\...\{91140000-0057-0000-0000-0000000FF1CE}_Office14.VISIOR_{3FCFD88F-4D13-4F38-8625-ABABEA7F61EA}) (Version: - Microsoft)

Update for Microsoft Office 2010 (KB2523113) (HKLM\...\{91140000-0057-0000-0000-0000000FF1CE}_Office14.VISIOR_{C0FF04BF-A05E-408B-81CA-B7FACDA508A3}) (Version: - Microsoft)

Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition (HKLM\...\{91140000-0057-0000-0000-0000000FF1CE}_Office14.VISIOR_{48E1B6C2-7299-4F3F-AA63-42F0ACE55AA4}) (Version: - Microsoft)

Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition (HKLM\...\{90140000-006E-0409-0000-0000000FF1CE}_Office14.VISIOR_{73E67A3A-8D61-44EF-90C2-1697C3DBE668}) (Version: - Microsoft)

Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition (HKLM\...\{91140000-0057-0000-0000-0000000FF1CE}_Office14.VISIOR_{C8694FF0-8203-483B-A07A-2BC40433167D}) (Version: - Microsoft)

Update for Microsoft Office 2010 (KB2566458) (HKLM\...\{91140000-0057-0000-0000-0000000FF1CE}_Office14.VISIOR_{EFB525A0-E1C0-4E32-9968-FE401BC87363}) (Version: - Microsoft)

Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition (HKLM\...\{91140000-0057-0000-0000-0000000FF1CE}_Office14.VISIOR_{ED31DE9A-3E13-4E2C-9106-E0D8AFFB9FA6}) (Version: - Microsoft)

Update for Microsoft Office 2010 (KB2597091) 32-Bit Edition (HKLM\...\{91140000-0057-0000-0000-0000000FF1CE}_Office14.VISIOR_{4D98EEEA-A31B-42FA-991A-F989594F4DA5}) (Version: - Microsoft)

Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition (HKLM\...\{90140000-001F-040C-0000-0000000FF1CE}_Office14.VISIOR_{460FF681-BC66-4C38-99DF-7012E03F1EBA}) (Version: - Microsoft)

Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition (HKLM\...\{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.VISIOR_{C633216E-FF30-45B6-B2AB-21922A9353EF}) (Version: - Microsoft)

Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (HKLM\...\{91140000-0057-0000-0000-0000000FF1CE}_Office14.VISIOR_{35698CB7-AAA2-4577-B505-DBFF504AEF23}) (Version: - Microsoft)

Update for Microsoft Office Access 2007 Help (KB963663) (HKLM\...\{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{6B76A18A-AA1E-42AB-A7AD-6C84BBB43987}) (Version: - Microsoft)

Update for Microsoft Office Excel 2007 Help (KB963678) (HKLM\...\{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{199DF7B6-169C-448C-B511-1054101BE9C9}) (Version: - Microsoft)

Update for Microsoft Office Infopath 2007 Help (KB963662) (HKLM\...\{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{716B81B8-B13C-41DF-8EAC-7A2F656CAB63}) (Version: - Microsoft)

Update for Microsoft Office OneNote 2007 (KB980729) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{329050A9-EF80-40F9-B633-74508F54C1FF}) (Version: - Microsoft)

Update for Microsoft Office OneNote 2007 Help (KB963670) (HKLM\...\{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2744EF05-38E1-4D5D-B333-E021EDAEA245}) (Version: - Microsoft)

Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (HKLM\...\{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{ED38F8A3-4F61-494E-8BCA-E3AC7760C924}) (Version: - Microsoft)

Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{5DB2894C-2DA4-4DEF-A051-795AE799964A}) (Version: - Microsoft)

Update for Microsoft Office Outlook 2007 Help (KB963677) (HKLM\...\{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{0451F231-E3E3-4943-AB9F-58EB96171784}) (Version: - Microsoft)

Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2850085) 32-Bit Edition (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{128A5449-CF71-4DA4-A746-F49E3B5DB584}) (Version: - Microsoft)

Update for Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM\...\{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{397B1D4F-ED7B-4ACA-A637-43B670843876}) (Version: - Microsoft)

Update for Microsoft Office Publisher 2007 Help (KB963667) (HKLM\...\{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2E40DE55-B289-4C8B-8901-5D369B16814F}) (Version: - Microsoft)

Update for Microsoft Office Script Editor Help (KB963671) (HKLM\...\{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{CD11C6A2-FFC6-4271-8EAB-79C3582F505C}) (Version: - Microsoft)

Update for Microsoft Office Word 2007 Help (KB963665) (HKLM\...\{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{80E762AA-C921-4839-9D7D-DB62A72C0726}) (Version: - Microsoft)

VC80CRTRedist - 8.0.50727.6195 (Version: 1.2.0 - DivX, Inc) Hidden

VeraPort (º¸¾È¸ðµâ°ü¸® ÇÁ·Î±×·¥) (HKLM\...\VeraPort) (Version: - )

WinDjView 1.0.3 (HKLM\...\WinDjView) (Version: 1.0.3 - Andrew Zhezherun)

Windows Live Communications Platform (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden

Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)

Windows Live Essentials (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden

Windows Live Family Safety (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden

Windows Live ID Sign-in Assistant (Version: 7.250.4311.0 - Microsoft Corporation) Hidden

Windows Live Installer (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden

Windows Live Mail (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden

Windows Live Messenger (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden

Windows Live MIME IFilter (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden

Windows Live Photo Common (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden

Windows Live PIMT Platform (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden

Windows Live SOXE (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden

Windows Live SOXE Definitions (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden

Windows Live UX Platform (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden

Windows Live UX Platform Language Pack (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden

Windows Live Writer (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden

Windows Live Writer Resources (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden

WinZip 14.5 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240BD}) (Version: 14.5.9095 - WinZip Computing, S.L. )

Wolfram Mathematica 8 (M-WIN-T 8.0.4 2615567) (HKLM\...\M-WIN-T 8.0.4 2615567_is1) (Version: 8.0.4 - Wolfram Research, Inc.)

Yahoo! Messenger (HKLM\...\Yahoo! Messenger) (Version: - Yahoo! Inc.)

==================== Restore Points =========================

 

==================== Hosts content: ==========================

2009-07-14 10:04 - 2012-08-18 02:11 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {0F1E20E1-77E0-48FF-88AD-41D4890F3BE2} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2012-08-12] (Google Inc.)

Task: {308F1C18-F611-4A51-80D6-CD089217A923} - System32\Tasks\AdobeAAMUpdater-1.0-NUSSTU-a0033498 => C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2011-03-30] (Adobe Systems Incorporated)

Task: {358BA26D-B6C7-497F-8B8A-77F10CB07807} - System32\Tasks\{18081BB7-8F93-4F70-97A5-E7155FCAAB38} => C:\Program Files\Skype\Phone\Skype.exe [2014-02-10] (Skype Technologies S.A.)

Task: {370FF5EF-F0E3-487C-876D-860BBB894D5A} - System32\Tasks\MyDefrag v4.3.1 Monthly => C:\Program Files\MyDefrag v4.3.1\Scripts\AutomaticMonthly.MyD [2010-05-21] ()

Task: {3A006376-CA54-4A7A-B999-BEF6B6C0CCBD} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-02-21] (Adobe Systems Incorporated)

Task: {5D48160C-4F74-4A8A-9869-9CCC10997CE1} - System32\Tasks\{1553D61B-E9C8-4587-B13A-0F03BB30B7BE} => Iexplore.exe http://ui.skype.com/...;toolbaroffered

Task: {6A69C237-9487-4FB2-816F-32C519DBD6AD} - System32\Tasks\MyDefrag v4.3.1 Daily => C:\Program Files\MyDefrag v4.3.1\Scripts\AutomaticDaily.MyD [2010-05-21] ()

Task: {7943288A-8C45-40D3-9B20-AE01BE2DB86D} - System32\Tasks\Recovery Management\Burn Notification => C:\Program Files\Acer\Acer eRecovery Management\NotificationCenter\Notification.exe [2009-07-09] (Acer)

Task: {CFCDD4BF-CC26-446F-B636-008E109F8481} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1086020445-1760312889-1512734326-400438Core => C:\Users\A0033498\AppData\Local\Google\Update\GoogleUpdate.exe [2010-08-30] (Google Inc.)

Task: {DAB8CF73-CFAF-4FA2-9F63-9B78702BD2FE} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1086020445-1760312889-1512734326-400438UA => C:\Users\A0033498\AppData\Local\Google\Update\GoogleUpdate.exe [2010-08-30] (Google Inc.)

Task: {EDF9D27C-11A0-4643-BD15-34DD8FA47FF3} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2012-08-12] (Google Inc.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1086020445-1760312889-1512734326-400438Core.job => C:\Users\A0033498\AppData\Local\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1086020445-1760312889-1512734326-400438UA.job => C:\Users\A0033498\AppData\Local\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2010-06-06 22:20 - 2010-06-06 22:20 - 00065344 _____ () C:\Windows\System32\PDFreDirectMonNT.dll

2012-05-29 12:28 - 2011-03-01 06:37 - 00180624 _____ () C:\Windows\System32\Primomonnt.dll

2013-05-23 21:52 - 2011-04-01 10:53 - 00499712 _____ () C:\Program Files\Trend Micro\OfficeScan Client\sqlite3.dll

2011-07-19 05:04 - 2011-07-19 05:04 - 00296448 _____ () C:\Program Files\Notepad++\NppShell_04.dll

2013-10-19 07:55 - 2013-10-19 07:55 - 25100288 _____ () C:\Users\A0033498\AppData\Roaming\Dropbox\bin\libcef.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\Windows:nlsPreferences

AlternateDataStreams: C:\ProgramData\Temp:5B811727

==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart => ""="Service"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys => ""="Driver"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PEVSystemStart => ""="Service"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\procexp90.Sys => ""="Driver"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WRkrn => ""="Driver"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WRSVC => ""="Service"

==================== Disabled items from MSCONFIG ==============

MSCONFIG\Services: AdobeARMservice => 2

MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3

MSCONFIG\Services: AeLookupSvc => 3

MSCONFIG\Services: AeXNSClient => 2

MSCONFIG\Services: ALG => 3

MSCONFIG\Services: AltirisAgentProvider => 3

MSCONFIG\Services: AppIDSvc => 3

MSCONFIG\Services: AppMgmt => 3

MSCONFIG\Services: aspnet_state => 3

MSCONFIG\Services: AxInstSV => 3

MSCONFIG\Services: BDESVC => 3

MSCONFIG\Services: BFE => 2

MSCONFIG\Services: BITS => 3

MSCONFIG\Services: dot3svc => 3

MSCONFIG\Services: DPS => 2

MSCONFIG\Services: EapHost => 3

MSCONFIG\Services: EFS => 2

MSCONFIG\Services: eventlog => 2

MSCONFIG\Services: EventSystem => 2

MSCONFIG\Services: fdPHost => 3

MSCONFIG\Services: FDResPub => 2

MSCONFIG\Services: FileOpenManagerSvc => 2

MSCONFIG\Services: gupdate => 2

MSCONFIG\Services: gupdatem => 3

MSCONFIG\Services: gusvc => 3

MSCONFIG\Services: IAANTMON => 2

MSCONFIG\Services: LMS => 2

MSCONFIG\Services: nlsX86cc => 2

MSCONFIG\Services: nPStarterSVC => 2

MSCONFIG\Services: ntrtscan => 2

MSCONFIG\Services: nvsvc => 2

MSCONFIG\Services: SkypeUpdate => 2

MSCONFIG\Services: SwitchBoard => 3

MSCONFIG\Services: TMBMServer => 3

MSCONFIG\Services: tmlisten => 2

MSCONFIG\Services: TmProxy => 3

MSCONFIG\Services: UNS => 2

MSCONFIG\Services: urtclientservice => 2

MSCONFIG\startupfolder: C:^Users^A0033498^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Microsoft Office Outlook 2007.lnk => C:\Windows\pss\Microsoft Office Outlook 2007.lnk.Startup

MSCONFIG\startupreg: Acrobat Assistant 8.0 => "C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe"

MSCONFIG\startupreg: Adobe Acrobat Speed Launcher => "C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe"

MSCONFIG\startupreg: Adobe Acrobat Synchronizer => "C:\Program Files\Adobe\Acrobat 10.0\Acrobat\AdobeCollabSync.exe"

MSCONFIG\startupreg: Adobe ARM => "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"

MSCONFIG\startupreg: AdobeCS4ServiceManager => "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin

MSCONFIG\startupreg: AdobeCS5.5ServiceManager => "C:\Program Files\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin

MSCONFIG\startupreg: Adobe_ID0ENQBO => C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE

MSCONFIG\startupreg: ccleaner => "C:\Program Files\CCleaner\ccleaner.exe" /AUTO

MSCONFIG\startupreg: FileOpenBroker => C:\Program Files\FileOpen\Services\FileOpenBroker32.exe

MSCONFIG\startupreg: Google Update => "C:\Users\A0033498\AppData\Local\Google\Update\GoogleUpdate.exe" /c

MSCONFIG\startupreg: GrooveMonitor => "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"

MSCONFIG\startupreg: NvCplDaemon => RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup

MSCONFIG\startupreg: OfficeScanNT Monitor => "C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe" -HideWindow

MSCONFIG\startupreg: Sidebar => C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

MSCONFIG\startupreg: SkyDrive => "C:\Users\A0033498\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe" /background

MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

MSCONFIG\startupreg: swg => "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

MSCONFIG\startupreg: SwitchBoard => C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

MSCONFIG\startupreg: tsiVideo => rundll32.exe C:\Users\A0033498\AppData\Local\Temp\\mdi264.dll,runme

MSCONFIG\startupreg: VueMinder => "C:\Program Files\VueSoft\VueMinder\VueMinder.exe" 1

==================== Faulty Device Manager Devices =============

Name: adfs

Description: adfs

Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}

Manufacturer:

Service: adfs

Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)

Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.

Devices stay in this state if they have been prepared for removal.

After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: Microsoft PS/2 Mouse

Description: Microsoft PS/2 Mouse

Class Guid: {4d36e96f-e325-11ce-bfc1-08002be10318}

Manufacturer: Microsoft

Service: i8042prt

Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)

Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.

Devices stay in this state if they have been prepared for removal.

After you remove the device, this error disappears.Remove the device, and this error should be resolved.

 

==================== Event log errors: =========================

Application errors:

==================

Error: (04/29/2014 09:19:40 PM) (Source: VSS) (User: )

Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance. hr = 0x80070422, The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

.

 

Operation:

Subscribing Writer

Context:

Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}

Writer Name: Shadow Copy Optimization Writer

Writer Instance ID: {fc7ba8d9-45d7-4c98-9a62-5879eb7f5ea2}

Error: (04/29/2014 09:19:40 PM) (Source: VSS) (User: )

Description: Volume Shadow Copy Service information: The COM Server with CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} and name CEventSystem cannot be started. [0x80070422, The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

]

 

Operation:

Subscribing Writer

Context:

Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}

Writer Name: Shadow Copy Optimization Writer

Writer Instance ID: {fc7ba8d9-45d7-4c98-9a62-5879eb7f5ea2}

Error: (04/29/2014 09:19:40 PM) (Source: VSS) (User: )

Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance. hr = 0x80070422, The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

.

 

Operation:

Subscribing Writer

Context:

Writer Class Id: {be000cbe-11fe-4426-9c58-531aa6355fc4}

Writer Name: ASR Writer

Writer Instance ID: {f8f65c14-76e1-4cb3-916b-0dcb956f3646}

Error: (04/29/2014 09:19:40 PM) (Source: VSS) (User: )

Description: Volume Shadow Copy Service information: The COM Server with CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} and name CEventSystem cannot be started. [0x80070422, The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

]

 

Operation:

Subscribing Writer

Context:

Writer Class Id: {be000cbe-11fe-4426-9c58-531aa6355fc4}

Writer Name: ASR Writer

Writer Instance ID: {f8f65c14-76e1-4cb3-916b-0dcb956f3646}

Error: (04/29/2014 09:19:40 PM) (Source: VSS) (User: )

Description: Volume Shadow Copy Error: An error 0x80042302, A Volume Shadow Copy Service component encountered an unexpected error.

Check the Application event log for more information.

was encountered while trying to initialize the Registry Writer. This may cause

future shadow-copy creations to fail.

Error: (04/29/2014 09:19:40 PM) (Source: VSS) (User: )

Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance. hr = 0x80070422, The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

.

 

Operation:

Subscribing Writer

Context:

Writer Class Id: {542da469-d3e1-473c-9f4f-7847f01fc64f}

Writer Name: COM+ REGDB Writer

Writer Instance ID: {1c95efb9-8b61-437e-a7ca-c06e2fb1a3b3}

Error: (04/29/2014 09:19:40 PM) (Source: VSS) (User: )

Description: Volume Shadow Copy Service information: The COM Server with CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} and name CEventSystem cannot be started. [0x80070422, The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

]

 

Operation:

Subscribing Writer

Context:

Writer Class Id: {542da469-d3e1-473c-9f4f-7847f01fc64f}

Writer Name: COM+ REGDB Writer

Writer Instance ID: {1c95efb9-8b61-437e-a7ca-c06e2fb1a3b3}

Error: (04/29/2014 09:19:40 PM) (Source: VSS) (User: )

Description: Volume Shadow Copy Error: An error 0x80042302, A Volume Shadow Copy Service component encountered an unexpected error.

Check the Application event log for more information.

was encountered while trying to initialize the Registry Writer. This may cause

future shadow-copy creations to fail.

Error: (04/29/2014 09:19:40 PM) (Source: VSS) (User: )

Description: Volume Shadow Copy Service error: Unexpected error calling routine Subscribing the Registry server writer failed. hr = 8004230208lx. hr = 0x80042302, A Volume Shadow Copy Service component encountered an unexpected error.

Check the Application event log for more information.

.

Error: (04/29/2014 09:19:40 PM) (Source: VSS) (User: )

Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance. hr = 0x80070422, The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

.

 

Operation:

Subscribing Writer

Context:

Writer Class Id: {afbab4a2-367d-4d15-a586-71dbb18f8485}

Writer Name: Registry Writer

Writer Instance ID: {fdde874d-7ea4-4a0f-a62e-6612ab4150cd}

 

System errors:

=============

Error: (04/29/2014 02:37:43 PM) (Source: Service Control Manager) (User: )

Description: The Background Intelligent Transfer Service service depends on the COM+ Event System service which failed to start because of the following error:

%%1058

Error: (04/29/2014 02:27:54 PM) (Source: Service Control Manager) (User: )

Description: The Background Intelligent Transfer Service service depends on the COM+ Event System service which failed to start because of the following error:

%%1058

Error: (04/29/2014 01:25:21 PM) (Source: Service Control Manager) (User: )

Description: The Background Intelligent Transfer Service service depends on the COM+ Event System service which failed to start because of the following error:

%%1058

Error: (04/29/2014 01:20:42 PM) (Source: Service Control Manager) (User: )

Description: The Background Intelligent Transfer Service service depends on the COM+ Event System service which failed to start because of the following error:

%%1058

Error: (04/29/2014 01:15:09 PM) (Source: Service Control Manager) (User: )

Description: The Background Intelligent Transfer Service service depends on the COM+ Event System service which failed to start because of the following error:

%%1058

Error: (04/29/2014 00:44:34 PM) (Source: Service Control Manager) (User: )

Description: The Background Intelligent Transfer Service service depends on the COM+ Event System service which failed to start because of the following error:

%%1058

Error: (04/29/2014 11:03:04 AM) (Source: Service Control Manager) (User: )

Description: The Background Intelligent Transfer Service service depends on the COM+ Event System service which failed to start because of the following error:

%%1058

Error: (04/29/2014 11:03:04 AM) (Source: DCOM) (User: )

Description: 1068BITS{6D18AD12-BDE3-4393-B311-099C346E6DF9}

Error: (04/29/2014 09:57:48 AM) (Source: DCOM) (User: )

Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}

Error: (04/29/2014 09:53:41 AM) (Source: Service Control Manager) (User: )

Description: The Background Intelligent Transfer Service service depends on the COM+ Event System service which failed to start because of the following error:

%%1058

 

Microsoft Office Sessions:

=========================

Error: (04/12/2014 02:35:05 PM) (Source: Microsoft Office 12 Sessions)(User: )

Description: ID: 3, Application Name: Microsoft Office PowerPoint, Application Version: 12.0.6600.1000, Microsoft Office Version: 12.0.6425.1000. This session lasted 2 seconds with 0 seconds of active time. This session ended with a crash.

Error: (10/23/2013 10:34:43 AM) (Source: Microsoft Office 12 Sessions)(User: )

Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6668.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 1920 seconds with 120 seconds of active time. This session ended with a crash.

Error: (10/17/2013 04:32:17 PM) (Source: Microsoft Office 12 Sessions)(User: )

Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6668.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 99 seconds with 60 seconds of active time. This session ended with a crash.

Error: (10/17/2013 04:30:15 PM) (Source: Microsoft Office 12 Sessions)(User: )

Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6668.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 21 seconds with 0 seconds of active time. This session ended with a crash.

Error: (10/17/2013 04:27:50 PM) (Source: Microsoft Office 12 Sessions)(User: )

Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6668.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 31 seconds with 0 seconds of active time. This session ended with a crash.

Error: (10/17/2013 04:27:07 PM) (Source: Microsoft Office 12 Sessions)(User: )

Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6668.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 24800 seconds with 9300 seconds of active time. This session ended with a crash.

Error: (09/15/2013 07:40:49 AM) (Source: Microsoft Office 12 Sessions)(User: )

Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6668.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 11 seconds with 0 seconds of active time. This session ended with a crash.

Error: (09/09/2013 03:49:49 PM) (Source: Microsoft Office 12 Sessions)(User: )

Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6665.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 5 seconds with 0 seconds of active time. This session ended with a crash.

Error: (08/25/2013 07:55:14 PM) (Source: Microsoft Office 12 Sessions)(User: )

Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6665.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 0 seconds with 0 seconds of active time. This session ended with a crash.

Error: (08/22/2013 01:47:45 PM) (Source: Microsoft Office 12 Sessions)(User: )

Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6665.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 0 seconds with 0 seconds of active time. This session ended with a crash.

 

CodeIntegrity Errors:

===================================

Date: 2014-04-25 14:00:07.820

Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\sirenacm.dll because the set of per-page image hashes could not be found on the system.

Date: 2014-04-25 14:00:07.720

Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.

Date: 2014-04-25 00:08:30.172

Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\sirenacm.dll because the set of per-page image hashes could not be found on the system.

Date: 2014-04-25 00:08:29.943

Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.

Date: 2014-04-23 05:07:04.982

Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\sirenacm.dll because the set of per-page image hashes could not be found on the system.

Date: 2014-04-23 05:07:04.910

Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.

Date: 2014-04-23 04:29:08.959

Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\sirenacm.dll because the set of per-page image hashes could not be found on the system.

Date: 2014-04-23 04:29:08.862

Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.

Date: 2014-04-23 02:55:58.081

Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\sirenacm.dll because the set of per-page image hashes could not be found on the system.

Date: 2014-04-23 02:55:57.891

Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.

 

==================== Memory info ===========================

Percentage of memory in use: 33%

Total physical RAM: 3070.13 MB

Available physical RAM: 2054.93 MB

Total Pagefile: 6627.6 MB

Available Pagefile: 5173.54 MB

Total Virtual: 3071.88 MB

Available Virtual: 2920.19 MB

==================== Drives ================================

Drive c: (System) (Fixed) (Total:225.33 GB) (Free:112.35 GB) NTFS

Drive d: (DATA) (Fixed) (Total:225.33 GB) (Free:40.51 GB) NTFS

Drive i: (184) (Network) (Total:1378.64 GB) (Free:259.16 GB) NTFS

Drive u: (135) (Network) (Total:4 GB) (Free:3.99 GB) NTFS

==================== MBR & Partition Table ==================

========================================================

Disk: 0 (Size: 466 GB) (Disk ID: 289353E3)

Partition 1: (Not Active) - (Size=15 GB) - (Type=27)

Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)

Partition 3: (Not Active) - (Size=225 GB) - (Type=07 NTFS)

Partition 4: (Not Active) - (Size=225 GB) - (Type=07 NTFS)

==================== End Of Log ============================


  • 0

#8
godawgs

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts

Thanks for the logs. In addition to the TrendMicro antivirus I see that Webroot ot Vipre antivirus was installed on the machine on 04/19/2014. I dont' see it in the list of installed programs so it has probably been uninstalled but there are residual files still on the system.
I want t o run the Webroot Uninstall tool and then get a fresh OTL scan and see if anything left.


Step-1.

Download and Run the Webroot Uninstall Tool

Click here to download the Webroot Uninstall Tool and save it to the desktop.

A.
Make a Fresh Restore Point

  • Click the Start Orb 4f6cbd09-148c-4dd8-b1f2-48f232a2fd33_818. Right click Computer and click Properties
  • In the left column under Tasks, click System Protection. 18abb370-ac1e-4b6b-b663-e028a75bf05b_48. If you're prompted for an administrator password or confirmation, type the password or provide confirmation.
  • Click the System Protection Tab.
  • In the Available Disks section put a check mark in the box next to OS (?:) (System). Your drive letter will be shown in place of the ?
    • In Windows 7 it will be named Protection Settings. Make sure the protection is On for Local Disk (?) (System).
    Note: It may take some time for the system to populate the Available Disks box, so be patient.
  • Click the Create button at the bottom
  • A System Protection window will open.

    17.png
  • Type in a name for the restore point, i.e: Before Webroot Uninstall and click Create
  • The System Protection window will tell you a Restore Point is being created.
  • The System Protection window will then tell you the Restore Point was created successfully. Click OK
  • Click OK again.
  • Close the Control Panel

B.
Reboot into Safe Mode.

  • Restart Windows in Safe Mode. To do that....
  • Restart your computer and as soon as it starts booting up again continuously tap the F8 key.
  • An Advanced Boot Options screen will come up where you will be given the option to enter Safe Mode.
    NOTE: If you miss the Boot menu, continue to let the machine boot up. Then restart the machine and start tapping the F8 key.
    Very Important: Never restart the computer while it is booting up. Bad things, including the computer not being able to load Windows, can occur!
  • Use the down arrow key to highlight Safe Mode and push the ENTER key.

Windows 7
windows-7-f8.jpg

 

C.

  • Double-click on the Webroot Upgrade/Cleanup tool WRUpgradeTool.exe to run, and follow the prompts to start the uninstall process.
  • The cleanup tool is finished when the last line reads "Removal procedures have been completed." At this point you can click the Close button. If prompted by a dialog box that reads "To complete the cleanup process, you must reboot this computer. Click OK to reboot," please restart you computer now by clicking on the OK button now.

 

 

Step-2.

otlicon.pngOTL Custom Scan

1. Please copy the text in the Quote box below, (Do Not copy the word Quote), and paste it in the customFix.png box in OTL. To do that:

  • Highlight everything inside the quote box, (except the word Quote), right click the mouse and click Copy.

createrestorepoint
netsvcs
baseservices
/md5start
rpcs.dll
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
/md5stop
c:\program files (x86)\Google\Desktop
c:\program files\Google\Desktop
dir "%systemdrive%\*" /S /A:L /C

2. Re-open otlicon.pngon the desktop. To do that:

  • Vista / 7 Users: Right click on the icon and click Run as Administrator)

Make sure all other windows are closed.

  • You will see a console like the one below:

    OTL_Main_Tutorial.gif
  • Click the box beside Scan All Users at the top of the console
  • Make sure the Output box at the top is set to Standard Output.
  • Check the boxes beside LOP Check and Purity Check.
  • Place the mouse pointer inside thecustomFix.png box, right click and click Paste. This will put the above script inside OTL
  • Click the runscanbutton.png button. Do not change any settings unless otherwise told to do so.
  • Let the scan run uninterrupted.
  • When the scan completes, it will open OTL.Txt. This file is also saved in the same location as OTL (it should be on your desktop).
  • Please copy the contents of this file and paste it into your reply. To do that:
  • On the OTL.txt file Menu Bar click Edit then click Select All. This will highlight the contents of the file. Then click Copy.
  • Right click inside the forum post window then click Paste. This will paste the contents of the OTL.txt file in the in the post window.

 

 

Things For Your Next Post:
Please post the logs in the order requested. Please don't attach the logs unless I request it.
1. Let me know if the WebRoot Uninstall tool ran successfully.
2. The new OTL.txt log


  • 0

#9
adai2020

adai2020

    Member

  • Topic Starter
  • Member
  • PipPip
  • 66 posts

Dear godawgs,

 

I received an error at Step 1. A. 7. Type in a name for the restore point, i.e: Before Webroot Uninstall and click Create

 

After clicking Create, the following error window pops up:

 

System Protection

The restore point could not be created for the following reason:

A Volume Shadow Copy Service component encountered an unexpected error. Check the Application event log for more information. (0x80042302)

Please try again. 

 

Hence, I was not able to create a system restore point.


Edited by adai2020, 30 April 2014 - 05:32 AM.

  • 0

#10
godawgs

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts

Try the instructions one more time. If you still can't create the restore point let me know and we will remove what we see with an OTL fix :thumbsup:


  • 0

Advertisements


#11
adai2020

adai2020

    Member

  • Topic Starter
  • Member
  • PipPip
  • 66 posts

Dear godawgs,

 

Unfortunately, I encountered the same error and am unable to create a system restore point. I continued with the remainder of the steps without a system restore point.

 

1. The WebRoot uninstall tool ran sucessfully, with the last line reading "Removal procedures have been completed".

 

2. Attached is the OTL.txt log 

 

OTL logfile created on: 1/5/2014 12:35:23 AM - Run 2

OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\A0033498\Desktop

Enterprise Edition (Version = 6.1.7600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.7600.16385)

Locale: 00004809 | Country: Singapore | Language: ENE | Date Format: d/M/yyyy

 

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 66.57% Memory free

4.95 Gb Paging File | 3.96 Gb Available in Paging File | 79.94% Paging File free

Paging file location(s): c:\pagefile.sys 1000 4000d:\pagef [Binary data over 200 bytes]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 225.33 Gb Total Space | 114.06 Gb Free Space | 50.62% Space Free | Partition Type: NTFS

Drive D: | 225.33 Gb Total Space | 40.51 Gb Free Space | 17.98% Space Free | Partition Type: NTFS

Drive H: | 4.00 Mb Total Space | 2.26 Mb Free Space | 56.40% Space Free | Partition Type: NTFS

Drive I: | 1378.64 Gb Total Space | 251.68 Gb Free Space | 18.26% Space Free | Partition Type: NTFS

Drive U: | 4.00 Gb Total Space | 3.99 Gb Free Space | 99.85% Space Free | Partition Type: NTFS

 

Computer Name: U715025-PC | User Name: a0033498 | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 

========== Processes (SafeList) ==========

 

PRC - [2014/05/01 00:30:03 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\A0033498\Desktop\OTL.exe

PRC - [2014/02/21 22:04:06 | 000,841,096 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\Macromed\Flash\FlashUtil32_12_0_0_70_ActiveX.exe

PRC - [2014/01/03 08:46:10 | 030,714,328 | ---- | M] (Dropbox, Inc.) -- C:\Users\A0033498\AppData\Roaming\Dropbox\bin\Dropbox.exe

PRC - [2013/05/23 19:29:02 | 000,458,904 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\OfficeScan Client\CNTAoSMgr.exe

PRC - [2013/01/04 10:59:29 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe

PRC - [2011/08/29 03:23:20 | 001,105,744 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\OfficeScan Client\PccNTMon.exe

PRC - [2011/08/26 01:52:34 | 001,828,032 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\OfficeScan Client\TmListen.exe

PRC - [2011/08/26 01:43:18 | 001,900,904 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\OfficeScan Client\NTRtScan.exe

PRC - [2011/06/16 16:46:22 | 000,345,616 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\BM\TMBMSRV.exe

PRC - [2009/08/03 13:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe

PRC - [2009/07/21 14:40:50 | 000,174,616 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\AMT\LMS.exe

PRC - [2009/07/14 09:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe

PRC - [2009/06/04 19:03:06 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe

 

 

========== Modules (No Company Name) ==========

 

MOD - [2014/01/03 08:45:04 | 003,558,400 | ---- | M] () -- C:\Users\A0033498\AppData\Roaming\Dropbox\bin\wxmsw28uh_vc.dll

MOD - [2013/10/19 07:55:02 | 025,100,288 | ---- | M] () -- C:\Users\A0033498\AppData\Roaming\Dropbox\bin\libcef.dll

MOD - [2011/07/19 05:04:08 | 000,296,448 | ---- | M] () -- C:\Program Files\Notepad++\NppShell_04.dll

 

 

========== Services (SafeList) ==========

 

SRV - [2014/02/21 23:04:05 | 000,257,928 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)

SRV - [2013/10/23 08:15:08 | 000,172,192 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)

SRV - [2013/05/10 00:57:24 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)

SRV - [2013/05/06 21:33:45 | 000,408,888 | ---- | M] (Symantec Corporation) [Disabled | Stopped] -- C:\Program Files\Altiris\Altiris Agent\Agents\WMIProviderAgent\AltirisAgentProvider.exe -- (AltirisAgentProvider)

SRV - [2013/05/06 21:12:37 | 001,548,088 | ---- | M] (Symantec Corporation) [Disabled | Stopped] -- C:\Program Files\Altiris\Altiris Agent\AeXNSAgent.exe -- (AeXNSClient)

SRV - [2011/10/21 15:08:42 | 000,213,376 | ---- | M] (FileOpen Systems Inc.) [Disabled | Stopped] -- C:\Program Files\FileOpen\Services\FileOpenManagerSvc32.exe -- (FileOpenManagerSvc)

SRV - [2011/08/26 01:52:34 | 001,828,032 | ---- | M] (Trend Micro Inc.) [Auto | Running] -- C:\Program Files\Trend Micro\OfficeScan Client\TmListen.exe -- (tmlisten)

SRV - [2011/08/26 01:43:18 | 001,900,904 | ---- | M] (Trend Micro Inc.) [Auto | Running] -- C:\Program Files\Trend Micro\OfficeScan Client\NTRtScan.exe -- (ntrtscan)

SRV - [2011/06/16 16:46:22 | 000,345,616 | ---- | M] (Trend Micro Inc.) [On_Demand | Running] -- C:\Program Files\Trend Micro\BM\TMBMSRV.exe -- (TMBMServer)

SRV - [2011/04/15 12:20:54 | 000,689,680 | ---- | M] (Trend Micro Inc.) [On_Demand | Stopped] -- C:\Program Files\Trend Micro\OfficeScan Client\TmProxy.exe -- (TmProxy)

SRV - [2010/10/01 02:52:50 | 000,067,904 | ---- | M] (Nalpeiron Ltd.) [Disabled | Stopped] -- C:\Windows\System32\NLSSRV32.EXE -- (nlsX86cc)

SRV - [2010/07/19 11:18:34 | 000,250,145 | ---- | M] (INCA Internet Co., Ltd.) [Disabled | Stopped] -- C:\Windows\System32\npstartersvc.exe -- (nPStarterSVC)

SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)

SRV - [2009/07/21 14:40:56 | 002,066,968 | ---- | M] (Intel Corporation) [Disabled | Stopped] -- C:\Program Files\Common Files\Intel\Privacy Icon\UNS\UNS.exe -- (UNS)

SRV - [2009/07/21 14:40:50 | 000,174,616 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\AMT\LMS.exe -- (LMS)

SRV - [2009/07/14 09:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)

SRV - [2009/07/14 09:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)

SRV - [2009/07/14 09:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)

SRV - [2009/07/14 09:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

SRV - [2009/06/04 19:03:06 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON)

SRV - [2007/01/31 04:57:12 | 001,198,080 | ---- | M] (United Devices, Inc.) [Disabled | Stopped] -- C:\Program Files\United Devices\mpagent\MPAGENT.EXE -- (mpagent)

SRV - [2002/10/04 04:02:32 | 000,118,784 | ---- | M] () [Disabled | Stopped] -- C:\Windows\System32\urtclsvc.exe -- (urtclientservice)

 

 

========== Driver Services (SafeList) ==========

 

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\nvhda32v.sys -- (NVHDA)

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\lmimirr.sys -- (lmimirr)

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\dsNcAdpt.sys -- (dsNcAdpt)

DRV - File not found [Kernel | Auto | Stopped] -- -- (adfs)

DRV - [2014/04/26 23:24:51 | 000,107,736 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\MBAMSwissArmy.sys -- (MBAMSwissArmy)

DRV - [2013/09/02 15:58:46 | 000,263,072 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\tmcomm.sys -- (tmcomm)

DRV - [2013/08/14 15:24:22 | 000,263,968 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Program Files\Trend Micro\OfficeScan Client\TmXPFlt.sys -- (TmFilter)

DRV - [2013/08/14 15:24:10 | 000,036,128 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Program Files\Trend Micro\OfficeScan Client\tmpreflt.sys -- (TmPreFilter)

DRV - [2013/08/14 14:53:10 | 001,517,600 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Program Files\Trend Micro\OfficeScan Client\vsapiNT.sys -- (VSApiNt)

DRV - [2012/02/14 06:08:00 | 000,013,560 | ---- | M] (GFI Software) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\gfibto.sys -- (gfibto)

DRV - [2011/07/20 01:28:40 | 000,068,368 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\tmactmon.sys -- (tmactmon)

DRV - [2011/07/20 01:28:40 | 000,059,152 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\tmevtmgr.sys -- (tmevtmgr)

DRV - [2010/12/07 14:58:38 | 000,090,448 | ---- | M] (Trend Micro Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\tmtdi.sys -- (tmtdi)

DRV - [2010/09/22 16:17:32 | 000,015,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpdispm.sys -- (RDPDISPM)

DRV - [2010/07/19 11:18:23 | 000,126,048 | ---- | M] (Kings Information & Network) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\kcrtx86.sys -- (kcrtx86)

DRV - [2010/07/19 11:18:23 | 000,021,432 | ---- | M] (SoftForum Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\JRSKD24.SYS -- (JRSKD24)

DRV - [2010/07/19 11:18:23 | 000,012,728 | ---- | M] (SoftForum Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\JRSUKD25.SYS -- (JRSUKD25)

DRV - [2010/05/13 14:55:18 | 000,047,712 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\NPIdsVt.sys -- (NPIDS)

DRV - [2009/11/09 11:21:18 | 000,059,388 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\scdemu.sys -- (SCDEmu)

DRV - [2009/07/14 09:19:10 | 000,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)

DRV - [2009/07/14 09:19:10 | 000,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)

DRV - [2009/07/14 09:19:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)

DRV - [2009/07/14 08:15:00 | 009,788,480 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)

DRV - [2009/07/14 07:28:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)

DRV - [2009/07/14 07:28:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)

DRV - [2009/07/14 07:12:52 | 000,030,720 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tpm.sys -- (TPM)

DRV - [2009/06/23 13:28:12 | 000,040,832 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HECI.sys -- (HECI)

DRV - [2009/06/22 11:04:24 | 000,202,408 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1k6232.sys -- (e1kexpress)

 

 

========== Standard Registry (SafeList) ==========

 

 

========== Internet Explorer ==========

 

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank

IE - HKLM\..\SearchScopes,DefaultScope =

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC

 

 

IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

 

IE - HKU\S-1-5-21-1086020445-1760312889-1512734326-400438\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com

IE - HKU\S-1-5-21-1086020445-1760312889-1512734326-400438\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com

IE - HKU\S-1-5-21-1086020445-1760312889-1512734326-400438\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/

IE - HKU\S-1-5-21-1086020445-1760312889-1512734326-400438\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com

IE - HKU\S-1-5-21-1086020445-1760312889-1512734326-400438\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com

IE - HKU\S-1-5-21-1086020445-1760312889-1512734326-400438\..\SearchScopes,DefaultScope = {56D72E4E-A828-49B5-B5E4-646D5F8EEC9E}

IE - HKU\S-1-5-21-1086020445-1760312889-1512734326-400438\..\SearchScopes\{56D72E4E-A828-49B5-B5E4-646D5F8EEC9E}: "URL" = http://www.google.co...1I7ADFA_enSG496

IE - HKU\S-1-5-21-1086020445-1760312889-1512734326-400438\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

========== FireFox ==========

 

FF - prefs.js..extensions.enabledItems: {eaea6202-fd19-c776-c433-759de74b7e4d}:1.0

FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.0

FF - prefs.js..browser.startup.homepage: "www.google.com"

FF - prefs.js..browser.search.selectedEngine: "Google"

FF - prefs.js..browser.search.defaultenginename: "Google"

FF - prefs.js..browser.search.defaultenginename: "Google"

FF - prefs.js..browser.search.selectedEngine: "Google"

FF - user.js - File not found

 

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_12_0_0_70.dll ()

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)

FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)

FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.51.2: C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.51.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.4: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3505.0912: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.450: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.448: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.448: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found

FF - HKLM\Software\MozillaPlugins\@softforum.com/npKeyPro: C:\Windows\system32\npKeyPro.dll (SoftForum Co., Ltd.)

FF - HKLM\Software\MozillaPlugins\@softforum.com/npxwebplugins: File not found

FF - HKLM\Software\MozillaPlugins\@softforum.com/npxwebplugins_file: File not found

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@wolfram.com/Mathematica: C:\Program Files\Common Files\Wolfram Research\Browser\8.0.4.2615434\npmathplugin.dll (Wolfram Research, Inc.)

FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\A0033498\AppData\Local\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\A0033498\AppData\Local\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)

 

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}: C:\Program Files\Adobe\Adobe Contribute CS5.1\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9} [2012/06/06 15:30:35 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2013/06/05 09:01:07 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/08/21 17:05:25 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/06/05 09:01:22 | 000,000,000 | ---D | M]

 

[2010/09/23 03:07:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\A0033498\AppData\Roaming\mozilla\Extensions

[2014/04/24 20:16:00 | 000,000,000 | ---D | M] (No name found) -- C:\Users\A0033498\AppData\Roaming\mozilla\Firefox\Profiles\vwrpn3h1.default\extensions

[2011/05/15 20:04:49 | 000,000,000 | ---D | M] (Zotero) -- C:\Users\A0033498\AppData\Roaming\mozilla\Firefox\Profiles\vwrpn3h1.default\extensions\[email protected]

[2011/05/15 20:08:26 | 000,000,000 | ---D | M] (Zotero WinWord Integration) -- C:\Users\A0033498\AppData\Roaming\mozilla\Firefox\Profiles\vwrpn3h1.default\extensions\[email protected]

[2013/02/09 00:32:06 | 000,213,444 | ---- | M] () (No name found) -- C:\Users\A0033498\AppData\Roaming\mozilla\firefox\profiles\vwrpn3h1.default\extensions\[email protected]

[2012/06/28 15:31:35 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

[2011/04/15 00:41:09 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll

[2012/01/12 16:58:30 | 000,917,816 | ---- | M] (BitComet) -- C:\Program Files\mozilla firefox\plugins\npBitCometAgent.dll

[2010/01/01 16:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

 

========== Chrome ==========

 

CHR - default_search_provider: Google (Enabled)

CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}

CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},

CHR - plugin: Error reading preferences file

CHR - Extension: Google Docs = C:\Users\A0033498\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\

CHR - Extension: Google Drive = C:\Users\A0033498\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\

CHR - Extension: YouTube = C:\Users\A0033498\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\

CHR - Extension: Google Search = C:\Users\A0033498\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\

CHR - Extension: Google Wallet = C:\Users\A0033498\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\

CHR - Extension: Gmail = C:\Users\A0033498\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

 

O1 HOSTS File: ([2012/08/18 02:11:40 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts

O2 - BHO: (ContributeBHO Class) - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\Adobe Contribute CS5.1\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.)

O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)

O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)

O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.9012.1008\swg.dll (Google Inc.)

O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)

O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\Adobe Contribute CS5.1\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.)

O3 - HKU\S-1-5-21-1086020445-1760312889-1512734326-400438\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

O4 - HKLM..\Run: [] File not found

O4 - HKLM..\Run: [OfficeScanNT Monitor] C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe (Trend Micro Inc.)

O4 - Startup: C:\Users\A0033498\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\A0033498\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideFastUserSwitching = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\kerberos\parameters: supportedencryptiontypes = 2147483647

O7 - HKU\S-1-5-21-1086020445-1760312889-1512734326-400438\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html File not found

O13 - gopher Prefix: missing

O15 - HKU\S-1-5-21-1086020445-1760312889-1512734326-400438\..Trusted Domains: nus.edu.sg ([]* in Local intranet)

O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.micros...n/ieawsdc32.cab (Microsoft Office Template and Media Control)

O16 - DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} http://www.caminova....le.aspx?lang=en (Reg Error: Key error.)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.51.2)

O16 - DPF: {B479199A-1242-4E3C-AD81-7F0DF801B4AE} http://download.micr...loadManager.cab (Reg Error: Key error.)

O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.51.2)

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 137.132.0.252 137.132.0.254

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = stf.nus.edu.sg

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DAA9E2B3-2338-4640-A43F-3A0CC84B359E}: DhcpNameServer = 137.132.0.252 137.132.0.254

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2009/06/11 05:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O32 - AutoRun File - [2008/11/11 17:41:58 | 000,000,000 | ---D | M] - I:\autocad-viewer -- [ NTFS ]

O33 - MountPoints2\{23dc31f1-c451-11df-9893-0025110a65b4}\Shell - "" = AutoRun

O33 - MountPoints2\{23dc31f1-c451-11df-9893-0025110a65b4}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a

O33 - MountPoints2\{619b8cd6-3baa-11e2-bdb2-0025110a65b4}\Shell - "" = AutoRun

O33 - MountPoints2\{619b8cd6-3baa-11e2-bdb2-0025110a65b4}\Shell\AutoRun\command - "" = G:\INSTALL\READER\ACRORD32.EXE PDF/MAIN.PDF

O33 - MountPoints2\{bd425607-b105-11df-bd45-0025110a65b4}\Shell - "" = AutoRun

O33 - MountPoints2\{bd425607-b105-11df-bd45-0025110a65b4}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a

O34 - HKLM BootExecute: (autocheck autochk *)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

 

CREATERESTOREPOINT

System Restore Service not available.

 

NetSvcs: FastUserSwitchingCompatibility - File not found

NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)

NetSvcs: Nla - File not found

NetSvcs: Ntmssvc - File not found

NetSvcs: NWCWorkstation - File not found

NetSvcs: Nwsapagent - File not found

NetSvcs: SRService - File not found

NetSvcs: WmdmPmSp - File not found

NetSvcs: LogonHours - File not found

NetSvcs: PCAudit - File not found

NetSvcs: helpsvc - File not found

NetSvcs: uploadmgr - File not found

 

========== Files/Folders - Created Within 30 Days ==========

 

[2014/05/01 00:30:00 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\A0033498\Desktop\OTL.exe

[2014/04/29 21:18:27 | 000,000,000 | ---D | C] -- C:\FRST

[2014/04/29 21:09:49 | 001,049,600 | ---- | C] (Farbar) -- C:\Users\A0033498\Desktop\FRST.exe

[2014/04/24 20:41:06 | 000,000,000 | ---D | C] -- C:\Users\A0033498\AppData\Local\Skype

[2014/04/24 20:40:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype

[2014/04/24 20:40:57 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype

[2014/04/24 20:07:08 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT

[2014/04/20 22:44:49 | 000,000,000 | ---D | C] -- C:\Users\A0033498\AppData\Local\CrashDumps

[2014/04/19 00:56:06 | 000,044,424 | ---- | C] (GFI Software) -- C:\Windows\System32\sbbd.exe

[2014/04/19 00:56:06 | 000,013,560 | ---- | C] (GFI Software) -- C:\Windows\System32\drivers\gfibto.sys

[2014/04/19 00:55:53 | 000,000,000 | ---D | C] -- C:\Users\A0033498\AppData\Roaming\VIPRE

[2014/04/19 00:55:53 | 000,000,000 | ---D | C] -- C:\Users\A0033498\AppData\Local\VIPRE

[2014/04/18 22:26:00 | 000,000,000 | ---D | C] -- C:\Windows\erdnt

[2014/04/18 22:25:52 | 000,000,000 | --SD | C] -- C:\32788R22FWJFW

[2014/04/12 23:48:31 | 000,107,736 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\MBAMSwissArmy.sys

[2014/04/12 23:48:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

[2014/04/12 14:54:08 | 000,000,000 | ---D | C] -- C:\Program Files\Aurora

[2014/04/12 14:40:27 | 000,000,000 | ---D | C] -- C:\Users\A0033498\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Aurora

[2014/04/12 14:40:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Aurora

[1 C:\Users\A0033498\Desktop\*.tmp files -> C:\Users\A0033498\Desktop\*.tmp -> ]

 

========== Files - Modified Within 30 Days ==========

 

[2014/05/01 00:35:08 | 000,012,048 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2014/05/01 00:35:08 | 000,012,048 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2014/05/01 00:32:16 | 000,785,712 | ---- | M] () -- C:\Windows\System32\perfh00C.dat

[2014/05/01 00:32:16 | 000,736,996 | ---- | M] () -- C:\Windows\System32\perfh007.dat

[2014/05/01 00:32:16 | 000,717,682 | ---- | M] () -- C:\Windows\System32\perfh009.dat

[2014/05/01 00:32:16 | 000,458,038 | ---- | M] () -- C:\Windows\System32\perfh011.dat

[2014/05/01 00:32:16 | 000,440,440 | ---- | M] () -- C:\Windows\System32\prfh0804.dat

[2014/05/01 00:32:16 | 000,165,012 | ---- | M] () -- C:\Windows\System32\perfc00C.dat

[2014/05/01 00:32:16 | 000,164,502 | ---- | M] () -- C:\Windows\System32\perfc007.dat

[2014/05/01 00:32:16 | 000,145,288 | ---- | M] () -- C:\Windows\System32\perfc009.dat

[2014/05/01 00:32:16 | 000,143,148 | ---- | M] () -- C:\Windows\System32\prfc0804.dat

[2014/05/01 00:32:16 | 000,137,914 | ---- | M] () -- C:\Windows\System32\perfc011.dat

[2014/05/01 00:30:03 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\A0033498\Desktop\OTL.exe

[2014/05/01 00:28:20 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

[2014/05/01 00:28:03 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2014/05/01 00:09:00 | 000,000,920 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1086020445-1760312889-1512734326-400438UA.job

[2014/05/01 00:04:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job

[2014/04/30 23:59:00 | 000,000,890 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

[2014/04/30 23:46:16 | 000,008,966 | ---- | M] () -- C:\Windows\cfgall.ini

[2014/04/30 23:09:01 | 000,000,868 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1086020445-1760312889-1512734326-400438Core.job

[2014/04/30 18:48:09 | 000,018,829 | ---- | M] () -- C:\Users\A0033498\Desktop\SysProc.jpg

[2014/04/29 23:19:33 | 000,000,193 | ---- | M] () -- C:\Windows\WORDPAD.INI

[2014/04/29 21:10:03 | 001,049,600 | ---- | M] (Farbar) -- C:\Users\A0033498\Desktop\FRST.exe

[2014/04/26 23:24:51 | 000,107,736 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\MBAMSwissArmy.sys

[2014/04/26 01:18:42 | 004,052,728 | ---- | M] () -- C:\Users\A0033498\Desktop\JLT_Paper_to_review_Joint_Iterative_Carrier_Synchronization_and_Signal_Detection_Employing_Expectation_Maximization_Dec_2013_Revised.pdf

[2014/04/25 20:51:46 | 000,011,757 | RHS- | M] () -- C:\ProgramData\ntuser.pol

[2014/04/25 00:08:57 | 000,000,180 | ---- | M] () -- C:\Windows\hpbafd.ini

[2014/04/24 20:12:00 | 000,001,000 | RHS- | M] () -- C:\Users\A0033498\ntuser.pol

[2014/04/13 00:32:56 | 003,970,104 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT

[2014/04/13 00:16:14 | 000,181,272 | ---- | M] () -- C:\Windows\RegBootClean.exe

[2014/04/12 20:29:43 | 000,000,036 | ---- | M] () -- C:\Users\A0033498\AppData\Local\housecall.guid.cache

[2014/04/12 20:24:26 | 000,332,728 | ---- | M] () -- C:\Users\A0033498\AppData\Local\census.cache

[2014/04/12 20:24:12 | 000,121,676 | ---- | M] () -- C:\Users\A0033498\AppData\Local\ars.cache

[2014/04/12 20:12:02 | 000,000,010 | ---- | M] () -- C:\Users\A0033498\AppData\Local\sponge.last.runtime.cache

[1 C:\Users\A0033498\Desktop\*.tmp files -> C:\Users\A0033498\Desktop\*.tmp -> ]

 

========== Files Created - No Company Name ==========

 

[2014/04/30 18:48:09 | 000,018,829 | ---- | C] () -- C:\Users\A0033498\Desktop\SysProc.jpg

[2014/04/29 23:19:33 | 000,000,193 | ---- | C] () -- C:\Windows\WORDPAD.INI

[2014/04/26 01:18:42 | 004,052,728 | ---- | C] () -- C:\Users\A0033498\Desktop\JLT_Paper_to_review_Joint_Iterative_Carrier_Synchronization_and_Signal_Detection_Employing_Expectation_Maximization_Dec_2013_Revised.pdf

[2014/04/12 20:24:26 | 000,332,728 | ---- | C] () -- C:\Users\A0033498\AppData\Local\census.cache

[2014/04/12 20:24:12 | 000,121,676 | ---- | C] () -- C:\Users\A0033498\AppData\Local\ars.cache

[2014/04/12 20:12:02 | 000,000,010 | ---- | C] () -- C:\Users\A0033498\AppData\Local\sponge.last.runtime.cache

[2014/04/12 20:05:19 | 000,000,036 | ---- | C] () -- C:\Users\A0033498\AppData\Local\housecall.guid.cache

[2014/02/24 14:56:47 | 000,005,472 | ---- | C] () -- C:\Users\A0033498\AppData\Local\recently-used.xbel

[2014/02/22 18:20:32 | 000,000,184 | ---- | C] () -- C:\Windows\AutoKMS.ini

[2014/02/18 00:29:18 | 000,000,086 | ---- | C] () -- C:\Users\A0033498\gsview32.ini

[2013/06/28 10:47:41 | 000,004,096 | -H-- | C] () -- C:\Users\A0033498\AppData\Local\keyfile3.drm

[2013/02/26 10:37:34 | 000,000,000 | ---- | C] () -- C:\Windows\HPMProp.INI

[2012/10/18 20:46:01 | 000,004,830 | ---- | C] () -- C:\Users\A0033498\AppData\Roaming\LTspiceIV.ini

[2012/09/25 18:45:35 | 000,000,913 | ---- | C] () -- C:\Windows\MD_MicroDiffs.INI

[2012/09/25 18:45:34 | 000,000,913 | ---- | C] () -- C:\Windows\MD_MacroDiffs.INI

[2012/09/25 18:45:34 | 000,000,817 | ---- | C] () -- C:\Windows\CFX.INI

[2012/09/25 18:45:34 | 000,000,144 | ---- | C] () -- C:\Windows\FifX_v2.INI

[2012/08/16 17:27:13 | 000,000,600 | ---- | C] () -- C:\Users\A0033498\AppData\Local\PUTTY.RND

[2012/07/21 00:11:58 | 000,181,272 | ---- | C] () -- C:\Windows\RegBootClean.exe

[2012/05/29 12:28:06 | 000,180,624 | ---- | C] () -- C:\Windows\System32\Primomonnt.dll

[2012/05/03 09:54:01 | 000,000,600 | ---- | C] () -- C:\Users\A0033498\AppData\Roaming\winscp.rnd

[2011/06/29 10:24:57 | 000,007,602 | ---- | C] () -- C:\Users\A0033498\AppData\Local\Resmon.ResmonCfg

[2010/08/10 15:49:54 | 000,001,000 | RHS- | C] () -- C:\Users\A0033498\ntuser.pol

[2009/11/18 14:49:13 | 000,011,757 | RHS- | C] () -- C:\ProgramData\ntuser.pol

 

========== ZeroAccess Check ==========

 

[2009/07/14 12:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

 

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

 

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 12:46:56 | 012,868,608 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]

"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/07/14 09:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/14 09:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Both

 

========== LOP Check ==========

 

[2013/02/18 19:23:54 | 000,000,000 | ---D | M] -- C:\Users\A0033498\AppData\Roaming\BitComet

[2013/11/27 16:51:43 | 000,000,000 | ---D | M] -- C:\Users\A0033498\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1

[2010/09/08 13:12:26 | 000,000,000 | ---D | M] -- C:\Users\A0033498\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1

[2011/08/22 11:28:59 | 000,000,000 | ---D | M] -- C:\Users\A0033498\AppData\Roaming\Design Science

[2010/10/12 10:09:36 | 000,000,000 | ---D | M] -- C:\Users\A0033498\AppData\Roaming\Downloaded Installations

[2014/05/01 00:29:03 | 000,000,000 | ---D | M] -- C:\Users\A0033498\AppData\Roaming\Dropbox

[2013/11/29 00:23:33 | 000,000,000 | ---D | M] -- C:\Users\A0033498\AppData\Roaming\EndNote

[2012/10/08 13:18:33 | 000,000,000 | ---D | M] -- C:\Users\A0033498\AppData\Roaming\Eyes Relax

[2011/12/05 15:21:43 | 000,000,000 | ---D | M] -- C:\Users\A0033498\AppData\Roaming\FileOpen

[2012/05/29 11:45:12 | 000,000,000 | ---D | M] -- C:\Users\A0033498\AppData\Roaming\Foxit Software

[2014/02/27 12:54:18 | 000,000,000 | ---D | M] -- C:\Users\A0033498\AppData\Roaming\inkscape

[2012/11/09 11:02:49 | 000,000,000 | ---D | M] -- C:\Users\A0033498\AppData\Roaming\JAM Software

[2012/08/18 02:09:23 | 000,000,000 | ---D | M] -- C:\Users\A0033498\AppData\Roaming\Juniper Networks

[2013/12/20 09:51:57 | 000,000,000 | ---D | M] -- C:\Users\A0033498\AppData\Roaming\l2rshell

[2013/10/31 02:06:23 | 000,000,000 | ---D | M] -- C:\Users\A0033498\AppData\Roaming\LibreOffice

[2010/10/12 10:13:43 | 000,000,000 | ---D | M] -- C:\Users\A0033498\AppData\Roaming\Nitro PDF

[2014/01/29 12:42:03 | 000,000,000 | ---D | M] -- C:\Users\A0033498\AppData\Roaming\Notepad++

[2012/06/27 13:34:57 | 000,000,000 | ---D | M] -- C:\Users\A0033498\AppData\Roaming\PDF reDirect

[2012/05/29 12:32:12 | 000,000,000 | ---D | M] -- C:\Users\A0033498\AppData\Roaming\PrimoPDF

[2014/01/11 13:41:34 | 000,000,000 | ---D | M] -- C:\Users\A0033498\AppData\Roaming\Publish or Perish

[2012/09/25 18:41:05 | 000,000,000 | ---D | M] -- C:\Users\A0033498\AppData\Roaming\Softinterface, Inc

[2013/01/02 12:22:22 | 000,000,000 | ---D | M] -- C:\Users\A0033498\AppData\Roaming\SSH

[2012/09/19 13:03:59 | 000,000,000 | ---D | M] -- C:\Users\A0033498\AppData\Roaming\System

[2014/04/04 13:04:55 | 000,000,000 | ---D | M] -- C:\Users\A0033498\AppData\Roaming\texstudio

[2014/04/19 00:55:53 | 000,000,000 | ---D | M] -- C:\Users\A0033498\AppData\Roaming\VIPRE

[2012/08/13 20:35:26 | 000,000,000 | ---D | M] -- C:\Users\A0033498\AppData\Roaming\Windows Live Writer

[2010/08/15 16:11:22 | 000,000,000 | ---D | M] -- C:\Users\A0033498\AppData\Roaming\Windows SideBar

[2013/10/31 01:30:57 | 000,000,000 | ---D | M] -- C:\Users\A0033498\AppData\Roaming\WordKutools

[2013/11/23 14:28:29 | 000,000,000 | ---D | M] -- C:\Users\A0033498\AppData\Roaming\xm1

 

========== Purity Check ==========

 

 

 

========== Custom Scans ==========

 

========== Base Services ==========

SRV - [2009/07/14 09:14:53 | 000,062,464 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\System32\aelupsvc.dll -- (AeLookupSvc)

SRV - [2009/07/14 09:14:53 | 000,046,592 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\appinfo.dll -- (Appinfo)

SRV - [2009/07/14 09:14:11 | 000,059,392 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\System32\alg.exe -- (ALG)

SRV - [2009/07/14 09:16:12 | 000,589,312 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\qmgr.dll -- (BITS)

SRV - [2009/07/14 09:14:59 | 000,493,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\BFE.DLL -- (BFE)

SRV - [2011/11/17 13:36:26 | 000,022,528 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\lsass.exe -- (KeyIso)

SRV - [2009/07/14 09:15:19 | 000,271,360 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\System32\es.dll -- (EventSystem)

SRV - [2012/07/05 05:23:55 | 000,102,912 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\browser.dll -- (Browser)

SRV - [2012/06/02 12:45:21 | 000,139,264 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\cryptsvc.dll -- (CryptSvc)

SRV - [2009/07/14 09:16:13 | 000,376,320 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\rpcss.dll -- (DcomLaunch)

SRV - [2009/07/14 09:15:11 | 000,253,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\dhcpcore.dll -- (Dhcp)

SRV - [2011/03/03 13:29:23 | 000,132,608 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\dnsrslvr.dll -- (Dnscache)

SRV - [2009/07/14 09:15:13 | 000,098,304 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\System32\eapsvc.dll -- (EapHost)

SRV - [2009/07/14 09:15:24 | 000,049,152 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\hidserv.dll -- (hidserv)

SRV - [2009/07/14 09:15:33 | 000,300,544 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\System32\ipnathlp.dll -- (SharedAccess)

SRV - [2009/07/14 09:15:33 | 000,350,720 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\IPSECSVC.DLL -- (PolicyAgent)

No service found with a name of MsMpSvc

No service found with a name of NisSrv

SRV - [2009/07/14 09:16:15 | 000,313,856 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\swprv.dll -- (swprv)

SRV - [2009/07/14 09:15:41 | 000,049,664 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\mmcss.dll -- (MMCSS)

SRV - [2009/07/14 09:16:03 | 000,280,576 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\netman.dll -- (Netman)

SRV - [2009/07/14 09:16:03 | 000,360,448 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\netprofm.dll -- (netprofm)

SRV - [2009/07/14 09:16:03 | 000,242,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\nlasvc.dll -- (NlaSvc)

SRV - [2009/07/14 09:16:11 | 000,019,456 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\nsisvc.dll -- (nsi)

SRV - [2011/05/24 18:35:34 | 000,294,912 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\umpnpmgr.dll -- (PlugPlay)

SRV - [2010/08/21 13:32:37 | 000,316,928 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\spoolsv.exe -- (Spooler)

SRV - [2011/11/17 13:36:26 | 000,022,528 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\lsass.exe -- (ProtectedStorage)

No service found with a name of EMDMgmt

SRV - [2009/07/14 09:16:12 | 000,090,624 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\rasauto.dll -- (RasAuto)

SRV - [2009/07/14 09:16:12 | 000,285,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\rasmans.dll -- (RasMan)

SRV - [2009/07/14 09:16:13 | 000,376,320 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\rpcss.dll -- (RpcSs)

SRV - [2009/07/14 09:16:13 | 000,021,504 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\seclogon.dll -- (seclogon)

SRV - [2011/11/17 13:36:26 | 000,022,528 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\lsass.exe -- (SamSs)

SRV - [2009/07/14 09:16:20 | 000,073,728 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wscsvc.dll -- (wscsvc)

SRV - [2010/08/27 13:46:48 | 000,168,448 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\srvsvc.dll -- (LanmanServer)

SRV - [2009/07/14 09:16:14 | 000,328,192 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\shsvcs.dll -- (ShellHWDetection)

No service found with a name of slsvc

SRV - [2010/11/02 12:39:32 | 000,749,056 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\schedsvc.dll -- (Schedule)

SRV - [2009/07/14 09:16:15 | 000,241,664 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\tapisrv.dll -- (TapiSrv)

SRV - [2009/07/14 09:16:16 | 000,037,376 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\themeservice.dll -- (Themes)

SRV - [2009/07/14 09:16:12 | 000,162,816 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\profsvc.dll -- (ProfSvc)

SRV - [2009/07/14 09:14:43 | 001,025,536 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\System32\VSSVC.exe -- (VSS)

SRV - [2009/07/14 09:14:57 | 000,473,088 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\audiosrv.dll -- (Audiosrv)

SRV - [2009/07/14 09:14:57 | 000,473,088 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\audiosrv.dll -- (AudioEndpointBuilder)

SRV - [2009/07/14 09:16:13 | 000,125,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sdrsvc.dll -- (SDRSVC)

SRV - [2009/07/14 09:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

SRV - [2009/07/14 09:16:18 | 001,086,464 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wevtsvc.dll -- (eventlog)

SRV - [2009/07/14 09:15:41 | 000,565,760 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\MPSSVC.dll -- (MpsSvc)

SRV - [2009/07/14 09:16:18 | 000,462,336 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wiaservc.dll -- (StiSvc)

SRV - [2009/07/14 09:14:25 | 000,073,216 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\msiexec.exe -- (msiserver)

SRV - [2009/07/14 09:16:19 | 000,168,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wbem\WMIsvc.dll -- (Winmgmt)

SRV - [2012/06/03 06:19:17 | 001,933,848 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wuaueng.dll -- (wuauserv)

SRV - [2009/07/14 09:15:12 | 000,214,016 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\System32\dot3svc.dll -- (dot3svc)

SRV - [2009/07/14 09:16:19 | 000,829,440 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wlansvc.dll -- (Wlansvc)

SRV - [2009/07/14 09:16:19 | 000,084,480 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wkssvc.dll -- (LanmanWorkstation)

 

< MD5 for: EXPLORER.EXE >

[2009/07/14 09:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe

[2009/08/03 13:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_526619d4f3f142e6\explorer.exe

[2009/08/03 13:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\explorer.exe

[2009/08/03 13:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_51e07e31dad00878\explorer.exe

 

< MD5 for: SVCHOST.EXE >

[2009/07/14 09:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\System32\svchost.exe

[2009/07/14 09:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe

 

< MD5 for: USERINIT.EXE >

[2009/07/14 09:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\System32\userinit.exe

[2009/07/14 09:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe

 

< MD5 for: WINLOGON.EXE >

[2009/07/14 09:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\System32\winlogon.exe

[2009/07/14 09:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe

 

< c:\program files (x86)\Google\Desktop >

[2009/07/14 12:53:46 | 000,032,568 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT

[2009/07/14 12:53:47 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT

[2010/08/30 16:34:46 | 000,000,868 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1086020445-1760312889-1512734326-400438Core.job

[2010/08/30 16:34:46 | 000,000,920 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1086020445-1760312889-1512734326-400438UA.job

[2012/08/12 17:15:14 | 000,000,830 | ---- | C] () -- C:\Windows\Tasks\Adobe Flash Player Updater.job

[2012/08/12 17:15:34 | 000,000,886 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

[2012/08/12 17:15:35 | 000,000,890 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

 

< c:\program files\Google\Desktop >

 

< dir "%systemdrive%\*" /S /A:L /C >

Volume in drive C is System

Volume Serial Number is DA81-FA04

Directory of C:\

14/07/2009 12:53 PM <JUNCTION> Documents and Settings [C:\Users]

0 File(s) 0 bytes

Directory of C:\ProgramData

14/07/2009 12:53 PM <JUNCTION> Application Data [C:\ProgramData]

14/07/2009 12:53 PM <JUNCTION> Desktop [C:\Users\Public\Desktop]

14/07/2009 12:53 PM <JUNCTION> Documents [C:\Users\Public\Documents]

14/07/2009 12:53 PM <JUNCTION> Favorites [C:\Users\Public\Favorites]

14/07/2009 12:53 PM <JUNCTION> Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]

14/07/2009 12:53 PM <JUNCTION> Templates [C:\ProgramData\Microsoft\Windows\Templates]

0 File(s) 0 bytes

Directory of C:\Users

14/07/2009 12:53 PM <SYMLINKD> All Users [C:\ProgramData]

14/07/2009 12:53 PM <JUNCTION> Default User [C:\Users\Default]

0 File(s) 0 bytes

Directory of C:\Users\A0033498

10/08/2010 03:49 PM <JUNCTION> Application Data [C:\Users\A0033498\AppData\Roaming]

10/08/2010 03:49 PM <JUNCTION> Cookies [C:\Users\A0033498\AppData\Roaming\Microsoft\Windows\Cookies]

10/08/2010 03:49 PM <JUNCTION> Local Settings [C:\Users\A0033498\AppData\Local]

10/08/2010 03:49 PM <JUNCTION> My Documents [C:\Users\A0033498\Documents]

10/08/2010 03:49 PM <JUNCTION> NetHood [C:\Users\A0033498\AppData\Roaming\Microsoft\Windows\Network Shortcuts]

10/08/2010 03:49 PM <JUNCTION> PrintHood [C:\Users\A0033498\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]

10/08/2010 03:49 PM <JUNCTION> Recent [C:\Users\A0033498\AppData\Roaming\Microsoft\Windows\Recent]

10/08/2010 03:49 PM <JUNCTION> SendTo [C:\Users\A0033498\AppData\Roaming\Microsoft\Windows\SendTo]

10/08/2010 03:49 PM <JUNCTION> Start Menu [C:\Users\A0033498\AppData\Roaming\Microsoft\Windows\Start Menu]

10/08/2010 03:49 PM <JUNCTION> Templates [C:\Users\A0033498\AppData\Roaming\Microsoft\Windows\Templates]

0 File(s) 0 bytes

Directory of C:\Users\A0033498\AppData\Local

10/08/2010 03:49 PM <JUNCTION> Application Data [C:\Users\A0033498\AppData\Local]

10/08/2010 03:49 PM <JUNCTION> History [C:\Users\A0033498\AppData\Local\Microsoft\Windows\History]

10/08/2010 03:49 PM <JUNCTION> Temporary Internet Files [C:\Users\A0033498\AppData\Local\Microsoft\Windows\Temporary Internet Files]

0 File(s) 0 bytes

Directory of C:\Users\A0033498\Documents

10/08/2010 03:49 PM <JUNCTION> My Music [C:\Users\A0033498\Music]

10/08/2010 03:49 PM <JUNCTION> My Pictures [C:\Users\A0033498\Pictures]

10/08/2010 03:49 PM <JUNCTION> My Videos [C:\Users\A0033498\Videos]

0 File(s) 0 bytes

Directory of C:\Users\adminNUS

18/11/2009 12:38 PM <JUNCTION> Application Data [C:\Users\adminNUS\AppData\Roaming]

18/11/2009 12:38 PM <JUNCTION> Cookies [C:\Users\adminNUS\AppData\Roaming\Microsoft\Windows\Cookies]

18/11/2009 12:38 PM <JUNCTION> Local Settings [C:\Users\adminNUS\AppData\Local]

18/11/2009 12:38 PM <JUNCTION> My Documents [C:\Users\adminNUS\Documents]

18/11/2009 12:38 PM <JUNCTION> NetHood [C:\Users\adminNUS\AppData\Roaming\Microsoft\Windows\Network Shortcuts]

18/11/2009 12:38 PM <JUNCTION> PrintHood [C:\Users\adminNUS\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]

18/11/2009 12:38 PM <JUNCTION> Recent [C:\Users\adminNUS\AppData\Roaming\Microsoft\Windows\Recent]

18/11/2009 12:38 PM <JUNCTION> SendTo [C:\Users\adminNUS\AppData\Roaming\Microsoft\Windows\SendTo]

18/11/2009 12:38 PM <JUNCTION> Start Menu [C:\Users\adminNUS\AppData\Roaming\Microsoft\Windows\Start Menu]

18/11/2009 12:38 PM <JUNCTION> Templates [C:\Users\adminNUS\AppData\Roaming\Microsoft\Windows\Templates]

0 File(s) 0 bytes

Directory of C:\Users\adminNUS\AppData\Local

18/11/2009 12:38 PM <JUNCTION> Application Data [C:\Users\adminNUS\AppData\Local]

18/11/2009 12:38 PM <JUNCTION> History [C:\Users\adminNUS\AppData\Local\Microsoft\Windows\History]

18/11/2009 12:38 PM <JUNCTION> Temporary Internet Files [C:\Users\adminNUS\AppData\Local\Microsoft\Windows\Temporary Internet Files]

0 File(s) 0 bytes

Directory of C:\Users\adminNUS\Documents

18/11/2009 12:38 PM <JUNCTION> My Music [C:\Users\adminNUS\Music]

18/11/2009 12:38 PM <JUNCTION> My Pictures [C:\Users\adminNUS\Pictures]

18/11/2009 12:38 PM <JUNCTION> My Videos [C:\Users\adminNUS\Videos]

0 File(s) 0 bytes

Directory of C:\Users\All Users

14/07/2009 12:53 PM <JUNCTION> Application Data [C:\ProgramData]

14/07/2009 12:53 PM <JUNCTION> Desktop [C:\Users\Public\Desktop]

14/07/2009 12:53 PM <JUNCTION> Documents [C:\Users\Public\Documents]

14/07/2009 12:53 PM <JUNCTION> Favorites [C:\Users\Public\Favorites]

14/07/2009 12:53 PM <JUNCTION> Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]

14/07/2009 12:53 PM <JUNCTION> Templates [C:\ProgramData\Microsoft\Windows\Templates]

0 File(s) 0 bytes

Directory of C:\Users\Default

20/01/2010 09:46 AM <JUNCTION> Application Data [C:\Users\Default\AppData\Roaming]

20/01/2010 09:46 AM <JUNCTION> Cookies [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Cookies]

20/01/2010 09:46 AM <JUNCTION> Local Settings [C:\Users\Default\AppData\Local]

20/01/2010 09:46 AM <JUNCTION> My Documents [C:\Users\Default\Documents]

20/01/2010 09:46 AM <JUNCTION> NetHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Network Shortcuts]

20/01/2010 09:46 AM <JUNCTION> PrintHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]

20/01/2010 09:46 AM <JUNCTION> Recent [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Recent]

20/01/2010 09:46 AM <JUNCTION> SendTo [C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo]

20/01/2010 09:46 AM <JUNCTION> Start Menu [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu]

20/01/2010 09:46 AM <JUNCTION> Templates [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Templates]

0 File(s) 0 bytes

Directory of C:\Users\Default\AppData\Local

20/01/2010 09:46 AM <JUNCTION> Application Data [C:\Users\Default\AppData\Local]

20/01/2010 09:46 AM <JUNCTION> History [C:\Users\Default\AppData\Local\Microsoft\Windows\History]

20/01/2010 09:46 AM <JUNCTION> Temporary Internet Files [C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files]

0 File(s) 0 bytes

Directory of C:\Users\Default\Documents

20/01/2010 09:46 AM <JUNCTION> My Music [C:\Users\Default\Music]

20/01/2010 09:46 AM <JUNCTION> My Pictures [C:\Users\Default\Pictures]

20/01/2010 09:46 AM <JUNCTION> My Videos [C:\Users\Default\Videos]

0 File(s) 0 bytes

Directory of C:\Users\MPAgentUser

18/11/2009 03:41 PM <JUNCTION> Application Data [C:\Users\MPAgentUser\AppData\Roaming]

18/11/2009 03:41 PM <JUNCTION> Cookies [C:\Users\MPAgentUser\AppData\Roaming\Microsoft\Windows\Cookies]

18/11/2009 03:41 PM <JUNCTION> Local Settings [C:\Users\MPAgentUser\AppData\Local]

18/11/2009 03:41 PM <JUNCTION> My Documents [C:\Users\MPAgentUser\Documents]

18/11/2009 03:41 PM <JUNCTION> NetHood [C:\Users\MPAgentUser\AppData\Roaming\Microsoft\Windows\Network Shortcuts]

18/11/2009 03:41 PM <JUNCTION> PrintHood [C:\Users\MPAgentUser\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]

18/11/2009 03:41 PM <JUNCTION> Recent [C:\Users\MPAgentUser\AppData\Roaming\Microsoft\Windows\Recent]

18/11/2009 03:41 PM <JUNCTION> SendTo [C:\Users\MPAgentUser\AppData\Roaming\Microsoft\Windows\SendTo]

18/11/2009 03:41 PM <JUNCTION> Start Menu [C:\Users\MPAgentUser\AppData\Roaming\Microsoft\Windows\Start Menu]

18/11/2009 03:41 PM <JUNCTION> Templates [C:\Users\MPAgentUser\AppData\Roaming\Microsoft\Windows\Templates]

0 File(s) 0 bytes

Directory of C:\Users\MPAgentUser\AppData\Local

18/11/2009 03:41 PM <JUNCTION> Application Data [C:\Users\MPAgentUser\AppData\Local]

18/11/2009 03:41 PM <JUNCTION> History [C:\Users\MPAgentUser\AppData\Local\Microsoft\Windows\History]

18/11/2009 03:41 PM <JUNCTION> Temporary Internet Files [C:\Users\MPAgentUser\AppData\Local\Microsoft\Windows\Temporary Internet Files]

0 File(s) 0 bytes

Directory of C:\Users\MPAgentUser\Documents

18/11/2009 03:41 PM <JUNCTION> My Music [C:\Users\MPAgentUser\Music]

18/11/2009 03:41 PM <JUNCTION> My Pictures [C:\Users\MPAgentUser\Pictures]

18/11/2009 03:41 PM <JUNCTION> My Videos [C:\Users\MPAgentUser\Videos]

0 File(s) 0 bytes

Directory of C:\Users\Public\Documents

14/07/2009 12:53 PM <JUNCTION> My Music [C:\Users\Public\Music]

14/07/2009 12:53 PM <JUNCTION> My Pictures [C:\Users\Public\Pictures]

14/07/2009 12:53 PM <JUNCTION> My Videos [C:\Users\Public\Videos]

0 File(s) 0 bytes

Total Files Listed:

0 File(s) 0 bytes

82 Dir(s) 122,442,596,352 bytes free

 

========== Alternate Data Streams ==========

 

@Alternate Data Stream - 129 bytes -> C:\ProgramData\Temp:5B811727

@Alternate Data Stream - 128 bytes -> C:\Windows:nlsPreferences

< End of report >


  • 0

#12
godawgs

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts

Thanks. Looks like the removal tool got most of it.

Step-1.

Program Uninstall

1. Please click the Start Orb 4f6cbd09-148c-4dd8-b1f2-48f232a2fd33_47., click Control Panel. Under the Programs or Programs and Features heading click Uninstall a program
2. In the list of programs installed, locate the following program(s):

Java™ 6 Update 17

3. Right click each program and click Uninstall
4. After the programs have been uninstalled, close the Installed Programs window and the Control Panel.
5. Reboot the computer.


Step-2.

otlicon.pngOTL Fix

Please close all open windows and browsers
Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

1. Please copy all of the text in the quote box below (Do Not copy the word Quote. To do this, highlight everything
inside the quote box (except the word Quote) , right click and click Copy.

:COMMANDS
[createrestorepoint]

:OTL
DRV - [2012/02/14 06:08:00 | 000,013,560 | ---- | M] (GFI Software) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\gfibto.sys -- (gfibto)
FF - HKLM\Software\MozillaPlugins\@softforum.com/npxwebplugins: File not found
FF - HKLM\Software\MozillaPlugins\@softforum.com/npxwebplugins_file: File not found
[2013/02/09 00:32:06 | 000,213,444 | ---- | M] () (No name found) -- C:\Users\A0033498\AppData\Roaming\mozilla\firefox\profiles\vwrpn3h1.default\extensions\[email protected]
[2012/01/12 16:58:30 | 000,917,816 | ---- | M] (BitComet) -- C:\Program Files\mozilla firefox\plugins\npBitCometAgent.dll
O16 - DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} http://www.caminova....le.aspx?lang=en (Reg Error: Key error.)
O16 - DPF: {B479199A-1242-4E3C-AD81-7F0DF801B4AE} http://download.micr...loadManager.cab (Reg Error: Key error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O33 - MountPoints2\{23dc31f1-c451-11df-9893-0025110a65b4}\Shell - "" = AutoRun
O33 - MountPoints2\{23dc31f1-c451-11df-9893-0025110a65b4}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O33 - MountPoints2\{619b8cd6-3baa-11e2-bdb2-0025110a65b4}\Shell - "" = AutoRun
O33 - MountPoints2\{619b8cd6-3baa-11e2-bdb2-0025110a65b4}\Shell\AutoRun\command - "" = G:\INSTALL\READER\ACRORD32.EXE PDF/MAIN.PDF
O33 - MountPoints2\{bd425607-b105-11df-bd45-0025110a65b4}\Shell - "" = AutoRun
O33 - MountPoints2\{bd425607-b105-11df-bd45-0025110a65b4}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
[2014/04/19 00:56:06 | 000,044,424 | ---- | C] (GFI Software) -- C:\Windows\System32\sbbd.exe
[2014/04/19 00:56:06 | 000,013,560 | ---- | C] (GFI Software) -- C:\Windows\System32\drivers\gfibto.sys
[2014/04/19 00:55:53 | 000,000,000 | ---D | C] -- C:\Users\A0033498\AppData\Roaming\VIPRE
[2014/04/19 00:55:53 | 000,000,000 | ---D | C] -- C:\Users\A0033498\AppData\Local\VIPRE
[2013/02/18 19:23:54 | 000,000,000 | ---D | M] -- C:\Users\A0033498\AppData\Roaming\BitComet

:FILES
ipconfig /flushdns /c
netsh advfirewall reset /c
netsh advfirewall set allprofiles state ON /c

:COMMANDS
[emptytemp]

Warning: This fix is relevant for this system and no other. If you are not this user, DO NOT follow these directions as they could damage the workings of your system.

2. Please re-open otlicon.png on your desktop. To do that:

  • Vista and 7 users: Right click the icon and click Run as Administrator

3. Place the mouse pointer inside the customFix.png textbox, right click and click Paste. This will put the above script inside the textbox.
4. Click the runFixbutton.png button.
5. Let the program run unhindered.
6. OTL may ask to reboot the machine. Please do so if asked.
7. Click the btnOK.png button.
8. A report will open. Copy and Paste that report in your next reply.
9. If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, (where mmddyyyy_hhmmss is the date of the tool run).


Step-3.

AdwCleaner by Xplode

Download AdwCleaner. Click here and then click the Download Now @ BleepingComputer button. Save the file to the desktop.

NOTE: If you are using IE 8 or above you may get a warning that stops the program from downloading. Just click on the warning and allow the download to complete.
Close all open windows and browsers.

  • Right click the AdwCleaner icon RightClickonAdwCleanerIcon.jpg on the desktop, click Run as administrator and accept the UAC prompt to run AdwCleaner.

    adwcleaner-start.jpg
     
  • Click the Scan button and wait for the scan to finish.
  • After the Scan has finished the window may or may not show what it found and above the progress bar you will see Pending. Please uncheck elements you don't want to remove. Please don't delete anything at this time.
  • Click the Report button to get the log.
  • Copy and Paste it into your next reply. This report is also saved to C:\AdwCleaner\AdwCleaner[R0].txt.
  • Click the X in the upper right corner of the program or click the File menu and click Exit to close the program.

NOTE: If you see AVG Secure Search being targeted for deletion, Here's Why and Here. You can always Reinstall it.


Step-4.

Run Farbar Service Scanner

Please download Farbar Service Scanner to the desktop.

  • Right click the FSS.exe file, click Run as Administrator and OK any UAC prompts.

    fss1.jpg
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
    • Windows Defender
    • Other Services
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.

 

 

Step-5.

Re-Run Fabar Recovery Scan

Close all open Windows and browsers

  • Right click the FRST.exe file and click Run as Administrator to run the tool.
  • When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

 

Things For Your Next Post:
Please post the logs in the order requested. Please don't attach the logs unless I request it.
1. The OTL fixes log
2. The AdwCleaner[R0].txt log
3. The FSS.txt log
4. The new FRST.txt log


  • 0

#13
adai2020

adai2020

    Member

  • Topic Starter
  • Member
  • PipPip
  • 66 posts

Dear godawgs,

 

While the OTL was running the fix at Step 2. 5. Let the program run unhindered, OTL gave me the following pop-up error window:
 

     OTL

     Cannot create file C:\users\A0033498\Desktop\cmd.bat.

 

At the time of the above error, the custom scans/fixes textbox showed the following entries (other entries were automatically removed by OTL during the run)

 

     netsh advfirewall reset /c

     netsh advfirewall set allprofiles state ON /c

 

     :COMMANDS

     [emptytemp]

 

At the time of the above error, the status bar at the bottom of the OTL window showed the following

 

     Processing [2013/02/18 19:23:54 | 000,000,000 | ---D | M] --c:\users\A0033498\AppData\Roaming\BitComet ...

 

I assume the OTL fix stopped midway once the error popped up, forcing me to simply restart the computer. Should I continue with the remainder of the steps and post the required logs ?


  • 0

#14
godawgs

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts

Yes, please. Continue with the other steps. Post those logs and also look in  C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, (where mmddyyyy_hhmmss is the date of the tool run) for a log file like the one shown above and if you find one post it also as it will be the fixes log from the OTL run.


  • 0

#15
adai2020

adai2020

    Member

  • Topic Starter
  • Member
  • PipPip
  • 66 posts

Dear godawgs,

 

All steps were performed successfully except the OTL run which stopped midway and I could not find the OTL log file.

 

AdwCleaner Log

 

# AdwCleaner v3.205 - Report created 02/05/2014 at 16:25:36

# Updated 28/04/2014 by Xplode

# Operating System : Windows 7 Enterprise (32 bits)

# Username : a0033498 - U715025-PC

# Running from : C:\Users\A0033498\Desktop\AdwCleaner.exe

# Option : Scan

***** [ Services ] *****

 

***** [ Files / Folders ] *****

 

***** [ Shortcuts ] *****

 

***** [ Registry ] *****

Key Found : HKCU\Software\RegisteredApplicationsEx

Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3152E1F19977892449DC968802CE8964

***** [ Browsers ] *****

-\\ Internet Explorer v8.0.7600.17267

 

-\\ Mozilla Firefox v4.0.1 (en-GB)

-\\ Google Chrome v

[ File : C:\Users\A0033498\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Found [Search Provider] : hxxp://feed.snap.do/?publisher=ShoppingHelper&dpid=RY_638&co=SG&userid=eaea6202-fd19-c776-c433-759de74b7e4d&searchtype=ds&q={searchTerms}&installDate=16/02/2014

Found [Search Provider] : hxxp://www.veoh.com/find/?query={searchTerms}

Found [Search Provider] : hxxp://websearch.webisgreat.info/?l=1&q={searchTerms}&pid=2146&r=2014/02/17&hid=17486583733120035179&lg=EN&cc=SG&unqvl=48

[ File : C:\Users\A0033498\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Found [Search Provider] : hxxp://feed.snap.do/?publisher=ShoppingHelper&dpid=RY_638&co=SG&userid=eaea6202-fd19-c776-c433-759de74b7e4d&searchtype=ds&q={searchTerms}&installDate=16/02/2014

Found [Search Provider] : hxxp://www.veoh.com/find/?query={searchTerms}

Found [Search Provider] : hxxp://websearch.webisgreat.info/?l=1&q={searchTerms}&pid=2146&r=2014/02/17&hid=17486583733120035179&lg=EN&cc=SG&unqvl=48

[ File : C:\Users\A0033498\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Found [Search Provider] : hxxp://feed.snap.do/?publisher=ShoppingHelper&dpid=RY_638&co=SG&userid=eaea6202-fd19-c776-c433-759de74b7e4d&searchtype=ds&q={searchTerms}&installDate=16/02/2014

Found [Search Provider] : hxxp://www.veoh.com/find/?query={searchTerms}

Found [Search Provider] : hxxp://websearch.webisgreat.info/?l=1&q={searchTerms}&pid=2146&r=2014/02/17&hid=17486583733120035179&lg=EN&cc=SG&unqvl=48

[ File : C:\Users\A0033498\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Found [Search Provider] : hxxp://feed.snap.do/?publisher=ShoppingHelper&dpid=RY_638&co=SG&userid=eaea6202-fd19-c776-c433-759de74b7e4d&searchtype=ds&q={searchTerms}&installDate=16/02/2014

Found [Search Provider] : hxxp://www.veoh.com/find/?query={searchTerms}

Found [Search Provider] : hxxp://websearch.webisgreat.info/?l=1&q={searchTerms}&pid=2146&r=2014/02/17&hid=17486583733120035179&lg=EN&cc=SG&unqvl=48

[ File : C:\Users\A0033498\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Found [Search Provider] : hxxp://feed.snap.do/?publisher=ShoppingHelper&dpid=RY_638&co=SG&userid=eaea6202-fd19-c776-c433-759de74b7e4d&searchtype=ds&q={searchTerms}&installDate=16/02/2014

Found [Search Provider] : hxxp://www.veoh.com/find/?query={searchTerms}

Found [Search Provider] : hxxp://websearch.webisgreat.info/?l=1&q={searchTerms}&pid=2146&r=2014/02/17&hid=17486583733120035179&lg=EN&cc=SG&unqvl=48

[ File : C:\Users\A0033498\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Found [Search Provider] : hxxp://feed.snap.do/?publisher=ShoppingHelper&dpid=RY_638&co=SG&userid=eaea6202-fd19-c776-c433-759de74b7e4d&searchtype=ds&q={searchTerms}&installDate=16/02/2014

Found [Search Provider] : hxxp://www.veoh.com/find/?query={searchTerms}

Found [Search Provider] : hxxp://websearch.webisgreat.info/?l=1&q={searchTerms}&pid=2146&r=2014/02/17&hid=17486583733120035179&lg=EN&cc=SG&unqvl=48

[ File : C:\Users\A0033498\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Found [Search Provider] : hxxp://feed.snap.do/?publisher=ShoppingHelper&dpid=RY_638&co=SG&userid=eaea6202-fd19-c776-c433-759de74b7e4d&searchtype=ds&q={searchTerms}&installDate=16/02/2014

Found [Search Provider] : hxxp://www.veoh.com/find/?query={searchTerms}

Found [Search Provider] : hxxp://websearch.webisgreat.info/?l=1&q={searchTerms}&pid=2146&r=2014/02/17&hid=17486583733120035179&lg=EN&cc=SG&unqvl=48

[ File : C:\Users\A0033498\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Found [Search Provider] : hxxp://feed.snap.do/?publisher=ShoppingHelper&dpid=RY_638&co=SG&userid=eaea6202-fd19-c776-c433-759de74b7e4d&searchtype=ds&q={searchTerms}&installDate=16/02/2014

Found [Search Provider] : hxxp://www.veoh.com/find/?query={searchTerms}

Found [Search Provider] : hxxp://websearch.webisgreat.info/?l=1&q={searchTerms}&pid=2146&r=2014/02/17&hid=17486583733120035179&lg=EN&cc=SG&unqvl=48

[ File : C:\Users\A0033498\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Found [Search Provider] : hxxp://feed.snap.do/?publisher=ShoppingHelper&dpid=RY_638&co=SG&userid=eaea6202-fd19-c776-c433-759de74b7e4d&searchtype=ds&q={searchTerms}&installDate=16/02/2014

Found [Search Provider] : hxxp://www.veoh.com/find/?query={searchTerms}

Found [Search Provider] : hxxp://websearch.webisgreat.info/?l=1&q={searchTerms}&pid=2146&r=2014/02/17&hid=17486583733120035179&lg=EN&cc=SG&unqvl=48

[ File : C:\Users\A0033498\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Found [Search Provider] : hxxp://feed.snap.do/?publisher=ShoppingHelper&dpid=RY_638&co=SG&userid=eaea6202-fd19-c776-c433-759de74b7e4d&searchtype=ds&q={searchTerms}&installDate=16/02/2014

Found [Search Provider] : hxxp://www.veoh.com/find/?query={searchTerms}

Found [Search Provider] : hxxp://websearch.webisgreat.info/?l=1&q={searchTerms}&pid=2146&r=2014/02/17&hid=17486583733120035179&lg=EN&cc=SG&unqvl=48

[ File : C:\Users\A0033498\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Found [Search Provider] : hxxp://feed.snap.do/?publisher=ShoppingHelper&dpid=RY_638&co=SG&userid=eaea6202-fd19-c776-c433-759de74b7e4d&searchtype=ds&q={searchTerms}&installDate=16/02/2014

Found [Search Provider] : hxxp://www.veoh.com/find/?query={searchTerms}

Found [Search Provider] : hxxp://websearch.webisgreat.info/?l=1&q={searchTerms}&pid=2146&r=2014/02/17&hid=17486583733120035179&lg=EN&cc=SG&unqvl=48

[ File : C:\Users\A0033498\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Found [Search Provider] : hxxp://feed.snap.do/?publisher=ShoppingHelper&dpid=RY_638&co=SG&userid=eaea6202-fd19-c776-c433-759de74b7e4d&searchtype=ds&q={searchTerms}&installDate=16/02/2014

Found [Search Provider] : hxxp://www.veoh.com/find/?query={searchTerms}

Found [Search Provider] : hxxp://websearch.webisgreat.info/?l=1&q={searchTerms}&pid=2146&r=2014/02/17&hid=17486583733120035179&lg=EN&cc=SG&unqvl=48

[ File : C:\Users\A0033498\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Found [Search Provider] : hxxp://feed.snap.do/?publisher=ShoppingHelper&dpid=RY_638&co=SG&userid=eaea6202-fd19-c776-c433-759de74b7e4d&searchtype=ds&q={searchTerms}&installDate=16/02/2014

Found [Search Provider] : hxxp://www.veoh.com/find/?query={searchTerms}

Found [Search Provider] : hxxp://websearch.webisgreat.info/?l=1&q={searchTerms}&pid=2146&r=2014/02/17&hid=17486583733120035179&lg=EN&cc=SG&unqvl=48

[ File : C:\Users\A0033498\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Found [Search Provider] : hxxp://feed.snap.do/?publisher=ShoppingHelper&dpid=RY_638&co=SG&userid=eaea6202-fd19-c776-c433-759de74b7e4d&searchtype=ds&q={searchTerms}&installDate=16/02/2014

Found [Search Provider] : hxxp://www.veoh.com/find/?query={searchTerms}

Found [Search Provider] : hxxp://websearch.webisgreat.info/?l=1&q={searchTerms}&pid=2146&r=2014/02/17&hid=17486583733120035179&lg=EN&cc=SG&unqvl=48

*************************

AdwCleaner[R0].txt - [9549 octets] - [18/04/2014 22:10:18]

AdwCleaner[S0].txt - [8412 octets] - [18/04/2014 22:15:36]

AdwCleaner[R1].txt - [987 octets] - [18/04/2014 22:34:06]

AdwCleaner[S1].txt - [1047 octets] - [18/04/2014 22:34:33]

AdwCleaner[R2].txt - [1107 octets] - [19/04/2014 02:27:38]

AdwCleaner[R3].txt - [8061 octets] - [02/05/2014 16:25:37]

########## EOF - H:\AdwCleaner\AdwCleaner[R3].txt - [8121 octets] ##########

 

FSS Log

 

Farbar Service Scanner Version: 25-02-2014

Ran by a0033498 (administrator) on 02-05-2014 at 16:31:03

Running from "C:\Users\A0033498\Desktop"

Microsoft Windows 7 Enterprise (X86)

Boot Mode: Normal

****************************************************************

Internet Services:

============

Connection Status:

==============

Localhost is accessible.

LAN connected.

Google IP is accessible.

Google.com is accessible.

Yahoo.com is accessible.

 

Windows Firewall:

=============

Firewall Disabled Policy:

==================

 

System Restore:

============

System Restore Disabled Policy:

========================

 

Action Center:

============

 

Windows Update:

============

BITS Service is not running. Checking service configuration:

The start type of BITS service is set to Demand. The default start type is Auto.

The ImagePath of BITS service is OK.

The ServiceDll of BITS service is OK.

EventSystem Service is not running. Checking service configuration:

The start type of EventSystem service is set to Disabled. The default start type is Auto.

The ImagePath of EventSystem service is OK.

The ServiceDll of EventSystem service is OK.

 

Windows Autoupdate Disabled Policy:

============================

 

Windows Defender:

==============

Other Services:

==============

 

File Check:

========

C:\Windows\system32\nsisvc.dll => MD5 is legit

C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit

C:\Windows\system32\dhcpcore.dll => MD5 is legit

C:\Windows\system32\Drivers\afd.sys => MD5 is legit

C:\Windows\system32\Drivers\tdx.sys => MD5 is legit

C:\Windows\system32\Drivers\tcpip.sys

[2013-02-14 01:18] - [2013-01-04 12:55] - 1287528 ____A (Microsoft Corporation) BBCEAEFF1FD72A026F827CBB2F4AA8AD

C:\Windows\system32\dnsrslvr.dll => MD5 is legit

C:\Windows\system32\mpssvc.dll => MD5 is legit

C:\Windows\system32\bfe.dll => MD5 is legit

C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit

C:\Windows\system32\SDRSVC.dll => MD5 is legit

C:\Windows\system32\vssvc.exe => MD5 is legit

C:\Windows\system32\wscsvc.dll => MD5 is legit

C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit

C:\Windows\system32\wuaueng.dll => MD5 is legit

C:\Windows\system32\qmgr.dll => MD5 is legit

C:\Windows\system32\es.dll => MD5 is legit

C:\Windows\system32\cryptsvc.dll

[2012-10-10 15:23] - [2012-06-02 12:45] - 0139264 ____A (Microsoft Corporation) F2FDE6C8DBAAD44CC58D1E07E4AF4EED

C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit

C:\Windows\system32\ipnathlp.dll => MD5 is legit

C:\Windows\system32\iphlpsvc.dll => MD5 is legit

C:\Windows\system32\svchost.exe => MD5 is legit

C:\Windows\system32\rpcss.dll => MD5 is legit

 

**** End of log ****

 

FRST Log   

      

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:01-05-2014

Ran by a0033498 (administrator) on U715025-PC on 02-05-2014 16:34:02

Running from C:\Users\A0033498\Desktop

Microsoft Windows 7 Enterprise (X86) OS Language: English(US)

Internet Explorer Version 8

Boot Mode: Normal

The only official download link for FRST:

Download link for 32-Bit version: http://www.bleepingc...can-tool/dl/81/

Download link for 64-Bit Version: http://www.bleepingc...can-tool/dl/82/

Download link from any site other than Bleeping Computer is unpermitted or outdated.

See tutorial for FRST: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe

(Intel Corporation) C:\Program Files\Intel\AMT\LMS.exe

(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe

(Trend Micro Inc.) C:\Program Files\Trend Micro\OfficeScan Client\NTRtScan.exe

(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE

(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE

(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe

(Trend Micro Inc.) C:\Program Files\Trend Micro\OfficeScan Client\TmListen.exe

(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE

(Trend Micro Inc.) C:\Program Files\Trend Micro\OfficeScan Client\CNTAoSMgr.exe

(Trend Micro Inc.) C:\Program Files\Trend Micro\OfficeScan Client\PccNTMon.exe

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe

(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe

(Google Inc.) C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe

(Dropbox, Inc.) C:\Users\A0033498\AppData\Roaming\Dropbox\bin\Dropbox.exe

(Trend Micro Inc.) C:\Program Files\Trend Micro\BM\TMBMSRV.exe

(Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe

(Microsoft Corporation) C:\Windows\System32\LogonUI.exe

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe

(Microsoft Corporation) C:\Windows\System32\rdpclip.exe

 

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [] => [X]

HKLM\...\Run: [OfficeScanNT Monitor] => C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe [1105744 2011-08-29] (Trend Micro Inc.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [7625248 2009-07-20] (Realtek Semiconductor)

HKLM\...\Run: [SunJavaUpdateSched] => "C:\Program Files\Java\jre7\bin\jusched.exe"

HKU\S-1-5-21-1086020445-1760312889-1512734326-400438\...\Run: [swg] => C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2012-08-12] (Google Inc.)

HKU\S-1-5-21-1086020445-1760312889-1512734326-400438\...\Run: [Google Update] => C:\Users\A0033498\AppData\Local\Google\Update\GoogleUpdate.exe [136176 2010-08-30] (Google Inc.)

HKU\S-1-5-21-1086020445-1760312889-1512734326-400438\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [20922016 2014-02-10] (Skype Technologies S.A.)

Startup: C:\Users\A0033498\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk

ShortcutTarget: Dropbox.lnk -> C:\Users\A0033498\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

GroupPolicy: Group Policy on Chrome detected <======= ATTENTION

==================== Internet (Whitelisted) ====================

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

SearchScopes: HKLM - DefaultScope value is missing.

SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =

BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\Adobe Contribute CS5.1\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.)

BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)

BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)

BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)

BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.9012.1008\swg.dll (Google Inc.)

BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)

BHO: SmartSelect Class - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

Toolbar: HKLM - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

Toolbar: HKLM - Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\Adobe Contribute CS5.1\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.)

Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

Toolbar: HKCU - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.micros...n/ieawsdc32.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab

DPF: {CAFEEFAC-0017-0000-0051-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab

Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)

Tcpip\Parameters: [DhcpNameServer] 137.132.0.252 137.132.0.254

FireFox:

========

FF ProfilePath: C:\Users\A0033498\AppData\Roaming\Mozilla\Firefox\Profiles\vwrpn3h1.default

FF Homepage: www.google.com

FF SelectedSearchEngine: Google

FF NewTab: about:blank

FF DefaultSearchEngine: Google

FF DefaultSearchEngine: Google

FF SelectedSearchEngine: Google

FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_12_0_0_70.dll ()

FF Plugin: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)

FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)

FF Plugin: @java.com/DTPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)

FF Plugin: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF Plugin: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 - C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)

FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)

FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF Plugin: @microsoft.com/OfficeLive,version=1.4 - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)

FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)

FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF Plugin: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF Plugin: @microsoft.com/WLPG,version=16.4.3505.0912 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF Plugin: @real.com/nppl3260;version=6.0.12.450 - C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)

FF Plugin: @real.com/nprjplug;version=1.0.3.448 - C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)

FF Plugin: @real.com/nprpjplug;version=6.0.12.448 - C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)

FF Plugin: @softforum.com/npKeyPro - C:\Windows\system32\npKeyPro.dll (SoftForum Co., Ltd.)

FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)

FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)

FF Plugin: @wolfram.com/Mathematica - C:\Program Files\Common Files\Wolfram Research\Browser\8.0.4.2615434\npmathplugin.dll (Wolfram Research, Inc.)

FF Plugin: Adobe Acrobat - C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)

FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\A0033498\AppData\Local\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)

FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\A0033498\AppData\Local\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFF12.DLL (Microsoft Corporation)

FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)

FF Extension: Zotero - C:\Users\A0033498\AppData\Roaming\Mozilla\Firefox\Profiles\vwrpn3h1.default\Extensions\[email protected] [2011-05-15]

FF Extension: Zotero WinWord Integration - C:\Users\A0033498\AppData\Roaming\Mozilla\Firefox\Profiles\vwrpn3h1.default\Extensions\[email protected] [2011-05-15]

FF HKLM\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\Program Files\Real\RealPlayer\browserrecord\firefox\ext

FF Extension: RealPlayer Browser Record Plugin - C:\Program Files\Real\RealPlayer\browserrecord\firefox\ext [2009-11-18]

FF HKLM\...\Firefox\Extensions: [{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}] - C:\Program Files\Adobe\Adobe Contribute CS5.1\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}

FF Extension: Adobe Contribute Toolbar - C:\Program Files\Adobe\Adobe Contribute CS5.1\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9} [2012-06-06]

FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn

FF Extension: Adobe Acrobat - Create PDF - C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2012-06-06]

Chrome:

=======

CHR DefaultSearchKeyword: google.com.sg

CHR Extension: (Google Docs) - C:\Users\A0033498\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-04-25]

CHR Extension: (Google Drive) - C:\Users\A0033498\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-04-25]

CHR Extension: (YouTube) - C:\Users\A0033498\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-04-25]

CHR Extension: (Google Search) - C:\Users\A0033498\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-04-25]

CHR Extension: (Google Wallet) - C:\Users\A0033498\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-04-25]

CHR Extension: (Gmail) - C:\Users\A0033498\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-04-25]

CHR StartMenuInternet: Google Chrome - C:\Users\A0033498\AppData\Local\Google\Chrome\Application\chrome.exe

CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

========================== Services (Whitelisted) =================

S4 AeXNSClient; C:\Program Files\Altiris\Altiris Agent\AeXNSAgent.exe [1548088 2013-05-06] (Symantec Corporation)

S4 AltirisAgentProvider; C:\Program Files\Altiris\Altiris Agent\Agents\WMIProviderAgent\AltirisAgentProvider.exe [408888 2013-05-06] (Symantec Corporation)

S4 mpagent; C:\Program Files\United Devices\mpagent\MPAGENT.EXE [1198080 2007-01-31] (United Devices, Inc.)

S4 nPStarterSVC; C:\Windows\system32\nPStarterSVC.exe [250145 2010-07-19] (INCA Internet Co., Ltd.)

R2 ntrtscan; C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe [1900904 2011-08-26] (Trend Micro Inc.)

R3 TMBMServer; C:\Program Files\Trend Micro\BM\TMBMSRV.exe [345616 2011-06-16] (Trend Micro Inc.)

R2 tmlisten; C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe [1828032 2011-08-26] (Trend Micro Inc.)

S3 TmProxy; C:\Program Files\Trend Micro\OfficeScan Client\TmProxy.exe [689680 2011-04-15] (Trend Micro Inc.)

S4 UNS; C:\Program Files\Common Files\Intel\Privacy Icon\UNS\UNS.exe [2066968 2009-07-21] (Intel Corporation)

S4 urtclientservice; C:\Windows\System32\urtclsvc.exe [118784 2002-10-04] ()

==================== Drivers (Whitelisted) ====================

S3 JRSKD24; C:\Windows\system32\JRSKD24.SYS [21432 2010-07-19] (SoftForum Corporation)

R3 JRSUKD25; C:\Windows\system32\JRSUKD25.SYS [12728 2010-07-19] (SoftForum Corporation)

S3 kcrtx86; C:\Windows\system32\kcrtx86.sys [126048 2010-07-19] (Kings Information & Network)

S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [107736 2014-04-26] (Malwarebytes Corporation)

S3 NPIDS; C:\Windows\system32\NpIdsVt.sys [47712 2010-05-13] (INCA Internet Co., Ltd.)

S3 RDPDISPM; C:\Windows\System32\DRIVERS\rdpdispm.sys [15488 2010-09-22] (Microsoft Corporation)

R2 tmactmon; C:\Windows\System32\DRIVERS\tmactmon.sys [68368 2011-07-20] (Trend Micro Inc.)

R2 tmcomm; C:\Windows\System32\DRIVERS\tmcomm.sys [263072 2013-09-02] (Trend Micro Inc.)

R2 tmevtmgr; C:\Windows\System32\DRIVERS\tmevtmgr.sys [59152 2011-07-20] (Trend Micro Inc.)

R2 TmFilter; C:\Program Files\Trend Micro\OfficeScan Client\TmXPFlt.sys [263968 2013-08-14] (Trend Micro Inc.)

R2 TmPreFilter; C:\Program Files\Trend Micro\OfficeScan Client\TmPreFlt.sys [36128 2013-08-14] (Trend Micro Inc.)

R1 tmtdi; C:\Windows\System32\DRIVERS\tmtdi.sys [90448 2010-12-07] (Trend Micro Inc.)

R2 VSApiNt; C:\Program Files\Trend Micro\OfficeScan Client\VSApiNt.sys [1517600 2013-08-14] (Trend Micro Inc.)

S2 adfs; No ImagePath

S3 dsNcAdpt; system32\DRIVERS\dsNcAdpt.sys [X]

S3 lmimirr; system32\DRIVERS\lmimirr.sys [X]

S3 NVHDA; system32\drivers\nvhda32v.sys [X]

==================== NetSvcs (Whitelisted) ===================

 

==================== One Month Created Files and Folders ========

2014-05-02 16:34 - 2014-05-02 16:34 - 00015669 _____ () C:\Users\A0033498\Desktop\FRST.txt

2014-05-02 16:33 - 2014-05-02 16:33 - 00000000 ____D () C:\Users\A0033498\Desktop\FRST-OlderVersion

2014-05-02 16:31 - 2014-05-02 16:31 - 00002748 _____ () C:\Users\A0033498\Desktop\FSS.txt

2014-05-02 16:29 - 2014-05-02 16:29 - 00409600 _____ (Farbar) C:\Users\A0033498\Desktop\FSS.exe

2014-05-02 16:28 - 2014-05-02 16:28 - 00008201 _____ () C:\Users\A0033498\Desktop\AdwCleaner[R3].txt

2014-05-02 16:26 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\system32\sqlite3.dll

2014-05-02 16:23 - 2014-05-02 16:23 - 01310621 _____ () C:\Users\A0033498\Desktop\AdwCleaner.exe

2014-05-01 17:35 - 2014-05-01 17:35 - 00000000 ____D () C:\_OTL

2014-05-01 00:30 - 2014-05-01 00:30 - 00602112 _____ (OldTimer Tools) C:\Users\A0033498\Desktop\OTL.exe

2014-04-30 19:20 - 2014-04-30 19:20 - 00001398 _____ () C:\Windows\PFRO.log

2014-04-30 18:41 - 2014-05-01 18:51 - 00000224 _____ () C:\Windows\setupact.log

2014-04-30 18:41 - 2014-04-30 18:41 - 00000000 _____ () C:\Windows\setuperr.log

2014-04-29 23:19 - 2014-04-29 23:19 - 00000193 _____ () C:\Windows\WORDPAD.INI

2014-04-29 21:18 - 2014-05-02 16:34 - 00000000 ____D () C:\FRST

2014-04-29 21:09 - 2014-05-02 16:33 - 01050624 _____ (Farbar) C:\Users\A0033498\Desktop\FRST.exe

2014-04-24 20:41 - 2014-04-24 20:41 - 00000000 ____D () C:\Users\A0033498\AppData\Local\Skype

2014-04-24 20:40 - 2014-04-24 20:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype

2014-04-24 20:40 - 2014-04-24 20:40 - 00000000 ____D () C:\Program Files\Common Files\Skype

2014-04-24 20:07 - 2014-04-24 20:07 - 00000000 ____D () C:\Windows\ERUNT

2014-04-20 22:44 - 2014-04-23 14:25 - 00000000 ____D () C:\Users\A0033498\AppData\Local\CrashDumps

2014-04-18 22:26 - 2014-04-18 22:26 - 00000000 ____D () C:\Windows\erdnt

2014-04-18 22:25 - 2014-04-26 17:29 - 00000000 ___SD () C:\32788R22FWJFW

2014-04-12 23:48 - 2014-04-26 23:24 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys

2014-04-12 23:48 - 2014-04-12 23:48 - 00000000 ____D () C:\ProgramData\Malwarebytes

2014-04-12 20:24 - 2014-04-12 20:24 - 00332728 _____ () C:\Users\A0033498\AppData\Local\census.cache

2014-04-12 20:24 - 2014-04-12 20:24 - 00121676 _____ () C:\Users\A0033498\AppData\Local\ars.cache

2014-04-12 20:12 - 2014-04-12 20:12 - 00000010 _____ () C:\Users\A0033498\AppData\Local\sponge.last.runtime.cache

2014-04-12 20:05 - 2014-04-12 20:29 - 00000036 _____ () C:\Users\A0033498\AppData\Local\housecall.guid.cache

2014-04-12 14:54 - 2014-04-12 14:54 - 00000000 ____D () C:\Program Files\Aurora

2014-04-12 14:50 - 2014-05-02 13:00 - 00615346 _____ () C:\Windows\WindowsUpdate.log

2014-04-12 14:40 - 2014-04-12 14:40 - 00000000 ____D () C:\Users\A0033498\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Aurora

2014-04-12 14:40 - 2014-04-12 14:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Aurora

==================== One Month Modified Files and Folders =======

2014-05-02 16:34 - 2014-05-02 16:34 - 00015669 _____ () C:\Users\A0033498\Desktop\FRST.txt

2014-05-02 16:34 - 2014-04-29 21:18 - 00000000 ____D () C:\FRST

2014-05-02 16:33 - 2014-05-02 16:33 - 00000000 ____D () C:\Users\A0033498\Desktop\FRST-OlderVersion

2014-05-02 16:33 - 2014-04-29 21:09 - 01050624 _____ (Farbar) C:\Users\A0033498\Desktop\FRST.exe

2014-05-02 16:31 - 2014-05-02 16:31 - 00002748 _____ () C:\Users\A0033498\Desktop\FSS.txt

2014-05-02 16:29 - 2014-05-02 16:29 - 00409600 _____ (Farbar) C:\Users\A0033498\Desktop\FSS.exe

2014-05-02 16:28 - 2014-05-02 16:28 - 00008201 _____ () C:\Users\A0033498\Desktop\AdwCleaner[R3].txt

2014-05-02 16:23 - 2014-05-02 16:23 - 01310621 _____ () C:\Users\A0033498\Desktop\AdwCleaner.exe

2014-05-02 16:09 - 2010-08-30 16:34 - 00000920 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1086020445-1760312889-1512734326-400438UA.job

2014-05-02 16:04 - 2012-08-12 17:15 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job

2014-05-02 16:04 - 2010-08-15 17:21 - 00000000 ____D () C:\Users\A0033498\AppData\Roaming\Skype

2014-05-02 15:59 - 2012-08-12 17:15 - 00000890 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2014-05-02 15:42 - 2009-11-18 15:05 - 10135422 _____ () C:\Windows\system32\TmInstall.log

2014-05-02 15:42 - 2009-11-18 15:05 - 00008966 _____ () C:\Windows\cfgall.ini

2014-05-02 14:58 - 2009-11-18 14:47 - 00004712 _____ () C:\Windows\system32\config\netlogon.ftl

2014-05-02 13:00 - 2014-04-12 14:50 - 00615346 _____ () C:\Windows\WindowsUpdate.log

2014-05-02 03:59 - 2012-08-12 17:15 - 00000886 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2014-05-01 23:09 - 2010-08-30 16:34 - 00000868 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1086020445-1760312889-1512734326-400438Core.job

2014-05-01 20:59 - 2009-07-14 12:34 - 00012048 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2014-05-01 20:59 - 2009-07-14 12:34 - 00012048 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2014-05-01 18:55 - 2009-11-18 17:41 - 00458038 _____ () C:\Windows\system32\perfh011.dat

2014-05-01 18:55 - 2009-11-18 17:41 - 00137914 _____ () C:\Windows\system32\perfc011.dat

2014-05-01 18:55 - 2009-11-18 13:29 - 00440440 _____ () C:\Windows\system32\prfh0804.dat

2014-05-01 18:55 - 2009-11-18 13:29 - 00143148 _____ () C:\Windows\system32\prfc0804.dat

2014-05-01 18:55 - 2009-11-18 12:42 - 03823894 _____ () C:\Windows\system32\PerfStringBackup.INI

2014-05-01 18:52 - 2010-08-12 13:31 - 00000000 ___RD () C:\Users\A0033498\Desktop\My Dropbox

2014-05-01 18:52 - 2010-08-12 13:29 - 00000000 ____D () C:\Users\A0033498\AppData\Roaming\Dropbox

2014-05-01 18:51 - 2014-04-30 18:41 - 00000224 _____ () C:\Windows\setupact.log

2014-05-01 18:51 - 2009-07-14 12:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT

2014-05-01 17:35 - 2014-05-01 17:35 - 00000000 ____D () C:\_OTL

2014-05-01 00:30 - 2014-05-01 00:30 - 00602112 _____ (OldTimer Tools) C:\Users\A0033498\Desktop\OTL.exe

2014-04-30 20:23 - 2013-11-22 15:38 - 00000000 ____D () C:\Users\A0033498\Desktop\Resume

2014-04-30 19:53 - 2012-02-26 16:20 - 05243071 _____ () C:\Users\A0033498\AppData\Local\OfflineVaultPH.log

2014-04-30 19:20 - 2014-04-30 19:20 - 00001398 _____ () C:\Windows\PFRO.log

2014-04-30 18:41 - 2014-04-30 18:41 - 00000000 _____ () C:\Windows\setuperr.log

2014-04-29 23:19 - 2014-04-29 23:19 - 00000193 _____ () C:\Windows\WORDPAD.INI

2014-04-26 23:49 - 2010-09-08 00:06 - 00000000 ____D () C:\Users\A0033498\Desktop\NUS Graduate Affairs

2014-04-26 23:24 - 2014-04-12 23:48 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys

2014-04-26 17:29 - 2014-04-18 22:25 - 00000000 ___SD () C:\32788R22FWJFW

2014-04-25 21:59 - 2014-03-11 00:53 - 00000000 ____D () C:\Users\A0033498\Desktop\Visio diagrams

2014-04-25 20:51 - 2009-11-18 14:49 - 00011757 __RSH () C:\ProgramData\ntuser.pol

2014-04-25 00:08 - 2010-08-17 10:55 - 00000180 _____ () C:\Windows\hpbafd.ini

2014-04-24 20:41 - 2014-04-24 20:41 - 00000000 ____D () C:\Users\A0033498\AppData\Local\Skype

2014-04-24 20:41 - 2010-08-15 17:20 - 00000000 ____D () C:\ProgramData\Skype

2014-04-24 20:40 - 2014-04-24 20:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype

2014-04-24 20:40 - 2014-04-24 20:40 - 00000000 ____D () C:\Program Files\Common Files\Skype

2014-04-24 20:40 - 2010-08-15 17:20 - 00000000 ___RD () C:\Program Files\Skype

2014-04-24 20:12 - 2010-08-10 15:49 - 00001000 __RSH () C:\Users\A0033498\ntuser.pol

2014-04-24 20:12 - 2010-08-10 15:49 - 00000000 ____D () C:\Users\A0033498

2014-04-24 20:07 - 2014-04-24 20:07 - 00000000 ____D () C:\Windows\ERUNT

2014-04-24 19:31 - 2009-11-18 16:10 - 00000000 ____D () C:\Program Files\Adobe

2014-04-23 14:25 - 2014-04-20 22:44 - 00000000 ____D () C:\Users\A0033498\AppData\Local\CrashDumps

2014-04-20 13:58 - 2011-04-16 13:04 - 00000000 ____D () C:\Users\A0033498\Desktop\OriginLab85 User Files

2014-04-19 16:53 - 2010-10-01 18:06 - 00000000 ____D () C:\Users\A0033498\AppData\Local\Windows Live

2014-04-18 22:26 - 2014-04-18 22:26 - 00000000 ____D () C:\Windows\erdnt

2014-04-15 18:21 - 2010-09-20 12:51 - 00000000 ____D () C:\Users\A0033498\Documents\EndNote X4

2014-04-13 00:32 - 2009-11-18 17:25 - 00000000 ____D () C:\Program Files\Microsoft Silverlight

2014-04-13 00:32 - 2009-07-14 12:33 - 03970104 _____ () C:\Windows\system32\FNTCACHE.DAT

2014-04-13 00:16 - 2012-07-21 00:11 - 00181272 _____ () C:\Windows\RegBootClean.exe

2014-04-12 23:48 - 2014-04-12 23:48 - 00000000 ____D () C:\ProgramData\Malwarebytes

2014-04-12 20:29 - 2014-04-12 20:05 - 00000036 _____ () C:\Users\A0033498\AppData\Local\housecall.guid.cache

2014-04-12 20:24 - 2014-04-12 20:24 - 00332728 _____ () C:\Users\A0033498\AppData\Local\census.cache

2014-04-12 20:24 - 2014-04-12 20:24 - 00121676 _____ () C:\Users\A0033498\AppData\Local\ars.cache

2014-04-12 20:12 - 2014-04-12 20:12 - 00000010 _____ () C:\Users\A0033498\AppData\Local\sponge.last.runtime.cache

2014-04-12 17:52 - 2011-01-28 05:43 - 00000000 ____D () C:\Users\A0033498\AppData\Local\Microsoft Help

2014-04-12 15:16 - 2010-10-11 12:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight

2014-04-12 14:54 - 2014-04-12 14:54 - 00000000 ____D () C:\Program Files\Aurora

2014-04-12 14:54 - 2010-08-10 15:49 - 00139752 _____ () C:\Users\A0033498\AppData\Local\GDIPFONTCACHEV1.DAT

2014-04-12 14:40 - 2014-04-12 14:40 - 00000000 ____D () C:\Users\A0033498\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Aurora

2014-04-12 14:40 - 2014-04-12 14:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Aurora

2014-04-12 01:48 - 2013-02-18 20:01 - 00000000 ____D () C:\Program Files\MyDefrag v4.3.1

2014-04-04 13:04 - 2014-02-27 14:19 - 00000000 ____D () C:\Users\A0033498\AppData\Roaming\texstudio

2014-04-04 09:54 - 2010-10-08 14:11 - 00000000 ____D () C:\Users\A0033498\Desktop\Textbooks

Some content of TEMP:

====================

C:\Users\A0033498\AppData\Local\Temp\fwfo.dll

C:\Users\A0033498\AppData\Local\Temp\WRFirewallInstall.dll

 

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe

[2009-11-18 13:20] - [2009-08-03 13:35] - 2613248 ____A (Microsoft Corporation) B95EEB0F4E5EFBF1038A35B3351CF047

C:\Windows\system32\winlogon.exe => MD5 is legit

C:\Windows\system32\wininit.exe => MD5 is legit

C:\Windows\system32\svchost.exe => MD5 is legit

C:\Windows\system32\services.exe => MD5 is legit

C:\Windows\system32\User32.dll => MD5 is legit

C:\Windows\system32\userinit.exe => MD5 is legit

C:\Windows\system32\rpcss.dll => MD5 is legit

C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit

 

LastRegBack: 2014-04-29 00:43

==================== End Of Log ============================


Edited by adai2020, 02 May 2014 - 02:50 AM.

  • 0






Similar Topics


Also tagged with one or more of these keywords: virus, malware

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP