Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Many entires in Drivers Tab after Rogue Killer Scan


  • This topic is locked This topic is locked
23 replies to this topic

#1 TCKW

TCKW

  • Members
  • 127 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:02 AM

Posted 12 April 2014 - 09:20 AM

Routinely and regularly I carried out some security scans on my laptop. The usual set of scans are my Eset, Malwarebytes, OTL, TFC, Rogue Killer 64 bit (donate) version. At times, I also scanned with Mbam Anti rookit and TDSS Killers - both of these scan results turned out negative infection.

Recently, on a routine scan using Rogue Killer (which auto update) scanning a few times, there were many entires on the Driver's Tab after each scan. Naturally I clicked on delete to remove. They were removed because when I repeat a scan, the entries were gone. 

But after another internet surfing session, and completing another Rogue Killer scan, the Driver tab entries returned.

 

Attached are the reports of the just completed DDS scans:

 

Thank you.Attached File  attach.txt   17.94KB   1 downloads

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.17041
Run by Terence CKW at 22:07:08 on 2014-04-12
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.65.1033.18.3894.1211 [GMT 8:00]
.
AV: ESET Smart Security 7.0 *Enabled/Updated* {19259FAE-8396-A113-46DB-15B0E7DFA289}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: ESET Smart Security 7.0 *Enabled/Updated* {A2447E4A-A5AC-AE9D-7C6B-2EC29C58E834}
FW: ESET Personal firewall *Enabled* {211E1E8B-C9F9-A04B-6D84-BC85190CE5F2}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files\IDT\WDM\STacSV64.exe
C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\Hpservice.exe
C:\Program Files (x86)\Stardock\MyColors\VistaSrv.exe
C:\Program Files (x86)\Stardock\MyColors\WBVista.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\IDT\WDM\AESTSr64.exe
C:\Windows\system32\BtwRSupportService.exe
C:\Program Files (x86)\BUFFALO\Backup_Utility\BUService.exe
C:\Program Files (x86)\BUFFALO\Backup_Utility\BUVSSService64.exe
C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe
C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
C:\Program Files (x86)\Cobian Backup 11\cbVSCService11.exe
C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
c:\program files (x86)mediaandentertainment\real\realplayer\RPDS\Bin\rpdsvc.exe
C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Synology Data Replicator  3\SynoDrServicex64.exe
C:\Program Files (x86)\Synology\Assistant\UsbClientService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Google\Update\1.3.23.9\GoogleCrashHandler.exe
C:\Program Files (x86)\Google\Update\1.3.23.9\GoogleCrashHandler64.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files (x86)\Gadwin Systems\PrintScreen\PrintScreen.exe
C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Windows\splwow64.exe
C:\Program Files (x86)\Hewlett-Packard\HP Wireless Audio\HPWA.exe
C:\Users\Terence CKW\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Hewlett-Packard\HP ENVY Document Card Utilities\hpdocstart.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
C:\Program Files (x86)\Creative\Sound Blaster X-Fi Go Pro\Volume Panel\VolPanlu.exe
C:\Windows\SysWOW64\RunDll32.exe
C:\Program Files (x86)\BUFFALO\Backup_Utility\BUTray.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
C:\Program Files (x86)MediaandEntertainment\Real\RealPlayer\Update\realsched.exe
C:\ProgramData\AutoStarter\AutoStarter.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Hewlett-Packard\Media\Webcam\YCMMirage.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\PROGRAM FILES (X86)\SAMSUNG\KIES\KIES.EXE
C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.exe
C:\Windows\system32\vssvc.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe
C:\Windows\system32\Macromed\Flash\FlashUtil64_12_0_0_77_ActiveX.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\taskeng.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.news.google.com/
uSearch Bar = Preserve
mWinlogon: Userinit = userinit.exe,
BHO: RealNetworks Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll
BHO: Canon Easy-WebPrint EX BHO: {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - <orphaned>
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: WOT Helper: {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - C:\Program Files (x86)\WOT\WOT.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll
BHO: HP Network Check Helper: {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll
BHO: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: WOT: {71576546-354D-41C9-AAE8-31F2EC22BF0D} - C:\Program Files (x86)\WOT\WOT.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} -
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: WOT: {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files (x86)\WOT\WOT.dll
TB: Canon Easy-WebPrint EX: {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
EB: Canon Easy-WebPrint EX: {21347690-EC41-4F9A-8887-1F4AEE672439} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll
uRun: [Gadwin PrintScreen] "C:\Program Files (x86)\Gadwin Systems\PrintScreen\PrintScreen.exe" /nosplash
uRun: [WinPatrol] C:\Program Files (x86)\BillP Studios\WinPatrol\winpatrol.exe -expressboot
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
mRun: [HP Envy Guides AutoPlay] C:\Program Files (x86)\Hewlett-Packard\HP ENVY Document Card Utilities\hpdocstart.exe
mRun: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
mRun: [VolPanel] "C:\Program Files (x86)\Creative\Sound Blaster X-Fi Go Pro\Volume Panel\VolPanlu.exe" /r
mRun: [UpdReg] C:\Windows\UpdReg.EXE
mRun: [Backup Utility TaskTray Tool] "C:\Program Files (x86)\BUFFALO\Backup_Utility\BUTray.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [TkBellExe] "c:\program files (x86)mediaandentertainment\real\realplayer\Update\realsched.exe" -osboot
mRun: [AutoStarter] C:\ProgramData\AutoStarter\AutoStarter.exe
dRunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601
StartupFolder: C:\Users\TERENC~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Terence CKW\AppData\Roaming\Dropbox\bin\Dropbox.exe
StartupFolder: C:\Users\TERENC~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\PANDAU~1.LNK - C:\Program Files (x86)\Panda USB Vaccine\USBVaccine.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\HPWIRE~1.LNK - C:\Program Files (x86)\Hewlett-Packard\HP Wireless Audio\HPWA.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\STARDO~1.LNK - C:\Program Files (x86)\Stardock\MyColors\SDDelayedLaunch.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-001045-0002-0045-ABCDEFFEDCBC} - <orphaned>
IE: {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} - hxxp://h20614.www2.hp.com/ediags/gmd/Install/Cab/hpdetect1261.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553750000} - hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} - hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/130321/CTPID.cab
TCP: NameServer = 192.168.1.1 192.168.1.1
TCP: Interfaces\{F3351D7F-43D6-4B1D-906B-A7E56F3F2F16} : DHCPNameServer = 192.168.1.1 192.168.1.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files (x86)\WOT\WOT.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.116\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: RealNetworks Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin64.dll
x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
x64-BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-BHO: <No Name>: {AF949550-9094-4807-95EC-D1C317803333} - LocalServer32 - <no file>
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-BHO: WOT Helper: {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - C:\Program Files\WOT\WOT.dll
x64-BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
x64-BHO: HP Network Check Helper: {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll
x64-TB: WOT: {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll
x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
x64-Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe
x64-Run: [HPWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe 120 C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe /hidden
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [Creative SB Monitoring Utility] RunDll32 sbavmon.dll,SBAVMonitor
x64-Run: [Logitech Download Assistant] C:\Windows\System32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
x64-Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
x64-RunOnce: [NCPluginUpdater] "C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe" Update
x64-IE: {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files\WOT\WOT.dll
x64-Notify: igfxcui - igfxdev.dll
x64-Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
x64-Notify: WB - C:\Program Files (x86)\Stardock\MyColors\fast64.dll
x64-SSODL: WebCheck - <orphaned>
x64-STS: FencesShlExt Class - {1984DD45-52CF-49cd-AB77-18F378FEA264} - C:\Program Files\Stardock\Fences Pro\FencesMenu64.dll
x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Terence CKW\AppData\Roaming\Mozilla\Firefox\Profiles\802sfubc.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.news.google.com/|http://www.reuters.com/|http://sg.finance.yahoo.com/|http://www.poems.com.sg/|http://www.sgx.com/wps/portal/sgxweb/home/marketinfo/securities/stocks|http://www.sammyboy.com/
FF - plugin: C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Program Files (x86)MediaandEntertainment\Plugins\npqtplugin.dll
FF - plugin: C:\Program Files (x86)MediaandEntertainment\Plugins\npqtplugin2.dll
FF - plugin: C:\Program Files (x86)MediaandEntertainment\Plugins\npqtplugin3.dll
FF - plugin: C:\Program Files (x86)MediaandEntertainment\Plugins\npqtplugin4.dll
FF - plugin: C:\Program Files (x86)MediaandEntertainment\Plugins\npqtplugin5.dll
FF - plugin: C:\Program Files (x86)MediaandEntertainment\Plugins\npqtplugin6.dll
FF - plugin: C:\Program Files (x86)MediaandEntertainment\Plugins\npqtplugin7.dll
FF - plugin: c:\program files (x86)mediaandentertainment\real\realplayer\Netscape6\nppl3260.dll
FF - plugin: c:\program files (x86)mediaandentertainment\real\realplayer\Netscape6\nprpplugin.dll
FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll
FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll
FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll
FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll
FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1202122.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll
.
============= SERVICES / DRIVERS ===============
.
R0 bftpdskc64;BUFFALO TurboPC Cache Filter;C:\Windows\System32\drivers\bftpdskc64.sys [2013-7-12 67712]
R0 epfwwfp;epfwwfp;C:\Windows\System32\drivers\epfwwfp.sys [2013-9-17 62136]
R1 eamonm;eamonm;C:\Windows\System32\drivers\eamonm.sys [2013-9-17 239320]
R1 EpfwLWF;Epfw NDIS LightWeight Filter;C:\Windows\System32\drivers\EpfwLWF.sys [2013-9-17 44120]
R1 FNETURPX;FNETURPX;C:\Windows\System32\drivers\FNETURPX.SYS [2014-1-29 16648]
R1 FNETVDDA;FNETVDDA;C:\Windows\System32\drivers\FNETVDDA.SYS [2014-1-29 37128]
R2 AESTFilters;Andrea ST Filters Service;C:\Program Files\IDT\WDM\AESTSr64.exe [2013-5-27 89600]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2010-6-22 203264]
R2 BcmBtRSupport;Bluetooth Driver Management Service;C:\Windows\System32\BtwRSupportService.exe [2013-10-28 2255064]
R2 BFBackupUtilityService;Backup Utility Service;C:\Program Files (x86)\BUFFALO\Backup_Utility\BUService.exe -Service_Execute --> C:\Program Files (x86)\BUFFALO\Backup_Utility\BUService.exe -Service_Execute [?]
R2 BFBackupUtilityVSSService;Backup Utility VSS Service;C:\Program Files (x86)\BUFFALO\Backup_Utility\BUVSSService64.exe -Service_Execute --> C:\Program Files (x86)\BUFFALO\Backup_Utility\BUVSSService64.exe -Service_Execute [?]
R2 BingDesktopUpdate;Bing Desktop Update service;C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe [2013-6-20 173192]
R2 cbVSCService11;Cobian Backup 11 Volume Shadow Copy Requester;C:\Program Files (x86)\Cobian Backup 11\cbVSCService11.exe [2014-4-12 67584]
R2 ekrn;ESET Service;C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe [2013-9-12 1337752]
R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2012-9-27 86528]
R2 HP Wireless Assistant Service;HP Wireless Assistant Service;C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2010-6-19 103992]
R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-5-21 103992]
R2 hpsrv;HP Service;C:\Windows\System32\hpservice.exe [2011-5-13 30520]
R2 HPWMISVC;HPWMISVC;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2011-7-11 26680]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2013-5-27 13336]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-6-1 418376]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-6-1 701512]
R2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [2014-2-12 39568]
R2 RealPlayer Cloud Service;RealPlayer Cloud Service;C:\Program Files (x86)MediaandEntertainment\Real\RealPlayer\RPDS\Bin\rpdsvc.exe [2014-3-24 1141336]
R2 RealPlayerUpdateSvc;RealPlayer Update Service;C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe [2014-2-12 23552]
R2 SynoDrService;SynoDrService;C:\Program Files (x86)\Synology Data Replicator  3\SynoDrServicex64.exe [2012-6-28 381312]
R2 UNS;Intel® Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2013-5-27 2533400]
R2 UsbClientService;UsbClientService;C:\Program Files (x86)\Synology\Assistant\UsbClientService.exe [2012-9-18 248704]
R3 BBUpdate;BBUpdate;C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.EXE [2012-2-10 240408]
R3 bcbtums;Bluetooth USB LD Filter;C:\Windows\System32\drivers\bcbtums.sys [2013-10-28 170712]
R3 btwampfl;btwampfl;C:\Windows\System32\drivers\btwampfl.sys [2013-8-9 166104]
R3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\System32\drivers\btwl2cap.sys [2013-5-27 39464]
R3 busenum;Synology Virtual USB Hub;C:\Windows\System32\drivers\busenum.sys [2012-8-3 55776]
R3 clwvd;HP Webcam Splitter;C:\Windows\System32\drivers\clwvd.sys [2010-6-25 32880]
R3 HECIx64;Intel® Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2010-6-9 56344]
R3 Impcd;Impcd;C:\Windows\System32\drivers\Impcd.sys [2013-5-27 158976]
R3 intelkmd;intelkmd;C:\Windows\System32\drivers\igdpmd64.sys [2010-7-28 10610400]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2013-6-1 25928]
S2 BBSvc;BingBar Service;C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.EXE [2012-2-10 193816]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 AmUStor;AM USB Stroage Driver;C:\Windows\System32\drivers\AmUStor.sys [2010-6-26 40448]
S3 bftpusbx64;BUFFALO TurboPC USB Filter;C:\Windows\System32\drivers\bftpusbx64.sys [2010-1-18 20608]
S3 BoxSyncUpdateService;Box Sync Update Service;C:\Program Files\Box\Box Sync\SyncUpdaterService.exe [2014-3-10 28768]
S3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2013-6-18 79360]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2013-6-18 79360]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\Windows\System32\drivers\ssudbus.sys [2014-1-14 103576]
S3 hpdoccardsvc;HP Documention Flash Card Detection Service;C:\Program Files (x86)\Hewlett-Packard\HP ENVY Document Card Utilities\doccardsvc.exe [2010-3-25 83240]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-4-10 111616]
S3 ksaud;Creative USB Audio Driver;C:\Windows\System32\drivers\ksaud.sys [2013-6-18 1587968]
S3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;C:\Windows\System32\drivers\LEqdUsb.sys [2013-1-3 79240]
S3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;C:\Windows\System32\drivers\LHidEqd.sys [2013-1-3 15752]
S3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\System32\drivers\netw5v64.sys [2009-6-11 5434368]
S3 pwdrvio;pwdrvio;C:\Windows\System32\pwdrvio.sys [2014-1-8 19152]
S3 pwdspio;pwdspio;C:\Windows\System32\pwdspio.sys [2013-6-1 12504]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-5-26 19456]
S3 Revoflt;Revoflt;C:\Windows\System32\drivers\revoflt.sys [2013-6-1 31800]
S3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2013-5-27 346144]
S3 RZMAELSTROMVADService;Razer Surround Audio Enhancer Service;C:\Windows\System32\drivers\RzMaelstromVAD.sys [2013-9-4 40696]
S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\System32\drivers\VSTAZL6.SYS [2009-7-14 292864]
S3 SrvHsfV92;SrvHsfV92;C:\Windows\System32\drivers\VSTDPV6.SYS [2009-7-14 1485312]
S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\System32\drivers\VSTCNXT6.SYS [2009-7-14 740864]
S3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);C:\Windows\System32\drivers\ssudmdm.sys [2014-1-14 204568]
S3 SwitchBoard;SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-5-26 57856]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2013-5-26 1255736]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\System32\drivers\yk62x64.sys [2009-6-11 389120]
S4 Motorola Device Manager;Motorola Device Manager Service;C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe --> C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe [?]
.
=============== File Associations ===============
.
ShellExec: dreamweaver.exe: Open="C:\Program Files (x86)\Adobe\Adobe Dreamweaver CS5\dreamweaver.exe", "%1"
.
=============== Created Last 30 ================
.
2014-04-12 09:45:52 10521840 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{BBB86FFB-39EE-4F59-8CA1-D6B40FD62F09}\mpengine.dll
2014-04-12 09:24:51 -------- d-----w- C:\Program Files (x86)\Cobian Backup 11
2014-04-10 12:08:32 -------- d-----w- C:\Users\Terence CKW\AppData\Roaming\MotoCast
2014-04-10 03:14:23 -------- d-sh--w- C:\Users\Terence CKW\AppData\Local\EmieUserList
2014-04-10 03:14:23 -------- d-sh--w- C:\Users\Terence CKW\AppData\Local\EmieSiteList
2014-04-10 02:57:07 359936 ----a-w- C:\Program Files\Internet Explorer\IEShims.dll
2014-04-10 02:57:07 257536 ----a-w- C:\Program Files (x86)\Internet Explorer\IEShims.dll
2014-04-10 02:57:03 548352 ----a-w- C:\Windows\System32\vbscript.dll
2014-04-10 02:57:02 455168 ----a-w- C:\Windows\SysWow64\vbscript.dll
2014-04-10 02:57:01 470016 ----a-w- C:\Program Files (x86)\Internet Explorer\ieinstal.exe
2014-04-10 02:57:01 222720 ----a-w- C:\Program Files\Internet Explorer\ielowutil.exe
2014-04-10 02:57:01 222720 ----a-w- C:\Program Files (x86)\Internet Explorer\ielowutil.exe
2014-04-10 02:57:00 482816 ----a-w- C:\Program Files\Internet Explorer\ieinstal.exe
2014-04-10 02:57:00 293072 ----a-w- C:\Program Files\Internet Explorer\sqmapi.dll
2014-04-10 02:57:00 235216 ----a-w- C:\Program Files (x86)\Internet Explorer\sqmapi.dll
2014-04-09 17:43:47 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2014-04-09 17:43:47 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2014-04-09 17:43:47 362496 ----a-w- C:\Windows\System32\wow64win.dll
2014-04-09 17:43:47 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2014-04-09 17:43:47 243712 ----a-w- C:\Windows\System32\wow64.dll
2014-04-09 17:43:47 2048 ----a-w- C:\Windows\SysWow64\user.exe
2014-04-09 17:43:47 16384 ----a-w- C:\Windows\System32\ntvdm64.dll
2014-04-09 17:43:47 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2014-04-09 17:43:47 13312 ----a-w- C:\Windows\System32\wow64cpu.dll
2014-04-03 16:59:25 -------- d-sh--w- C:\found.001
2014-04-02 13:49:39 -------- d-----w- C:\f23fb423b5ff1f541fa7a0
2014-03-25 07:54:08 108968 ----a-w- C:\Windows\System32\WindowsAccessBridge-64.dll
2014-03-24 06:15:30 -------- d-----w- C:\Users\Terence CKW\AppData\Roaming\RealNetworks
2014-03-24 06:14:56 -------- d-----w- C:\ProgramData\RealNetworks
2014-03-24 06:14:56 -------- d-----w- C:\Program Files (x86)\RealNetworks
2014-03-23 07:50:57 -------- d-----r- C:\Users\Terence CKW\Dropbox
2014-03-23 07:49:45 -------- d-----w- C:\Users\Terence CKW\AppData\Roaming\DropboxMaster
2014-03-23 07:49:05 -------- d-----w- C:\Users\Terence CKW\AppData\Roaming\Dropbox
2014-03-22 16:15:28 -------- d--h--w- C:\Users\Terence CKW\.Box Sync
2014-03-22 16:15:16 -------- d-----w- C:\Users\Terence CKW\Box Sync
2014-03-22 16:11:13 -------- d-----w- C:\Program Files\Box
2014-03-22 16:10:34 -------- d-----w- C:\ProgramData\Package Cache
.
==================== Find3M  ====================
.
2014-04-08 04:05:36 91352 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys
2014-03-24 06:13:56 505416 ----a-w- C:\Windows\SysWow64\msvcp71.dll
2014-03-24 06:13:56 353864 ----a-w- C:\Windows\SysWow64\msvcr71.dll
2014-03-18 04:09:03 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-03-18 04:09:03 692616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2014-03-06 09:32:16 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2014-03-06 09:31:33 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
2014-03-06 08:59:04 66048 ----a-w- C:\Windows\System32\iesetup.dll
2014-03-06 08:57:20 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
2014-03-06 08:32:07 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2014-03-06 08:29:40 139264 ----a-w- C:\Windows\System32\ieUnatt.exe
2014-03-06 08:29:14 111616 ----a-w- C:\Windows\System32\ieetwcollector.exe
2014-03-06 08:28:15 752640 ----a-w- C:\Windows\System32\jscript9diag.dll
2014-03-06 08:15:54 940032 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
2014-03-06 08:11:41 5784064 ----a-w- C:\Windows\System32\jscript9.dll
2014-03-06 08:02:34 61952 ----a-w- C:\Windows\SysWow64\iesetup.dll
2014-03-06 08:01:01 51200 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
2014-03-06 07:56:43 38400 ----a-w- C:\Windows\System32\JavaScriptCollectionAgent.dll
2014-03-06 07:46:36 4254720 ----a-w- C:\Windows\SysWow64\jscript9.dll
2014-03-06 07:38:13 112128 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2014-03-06 07:36:40 592896 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
2014-03-06 07:13:43 32256 ----a-w- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
2014-03-06 07:11:15 2043904 ----a-w- C:\Windows\System32\inetcpl.cpl
2014-03-06 06:40:39 1967104 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2014-03-06 06:22:40 2260480 ----a-w- C:\Windows\System32\wininet.dll
2014-03-06 05:41:49 1789440 ----a-w- C:\Windows\SysWow64\wininet.dll
2014-03-04 09:17:05 44032 ----a-w- C:\Windows\apppatch\acwow64.dll
2014-02-07 01:23:30 3156480 ----a-w- C:\Windows\System32\win32k.sys
2014-02-04 02:32:12 624128 ----a-w- C:\Windows\System32\qedit.dll
2014-02-04 02:04:11 509440 ----a-w- C:\Windows\SysWow64\qedit.dll
2014-01-29 07:04:14 37128 ----a-w- C:\Windows\System32\drivers\FNETVDDA.SYS
2014-01-29 07:04:14 16648 ----a-w- C:\Windows\System32\drivers\FNETURPX.SYS
2014-01-29 02:32:18 484864 ----a-w- C:\Windows\System32\wer.dll
2014-01-29 02:06:47 381440 ----a-w- C:\Windows\SysWow64\wer.dll
.
============= FINISH: 22:08:30.85 ===============
 



BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,600 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:02 PM

Posted 17 April 2014 - 01:25 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/530810 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from the following link if you no longer have it available and save it to your destop.

    DDS.com Download Link
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control can be found HERE.

As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 TCKW

TCKW
  • Topic Starter

  • Members
  • 127 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:02 AM

Posted 18 April 2014 - 11:02 PM

I still need help. Though you are busy or overwhelmed, please tell me what is going on. I m still waiting to be assisted.

Thank you..



#4 nasdaq

nasdaq

  • Malware Response Team
  • 38,767 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:02 PM

Posted 19 April 2014 - 08:47 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the Report button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Sn].txt (n is a number).
===

Download the correct version of this tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
Farbar Recovery Scan Tool (32 bit)
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

===

Run the RogueKiller tool and post a log for my review.

Please paste the logs in your next reply DO NOT ATTACH THEM unless specified.

#5 TCKW

TCKW
  • Topic Starter

  • Members
  • 127 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:02 AM

Posted 20 April 2014 - 03:37 AM

Hello. Thank you for coming to help.

 

First let me write something before I post all the 4 logs. After the AdwCleaner scan, all of the items I did not check off as I don't know if they are what I wanted or whether they are valid or not. So everything were not kept.

 

Here below is the AdwCleaner log:

 

# AdwCleaner v3.100 - Report created 20/04/2014 at 15:58:08
# Updated 20/04/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Terence CKW - HPENVYBEATS1104
# Running from : C:\Users\Terence CKW\Desktop\adwcleaner.exe
# Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\Package Cache

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49B4-9D64-90988571CECB}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2318C2B1-4965-11D4-9B18-009027A5CD4F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2318C2B1-4965-11D4-9B18-009027A5CD4F}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{2318C2B1-4965-11D4-9B18-009027A5CD4F}]
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}
Value Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{2318C2B1-4965-11D4-9B18-009027A5CD4F}]

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17041

-\\ Mozilla Firefox v21.0 (en-US)

[ File : C:\Users\Terence CKW\AppData\Roaming\Mozilla\Firefox\Profiles\802sfubc.default\prefs.js ]

-\\ Google Chrome v34.0.1847.116

[ File : C:\Users\Terence CKW\AppData\Local\Google\Chrome\User Data\Default\preferences ]

*************************

AdwCleaner[R0].txt - [2068 octets] - [24/11/2013 16:46:26]
AdwCleaner[R1].txt - [900 octets] - [30/01/2014 23:02:14]
AdwCleaner[R2].txt - [1048 octets] - [30/01/2014 23:10:18]
AdwCleaner[R3].txt - [3222 octets] - [24/02/2014 13:33:01]
AdwCleaner[R4].txt - [2818 octets] - [24/02/2014 13:47:17]
AdwCleaner[R5].txt - [1541 octets] - [28/03/2014 14:50:36]
AdwCleaner[R6].txt - [2366 octets] - [20/04/2014 15:54:00]
AdwCleaner[S0].txt - [2121 octets] - [24/11/2013 16:48:53]
AdwCleaner[S1].txt - [960 octets] - [30/01/2014 23:03:49]
AdwCleaner[S2].txt - [1110 octets] - [30/01/2014 23:10:56]
AdwCleaner[S3].txt - [3226 octets] - [24/02/2014 13:34:16]
AdwCleaner[S4].txt - [2885 octets] - [24/02/2014 13:48:05]
AdwCleaner[S5].txt - [2297 octets] - [20/04/2014 15:58:08]

########## EOF - C:\AdwCleaner\AdwCleaner[S5].txt - [2357 octets] ##########

 

Now below is the FRST:

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 19-04-2014
Ran by Terence CKW (administrator) on HPENVYBEATS1104 on 20-04-2014 16:07:02
Running from C:\Users\Terence CKW\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(AMD) C:\Windows\system32\atiesrxx.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\STacSV64.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
(Hewlett-Packard Company) C:\Windows\system32\Hpservice.exe
(AMD) C:\Windows\system32\atieclxx.exe
(Stardock Corporation) C:\Program Files (x86)\Stardock\MyColors\VistaSrv.exe
() C:\Program Files (x86)\Stardock\MyColors\WBVista.exe
(Microsoft Corporation) C:\Windows\system32\WLANExt.exe
(Andrea Electronics Corporation) C:\Program Files\IDT\WDM\AESTSr64.exe
(Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.exe
(Broadcom Corporation.) C:\Windows\system32\BtwRSupportService.exe
(BUFFALO INC.) C:\Program Files (x86)\BUFFALO\Backup_Utility\BUService.exe
(BUFFALO INC.) C:\Program Files (x86)\BUFFALO\Backup_Utility\BUVSSService64.exe
(Microsoft Corp.) C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(CobianSoft, Luis Cobian) C:\Program Files (x86)\Cobian Backup 11\cbVSCService11.exe
(ESET) C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
() C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
(RealNetworks, Inc.) c:\program files (x86)mediaandentertainment\real\realplayer\RPDS\Bin\rpdsvc.exe
() C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe
() C:\Program Files (x86)\Synology Data Replicator  3\SynoDrServicex64.exe
() C:\Program Files (x86)\Synology\Assistant\UsbClientService.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.23.9\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.23.9\GoogleCrashHandler64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Alcor Micro Corp.) C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(ESET) C:\Program Files\ESET\ESET Smart Security\egui.exe
(Gadwin Systems, Inc) C:\Program Files (x86)\Gadwin Systems\PrintScreen\PrintScreen.exe
(BillP Studios) C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(Synaptics Incorporated) C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Hewlett Packard) C:\Program Files (x86)\Hewlett-Packard\HP Wireless Audio\HPWA.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP ENVY Document Card Utilities\hpdocstart.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Sound Blaster X-Fi Go Pro\Volume Panel\VolPanlu.exe
(BUFFALO INC.) C:\Program Files (x86)\BUFFALO\Backup_Utility\BUTray.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
(RealNetworks, Inc.) C:\Program Files (x86)MediaandEntertainment\Real\RealPlayer\Update\realsched.exe
(CyberLink) C:\Program Files (x86)\Hewlett-Packard\Media\Webcam\YCMMirage.exe
(FNet Co., Ltd.) C:\ProgramData\AutoStarter\AutoStarter.exe
(Dropbox, Inc.) C:\Users\Terence CKW\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
(Samsung) C:\PROGRAM FILES (X86)\SAMSUNG\KIES\KIES.EXE
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2837288 2011-10-14] (Synaptics Incorporated)
HKLM\...\Run: [AmIcoSinglun64] => C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [324096 2010-06-26] (Alcor Micro Corp.)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [487424 2010-07-03] (IDT, Inc.)
HKLM\...\Run: [HPWirelessAssistant] => C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe [363064 2010-06-19] (Hewlett-Packard Company)
HKLM\...\Run: [Creative SB Monitoring Utility] => C:\Windows\system32\sbavmon.dll [116224 2010-08-03] (Creative Technology Ltd.)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\System32\LogiLDA.dll [1832760 2012-09-20] (Logitech, Inc.)
HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET Smart Security\egui.exe [5618456 2013-09-12] (ESET)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2010-06-22] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284696 2010-03-25] (Intel Corporation)
HKLM-x32\...\Run: [HP Envy Guides AutoPlay] => C:\Program Files (x86)\Hewlett-Packard\HP ENVY Document Card Utilities\hpdocstart.exe [76584 2010-03-25] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [HP Quick Launch] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [574008 2011-07-11] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [VolPanel] => C:\Program Files (x86)\Creative\Sound Blaster X-Fi Go Pro\Volume Panel\VolPanlu.exe [241757 2010-12-08] (Creative Technology Ltd)
HKLM-x32\...\Run: [UpdReg] => C:\Windows\UpdReg.EXE [90112 2000-05-11] (Creative Technology Ltd.)
HKLM-x32\...\Run: [Backup Utility TaskTray Tool] => C:\Program Files (x86)\BUFFALO\Backup_Utility\BUTray.exe [1824120 2010-04-28] (BUFFALO INC.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-22] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [TkBellExe] => c:\program files (x86)mediaandentertainment\real\realplayer\Update\realsched.exe [296520 2014-03-24] (RealNetworks, Inc.)
HKLM-x32\...\Run: [AutoStarter] => C:\ProgramData\AutoStarter\AutoStarter.exe [1420552 2014-04-12] (FNet Co., Ltd.)
HKLM\...\RunOnce: [NCPluginUpdater] - "C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe" Update [21720 2014-04-08] (Hewlett-Packard)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
Winlogon\Notify\WB: C:\Program Files (x86)\Stardock\MyColors\fast64.dll [X]
HKU\.DEFAULT\...\RunOnce: [SPReview] - C:\Windows\System32\SPReview\SPReview.exe [301568 2013-05-26] (Microsoft Corporation)
HKU\S-1-5-21-2799878227-2956951909-133465866-1000\...\Run: [Gadwin PrintScreen] => C:\Program Files (x86)\Gadwin Systems\PrintScreen\PrintScreen.exe [1842384 2012-05-30] (Gadwin Systems, Inc)
HKU\S-1-5-21-2799878227-2956951909-133465866-1000\...\Run: [WinPatrol] => C:\Program Files (x86)\BillP Studios\WinPatrol\winpatrol.exe [429120 2014-01-24] (BillP Studios)
HKU\S-1-5-21-2799878227-2956951909-133465866-1000\...\MountPoints2: H - H:\Windows\CHECK\DriveNavigator.exe
HKU\S-1-5-21-2799878227-2956951909-133465866-1000\...\MountPoints2: {971b756a-c63d-11e2-9e17-70f39593bade} - F:\Windows\CHECK\DriveNavigator.exe
HKU\S-1-5-21-2799878227-2956951909-133465866-1000\...\MountPoints2: {c5714e2c-c0a5-11e3-9672-70f39593bade} - G:\MotoCastSetup.exe -a
Startup: C:\Users\Terence CKW\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Terence CKW\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Terence CKW\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PandaUSBVaccine.lnk
ShortcutTarget: PandaUSBVaccine.lnk -> C:\Program Files (x86)\Panda USB Vaccine\USBVaccine.exe (Panda Security)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.news.google.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.reuters.com/
http://asia.wsj.com/home-page/
http://sg.finance.yahoo.com/
http://www.poems.com.sg/
https://support.google.com/plus/topic/3052527?hl=en&ref_topic=3049663
http://www.cbn.com/
http://www.photoextract.com/
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM - {401A4E8E-5931-4B3E-B888-14954AF1F16C} URL = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM - {C8ADB47F-5CE1-47F7-85FF-FAAF0327B828} URL = http://sg.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKLM-x32 - {401A4E8E-5931-4B3E-B888-14954AF1F16C} URL = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM-x32 - {C8ADB47F-5CE1-47F7-85FF-FAAF0327B828} URL = http://sg.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKCU - {401A4E8E-5931-4B3E-B888-14954AF1F16C} URL =
SearchScopes: HKCU - {C8ADB47F-5CE1-47F7-85FF-FAAF0327B828} URL =
BHO: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin64.dll (RealDownloader)
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: No Name - {AF949550-9094-4807-95EC-D1C317803333} -  No File
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: WOT Helper - {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - C:\Program Files\WOT\WOT.dll ()
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
BHO-x32: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: WOT Helper - {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - C:\Program Files (x86)\WOT\WOT.dll ()
BHO-x32: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll (Microsoft Corporation.)
BHO-x32: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
BHO-x32: SmartSelect Class - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM - WOT - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll ()
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll (Microsoft Corporation.)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - WOT - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files (x86)\WOT\WOT.dll ()
Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
Toolbar: HKCU - No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
Toolbar: HKCU - WOT - {71576546-354D-41C9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll ()
DPF: HKLM-x32 {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20614.www2.hp.com/ediags/gmd/Install/Cab/hpdetect1261.cab
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553750000} http://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: HKLM-x32 {D4B68B83-8710-488B-A692-D74B50BA558E} http://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
DPF: HKLM-x32 {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creative.com/Web/softwareupdate/ocx/130321/CTPID.cab
Handler: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files\WOT\WOT.dll ()
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Handler-x32: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files (x86)\WOT\WOT.dll ()
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Terence CKW\AppData\Roaming\Mozilla\Firefox\Profiles\802sfubc.default
FF Homepage: hxxp://www.news.google.com/|hxxp://www.reuters.com/|hxxp://sg.finance.yahoo.com/|hxxp://www.poems.com.sg/|hxxp://www.sgx.com/wps/portal/sgxweb/home/marketinfo/securities/stocks|hxxp://www.sammyboy.com/
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_117.dll ()
FF Plugin: @java.com/DTPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1202122.dll (Adobe Systems, Inc.)
FF Plugin-x32: @canon.com/EPPEX - C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8117.0416 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @real.com/nppl3260;version=17.0.6.13 - c:\program files (x86)mediaandentertainment\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlchromebrowserrecordext;version=17.0.6 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlhtml5videoshim;version=17.0.6 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlpepperflashvideoshim;version=17.0.6 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpplugin;version=17.0.6.13 - c:\program files (x86)mediaandentertainment\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer Cloud)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.8 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Acrobat - C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird
FF Extension: ESET Smart Security Extension - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2013-11-21]
FF HKLM-x32\...\Firefox\Extensions: [{8E8D8D12-A43B-4289-994D-DF2C7C0EF736}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ []
FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird
FF Extension: ESET Smart Security Extension - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2013-11-21]

Chrome:
=======
CHR StartupUrls: "hxxp://www.reuters.com/", "hxxp://asia.wsj.com/home-page/", "hxxp://news.google.com/", "hxxp://sg.finance.yahoo.com/", "hxxp://www.poems.com.sg/", "hxxp://www.photoextract.com/", "hxxp://www.sgx.com/wps/portal/sgxweb/home/!ut/p/a1/04_Sj9CPykssy0xPLMnMz0vMAfGjzOKNHB1NPAycDSz9wwzMDTxD_Z2Cg8PCDANdjYEKIoEKDHAARwNC-sP1o8BK8JhQkBthkO6oqAgAzDYPQQ!!/dl5/d5/L2dBISEvZ0FBIS9nQSEh/", "https://www.copy.com/home/", "hxxp://www.tremeritus.com/", "hxxp://www.cbn.com/", "https://www.dropbox.com/login", "https://app.box.com/"
CHR DefaultSearchKeyword: google.com.sg
CHR Extension: (Beautiful landscape) - C:\Users\Terence CKW\AppData\Local\Google\Chrome\User Data\Default\Extensions\ambfimhigppdidfmelpjmojccbfdoeig [2014-03-22]
CHR Extension: (Google Docs) - C:\Users\Terence CKW\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-03-22]
CHR Extension: (Google Drive) - C:\Users\Terence CKW\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-03-22]
CHR Extension: (YouTube) - C:\Users\Terence CKW\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-03-22]
CHR Extension: (Google Search) - C:\Users\Terence CKW\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-03-22]
CHR Extension: (RealPlayer Downloader) - C:\Users\Terence CKW\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji [2014-03-22]
CHR Extension: (Google Wallet) - C:\Users\Terence CKW\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-03-22]
CHR Extension: (Gmail) - C:\Users\Terence CKW\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-03-22]
CHR HKLM-x32\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2014-02-12]

==================== Services (Whitelisted) =================

R2 BcmBtRSupport; C:\Windows\system32\BtwRSupportService.exe [2255064 2013-10-28] (Broadcom Corporation.)
R2 BFBackupUtilityService; C:\Program Files (x86)\BUFFALO\Backup_Utility\BUService.exe [320888 2010-04-28] (BUFFALO INC.)
R2 BFBackupUtilityVSSService; C:\Program Files (x86)\BUFFALO\Backup_Utility\BUVSSService64.exe [359288 2010-04-28] (BUFFALO INC.)
R2 BingDesktopUpdate; C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe [173192 2013-06-20] (Microsoft Corp.)
S3 BoxSyncUpdateService; C:\Program Files\Box\Box Sync\SyncUpdaterService.exe [28768 2014-03-10] (Box Inc.)
R2 cbVSCService11; C:\Program Files (x86)\Cobian Backup 11\cbVSCService11.exe [67584 2013-03-07] (CobianSoft, Luis Cobian)
R2 ekrn; C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe [1337752 2013-09-12] (ESET)
S3 hpdoccardsvc; C:\Program Files (x86)\Hewlett-Packard\HP ENVY Document Card Utilities\doccardsvc.exe [83240 2010-03-25] (Hewlett-Packard Developement Company, L.P.)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [39568 2014-02-12] ()
R2 RealPlayer Cloud Service; c:\program files (x86)mediaandentertainment\real\realplayer\RPDS\Bin\rpdsvc.exe [1141336 2014-03-24] (RealNetworks, Inc.)
R2 RealPlayerUpdateSvc; C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe [23552 2014-02-12] ()
R2 SynoDrService; C:\Program Files (x86)\Synology Data Replicator  3\SynoDrServicex64.exe [381312 2012-06-28] ()
R2 UsbClientService; C:\Program Files (x86)\Synology\Assistant\UsbClientService.exe [248704 2012-09-18] ()
S4 Motorola Device Manager; C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe [X]

==================== Drivers (Whitelisted) ====================

R3 bcbtums; C:\Windows\System32\drivers\bcbtums.sys [170712 2013-10-28] (Broadcom Corporation.)
R0 bftpdskc64; C:\Windows\System32\drivers\bftpdskc64.sys [67712 2010-01-12] (BUFFALO INC.)
S3 bftpusbx64; C:\Windows\System32\drivers\bftpusbx64.sys [20608 2010-01-18] (BUFFALO INC.)
R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [239320 2013-09-17] (ESET)
U5 edevmon; C:\Windows\System32\Drivers\edevmon.sys [239296 2013-09-17] (ESET)
R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [168256 2013-09-17] (ESET)
R2 epfw; C:\Windows\System32\DRIVERS\epfw.sys [220232 2013-09-17] (ESET)
R1 EpfwLWF; C:\Windows\System32\DRIVERS\EpfwLWF.sys [44120 2013-09-17] (ESET)
R0 epfwwfp; C:\Windows\System32\DRIVERS\epfwwfp.sys [62136 2013-09-17] (ESET)
R1 FNETURPX; C:\Windows\System32\drivers\FNETURPX.SYS [16648 2014-01-29] (FNet Co., Ltd.)
R1 FNETVDDA; C:\Windows\System32\drivers\FNETVDDA.SYS [37128 2014-01-29] (FNet Co., Ltd.)
S3 ksaud; C:\Windows\System32\drivers\ksaud.sys [1587968 2010-08-11] (Creative Technology Ltd.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
S3 pwdrvio; C:\Windows\system32\pwdrvio.sys [19152 2013-09-30] ()
S3 pwdspio; C:\Windows\system32\pwdspio.sys [12504 2013-09-30] ()
S3 RZMAELSTROMVADService; C:\Windows\System32\drivers\RzMaelstromVAD.sys [40696 2013-09-04] (Windows ® Win 7 DDK provider)
S3 BTCFilterService; system32\DRIVERS\motfilt.sys [X]
S3 motandroidusb; System32\Drivers\motoandroid.sys [X]
S3 motccgp; system32\DRIVERS\motccgp.sys [X]
S3 motccgpfl; system32\DRIVERS\motccgpfl.sys [X]
S3 MotoSwitchService; system32\DRIVERS\motswch.sys [X]
S3 Motousbnet; system32\DRIVERS\Motousbnet.sys [X]
S3 motusbdevice; system32\DRIVERS\motusbdevice.sys [X]

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2014-04-20 16:07 - 2014-04-20 16:07 - 00027602 _____ () C:\Users\Terence CKW\Desktop\FRST.txt
2014-04-20 16:06 - 2014-04-20 16:07 - 00000000 ____D () C:\FRST
2014-04-20 16:02 - 2014-04-20 16:02 - 00002445 _____ () C:\Users\Terence CKW\Desktop\AdwCleaner[S5].txt
2014-04-20 16:00 - 2014-04-20 16:00 - 00003650 _____ () C:\Windows\System32\Tasks\RNUpgradeHelperResumePrompt_Terence CKW
2014-04-20 16:00 - 2014-04-20 16:00 - 00003010 _____ () C:\Windows\System32\Tasks\ReclaimerUpdateFiles_Terence CKW
2014-04-20 16:00 - 2014-04-20 16:00 - 00003006 _____ () C:\Windows\System32\Tasks\ReclaimerUpdateXML_Terence CKW
2014-04-20 16:00 - 2014-04-20 16:00 - 00002714 _____ () C:\Windows\System32\Tasks\RNUpgradeHelperLogonPrompt_Terence CKW
2014-04-20 16:00 - 2014-04-20 16:00 - 00000400 _____ () C:\Windows\Tasks\RNUpgradeHelperLogonPrompt_Terence CKW.job
2014-04-20 16:00 - 2014-04-20 16:00 - 00000394 _____ () C:\Windows\Tasks\ReclaimerUpdateFiles_Terence CKW.job
2014-04-20 16:00 - 2014-04-20 16:00 - 00000390 _____ () C:\Windows\Tasks\ReclaimerUpdateXML_Terence CKW.job
2014-04-20 15:47 - 2014-04-20 15:47 - 03972608 _____ () C:\Users\Terence CKW\Desktop\RogueKiller.exe
2014-04-20 15:45 - 2014-04-20 15:45 - 02055680 _____ (Farbar) C:\Users\Terence CKW\Desktop\FRST64.exe
2014-04-20 15:45 - 2014-04-20 15:45 - 01308369 _____ () C:\Users\Terence CKW\Desktop\adwcleaner.exe
2014-04-19 22:20 - 2014-04-19 22:20 - 00000000 ____D () C:\Users\Terence CKW\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bluetooth Devices
2014-04-12 22:08 - 2014-04-12 22:09 - 00033737 _____ () C:\Users\Terence CKW\Desktop\dds.txt
2014-04-12 22:08 - 2014-04-12 22:09 - 00018371 _____ () C:\Users\Terence CKW\Desktop\attach.txt
2014-04-12 22:03 - 2014-04-12 22:03 - 00688992 ____R (Swearware) C:\Users\Terence CKW\Desktop\dds.com
2014-04-12 17:24 - 2014-04-12 17:24 - 00000000 ____D () C:\Program Files (x86)\Cobian Backup 11
2014-04-12 13:12 - 2014-04-12 13:12 - 00035840 ___SH () C:\Users\Terence CKW\Thumbs.db
2014-04-10 20:08 - 2014-04-10 20:08 - 00000000 ____D () C:\Users\Terence CKW\AppData\Roaming\MotoCast
2014-04-10 14:07 - 2014-04-10 14:11 - 00000000 ____D () C:\Users\Terence CKW\Downloads\Android Stuff
2014-04-10 11:14 - 2014-04-10 11:14 - 00000000 __SHD () C:\Users\Terence CKW\AppData\Local\EmieUserList
2014-04-10 11:14 - 2014-04-10 11:14 - 00000000 __SHD () C:\Users\Terence CKW\AppData\Local\EmieSiteList
2014-04-10 10:57 - 2014-03-06 16:57 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-04-10 10:57 - 2014-03-06 16:32 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-04-10 10:57 - 2014-03-06 16:02 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-04-10 10:57 - 2014-03-06 15:40 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-04-10 10:56 - 2014-03-06 18:21 - 23549440 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-04-10 10:56 - 2014-03-06 17:32 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-04-10 10:56 - 2014-03-06 17:31 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-04-10 10:56 - 2014-03-06 17:19 - 17387008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-04-10 10:56 - 2014-03-06 16:59 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-04-10 10:56 - 2014-03-06 16:57 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-04-10 10:56 - 2014-03-06 16:53 - 02767360 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-04-10 10:56 - 2014-03-06 16:40 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-04-10 10:56 - 2014-03-06 16:39 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-04-10 10:56 - 2014-03-06 16:32 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-04-10 10:56 - 2014-03-06 16:29 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-04-10 10:56 - 2014-03-06 16:29 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-04-10 10:56 - 2014-03-06 16:28 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-04-10 10:56 - 2014-03-06 16:15 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-04-10 10:56 - 2014-03-06 16:11 - 05784064 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-04-10 10:56 - 2014-03-06 16:09 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-04-10 10:56 - 2014-03-06 16:03 - 00586240 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-04-10 10:56 - 2014-03-06 16:02 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-04-10 10:56 - 2014-03-06 16:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-04-10 10:56 - 2014-03-06 15:56 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-04-10 10:56 - 2014-03-06 15:48 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-04-10 10:56 - 2014-03-06 15:47 - 02178048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-04-10 10:56 - 2014-03-06 15:46 - 04254720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-04-10 10:56 - 2014-03-06 15:46 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-04-10 10:56 - 2014-03-06 15:45 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-04-10 10:56 - 2014-03-06 15:42 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-04-10 10:56 - 2014-03-06 15:38 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-04-10 10:56 - 2014-03-06 15:36 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-04-10 10:56 - 2014-03-06 15:22 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-04-10 10:56 - 2014-03-06 15:21 - 00628736 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-04-10 10:56 - 2014-03-06 15:13 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-04-10 10:56 - 2014-03-06 15:11 - 02043904 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-04-10 10:56 - 2014-03-06 15:07 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-04-10 10:56 - 2014-03-06 15:01 - 00244224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-04-10 10:56 - 2014-03-06 14:53 - 13551104 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-04-10 10:56 - 2014-03-06 14:46 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-04-10 10:56 - 2014-03-06 14:40 - 01967104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-04-10 10:56 - 2014-03-06 14:36 - 11745792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-04-10 10:56 - 2014-03-06 14:22 - 02260480 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-04-10 10:56 - 2014-03-06 13:58 - 01400832 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-04-10 10:56 - 2014-03-06 13:50 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-04-10 10:56 - 2014-03-06 13:43 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-04-10 10:56 - 2014-03-06 13:41 - 01789440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-04-10 10:56 - 2014-03-06 13:36 - 01143808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-04-10 01:43 - 2014-03-04 17:44 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2014-04-10 01:43 - 2014-03-04 17:44 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2014-04-10 01:43 - 2014-03-04 17:44 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2014-04-10 01:43 - 2014-03-04 17:44 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2014-04-10 01:43 - 2014-03-04 17:44 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2014-04-10 01:43 - 2014-03-04 17:17 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2014-04-10 01:43 - 2014-03-04 17:16 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2014-04-10 01:43 - 2014-03-04 17:16 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2014-04-10 01:43 - 2014-03-04 17:16 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2014-04-10 01:43 - 2014-03-04 16:09 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2014-04-10 01:43 - 2014-03-04 16:09 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2014-04-04 00:59 - 2014-04-04 00:59 - 00000000 __SHD () C:\found.001
2014-04-02 21:49 - 2014-04-02 21:49 - 00000000 ____D () C:\f23fb423b5ff1f541fa7a0
2014-03-27 10:35 - 2014-04-20 16:01 - 00003266 _____ () C:\Windows\System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-2799878227-2956951909-133465866-1000
2014-03-25 23:50 - 2014-04-15 09:34 - 00001042 _____ () C:\Users\Terence CKW\Desktop\Dropbox.lnk
2014-03-25 15:54 - 2014-03-25 15:53 - 00312744 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-03-25 15:54 - 2014-03-25 15:53 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-03-25 15:54 - 2014-03-25 15:53 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-03-25 15:54 - 2014-03-25 15:53 - 00108968 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2014-03-25 15:53 - 2014-03-25 15:53 - 00000000 ____D () C:\Program Files\Java
2014-03-25 15:50 - 2014-03-25 15:50 - 00000000 ____D () C:\Users\Terence CKW\AppData\Roaming\Oracle
2014-03-24 14:15 - 2014-03-24 14:15 - 00000995 _____ () C:\Users\Public\Desktop\RealPlayer Cloud.lnk
2014-03-24 14:15 - 2014-03-24 14:15 - 00000000 ____D () C:\Users\Terence CKW\AppData\Roaming\RealNetworks
2014-03-24 14:14 - 2014-03-24 14:14 - 00000000 ____D () C:\ProgramData\RealNetworks
2014-03-24 14:14 - 2014-03-24 14:14 - 00000000 ____D () C:\Program Files (x86)\RealNetworks
2014-03-23 16:07 - 2014-03-23 16:13 - 156471358 ____N () C:\Users\Terence CKW\Downloads\Terence-Yihnahs Gardens Photos.zip
2014-03-23 15:50 - 2014-04-20 16:01 - 00000000 ___RD () C:\Users\Terence CKW\Dropbox
2014-03-23 15:49 - 2014-04-20 16:02 - 00000000 ____D () C:\Users\Terence CKW\AppData\Roaming\Dropbox
2014-03-23 15:49 - 2014-04-15 09:34 - 00000000 ____D () C:\Users\Terence CKW\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-03-23 15:49 - 2014-03-25 23:50 - 00000000 ____D () C:\Users\Terence CKW\AppData\Roaming\DropboxMaster
2014-03-23 10:54 - 2014-03-23 10:54 - 00003234 _____ () C:\Windows\System32\Tasks\{2129B798-8DB1-49AD-9ADD-4FB54949009F}
2014-03-23 00:15 - 2014-03-23 13:28 - 00000000 ____D () C:\Users\Terence CKW\Box Sync
2014-03-23 00:15 - 2014-03-23 00:15 - 00000000 ___HD () C:\Users\Terence CKW\.Box Sync
2014-03-23 00:11 - 2014-03-23 00:11 - 00000000 ____D () C:\Program Files\Box
2014-03-22 14:11 - 2014-03-22 14:11 - 00000000 ____D () C:\Users\Terence CKW\Desktop\Tor Browser

==================== One Month Modified Files and Folders =======

2014-04-20 16:08 - 2013-12-24 19:33 - 00000356 _____ () C:\Windows\Tasks\HPCeeScheduleForTerence CKW.job
2014-04-20 16:07 - 2014-04-20 16:07 - 00027602 _____ () C:\Users\Terence CKW\Desktop\FRST.txt
2014-04-20 16:07 - 2014-04-20 16:06 - 00000000 ____D () C:\FRST
2014-04-20 16:07 - 2009-07-14 12:45 - 00023248 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-04-20 16:07 - 2009-07-14 12:45 - 00023248 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-04-20 16:06 - 2014-02-11 16:55 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA1cf2707131e45d3.job
2014-04-20 16:02 - 2014-04-20 16:02 - 00002445 _____ () C:\Users\Terence CKW\Desktop\AdwCleaner[S5].txt
2014-04-20 16:02 - 2014-03-23 15:49 - 00000000 ____D () C:\Users\Terence CKW\AppData\Roaming\Dropbox
2014-04-20 16:01 - 2014-03-27 10:35 - 00003266 _____ () C:\Windows\System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-2799878227-2956951909-133465866-1000
2014-04-20 16:01 - 2014-03-23 15:50 - 00000000 ___RD () C:\Users\Terence CKW\Dropbox
2014-04-20 16:01 - 2013-11-16 23:38 - 00003388 _____ () C:\Windows\System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-2799878227-2956951909-133465866-1000
2014-04-20 16:01 - 2013-10-29 17:45 - 00000000 ____D () C:\Users\Terence CKW\AppData\Local\CrashDumps
2014-04-20 16:00 - 2014-04-20 16:00 - 00003650 _____ () C:\Windows\System32\Tasks\RNUpgradeHelperResumePrompt_Terence CKW
2014-04-20 16:00 - 2014-04-20 16:00 - 00003010 _____ () C:\Windows\System32\Tasks\ReclaimerUpdateFiles_Terence CKW
2014-04-20 16:00 - 2014-04-20 16:00 - 00003006 _____ () C:\Windows\System32\Tasks\ReclaimerUpdateXML_Terence CKW
2014-04-20 16:00 - 2014-04-20 16:00 - 00002714 _____ () C:\Windows\System32\Tasks\RNUpgradeHelperLogonPrompt_Terence CKW
2014-04-20 16:00 - 2014-04-20 16:00 - 00000400 _____ () C:\Windows\Tasks\RNUpgradeHelperLogonPrompt_Terence CKW.job
2014-04-20 16:00 - 2014-04-20 16:00 - 00000394 _____ () C:\Windows\Tasks\ReclaimerUpdateFiles_Terence CKW.job
2014-04-20 16:00 - 2014-04-20 16:00 - 00000390 _____ () C:\Windows\Tasks\ReclaimerUpdateXML_Terence CKW.job
2014-04-20 16:00 - 2013-12-03 19:50 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cef01dcc9d845d.job
2014-04-20 15:59 - 2013-06-06 09:53 - 00162688 _____ () C:\Windows\setupact.log
2014-04-20 15:59 - 2009-07-14 13:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-04-20 15:58 - 2013-11-24 16:46 - 00000000 ____D () C:\AdwCleaner
2014-04-20 15:58 - 2013-05-27 08:15 - 01096022 _____ () C:\Windows\WindowsUpdate.log
2014-04-20 15:47 - 2014-04-20 15:47 - 03972608 _____ () C:\Users\Terence CKW\Desktop\RogueKiller.exe
2014-04-20 15:45 - 2014-04-20 15:45 - 02055680 _____ (Farbar) C:\Users\Terence CKW\Desktop\FRST64.exe
2014-04-20 15:45 - 2014-04-20 15:45 - 01308369 _____ () C:\Users\Terence CKW\Desktop\adwcleaner.exe
2014-04-20 13:32 - 2013-11-16 23:46 - 00003366 _____ () C:\Windows\System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-2799878227-2956951909-133465866-1000
2014-04-20 13:32 - 2013-11-16 23:46 - 00003244 _____ () C:\Windows\System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-2799878227-2956951909-133465866-1000
2014-04-20 11:36 - 2013-11-07 15:38 - 00003978 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{0F20EFAF-E010-4D4A-BC91-E17FB97EFB09}
2014-04-19 22:20 - 2014-04-19 22:20 - 00000000 ____D () C:\Users\Terence CKW\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bluetooth Devices
2014-04-16 15:30 - 2013-08-20 01:48 - 00000000 ____D () C:\Users\Terence CKW\Documents\PrintScreen Files
2014-04-15 21:25 - 2013-05-27 01:13 - 00000052 _____ () C:\Windows\SysWOW64\DOErrors.log
2014-04-15 21:24 - 2013-06-01 17:42 - 00000000 _____ () C:\Windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
2014-04-15 09:34 - 2014-03-25 23:50 - 00001042 _____ () C:\Users\Terence CKW\Desktop\Dropbox.lnk
2014-04-15 09:34 - 2014-03-23 15:49 - 00000000 ____D () C:\Users\Terence CKW\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-04-15 09:34 - 2013-05-26 18:46 - 00000000 ___RD () C:\Users\Terence CKW\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-04-13 18:58 - 2009-07-14 13:13 - 00723326 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-04-12 22:09 - 2014-04-12 22:08 - 00033737 _____ () C:\Users\Terence CKW\Desktop\dds.txt
2014-04-12 22:09 - 2014-04-12 22:08 - 00018371 _____ () C:\Users\Terence CKW\Desktop\attach.txt
2014-04-12 22:03 - 2014-04-12 22:03 - 00688992 ____R (Swearware) C:\Users\Terence CKW\Desktop\dds.com
2014-04-12 17:24 - 2014-04-12 17:24 - 00000000 ____D () C:\Program Files (x86)\Cobian Backup 11
2014-04-12 16:07 - 2013-05-30 15:18 - 00000000 ____D () C:\Users\Terence CKW\Desktop\R Killer reports
2014-04-12 13:12 - 2014-04-12 13:12 - 00035840 ___SH () C:\Users\Terence CKW\Thumbs.db
2014-04-12 13:12 - 2013-05-26 18:42 - 00000000 ____D () C:\Users\Terence CKW
2014-04-11 14:20 - 2013-06-02 11:20 - 00000000 ____D () C:\TDSSKiller_Quarantine
2014-04-11 12:55 - 2009-07-14 11:20 - 00000000 ____D () C:\Windows\rescache
2014-04-10 20:08 - 2014-04-10 20:08 - 00000000 ____D () C:\Users\Terence CKW\AppData\Roaming\MotoCast
2014-04-10 14:52 - 2013-07-28 01:50 - 00000000 ____D () C:\Users\Terence CKW\Desktop\RK_Quarantine
2014-04-10 14:11 - 2014-04-10 14:07 - 00000000 ____D () C:\Users\Terence CKW\Downloads\Android Stuff
2014-04-10 11:14 - 2014-04-10 11:14 - 00000000 __SHD () C:\Users\Terence CKW\AppData\Local\EmieUserList
2014-04-10 11:14 - 2014-04-10 11:14 - 00000000 __SHD () C:\Users\Terence CKW\AppData\Local\EmieSiteList
2014-04-10 10:59 - 2009-07-14 11:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-04-10 01:49 - 2013-05-27 01:53 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-04-10 01:48 - 2013-08-06 17:00 - 00000000 ____D () C:\Windows\system32\MRT
2014-04-10 01:45 - 2013-05-26 20:17 - 90655440 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-04-08 12:13 - 2014-01-02 23:58 - 00000000 ____D () C:\Users\Terence CKW\Desktop\mbar
2014-04-08 12:13 - 2013-06-02 12:05 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-04-08 12:05 - 2014-01-02 23:59 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-04-07 21:50 - 2009-07-14 13:08 - 00032626 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-04-04 00:59 - 2014-04-04 00:59 - 00000000 __SHD () C:\found.001
2014-04-02 21:49 - 2014-04-02 21:49 - 00000000 ____D () C:\f23fb423b5ff1f541fa7a0
2014-03-31 09:35 - 2010-07-22 11:15 - 00270496 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-03-30 22:33 - 2013-05-28 14:00 - 00000000 ____D () C:\Users\Terence CKW\AppData\Roaming\vlc
2014-03-30 00:01 - 2014-02-11 16:55 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA1cf2707131e45d3
2014-03-30 00:01 - 2013-12-03 19:50 - 00003642 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore1cef01dcc9d845d
2014-03-27 23:05 - 2014-01-14 16:16 - 00000000 ____D () C:\Users\Terence CKW\Documents\SelfMV
2014-03-26 14:36 - 2013-11-16 23:38 - 00003408 _____ () C:\Windows\System32\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-2799878227-2956951909-133465866-1000
2014-03-25 23:50 - 2014-03-23 15:49 - 00000000 ____D () C:\Users\Terence CKW\AppData\Roaming\DropboxMaster
2014-03-25 23:28 - 2013-06-11 13:34 - 00000000 ____D () C:\Nonwork-2013June
2014-03-25 22:08 - 2013-11-13 01:12 - 00003222 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForTerence CKW
2014-03-25 15:53 - 2014-03-25 15:54 - 00312744 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-03-25 15:53 - 2014-03-25 15:54 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-03-25 15:53 - 2014-03-25 15:54 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-03-25 15:53 - 2014-03-25 15:54 - 00108968 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2014-03-25 15:53 - 2014-03-25 15:53 - 00000000 ____D () C:\Program Files\Java
2014-03-25 15:50 - 2014-03-25 15:50 - 00000000 ____D () C:\Users\Terence CKW\AppData\Roaming\Oracle
2014-03-24 14:47 - 2013-05-28 23:28 - 00000000 ____D () C:\Users\Terence CKW\AppData\Roaming\Real
2014-03-24 14:15 - 2014-03-24 14:15 - 00000995 _____ () C:\Users\Public\Desktop\RealPlayer Cloud.lnk
2014-03-24 14:15 - 2014-03-24 14:15 - 00000000 ____D () C:\Users\Terence CKW\AppData\Roaming\RealNetworks
2014-03-24 14:15 - 2013-05-28 23:29 - 00000000 ____D () C:\Program Files (x86)\Real
2014-03-24 14:14 - 2014-03-24 14:14 - 00000000 ____D () C:\ProgramData\RealNetworks
2014-03-24 14:14 - 2014-03-24 14:14 - 00000000 ____D () C:\Program Files (x86)\RealNetworks
2014-03-24 14:14 - 2013-11-16 23:37 - 00278600 _____ (Progressive Networks) C:\Windows\SysWOW64\pncrt.dll
2014-03-24 14:14 - 2013-11-16 23:37 - 00201800 _____ (RealNetworks, Inc.) C:\Windows\SysWOW64\rmoc3260.dll
2014-03-24 14:14 - 2013-05-28 23:29 - 00000000 ____D () C:\ProgramData\Real
2014-03-24 14:13 - 2013-11-16 23:37 - 00505416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcp71.dll
2014-03-24 14:13 - 2013-11-16 23:37 - 00353864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcr71.dll
2014-03-24 14:12 - 2014-02-09 15:55 - 00000000 ____D () C:\Users\Terence CKW\Desktop\Password_Protection_Manager
2014-03-24 14:12 - 2014-01-29 15:04 - 00000000 ____D () C:\ProgramData\FNET
2014-03-24 14:12 - 2014-01-16 11:25 - 00000000 ____D () C:\Users\Terence CKW\Desktop\S4 Root stuff
2014-03-24 14:12 - 2014-01-13 11:07 - 00000000 ____D () C:\Users\Terence CKW\Note II Root stuff
2014-03-24 14:12 - 2014-01-13 11:07 - 00000000 ____D () C:\Users\Terence CKW\Desktop\Note II Root stuff
2014-03-24 14:12 - 2013-11-18 16:58 - 00000000 ____D () C:\Users\Terence CKW\AppData\Roaming\Copy
2014-03-24 14:12 - 2013-06-01 22:18 - 00000000 ____D () C:\Users\Terence CKW\AppData\Roaming\IrfanView
2014-03-24 14:12 - 2013-05-27 14:01 - 00000000 ____D () C:\ProgramData\FLEXnet
2014-03-24 14:12 - 2009-07-14 11:20 - 00000000 ____D () C:\Windows\registration
2014-03-24 14:12 - 2009-07-14 11:20 - 00000000 ____D () C:\Windows\AppCompat
2014-03-23 22:21 - 2013-09-17 10:42 - 00000000 ____D () C:\Users\Terence CKW\AppData\Local\Box Sync
2014-03-23 16:13 - 2014-03-23 16:07 - 156471358 ____N () C:\Users\Terence CKW\Downloads\Terence-Yihnahs Gardens Photos.zip
2014-03-23 13:28 - 2014-03-23 00:15 - 00000000 ____D () C:\Users\Terence CKW\Box Sync
2014-03-23 12:14 - 2013-06-09 12:20 - 00045784 _____ () C:\Windows\PFRO.log
2014-03-23 10:54 - 2014-03-23 10:54 - 00003234 _____ () C:\Windows\System32\Tasks\{2129B798-8DB1-49AD-9ADD-4FB54949009F}
2014-03-23 00:15 - 2014-03-23 00:15 - 00000000 ___HD () C:\Users\Terence CKW\.Box Sync
2014-03-23 00:11 - 2014-03-23 00:11 - 00000000 ____D () C:\Program Files\Box
2014-03-22 21:04 - 2013-09-01 12:41 - 00001066 _____ () C:\Users\Public\Desktop\VLC media player.lnk
2014-03-22 15:45 - 2013-06-05 17:24 - 00000000 ____D () C:\Users\Terence CKW\AppData\Local\Google
2014-03-22 15:45 - 2013-06-05 17:24 - 00000000 ____D () C:\Program Files (x86)\Google
2014-03-22 14:11 - 2014-03-22 14:11 - 00000000 ____D () C:\Users\Terence CKW\Desktop\Tor Browser

Some content of TEMP:
====================
C:\Users\Terence CKW\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmplazudz.dll
C:\Users\Terence CKW\AppData\Local\Temp\Quarantine.exe

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

LastRegBack: 2014-04-19 12:36

==================== End Of Log ============================

 

Next is the second, Addition:

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 19-04-2014
Ran by Terence CKW at 2014-04-20 16:08:08
Running from C:\Users\Terence CKW\Desktop
Boot Mode: Normal
==========================================================

==================== Security Center ========================

AV: ESET Smart Security 7.0 (Enabled - Up to date) {19259FAE-8396-A113-46DB-15B0E7DFA289}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: ESET Smart Security 7.0 (Enabled - Up to date) {A2447E4A-A5AC-AE9D-7C6B-2EC29C58E834}
FW: ESET Personal firewall (Enabled) {211E1E8B-C9F9-A04B-6D84-BC85190CE5F2}

==================== Installed Programs ======================

Acrobat.com (HKLM-x32\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)
Adobe Acrobat 9 Pro - English, Français, Deutsch (HKLM-x32\...\{AC76BA86-1033-F400-7760-000000000004}{AC76BA86-1033-F400-7760-000000000004}) (Version: 9.5.5 - Adobe Systems)
Adobe Acrobat 9 Pro - English, Français, Deutsch (x32 Version: 9.5.5 - Adobe Systems) Hidden
Adobe Acrobat 9.5.5 - CPSID_83708 (HKLM-x32\...\{AC76BA86-1033-F400-7760-000000000004}_955) (Version:  - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.5.3.9120 - Adobe Systems Inc.)
Adobe AIR (x32 Version: 1.5.3.9120 - Adobe Systems Inc.) Hidden
Adobe Community Help (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.0.0.400 - Adobe Systems Incorporated)
Adobe Community Help (x32 Version: 3.0.0 - Adobe Systems Incorporated) Hidden
Adobe Creative Suite 5 Design Premium (HKLM-x32\...\{A1BC7068-C1BA-410F-8B9A-DB807C803DE2}) (Version: 5.0 - Adobe Systems Incorporated)
Adobe Flash Player 11 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 11.9.900.117 - Adobe Systems Incorporated)
Adobe Flash Player 12 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 12.0.0.77 - Adobe Systems Incorporated)
Adobe Media Player (HKLM-x32\...\com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.8 - Adobe Systems Incorporated)
Adobe Media Player (x32 Version: 1.8 - Adobe Systems Incorporated) Hidden
Adobe Reader XI (11.0.06) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.06 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.5 (HKLM-x32\...\{9ECF7817-DB11-4FBA-9DF1-296A578D513A}) (Version: 11.5.7.609 - Adobe Systems, Inc)
Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.2.122 - Adobe Systems, Inc.)
Alcor Micro USB Card Reader (HKLM-x32\...\InstallShield_{33C7BB7A-4C65-4605-A0CD-76C38F59B0A3}) (Version: 1.2.517.35221 - Alcor Micro Corp.)
Alcor Micro USB Card Reader (x32 Version: 1.2.517.35221 - Alcor Micro Corp.) Hidden
Apple Application Support (HKLM-x32\...\{3FA365DF-2D68-45ED-8F83-8C8A33E65143}) (Version: 1.1.0 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{6956856F-B6B3-4BE0-BA0B-8F495BE32033}) (Version: 2.1.1.116 - Apple Inc.)
ATI Catalyst Install Manager (HKLM\...\{1795BAA8-65EC-66D0-9DA4-D4B1FBE7700E}) (Version: 3.0.778.0 - ATI Technologies, Inc.)
Bing Bar (HKLM-x32\...\{D6C3C9E7-D334-4918-BD57-5B1EF14C207D}) (Version: 7.1.361.0 - Microsoft Corporation)
Bing Desktop (HKLM-x32\...\{7D095455-D971-4D4C-9EFD-9AF6A6584F3A}) (Version: 1.3.171.0 - Microsoft Corporation)
Box Sync (HKLM\...\{9D12E4B0-E9BB-4333-A33D-ABA505034907}) (Version: 4.0.4597.0 - Box, Inc.)
Box Sync (x32 Version: 4.0.4597.0 - Box Inc.) Hidden
Broadcom 2070 Bluetooth 3.0 (HKLM\...\{436E0B79-2CFB-4E5F-9380-E17C1B25D0C5}) (Version: 6.3.0.5600 - Broadcom Corporation)
Broadcom 802.11 Wireless LAN Adapter (HKLM\...\Broadcom 802.11 Wireless LAN Adapter) (Version: 5.60.350.6 - Broadcom Corporation)
BUFFALO Backup Utility (HKLM-x32\...\UN091222) (Version:  - )
BUFFALO BuffaloTools Launcher (HKLM-x32\...\UN091201) (Version:  - )
BUFFALO TurboCopy (HKLM-x32\...\UN091114) (Version:  - )
BUFFALO TurboPC for FLASH/HDD (HKLM-x32\...\UN091111) (Version:  - )
Canon Easy-WebPrint EX (HKLM-x32\...\Easy-WebPrint EX) (Version:  - )
Canon MP Navigator EX 3.1 (HKLM-x32\...\MP Navigator EX 3.1) (Version:  - )
Canon MX350 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX350_series) (Version:  - )
Canon Utilities Easy-PhotoPrint EX (HKLM-x32\...\Easy-PhotoPrint EX) (Version:  - )
Canon Utilities My Printer (HKLM-x32\...\CanonMyPrinter) (Version:  - )
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - ATI) Hidden
Catalyst Control Center Graphics Previews Common (x32 Version: 2010.0621.2137.36973 - ATI) Hidden
Catalyst Control Center Graphics Previews Vista (x32 Version: 2010.0621.2137.36973 - ATI) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2010.0621.2137.36973 - ATI Technologies, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2010.0621.2137.36973 - ATI) Hidden
CCC Help Chinese Standard (x32 Version: 2010.0621.2136.36973 - ATI) Hidden
CCC Help Chinese Traditional (x32 Version: 2010.0621.2136.36973 - ATI) Hidden
CCC Help Czech (x32 Version: 2010.0621.2136.36973 - ATI) Hidden
CCC Help Danish (x32 Version: 2010.0621.2136.36973 - ATI) Hidden
CCC Help Dutch (x32 Version: 2010.0621.2136.36973 - ATI) Hidden
CCC Help English (x32 Version: 2010.0621.2136.36973 - ATI) Hidden
CCC Help Finnish (x32 Version: 2010.0621.2136.36973 - ATI) Hidden
CCC Help French (x32 Version: 2010.0621.2136.36973 - ATI) Hidden
CCC Help German (x32 Version: 2010.0621.2136.36973 - ATI) Hidden
CCC Help Greek (x32 Version: 2010.0621.2136.36973 - ATI) Hidden
CCC Help Hungarian (x32 Version: 2010.0621.2136.36973 - ATI) Hidden
CCC Help Italian (x32 Version: 2010.0621.2136.36973 - ATI) Hidden
CCC Help Japanese (x32 Version: 2010.0621.2136.36973 - ATI) Hidden
CCC Help Korean (x32 Version: 2010.0621.2136.36973 - ATI) Hidden
CCC Help Norwegian (x32 Version: 2010.0621.2136.36973 - ATI) Hidden
CCC Help Polish (x32 Version: 2010.0621.2136.36973 - ATI) Hidden
CCC Help Portuguese (x32 Version: 2010.0621.2136.36973 - ATI) Hidden
CCC Help Russian (x32 Version: 2010.0621.2136.36973 - ATI) Hidden
CCC Help Spanish (x32 Version: 2010.0621.2136.36973 - ATI) Hidden
CCC Help Swedish (x32 Version: 2010.0621.2136.36973 - ATI) Hidden
CCC Help Thai (x32 Version: 2010.0621.2136.36973 - ATI) Hidden
CCC Help Turkish (x32 Version: 2010.0621.2136.36973 - ATI) Hidden
ccc-core-static (x32 Version: 2010.0621.2137.36973 - ATI) Hidden
ccc-utility64 (Version: 2010.0621.2137.36973 - ATI) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 4.02 - Piriform)
Cobian Backup 11 Gravity (HKLM-x32\...\CobBackup11) (Version:  - )
Creative Jukebox Driver (HKLM-x32\...\Creative Jukebox Driver) (Version:  - )
Creative NOMAD Jukebox Zen Xtra (HKLM-x32\...\{66F324A1-BDC0-11D7-9E5C-00D0B76A8705}) (Version:  - )
Creative System Information (HKLM-x32\...\SysInfo) (Version: 1.10 - Creative Technology Limited)
CyberLink DVD Suite (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 7.0.3003 - CyberLink Corp.)
CyberLink DVD Suite (x32 Version: 7.0.3003 - CyberLink Corp.) Hidden
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{5971CA1F-6BDE-498F-952C-9F2BF94070A4}) (Version:  - Microsoft)
Dropbox (HKCU\...\Dropbox) (Version: 2.6.29 - Dropbox, Inc.)
DVD Menu Pack for HP MediaSmart Video (HKLM-x32\...\InstallShield_{FB4BB287-37F9-4E27-9C4D-2D3882E08EFF}) (Version: 4.1.4121 - Hewlett-Packard)
DVD Menu Pack for HP MediaSmart Video (x32 Version: 4.1.4121 - Hewlett-Packard) Hidden
Energy Star Digital Logo (HKLM-x32\...\{BD1A34C9-4764-4F79-AE1F-112F8C89D3D4}) (Version: 1.0.1 - Hewlett-Packard)
Eraser 6.0.9.2343 (HKLM\...\{3D33F6F0-4D90-484D-A1D9-09AE791CCBD9}) (Version: 6.0.2343 - The Eraser Project)
eReg (x32 Version: 1.20.138.34 - ) Hidden
ESET Smart Security (HKLM\...\{F7C525E7-659A-47F6-A25A-7A63FA10E767}) (Version: 7.0.302.26 - ESET, spol s r. o.)
ESU for Microsoft Windows 7 (HKLM-x32\...\{3877C901-7B90-4727-A639-B6ED2DD59D43}) (Version: 1.0.0 - Hewlett-Packard)
Fences Pro (HKLM-x32\...\Fences Pro) (Version: 1.01.222.18677 - Stardock Corporation)
Fences Pro (Version: 1.01.222 - Stardock Corporation) Hidden
FUJIFILM MyFinePix Studio 3.2 (HKLM-x32\...\MyFinePix Studio_is1) (Version:  - )
Gadwin PrintScreen (HKLM-x32\...\Gadwin PrintScreen) (Version: 4.7 - Gadwin Systems, Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 34.0.1847.116 - Google Inc.)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.23.9 - Google Inc.) Hidden
Hewlett-Packard ACLM.NET v1.2.1.1 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HP 3D DriveGuard (HKLM\...\{5601F151-A69F-4E30-8C60-37928124CD07}) (Version: 4.1.9.1 - Hewlett-Packard Company)
HP Customer Experience Enhancements (x32 Version: 6.0.1.7 - Hewlett-Packard) Hidden
HP Documentation (HKLM-x32\...\{90EAAEE0-C4C9-4386-AC38-77EE88255666}) (Version: 1.1.1.0 - Hewlett-Packard)
HP ENVY Document Card Utilities (HKLM-x32\...\{FEC7B56F-A010-4866-809E-F5082CF5BB8C}) (Version: 1.0.5 - Hewlett-Packard)
HP MediaSmart DVD (HKLM-x32\...\InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}) (Version: 4.1.4229 - Hewlett-Packard)
HP MediaSmart DVD (x32 Version: 4.1.4229 - Hewlett-Packard) Hidden
HP MediaSmart Movies and TV (HKLM\...\{4B4E2FA2-3B1E-4147-99DB-5033981D8C2F}) (Version: 1.0.0.10 - Hewlett-Packard)
HP MediaSmart Music (HKLM-x32\...\InstallShield_{91A34181-9FAD-43AB-A35F-E7A8945B7E1C}) (Version: 4.1.4215 - Hewlett-Packard)
HP MediaSmart Music (x32 Version: 4.1.4215 - Hewlett-Packard) Hidden
HP MediaSmart Photo (HKLM-x32\...\InstallShield_{6DAF8CDC-9B04-413B-A0F2-BCC13CF8A5BF}) (Version: 4.1.4211 - Hewlett-Packard)
HP MediaSmart Photo (x32 Version: 4.1.4211 - Hewlett-Packard) Hidden
HP MediaSmart SmartMenu (HKLM\...\{731A1D36-BF17-4C76-B7E7-CC055AF8C54E}) (Version: 3.1.1.12 - Hewlett-Packard)
HP MediaSmart Video (HKLM-x32\...\InstallShield_{D12E3E7F-1B13-4933-A915-16C7DD37A095}) (Version: 4.1.4214 - Hewlett-Packard)
HP MediaSmart Video (x32 Version: 4.1.4214 - Hewlett-Packard) Hidden
HP MediaSmart Webcam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 4.1.3024 - Hewlett-Packard)
HP MediaSmart Webcam (x32 Version: 4.1.3024 - Hewlett-Packard) Hidden
HP Power Manager (HKLM-x32\...\{E44578C7-4667-4124-8BC2-1161BCA54978}) (Version: 1.4.4 - Hewlett-Packard Company)
HP Product Detection (HKLM-x32\...\{A34CC51D-C2FF-4E0E-9F27-28B0249A15DD}) (Version: 11.15.0007 - HP)
HP Quick Launch (HKLM-x32\...\{285F722C-0E45-47DE-B38E-5B3B10FA4A7C}) (Version: 2.5.2 - Hewlett-Packard Company)
HP Setup (HKLM-x32\...\{72D90DB3-A16A-4545-B555-868471101833}) (Version: 8.1.4186.3400 - Hewlett-Packard)
HP Software Framework (HKLM-x32\...\{6C302296-6129-4125-9FD6-2188ECD8814E}) (Version: 4.1.6.1 - Hewlett-Packard Company)
HP Support Assistant (HKLM-x32\...\{EE202411-2C26-49E8-9784-1BC1DBF7DE96}) (Version: 7.0.39.15 - Hewlett-Packard Company)
HP Wireless Assistant (HKLM\...\{B5FC1E1B-E70D-45F1-8E40-A3C30698B323}) (Version: 4.0.9.0 - Hewlett-Packard Company)
HP Wireless Audio Manager 1.0.25 (HKLM-x32\...\HP Wireless Audio Manager) (Version: 1.0.25 - Hewlett-Packard)
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6289.0 - IDT)
Intel Digital Logo (HKLM-x32\...\{0635AEC4-0E4E-4641-9CD0-07D98428EA5A}) (Version: 1.0.5 - Hewlett-Packard Company)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 9.6.1.1001 - Intel Corporation)
Intel® Turbo Boost Technology Driver (HKLM-x32\...\{D6C630BF-8DBB-4042-8562-DC9A52CB6E7E}) (Version: 01.02.00.1002 - Intel Corporation)
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.35 - Irfan Skiljan)
Java 7 Update 51 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417051FF}) (Version: 7.0.510 - Oracle)
Junk Mail filter update (x32 Version: 14.0.8117.416 - Microsoft Corporation) Hidden
Little Registry Optimizer (HKLM-x32\...\Little Registry Optimizer) (Version:  - )
LogonStudio (HKLM-x32\...\{B299E757-BE69-489D-AE78-D58ED9A73E8D}) (Version: 1.7.15 - Stardock)
Malwarebytes Anti-Malware version 1.75.0.1300 (HKLM-x32\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30320 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30320 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Choice Guard (x32 Version: 2.0.48.0 - Microsoft Corporation) Hidden
Microsoft Office Access MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Access Setup Metadata MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUSR) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft_VC80_ATL_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_ATL_x86_x64 (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_CRT_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_CRT_x86_x64 (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFC_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFC_x86_x64 (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFCLOC_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFCLOC_x86_x64 (Version: 80.50727.4053 - Adobe) Hidden
Microsoft_VC90_ATL_x86 (x32 Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_ATL_x86_x64 (Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_CRT_x86 (x32 Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_CRT_x86_x64 (Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_MFC_x86 (x32 Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_MFC_x86_x64 (Version: 1.00.0000 - Adobe) Hidden
MiniTool Partition Wizard Home Edition 8.1.1 (HKLM-x32\...\{05D996FA-ADCB-4D23-BA3C-A7C184A8FAC6}_is1) (Version:  - MiniTool Solution Ltd.)
Movie Theme Pack for HP MediaSmart Video (HKLM-x32\...\InstallShield_{3023EBDA-BF1B-4831-B347-E5018555F26E}) (Version: 4.1.4030 - Hewlett-Packard)
Movie Theme Pack for HP MediaSmart Video (x32 Version: 4.1.4030 - Hewlett-Packard) Hidden
Mozilla Firefox 21.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 21.0 (x86 en-US)) (Version: 21.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 25.0.1 - Mozilla)
MSVCRT (x32 Version: 14.0.1468.721 - Microsoft) Hidden
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP2 Parser and SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
OLYMPUS Digital Camera Updater (HKLM-x32\...\{2A9E8F56-C31B-4DBB-BFE2-0F4EC8192355}) (Version: 1.0.3 - OLYMPUS IMAGING CORP.)
OLYMPUS Viewer 2 (HKLM-x32\...\{643CC22D-0994-41A8-ACE8-CF11A2ACDC1C}) (Version: 1.0.0 - OLYMPUS IMAGING CORP.)
Panda USB Vaccine 1.0.1.4 (HKLM-x32\...\{55A41219-9B22-4098-BAE7-AE289B3C569A}_is1) (Version:  - Panda Security)
PasswordProtectionManager (HKLM-x32\...\PasswordProtectionManager) (Version:  - )
PDF Settings CS5 (x32 Version: 10.0 - Adobe Systems Incorporated) Hidden
Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.1.4204 - CyberLink Corp.)
Power2Go (x32 Version: 6.1.4204 - CyberLink Corp.) Hidden
PX Profile Update (x32 Version: 1.00.1. - AMD) Hidden
QuickTime (HKLM-x32\...\{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}) (Version: 7.65.17.80 - Apple Inc.)
RealDownloader (x32 Version: 17.0.6 - RealNetworks, Inc.) Hidden
RealNetworks - Microsoft Visual C++ 2008 Runtime (x32 Version: 9.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (Version: 10.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (x32 Version: 10.0 - RealNetworks, Inc) Hidden
RealPlayer (HKLM-x32\...\RealPlayer 16.0) (Version: 16.0.3 - RealNetworks)
RealPlayer Cloud (HKLM-x32\...\RealPlayer 17.0) (Version: 17.0.6 - RealNetworks)
Realtek Ethernet Controller Driver For Windows 7 (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.17.304.2010 - Realtek)
RealUpgrade 1.1 (x32 Version: 1.1.0 - RealNetworks, Inc.) Hidden
Recovery Manager (x32 Version: 5.5.3023 - CyberLink Corp.) Hidden
Revo Uninstaller Pro 3.0.5 (HKLM\...\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1) (Version: 3.0.5 - VS Revo Group, Ltd.)
Samsung Kies (HKLM-x32\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.5.3.13043_14 - Samsung Electronics Co., Ltd.)
Samsung Kies (x32 Version: 2.5.3.13043_14 - Samsung Electronics Co., Ltd.) Hidden
Samsung Kies3 (HKLM-x32\...\InstallShield_{88547073-C566-4895-9005-EBE98EA3F7C7}) (Version: 3.2.13114.22 - Samsung Electronics Co., Ltd.)
Samsung Kies3 (x32 Version: 3.2.13114.22 - Samsung Electronics Co., Ltd.) Hidden
Samsung Story Album Viewer (HKLM-x32\...\InstallShield_{698BBAD8-B116-495D-B879-0F07A533E57F}) (Version: 1.0.0.13054_1 - Samsung Electronics Co., Ltd.)
Samsung Story Album Viewer (x32 Version: 1.0.0.13054_1 - Samsung Electronics Co., Ltd.) Hidden
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.29.0 - SAMSUNG Electronics Co., Ltd.)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (x32 Version:  - Microsoft) Hidden
SmartSound Quicktracks for Premiere Elements 8.0 (HKLM-x32\...\InstallShield_{4685A344-6718-4923-AA9D-158A0A2E1CFB}) (Version: 3.11.3090 - SmartSound Software Inc)
SmartSound Quicktracks for Premiere Elements 8.0 (x32 Version: 3.11.3090 - SmartSound Software Inc) Hidden
SoftStylus (HKLM-x32\...\{AC20F304-F02A-473E-BDE7-2400FC7429ED}) (Version: 2.2.131.4 - Motorola)
Sound Blaster X-Fi Go! Pro (HKLM-x32\...\{587B7A6F-CA1F-4639-9083-16F9BB2363B4}) (Version: 1.0 - Creative Technology Limited)
Stardock MyColors (HKLM-x32\...\Stardock MyColors) (Version: 2.75.00 - Stardock Corporation)
Stardock MyColors (x32 Version: 2.75.00 - Stardock Corporation) Hidden
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.3.29.0 - Synaptics Incorporated)
Synology Assistant (remove only) (HKLM-x32\...\Synology Assistant) (Version:  - )
Synology Data Replicator  3 (HKLM-x32\...\{8E310838-457C-4269-B177-3EFB300CBDDC}) (Version: 1.0.0.0 - Synology Inc.)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2468871) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2533523) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2600217) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2836939) (Version: 1 - Microsoft Corporation)
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{B4A38370-2ADB-46B0-A1B0-0C4A2F7DCA31}) (Version:  - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2837594) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{D3C85176-ACCC-4AF0-817D-1BC803303B74}) (Version:  - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2837594) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{D3C85176-ACCC-4AF0-817D-1BC803303B74}) (Version:  - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{4EEA3D3E-989C-4DF4-AB0A-3042C0C12AA3}) (Version:  - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817396) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{39767ECA-1731-45DB-AB5B-6BF40E151D66}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{DADF7E25-FFA4-4D02-BE84-1DAE62C18516}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{287A1E92-9E41-4BC1-8920-B3D0E9220800}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{9D69691D-823D-4C3E-9B12-563A3F520366}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{35698CB7-AAA2-4577-B505-DBFF504AEF23}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{5AA578BB-759C-40FD-9661-A737C0884541}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2825640) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{BA610006-2C39-4419-9834-CF61AB24810A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (HKLM-x32\...\{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUSR_{82F87E28-B18E-46D6-A399-E2F19CF5949B}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.PROPLUSR_{5E8EB600-8B94-429E-873E-98369C6DC1BC}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2863818) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{83B1B530-7D9E-4C6A-907F-E979CEE9C295}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2878225) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{EFF5EBA3-40AD-4859-85E7-3C1CF4F297EB}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-001A-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{DCE104A1-1875-4469-A83D-A5BFA6C4640F}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{2AB483F1-C86E-427A-83B4-23889B03512D}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM-x32\...\{90140000-0018-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{334AA0A1-2BB1-4D74-B66A-2B2C4D9C2C87}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{2BA40F82-F3A4-441C-BF1A-ED4C42FF4872}) (Version:  - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{F9F5A080-AF38-4966-9A6B-C43DCA465035}) (Version:  - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{F9F5A080-AF38-4966-9A6B-C43DCA465035}) (Version:  - Microsoft)
Update for Microsoft Visio 2010 (KB2553444) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{799005D3-9B70-4219-AFE0-BC479614CC4D}) (Version:  - Microsoft)
Update for Microsoft Visio Viewer 2010 (KB2810066) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{8C55AA83-54C2-4236-A622-78440A411DC5}) (Version:  - Microsoft)
UpdateService (x32 Version: 1.0.0 - RealNetworks, Inc.) Hidden
VLC media player 2.1.3 (HKLM-x32\...\VLC media player) (Version: 2.1.3 - VideoLAN)
Windows Driver Package - OLYMPUS IMAGING CORP. Camera Communication Driver Package (09/09/2009 1.0.0.0) (HKLM\...\2C1C2F29FADF39F533CEEE67B90F07A5306A4BDB) (Version: 09/09/2009 1.0.0.0 - OLYMPUS IMAGING CORP.)
Windows Live Call (x32 Version: 14.0.8117.0416 - Microsoft Corporation) Hidden
Windows Live Communications Platform (x32 Version: 14.0.8117.416 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite_Wave3) (Version: 14.0.8117.0416 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 14.0.8117.416 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (HKLM\...\{9B48B0AC-C813-4174-9042-476A887592C7}) (Version: 6.500.3165.0 - Microsoft Corporation)
Windows Live Mail (x32 Version: 14.0.8117.0416 - Microsoft Corporation) Hidden
Windows Live Messenger (x32 Version: 14.0.8117.0416 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 14.0.8117.416 - Microsoft Corporation) Hidden
Windows Live Sync (HKLM-x32\...\{B10914FD-8812-47A4-85A1-50FCDE7F1F33}) (Version: 14.0.8117.416 - Microsoft Corporation)
Windows Live Upload Tool (HKLM-x32\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
Windows Live Writer (x32 Version: 14.0.8117.0416 - Microsoft Corporation) Hidden
WinPatrol (HKLM\...\{84481A87-2316-4923-8FAB-3BA8CA29323D}) (Version: 30.0.2014.0 - BillP Studios)
WOT for Internet Explorer (HKLM\...\{DCAEC601-735C-41AE-B84F-D792F09FB7D1}) (Version: 12.8.2.0 - WOT Services Oy)

==================== Restore Points  =========================

09-04-2014 17:44:08 Windows Update
10-04-2014 02:56:09 Windows Update
13-04-2014 11:00:05 Windows Backup
19-04-2014 08:49:52 Windows Update

==================== Hosts content: ==========================

2009-07-14 10:34 - 2009-06-11 05:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {0490B540-51CE-4A1E-B98F-9185FDFC6970} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2013-12-12] (Hewlett-Packard Company)
Task: {093988B8-DD77-40C2-B9EB-A21A6634AA08} - System32\Tasks\AdobeAAMUpdater-1.0-HPEnvyBeats1104-Terence CKW => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2010-03-06] (Adobe Systems Incorporated)
Task: {0B60A5A4-CAEF-43DA-B57B-391FF722C5EF} - System32\Tasks\GoogleUpdateTaskMachineCore1cef01dcc9d845d => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-06-05] (Google Inc.)
Task: {2D81B055-DC5F-4409-976F-96C8E9E1E959} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-2799878227-2956951909-133465866-1000 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe [2014-02-12] (RealNetworks, Inc.)
Task: {2E1A9878-CA43-44F8-86B8-3070C7295782} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {33319823-5AFC-46F1-A2F6-296A4FEF7706} - System32\Tasks\RecoveryCDWin7 => C:\Program Files (x86)\Hewlett-Packard\HP Setup\RemEngine.exe [2010-05-25] ()
Task: {5B0BE74C-D9A1-4A8C-842A-078D968687EF} - System32\Tasks\ReclaimerUpdateXML_Terence CKW => C:\Users\Terence CKW\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.90\agent\rnupgagent.exe [2014-04-20] (RealNetworks, Inc.)
Task: {5C613C4D-9268-4C98-B9CA-E4D3079E1CC5} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-2799878227-2956951909-133465866-1000 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe [2014-02-12] (RealNetworks, Inc.)
Task: {5E9376F3-36C7-46A8-9983-A2EB1D41369A} - System32\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-2799878227-2956951909-133465866-1000 => C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe [2014-02-12] (RealNetworks, Inc.)
Task: {6697911C-7DFB-4311-95F6-0F9EAF97B28E} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-09-27] (Hewlett-Packard Company)
Task: {6FED6C62-DF17-4696-9E49-9307BCF16A01} - System32\Tasks\{EE958697-B94F-48BC-81A4-4E63444A44AD} => F:\BackUp of SamsungD_2007-20Jan\Program Files\Microsoft PC Apps\RAWViewerSetup.exe
Task: {782A160D-8FD1-4CE0-A440-D627FED6F726} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-05-24] (Piriform Ltd)
Task: {7DD54FE4-782F-4DE0-8EB3-8EEB2273F9FC} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-2799878227-2956951909-133465866-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2014-02-12] (RealNetworks, Inc.)
Task: {7F7C6BD7-BA43-4C4C-8B15-E2C6558BA9CE} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2008-07-30] (Apple Inc.)
Task: {8D504C65-0C37-4E28-9018-FE7AC4AD6AE8} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-09-27] (Hewlett-Packard Company)
Task: {903A9C6C-72B5-483F-8AA7-05DC3AB9B5D8} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-2799878227-2956951909-133465866-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2014-02-12] (RealNetworks, Inc.)
Task: {9C9D175E-F6A1-4F79-A0E9-1C921316D4A2} - System32\Tasks\RNUpgradeHelperResumePrompt_Terence CKW => C:\Users\Terence CKW\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.90\agent\rnupgagent.exe [2014-04-20] (RealNetworks, Inc.)
Task: {A938300B-20AA-43E1-91F8-0C8FCCF3E54F} - System32\Tasks\RNUpgradeHelperLogonPrompt_Terence CKW => C:\Users\Terence CKW\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.90\agent\rnupgagent.exe [2014-04-20] (RealNetworks, Inc.)
Task: {B081B8CE-674E-415C-B422-03539847659C} - System32\Tasks\ReclaimerUpdateFiles_Terence CKW => C:\Users\Terence CKW\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.90\agent\rnupgagent.exe [2014-04-20] (RealNetworks, Inc.)
Task: {B34CAAA3-855D-429C-BE4D-B53FE406ED76} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Tuneup => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-09-27] (Hewlett-Packard Company)
Task: {B49F4E3E-F94C-49B9-A635-5EAF17F758C2} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-2799878227-2956951909-133465866-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2014-02-12] (RealNetworks, Inc.)
Task: {D91CCF5B-3F4F-4B65-9F9B-471E4803E7F6} - System32\Tasks\{50EC5BC7-FFD3-45A7-BF7E-21A427E4F467} => E:\SETUP.EXE
Task: {DF179D8D-9B4A-4DEF-B344-37CA7A4FBF1A} - System32\Tasks\{2D97727C-2A19-4847-8878-F2F35FBB1EFB} => E:\SETUP.EXE
Task: {E05BF809-1874-4739-A531-3D176C99523F} - System32\Tasks\GoogleUpdateTaskMachineUA1cf2707131e45d3 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-06-05] (Google Inc.)
Task: {E5AB250B-7960-4D17-98FC-3FA01B97B141} - System32\Tasks\{65AEEBB8-1E07-4B04-9A11-CD35274FFE39} => H:\From Dell\USBVaccineSetup.exe
Task: {E6BBD73B-39B9-4810-8058-9192E844E5AB} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HPSAObjUtilTask => C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\UtilTask.exe [2014-04-08] (Microsoft)
Task: {E828BF78-3401-4816-A32E-2627F1A96A73} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-2799878227-2956951909-133465866-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2014-02-12] (RealNetworks, Inc.)
Task: {EA4FD6BE-943E-47B0-B4B2-E62AD1A3BF2F} - System32\Tasks\Microsoft_Hardware_Launch_IPoint_exe => c:\Program Files\Microsoft IntelliPoint\IPoint.exe
Task: {ED7F2F1C-C95D-4B1A-8530-1E3996CA38E8} - System32\Tasks\{5810B6C2-004E-4A5D-AA6C-7779A7143C2B} => E:\CTEngine\Setup.exe
Task: {FB9B8597-4694-4367-A757-FFF6E6ED13E4} - System32\Tasks\HPCeeScheduleForTerence CKW => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-13] (Hewlett-Packard)
Task: {FBBDB197-7408-45D9-9159-5D11965ACCFE} - System32\Tasks\MirageAgent => C:\Program Files (x86)\Hewlett-Packard\Media\Webcam\YCMMirage.exe [2010-06-25] (CyberLink)
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cef01dcc9d845d.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA1cf2707131e45d3.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\HPCeeScheduleForTerence CKW.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
Task: C:\Windows\Tasks\ReclaimerUpdateFiles_Terence CKW.job => C:\Users\Terence CKW\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.90\agent\rnupgagent.exe
Task: C:\Windows\Tasks\ReclaimerUpdateXML_Terence CKW.job => C:\Users\Terence CKW\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.90\agent\rnupgagent.exe
Task: C:\Windows\Tasks\RNUpgradeHelperLogonPrompt_Terence CKW.job => C:\Users\Terence CKW\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.90\agent\rnupgagent.exe

==================== Loaded Modules (whitelisted) =============

2009-06-09 09:56 - 2009-06-09 09:56 - 00100656 _____ () C:\Program Files (x86)\Stardock\MyColors\WBVista.exe
2014-02-12 14:42 - 2014-02-12 14:42 - 00039568 _____ () C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
2014-02-12 16:29 - 2014-02-12 16:29 - 00023552 _____ () C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe
2012-06-28 10:10 - 2012-06-28 10:10 - 00381312 _____ () C:\Program Files (x86)\Synology Data Replicator  3\SynoDrServicex64.exe
2012-09-18 11:10 - 2012-09-18 11:10 - 00248704 _____ () C:\Program Files (x86)\Synology\Assistant\UsbClientService.exe
2013-09-05 00:17 - 2013-09-05 00:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 15:23 - 2010-10-20 15:23 - 08801632 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2013-06-18 12:12 - 2009-12-29 16:52 - 00089088 _____ () C:\Windows\SYSTEM32\CmdRtr64.DLL
2013-06-18 12:12 - 2010-07-22 16:46 - 00237056 _____ () C:\Windows\SYSTEM32\APOMgr64.DLL
2010-06-09 14:55 - 2010-06-09 14:55 - 00173856 _____ () C:\Program Files\WIDCOMM\Bluetooth Software\btkeyind.dll
2010-06-19 07:26 - 2010-06-19 07:26 - 00267832 _____ () C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPCommon.XmlSerializers.dll
2010-06-11 08:12 - 2010-06-11 08:12 - 00016384 ____R () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll
2010-06-22 12:36 - 2010-06-22 12:36 - 00270336 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2010-06-19 07:26 - 2010-06-19 07:26 - 00030264 _____ () C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_LogicLayer.dll
2010-06-19 07:26 - 2010-06-19 07:26 - 00052280 _____ () C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HardwareAccess.dll
2014-03-24 14:14 - 2014-03-24 14:14 - 00867928 _____ () c:\program files (x86)mediaandentertainment\real\realplayer\RPDS\Plugins\cldplin.dll
2013-05-27 03:05 - 2013-12-25 06:14 - 00642016 ____N () C:\Program Files (x86)\BillP Studios\WinPatrol\sqlite3.dll
2011-11-04 19:03 - 2011-11-04 19:03 - 00025912 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Wireless Audio\CustomControls.dll
2013-06-18 12:12 - 2009-12-29 16:50 - 00073728 _____ () C:\Windows\SysWOW64\CmdRtr.DLL
2013-06-18 12:12 - 2010-07-22 16:45 - 00181760 _____ () C:\Windows\SysWOW64\APOMngr.DLL
2014-04-20 16:01 - 2014-04-20 16:01 - 00041984 _____ () C:\Users\Terence CKW\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmplazudz.dll
2013-08-24 03:01 - 2013-08-24 03:01 - 25100288 _____ () C:\Users\Terence CKW\AppData\Roaming\Dropbox\bin\libcef.dll
2014-02-12 14:02 - 2014-02-12 14:02 - 00170496 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\0d323f1a0432d8d30edc22fa6cfa4862\IsdiInterop.ni.dll
2013-05-27 08:22 - 2010-03-25 05:11 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\Users\Terence CKW\Documents\2007-04-16 11.17.16.jpg:com.dropbox.attributes
AlternateDataStreams: C:\Users\Terence CKW\Documents\2007-04-16 11.17.46.jpg:com.dropbox.attributes
AlternateDataStreams: C:\Users\Terence CKW\Documents\2007-05-31 23.26.29.jpg:com.dropbox.attributes
AlternateDataStreams: C:\Users\Terence CKW\Documents\2007-05-31 23.27.30.jpg:com.dropbox.attributes

==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\27810884.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\56893579.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\97221597.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\27810884.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\56893579.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\97221597.sys => ""="Driver"

==================== Disabled items from MSCONFIG ==============

MSCONFIG\Services: Fax => 3
MSCONFIG\Services: Motorola Device Manager => 2
MSCONFIG\startupfolder: C:^Users^Terence CKW^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Logitech . Product Registration.lnk => C:\Windows\pss\Logitech . Product Registration.lnk.Startup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
MSCONFIG\startupreg: AdobeCS5ServiceManager => "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
MSCONFIG\startupreg: BingDesktop => C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exe /fromkey
MSCONFIG\startupreg: CanonMyPrinter => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
MSCONFIG\startupreg: Creative Detector => C:\Program Files (x86)\Creative\MediaSource\Detector\CTDetect.exe /R
MSCONFIG\startupreg: Gadwin PrintScreen => "C:\Program Files (x86)\Gadwin Systems\PrintScreen\PrintScreen.exe" /nosplash
MSCONFIG\startupreg: KiesTrayAgent => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
MSCONFIG\startupreg: Logitech Download Assistant => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)MediaandEntertainment\QTTask.exe" -atboottime
MSCONFIG\startupreg: SmartMenu => C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe /background

==================== Faulty Device Manager Devices =============

Name: Bluetooth Peripheral Device
Description: Bluetooth Peripheral Device
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Bluetooth Peripheral Device
Description: Bluetooth Peripheral Device
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

==================== Event log errors: =========================

Application errors:
==================
Error: (04/20/2014 04:00:52 PM) (Source: Application Error) (User: )
Description: Faulting application name: rnupgagent.exe, version: 10.6.0.87, time stamp: 0x532966f3
Faulting module name: rnupgagent.exe, version: 10.6.0.87, time stamp: 0x532966f3
Exception code: 0xc0000005
Fault offset: 0x0000a180
Faulting process id: 0xf88
Faulting application start time: 0xrnupgagent.exe0
Faulting application path: rnupgagent.exe1
Faulting module path: rnupgagent.exe2
Report Id: rnupgagent.exe3

Error: (04/20/2014 03:02:29 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3.
The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute "version" in element "assemblyIdentity" is invalid.

Error: (04/19/2014 01:58:58 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3.
The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute "version" in element "assemblyIdentity" is invalid.

Error: (04/19/2014 00:12:59 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0"1".
Dependent Assembly rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (04/19/2014 00:12:59 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0"1".
Dependent Assembly rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (04/18/2014 04:30:14 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3.
The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute "version" in element "assemblyIdentity" is invalid.

Error: (04/17/2014 11:44:05 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3.
The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute "version" in element "assemblyIdentity" is invalid.

Error: (04/17/2014 10:38:30 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3.
The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute "version" in element "assemblyIdentity" is invalid.

Error: (04/16/2014 10:39:02 PM) (Source: Application Error) (User: )
Description: Faulting application name: iexplore.exe, version: 11.0.9600.17041, time stamp: 0x53180888
Faulting module name: ntdll.dll, version: 6.1.7601.18247, time stamp: 0x521eaf24
Exception code: 0xc00000fd
Fault offset: 0x0000000000053520
Faulting process id: 0x5188
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3

Error: (04/16/2014 10:38:49 PM) (Source: Application Error) (User: )
Description: Faulting application name: iexplore.exe, version: 11.0.9600.17041, time stamp: 0x53180888
Faulting module name: ntdll.dll, version: 6.1.7601.18247, time stamp: 0x521eaf24
Exception code: 0xc00000fd
Fault offset: 0x0000000000053520
Faulting process id: 0x16dc
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3

System errors:
=============
Error: (04/20/2014 04:01:46 PM) (Source: Service Control Manager) (User: )
Description: The Peer Name Resolution Protocol service terminated with the following error:
%%-2140993535

Error: (04/20/2014 04:01:46 PM) (Source: Service Control Manager) (User: )
Description: The Peer Networking Grouping service depends on the Peer Name Resolution Protocol service which failed to start because of the following error:
%%-2140993535

Error: (04/20/2014 04:01:46 PM) (Source: Service Control Manager) (User: )
Description: The Peer Networking Grouping service depends on the Peer Name Resolution Protocol service which failed to start because of the following error:
%%-2140993535

Error: (04/20/2014 04:01:46 PM) (Source: Service Control Manager) (User: )
Description: The Peer Name Resolution Protocol service terminated with the following error:
%%-2140993535

Error: (04/20/2014 04:01:46 PM) (Source: PNRPSvc) (User: )
Description: 0x80630801

Error: (04/20/2014 04:01:46 PM) (Source: PNRPSvc) (User: )
Description: 0x80630801

Error: (04/20/2014 04:01:39 PM) (Source: Service Control Manager) (User: )
Description: The Peer Name Resolution Protocol service terminated with the following error:
%%-2140993535

Error: (04/20/2014 04:01:39 PM) (Source: Service Control Manager) (User: )
Description: The Peer Networking Grouping service depends on the Peer Name Resolution Protocol service which failed to start because of the following error:
%%-2140993535

Error: (04/20/2014 04:01:38 PM) (Source: PNRPSvc) (User: )
Description: 0x80630801

Error: (04/20/2014 03:58:42 PM) (Source: Service Control Manager) (User: )
Description: The Peer Networking Grouping service depends on the Peer Name Resolution Protocol service which failed to start because of the following error:
%%-2140993535

Microsoft Office Sessions:
=========================
Error: (04/20/2014 04:00:52 PM) (Source: Application Error)(User: )
Description: rnupgagent.exe10.6.0.87532966f3rnupgagent.exe10.6.0.87532966f3c00000050000a180f8801cf5c6ea1d3ff49C:\Users\Terence CKW\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.90\agent\rnupgagent.exeC:\Users\Terence CKW\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.90\agent\rnupgagent.exee43e87f5-c861-11e3-9615-70f39593bade

Error: (04/20/2014 03:02:29 PM) (Source: SideBySide)(User: )
Description: assemblyIdentityversionMAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINORC:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dllC:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll3

Error: (04/19/2014 01:58:58 PM) (Source: SideBySide)(User: )
Description: assemblyIdentityversionMAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINORC:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dllC:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll3

Error: (04/19/2014 00:12:59 PM) (Source: SideBySide)(User: )
Description: rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0"C:\Windows\Installer\{97F4C931-5B0F-4572-97FD-042F75F5198B}\recordingmanager.exe

Error: (04/19/2014 00:12:59 PM) (Source: SideBySide)(User: )
Description: rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0"C:\Windows\Installer\{97F4C931-5B0F-4572-97FD-042F75F5198B}\recordingmanager.exe

Error: (04/18/2014 04:30:14 PM) (Source: SideBySide)(User: )
Description: assemblyIdentityversionMAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINORC:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dllC:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll3

Error: (04/17/2014 11:44:05 AM) (Source: SideBySide)(User: )
Description: assemblyIdentityversionMAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINORC:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dllC:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll3

Error: (04/17/2014 10:38:30 AM) (Source: SideBySide)(User: )
Description: assemblyIdentityversionMAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINORC:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dllC:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll3

Error: (04/16/2014 10:39:02 PM) (Source: Application Error)(User: )
Description: iexplore.exe11.0.9600.1704153180888ntdll.dll6.1.7601.18247521eaf24c00000fd0000000000053520518801cf598199412371C:\Program Files\Internet Explorer\iexplore.exeC:\Windows\SYSTEM32\ntdll.dlld9c325f4-c574-11e3-9190-70f39593bade

Error: (04/16/2014 10:38:49 PM) (Source: Application Error)(User: )
Description: iexplore.exe11.0.9600.1704153180888ntdll.dll6.1.7601.18247521eaf24c00000fd000000000005352016dc01cf5981928a9cb4C:\Program Files\Internet Explorer\iexplore.exeC:\Windows\SYSTEM32\ntdll.dlld2822609-c574-11e3-9190-70f39593bade

==================== Memory info ===========================

Percentage of memory in use: 52%
Total physical RAM: 3893.61 MB
Available physical RAM: 1856.7 MB
Total Pagefile: 7785.4 MB
Available Pagefile: 5321.04 MB
Total Virtual: 8192 MB
Available Virtual: 8191.81 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:273.11 GB) (Free:163.51 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (RECOVERY) (Fixed) (Total:24.68 GB) (Free:2.9 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 298 GB) (Disk ID: FF345ABE)
Partition 1: (Active) - (Size=199 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=273 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=25 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=103 MB) - (Type=0C)

==================== End Of Log ============================

 

Lastly, below here [2 reports]  is the Rogue Killer. I was somewhat surprise, compared to the last scan, now there are no items in the drivers tab.

 

RogueKiller V8.8.15 [Mar 27 2014] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Terence CKW [Admin rights]
Mode : Scan -- Date : 04/20/2014 16:13:46
| ARK || FAK || MBR |

¤¤¤ Bad processes : 1 ¤¤¤
[SUSP PATH] AutoStarter.exe -- C:\ProgramData\AutoStarter\AutoStarter.exe [7] -> KILLED [TermProc]

¤¤¤ Registry Entries : 1 ¤¤¤
[RUN][SUSP PATH] HKLM\[...]\Wow6432Node\[...]\Run : AutoStarter (C:\ProgramData\AutoStarter\AutoStarter.exe [7]) -> FOUND

¤¤¤ Scheduled tasks : 0 ¤¤¤

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Browser Addons : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤

¤¤¤ External Hives: ¤¤¤

¤¤¤ Infection :  ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts

 

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) WDC WD3200BEKT-60V5T1 (TurboPC) +++++
--- User ---
[MBR] 553b9fbd696d591334f2767aab7a92ca
[BSP] d66c264cba4f2e9fa96395c6f9d62266 : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 199 MB
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 409600 | Size: 279664 MB
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 573161472 | Size: 25277 MB
3 - [XXXXXX] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 624928768 | Size: 103 MB
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[0]_S_04202014_161346.txt >>

 

RogueKiller V8.8.15 [Mar 27 2014] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Terence CKW [Admin rights]
Mode : Remove -- Date : 04/20/2014 16:15:34
| ARK || FAK || MBR |

¤¤¤ Bad processes : 1 ¤¤¤
[SUSP PATH] AutoStarter.exe -- C:\ProgramData\AutoStarter\AutoStarter.exe [7] -> KILLED [TermProc]

¤¤¤ Registry Entries : 1 ¤¤¤
[RUN][SUSP PATH] HKLM\[...]\Wow6432Node\[...]\Run : AutoStarter (C:\ProgramData\AutoStarter\AutoStarter.exe [7]) -> DELETED

¤¤¤ Scheduled tasks : 0 ¤¤¤

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Browser Addons : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤

¤¤¤ External Hives: ¤¤¤

¤¤¤ Infection :  ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts

 

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) WDC WD3200BEKT-60V5T1 (TurboPC) +++++
--- User ---
[MBR] 553b9fbd696d591334f2767aab7a92ca
[BSP] d66c264cba4f2e9fa96395c6f9d62266 : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 199 MB
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 409600 | Size: 279664 MB
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 573161472 | Size: 25277 MB
3 - [XXXXXX] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 624928768 | Size: 103 MB
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[0]_D_04202014_161534.txt >>
RKreport[0]_S_04202014_161346.txt

 

 

== Thank You ==

 



#6 nasdaq

nasdaq

  • Malware Response Team
  • 38,767 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:02 PM

Posted 20 April 2014 - 08:38 AM

Glad we found it.

AutoStarter came from this application.
http://www.herdprotect.com/autostarter.exe-4c87ae6f899075ed6b133fb99f77ecdd3026fed7.aspx
===

One last scan.

Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
p.s.
If the SecurityCheck program fails to run for any reason, run it as an Administrator.
===

#7 TCKW

TCKW
  • Topic Starter

  • Members
  • 127 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:02 AM

Posted 20 April 2014 - 09:44 PM

Hi.

 

Good. But I thought the Autostarter is a legit one which came from operating my Sony ext drive which includes 'a protection element' which was why the Autostarter was needed.

Ain't so?



#8 TCKW

TCKW
  • Topic Starter

  • Members
  • 127 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:02 AM

Posted 20 April 2014 - 09:47 PM

Then, SIr,

 

How about here below one of the Rogue Killer report log which was done some weeks ago.

Please kindly take a look :

 

RogueKiller V8.8.15 _x64_ [Mar 27 2014] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Terence CKW [Admin rights]
Mode : Scan -- Date : 03/28/2014 14:21:33
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 0 ¤¤¤

¤¤¤ Scheduled tasks : 0 ¤¤¤

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Browser Addons : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤
[Address] EAT @explorer.exe (NSPStartup) : Syncreg.dll -> HOOKED (C:\Windows\System32\wshBth.dll @ 0xF6C54CB8)
[Address] EAT @explorer.exe (WSHAddressToString) : Syncreg.dll -> HOOKED (C:\Windows\System32\wshBth.dll @ 0xF6C537C8)
[Address] EAT @explorer.exe (WSHEnumProtocols) : Syncreg.dll -> HOOKED (C:\Windows\System32\wshBth.dll @ 0xF6C52F40)
[Address] EAT @explorer.exe (WSHGetBroadcastSockaddr) : Syncreg.dll -> HOOKED (C:\Windows\System32\wshBth.dll @ 0xF6C531CC)
[Address] EAT @explorer.exe (WSHGetProviderGuid) : Syncreg.dll -> HOOKED (C:\Windows\System32\wshBth.dll @ 0xF6C53110)
[Address] EAT @explorer.exe (WSHGetSockaddrType) : Syncreg.dll -> HOOKED (C:\Windows\System32\wshBth.dll @ 0xF6C5303C)
[Address] EAT @explorer.exe (WSHGetSocketInformation) : Syncreg.dll -> HOOKED (C:\Windows\System32\wshBth.dll @ 0xF6C534F4)
[Address] EAT @explorer.exe (WSHGetWSAProtocolInfo) : Syncreg.dll -> HOOKED (C:\Windows\System32\wshBth.dll @ 0xF6C53078)
[Address] EAT @explorer.exe (WSHGetWildcardSockaddr) : Syncreg.dll -> HOOKED (C:\Windows\System32\wshBth.dll @ 0xF6C53194)
[Address] EAT @explorer.exe (WSHGetWinsockMapping) : Syncreg.dll -> HOOKED (C:\Windows\System32\wshBth.dll @ 0xF6C53208)
[Address] EAT @explorer.exe (WSHIoctl) : Syncreg.dll -> HOOKED (C:\Windows\System32\wshBth.dll @ 0xF6C53298)
[Address] EAT @explorer.exe (WSHJoinLeaf) : Syncreg.dll -> HOOKED (C:\Windows\System32\wshBth.dll @ 0xF6C53A88)
[Address] EAT @explorer.exe (WSHNotify) : Syncreg.dll -> HOOKED (C:\Windows\System32\wshBth.dll @ 0xF6C53A94)
[Address] EAT @explorer.exe (WSHOpenSocket) : Syncreg.dll -> HOOKED (C:\Windows\System32\wshBth.dll @ 0xF6C53B80)
[Address] EAT @explorer.exe (WSHOpenSocket2) : Syncreg.dll -> HOOKED (C:\Windows\System32\wshBth.dll @ 0xF6C53BB8)
[Address] EAT @explorer.exe (WSHSetSocketInformation) : Syncreg.dll -> HOOKED (C:\Windows\System32\wshBth.dll @ 0xF6C5362C)
[Address] EAT @explorer.exe (WSHStringToAddress) : Syncreg.dll -> HOOKED (C:\Windows\System32\wshBth.dll @ 0xF6C538D0)

¤¤¤ External Hives: ¤¤¤

¤¤¤ Infection :  ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts

 

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) WDC WD3200BEKT-60V5T1 (TurboPC) +++++
--- User ---
[MBR] 553b9fbd696d591334f2767aab7a92ca
[BSP] d66c264cba4f2e9fa96395c6f9d62266 : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 199 MB
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 409600 | Size: 279664 MB
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 573161472 | Size: 25277 MB
3 - [XXXXXX] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 624928768 | Size: 103 MB
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[0]_S_03282014_142133.txt >>
RKreport[0]_D_03272014_095502.txt;RKreport[0]_S_03272014_095310.txt

 

 

Thank you.



#9 TCKW

TCKW
  • Topic Starter

  • Members
  • 127 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:02 AM

Posted 20 April 2014 - 11:25 PM

Hi Mr Nasdaq.

 

Here s the log report of the security check:

 

RogueKiller V8.8.15 _x64_ [Mar 27 2014] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Terence CKW [Admin rights]
Mode : Scan -- Date : 03/28/2014 14:21:33
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 0 ¤¤¤

¤¤¤ Scheduled tasks : 0 ¤¤¤

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Browser Addons : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤
[Address] EAT @explorer.exe (NSPStartup) : Syncreg.dll -> HOOKED (C:\Windows\System32\wshBth.dll @ 0xF6C54CB8)
[Address] EAT @explorer.exe (WSHAddressToString) : Syncreg.dll -> HOOKED (C:\Windows\System32\wshBth.dll @ 0xF6C537C8)
[Address] EAT @explorer.exe (WSHEnumProtocols) : Syncreg.dll -> HOOKED (C:\Windows\System32\wshBth.dll @ 0xF6C52F40)
[Address] EAT @explorer.exe (WSHGetBroadcastSockaddr) : Syncreg.dll -> HOOKED (C:\Windows\System32\wshBth.dll @ 0xF6C531CC)
[Address] EAT @explorer.exe (WSHGetProviderGuid) : Syncreg.dll -> HOOKED (C:\Windows\System32\wshBth.dll @ 0xF6C53110)
[Address] EAT @explorer.exe (WSHGetSockaddrType) : Syncreg.dll -> HOOKED (C:\Windows\System32\wshBth.dll @ 0xF6C5303C)
[Address] EAT @explorer.exe (WSHGetSocketInformation) : Syncreg.dll -> HOOKED (C:\Windows\System32\wshBth.dll @ 0xF6C534F4)
[Address] EAT @explorer.exe (WSHGetWSAProtocolInfo) : Syncreg.dll -> HOOKED (C:\Windows\System32\wshBth.dll @ 0xF6C53078)
[Address] EAT @explorer.exe (WSHGetWildcardSockaddr) : Syncreg.dll -> HOOKED (C:\Windows\System32\wshBth.dll @ 0xF6C53194)
[Address] EAT @explorer.exe (WSHGetWinsockMapping) : Syncreg.dll -> HOOKED (C:\Windows\System32\wshBth.dll @ 0xF6C53208)
[Address] EAT @explorer.exe (WSHIoctl) : Syncreg.dll -> HOOKED (C:\Windows\System32\wshBth.dll @ 0xF6C53298)
[Address] EAT @explorer.exe (WSHJoinLeaf) : Syncreg.dll -> HOOKED (C:\Windows\System32\wshBth.dll @ 0xF6C53A88)
[Address] EAT @explorer.exe (WSHNotify) : Syncreg.dll -> HOOKED (C:\Windows\System32\wshBth.dll @ 0xF6C53A94)
[Address] EAT @explorer.exe (WSHOpenSocket) : Syncreg.dll -> HOOKED (C:\Windows\System32\wshBth.dll @ 0xF6C53B80)
[Address] EAT @explorer.exe (WSHOpenSocket2) : Syncreg.dll -> HOOKED (C:\Windows\System32\wshBth.dll @ 0xF6C53BB8)
[Address] EAT @explorer.exe (WSHSetSocketInformation) : Syncreg.dll -> HOOKED (C:\Windows\System32\wshBth.dll @ 0xF6C5362C)
[Address] EAT @explorer.exe (WSHStringToAddress) : Syncreg.dll -> HOOKED (C:\Windows\System32\wshBth.dll @ 0xF6C538D0)

¤¤¤ External Hives: ¤¤¤

¤¤¤ Infection :  ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts

 

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) WDC WD3200BEKT-60V5T1 (TurboPC) +++++
--- User ---
[MBR] 553b9fbd696d591334f2767aab7a92ca
[BSP] d66c264cba4f2e9fa96395c6f9d62266 : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 199 MB
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 409600 | Size: 279664 MB
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 573161472 | Size: 25277 MB
3 - [XXXXXX] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 624928768 | Size: 103 MB
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[0]_S_03282014_142133.txt >>
RKreport[0]_D_03272014_095502.txt;RKreport[0]_S_03272014_095310.txt

 

There was something which I notice while the checking process went on, it showed a 'something missing' very quickly it flashed off the cmd prompt box. 

 

Regards.



#10 TCKW

TCKW
  • Topic Starter

  • Members
  • 127 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:02 AM

Posted 20 April 2014 - 11:28 PM

Sorry Mr Nasdaq the preceding reply, I believe the wrong security check log pasted for you.

 

Here should be the right one:

 

 Results of screen317's Security Check version 0.99.82 
 Windows 7 Service Pack 1 x64 (UAC is enabled) 
 Internet Explorer 11 
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled! 
ESET Smart Security 7.0  
 Antivirus up to date!  
`````````Anti-malware/Other Utilities Check:`````````
 Malwarebytes Anti-Malware version 1.75.0.1300 
  Adobe Flash Player 11.9.900.117 Flash Player out of Date! 
 Adobe Reader XI 
 Mozilla Firefox 21.0 Firefox out of Date! 
 Google Chrome 33.0.1750.154 
 Google Chrome 34.0.1847.116 
````````Process Check: objlist.exe by Laurent```````` 
 WinPatrol winpatrol.exe
 ESET NOD32 Antivirus egui.exe 
 ESET NOD32 Antivirus ekrn.exe 
 Malwarebytes Anti-Malware mbamservice.exe 
 Malwarebytes Anti-Malware mbamgui.exe 
 BillP Studios WinPatrol WinPatrol.exe 
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 
````````````````````End of Log``````````````````````

 

 

Regards.

 

Apologies again for any confusion, inconvenience.
 



#11 nasdaq

nasdaq

  • Malware Response Team
  • 38,767 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:02 PM

Posted 21 April 2014 - 07:35 AM


How about here below one of the Rogue Killer report log which was done some weeks ago.
Please kindly take a look :


syncreg.dll is part of Microsoft Microsoft Synchronization Framework. Nothing to worry about.
http://www.herdprotect.com/syncreg.dll-f5c2fde5284566e5d42361c0550e483665c1fc46.aspx
===

Critical vulnerabilities have been identified in old version of Adobe Flash Player please get the latest version.

Flash test site:
http://www.adobe.com/software/flash/about/
Install the new version or if you have the latest close the windows.

Flash Player Help / Find version
http://helpx.adobe.com/flash-player/kb/find-version-flash-player.html#main_Find_the_Flash_Player_version_installed_on_your_machine

===

Let me know of any remaining issues.

#12 TCKW

TCKW
  • Topic Starter

  • Members
  • 127 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:02 AM

Posted 22 April 2014 - 04:11 AM

I didn't know the many MS syncregdll entires were nothing to worry about as I, being a novice was naturally alarmed at 'unwanted things', when all the relevant tabs in the Rogue Killer scan should turn out blank normally after scan when a computer is unaffected.

 

I updated the Adobe Flash Player and Firebox browser.

 

Ok friend, so it means my laptop is safe and sound? Right?

 

regards.



#13 nasdaq

nasdaq

  • Malware Response Team
  • 38,767 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:02 PM

Posted 22 April 2014 - 12:19 PM

Make a last scan.

Please scan your machine with ESET OnlineScan
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the esetonlinebtn.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer.
      Save it to your Desktop.
    • Double click on the esetsmartinstaller_enu.png to download the ESET Smart Installer. icon on your Desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.


#14 TCKW

TCKW
  • Topic Starter

  • Members
  • 127 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:02 AM

Posted 24 April 2014 - 02:46 AM

Hello..

 

There is a problem with the ESET o/l scanner displaying the final part of the scan. The scan completed took, approx. 2 3/4 hours. I adhered to your instructions fully, coming to final part to Export, unfortunately the Eset dialog box was constrained in display, and cannot see the applicable tab to click for export, resulting no way to save any reports.

I tried to leave that screen alone, went to settings/display resolutions and internet options to see if I can do something to enable the screen to display properly but no avail.

If useful for you, what I have is I took some screen shots to attach here for your reference.

There are 2 screen shot files.

Attached Files



#15 TCKW

TCKW
  • Topic Starter

  • Members
  • 127 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:02 AM

Posted 24 April 2014 - 02:48 AM

This is second screen shot

 

Oh dear, I am not allowed to u/l next shot as only allotment size is 6.72 kb..

 






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users