Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

NEED help ---- effected with *origin.com;*ea.com;*akamaihd.net


  • This topic is locked This topic is locked
61 replies to this topic

#1 cbweng

cbweng

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:03:05 PM

Posted 26 October 2014 - 12:35 AM

This issue have been reported by prevoius peerson. Now i'm effected also. Please urgent procedure to remove it.   Thanks

 

The symptons are that the IE proxy keeps getting changed to 127.0.0.1:190xx and proxy is also bypassed for the following URL:
;*origin.com;*ea.com;*akamaihd.net
 When I removed the proxy (because i don't use any), it keeps reverting to the incorrect one.
I've made is that this seems to only affect IE proxy settings because Firefox i still can use.
 
Would appreciate if you could advise me on how to go about retifying this situation please.  Please let me know if further details are required.

 Many thanks!



BC AdBot (Login to Remove)

 


m

#2 cbweng

cbweng
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:03:05 PM

Posted 26 October 2014 - 12:48 AM

I was impress with previous post that u did the removal of similar issue.....



#3 cbweng

cbweng
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:03:05 PM

Posted 26 October 2014 - 11:34 PM

FRST.txt

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 26-10-2014
Ran by TzeWeng.Choo (administrator) on MY35LP000020012 on 27-10-2014 12:29:44
Running from C:\Work Templete\Software
Loaded Profile: TzeWeng.Choo (Available profiles: ayap & KokWei.Yiap & Venkadesh.T & TzeWeng.Choo & wkadministrator)
Platform: Microsoft Windows 7 Enterprise  (X86) OS Language: English (United States)
Internet Explorer Version 9
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Forefront\Client Security\Client\Antimalware\MsMpEng.exe
(Cisco Systems, Inc.) C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
() C:\ProgramData\Celcom Broadband Manager\OnlineUpdate\ouc.exe
(Cisco Systems, Inc.) C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
() C:\ProgramData\DiGi Internet\OnlineUpdate\ouc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Forefront\Client Security\Client\SSA\FcsSas.exe
(Microsoft Corporation) C:\Program Files\System Center Operations Manager 2007\HealthService.exe
() C:\ProgramData\DatacardService\HWDeviceService.exe
() C:\Program Files\ManageEngine\AssetExplorer\bin\agentmonitor.exe
() C:\Program Files\ManageEngine\AssetExplorer\bin\aeagent.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
(Huawei Technologies Co., Ltd.) C:\ProgramData\DatacardService\DCSHelper.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office Communicator\communicator.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe
(Microsoft Corporation) C:\Program Files\Microsoft Forefront\Client Security\Client\Antimalware\MSASCui.exe
(Citrix Systems, Inc.) C:\Program Files\Citrix\ICA Client\concentr.exe
(RealNetworks, Inc.) C:\Program Files\Real\RealPlayer\Update\realsched.exe
(Microsoft Corporation) C:\Windows\WindowsMobile\wmdcBase.exe
(Shenzhen QVOD Technology Co.,Ltd) C:\Program Files\QvodPlayer\QvodTerminal.exe
(Citrix Systems, Inc.) C:\Program Files\Citrix\ICA Client\wfcrun32.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE
(Siphon) C:\Program Files\Siphon\Siphone\siphone.exe
(Cisco Systems, Inc.) C:\Program Files\Cisco Systems\Cisco IP Communicator\communicatork9.exe
(WinZip Computing, Inc.) C:\Program Files\WinZip\WZQKPICK.EXE
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE
() C:\Program Files\Qlock\qlock.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
() C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
(Microsoft Corporation) C:\Windows\System32\TCPSVCS.EXE
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version9\TeamViewer_Service.exe
(Microsoft Corporation) C:\Program Files\Microsoft Forefront\Client Security\Client\Microsoft Operations Manager 2005\MOMService.exe
(Microsoft Corporation) C:\Program Files\System Center Operations Manager 2007\MonitoringHost.exe
(Microsoft Corporation) C:\Program Files\System Center Operations Manager 2007\MonitoringHost.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\hidfind.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApntEx.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\CCM\CcmExec.exe
() C:\Windows\System32\EncondingMotionSymbolic\EncondingMotionSymbolic.exe
(Microsoft Corporation) C:\Windows\CCM\SCNotification.exe
(Microsoft Corporation) C:\Windows\System32\cmd.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil32_15_0_0_167_ActiveX.exe
(Microsoft Corporation) C:\Windows\System32\telnet.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Windows\System32\calc.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Communicator] => C:\Program Files\Microsoft Office Communicator\communicator.exe [5164712 2013-04-10] (Microsoft Corporation)
HKLM\...\Run: [Apoint] => C:\Program Files\DellTPad\Apoint.exe [292208 2011-02-13] (Alps Electric Co., Ltd.)
HKLM\...\Run: [Microsoft Forefront Client Security Antimalware Service] => c:\Program Files\Microsoft Forefront\Client Security\Client\Antimalware\MSASCui.exe [1033600 2011-02-02] (Microsoft Corporation)
HKLM\...\Run: [NVHotkey] => rundll32.exe C:\Windows\system32\nvHotkey.dll,Start
HKLM\...\Run: [ConnectionCenter] => C:\Program Files\Citrix\ICA Client\concentr.exe [103768 2009-09-12] (Citrix Systems, Inc.)
HKLM\...\Run: [TkBellExe] => c:\program files\real\realplayer\Update\realsched.exe [295072 2013-01-04] (RealNetworks, Inc.)
HKLM\...\Run: [Windows Mobile-based device management] => C:\Windows\WindowsMobile\wmdcBase.exe [648072 2007-05-31] (Microsoft Corporation)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59240 2011-09-27] (Apple Inc.)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2011-10-24] (Apple Inc.)
HKLM\...\Run: [QvodTerminal] => C:\Program Files\QvodPlayer\QvodTerminal.exe [1274496 2014-03-07] (Shenzhen QVOD Technology Co.,Ltd)
HKLM\...\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] => C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe [522232 2012-08-17] (Cisco Systems, Inc.)
HKLM\...\Run: [mobilegeni daemon] => C:\Program Files\Mobogenie\DaemonProcess.exe                                                                                    
HKLM\...\Run: [BrowserSafeguard] => "C:\Program Files\Browsersafeguard\BrowserSafeguard.exe"
HKU\S-1-5-21-2149067118-2159268847-2510909587-44552\...\Run: [OfficeSyncProcess] => C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE [718720 2011-07-21] (Microsoft Corporation)
HKU\S-1-5-21-2149067118-2159268847-2510909587-44552\...\Run: [SpeedItupFree] => "C:\Program Files\SpeedItup Free\speeditupfree.exe"
HKU\S-1-5-21-2149067118-2159268847-2510909587-44552\...\Run: [Only-search] => C:\Users\tzeweng.choo\AppData\Local\onlysearch\onlysearch\1.3.12.9\onlysearch.exe
HKU\S-1-5-21-2149067118-2159268847-2510909587-44552\...\Run: [Siphone] => C:\Program Files\Siphon\Siphone\siphone.exe [4847968 2013-10-25] (Siphon)
HKU\S-1-5-21-2149067118-2159268847-2510909587-44552\...\MountPoints2: E - E:\AutoRun.exe
HKU\S-1-5-21-2149067118-2159268847-2510909587-44552\...\MountPoints2: {0d3a2a44-b102-11e1-97a6-90004eed2ce9} - F:\AutoRun.exe
HKU\S-1-5-21-2149067118-2159268847-2510909587-44552\...\MountPoints2: {0d3a2a6a-b102-11e1-97a6-90004eed2ce9} - F:\AutoRun.exe
HKU\S-1-5-21-2149067118-2159268847-2510909587-44552\...\MountPoints2: {130f3d74-b2c4-11e2-a4e0-90004eed2ce9} - E:\AutoRun.exe
HKU\S-1-5-21-2149067118-2159268847-2510909587-44552\...\MountPoints2: {13d9ff12-9d8c-11e2-8379-90004eed2ce9} - E:\AutoRun.exe
HKU\S-1-5-21-2149067118-2159268847-2510909587-44552\...\MountPoints2: {13d9ff1d-9d8c-11e2-8379-90004eed2ce9} - E:\AutoRun.exe
HKU\S-1-5-21-2149067118-2159268847-2510909587-44552\...\MountPoints2: {3d18bd67-ed53-11e2-bacc-90004eed2ce9} - E:\AutoRun.exe
HKU\S-1-5-21-2149067118-2159268847-2510909587-44552\...\MountPoints2: {931215bb-9e12-11e2-9953-90004eed2ce9} - E:\AutoRun.exe
HKU\S-1-5-21-2149067118-2159268847-2510909587-44552\...\MountPoints2: {b1b5c6f5-9cc3-11e2-9b36-90004eed2ce9} - E:\AutoRun.exe
HKU\S-1-5-21-2149067118-2159268847-2510909587-44552\...\MountPoints2: {cceb2369-e37c-11e2-b4a2-90004eed2ce9} - E:\AutoRun.exe
AppInit_DLLs: c:\progra~2\bprote~1\20392~1.106\protec~1.dll => c:\progra~2\bprote~1\20392~1.106\protec~1.dll File Not Found
Startup: C:\Users\tzeweng.choo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Outlook 2010.lnk
ShortcutTarget: Microsoft Outlook 2010.lnk -> C:\Windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\outicon.exe ()
Startup: C:\Users\tzeweng.choo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\tzeweng.choo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\qlock.lnk
ShortcutTarget: qlock.lnk -> C:\Program Files\Qlock\qlock.exe ()
ShellIconOverlayIdentifiers: [DownloadIcon] -> {A8502600-B272-4F68-A67B-A0305D46D297} => C:\Program Files\QvodPlayer\QvodExtend\5.0.97.0\QvodExtend.dll (Shenzhen QVOD Technology Co.,Ltd)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyEnable: Internet Explorer proxy is enabled.
ProxyServer: http=127.0.0.1:28020
URLSearchHook: ATTENTION ==> Default URLSearchHook is missing.
SearchScopes: HKCU - DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: WebEx Productivity Tools -> {90E2BA2E-DD1B-4cde-9134-7A8B86D33CA7} -> C:\Program Files\WebEx\Productivity Tools\ptonecli.dll (Cisco WebEx LLC)
BHO: QvodExtend -> {A8502600-B272-4F68-A67B-A0305D46D297} -> C:\Program Files\QvodPlayer\QvodExtend\5.0.97.0\QvodExtend.dll (Shenzhen QVOD Technology Co.,Ltd)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
Toolbar: HKLM - WebEx Productivity Tools - {90E2BA2E-DD1B-4cde-9134-7A8B86D33CA7} - C:\Program Files\WebEx\Productivity Tools\ptonecli.dll (Cisco WebEx LLC)
DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} http://www.caminova.net/en/downloads/getmodule.aspx?lang=en
DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.6.2.cab
DPF: {50F851B0-0BBE-11D2-A237-00C04FBBD1CD} http://10.13.44.3/Web/MediaMasENU.CAB
DPF: {538793D5-659C-4639-A56C-A179AD87ED44} https://ap2.cloud-vpn.net/CACHE/stc/3/binaries/vpnweb.cab
DPF: {82774781-8F4E-11D1-AB1C-0000F8773BF0} https://transfers.ds.microsoft.com/FTM/TransferSource/grTransferCtrl.cab
DPF: {89A32C64-6176-4D10-BCA3-10B0079818FA} https://apsrvau23933.wkap.int/webconsole/RIMWebComponents.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_45-windows-i586.cab
DPF: {ADACAA8F-3595-47FE-9C31-9C7471B9BEC7} http://wk-cctv.wkap.int/cab/OCXChecker_8320.cab
DPF: {CAFEEFAC-0017-0000-0045-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_45-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_45-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C}
DPF: {FEC048AB-277A-460C-BF50-1A4193AEF148} http://wk-cctv.wkap.int/cab/DownloadCenter_8300.cab
Hosts: 69.43.161.133    livecgtdemo.acclipsetest.com
Tcpip\..\Interfaces\{7231355A-3FCC-4431-BA52-2EAA1FB517C8}: [NameServer] 10.13.88.129
Tcpip\..\Interfaces\{AB57DA8B-B2F1-4B15-B479-D4000DEE0D84}: [NameServer] 203.82.64.129 203.82.64.145

FireFox:
========
FF ProfilePath: C:\Users\tzeweng.choo\AppData\Roaming\Mozilla\Firefox\Profiles\qelpe4nn.default
FF NewTab:
FF DefaultSearchEngine: Search The Web (Only-Search)
FF SelectedSearchEngine: Search The Web (Only-Search)
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF Plugin: @java.com/DTPlugin,version=10.45.2 -> C:\Program Files\Java\jre1.7.0_45\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre1.7.0_45\bin\new_plugin\npjp2.dll No File
FF Plugin: @java.com/JavaPlugin,version=10.45.2 -> C:\Program Files\Java\jre1.7.0_45\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @qvod.com/QvodInsert -> C:\Program Files\QvodPlayer\npQvodInsert.dll (Shenzhen QVOD Technology Co.,Ltd)
FF Plugin: @qvod.com/QvodShare -> C:\Program Files\QvodPlayer\npShareModule.dll (Shenzhen QVOD Technology Co.,Ltd)
FF Plugin: @real.com/nppl3260;version=16.0.0.282 -> c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlchromebrowserrecordext;version=1.3.0 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlhtml5videoshim;version=1.3.0 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlpepperflashvideoshim;version=1.3.0 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpplugin;version=16.0.0.282 -> c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF Plugin: @realnetworks.com/npdlplugin;version=1 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll No File
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll No File
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @citrixonline.com/appdetectorplugin -> C:\Users\tzeweng.choo\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online)
FF Plugin HKCU: @qvod.com/QvodInsert -> C:\Program Files\QvodPlayer\npQvodInsert.dll (Shenzhen QVOD Technology Co.,Ltd)
FF Plugin HKCU: KuaiWanInsert -> C:\Program Files\QvodPlayer\AddIn\KWWebgame\npKWWebGame.dll (Shenzhen QVOD Technology Co.,Ltd)
FF Plugin HKCU: pgi.com/ScreenShareHelper -> C:\Users\tzeweng.choo\AppData\Roaming\PGi\ScreenShare Helper\1.1.3\npScreenShareHelperV1.1.3.dll (PGi)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\CCMSDK.dll (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\cgpcfg.dll (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\CgpCore.dll (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\confmgr.dll (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\ctxlogging.dll (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\ctxmui.dll (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\icafile.dll (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\icalogon.dll (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npatgpc.dll (Cisco WebEx LLC)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npdjvu.dll (Caminova, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npicaN.dll ()
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFF12.DLL (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppl3260.dll (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nprpplugin.dll (RealPlayer)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\sslsdk_b.dll (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\TcpPServ.dll (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\tzeweng.choo\AppData\Roaming\mozilla\plugins\npCwaAppSh.dll ()
FF SearchPlugin: C:\Users\tzeweng.choo\AppData\Roaming\Mozilla\Firefox\Profiles\qelpe4nn.default\searchplugins\MyOnlineSearch.xml
FF SearchPlugin: C:\Users\tzeweng.choo\AppData\Roaming\Mozilla\Firefox\Profiles\qelpe4nn.default\searchplugins\myplaycity.xml
FF Extension: COstmIn - C:\Users\tzeweng.choo\AppData\Roaming\Mozilla\Firefox\Profiles\qelpe4nn.default\Extensions\ysMa@E.com [2014-10-26]
FF HKLM\...\Firefox\Extensions: [{34712C68-7391-4c47-94F3-8F88D49AD632}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013-01-04]

Chrome:
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\37.0.2062.124\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\37.0.2062.124\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\37.0.2062.124\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Java Deployment Toolkit 6.0.260.3) - C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll No File
CHR Plugin: (Java™ Platform SE 6 U26) - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll No File
CHR Plugin: (ActiveTouch General Plugin Container) - C:\Program Files\Mozilla Firefox\plugins\npatgpc.dll (Cisco WebEx LLC)
CHR Plugin: (2007 Microsoft Office system) - C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) ) - C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll (RealNetworks, Inc.)
CHR Plugin: (RealPlayer Download Plugin) - C:\Program Files\Mozilla Firefox\plugins\nprpplugin.dll (RealPlayer)
CHR Plugin: (RealPlayer™ HTML5VideoShim Plug-In (32-bit) ) - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll No File
CHR Plugin: (RealJukebox NS Plugin) - C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll No File
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll No File
CHR Plugin: (RealNetworks™ Chrome Background Extension Plug-In (32-bit) ) - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll No File
CHR Plugin: (Shockwave for Director) - C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
CHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll No File
CHR Profile: C:\Users\tzeweng.choo\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\tzeweng.choo\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-28]
CHR Extension: (Google Wallet) - C:\Users\tzeweng.choo\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-30]
CHR HKLM\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2012-11-29]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S4 AdtAgent; C:\Windows\system32\AdtAgent.exe [270656 2011-06-16] (Microsoft Corporation)
R2 CcmExec; C:\Windows\CCM\CcmExec.exe [1160888 2013-09-11] (Microsoft Corporation)
S2 Celcom Broadband Manager. RunOuc; C:\Program Files\Celcom Broadband Manager\UpdateDog\ouc.exe [246112 2013-05-02] ()
S4 CmRcService; C:\Windows\CCM\RemCtrl\CmRcService.exe [465592 2013-09-11] (Microsoft Corporation)
R2 CVPND; C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe [1528616 2010-09-27] (Cisco Systems, Inc.)
S2 DiGi Internet. RunOuc; C:\Program Files\DiGi Internet\UpdateDog\ouc.exe [234496 2013-04-05] () [File not signed]
R2 EncondingMotionSymbolic; C:\Windows\system32\EncondingMotionSymbolic\EncondingMotionSymbolic.exe [60453 2014-09-25] () [File not signed]
R2 FCSAM; c:\Program Files\Microsoft Forefront\Client Security\Client\Antimalware\MsMpEng.exe [16896 2011-01-08] (Microsoft Corporation)
R2 FcsSas; c:\Program Files\Microsoft Forefront\Client Security\Client\SSA\FcsSas.exe [69528 2011-02-03] (Microsoft Corporation)
R2 ftpsvc; C:\Windows\system32\inetsrv\ftpsvc.dll [308224 2012-06-01] (Microsoft Corporation)
R2 HealthService; C:\Program Files\System Center Operations Manager 2007\HealthService.exe [27008 2009-05-08] (Microsoft Corporation)
R2 HWDeviceService.exe; C:\ProgramData\DatacardService\HWDeviceService.exe [271712 2011-03-14] ()
S3 lpasvc; C:\Program Files\Microsoft Policy Platform\policyHost.exe [48744 2012-08-02] (Microsoft Corporation)
S3 lppsvc; C:\Program Files\Microsoft Policy Platform\policyHost.exe [48744 2012-08-02] (Microsoft Corporation)
R2 ManageEngine AssetExplorer Agent; C:\Program Files\ManageEngine\AssetExplorer\bin\agentmonitor.exe [598016 2012-12-29] () [File not signed]
S3 ManageEngine AssetExplorer RemoteControl; C:\Program Files\ManageEngine\AssetExplorer\\RemoteControl\Service.exe [2166784 2012-12-29] () [File not signed]
R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-10-01] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [968504 2014-10-01] (Malwarebytes Corporation)
R2 MOM; C:\Program Files\Microsoft Forefront\Client Security\Client\Microsoft Operations Manager 2005\MOMService.exe [134656 2005-07-21] (Microsoft Corporation) [File not signed]
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [45568 2012-02-08] (Hewlett-Packard) [File not signed]
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [55808 2012-02-08] (Hewlett-Packard) [File not signed]
S3 PrintNotify; C:\Windows\system32\spool\DRIVERS\W32X86\3\PrintConfig.dll [2205696 2012-07-25] (Microsoft Corporation) [File not signed]
R2 RealNetworks Downloader Resolver Service; C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe [38608 2012-11-29] ()
S3 smstsmgr; C:\Windows\CCM\TSManager.exe [217272 2013-09-11] (Microsoft Corporation)
R2 vpnagent; C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe [479224 2012-08-17] (Cisco Systems, Inc.)
S2 gupdate; "C:\Program Files\Google\Update\GoogleUpdate.exe" /svc [X]
S3 gupdatem; "C:\Program Files\Google\Update\GoogleUpdate.exe" /medsvc [X]
S3 rpcapd; "%ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini" [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 Acceler; C:\Windows\System32\DRIVERS\Accelern.sys [42672 2011-02-13] (ST Microelectronics)
S3 acsock; C:\Windows\System32\DRIVERS\acsock.sys [87976 2012-08-17] (Cisco Systems, Inc.)
R3 btwampfl; C:\Windows\System32\drivers\btwampfl.sys [274472 2011-02-13] (Broadcom Corporation.)
R2 CipcCdp; C:\Windows\System32\DRIVERS\CipcCdp.sys [24064 2011-01-24] (Cisco Systems)
S3 CVirtA; C:\Windows\System32\DRIVERS\CVirtA.sys [5275 2007-01-18] (Cisco Systems, Inc.)
R2 CVPNDRVA; C:\Windows\system32\Drivers\CVPNDRVA.sys [308859 2010-09-27] (Cisco Systems, Inc.) [File not signed]
R3 cvusbdrv; C:\Windows\System32\Drivers\cvusbdrv.sys [33832 2011-02-13] (Broadcom Corporation)
S3 d554gps; C:\Windows\system32\drivers\d554gps.sys [82984 2011-02-13] (Ericsson AB)
S3 DIGITECH; C:\Windows\system32\drivers\DIGITECH.sys [14848 2011-02-13] (Copyright© Digitech Systems)
R3 DNE; C:\Windows\System32\DRIVERS\dne2000.sys [131984 2008-11-16] (Deterministic Networks, Inc.)
S3 ecnssndis; C:\Windows\System32\Drivers\wwanuss.sys [23592 2011-02-13] (Ericsson AB)
S3 ecnssndisfltr; C:\Windows\System32\Drivers\wwanussf.sys [26152 2011-02-13] (Ericsson AB)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2014-10-01] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [114904 2014-10-27] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2014-10-01] (Malwarebytes Corporation)
S3 Mbm3CBus; C:\Windows\system32\drivers\Mbm3CBus.sys [329160 2011-02-13] (MCCI Corporation)
S3 Mbm3DevMt; C:\Windows\system32\drivers\Mbm3DevMt.sys [388552 2011-02-13] (MCCI Corporation)
R3 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [71296 2011-02-02] (Microsoft Corporation)
S3 netvsc; C:\Windows\System32\DRIVERS\netvsc60.sys [126464 2009-07-14] (Microsoft Corporation)
R3 NETwNs32; C:\Windows\System32\DRIVERS\NETwNs32.sys [6814720 2011-02-13] (Intel Corporation)
R2 NPF; C:\Windows\System32\drivers\npf.sys [35088 2010-06-26] (CACE Technologies, Inc.)
R3 prepdrvr; C:\Windows\System32\DRIVERS\prepdrv.sys [20840 2013-09-11] (Microsoft Corporation)
S3 qcfilterdl2k; C:\Windows\system32\drivers\qcfilterdl2k.sys [5248 2011-02-13] (QUALCOMM Incorporated)
S3 qcusbserdl2k; C:\Windows\system32\drivers\qcusbserdl2k.sys [106880 2011-02-13] (QUALCOMM Incorporated)
R2 risdpcie; C:\Windows\System32\DRIVERS\risdpe86.sys [59904 2011-02-13] (REDC)
S3 rixdpcie; C:\Windows\system32\drivers\rixdpe86.sys [38912 2011-02-13] (REDC)
S3 Ser2pl; C:\Windows\System32\DRIVERS\ser2pl.sys [48640 2005-09-08] (Aten Technology Inc.) [File not signed]
S3 SynthVid; C:\Windows\System32\DRIVERS\VMBusVideoM.sys [19456 2009-07-14] (Microsoft Corporation)
S3 tcm; C:\Windows\system32\drivers\tcm.sys [12952 2011-02-13] ()
R3 vpcbus; C:\Windows\System32\DRIVERS\vpchbus.sys [165376 2009-09-23] (Microsoft Corporation)
R1 vpcnfltr; C:\Windows\System32\DRIVERS\vpcnfltr.sys [55040 2009-09-23] (Microsoft Corporation)
R3 vpcusb; C:\Windows\System32\DRIVERS\vpcusb.sys [78336 2009-09-23] (Microsoft Corporation)
R1 vpcvmm; C:\Windows\System32\drivers\vpcvmm.sys [295128 2009-12-02] (Microsoft Corporation)
S3 ewusbnet; system32\DRIVERS\ewusbnet.sys [X]
S3 hwusbdev; system32\DRIVERS\ewusbdev.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-27 12:29 - 2014-10-27 12:29 - 00000000 ____D () C:\FRST
2014-10-24 11:33 - 2014-10-24 11:34 - 00001312 _____ () C:\DelFix.txt
2014-10-24 11:33 - 2014-10-24 11:33 - 00000000 ____D () C:\Windows\ERUNT
2014-10-21 14:06 - 2014-10-21 14:07 - 10280824 _____ (SurfRight B.V.) C:\Users\tzeweng.choo\Desktop\HitmanPro.exe
2014-10-21 10:51 - 2014-10-23 14:45 - 00000000 ____D () C:\TFTP-Root
2014-10-21 10:51 - 2003-07-11 14:24 - 00102400 _____ (SolarWinds.Net) C:\Windows\system32\SolarWinds2002.exe
2014-10-21 10:51 - 2003-06-19 14:05 - 01015859 _____ (Microsoft Corporation) C:\Windows\system32\temp.007
2014-10-21 10:51 - 2003-06-19 14:05 - 00286773 _____ (Microsoft Corporation) C:\Windows\system32\temp.008
2014-10-21 10:51 - 2002-03-21 10:17 - 00274432 _____ (SolarWinds.Net) C:\Windows\system32\SolarWinds2001.exe
2014-10-21 10:51 - 2002-03-14 12:14 - 00344064 _____ (Infragistics, Inc.) C:\Windows\system32\ssa3d30.ocx
2014-10-21 10:51 - 2000-03-12 17:10 - 00053248 _____ (SolarWinds.Net) C:\Windows\system32\ICMPv50.ocx
2014-10-21 10:51 - 2000-03-12 13:44 - 00045056 _____ (SolarWinds.Net) C:\Windows\system32\DNSv50.ocx
2014-10-21 10:51 - 1999-12-07 15:00 - 00147512 _____ (Microsoft Corporation) C:\Windows\system32\temp.00B
2014-10-21 10:51 - 1999-09-09 19:00 - 00502544 _____ (Microsoft Corporation) C:\Windows\system32\temp.009
2014-10-21 10:51 - 1999-05-07 00:00 - 00209408 _____ (Microsoft Corporation) C:\Windows\system32\tabctl32.ocx
2014-10-21 10:51 - 1998-06-24 02:00 - 00108336 _____ (Microsoft Corporation) C:\Windows\system32\Mswinsck.ocx
2014-10-21 10:51 - 1998-06-23 19:00 - 00115016 _____ (Microsoft Corporation) C:\Windows\system32\Msinet.ocx
2014-10-21 10:51 - 1998-05-08 00:00 - 00369424 _____ (Microsoft Corporation) C:\Windows\system32\temp.005
2014-10-21 10:51 - 1998-05-08 00:00 - 00131856 _____ (Microsoft Corporation) C:\Windows\system32\temp.00C
2014-10-21 10:51 - 1997-11-18 01:00 - 00484624 _____ (Microsoft Corporation) C:\Windows\system32\temp.00A
2014-10-21 10:51 - 1996-10-14 01:38 - 00010000 _____ (Microsoft Corporation) C:\Windows\system32\temp.006
2014-10-21 10:51 - 1996-08-24 11:11 - 00133904 _____ (Microsoft Corporation) C:\Windows\system32\MFCANS32.dll
2014-10-21 10:51 - 1995-05-22 00:00 - 00640512 _____ (Microsoft Corporation) C:\Windows\system32\oc30.dll
2014-10-21 10:50 - 2014-10-21 10:51 - 00000000 ____D () C:\Program Files\SolarWinds
2014-10-21 10:50 - 2000-08-21 12:22 - 01388544 _____ (Microsoft Corporation) C:\Windows\system32\temp.004
2014-10-21 10:50 - 2000-06-13 11:50 - 00164112 _____ (Microsoft Corporation) C:\Windows\system32\temp.001
2014-10-21 10:50 - 2000-06-13 11:50 - 00147728 _____ (Microsoft Corporation) C:\Windows\system32\temp.002
2014-10-21 10:50 - 2000-06-13 11:50 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\temp.003
2014-10-21 10:50 - 2000-04-12 15:00 - 00598288 _____ (Microsoft Corporation) C:\Windows\system32\temp.000
2014-10-21 10:50 - 1998-06-24 00:00 - 00140096 _____ (Microsoft Corporation) C:\Windows\system32\COMDLG32.OCX
2014-10-20 15:56 - 2014-10-27 10:18 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-10-20 15:56 - 2014-10-24 10:13 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-10-20 15:56 - 2014-10-01 11:11 - 00075480 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-10-20 15:56 - 2014-10-01 11:11 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-10-20 15:48 - 2014-10-20 15:56 - 00001030 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-10-20 15:48 - 2014-10-20 15:56 - 00000000 ____D () C:\Users\tzeweng.choo\AppData\Roaming\Malwarebytes
2014-10-20 15:48 - 2014-10-20 15:56 - 00000000 ____D () C:\Program Files\Malwarebytes' Anti-Malware
2014-10-20 15:48 - 2014-10-01 11:11 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-10-20 14:14 - 2014-10-20 14:14 - 00000000 ____D () C:\Users\tzeweng.choo\AppData\Roaming\Siphon Networks Ltd
2014-10-20 14:13 - 2014-10-20 14:13 - 00000000 ____D () C:\Users\tzeweng.choo\AppData\Local\Siphon
2014-10-20 14:06 - 2014-10-20 14:06 - 00001008 _____ () C:\Users\Public\Desktop\Siphone.lnk
2014-10-20 14:06 - 2014-10-20 14:06 - 00000000 ____D () C:\Program Files\Siphon
2014-10-17 11:45 - 2014-10-17 11:45 - 00004764 _____ () C:\Windows\system32\CcmFramework.ini
2014-10-17 11:45 - 2014-10-17 11:45 - 00000621 _____ () C:\Windows\system32\CcmFramework.h
2014-10-17 11:44 - 2014-10-17 11:44 - 00000000 ____D () C:\Windows\system32\{3DA228BE-34DA-49f4-A081-66465B077429}
2014-10-17 11:44 - 2014-10-17 11:44 - 00000000 ____D () C:\Windows\ms
2014-10-15 09:54 - 2014-10-15 09:54 - 00000000 ____D () C:\Users\tzeweng.choo\AppData\Local\CheckCode
2014-10-13 11:39 - 2014-10-13 11:39 - 00000000 ____D () C:\Users\tzeweng.choo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GlobalMeet Screen Share

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-27 12:30 - 2012-05-02 10:54 - 00000000 ____D () C:\Users\tzeweng.choo
2014-10-27 12:29 - 2011-11-29 11:27 - 01333705 _____ () C:\Windows\WindowsUpdate.log
2014-10-27 12:19 - 2012-08-23 10:42 - 00000000 ____D () C:\Users\tzeweng.choo\Documents\Outlook Files
2014-10-27 12:16 - 2014-04-22 11:01 - 00000604 _____ () C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-2149067118-2159268847-2510909587-44552.job
2014-10-27 12:10 - 2012-08-09 17:33 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-10-27 11:38 - 2012-05-09 14:09 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-10-27 11:34 - 2011-11-29 11:27 - 00000520 _____ () C:\Windows\system32\config\netlogon.ftl
2014-10-27 09:56 - 2009-07-14 12:34 - 00016384 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-10-27 09:56 - 2009-07-14 12:34 - 00016384 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-10-27 09:48 - 2011-11-29 14:29 - 00000569 _____ () C:\Windows\SMSCFG.INI
2014-10-27 09:43 - 2012-05-02 10:56 - 00000000 ____D () C:\Users\tzeweng.choo\Tracing
2014-10-27 09:42 - 2012-08-09 17:33 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-10-27 09:42 - 2009-07-14 12:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-10-27 09:42 - 2009-07-14 12:39 - 00102421 _____ () C:\Windows\setupact.log
2014-10-26 14:12 - 2012-05-15 12:08 - 00000000 ____D () C:\Users\tzeweng.choo\Documents\Personal
2014-10-26 12:17 - 2011-07-21 22:52 - 00812052 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-10-24 12:28 - 2012-05-16 14:44 - 00000000 ____D () C:\General
2014-10-24 10:49 - 2012-05-02 11:01 - 00002044 ____H () C:\Users\tzeweng.choo\Documents\Default.rdp
2014-10-23 15:30 - 2012-05-02 18:16 - 00000000 ____D () C:\Work Templete
2014-10-22 18:10 - 2013-07-23 11:34 - 00000954 _____ () C:\Users\tzeweng.choo\AppData\Roaming\coreavc.ini
2014-10-22 18:09 - 2013-08-29 21:03 - 00000000 ____D () C:\Users\tzeweng.choo\Documents\Dinner
2014-10-22 17:53 - 2011-07-22 01:11 - 00343674 _____ () C:\Windows\PFRO.log
2014-10-21 11:29 - 2009-07-14 10:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-10-21 10:07 - 2014-09-25 15:27 - 00000000 ____D () C:\Users\Administrator
2014-10-21 10:07 - 2014-02-12 09:51 - 00000000 ____D () C:\Users\tzeweng.choo\AppData\Local\genienext
2014-10-21 10:07 - 2009-07-14 10:37 - 00000000 ____D () C:\Windows\Branding
2014-10-21 09:39 - 2012-05-18 16:00 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information
2014-10-20 15:07 - 2014-08-15 14:58 - 00000000 ____D () C:\Users\tzeweng.choo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\3herosoft
2014-10-20 14:02 - 2011-11-29 11:34 - 00000000 ____D () C:\Program Files\Microsoft.NET
2014-10-17 11:45 - 2014-09-12 09:33 - 00001745 _____ () C:\Windows\system32\InstallUtil.InstallLog
2014-10-17 11:45 - 2014-09-12 09:32 - 00000000 ____D () C:\Windows\CCM
2014-10-15 13:56 - 2013-02-25 09:34 - 00000000 ____D () C:\Temp working
2014-10-15 09:45 - 2014-09-25 15:29 - 00000000 ____D () C:\Support
2014-10-13 11:40 - 2013-09-03 17:40 - 00000000 ____D () C:\Users\tzeweng.choo\AppData\Roaming\PGi
2014-10-13 11:39 - 2013-09-03 17:40 - 00000000 ____D () C:\Users\tzeweng.choo\GlobalMeet ScreenShare
2014-10-13 09:53 - 2014-09-12 09:32 - 00000000 ____D () C:\Windows\ccmcache
2014-10-10 16:08 - 2013-08-03 00:10 - 00000000 ____D () C:\Mediaold
2014-09-30 14:41 - 2013-04-16 22:26 - 00000000 ____D () C:\Nice M

Files to move or delete:
====================
C:\Users\tzeweng.choo\CTX.DAT
C:\Users\tzeweng.choo\fyah.bat

Some content of TEMP:
====================
C:\Users\tzeweng.choo\AppData\Local\Temp\294823_.exe
C:\Users\tzeweng.choo\AppData\Local\Temp\99368uninstall.exe
C:\Users\tzeweng.choo\AppData\Local\Temp\aacenc3.exe
C:\Users\tzeweng.choo\AppData\Local\Temp\BackupSetup.exe
C:\Users\tzeweng.choo\AppData\Local\Temp\BbCw58xCJu.exe
C:\Users\tzeweng.choo\AppData\Local\Temp\ffmpeg19.exe
C:\Users\tzeweng.choo\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe
C:\Users\tzeweng.choo\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe
C:\Users\tzeweng.choo\AppData\Local\Temp\jre-7u60-windows-i586-iftw.exe
C:\Users\tzeweng.choo\AppData\Local\Temp\Quarantine.exe
C:\Users\tzeweng.choo\AppData\Local\Temp\QvodSetupIOS.exe
C:\Users\tzeweng.choo\AppData\Local\Temp\remove.exe
C:\Users\tzeweng.choo\AppData\Local\Temp\Sqlite3.dll
C:\Users\tzeweng.choo\AppData\Local\Temp\System.Data.SQLite.dll
C:\Users\tzeweng.choo\AppData\Local\Temp\System.Data.SQLite23274.dll
C:\Users\tzeweng.choo\AppData\Local\Temp\System.Data.SQLite40154.dll
C:\Users\tzeweng.choo\AppData\Local\Temp\System.Data.SQLite72120.dll
C:\Users\tzeweng.choo\AppData\Local\Temp\u1wGAIYoZb.exe
C:\Users\tzeweng.choo\AppData\Local\Temp\vcredist_x86.exe
C:\Users\tzeweng.choo\AppData\Local\Temp\x264enc6.exe

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2014-10-16 14:06

==================== End Of Log ============================

 

Additional TxT

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 26-10-2014
Ran by TzeWeng.Choo at 2014-10-27 12:30:47
Running from C:\Work Templete\Software
Boot Mode: Normal
==========================================================

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Forefront Client Security (Enabled - Up to date) {108DAC43-C256-20B7-BB05-914135DA5160}
AS: Microsoft Forefront Client Security (Enabled - Up to date) {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

32 Bit HP CIO Components Installer (Version: 13.1.1 - Hewlett-Packard) Hidden
Adobe Flash Player 11 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 11.2.202.235 - Adobe Systems Incorporated)
Adobe Flash Player 15 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 15.0.0.167 - Adobe Systems Incorporated)
Adobe Reader X (10.1.0) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.0 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.6 (HKLM\...\Adobe Shockwave Player) (Version: 11.6.0.626 - Adobe Systems, Inc.)
Apple Application Support (HKLM\...\{A83279FD-CA4B-4206-9535-90974DE76654}) (Version: 2.1.5 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
AT&T Connect Participant Application v8.9.35 (HKLM\...\{CDD4495B-0424-42F0-8D89-70D47E21BD69}) (Version: 8.9.35 - AT&T Inc.)
BlackBerry Device Communication Components (HKLM\...\{E25B5412-94E5-419F-B079-3E0250D1887A}) (Version: 1.2.0.20 - Research In Motion Ltd.)
Celcom Broadband Manager (HKLM\...\Celcom Broadband Manager) (Version: 21.005.20.02.91 - Huawei Technologies Co.,Ltd)
Cisco AnyConnect Secure Mobility Client  (HKLM\...\Cisco AnyConnect Secure Mobility Client) (Version: 3.0.10055 - Cisco Systems, Inc.)
Cisco AnyConnect Secure Mobility Client (Version: 3.0.10055 - Cisco Systems, Inc.) Hidden
Cisco ASDM-IDM Launcher (HKLM\...\{58A3BB41-A25A-4E20-884D-184732774086}) (Version: 1.5.64 - Cisco Systems, Inc.)
Cisco IP Communicator (HKLM\...\{8BA10381-763C-443B-A200-21B9149B472D}) (Version: 7.0.6.0 - Cisco Systems, Inc.)
Cisco Systems VPN Client 5.0.07.0410 (HKLM\...\{1CE60928-8325-49A8-8B06-633E48DD2B67}) (Version: 5.0.7 - Cisco Systems, Inc.)
Cisco TFTP Server v1.1 (HKLM\...\Cisco TFTP Server v1.1) (Version:  - )
Cisco WebEx Meeting Center for Firefox or Chrome (HKLM\...\{CD3566BF-496D-4994-886B-62C34446F40A}) (Version: 8.26.2800 - Cisco WebEx LLC)
Cisco WebEx Meeting Center for Internet Explorer (HKLM\...\{3CFBECB8-A08A-42C8-9C14-2B10DA6A9305}) (Version: 8.26.2800 - Cisco WebEx LLC)
Cisco WebEx Meetings (HKLM\...\ActiveTouchMeetingClient) (Version:  - Cisco WebEx LLC)
Cisco_RCC (HKLM\...\{1140EE18-DD2E-4B90-8981-104CBEDB182D}) (Version: 1.00.0000 - Cisco Systems, Inc.)
Citrix Online Launcher (HKLM\...\{F17C3DC2-2ACA-4B0E-BDBF-ACE61B14E7CD}) (Version: 1.0.183 - Citrix)
Citrix online plug-in - web (HKLM\...\CitrixOnlinePluginPackWeb) (Version: 11.2.0.31560 - Citrix Systems, Inc.)
CommVault CommCell Console (Instance001) (HKLM\...\{BD7AEA57-D89C-468E-AD33-548BBB10BC0A}) (Version: 8.0.0 - CommVault Systems)
ConfigMgr Client Setup Bootstrap (Version: 5.00.7958.1000 - Microsoft Corporation) Hidden
Configuration Manager Client (Version: 5.00.7958.1000 - Microsoft Corporation) Hidden
Core FTP LE (HKLM\...\CoreFTP) (Version:  - )
Dell Touchpad (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 7.1007.101.210 - ALPS ELECTRIC CO., LTD.)
Device IP Configuration Utility 5.0.2 (HKLM\...\Device IP Configuration Utility) (Version: 5.0.2 - Schneider Electric)
DiGi Internet (HKLM\...\DiGi Internet) (Version: 21.003.28.06.311 - Huawei Technologies Co.,Ltd)
FileZilla Client 3.7.0.1 (HKLM\...\FileZilla Client) (Version: 3.7.0.1 - FileZilla Project)
freeFTPd 1.0.11 (HKLM\...\AC4D2FE3-18F3-434D-BF8E-EFB20AA6D5B3_is1) (Version:  - FreeFTPd Team)
GeoVision ADPCM (HKLM\...\GeoADPCM) (Version:  - )
GeoVision H264 (HKLM\...\Codec_264) (Version:  - )
GeoVision JPEG (HKLM\...\Codec_jpeg) (Version:  - )
GeoVision MPEG4 (HKLM\...\GEOXCodec) (Version:  - )
GeoVision MPEG4 ASP (HKLM\...\Codec_amp4) (Version:  - )
GeoVision MPEG4 AVC (HKLM\...\Codec_AVC) (Version:  - )
GeoVision MXPG (HKLM\...\Codec_MXPG) (Version:  - )
GlobalMeet Desktop Tools (HKCU\...\GlobalMeet Desktop Tools) (Version: 2.0.0.11 - Premiere Global Inc.)
GlobalMeet for Desktop (HKCU\...\GlobalMeet for Desktop) (Version: 1.5.0.0 - Premiere Global Inc.)
GlobalMeet Outlook Toolbar (HKLM\...\{79B960F3-40B2-45E9-83D6-C2FADC7A0383}) (Version: 11.0.0 - PremiereGlobal)
GlobalMeet ScreenShare (HKCU\...\GlobalMeet ScreenShare) (Version: 10.1.7 - PGi)
Google Chrome (HKLM\...\Google Chrome) (Version: 37.0.2062.124 - Google Inc.)
Google Talk (remove only) (HKCU\...\{226b64e8-dc75-4eea-a6c8-abcb496320f2}-Google Talk) (Version:  - )
Google Update Helper (Version: 1.3.24.15 - Google Inc.) Hidden
GoToMeeting 6.4.5.1865 (HKCU\...\GoToMeeting) (Version: 6.4.5.1865 - CitrixOnline)
Java 7 Update 45 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217045F0}) (Version: 7.0.450 - Oracle)
Java Auto Updater (Version: 2.1.65.20 - Oracle, Inc.) Hidden
Malwarebytes Anti-Malware version 2.0.3.1025 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation)
ManageEngine AssetExplorer Agent (HKLM\...\{B64DBD74-C4E8-4404-BE32-81769EC14472}) (Version: 1.0.12 - ZOHO Corp)
Maxis Broadband (HKLM\...\Maxis Broadband) (Version: 11.302.06.13.99 - Huawei Technologies Co.,Ltd)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Conferencing Add-in for Microsoft Office Outlook (HKLM\...\{C8B274C3-3E4D-433D-BA0D-C27EB834AEA6}) (Version: 8.0.6362.190 - Microsoft Corporation)
Microsoft Forefront Client Security Antimalware Service (HKLM\...\{4D4FC0FF-F197-401F-842E-E118F1D2647E}) (Version: 1.5.1996.1 - Microsoft Corporation)
Microsoft Forefront Client Security State Assessment Service (HKLM\...\{2AB5A838-9DAC-45F5-8EC2-019DDDC4B4F6}) (Version: 1.0.1736.0 - Microsoft Corporation)
Microsoft Office Communicator 2007 R2 (HKLM\...\{E84D1C9D-6669-4156-992B-17557D64F1D3}) (Version: 3.5.6907.268 - Microsoft Corporation)
Microsoft Office Communicator Web Access Plug-in (x86) (HKLM\...\{CA36B9D9-4F1F-4356-AF9E-AA9C88818692}) (Version: 3.5.6907.206 - Microsoft Corporation)
Microsoft Office Live Meeting 2007 (HKLM\...\{E30E7561-A466-4393-B8BF-FD93E733EF3C}) (Version: 8.0.6362.202 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUS) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Visio Professional 2007 (HKLM\...\VISPRO) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Operations Manager 2005 Agent (HKLM\...\{F692770D-0E27-4D3F-8386-F04C6F434040}) (Version: 5.0.2911.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.20913.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Mozilla Firefox 10.0 (x86 en-US) (HKLM\...\Mozilla Firefox 10.0 (x86 en-US)) (Version: 10.0 - Mozilla)
MSXML 4.0 SP3 Parser (HKLM\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2721691) (HKLM\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB973685) (HKLM\...\{859DFA95-E4A6-48CD-B88E-A3E483E89B44}) (Version: 4.30.2107.0 - Microsoft Corporation)
Network Recording Player (HKLM\...\{48982F02-8379-4A73-A4D2-89A56331F5E3}) (Version: 29.1.0.17055 - Cisco WebEx LLC)
NVIDIA Display Control Panel (HKLM\...\NVIDIA Display Control Panel) (Version: 6.14.12.5922 - NVIDIA Corporation)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.10.62.40 - NVIDIA Corporation)
Qlock Pro (HKLM\...\Qlock) (Version:  - )
QuickTime (HKLM\...\{7BE15435-2D3E-4B58-867F-9C75BED0208C}) (Version: 7.71.80.42 - Apple Inc.)
RealDownloader (Version: 1.3.0 - RealNetworks, Inc.) Hidden
RealNetworks - Microsoft Visual C++ 2008 Runtime (Version: 9.0 - RealNetworks, Inc) Hidden
RealPlayer (HKLM\...\RealPlayer 16.0) (Version: 16.0.0 - RealNetworks)
RealUpgrade 1.1 (Version: 1.1.0 - RealNetworks, Inc.) Hidden
ScreenShare Helper (HKLM\...\{CD9EBE0A-BEA9-43ED-BDBF-971E613BE9A7}) (Version: 1.1.3 - PGi)
Siphone (HKLM\...\{5252C243-0E2B-4B4D-AB40-F4FFDAD5DE16}) (Version: 35.7.1399 - Siphon Networks Ltd.)
SolarWinds TFTP Server (HKLM\...\SolarWinds TFTP Server) (Version: SolarWinds TFTP Server - SolarWinds.Net)
swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
System Center Operations Manager 2007 R2 Agent (HKLM\...\{25097770-2B1F-49F6-AB9D-1C708B96262A}) (Version: 6.1.7221.0 - Microsoft Corporation)
TeamViewer 9 (HKLM\...\TeamViewer 9) (Version: 9.0.28223 - TeamViewer)
UC-232A USB-to-Serial (HKLM\...\{ECC3713C-08A4-40E3-95F1-7D0704F1CE5E}) (Version: 1.5.0 - Prolific Technology INC)
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{90120000-0051-0000-0000-0000000FF1CE}_VISPRO_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update for Office 2007 (KB932080) (HKLM\...\{90120000-0051-0000-0000-0000000FF1CE}_VISPRO_{EDC9CA29-6BC1-471C-828C-7A36109005D7}) (Version:  - Microsoft)
WebEx Productivity Tools (HKLM\...\{3FC5BA90-8C9B-4761-BE85-8C0858368796}) (Version: 2.26.2800 - Cisco WebEx LLC)
Windows XP Mode (HKLM\...\{1374CC63-B520-4f3f-98E8-E9020BF01CFF}) (Version: 1.3.7600.16423 - Microsoft Corporation)
WinPcap 4.1.2 (HKLM\...\WinPcapInst) (Version: 4.1.0.2001 - CACE Technologies)
WinRAR archiver (HKLM\...\WinRAR archiver) (Version:  - )
WinZip (HKLM\...\WinZip) (Version:  9.0  (6028) - WinZip Computing, Inc.)
Wireshark 1.1.4-SVN-28054 (HKLM\...\Wireshark) (Version: 1.1.4-SVN-28054 - The Wireshark developer community, http://www.wireshark.org)
快播 5.19.202 (HKLM\...\QvodPlayer) (Version: 5.19.202 - Shenzhen Qvod Technology Co.,Ltd)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-2149067118-2159268847-2510909587-44552_Classes\CLSID\{01E0A80A-97FD-4FC2-B75D-C754396CD255}\InprocServer32 -> C:\Users\tzeweng.choo\AppData\Local\ATT Connect\Participant\ScheduleEvent.dll (AT&T Inc.)
CustomCLSID: HKU\S-1-5-21-2149067118-2159268847-2510909587-44552_Classes\CLSID\{02E2D748-67F8-48B4-8AB4-0A085374BB99}\InprocServer32 -> C:\Program Files\QvodPlayer\Allplugin.dll (Shenzhen QVOD Technology Co.,Ltd)
CustomCLSID: HKU\S-1-5-21-2149067118-2159268847-2510909587-44552_Classes\CLSID\{04982E52-70DA-3748-B04B-FC0FDC6E8CA8}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2149067118-2159268847-2510909587-44552_Classes\CLSID\{0507EEDE-3AE7-49c7-BF37-0EB4A62D8638}\localserver32 -> C:\Users\tzeweng.choo\AppData\Roaming\Google\Google Talk\googletalk.exe (Google)
CustomCLSID: HKU\S-1-5-21-2149067118-2159268847-2510909587-44552_Classes\CLSID\{0AE96E3D-3511-3677-8E1E-827994E1BF13}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2149067118-2159268847-2510909587-44552_Classes\CLSID\{0E604132-2AB5-3368-8586-6C2905929C20}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2149067118-2159268847-2510909587-44552_Classes\CLSID\{135C58C1-AEC7-3E2D-9A0F-24564B08A0AC}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2149067118-2159268847-2510909587-44552_Classes\CLSID\{14032AAD-D736-344D-A07F-6A39A77F5711}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2149067118-2159268847-2510909587-44552_Classes\CLSID\{156B30E4-2D3D-4257-A340-9BDD2E972E2E}\InprocServer32 -> C:\Users\tzeweng.choo\AppData\Local\ATT Connect\Participant\Video2ActiveXWnd.OCX ()
CustomCLSID: HKU\S-1-5-21-2149067118-2159268847-2510909587-44552_Classes\CLSID\{1EFF7739-9BDA-4295-BC07-383554CAAC84}\InprocServer32 -> C:\Program Files\Citrix\ICA Client\CCMProxy.dll (Citrix Systems, Inc.)
CustomCLSID: HKU\S-1-5-21-2149067118-2159268847-2510909587-44552_Classes\CLSID\{20A77580-729F-303E-83EF-E568DC752B9F}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2149067118-2159268847-2510909587-44552_Classes\CLSID\{2115F58A-CE09-47CC-A0B1-A8A2EC0C5423}\InprocServer32 -> C:\Users\tzeweng.choo\AppData\Local\ATT Connect\Participant\ScheduleEvent.dll (AT&T Inc.)
CustomCLSID: HKU\S-1-5-21-2149067118-2159268847-2510909587-44552_Classes\CLSID\{2CE74375-4771-35EC-BD45-C617A6D560EC}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2149067118-2159268847-2510909587-44552_Classes\CLSID\{2E3299E7-6275-3E4D-9783-675E4DFB35D8}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2149067118-2159268847-2510909587-44552_Classes\CLSID\{33b07fd4-5917-43e1-968d-4c79231836bf}\localserver32 -> C:\Users\tzeweng.choo\AppData\Roaming\Google\Google Talk\googletalk.exe (Google)
CustomCLSID: HKU\S-1-5-21-2149067118-2159268847-2510909587-44552_Classes\CLSID\{3596C20F-539E-33BE-97A3-FB95F496EC78}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2149067118-2159268847-2510909587-44552_Classes\CLSID\{36EFCBA7-5B27-3D4E-BAAF-D76FE2FFDC7A}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2149067118-2159268847-2510909587-44552_Classes\CLSID\{3C893B0D-ADF9-3494-90E2-F5B3892F8CF0}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2149067118-2159268847-2510909587-44552_Classes\CLSID\{44B41956-FD57-3E3D-B388-3557A7242B24}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2149067118-2159268847-2510909587-44552_Classes\CLSID\{48A60FE8-C446-4371-95EB-258B14DCC5AC}\InprocServer32 -> C:\Users\tzeweng.choo\AppData\Local\ATT Connect\Participant\ScheduleEvent.dll (AT&T Inc.)
CustomCLSID: HKU\S-1-5-21-2149067118-2159268847-2510909587-44552_Classes\CLSID\{4D86FEF0-1098-3DE4-86E5-031259AAA812}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2149067118-2159268847-2510909587-44552_Classes\CLSID\{514C9681-C082-322C-9D9E-673DD93E2816}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2149067118-2159268847-2510909587-44552_Classes\CLSID\{54A71B1E-0069-3F87-BC2C-C260B9A95676}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2149067118-2159268847-2510909587-44552_Classes\CLSID\{5A31DC2C-BC50-4F71-93B8-2EC648404AF3}\InprocServer32 -> C:\Users\tzeweng.choo\AppData\Local\ATT Connect\Participant\Video2ActiveXWnd.OCX ()
CustomCLSID: HKU\S-1-5-21-2149067118-2159268847-2510909587-44552_Classes\CLSID\{5AF680CD-DCFC-3000-95F5-58C84C1AA42E}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2149067118-2159268847-2510909587-44552_Classes\CLSID\{5CB39C13-0AA8-3C5D-B88B-2E78D2AF6F00}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2149067118-2159268847-2510909587-44552_Classes\CLSID\{651F3051-0DB6-3B42-B574-B49D8AE8F20A}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2149067118-2159268847-2510909587-44552_Classes\CLSID\{6FDCAA4A-86CB-30A0-92CF-BC9530557523}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2149067118-2159268847-2510909587-44552_Classes\CLSID\{71C8482B-2AA3-3A85-A12D-C6BBDA44E658}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2149067118-2159268847-2510909587-44552_Classes\CLSID\{7949C823-54C6-40F0-8D85-2348247E6820}\InprocServer32 -> C:\Users\tzeweng.choo\AppData\Local\ATT Connect\Utilities\IWMaterials.OCX (AT&T Inc.)
CustomCLSID: HKU\S-1-5-21-2149067118-2159268847-2510909587-44552_Classes\CLSID\{795B06EA-58E8-482C-AF11-A7E4E34DA16F}\InprocServer32 -> C:\Users\tzeweng.choo\AppData\Local\ATT Connect\Participant\InstallDetect8557.OCX (Interwise)
CustomCLSID: HKU\S-1-5-21-2149067118-2159268847-2510909587-44552_Classes\CLSID\{7A162288-DE78-473C-A6BA-23FF17F768E9}\InprocServer32 -> C:\Users\tzeweng.choo\AppData\Local\ATT Connect\Participant\AxWebInstaller8750.ocx (Interwise)
CustomCLSID: HKU\S-1-5-21-2149067118-2159268847-2510909587-44552_Classes\CLSID\{7C7B81BB-D141-3C12-84F7-FF4706F354CA}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2149067118-2159268847-2510909587-44552_Classes\CLSID\{82C197BD-6503-346A-AABF-E1639079DEE8}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2149067118-2159268847-2510909587-44552_Classes\CLSID\{83730EE4-6C46-11CF-A524-0080C77A7786}\InprocServer32 -> C:\Users\tzeweng.choo\AppData\Local\ATT Connect\Participant\MSMASK32.OCX (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2149067118-2159268847-2510909587-44552_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Users\tzeweng.choo\AppData\Local\Citrix\GoToMeeting\1350\G2MOutlookAddin.dll (Citrix Online, a division of Citrix Systems, Inc.)
CustomCLSID: HKU\S-1-5-21-2149067118-2159268847-2510909587-44552_Classes\CLSID\{88BE9158-3A40-4907-B2F0-7E72496A9596}\InprocServer32 -> C:\Users\tzeweng.choo\AppData\Local\ATT Connect\Participant\ScheduleEvent.dll (AT&T Inc.)
CustomCLSID: HKU\S-1-5-21-2149067118-2159268847-2510909587-44552_Classes\CLSID\{8A3C5585-D1ED-4EC0-B3C4-94998094E5BB}\InprocServer32 -> C:\Users\tzeweng.choo\AppData\Local\ATT Connect\Participant\ScheduleEvent.dll (AT&T Inc.)
CustomCLSID: HKU\S-1-5-21-2149067118-2159268847-2510909587-44552_Classes\CLSID\{8CC82228-2200-4D22-9859-B762582F6D31}\InprocServer32 -> C:\Users\tzeweng.choo\AppData\Local\ATT Connect\Participant\InstallDetect8557.OCX (Interwise)
CustomCLSID: HKU\S-1-5-21-2149067118-2159268847-2510909587-44552_Classes\CLSID\{90F461D4-D7FC-442F-802A-C3B94EBA5840}\InprocServer32 -> C:\Users\tzeweng.choo\AppData\Roaming\PremiereGlobal\GlobalMeet Outlook Toolbar\adxloader.dll ()
CustomCLSID: HKU\S-1-5-21-2149067118-2159268847-2510909587-44552_Classes\CLSID\{A2C5592A-508D-38DD-8E7F-87E7A6C77DF6}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2149067118-2159268847-2510909587-44552_Classes\CLSID\{A8DACC70-753C-3C1A-802E-0D10CA790FBA}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2149067118-2159268847-2510909587-44552_Classes\CLSID\{A8F086C3-2497-4229-82FE-586F2D326F95}\localserver32 -> C:\Users\tzeweng.choo\AppData\Roaming\Google\Google Talk\googletalk.exe (Google)
CustomCLSID: HKU\S-1-5-21-2149067118-2159268847-2510909587-44552_Classes\CLSID\{AE2F957C-DAA3-3C98-8660-FBE4A8F5FDDC}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2149067118-2159268847-2510909587-44552_Classes\CLSID\{B54BA316-F511-4751-B69A-22224324A240}\InprocServer32 -> C:\Users\tzeweng.choo\AppData\Local\Microsoft\CWA\x86\CwaAsVersion.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2149067118-2159268847-2510909587-44552_Classes\CLSID\{B6CFDC65-EB21-350D-B923-C8FC896E1E25}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2149067118-2159268847-2510909587-44552_Classes\CLSID\{BDF30061-FAD2-35CF-8F85-627E3210BDBE}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2149067118-2159268847-2510909587-44552_Classes\CLSID\{C427717C-2B0F-3A72-9A60-349013326BA9}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2149067118-2159268847-2510909587-44552_Classes\CLSID\{C5888FBD-981B-3EF5-9BCF-70CADD21E250}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2149067118-2159268847-2510909587-44552_Classes\CLSID\{C932BA85-4374-101B-A56C-00AA003668DC}\InprocServer32 -> C:\Users\tzeweng.choo\AppData\Local\ATT Connect\Participant\MSMASK32.OCX (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2149067118-2159268847-2510909587-44552_Classes\CLSID\{CA7B7245-5B45-35C4-BA01-97319BC2D6E7}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2149067118-2159268847-2510909587-44552_Classes\CLSID\{CC9F903E-1C4B-4596-B410-982107EC4899}\InprocServer32 -> C:\Users\tzeweng.choo\AppData\Local\ATT Connect\Participant\ScheduleEvent.dll (AT&T Inc.)
CustomCLSID: HKU\S-1-5-21-2149067118-2159268847-2510909587-44552_Classes\CLSID\{D085A4AB-CAB1-4729-9DF8-FCEEDDBD19E4}\localserver32 -> C:\Program Files\Citrix\ICA Client\wfcrun32.exe (Citrix Systems, Inc.)
CustomCLSID: HKU\S-1-5-21-2149067118-2159268847-2510909587-44552_Classes\CLSID\{d33f3ced-d7d5-44f1-a9fe-6927dabb1934}\localserver32 -> C:\Users\tzeweng.choo\AppData\Roaming\Google\Google Talk\googletalk.exe (Google)
CustomCLSID: HKU\S-1-5-21-2149067118-2159268847-2510909587-44552_Classes\CLSID\{D5DE8D20-5BB8-11D1-A1E3-00A0C90F2731}\InprocServer32 -> C:\Windows\system32\MSVBVM60.DLL (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2149067118-2159268847-2510909587-44552_Classes\CLSID\{DE471660-5535-47A8-949A-9DA95A72951F}\InprocServer32 -> C:\Users\tzeweng.choo\AppData\Local\ATT Connect\Utilities\IWMaterials.OCX (AT&T Inc.)
CustomCLSID: HKU\S-1-5-21-2149067118-2159268847-2510909587-44552_Classes\CLSID\{E169D2B5-9411-47B9-A473-345A3FB57090}\InprocServer32 -> C:\Users\tzeweng.choo\AppData\Local\ATT Connect\Participant\AxWebInstaller8750.ocx (Interwise)
CustomCLSID: HKU\S-1-5-21-2149067118-2159268847-2510909587-44552_Classes\CLSID\{E7057150-6B1A-5126-AE1F-A6731C32470C}\InprocServer32 -> C:\Users\tzeweng.choo\AppData\Roaming\PGi\ScreenShare Helper\1.1.3\npScreenShareHelperV1.1.3.dll (PGi)
CustomCLSID: HKU\S-1-5-21-2149067118-2159268847-2510909587-44552_Classes\CLSID\{E79CF1B9-8914-3BDB-9AA3-685473FF552C}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2149067118-2159268847-2510909587-44552_Classes\CLSID\{E7C8C660-96F5-3444-B4BB-EDD94C1C1EED}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2149067118-2159268847-2510909587-44552_Classes\CLSID\{E997FFF6-F496-4CAE-BB7F-F383D3809FD0}\localserver32 -> C:\Users\tzeweng.choo\AppData\Local\Microsoft\CWA\x86\CwaAppShAx.exe (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2149067118-2159268847-2510909587-44552_Classes\CLSID\{E9D404A5-2AF7-304E-A539-D13B94ABD746}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2149067118-2159268847-2510909587-44552_Classes\CLSID\{EC1C1346-BD38-3040-A3FD-C7B59E57B420}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2149067118-2159268847-2510909587-44552_Classes\CLSID\{ED3D1C54-3118-3550-82A8-2437C63E7A53}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2149067118-2159268847-2510909587-44552_Classes\CLSID\{F2C69569-6B76-3AC7-A437-48DC0ED3A8C6}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2149067118-2159268847-2510909587-44552_Classes\CLSID\{F4A2332C-B453-4424-A142-AB9C51BAE2AF}\InprocServer32 -> C:\Users\tzeweng.choo\AppData\Local\ATT Connect\Participant\ScheduleEvent.dll (AT&T Inc.)
CustomCLSID: HKU\S-1-5-21-2149067118-2159268847-2510909587-44552_Classes\CLSID\{F704D533-6304-351B-BCAD-C51FDE927106}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2149067118-2159268847-2510909587-44552_Classes\CLSID\{F8ACB9F2-2A7D-4261-AA37-A39448C23CAE}\InprocServer32 -> C:\Users\tzeweng.choo\AppData\Local\ATT Connect\Participant\dsoframer.ocx (AT&T Inc.)
CustomCLSID: HKU\S-1-5-21-2149067118-2159268847-2510909587-44552_Classes\CLSID\{FAA6D6E9-89B6-3AA1-816D-B8868A06387E}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)

==================== Restore Points  =========================

24-10-2014 03:34:33 End of disinfection

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 10:04 - 2013-10-28 15:13 - 00000875 ____A C:\Windows\system32\Drivers\etc\hosts
69.43.161.133    livecgtdemo.acclipsetest.com

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {46EAE88F-7B97-4454-A09F-5535CC9A3833} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-2149067118-2159268847-2510909587-44552 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2012-11-30] (RealNetworks, Inc.)
Task: {492190EF-8772-4ED4-B55D-F8509979BEC6} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-2149067118-2159268847-2510909587-44552 => C:\Program Files\RealNetworks\RealDownloader\realupgrade.exe [2012-11-29] (RealNetworks, Inc.)
Task: {5AA602F4-6908-4D80-B070-2309ADCD6024} - System32\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-2149067118-2159268847-2510909587-44552 => C:\Program Files\RealNetworks\RealDownloader\recordingmanager.exe [2012-11-29] (RealNetworks, Inc.)
Task: {5D194536-093C-4221-9EE3-6CB435EB8CC7} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: {65A90BFF-2A71-4342-9D3F-1101186FECE2} - System32\Tasks\G2MUpdateTask-S-1-5-21-2149067118-2159268847-2510909587-44552 => C:\Users\tzeweng.choo\AppData\Local\Citrix\GoToMeeting\1865\g2mupdate.exe [2014-10-24] (Citrix Online, a division of Citrix Systems, Inc.)
Task: {6FD96484-7D53-4EEB-8DA5-2D2883B3F0C4} - System32\Tasks\Microsoft\Configuration Manager\Configuration Manager Health Evaluation => C:\Windows\CCM\ccmeval.exe [2013-09-11] (Microsoft Corporation)
Task: {722D755A-F565-42FE-B9A4-83BB14E3D0A1} - System32\Tasks\Microsoft\Microsoft Forefront\Client Security\Client\Antimalware\MP Scheduled Quick Scan => c:\Program Files\Microsoft Forefront\Client Security\Client\Antimalware\MpCmdRun.exe [2011-01-08] (Microsoft Corporation)
Task: {75BA4A3E-D856-4B00-AE5A-50D92601A6BB} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-25] (Adobe Systems Incorporated)
Task: {7A1121F6-E4ED-4038-84A4-78457F2BDEAC} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-2149067118-2159268847-2510909587-44552 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2012-11-30] (RealNetworks, Inc.)
Task: {7A168A51-DEDF-42AD-B391-A5551123FC7E} - System32\Tasks\Microsoft\Configuration Manager\Configuration Manager Idle Detection
Task: {C9F67322-F9CB-4F80-A734-AA69A1599A25} - System32\Tasks\LaunchSignup => C:\Program Files\MyPC Backup\Signup Wizard.exe <==== ATTENTION
Task: {D2D93A4A-51B0-4242-859D-6306E9D5F90B} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-2149067118-2159268847-2510909587-44552 => C:\Program Files\RealNetworks\RealDownloader\realupgrade.exe [2012-11-29] (RealNetworks, Inc.)
Task: {DCF48564-FE91-483E-B317-AA65926F72F0} - System32\Tasks\Microsoft\Microsoft Forefront\Client Security\Client\Antimalware\MP Scheduled Scan => c:\Program Files\Microsoft Forefront\Client Security\Client\Antimalware\MpCmdRun.exe [2011-01-08] (Microsoft Corporation)
Task: {F1BA0F63-5EE8-4243-BEF8-A9C8F01882F9} - System32\Tasks\Microsoft\Microsoft Forefront\Client Security\Client\Antimalware\MP Scheduled Signature Update => c:\Program Files\Microsoft Forefront\Client Security\Client\Antimalware\MpCmdRun.exe [2011-01-08] (Microsoft Corporation)
Task: {F3D90E83-7B01-41A1-BFA0-8AD5AC60B040} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-2149067118-2159268847-2510909587-44552 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2012-11-30] (RealNetworks, Inc.)
Task: {F6E75D09-B157-400F-8FA3-EDA476F94A20} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-2149067118-2159268847-2510909587-44552 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2012-11-30] (RealNetworks, Inc.)
Task: {F84B7103-21A9-4127-B211-2F2CFFB9D194} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-2149067118-2159268847-2510909587-44552.job => C:\Users\tzeweng.choo\AppData\Local\Citrix\GoToMeeting\1865\g2mupdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2013-05-02 10:00 - 2013-05-02 09:59 - 00246112 _____ () C:\ProgramData\Celcom Broadband Manager\OnlineUpdate\ouc.exe
2013-05-02 10:00 - 2013-05-02 09:59 - 00011362 _____ () C:\ProgramData\Celcom Broadband Manager\OnlineUpdate\mingwm10.dll
2013-05-02 10:00 - 2013-05-02 09:59 - 00043008 _____ () C:\ProgramData\Celcom Broadband Manager\OnlineUpdate\libgcc_s_dw2-1.dll
2013-05-02 10:00 - 2013-05-02 09:59 - 02415104 _____ () C:\ProgramData\Celcom Broadband Manager\OnlineUpdate\QtCore4.dll
2013-05-02 10:00 - 2013-05-02 09:59 - 01148416 _____ () C:\ProgramData\Celcom Broadband Manager\OnlineUpdate\QtNetwork4.dll
2013-05-02 10:00 - 2013-05-02 09:59 - 00384512 _____ () C:\ProgramData\Celcom Broadband Manager\OnlineUpdate\QueryStrategy.dll
2013-05-02 10:00 - 2013-05-02 09:59 - 00398336 _____ () C:\ProgramData\Celcom Broadband Manager\OnlineUpdate\QtXml4.dll
2010-09-27 12:03 - 2010-09-27 12:03 - 00201512 _____ () C:\Windows\system32\vpnapi.dll
2013-04-06 01:03 - 2013-04-05 09:40 - 00234496 _____ () C:\ProgramData\DiGi Internet\OnlineUpdate\ouc.exe
2013-04-05 09:45 - 2013-04-05 09:40 - 00011362 _____ () C:\ProgramData\DiGi Internet\OnlineUpdate\mingwm10.dll
2013-04-05 09:45 - 2013-04-05 09:40 - 00043008 _____ () C:\ProgramData\DiGi Internet\OnlineUpdate\libgcc_s_dw2-1.dll
2013-04-05 09:45 - 2013-04-05 09:40 - 02415104 _____ () C:\ProgramData\DiGi Internet\OnlineUpdate\QtCore4.dll
2013-04-05 09:45 - 2013-04-05 09:40 - 01148416 _____ () C:\ProgramData\DiGi Internet\OnlineUpdate\QtNetwork4.dll
2013-04-05 09:45 - 2013-04-05 09:40 - 00383488 _____ () C:\ProgramData\DiGi Internet\OnlineUpdate\QueryStrategy.dll
2013-04-05 09:45 - 2013-04-05 09:40 - 00398336 _____ () C:\ProgramData\DiGi Internet\OnlineUpdate\QtXml4.dll
2011-03-14 23:27 - 2011-03-14 23:27 - 00271712 _____ () C:\ProgramData\DatacardService\HWDeviceService.exe
2012-12-29 17:12 - 2012-12-29 17:12 - 00598016 _____ () C:\Program Files\ManageEngine\AssetExplorer\bin\agentmonitor.exe
2012-12-29 17:12 - 2012-12-29 17:12 - 00614400 _____ () C:\Program Files\ManageEngine\AssetExplorer\bin\aeagent.exe
2012-12-29 17:12 - 2012-12-29 17:12 - 00159744 _____ () C:\Program Files\ManageEngine\AssetExplorer\bin\SSLEAY32.dll
2012-12-29 17:12 - 2012-12-29 17:12 - 00843776 _____ () C:\Program Files\ManageEngine\AssetExplorer\bin\LIBEAY32.dll
2011-03-15 07:13 - 2011-03-15 07:13 - 04254560 _____ () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2010-03-24 21:17 - 2010-03-24 21:17 - 08794464 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2013-05-11 02:56 - 2013-05-11 02:56 - 00093696 _____ () C:\Program Files\FileZilla FTP Client\fzshellext.dll
2012-11-22 09:55 - 2008-09-16 20:18 - 00132608 _____ () C:\Program Files\WinRAR\rarext.dll
2011-03-15 07:13 - 2011-03-15 07:13 - 04254560 _____ () C:\Program Files\Common Files\Microsoft Shared\office14\Cultures\office.odf
2013-10-25 06:56 - 2013-10-25 06:56 - 44590944 _____ () C:\Program Files\Siphon\Siphone\CPCLR.dll
2012-11-20 16:11 - 2012-11-20 16:11 - 00047616 _____ () C:\Program Files\Siphon\Siphone\boost_signals-vc100-mt-1_51.dll
2012-11-20 16:10 - 2012-11-20 16:10 - 00015360 _____ () C:\Program Files\Siphon\Siphone\boost_system-vc100-mt-1_51.dll
2010-10-29 14:00 - 2010-10-29 14:00 - 01992192 _____ () C:\Program Files\Siphon\Siphone\YLUSBTEL.dll
2012-11-20 16:11 - 2012-11-20 16:11 - 00066560 _____ () C:\Program Files\Siphon\Siphone\boost_thread-vc100-mt-1_51.dll
2012-11-20 16:11 - 2012-11-20 16:11 - 00023040 _____ () C:\Program Files\Siphon\Siphone\boost_chrono-vc100-mt-1_51.dll
2012-11-20 16:11 - 2012-11-20 16:11 - 00627200 _____ () C:\Program Files\Siphon\Siphone\boost_regex-vc100-mt-1_51.dll
2012-11-20 16:10 - 2012-11-20 16:10 - 00100352 _____ () C:\Program Files\Siphon\Siphone\boost_filesystem-vc100-mt-1_51.dll
2012-11-20 16:11 - 2012-11-20 16:11 - 00040448 _____ () C:\Program Files\Siphon\Siphone\boost_date_time-vc100-mt-1_51.dll
2011-01-26 21:13 - 2011-01-26 21:13 - 00721264 _____ () C:\Program Files\Cisco Systems\Cisco IP Communicator\SecurityDll.dll
2011-01-26 21:12 - 2011-01-26 21:12 - 00500064 _____ () C:\Program Files\Cisco Systems\Cisco IP Communicator\R2D.dll
2011-01-26 21:07 - 2011-01-26 21:07 - 00122728 _____ () C:\Program Files\Cisco Systems\Cisco IP Communicator\jnihelp.dll
2011-01-26 21:10 - 2011-01-26 21:10 - 00079208 _____ () C:\Program Files\Cisco Systems\Cisco IP Communicator\NativeIO.dll
2011-01-26 21:15 - 2011-01-26 21:15 - 00266608 _____ () C:\Program Files\Cisco Systems\Cisco IP Communicator\TftpNative.dll
2011-01-26 21:04 - 2011-01-26 21:04 - 00129912 _____ () C:\Program Files\Cisco Systems\Cisco IP Communicator\CdpAccessorDll.dll
2011-01-26 21:03 - 2011-01-26 21:03 - 00363384 _____ () C:\Program Files\Cisco Systems\Cisco IP Communicator\DeviceManager.dll
2011-01-26 21:16 - 2011-01-26 21:16 - 00118648 _____ () C:\Program Files\Cisco Systems\Cisco IP Communicator\TraceServiceDll.dll
2011-01-26 21:07 - 2011-01-26 21:07 - 00266096 _____ () C:\Program Files\Cisco Systems\Cisco IP Communicator\HTTPService.dll
2013-07-02 10:42 - 2013-07-02 10:42 - 00520192 _____ () C:\Users\tzeweng.choo\AppData\Roaming\PremiereGlobal\GlobalMeet Outlook Toolbar\adxloader.dll
2013-09-03 17:40 - 2013-09-03 17:40 - 00026112 _____ () C:\Users\tzeweng.choo\AppData\Local\assembly\dl3\0AZ8G52G.N4E\908CXR68.ODL\276a7b13\007df5d2_cd76ce01\AddinLibrary.DLL
2013-09-03 17:40 - 2013-09-03 17:40 - 00067072 _____ () C:\Users\tzeweng.choo\AppData\Local\assembly\dl3\0AZ8G52G.N4E\908CXR68.ODL\71f792a6\00d757d5_cd76ce01\Branding.DLL
2013-09-03 17:40 - 2013-09-03 17:40 - 00286720 _____ () C:\Users\tzeweng.choo\AppData\Local\assembly\dl3\0AZ8G52G.N4E\908CXR68.ODL\b0fa7290\007df5d2_cd76ce01\Interop.Outlook.DLL
2010-02-28 02:55 - 2010-02-28 02:55 - 01040736 _____ () C:\Program Files\Microsoft Office\Office14\ADDINS\UmOutlookAddin.dll
2012-04-03 11:06 - 2012-04-03 11:06 - 04142080 _____ () C:\Program Files\Qlock\qlock.exe
2012-11-29 20:31 - 2012-11-29 20:31 - 00038608 _____ () C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
2011-01-26 21:01 - 2011-01-26 21:01 - 00313208 _____ () C:\Program Files\Cisco Systems\Cisco IP Communicator\ClarisysHandset.dll
2014-09-25 15:33 - 2014-09-25 15:33 - 00060453 _____ () C:\Windows\system32\EncondingMotionSymbolic\EncondingMotionSymbolic.exe
2011-09-27 07:23 - 2011-09-27 07:23 - 00087912 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2011-09-27 07:22 - 2011-09-27 07:22 - 01242472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\FCSAM => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\FCSAM => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\Services: AESTFilters => 2
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: BCSSync => "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
MSCONFIG\startupreg: ConnectionCenter => "C:\Program Files\Citrix\ICA Client\concentr.exe" /startup
MSCONFIG\startupreg: Kuaiwan => "C:\Program Files\Kuaiwan\Kuaiwan.exe" -S
MSCONFIG\startupreg: QvodTerminal => "C:\Program Files\QvodPlayer\QvodTerminal.exe" -autorun

========================= Accounts: ==========================

wkadministrator (S-1-5-21-4207955712-1011320902-483928812-500 - Administrator - Enabled) => C:\Users\Administrator
wkguest (S-1-5-21-4207955712-1011320902-483928812-501 - Limited - Disabled)

==================== Faulty Device Manager Devices =============

Name: Cisco Systems VPN Adapter
Description: Cisco Systems VPN Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Cisco Systems
Service: CVirtA
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows
Description: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Cisco Systems
Service: vpnva
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

==================== Event log errors: =========================

Application errors:
==================
Error: (10/27/2014 11:18:28 AM) (Source: Group Policy Scheduled Tasks) (EventID: 8196) (User: NT AUTHORITY)
Description: The client-side extension caught the unhandled exception 'filter expand' inside: 'Access violation (0xc0000005) occurred at 0x00000000; the memory at 0x00000000 could not be 柠᙮၈ÿ.'%filter expand00790275

Error: (10/27/2014 09:46:58 AM) (Source: Group Policy Scheduled Tasks) (EventID: 8196) (User: NT AUTHORITY)
Description: The client-side extension caught the unhandled exception 'filter expand' inside: 'Access violation (0xc0000005) occurred at 0xb821cd09; the memory at 0xb821cd09 could not be 柠匟㐨ù.'%filter expand00790275

Error: (10/26/2014 02:14:19 PM) (Source: EventSystem) (EventID: 4621) (User: )
Description: 80070005EventSystem.EventSubscription{694C15BE-0119-44EA-AC3A-D7790D17E7FD}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}CCMUnlock

Error: (10/26/2014 00:33:44 PM) (Source: Group Policy Scheduled Tasks) (EventID: 8196) (User: NT AUTHORITY)
Description: The client-side extension caught the unhandled exception 'filter expand' inside: 'Access violation (0xc0000005) occurred at 0x00000000; the memory at 0x00000000 could not be 柠呭ć.'%filter expand00790275

Error: (10/26/2014 00:13:21 PM) (Source: Microsoft Operations Manager) (EventID: 26008) (User: NT AUTHORITY)
Description: The agent could not resolve the IP of the MOM Server apvthau23069.wkap.int.  The error reported is 'The requested name is valid, but no data of the requested type was found.'.

Error: (10/24/2014 02:49:50 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program iexplore.exe version 9.0.8112.16555 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1444

Start Time: 01cfef2b55e15f01

Termination Time: 412

Application Path: C:\Program Files\Internet Explorer\iexplore.exe

Report Id:

Error: (10/24/2014 02:38:48 PM) (Source: Group Policy Scheduled Tasks) (EventID: 8196) (User: NT AUTHORITY)
Description: The client-side extension caught the unhandled exception 'filter expand' inside: 'Access violation (0xc0000005) occurred at 0x00000000; the memory at 0x00000000 could not be 柠猢⩨č.'%filter expand00790275

Error: (10/24/2014 00:40:44 PM) (Source: Group Policy Scheduled Tasks) (EventID: 8196) (User: NT AUTHORITY)
Description: The client-side extension caught the unhandled exception 'filter expand' inside: 'Access violation (0xc0000005) occurred at 0xf8458966; the memory at 0xf8458966 could not be 柠獌⥈č.'%filter expand00790275

Error: (10/24/2014 11:04:40 AM) (Source: Group Policy Scheduled Tasks) (EventID: 8196) (User: NT AUTHORITY)
Description: The client-side extension caught the unhandled exception 'filter expand' inside: 'Access violation (0xc0000005) occurred at 0xb821cd09; the memory at 0xb821cd09 could not be 柠惿그Ċ.'%filter expand00790275

Error: (10/24/2014 11:04:37 AM) (Source: Group Policy Scheduled Tasks) (EventID: 8196) (User: NT AUTHORITY)
Description: The client-side extension caught the unhandled exception 'filter expand' inside: 'Access violation (0xc0000005) occurred at 0x00000000; the memory at 0x00000000 could not be 柠惢껸Ċ.'%filter expand00790275

System errors:
=============
Error: (10/27/2014 09:47:58 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{05D1D5D8-18D1-4B83-85ED-A0F99D53C885}{AD65A69D-3831-40D7-9629-9B0B50A93843}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)

Error: (10/27/2014 09:47:43 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Google Update Service (gupdate) service failed to start due to the following error:
%%2

Error: (10/27/2014 09:45:37 AM) (Source: Service Control Manager) (EventID: 7022) (User: )

Error: (10/27/2014 09:42:53 AM) (Source: Microsoft-Windows-GroupPolicy) (EventID: 1129) (User: WKAP)
Description: The processing of Group Policy failed because of lack of network connectivity to a domain controller. This may be a transient condition. A success message would be generated once the machine gets connected to the domain controller and Group Policy has succesfully processed. If you do not see a success message for several hours, then contact your administrator.

Error: (10/27/2014 09:42:50 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The DiGi Internet. OUC service failed to start due to the following error:
%%1053

Error: (10/27/2014 09:42:50 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the DiGi Internet. OUC service to connect.

Error: (10/27/2014 09:42:48 AM) (Source: Microsoft-Windows-GroupPolicy) (EventID: 1129) (User: NT AUTHORITY)
Description: The processing of Group Policy failed because of lack of network connectivity to a domain controller. This may be a transient condition. A success message would be generated once the machine gets connected to the domain controller and Group Policy has succesfully processed. If you do not see a success message for several hours, then contact your administrator.

Error: (10/27/2014 09:42:47 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Celcom Broadband Manager. OUC service failed to start due to the following error:
%%1053

Error: (10/27/2014 09:42:47 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Celcom Broadband Manager. OUC service to connect.

Error: (10/27/2014 09:42:46 AM) (Source: NETLOGON) (EventID: 5719) (User: )
Description: This computer was not able to set up a secure session with a domain
controller in domain WKAP due to the following:
%%1311

This may lead to authentication problems. Make sure that this
computer is connected to the network. If the problem persists,
please contact your domain administrator.

 

ADDITIONAL INFO

If this computer is a domain controller for the specified domain, it
sets up the secure session to the primary domain controller emulator in the specified
domain. Otherwise, this computer sets up the secure session to any domain controller
in the specified domain.

Microsoft Office Sessions:
=========================
Error: (04/10/2013 07:35:31 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 10, Application Name: Microsoft Office Visio, Application Version: 12.0.6325.5000, Microsoft Office Version: 12.0.4518.1014. This session lasted 31321 seconds with 1320 seconds of active time.  This session ended with a crash.

Error: (05/21/2012 05:42:32 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 10, Application Name: Microsoft Office Visio, Application Version: 12.0.6325.5000, Microsoft Office Version: 12.0.4518.1014. This session lasted 14431 seconds with 360 seconds of active time.  This session ended with a crash.

==================== Memory info ===========================

Processor: Intel® Core™ i5 CPU M 560 @ 2.67GHz
Percentage of memory in use: 75%
Total physical RAM: 3317.83 MB
Available physical RAM: 829.08 MB
Total Pagefile: 6633.94 MB
Available Pagefile: 3422.09 MB
Total Virtual: 2047.88 MB
Available Virtual: 1873.34 MB

==================== Drives ================================

Drive c: (System) (Fixed) (Total:298.09 GB) (Free:72.21 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive f: () (Network) (Total:2000 GB) (Free:741.56 GB)
Drive o: () (Network) (Total:2000 GB) (Free:91.3 GB)
Drive v: () (Network) (Total:2000 GB) (Free:396.13 GB)

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: 6CDB5FE1)
Partition 1: (Active) - (Size=298.1 GB) - (Type=07 NTFS)

==================== End Of Log ============================



#4 cbweng

cbweng
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:03:05 PM

Posted 26 October 2014 - 11:38 PM

HI,

I 'm just join BleepingComputer! May looking somebody to help on my issue.

 

Look forward BleepingComputer respond to my post...

 

Thanks in advance....



#5 cbweng

cbweng
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:03:05 PM

Posted 28 October 2014 - 12:47 AM

Any expert around to help out.....



#6 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 35,580 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:11:05 PM

Posted 30 October 2014 - 01:30 PM

Greetings cbweng and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

If you would allow me to call you by your first name I would prefer to do that.

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met. :)
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • When you post your reply, use the Replytopic.jpg button instead.
  • In the upper right hand corner of the topic you will see the Followtopic.jpg button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
  • Now let's get started :thumbup2:
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far.

Can you tell me if this looks familiar to you?

C:\Windows\System32\EncondingMotionSymbolic\EncondingMotionSymbolic.exe


Please run these for me.

===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Press the Windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter
  • Please copy and paste the contents of the below code box into the open notepad and save it to your desktop (<<<Important) as fixlist.txt
HKU\S-1-5-21-2149067118-2159268847-2510909587-44552\...\Run: [Only-search] => C:\Users\tzeweng.choo\AppData\Local\onlysearch\onlysearch\1.3.12.9\onlysearch.exe
C:\Users\tzeweng.choo\AppData\Local\onlysearch
HKU\S-1-5-21-2149067118-2159268847-2510909587-44552\...\MountPoints2: E - E:\AutoRun.exe
HKU\S-1-5-21-2149067118-2159268847-2510909587-44552\...\MountPoints2: {0d3a2a44-b102-11e1-97a6-90004eed2ce9} - F:\AutoRun.exe
HKU\S-1-5-21-2149067118-2159268847-2510909587-44552\...\MountPoints2: {0d3a2a6a-b102-11e1-97a6-90004eed2ce9} - F:\AutoRun.exe
HKU\S-1-5-21-2149067118-2159268847-2510909587-44552\...\MountPoints2: {130f3d74-b2c4-11e2-a4e0-90004eed2ce9} - E:\AutoRun.exe
HKU\S-1-5-21-2149067118-2159268847-2510909587-44552\...\MountPoints2: {13d9ff12-9d8c-11e2-8379-90004eed2ce9} - E:\AutoRun.exe
HKU\S-1-5-21-2149067118-2159268847-2510909587-44552\...\MountPoints2: {13d9ff1d-9d8c-11e2-8379-90004eed2ce9} - E:\AutoRun.exe
HKU\S-1-5-21-2149067118-2159268847-2510909587-44552\...\MountPoints2: {3d18bd67-ed53-11e2-bacc-90004eed2ce9} - E:\AutoRun.exe
HKU\S-1-5-21-2149067118-2159268847-2510909587-44552\...\MountPoints2: {931215bb-9e12-11e2-9953-90004eed2ce9} - E:\AutoRun.exe
HKU\S-1-5-21-2149067118-2159268847-2510909587-44552\...\MountPoints2: {b1b5c6f5-9cc3-11e2-9b36-90004eed2ce9} - E:\AutoRun.exe
HKU\S-1-5-21-2149067118-2159268847-2510909587-44552\...\MountPoints2: {cceb2369-e37c-11e2-b4a2-90004eed2ce9} - E:\AutoRun.exe
AppInit_DLLs: c:\progra~2\bprote~1\20392~1.106\protec~1.dll => c:\progra~2\bprote~1\20392~1.106\protec~1.dll File Not Found
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
ProxyServer: http=127.0.0.1:28020
URLSearchHook: ATTENTION ==> Default URLSearchHook is missing.
SearchScopes: HKCU - DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
S2 gupdate; "C:\Program Files\Google\Update\GoogleUpdate.exe" /svc [X]
S3 gupdatem; "C:\Program Files\Google\Update\GoogleUpdate.exe" /medsvc [X]
S3 rpcapd; "%ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini" [X]
S3 ewusbnet; system32\DRIVERS\ewusbnet.sys [X]
S3 hwusbdev; system32\DRIVERS\ewusbdev.sys [X]
C:\Users\tzeweng.choo\CTX.DAT
C:\Users\tzeweng.choo\fyah.bat
C:\Users\tzeweng.choo\AppData\Local\Temp\294823_.exe
C:\Users\tzeweng.choo\AppData\Local\Temp\99368uninstall.exe
C:\Users\tzeweng.choo\AppData\Local\Temp\aacenc3.exe
C:\Users\tzeweng.choo\AppData\Local\Temp\BackupSetup.exe
C:\Users\tzeweng.choo\AppData\Local\Temp\BbCw58xCJu.exe
C:\Users\tzeweng.choo\AppData\Local\Temp\ffmpeg19.exe
C:\Users\tzeweng.choo\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe
C:\Users\tzeweng.choo\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe
C:\Users\tzeweng.choo\AppData\Local\Temp\jre-7u60-windows-i586-iftw.exe
C:\Users\tzeweng.choo\AppData\Local\Temp\Quarantine.exe
C:\Users\tzeweng.choo\AppData\Local\Temp\QvodSetupIOS.exe
C:\Users\tzeweng.choo\AppData\Local\Temp\remove.exe
C:\Users\tzeweng.choo\AppData\Local\Temp\Sqlite3.dll
C:\Users\tzeweng.choo\AppData\Local\Temp\System.Data.SQLite.dll
C:\Users\tzeweng.choo\AppData\Local\Temp\System.Data.SQLite23274.dll
C:\Users\tzeweng.choo\AppData\Local\Temp\System.Data.SQLite40154.dll
C:\Users\tzeweng.choo\AppData\Local\Temp\System.Data.SQLite72120.dll
C:\Users\tzeweng.choo\AppData\Local\Temp\u1wGAIYoZb.exe
C:\Users\tzeweng.choo\AppData\Local\Temp\vcredist_x86.exe
C:\Users\tzeweng.choo\AppData\Local\Temp\x264enc6.exe
C:\Windows\system32\Drivers\etc\hosts
Task: {C9F67322-F9CB-4F80-A734-AA69A1599A25} - System32\Tasks\LaunchSignup => C:\Program Files\MyPC Backup\Signup Wizard.exe <==== ATTENTION
  • Launch FRST and press the Fix button just once and wait, the program will automatically launch fixlist.txt.
  • The tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
===================================================

Virustotal Online Virus Scanner

--------------------
  • Please go to Virustotal
  • Select Choose File
  • Navigate to the following file (if multiple files then one at a time), double click on it so the file name is populated, then click Scan it!
  • IMPORTANT! If the file is listed as already analyzed, click on Reanalyse file now button.

C:\Users\tzeweng.choo\AppData\Roaming\coreavc.ini

  • Once completed, highlight the information in the address bar and copy then paste the link in your reply
virustotal.jpg

===================================================

AdwCleaner by Xplode - Delete Adware

-------------------
  • Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browser
  • Double click on AdwCleaner.exe, click Run, then select I agree if it appears
  • Click Scan
  • Once the scan has completed click on Clean
  • Confirm the cleaning and rebooting of your computer by clicking OK
  • Your computer will be rebooted automatically. A text file will open after the restart
  • Copy and paste the contents in your reply
  • You can also find the logfile at C:\AdwCleaner\AdwCleaner.txt
===================================================

Junkware Removal Tool by thisisu

-------------------
  • Please download Junkware Removal Tool and save it to your desktop.
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Right-mouse click JRT.exe and select Run as administrator (Windows XP double click the icon)
  • Please allow the program time to run
  • Once completed a Notepad document will open on your desktop
  • Copy and paste the contents in your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Do you recognize the program/file?
  • Fixlog
  • Virustotal link
  • AdwCleaner log
  • Junkware log
  • How is your computer running?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#7 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 35,580 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:11:05 PM

Posted 02 November 2014 - 09:49 AM

Greetings,

===================================================

3 Day Bump

It has been more than 3 days since my last post.
  • Do you still need help with this?
  • If after 48hrs you have not replied to this thread then it will have to be closed.

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#8 cbweng

cbweng
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:03:05 PM

Posted 02 November 2014 - 09:44 PM

Hi,

 

Sorry for the late reply. I will follow your step....



#9 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 35,580 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:11:05 PM

Posted 02 November 2014 - 10:13 PM

Thanks for letting me know.  Glad you are aboard.


Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#10 cbweng

cbweng
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:03:05 PM

Posted 02 November 2014 - 11:36 PM

Requirement as follow;

 

■Do you recognize the program/file?

 - no sure.

■Fixlog

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 02-11-2014
Ran by TzeWeng.Choo at 2014-11-03 10:53:44 Run:1
Running from C:\Users\tzeweng.choo\Desktop
Loaded Profile: TzeWeng.Choo (Available profiles: ayap & KokWei.Yiap & Venkadesh.T & TzeWeng.Choo & wkadministrator)
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
HKU\S-1-5-21-2149067118-2159268847-2510909587-44552\...\Run: [Only-search] => C:\Users\tzeweng.choo\AppData\Local\onlysearch\onlysearch\1.3.12.9\onlysearch.exe
C:\Users\tzeweng.choo\AppData\Local\onlysearch
HKU\S-1-5-21-2149067118-2159268847-2510909587-44552\...\MountPoints2: E - E:\AutoRun.exe
HKU\S-1-5-21-2149067118-2159268847-2510909587-44552\...\MountPoints2: {0d3a2a44-b102-11e1-97a6-90004eed2ce9} - F:\AutoRun.exe
HKU\S-1-5-21-2149067118-2159268847-2510909587-44552\...\MountPoints2: {0d3a2a6a-b102-11e1-97a6-90004eed2ce9} - F:\AutoRun.exe
HKU\S-1-5-21-2149067118-2159268847-2510909587-44552\...\MountPoints2: {130f3d74-b2c4-11e2-a4e0-90004eed2ce9} - E:\AutoRun.exe
HKU\S-1-5-21-2149067118-2159268847-2510909587-44552\...\MountPoints2: {13d9ff12-9d8c-11e2-8379-90004eed2ce9} - E:\AutoRun.exe
HKU\S-1-5-21-2149067118-2159268847-2510909587-44552\...\MountPoints2: {13d9ff1d-9d8c-11e2-8379-90004eed2ce9} - E:\AutoRun.exe
HKU\S-1-5-21-2149067118-2159268847-2510909587-44552\...\MountPoints2: {3d18bd67-ed53-11e2-bacc-90004eed2ce9} - E:\AutoRun.exe
HKU\S-1-5-21-2149067118-2159268847-2510909587-44552\...\MountPoints2: {931215bb-9e12-11e2-9953-90004eed2ce9} - E:\AutoRun.exe
HKU\S-1-5-21-2149067118-2159268847-2510909587-44552\...\MountPoints2: {b1b5c6f5-9cc3-11e2-9b36-90004eed2ce9} - E:\AutoRun.exe
HKU\S-1-5-21-2149067118-2159268847-2510909587-44552\...\MountPoints2: {cceb2369-e37c-11e2-b4a2-90004eed2ce9} - E:\AutoRun.exe
AppInit_DLLs: c:\progra~2\bprote~1\20392~1.106\protec~1.dll => c:\progra~2\bprote~1\20392~1.106\protec~1.dll File Not Found
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
ProxyServer: http=127.0.0.1:28020
URLSearchHook: ATTENTION ==> Default URLSearchHook is missing.
SearchScopes: HKCU - DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
S2 gupdate; "C:\Program Files\Google\Update\GoogleUpdate.exe" /svc [X]
S3 gupdatem; "C:\Program Files\Google\Update\GoogleUpdate.exe" /medsvc [X]
S3 rpcapd; "%ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini" [X]
S3 ewusbnet; system32\DRIVERS\ewusbnet.sys [X]
S3 hwusbdev; system32\DRIVERS\ewusbdev.sys [X]
C:\Users\tzeweng.choo\CTX.DAT
C:\Users\tzeweng.choo\fyah.bat
C:\Users\tzeweng.choo\AppData\Local\Temp\294823_.exe
C:\Users\tzeweng.choo\AppData\Local\Temp\99368uninstall.exe
C:\Users\tzeweng.choo\AppData\Local\Temp\aacenc3.exe
C:\Users\tzeweng.choo\AppData\Local\Temp\BackupSetup.exe
C:\Users\tzeweng.choo\AppData\Local\Temp\BbCw58xCJu.exe
C:\Users\tzeweng.choo\AppData\Local\Temp\ffmpeg19.exe
C:\Users\tzeweng.choo\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe
C:\Users\tzeweng.choo\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe
C:\Users\tzeweng.choo\AppData\Local\Temp\jre-7u60-windows-i586-iftw.exe
C:\Users\tzeweng.choo\AppData\Local\Temp\Quarantine.exe
C:\Users\tzeweng.choo\AppData\Local\Temp\QvodSetupIOS.exe
C:\Users\tzeweng.choo\AppData\Local\Temp\remove.exe
C:\Users\tzeweng.choo\AppData\Local\Temp\Sqlite3.dll
C:\Users\tzeweng.choo\AppData\Local\Temp\System.Data.SQLite.dll
C:\Users\tzeweng.choo\AppData\Local\Temp\System.Data.SQLite23274.dll
C:\Users\tzeweng.choo\AppData\Local\Temp\System.Data.SQLite40154.dll
C:\Users\tzeweng.choo\AppData\Local\Temp\System.Data.SQLite72120.dll
C:\Users\tzeweng.choo\AppData\Local\Temp\u1wGAIYoZb.exe
C:\Users\tzeweng.choo\AppData\Local\Temp\vcredist_x86.exe
C:\Users\tzeweng.choo\AppData\Local\Temp\x264enc6.exe
C:\Windows\system32\Drivers\etc\hosts
Task: {C9F67322-F9CB-4F80-A734-AA69A1599A25} - System32\Tasks\LaunchSignup => C:\Program Files\MyPC Backup\Signup Wizard.exe <==== ATTENTION
*****************

HKU\S-1-5-21-2149067118-2159268847-2510909587-44552\Software\Microsoft\Windows\CurrentVersion\Run\\Only-search => Value not found.
"C:\Users\tzeweng.choo\AppData\Local\onlysearch" => File/Directory not found.
"HKU\S-1-5-21-2149067118-2159268847-2510909587-44552\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\S-1-5-21-2149067118-2159268847-2510909587-44552" => Key not found.
"HKU\S-1-5-21-2149067118-2159268847-2510909587-44552\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0d3a2a44-b102-11e1-97a6-90004eed2ce9}" => Key deleted successfully.
"HKCR\CLSID\{0d3a2a44-b102-11e1-97a6-90004eed2ce9}" => Key not found.
"HKU\S-1-5-21-2149067118-2159268847-2510909587-44552\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0d3a2a6a-b102-11e1-97a6-90004eed2ce9}" => Key deleted successfully.
"HKCR\CLSID\{0d3a2a6a-b102-11e1-97a6-90004eed2ce9}" => Key not found.
"HKU\S-1-5-21-2149067118-2159268847-2510909587-44552\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{130f3d74-b2c4-11e2-a4e0-90004eed2ce9}" => Key deleted successfully.
"HKCR\CLSID\{130f3d74-b2c4-11e2-a4e0-90004eed2ce9}" => Key not found.
"HKU\S-1-5-21-2149067118-2159268847-2510909587-44552\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{13d9ff12-9d8c-11e2-8379-90004eed2ce9}" => Key deleted successfully.
"HKCR\CLSID\{13d9ff12-9d8c-11e2-8379-90004eed2ce9}" => Key not found.
"HKU\S-1-5-21-2149067118-2159268847-2510909587-44552\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{13d9ff1d-9d8c-11e2-8379-90004eed2ce9}" => Key deleted successfully.
"HKCR\CLSID\{13d9ff1d-9d8c-11e2-8379-90004eed2ce9}" => Key not found.
"HKU\S-1-5-21-2149067118-2159268847-2510909587-44552\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3d18bd67-ed53-11e2-bacc-90004eed2ce9}" => Key deleted successfully.
"HKCR\CLSID\{3d18bd67-ed53-11e2-bacc-90004eed2ce9}" => Key not found.
"HKU\S-1-5-21-2149067118-2159268847-2510909587-44552\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{931215bb-9e12-11e2-9953-90004eed2ce9}" => Key deleted successfully.
"HKCR\CLSID\{931215bb-9e12-11e2-9953-90004eed2ce9}" => Key not found.
"HKU\S-1-5-21-2149067118-2159268847-2510909587-44552\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b1b5c6f5-9cc3-11e2-9b36-90004eed2ce9}" => Key deleted successfully.
"HKCR\CLSID\{b1b5c6f5-9cc3-11e2-9b36-90004eed2ce9}" => Key not found.
"HKU\S-1-5-21-2149067118-2159268847-2510909587-44552\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{cceb2369-e37c-11e2-b4a2-90004eed2ce9}" => Key deleted successfully.
"HKCR\CLSID\{cceb2369-e37c-11e2-b4a2-90004eed2ce9}" => Key not found.
"c:\progra~2\bprote~1\20392~1.106\protec~1.dll" => Value Data removed successfully.
C:\Windows\system32\GroupPolicy\Machine => Moved successfully.
C:\Windows\system32\GroupPolicy\GPT.ini => Moved successfully.
"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => value deleted successfully.
Default URLSearchHook was restored successfully .
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
"HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}" => Key deleted successfully.
"HKCR\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}" => Key not found.
gupdate => Service deleted successfully.
gupdatem => Service deleted successfully.
rpcapd => Service deleted successfully.
ewusbnet => Service deleted successfully.
hwusbdev => Service deleted successfully.
C:\Users\tzeweng.choo\CTX.DAT => Moved successfully.
C:\Users\tzeweng.choo\fyah.bat => Moved successfully.
C:\Users\tzeweng.choo\AppData\Local\Temp\294823_.exe => Moved successfully.
C:\Users\tzeweng.choo\AppData\Local\Temp\99368uninstall.exe => Moved successfully.
C:\Users\tzeweng.choo\AppData\Local\Temp\aacenc3.exe => Moved successfully.
"C:\Users\tzeweng.choo\AppData\Local\Temp\BackupSetup.exe" => File/Directory not found.
"C:\Users\tzeweng.choo\AppData\Local\Temp\BbCw58xCJu.exe" => File/Directory not found.
C:\Users\tzeweng.choo\AppData\Local\Temp\ffmpeg19.exe => Moved successfully.
C:\Users\tzeweng.choo\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe => Moved successfully.
C:\Users\tzeweng.choo\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe => Moved successfully.
C:\Users\tzeweng.choo\AppData\Local\Temp\jre-7u60-windows-i586-iftw.exe => Moved successfully.
C:\Users\tzeweng.choo\AppData\Local\Temp\Quarantine.exe => Moved successfully.
C:\Users\tzeweng.choo\AppData\Local\Temp\QvodSetupIOS.exe => Moved successfully.
C:\Users\tzeweng.choo\AppData\Local\Temp\remove.exe => Moved successfully.
C:\Users\tzeweng.choo\AppData\Local\Temp\Sqlite3.dll => Moved successfully.
C:\Users\tzeweng.choo\AppData\Local\Temp\System.Data.SQLite.dll => Moved successfully.
C:\Users\tzeweng.choo\AppData\Local\Temp\System.Data.SQLite23274.dll => Moved successfully.
C:\Users\tzeweng.choo\AppData\Local\Temp\System.Data.SQLite40154.dll => Moved successfully.
C:\Users\tzeweng.choo\AppData\Local\Temp\System.Data.SQLite72120.dll => Moved successfully.
"C:\Users\tzeweng.choo\AppData\Local\Temp\u1wGAIYoZb.exe" => File/Directory not found.
C:\Users\tzeweng.choo\AppData\Local\Temp\vcredist_x86.exe => Moved successfully.
C:\Users\tzeweng.choo\AppData\Local\Temp\x264enc6.exe => Moved successfully.
C:\Windows\system32\Drivers\etc\hosts => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C9F67322-F9CB-4F80-A734-AA69A1599A25}" => Key not found.
C:\Windows\System32\Tasks\LaunchSignup not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\LaunchSignup" => Key not found.

The system needed a reboot.

==== End of Fixlog ====

■Virustotal link

https://www.virustotal.com/en/file/7161986f32b5c3c2fa0313868a63c4dee6990b6984c544e85836d4e2cfa15508/analysis/1414988928/

■AdwCleaner log

 

# AdwCleaner v3.311 - Report created 03/11/2014 at 11:51:22
# Updated 30/09/2014 by Xplode
# Operating System : Windows 7 Enterprise  (32 bits)
# Username : TzeWeng.Choo - MY35LP000020012
# Running from : C:\Work Templete\Software\adwcleaner_3.311.exe
# Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

***** [ Scheduled Tasks ] *****

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Upt

***** [ Browsers ] *****

-\\ Internet Explorer v9.0.8112.16555

-\\ Mozilla Firefox v10.0 (en-US)

-\\ Google Chrome v37.0.2062.124

[ File : C:\Users\tzeweng.choo\AppData\Local\Google\Chrome\User Data\Default\preferences ]

[ File : C:\Users\tzeweng.choo\AppData\Local\Google\Chrome\User Data\Default\preferences ]

[ File : C:\Users\tzeweng.choo\AppData\Local\Google\Chrome\User Data\Default\preferences ]

[ File : C:\Users\tzeweng.choo\AppData\Local\Google\Chrome\User Data\Default\preferences ]

[ File : C:\Users\tzeweng.choo\AppData\Local\Google\Chrome\User Data\Default\preferences ]

[ File : C:\Users\tzeweng.choo\AppData\Local\Google\Chrome\User Data\Default\preferences ]

[ File : C:\Users\tzeweng.choo\AppData\Local\Google\Chrome\User Data\Default\preferences ]

[ File : C:\Users\tzeweng.choo\AppData\Local\Google\Chrome\User Data\Default\preferences ]

[ File : C:\Users\tzeweng.choo\AppData\Local\Google\Chrome\User Data\Default\preferences ]

[ File : C:\Users\tzeweng.choo\AppData\Local\Google\Chrome\User Data\Default\preferences ]

[ File : C:\Users\tzeweng.choo\AppData\Local\Google\Chrome\User Data\Default\preferences ]

[ File : C:\Users\tzeweng.choo\AppData\Local\Google\Chrome\User Data\Default\preferences ]

[ File : C:\Users\tzeweng.choo\AppData\Local\Google\Chrome\User Data\Default\preferences ]

[ File : C:\Users\tzeweng.choo\AppData\Local\Google\Chrome\User Data\Default\preferences ]

[ File : C:\Users\tzeweng.choo\AppData\Local\Google\Chrome\User Data\Default\preferences ]

[ File : C:\Users\tzeweng.choo\AppData\Local\Google\Chrome\User Data\Default\preferences ]

[ File : C:\Users\tzeweng.choo\AppData\Local\Google\Chrome\User Data\Default\preferences ]

[ File : C:\Users\tzeweng.choo\AppData\Local\Google\Chrome\User Data\Default\preferences ]

[ File : C:\Users\tzeweng.choo\AppData\Local\Google\Chrome\User Data\Default\preferences ]

[ File : C:\Users\tzeweng.choo\AppData\Local\Google\Chrome\User Data\Default\preferences ]

[ File : C:\Users\tzeweng.choo\AppData\Local\Google\Chrome\User Data\Default\preferences ]

[ File : C:\Users\tzeweng.choo\AppData\Local\Google\Chrome\User Data\Default\preferences ]

[ File : C:\Users\tzeweng.choo\AppData\Local\Google\Chrome\User Data\Default\preferences ]

[ File : C:\Users\tzeweng.choo\AppData\Local\Google\Chrome\User Data\Default\preferences ]

[ File : C:\Users\tzeweng.choo\AppData\Local\Google\Chrome\User Data\Default\preferences ]

[ File : C:\Users\tzeweng.choo\AppData\Local\Google\Chrome\User Data\Default\preferences ]

[ File : C:\Users\tzeweng.choo\AppData\Local\Google\Chrome\User Data\Default\preferences ]

[ File : C:\Users\tzeweng.choo\AppData\Local\Google\Chrome\User Data\Default\preferences ]

[ File : C:\Users\tzeweng.choo\AppData\Local\Google\Chrome\User Data\Default\preferences ]

[ File : C:\Users\tzeweng.choo\AppData\Local\Google\Chrome\User Data\Default\preferences ]

[ File : C:\Users\tzeweng.choo\AppData\Local\Google\Chrome\User Data\Default\preferences ]

[ File : C:\Users\tzeweng.choo\AppData\Local\Google\Chrome\User Data\Default\preferences ]

[ File : C:\Users\tzeweng.choo\AppData\Local\Google\Chrome\User Data\Default\preferences ]

[ File : C:\Users\tzeweng.choo\AppData\Local\Google\Chrome\User Data\Default\preferences ]

*************************

AdwCleaner[R0].txt - [28503 octets] - [30/10/2014 10:13:12]
AdwCleaner[R1].txt - [4170 octets] - [03/11/2014 11:41:57]
AdwCleaner[S0].txt - [6959 octets] - [30/10/2014 10:18:02]
AdwCleaner[S1].txt - [4093 octets] - [03/11/2014 11:51:22]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [4153 octets] ##########

■Junkware log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.3.5 (10.31.2014:1)
OS: Windows 7 Enterprise x86
Ran by TzeWeng.Choo on Mon 11/03/2014 at 11:44:49.89
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

~~~ Services

 

~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-21-2149067118-2159268847-2510909587-44552\Software\Microsoft\Internet Explorer\Main\\Start Page

 

~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\iLividSetup-r1236-n-bi_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\iLividSetup-r1236-n-bi_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\iLividSetup-r362-n-bi_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\iLividSetup-r362-n-bi_RASMANCS

 

~~~ Files

 

~~~ Folders

Successfully deleted: [Folder] "C:\Users\tzeweng.choo\Local Settings\Application Data\genienext"
Successfully deleted: [Folder] "C:\Users\tzeweng.choo\Local Settings\Application Data\mobogenie"
Successfully deleted: [Empty Folder] C:\Users\tzeweng.choo\appdata\local\{FC6B535F-8B52-483C-B65B-B50591C3F4C9}

 

~~~ FireFox

Successfully deleted: [File] C:\Users\tzeweng.choo\AppData\Roaming\mozilla\firefox\profiles\qelpe4nn.default\searchplugins\myplaycity.xml
Successfully deleted the following from C:\Users\tzeweng.choo\AppData\Roaming\mozilla\firefox\profiles\qelpe4nn.default\prefs.js

user_pref("extensions.Cpu9TY67dZgoV0rW.scode", "(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1||url.indexOf(\"warnalert11

 

~~~ Event Viewer Logs were cleared

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Mon 11/03/2014 at 11:49:53.12
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

■How is your computer running?

 

i still unable to uncheck the proxy setting..

 

The ;*origin.com;*ea.com;*akamaihd.net setting still remain....

 

 

 



#11 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 35,580 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:11:05 PM

Posted 02 November 2014 - 11:43 PM

Thank you, I am ending for the night but will review the log information first thing in the morning. In the meantime please run this.

===================================================

Farbar's MiniToolBox

--------------------
  • Please download MiniToolBox, save it to your desktop
  • Please close any Firefox browsers you may have open
  • Double click the icon to launch the program
  • Make sure only the following options are checked:

Flush DNS
Report IE Proxy Settings
Reset IE Proxy Settings
Report FF Proxy Settings
Reset FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries
List last 10 Event Viewer log

  • Click Go and once the scan is completed a Result.txt Notepad document will open on your desktop
  • Please copy and paste the contents in your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Result.txt

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#12 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 35,580 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:11:05 PM

Posted 03 November 2014 - 11:22 AM

I have reviewed your post but need to see what MiniToolBox tells us before taking our next step.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#13 cbweng

cbweng
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:03:05 PM

Posted 03 November 2014 - 10:08 PM

I having difficulty download (my own firewall blocking). Need to download else where and install it.



#14 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 35,580 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:11:05 PM

Posted 03 November 2014 - 10:12 PM

OK thanks for the update.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#15 cbweng

cbweng
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:03:05 PM

Posted 03 November 2014 - 10:32 PM

MiniToolBox by Farbar  Version: 21-07-2014
Ran by TzeWeng.Choo (administrator) on 04-11-2014 at 11:30:47
Running from "C:\Work Templete\Software"
Microsoft Windows 7 Enterprise   (X86)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is enabled.
ProxyServer: http=127.0.0.1:19593

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================

"network.proxy.type", 0

"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================

103.23.112.196 au1.cloud-vpn.net

 

========================= IP Configuration: ================================

Intel® 82577LM Gigabit Network Connection = Local Area Connection (Connected)
Cisco Systems VPN Adapter = Local Area Connection 2 (Hardware not present)
Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows = Local Area Connection 5 (Hardware not present)
Intel® Centrino® Ultimate-N 6300 AGN = Wireless Network Connection (Media disconnected)
Bluetooth Device (Personal Area Network) = Bluetooth Network Connection (Media disconnected)
Microsoft Virtual WiFi Miniport Adapter = Wireless Network Connection 2 (Media disconnected)

# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global defaultcurhoplimit=64 icmpredirects=enabled taskoffload=enabled
add route prefix=0.0.0.0/0 interface="Local Area Connection" nexthop=10.13.86.254 publish=Yes
set interface interface="Local Area Connection" forwarding=disabled advertise=disabled mtu=1300 metric=0 siteprefixlength=0 nud=disabled routerdiscovery=disabled managedaddress=disabled otherstateful=disabled weakhostsend=disabled weakhostreceive=disabled ignoredefaultroutes=disabled advertisedrouterlifetime=0 advertisedefaultroute=disabled currenthoplimit=0 forcearpndwolpattern=disabled enabledirectedmacwolpattern=disabled
set interface interface="Bluetooth Network Connection" forwarding=disabled advertise=disabled mtu=1300 metric=0 siteprefixlength=0 nud=disabled routerdiscovery=disabled managedaddress=disabled otherstateful=disabled weakhostsend=disabled weakhostreceive=disabled ignoredefaultroutes=disabled advertisedrouterlifetime=0 advertisedefaultroute=disabled currenthoplimit=0 forcearpndwolpattern=disabled enabledirectedmacwolpattern=disabled
set interface interface="Wireless Network Connection" forwarding=disabled advertise=disabled mtu=1300 metric=0 siteprefixlength=0 nud=disabled routerdiscovery=disabled managedaddress=disabled otherstateful=disabled weakhostsend=disabled weakhostreceive=disabled ignoredefaultroutes=disabled advertisedrouterlifetime=0 advertisedefaultroute=disabled currenthoplimit=0 forcearpndwolpattern=disabled enabledirectedmacwolpattern=disabled
set interface interface="Local Area Connection 2" forwarding=disabled advertise=disabled mtu=1300 metric=0 siteprefixlength=0 nud=disabled routerdiscovery=disabled managedaddress=disabled otherstateful=disabled weakhostsend=disabled weakhostreceive=disabled ignoredefaultroutes=disabled advertisedrouterlifetime=0 advertisedefaultroute=disabled currenthoplimit=0 forcearpndwolpattern=disabled enabledirectedmacwolpattern=disabled
set interface interface="Local Area Connection 5" forwarding=enabled advertise=enabled metric=1 nud=enabled
add address name="Local Area Connection 5" address=10.209.255.19
add address name="Local Area Connection" address=10.13.86.250
add neighbor interface="Local Area Connection" address=10.13.86.240 neighbor="00-c0-b7-9b-c0-f3"

popd
# End of IPv4 configuration

 

Windows IP Configuration

   Host Name . . . . . . . . . . . . : MY35LP000020012
   Primary Dns Suffix  . . . . . . . : wkap.int
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
   DNS Suffix Search List. . . . . . : wkap.int

Wireless LAN adapter Wireless Network Connection 2:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft Virtual WiFi Miniport Adapter
   Physical Address. . . . . . . . . : 00-24-D7-A1-D2-59
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes

Ethernet adapter Bluetooth Network Connection:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Bluetooth Device (Personal Area Network)
   Physical Address. . . . . . . . . : 90-00-4E-ED-2C-E9
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter Wireless Network Connection:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Intel® Centrino® Ultimate-N 6300 AGN
   Physical Address. . . . . . . . . : 00-24-D7-A1-D2-58
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes

Ethernet adapter Local Area Connection:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Intel® 82577LM Gigabit Network Connection
   Physical Address. . . . . . . . . : 5C-26-0A-4F-4C-A4
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   IPv4 Address. . . . . . . . . . . : 10.13.86.250(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . : 10.13.86.254
   DNS Servers . . . . . . . . . . . : 10.13.88.129
   NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter 6TO4 Adapter:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft 6to4 Adapter #2
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{7231355A-3FCC-4431-BA52-2EAA1FB517C8}:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{50A1E458-0CCC-466E-A3CB-A7A43C15DC97}:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Teredo Tunneling Pseudo-Interface:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{C41F5AE6-ACC5-4014-9666-2A5269665E93}:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter #3
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{8D5E0916-9788-4658-A0D0-E9E0079D11B1}:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter #6
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 20:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft 6to4 Adapter #3
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
Server:  apsrvmy35009.wkap.int
Address:  10.13.88.129

Name:    google.com
Addresses:  2404:6800:4006:804::100e
   74.125.237.128
   74.125.237.129
   74.125.237.130
   74.125.237.131
   74.125.237.132
   74.125.237.133
   74.125.237.134
   74.125.237.135
   74.125.237.136
   74.125.237.137
   74.125.237.142

Pinging google.com [74.125.237.129] with 32 bytes of data:
Reply from 74.125.237.129: bytes=32 time=193ms TTL=47
Reply from 74.125.237.129: bytes=32 time=191ms TTL=47

Ping statistics for 74.125.237.129:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 191ms, Maximum = 193ms, Average = 192ms
Server:  apsrvmy35009.wkap.int
Address:  10.13.88.129

Name:    yahoo.com
Addresses:  98.138.253.109
   98.139.183.24
   206.190.36.45

Pinging yahoo.com [98.139.183.24] with 32 bytes of data:
Reply from 98.139.183.24: bytes=32 time=278ms TTL=42
Reply from 98.139.183.24: bytes=32 time=285ms TTL=40

Ping statistics for 98.139.183.24:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 278ms, Maximum = 285ms, Average = 281ms

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=64
Reply from 127.0.0.1: bytes=32 time<1ms TTL=64

Ping statistics for 127.0.0.1:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
 23...00 24 d7 a1 d2 59 ......Microsoft Virtual WiFi Miniport Adapter
 14...90 00 4e ed 2c e9 ......Bluetooth Device (Personal Area Network)
 12...00 24 d7 a1 d2 58 ......Intel® Centrino® Ultimate-N 6300 AGN
 11...5c 26 0a 4f 4c a4 ......Intel® 82577LM Gigabit Network Connection
  1...........................Software Loopback Interface 1
 29...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter #2
 34...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2
 37...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
 21...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
 38...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #3
 35...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #6
 36...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter #3
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0     10.13.86.254     10.13.86.250    276
       10.13.86.0    255.255.255.0         On-link      10.13.86.250    276
     10.13.86.250  255.255.255.255         On-link      10.13.86.250    276
     10.13.86.255  255.255.255.255         On-link      10.13.86.250    276
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link      10.13.86.250    276
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link      10.13.86.250    276
===========================================================================
Persistent Routes:
  Network Address          Netmask  Gateway Address  Metric
          0.0.0.0          0.0.0.0     10.13.86.254  Default
===========================================================================

IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
  1    306 ::1/128                  On-link
  1    306 ff00::/8                 On-link
===========================================================================
Persistent Routes:
  None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\system32\NLAapi.dll [51712] (Microsoft Corporation)
Catalog5 02 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog5 03 C:\Windows\system32\winrnr.dll [20992] (Microsoft Corporation)
Catalog5 04 C:\Windows\system32\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 05 C:\Windows\system32\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 06 C:\Windows\system32\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 07 C:\Windows\system32\wshbth.dll [35840] (Microsoft Corporation)
Catalog9 01 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 02 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 03 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 04 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 05 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 06 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 07 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 08 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 09 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 10 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 11 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 12 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 13 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 14 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 15 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 16 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 17 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 18 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 19 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 20 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 21 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 22 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 23 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 24 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 25 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 26 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 27 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 28 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 29 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 30 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 31 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 32 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 33 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 34 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 35 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 36 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 37 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 38 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 39 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 40 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 41 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 42 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 43 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 44 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 45 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 46 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 47 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 48 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 49 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 50 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 51 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 52 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 53 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 54 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 55 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 56 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 57 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 58 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 59 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 60 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 61 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 62 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 63 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 64 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 65 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 66 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 67 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 68 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 69 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 70 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 71 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 72 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 73 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 74 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 75 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (11/04/2014 11:20:09 AM) (Source: Symantec AntiVirus) (User: )
Description: Security Risk Found!WS.Reputation.1 in File: C:\Users\tzeweng.choo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EC3Q16UR\MiniToolBox.exe by: Auto-Protect scan.  Action: Quarantine succeeded : Access denied.  Action Description: The file was quarantined successfully.

Error: (11/04/2014 10:30:17 AM) (Source: Symantec AntiVirus) (User: )
Description: Security Risk Found!WS.Reputation.1 in File: C:\Users\tzeweng.choo\Desktop\FRST.exe by: Auto-Protect scan.  Action: Quarantine succeeded : Access denied.  Action Description: The file was quarantined successfully.

Error: (11/04/2014 10:25:29 AM) (Source: Group Policy Scheduled Tasks) (User: NT AUTHORITY)
Description: The client-side extension caught the unhandled exception 'filter expand' inside: 'Access violation (0xc0000005) occurred at 0x0d0d2e65; the memory at 0x0d0d2e65 could not be 柠儇ਐĠ.'%filter expand00790275

Error: (11/04/2014 10:22:13 AM) (Source: PerfNet) (User: )
Description:

Error: (11/03/2014 03:15:23 PM) (Source: EventSystem) (User: )
Description: 80070005EventSystem.EventSubscription{694C15BE-0119-44EA-AC3A-D7790D17E7FD}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}CCMUnlock

Error: (11/03/2014 03:02:33 PM) (Source: Symantec AntiVirus) (User: )
Description: Security Risk Found!WS.Reputation.1 in File: C:\Work Templete\Software\MiniToolBox.exe by: Auto-Protect scan.  Action: Delete succeeded : Access denied.  Action Description: The file was deleted successfully.

Error: (11/03/2014 02:33:29 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0"1".
Dependent Assembly rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (11/03/2014 02:24:33 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "1".Error in manifest or policy file "2" on line 3.
The manifest file root element must be assembly.

Error: (11/03/2014 01:53:18 PM) (Source: Group Policy Scheduled Tasks) (User: NT AUTHORITY)
Description: The client-side extension caught the unhandled exception 'filter expand' inside: 'Access violation (0xc0000005) occurred at 0x00000000; the memory at 0x00000000 could not be 柠ᖴ�ĥ.'%filter expand00790275

Error: (11/03/2014 01:29:36 PM) (Source: Symantec AntiVirus) (User: )
Description: Security Risk Found!WS.Reputation.1 in File: C:\Work Templete\Software\MiniToolBox.exe by: Auto-Protect scan.  Action: Delete succeeded : Access denied.  Action Description: The file was deleted successfully.

System errors:
=============
Error: (11/04/2014 10:27:36 AM) (Source: DCOM) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{05D1D5D8-18D1-4B83-85ED-A0F99D53C885}{AD65A69D-3831-40D7-9629-9B0B50A93843}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)

Error: (11/04/2014 10:27:01 AM) (Source: Service Control Manager) (User: )
Description: The EncondingMotionSymbolic service failed to start due to the following error:
%%5

Error: (11/04/2014 10:24:03 AM) (Source: Service Control Manager) (User: )

Error: (11/04/2014 10:20:59 AM) (Source: Service Control Manager) (User: )
Description: The DiGi Internet. OUC service failed to start due to the following error:
%%1053

Error: (11/04/2014 10:20:59 AM) (Source: Service Control Manager) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the DiGi Internet. OUC service to connect.

Error: (11/04/2014 10:20:55 AM) (Source: Service Control Manager) (User: )
Description: The Celcom Broadband Manager. OUC service failed to start due to the following error:
%%1053

Error: (11/04/2014 10:20:55 AM) (Source: Service Control Manager) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Celcom Broadband Manager. OUC service to connect.

Error: (11/04/2014 10:20:35 AM) (Source: EventLog) (User: )
Description: The previous system shutdown at 10:19:09 AM on ‎11/‎4/‎2014 was unexpected.

Error: (11/04/2014 09:24:02 AM) (Source: Service Control Manager) (User: )

Error: (11/04/2014 09:21:32 AM) (Source: Service Control Manager) (User: )
Description: The DiGi Internet. OUC service failed to start due to the following error:
%%1053

Microsoft Office Sessions:
=========================
Error: (04/10/2013 07:35:31 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 10, Application Name: Microsoft Office Visio, Application Version: 12.0.6325.5000, Microsoft Office Version: 12.0.4518.1014. This session lasted 31321 seconds with 1320 seconds of active time.  This session ended with a crash.

Error: (05/21/2012 05:42:32 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 10, Application Name: Microsoft Office Visio, Application Version: 12.0.6325.5000, Microsoft Office Version: 12.0.4518.1014. This session lasted 14431 seconds with 360 seconds of active time.  This session ended with a crash.

**** End of log ****






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users