Infected by Malware, desktop files missing

[zen824]

I have tried on previous thread that others have posted but was not able to recover the files on my desktop..

Urgently need help...Have run OTL with the following Results :

OTL logfile created on: 19/2/2013 10:43:50 AM - Run 1

OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Julian_Lim\Documents

Windows Vista Enterprise Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation

Internet Explorer (Version = 7.0.6002.18005)

Locale: 00004809 | Country: Singapore | Language: ENE | Date Format: d/M/yyyy

1.85 Gb Total Physical Memory | 0.63 Gb Available Physical Memory | 33.86% Memory free

3.95 Gb Paging File | 2.65 Gb Available in Paging File | 67.08% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 230.88 Gb Total Space | 190.86 Gb Free Space | 82.67% Space Free | Partition Type: NTFS

Drive D: | 2.00 Gb Total Space | 1.95 Gb Free Space | 97.47% Space Free | Partition Type: NTFS

Computer Name: L11109429 | User Name: localadmin | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/02/18 14:11:01 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Julian_Lim\Documents\OTL.exe

PRC - [2012/08/15 22:46:51 | 000,138,096 | ---- | M] (Facebook Inc.) -- C:\Users\Julian_Lim\AppData\Local\Facebook\Update\FacebookUpdate.exe

PRC - [2012/07/30 16:13:04 | 005,164,632 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office Communicator\communicator.exe

PRC - [2012/07/28 04:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe

PRC - [2012/06/22 16:45:58 | 000,803,560 | ---- | M] (IBM Corporation) -- C:\Program Files\Encentuate\VistaCPMonitor.exe

PRC - [2012/06/22 16:45:46 | 004,850,920 | ---- | M] (IBM Corporation) -- C:\Program Files\Encentuate\DataProvider.exe

PRC - [2012/06/22 16:45:46 | 002,282,216 | ---- | M] (IBM Corporation) -- C:\Program Files\Encentuate\AATray.exe

PRC - [2012/06/22 16:45:46 | 002,143,464 | ---- | M] (IBM Corporation) -- C:\Program Files\Encentuate\Sync.exe

PRC - [2012/06/22 16:45:46 | 001,004,264 | ---- | M] (IBM Corporation) -- C:\Program Files\Encentuate\SOCIAccess.exe

PRC - [2012/06/22 16:45:46 | 000,159,976 | ---- | M] (IBM Corporation) -- C:\Program Files\Encentuate\ObsService.exe

PRC - [2012/03/19 14:08:14 | 000,108,456 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

PRC - [2012/03/19 14:08:12 | 000,115,624 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccApp.exe

PRC - [2012/03/19 14:08:06 | 001,906,200 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe

PRC - [2012/03/19 14:08:06 | 001,471,904 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe

PRC - [2012/03/19 14:08:06 | 000,357,808 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE

PRC - [2012/03/19 14:08:04 | 001,851,224 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe

PRC - [2010/01/21 04:10:00 | 000,495,708 | ---- | M] (IDT, Inc.) -- C:\Program Files\IDT\WDM\sttray.exe

PRC - [2010/01/21 04:10:00 | 000,229,458 | ---- | M] (IDT, Inc.) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_cf0a9cf3\stacsv.exe

PRC - [2010/01/14 13:51:08 | 000,263,488 | ---- | M] (McAfee Inc.) -- C:\Program Files\McAfee\DLP\Agent\fcagswd.exe

PRC - [2010/01/14 13:51:04 | 004,228,416 | ---- | M] (McAfee Inc.) -- C:\Program Files\McAfee\DLP\Agent\fcags.exe

PRC - [2010/01/14 13:50:30 | 008,422,720 | ---- | M] (McAfee Inc.) -- C:\Program Files\McAfee\DLP\Agent\fcag.exe

PRC - [2009/11/11 14:00:54 | 000,076,856 | ---- | M] ( Hewlett-Packard Development Company, L.P.) -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe

PRC - [2009/09/18 04:00:00 | 000,764,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\CCM\CcmExec.exe

PRC - [2009/09/02 18:03:36 | 000,070,728 | ---- | M] (McAfee, Inc.) -- C:\Windows\System32\mfevtps.exe

PRC - [2009/04/10 23:27:38 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe

PRC - [2009/03/03 02:43:08 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_cf0a9cf3\AEstSrv.exe

PRC - [2009/01/13 11:28:46 | 001,528,608 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe

PRC - [2009/01/08 21:44:06 | 000,070,936 | ---- | M] (Octoshape ApS) -- C:\Users\Julian_Lim\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe

PRC - [2008/09/01 16:38:08 | 000,098,304 | ---- | M] (iPass, Inc.) -- C:\Program Files\iPass\iPassConnect\iPassPeriodicUpdateService.exe

PRC - [2008/09/01 16:38:06 | 000,155,648 | ---- | M] (iPass, Inc.) -- C:\Program Files\iPass\iPassConnect\iPassPeriodicUpdateApp.exe

PRC - [2008/08/08 15:53:44 | 000,058,760 | ---- | M] (IBM Corp) -- C:\Program Files\IBM\Lotus\Notes\ntmulti.exe

PRC - [2008/01/21 10:24:58 | 000,192,000 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\p2phost.exe

========== Modules (No Company Name) ==========

========== Services (SafeList) ==========

SRV - [2013/02/14 12:27:26 | 000,251,400 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)

SRV - [2012/12/14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)

SRV - [2012/12/14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)

SRV - [2012/07/28 04:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)

SRV - [2012/06/22 16:45:46 | 001,004,264 | ---- | M] (IBM Corporation) [Auto | Running] -- C:\Program Files\Encentuate\SOCIAccess.exe -- (SOCIAccess)

SRV - [2012/06/22 16:45:46 | 000,159,976 | ---- | M] (IBM Corporation) [Auto | Running] -- C:\Program Files\Encentuate\ObsService.exe -- (ObsService)

SRV - [2012/03/19 14:08:14 | 000,108,456 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccSetMgr)

SRV - [2012/03/19 14:08:14 | 000,108,456 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr)

SRV - [2012/03/19 14:08:06 | 001,906,200 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe -- (SmcService)

SRV - [2012/03/19 14:08:06 | 000,357,808 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE -- (SNAC)

SRV - [2012/03/19 14:08:04 | 001,851,224 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe -- (Symantec AntiVirus)

SRV - [2011/05/26 18:14:20 | 003,093,944 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_3.EXE -- (LiveUpdate)

SRV - [2010/01/21 04:10:00 | 000,229,458 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_cf0a9cf3\stacsv.exe -- (STacSV)

SRV - [2010/01/14 13:51:04 | 004,228,416 | ---- | M] (McAfee Inc.) [Auto | Running] -- C:\Program Files\McAfee\DLP\Agent\fcags.exe -- (McAfeeDLPAgentService)

SRV - [2009/09/18 04:00:00 | 000,764,768 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\CCM\CcmExec.exe -- (CcmExec)

SRV - [2009/09/18 04:00:00 | 000,246,624 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\CCM\TSManager.exe -- (smstsmgr)

SRV - [2009/09/02 18:03:36 | 000,070,728 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Windows\System32\mfevtps.exe -- (mfevtp)

SRV - [2009/03/03 02:43:08 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_cf0a9cf3\AEstSrv.exe -- (AESTFilters)

SRV - [2009/01/13 11:28:46 | 001,528,608 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND)

SRV - [2008/09/26 12:51:38 | 001,712,128 | ---- | M] (iPass, Inc.) [On_Demand | Stopped] -- C:\Program Files\iPass\iPassConnect\iPassConnectEngine.exe -- (iPassConnectEngine)

SRV - [2008/09/01 16:38:08 | 000,098,304 | ---- | M] (iPass, Inc.) [Auto | Running] -- C:\Program Files\iPass\iPassConnect\iPassPeriodicUpdateService.exe -- (iPassPeriodicUpdateService)

SRV - [2008/09/01 16:38:06 | 000,155,648 | ---- | M] (iPass, Inc.) [On_Demand | Running] -- C:\Program Files\iPass\iPassConnect\iPassPeriodicUpdateApp.exe -- (iPassPeriodicUpdateApp)

SRV - [2008/08/08 15:53:44 | 000,058,760 | ---- | M] (IBM Corp) [Auto | Running] -- C:\Program Files\IBM\Lotus\Notes\ntmulti.exe -- (Multi-user Cleanup Service)

SRV - [2008/01/21 10:23:07 | 000,272,952 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)

DRV - File not found [Kernel | On_Demand | Unknown] -- -- (mfesmfk01)

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)

DRV - [2013/02/18 18:32:31 | 000,040,776 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)

DRV - [2013/01/17 17:00:00 | 001,603,824 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Symantec\Definitions\VirusDefs\20130218.002\NAVEX15.SYS -- (NAVEX15)

DRV - [2013/01/17 17:00:00 | 000,093,296 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Symantec\Definitions\VirusDefs\20130218.002\NAVENG.SYS -- (NAVENG)

DRV - [2012/12/14 16:49:28 | 000,021,104 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)

DRV - [2012/09/27 23:52:20 | 000,174,056 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\wpshelper.sys -- (WpsHelper)

DRV - [2012/08/15 16:00:00 | 000,376,480 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)

DRV - [2012/08/15 16:00:00 | 000,106,656 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)

DRV - [2012/07/19 12:50:59 | 000,126,584 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)

DRV - [2012/03/19 14:08:18 | 000,043,936 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\WPSDRVnt.sys -- (WPS)

DRV - [2012/03/19 14:08:16 | 000,043,768 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\srtspx.sys -- (SRTSPX)

DRV - [2012/03/19 14:08:14 | 000,321,016 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\srtspl.sys -- (SRTSPL)

DRV - [2012/03/19 14:08:14 | 000,287,352 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\Windows\System32\drivers\srtsp.sys -- (SRTSP)

DRV - [2012/03/19 14:08:10 | 000,099,744 | ---- | M] (Symantec Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\SysPlant.sys -- (SysPlant)

DRV - [2012/03/19 14:08:10 | 000,038,352 | ---- | M] (Symantec Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\WGX.SYS -- (WGX)

DRV - [2012/03/19 14:06:20 | 000,043,936 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\Teefer3.sys -- (Teefer3)

DRV - [2010/08/31 05:05:16 | 000,269,824 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\IntcDAud.sys -- (IntcDAud)

DRV - [2010/07/12 21:49:18 | 000,060,104 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ftdibus.sys -- (FTDIBUS)

DRV - [2010/07/12 21:48:56 | 000,073,032 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ftser2k.sys -- (FTSER2K)

DRV - [2010/05/18 13:06:12 | 000,421,424 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv)

DRV - [2010/05/18 13:06:12 | 000,188,080 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\symtdi.sys -- (SYMTDI)

DRV - [2010/05/18 13:06:12 | 000,026,416 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\symredrv.sys -- (SYMREDRV)

DRV - [2010/02/26 15:31:22 | 000,132,480 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Impcd.sys -- (Impcd)

DRV - [2010/01/21 04:10:00 | 000,423,424 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)

DRV - [2010/01/14 13:50:26 | 000,030,792 | ---- | M] (McAfee Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\fcdrv5.sys -- (fcdrv5)

DRV - [2010/01/14 13:50:24 | 000,024,648 | ---- | M] (McAfee Inc.) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\fcdrv4.sys -- (fcdrv4)

DRV - [2010/01/14 13:50:22 | 000,097,864 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\fcdrv3.sys -- (fcdrv3)

DRV - [2010/01/14 13:50:20 | 000,114,760 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\fcdrv2.sys -- (fcdrv2)

DRV - [2010/01/14 13:50:20 | 000,066,120 | ---- | M] (McAfee Inc.) [File_System | System | Running] -- C:\Windows\System32\drivers\fcdrv1.sys -- (fcdrv1)

DRV - [2009/12/10 09:40:52 | 000,197,800 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1k6032.sys -- (e1kexpress)

DRV - [2009/10/05 13:03:20 | 006,000,640 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw5v32.sys -- (NETw5v32)

DRV - [2009/09/18 04:00:00 | 000,020,848 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\CCM\PrepDrv.sys -- (prepdrvr)

DRV - [2009/09/17 12:54:14 | 000,041,088 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HECI.sys -- (HECI)

DRV - [2009/09/02 18:02:46 | 000,048,488 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfesmfk.sys -- (mfesmfk)

DRV - [2009/09/02 18:01:36 | 000,343,760 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\mfehidk.sys -- (mfehidk)

DRV - [2009/07/20 15:05:16 | 000,049,152 | ---- | M] (RICOH Company, Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rismc32.sys -- (rismc32)

DRV - [2009/07/10 18:21:45 | 000,023,888 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\COH_Mon.sys -- (COH_Mon)

DRV - [2009/07/08 13:48:38 | 000,025,656 | ---- | M] (Hewlett-Packard) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\hpdskflt.sys -- (hpdskflt)

DRV - [2009/07/08 13:48:22 | 000,033,848 | ---- | M] (Hewlett-Packard) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Accelerometer.sys -- (Accelerometer)

DRV - [2009/06/25 16:58:10 | 000,048,128 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)

DRV - [2009/06/25 16:25:58 | 000,038,400 | ---- | M] (REDC) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)

DRV - [2009/06/25 16:10:48 | 000,044,544 | ---- | M] (REDC) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)

DRV - [2009/04/29 07:46:54 | 000,015,872 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)

DRV - [2009/04/10 21:42:54 | 000,031,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\winusb.sys -- (WinUSB)

DRV - [2009/01/13 11:27:38 | 000,306,811 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\CVPNDRVA.sys -- (CVPNDRVA)

DRV - [2008/08/28 17:17:38 | 000,131,856 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dne2000.sys -- (DNE)

DRV - [2008/01/21 10:23:00 | 000,045,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tpm.sys -- (TPM)

DRV - [2007/01/18 19:28:02 | 000,005,275 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CVirtA.sys -- (CVirtA)

DRV - [2006/11/02 15:30:53 | 000,052,224 | ---- | M] (Microsoft Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\dc21x4vm.sys -- (dc21x4vm)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}

========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)

FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.11.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.11.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\3.0.40818.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{0E33DD4F-A358-4b33-922F-A34A5DA07024}: C:\Program Files\Encentuate\Firefox_ext [2012/10/18 13:06:46 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2CF6AC3D-EDE7-4f33-92A4-50E0B1EB4E0E}: C:\Program Files\Encentuate\Firefox_xpcom [2012/10/18 13:06:46 | 000,000,000 | ---D | M]

========== Chrome ==========

CHR - homepage: http://mysportsnet.ssc.gov.sg/

CHR - default_search_provider: Google (Enabled)

CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}

CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter},

CHR - homepage: http://mysportsnet.ssc.gov.sg/

CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer

CHR - plugin: Native Client (Enabled) = C:\Users\Julian_Lim\AppData\Local\Google\Chrome\Application\24.0.1312.57\ppGoogleNaClPluginChrome.dll

CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Julian_Lim\AppData\Local\Google\Chrome\Application\24.0.1312.57\pdf.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Julian_Lim\AppData\Local\Google\Chrome\Application\24.0.1312.57\gcswf32.dll

CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Julian_Lim\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll

CHR - plugin: Chrome IE Tab (Enabled) = C:\Users\Julian_Lim\AppData\Local\Google\Chrome\User Data\Default\Extensions\hehijbfgiekmjfkfjpbkbammjbdenadd\3.5.14.1_0\plugin/blackfishietab.dll

CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll

CHR - plugin: Google Talk Plugin (Enabled) = C:\Users\Julian_Lim\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll

CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Users\Julian_Lim\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll

CHR - plugin: Octoshape Streaming Services (Enabled) = C:\Users\Julian_Lim\AppData\Roaming\Mozilla\plugins\npoctoshape.dll

CHR - plugin: Octoshape Streaming Services (Enabled) = C:\Users\Julian_Lim\AppData\Roaming\Octoshape\Octoshape Streaming Services\sua-1101262-0-npoctoshape.dll

CHR - plugin: Java Platform SE 6 U31 (Enabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll

CHR - plugin: Google Update (Enabled) = C:\Users\Julian_Lim\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll

CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll

CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\3.0.40818.0\npctrl.dll

CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

CHR - Extension: Google Drive = \Users\Julian_Lim\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\

CHR - Extension: YouTube = \Users\Julian_Lim\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\

CHR - Extension: Facebook = \Users\Julian_Lim\AppData\Local\Google\Chrome\User Data\Default\Extensions\boeajhmfdjldchidhphikilcgdacljfm\1.0.3_0\

CHR - Extension: Facepad for Facebook\u2122 = \Users\Julian_Lim\AppData\Local\Google\Chrome\User Data\Default\Extensions\cgaknhmchnjaphondjciheacngggiclo\4.0_0\

CHR - Extension: Google Search = \Users\Julian_Lim\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\

CHR - Extension: Google Tasks (by Google) = \Users\Julian_Lim\AppData\Local\Google\Chrome\User Data\Default\Extensions\dmglolhoplikcoamfgjgammjbgchgjdd\1.0_0\

CHR - Extension: Google Calendar = \Users\Julian_Lim\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn\4.5.3_0\

CHR - Extension: PanicButton = \Users\Julian_Lim\AppData\Local\Google\Chrome\User Data\Default\Extensions\faminaibgiklngmfpfbhmokfmnglamcm\0.14.2.2_0\

CHR - Extension: IE Tab = \Users\Julian_Lim\AppData\Local\Google\Chrome\User Data\Default\Extensions\hehijbfgiekmjfkfjpbkbammjbdenadd\3.10.10.1_0\

CHR - Extension: Apple Shooter = \Users\Julian_Lim\AppData\Local\Google\Chrome\User Data\Default\Extensions\ingecjekeggadjbbklelffkgeppklgnm\4.0.0_0\

CHR - Extension: PDF to Word Converter App = \Users\Julian_Lim\AppData\Local\Google\Chrome\User Data\Default\Extensions\jclipofobaadknkadkpgggmjkebddjam\2.1_0\

CHR - Extension: TransferBigFiles.com Gmail Extension = \Users\Julian_Lim\AppData\Local\Google\Chrome\User Data\Default\Extensions\lajnjaghjodocddaglgghffgacnoepgf\1.0.14_0\

CHR - Extension: Evernote Web = \Users\Julian_Lim\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbfehkoinhhcknnbdgnnmjhiladcgbol\1.0.7_0\

CHR - Extension: Google Maps = \Users\Julian_Lim\AppData\Local\Google\Chrome\User Data\Default\Extensions\lneaknkopdijkpnocmklfnjbeapigfbh\5.2.7_0\

CHR - Extension: Google Mail Checker = \Users\Julian_Lim\AppData\Local\Google\Chrome\User Data\Default\Extensions\mihcahmgecmbnbcchbopgniflfhgnkff\4.4.0_0\

CHR - Extension: Gtalklet = \Users\Julian_Lim\AppData\Local\Google\Chrome\User Data\Default\Extensions\mijcfiakajpjojbebgmoahoddbeafckk\0.6.2.5_0\

CHR - Extension: Gmail = \Users\Julian_Lim\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

O1 HOSTS File: ([2006/09/19 05:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O1 - Hosts: ::1 localhost

O2 - BHO: (CEnBrowserListener Object) - {089D765F-DF2D-42EA-8013-E9F6BCE95216} - C:\Program Files\Encentuate\WebSSOAgent.dll (IBM Corporation)

O2 - BHO: (McAfee DLP Internet Explorer Plugin) - {4B988589-D11C-4762-806E-0E4A6EC5F76B} - C:\Program Files\McAfee\DLP\Agent\fcplie.dll (McAfee Inc.)

O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)

O2 - BHO: (ViewerHelper Class) - {78104A01-8E71-4F30-9A36-3793799615B4} - C:\Program Files\Microsoft\Rights Management Add-on\RMAFilt.dll (Microsoft Corporation)

O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)

O4 - HKLM..\Run: [Communicator] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Office Communicator 2007 R2.lnk ()

O4 - HKLM..\Run: [sysTrayApp] C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.)

O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)

O4 - HKCU..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Download present

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\New Windows present

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\PhishingFilter present

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\SQM present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoPublishingWizard = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWebServices = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoOnlinePrintsWizard = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoInternetOpenWith = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoAutorun = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoMSAppLogo5ChannelNotify = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: consentpromptbehavioradmin = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: filteradministratortoken = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideFastUserSwitching = 1

O9 - Extra 'Tools' menuitem : @C:\Program Files\Microsoft\Rights Management Add-on\RMARes.dll,-40971 - {685ec120-f786-4498-a8f0-794d47916161} - C:\Program Files\Microsoft\Rights Management Add-on\RMAFilt.dll (Microsoft Corporation)

O9 - Extra Button: @C:\Program Files\Microsoft\Rights Management Add-on\RMARes.dll,-205 - {aede78a6-42b6-4c3c-96eb-5ae6dbec4859} - C:\Program Files\Microsoft\Rights Management Add-on\RMAFilt.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : @C:\Program Files\Microsoft\Rights Management Add-on\RMARes.dll,-40970 - {aede78a6-42b6-4c3c-96eb-5ae6dbec4859} - C:\Program Files\Microsoft\Rights Management Add-on\RMAFilt.dll (Microsoft Corporation)

O13 - gopher Prefix: missing

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.208.1.96 10.208.1.95

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = soe.sgnet.gov.sg

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4D633520-3F74-438B-AA6E-68A205BA4A67}: DhcpNameServer = 10.208.1.96 10.208.1.95

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9C8ACC43-3894-4207-97D8-78847A3E2825}: DhcpNameServer = 165.21.83.88 165.21.100.88

O18 - Protocol\Handler\rmh {23C585BB-48FF-4865-8934-185F0A7EB84C} - C:\Program Files\Microsoft\Rights Management Add-on\RMAFilt.dll (Microsoft Corporation)

O18 - Protocol\Handler\saphtmlp {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - c:\Program Files\SAP\FrontEnd\SAPgui\SAPHTMLP.DLL (SAP, Walldorf)

O18 - Protocol\Handler\sapr3 {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - c:\Program Files\SAP\FrontEnd\SAPgui\SAPHTMLP.DLL (SAP, Walldorf)

O18 - Protocol\Filter\application/msword {DFF82902-0B96-3B98-6F62-D655E146A23A} - C:\Program Files\Microsoft\Rights Management Add-on\RMAFilt.dll (Microsoft Corporation)

O18 - Protocol\Filter\application/octet-stream {F969FE8E-1937-45AD-AF42-8A4D11CBDC2A} - C:\Program Files\Microsoft\Rights Management Add-on\RMAFilt.dll (Microsoft Corporation)

O18 - Protocol\Filter\application/vnd.ms-excel {DFF82902-0B96-3B98-6F62-D655E146A23A} - C:\Program Files\Microsoft\Rights Management Add-on\RMAFilt.dll (Microsoft Corporation)

O18 - Protocol\Filter\application/vnd.ms-powerpoint {DFF82902-0B96-3B98-6F62-D655E146A23A} - C:\Program Files\Microsoft\Rights Management Add-on\RMAFilt.dll (Microsoft Corporation)

O18 - Protocol\Filter\application/vnd-viewer {CD4527E8-4FC7-48DB-9806-10537B501237} - C:\Program Files\Microsoft\Rights Management Add-on\rmadoc.exe (Microsoft Corporation)

O18 - Protocol\Filter\application/x-microsoft-rpmsg-message {DFF82902-0B96-3B98-6F62-D655E146A23A} - C:\Program Files\Microsoft\Rights Management Add-on\RMAFilt.dll (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\Program Files\Encentuate\EncUserInit.exe C:\Windows\system32\userinit.exe) - C:\Program Files\Encentuate\EncUserInit.exe (IBM Corporation)

O20 - Winlogon\Notify\ScCertProp: DllName - (wlnotify.dll) - File not found

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2006/09/19 05:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O34 - HKLM BootExecute: (autocheck autochk *)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2013/02/19 10:39:09 | 000,000,000 | -H-D | C] -- C:\Windows\AxInstSV

[2013/02/18 18:29:02 | 000,040,776 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys

[2013/02/18 18:28:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware

[2013/02/18 18:28:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

[2013/02/18 18:28:48 | 000,021,104 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys

[2013/02/18 18:28:47 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware

[2013/02/18 18:28:11 | 010,156,344 | ---- | C] (Malwarebytes Corporation ) -- C:\mbam-setup-1.70.0.1100.exe

[2013/02/18 17:17:42 | 000,000,000 | -HSD | C] -- C:\Users\localadmin\Templates

[2013/02/18 17:17:42 | 000,000,000 | -HSD | C] -- C:\Users\localadmin\Start Menu

[2013/02/18 17:17:42 | 000,000,000 | -HSD | C] -- C:\Users\localadmin\SendTo

[2013/02/18 17:17:42 | 000,000,000 | -HSD | C] -- C:\Users\localadmin\Recent

[2013/02/18 17:17:42 | 000,000,000 | -HSD | C] -- C:\Users\localadmin\PrintHood

[2013/02/18 17:17:42 | 000,000,000 | -HSD | C] -- C:\Users\localadmin\NetHood

[2013/02/18 17:17:42 | 000,000,000 | -HSD | C] -- C:\Users\localadmin\My Documents

[2013/02/18 17:17:42 | 000,000,000 | -HSD | C] -- C:\Users\localadmin\Local Settings

[2013/02/18 17:17:42 | 000,000,000 | -HSD | C] -- C:\Users\localadmin\Cookies

[2013/02/18 17:17:42 | 000,000,000 | -HSD | C] -- C:\Users\localadmin\Application Data

[2013/02/18 17:17:39 | 000,000,000 | R--D | C] -- C:\Users\localadmin\Videos

[2013/02/18 17:17:39 | 000,000,000 | R--D | C] -- C:\Users\localadmin\Pictures

[2013/02/18 17:17:39 | 000,000,000 | R--D | C] -- C:\Users\localadmin\Music

[2013/02/18 17:17:39 | 000,000,000 | R--D | C] -- C:\Users\localadmin\Links

[2013/02/18 17:17:39 | 000,000,000 | R--D | C] -- C:\Users\localadmin\Favorites

[2013/02/18 17:17:39 | 000,000,000 | R--D | C] -- C:\Users\localadmin\Downloads

[2013/02/18 17:17:39 | 000,000,000 | R--D | C] -- C:\Users\localadmin\Documents

[2013/02/18 17:17:39 | 000,000,000 | R--D | C] -- C:\Users\localadmin\Desktop

[2013/02/18 17:17:39 | 000,000,000 | ---D | C] -- C:\Users\localadmin\Saved Games

[2013/02/18 17:17:39 | 000,000,000 | ---D | C] -- C:\Users\localadmin\AppData

[2013/02/15 12:34:56 | 000,261,024 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaws.exe

[2013/02/15 12:34:02 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaw.exe

[2013/02/15 12:34:02 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\java.exe

[2013/02/15 12:34:02 | 000,094,112 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll

[2013/02/14 12:27:24 | 000,697,864 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe

[2013/02/14 12:27:24 | 000,074,248 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl

[2013/02/14 12:10:55 | 000,293,376 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll

[2013/02/14 12:10:55 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll

[2013/02/14 12:09:38 | 000,193,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll

[2013/02/14 12:09:37 | 000,671,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll

[2013/02/14 12:09:37 | 000,498,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll

[2013/02/14 12:09:37 | 000,180,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll

[2013/02/14 12:09:37 | 000,027,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll

[2013/02/14 12:09:36 | 001,383,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb

[2013/02/14 12:09:36 | 000,106,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll

[2013/02/14 12:09:35 | 000,380,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll

[2013/02/14 12:09:34 | 000,389,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec

[2013/02/14 12:08:47 | 000,376,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dpnet.dll

[2013/02/14 12:08:47 | 000,023,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dpnsvr.exe

[2013/02/04 10:40:52 | 000,946,176 | ---- | C] (IBM Corporation and others) -- C:\Windows\System32\icuuc34.dll

[2013/02/04 10:40:51 | 000,843,776 | ---- | C] (IBM Corporation and others) -- C:\Windows\System32\icuin34.dll

[2013/02/04 10:40:50 | 008,847,360 | ---- | C] (IBM Corporation and others) -- C:\Windows\System32\icudt34.dll

[2013/02/04 10:33:35 | 000,089,600 | ---- | C] (SAP AG) -- C:\Windows\System32\libsapu16vc90.dll

[2013/02/04 10:33:34 | 005,075,456 | ---- | C] (SAP AG) -- C:\Windows\System32\librfc32u.dll

[2013/02/04 10:31:20 | 000,721,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vb40032.dll

[2013/02/04 10:31:20 | 000,068,640 | ---- | C] (MicroHelp, Inc.) -- C:\Windows\System32\Gauge32.OCX

[2013/02/04 10:31:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SAP Front End

[2013/02/04 10:30:16 | 000,114,688 | ---- | C] (heilerSoftware) -- C:\Windows\System32\h5dlg32.dll

[2013/02/04 10:30:06 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\SAP Shared

[2013/02/04 10:28:54 | 000,000,000 | ---D | C] -- C:\SAP

[2013/02/04 10:28:54 | 000,000,000 | ---D | C] -- \SAP

[2013/02/04 10:28:31 | 000,133,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfcans32.dll

[2013/02/04 10:28:30 | 004,220,928 | ---- | C] (SAP AG) -- C:\Windows\System32\librfc32.dll

[2013/02/04 10:28:29 | 001,708,648 | ---- | C] (SAP, Walldorf) -- C:\Windows\System32\SAPbtmp.dll

========== Files - Modified Within 30 Days ==========

[2013/02/19 10:52:00 | 000,000,948 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1216582894-834684500-1334827815-125591UA.job

[2013/02/19 10:43:37 | 000,000,474 | ---- | M] () -- C:\Windows\SMSCFG.INI

[2013/02/19 10:39:55 | 000,099,912 | RHS- | M] () -- C:\ProgramData\ntuser.pol

[2013/02/19 10:39:07 | 000,003,808 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0

[2013/02/19 10:39:07 | 000,003,808 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0

[2013/02/19 10:38:52 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2013/02/19 10:38:25 | 1989,550,080 | -HS- | M] () -- C:\hiberfil.sys

[2013/02/19 10:25:05 | 000,017,176 | ---- | M] () -- C:\Windows\System32\results.xml

[2013/02/19 10:24:33 | 000,640,504 | ---- | M] () -- C:\Windows\System32\perfh009.dat

[2013/02/19 10:24:33 | 000,122,322 | ---- | M] () -- C:\Windows\System32\perfc009.dat

[2013/02/19 09:39:01 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job

[2013/02/19 09:14:02 | 000,000,928 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1216582894-834684500-1334827815-125591UA.job

[2013/02/19 05:14:01 | 000,000,876 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1216582894-834684500-1334827815-125591Core.job

[2013/02/18 22:52:01 | 000,000,926 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1216582894-834684500-1334827815-125591Core.job

[2013/02/18 18:32:31 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys

[2013/02/18 17:39:09 | 010,156,344 | ---- | M] (Malwarebytes Corporation ) -- C:\mbam-setup-1.70.0.1100.exe

[2013/02/15 12:33:27 | 000,094,112 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll

[2013/02/15 12:33:20 | 000,261,024 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaws.exe

[2013/02/15 12:33:20 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaw.exe

[2013/02/15 12:33:19 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\java.exe

[2013/02/15 12:33:18 | 000,859,552 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\npdeployJava1.dll

[2013/02/15 12:33:18 | 000,780,192 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\deployJava1.dll

[2013/02/15 12:26:11 | 000,442,808 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT

[2013/02/14 12:27:24 | 000,697,864 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe

[2013/02/14 12:27:24 | 000,074,248 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl

[2013/02/13 09:46:23 | 277,111,083 | ---- | M] () -- C:\Windows\MEMORY.DMP

========== Files Created - No Company Name ==========

[2013/02/19 10:25:05 | 000,017,176 | ---- | C] () -- C:\Windows\System32\results.xml

[2013/02/18 18:28:11 | 010,156,344 | ---- | C] () -- \mbam-setup-1.70.0.1100.exe

[2013/02/18 17:17:39 | 000,000,258 | ---- | C] () -- C:\Users\localadmin\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk

[2013/02/18 17:17:39 | 000,000,240 | ---- | C] () -- C:\Users\localadmin\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk

[2013/02/14 12:27:26 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job

[2013/02/04 10:30:18 | 000,051,200 | ---- | C] () -- C:\Windows\System32\h5tool32.dll

[2013/02/04 10:30:17 | 000,175,616 | ---- | C] () -- C:\Windows\System32\h5menu32.dll

[2013/02/04 10:30:17 | 000,095,744 | ---- | C] () -- C:\Windows\System32\h5rtf32.dll

[2013/02/04 10:30:16 | 001,064,960 | ---- | C] () -- C:\Windows\System32\h5krnl32.dll

[2013/02/04 10:30:16 | 000,188,928 | ---- | C] () -- C:\Windows\System32\h5icon32.dll

[2012/09/06 14:06:47 | 000,004,764 | ---- | C] () -- C:\Windows\System32\CcmFramework.ini

[2011/09/13 14:48:45 | 000,062,976 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe

[2011/09/13 14:46:56 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll

[2011/09/13 14:39:55 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin

[2010/10/21 16:17:18 | 000,099,912 | RHS- | C] () -- C:\ProgramData\ntuser.pol

[2010/10/21 15:26:54 | 1989,550,080 | -HS- | C] () -- \hiberfil.sys

[2009/07/10 17:55:47 | 000,008,192 | R-S- | C] () -- \BOOTSECT.BAK

[2006/11/02 18:23:09 | 000,000,024 | ---- | C] () -- \autoexec.bat

[2006/11/02 14:25:08 | 000,000,010 | ---- | C] () -- \config.sys

========== ZeroAccess Check ==========

[2006/11/02 20:54:32 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 01:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]

"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/04/10 23:28:20 | 000,614,912 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/04/10 23:28:26 | 000,347,648 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Both

========== LOP Check ==========

========== Purity Check ==========

< End of report >

[zen824]

From Extra.txt

OTL Extras logfile created on: 19/2/2013 10:43:50 AM - Run 1

OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Julian_Lim\Documents

Windows Vista Enterprise Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation

Internet Explorer (Version = 7.0.6002.18005)

Locale: 00004809 | Country: Singapore | Language: ENE | Date Format: d/M/yyyy

1.85 Gb Total Physical Memory | 0.63 Gb Available Physical Memory | 33.86% Memory free

3.95 Gb Paging File | 2.65 Gb Available in Paging File | 67.08% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 230.88 Gb Total Space | 190.86 Gb Free Space | 82.67% Space Free | Partition Type:

NTFS

Drive D: | 2.00 Gb Total Space | 1.95 Gb Free Space | 97.47% Space Free | Partition Type: NTFS

Computer Name: L11109429 | User Name: localadmin | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File

Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)

.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%

\system32\shell32.dll,OpenAs_RunDLL %1

Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --

playlist-enqueue "%1" ()

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-

playlist-enqueue "%1" ()

Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft

Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

"VistaSp1" = Reg Error: Unknown registry data type -- File not found

"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

"PolicyVersion" = 513

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\PrivateProfile]

"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\PublicProfile]

"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy

\DomainProfile]

"EnableFirewall" = 0

"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy

\StandardProfile]

"EnableFirewall" = 0

"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy

\PublicProfile]

"EnableFirewall" = 0

"DisableNotifications" = 0

========== Authorized Applications List ==========

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy

\FirewallRules]

"{1CB3442B-5EBA-4EAD-A37E-515BCED72B54}" = rport=3702 | protocol=17 | dir=out | svc=bits |

app=%systemroot%\system32\svchost.exe |

"{276B88EF-32AF-464A-9E9C-598EC866D94D}" = lport=6004 | protocol=17 | dir=in | app=c:\program

files\microsoft office\office12\outlook.exe |

"{3164CB84-D8EC-40F4-A160-72FCCD97C961}" = lport=137 | protocol=17 | dir=in | app=system |

"{4EA17E62-A247-4FC7-ADD7-CA0B362098C3}" = lport=3702 | protocol=17 | dir=in | svc=bits | app=

%systemroot%\system32\svchost.exe |

"{56B00F54-191B-415C-A3D6-515185DA1BD2}" = lport=445 | protocol=6 | dir=in | app=system |

"{6178B59B-957F-45B4-8D40-4FBDEF762BBC}" = rport=139 | protocol=6 | dir=out | app=system |

"{6F295795-4F4E-407A-8C08-DFF93DAC1738}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss |

app=%systemroot%\system32\svchost.exe |

"{92758D7B-7060-4D8B-897C-45DAF9126C91}" = lport=2178 | protocol=6 | dir=in | app=system |

"{B3719137-8070-4A49-BD22-F421680BF97A}" = lport=138 | protocol=17 | dir=in | app=system |

"{B5E0FBD8-6B3E-47A9-B696-11FA460B85BF}" = lport=139 | protocol=6 | dir=in | app=system |

"{B69095C1-1B03-489C-BDA0-9716FCA4BAE3}" = rport=445 | protocol=6 | dir=out | app=system |

"{C8B8B506-997C-4595-8762-B72B8133C1C9}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss |

name=@firewallapi.dll,-28539 |

"{D07D6C5A-626C-4132-AA2C-72648D2638C4}" = rport=2178 | protocol=6 | dir=out | app=system |

"{D452BB6B-FDE4-4FBF-B2F7-95B42FC887ED}" = lport=rpc | protocol=6 | dir=in | svc=bits | app=

%systemroot%\system32\svchost.exe |

"{D4D9F6FF-7F78-4719-BE16-2596E5622D84}" = lport=rpc | protocol=6 | dir=in | svc=spooler |

app=%systemroot%\system32\spoolsv.exe |

"{F06C0A99-A725-4C72-A879-CF846EA3484F}" = rport=137 | protocol=17 | dir=out | app=system |

"{F0C83A95-F1AE-44EC-A95C-444C9DF9A9AE}" = rport=138 | protocol=17 | dir=out | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy

\FirewallRules]

"{0BCE40B7-55C5-4925-9619-A1F299AF7B1E}" = protocol=6 | dir=in | app=c:\program files\common

files\symantec shared\ccapp.exe |

"{205DD849-DD95-476B-A45D-A78D4B718B34}" = protocol=6 | dir=in | app=c:\program files\microsoft

office communicator\communicator.exe |

"{2B378E66-936D-484B-A86C-815A5C4DCF1E}" = protocol=6 | dir=in | app=c:\program files\common

files\symantec shared\ccapp.exe |

"{4E357FCC-5C3F-430C-A3E3-A62F7508F200}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545

|

"{5214318C-7B45-4DB4-8C9B-3156B16F6619}" = protocol=17 | dir=in | app=c:\program files

\microsoft office communicator\communicator.exe |

"{7467EC6E-4B02-40B8-9C83-D78CED83CB7C}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546

|

"{80AA31E9-0B2E-415B-9E31-183709340B09}" = protocol=6 | dir=in | app=c:\program files\symantec

\symantec endpoint protection\smc.exe |

"{8354FD11-C961-4E30-BA6D-6066E0463FE5}" = protocol=17 | dir=in | app=c:\program files

\microsoft office communicator\communicator.exe |

"{8695CA23-632A-4935-818E-5720189955DC}" = protocol=17 | dir=in | app=c:\program files

\symantec\symantec endpoint protection\snac.exe |

"{8960E1A5-3C81-4314-B7A0-99D96B2CC521}" = protocol=17 | dir=in | app=c:\program files

\symantec\symantec endpoint protection\snac.exe |

"{90C079BD-FDE1-4508-891A-B2A9FE0CF64F}" = protocol=6 | dir=in | app=c:\program files\symantec

\symantec endpoint protection\snac.exe |

"{A0B7359A-06AA-43C3-97C6-91B5216CE8E1}" = protocol=6 | dir=in | app=c:\program files\symantec

\symantec endpoint protection\snac.exe |

"{A1DA5BBE-061C-4702-9124-A7F1A09DFBC2}" = protocol=6 | dir=in | app=c:\program files\symantec

\symantec endpoint protection\smc.exe |

"{B2165FFA-819D-49C8-82DF-761B6B2B2436}" = protocol=17 | dir=in | app=c:\program files

\symantec\symantec endpoint protection\smc.exe |

"{BB6C5A31-F4FF-409B-B9B5-47DB4B41B7D6}" = protocol=17 | dir=in | app=c:\program files\common

files\symantec shared\ccapp.exe |

"{C23213BC-1E78-4A2B-86D9-9F107A56438D}" = protocol=17 | dir=in | app=c:\program files

\symantec\symantec endpoint protection\smc.exe |

"{D2AF204B-2C01-438D-B873-362334903810}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544

|

"{DDB700B8-41BA-4C15-9A78-7853B6B8F24C}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |

"{F0AACEE5-0FCE-445E-BC50-48EB80A8F231}" = protocol=6 | dir=in | app=c:\program files\microsoft

office communicator\communicator.exe |

"{FB169F4D-69AD-4120-98A4-8648442E96BF}" = protocol=17 | dir=in | app=c:\program files\common

files\symantec shared\ccapp.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{08C1BA7F-527E-4D4F-859D-071245EDE309}" = EDS MSOffice Set Primary Language UK 1.0(1)

"{0D1CBBB9-F4A8-45B6-95E7-202BA61D7AF4}" = Microsoft Office Communicator 2007 R2(1)

"{1411F4A8-CC2C-4E69-A638-578E232D6DEE}" = SSC Outlook Signature 1.0(2)

"{17D26CDD-B87C-412B-92F0-2D5DD4313522}" = Facebook Messenger 2.1.4651.0

"{23170F69-40C1-2701-0465-000001000000}" = 7-Zip 4.65

"{2609EDF1-34C4-4B03-B634-55F3B3BC4931}" = Configuration Manager Client

"{26A24AE4-039D-4CA4-87B4-2F83217011FF}" = Java 7 Update 11

"{2D781F8E-DF4B-4D99-913E-1EE9CA35601C}" = Video Lan VLC Media Player 1.0.5(1)

"{304F6A42-3302-4795-B221-B5F30E47CC19}" = IBM TAM E-SSOAccessAgent UIController 8.0.1.11(1)

"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons

"{3505E1E2-8127-4681-A3EC-F9B5CAAA07C9}" = Rights Management Add-on for Internet Explorer

"{3566A6AF-5E16-450E-82FA-725A6361716A}" = eWebEditPro+XML 5 with WebImageFX Client

"{39A65E04-9D1C-4834-9E42-C92A4C3411D1}" = Symantec EndPoint Disable CAB Scanning 1.0(1)

"{3DB9856C-40AF-451B-B71E-05CA651F377A}" = Oracle Jinitiator 1.3.1.9(1)

"{44D66AD9-AE19-4AFD-BE7E-A1B44C856697}" = MSXML4.0 redistributable

"{4599b9be-ea19-4944-952b-cee73900f38e}.sdb" = Java

"{4B62131E-3159-4CDF-9F1B-230046FAF0B1}" = Microsoft RSClientPrint2008 ActiveX 10.50.2500(1)

"{5783F2D7-9028-0409-0000-0060B0CE6BBA}" = DWG TrueView 2011

"{5E8B9CBE-1247-440F-9622-AEF50A42838E}" = Acro CutePDF Writer 2.8(1)

"{6225A276-829E-407D-97A1-DF99AF001F84}" = GPLGS Converter 1.0(1)

"{67C090D6-109A-47D7-8DED-4160C4D96F32}" = HP 3D DriveGuard

"{6D8D3E5B-F7B8-4DCB-84B7-5B0DAC453580}" = Ektron DMS400 Client

"{6E4D4E0B-02F6-46C1-BAE5-1B6B2E486A7B}" = Microsoft Office LiveMeeting 2007 R2(1)

"{721ABC3B-5F12-4332-9C0C-C11424EF666C}" = WIMGAPI

"{7299052B-02A4-4627-81F2-1818DA5D550D}" = Microsoft Visual C++ 2005 Redistributable

"{73E5146F-C2CF-4A2C-A4E1-1A64B9706400}" = iPassConnect

"{829AC692-C6F1-4FC2-849B-F7DD74C1E3E2}" = McAfee DLP Agent

"{8461C192-EA40-4F9F-AA0A-47C17399AEF9}" = Symantec Endpoint Protection

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{8A5F5F0A-BE2D-4763-B764-BF6EFE93A68B}" = Adobe Flash Player 11 ActiveX

"{8E770F99-CF23-4BF9-BF4E-E3A2924FEB27}" = Microsoft redistributable runtime DLLs VS2005 SP1

(x86)

"{90120000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2007

"{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" =

Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007

"{90120000-0015-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" =

Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007

"{90120000-0016-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" =

Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007

"{90120000-0018-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" =

Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007

"{90120000-0019-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" =

Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007

"{90120000-001A-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" =

Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007

"{90120000-001B-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" =

Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007

"{90120000-001F-0409-0000-0000000FF1CE}_PROPLUS_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" =

Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007

"{90120000-001F-040C-0000-0000000FF1CE}_PROPLUS_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" =

Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007

"{90120000-001F-0C0A-0000-0000000FF1CE}_PROPLUS_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" =

Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007

"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007

"{90120000-0044-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" =

Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007

"{90120000-006E-0409-0000-0000000FF1CE}_PROPLUS_{98333358-268C-4164-B6D4-C96DF5153727}" =

Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-00B2-0409-0000-0000000FF1CE}" = Microsoft Save as PDF or XPS Add-in for 2007

Microsoft Office programs

"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English)

2007

"{90120000-0115-0409-0000-0000000FF1CE}_PROPLUS_{98333358-268C-4164-B6D4-C96DF5153727}" =

Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English)

2007

"{90120000-0117-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" =

Microsoft Office 2007 Service Pack 3 (SP3)

"{98F75186-F255-4884-A4CA-0C859E85AF85}" = FTDI USB Device Driver 2.08.02(1)

"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86

9.0.30729.17

"{9B92B20A-6A19-428F-8BD0-52DF859B1C61}" = Adobe Shockwave Player 11.6

"{9FEAC0B9-289F-4BB8-A5FA-7A5D20D794C7}" = Microsoft Office Livemeeting 2007 Outlook Plugin R2

(1)

"{A32DAA91-0EF5-435A-ABFC-47B47482A720}" = Innervations Ballistic MeasurementSys 2011.0.1(1)

"{A47A9101-6EB5-4314-BDA1-297880FBB908}" = Microsoft redistributable runtime DLLs VS2008 SP1

(x86)

"{A8CF0D2D-4B00-4967-93EB-CDC767A2E255}" = IBM TAM E-SSO AccessAgent User 8.1.0.0130_0144(2)

"{AB6FFA58-F491-11D3-8951-000000015799}" = iPassConnect

"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.4)

"{AC76BA86-7AD7-2447-0000-A00000000003}" = Chinese Simplified Fonts Support For Adobe Reader X

"{AC76BA86-7AD7-2448-0000-A00000000003}" = Chinese Traditional Fonts Support For Adobe Reader X

"{AC76BA86-7AD7-5670-0000-A00000000003}" = Korean Fonts Support For Adobe Reader X

"{AC76BA86-7AD7-5760-0000-A00000000003}" = Japanese Fonts Support For Adobe Reader X

"{B65D9480-CA42-468D-9B70-AB927A769219}" = AUOClient

"{BDEAA6D1-16BD-4950-B834-DD629BAD42C9}" = HP REMAS Cisco VPN Profiles 4.0(2)

"{C2B2F358-0FA0-4D89-B0C1-9BFB23C87B29}" = WebTrends Report Exporter

"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1 SP 1(2)

"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1

"{CEC7A786-A9C8-4EF7-BB59-6518E3B3C878}" = Microsoft redistributable runtime DLLs VS2005 SP1

(x86)

"{D952C4F9-2488-3723-84BE-1BFA907DCAC9}" = Google Talk Plugin

"{D9D2DF7C-BC47-45B3-A21B-F8BEF33AC492}" = SSC JRE DisableNextGenJavaPlugin 1.6.0.37(1)

"{DE9145F3-2528-4449-8F27-D33661D9F3F3}" = Lotus Notes 8.0.2 (Basic)

"{E4DD98E9-48ED-4FDF-AE14-5A20A4D18414}" = SEP Remediation Script 2.0(2)

"{e661a234-b6cc-42f1-88d5-1d01725b81e3}.sdb" = javaw

"{EDB3CE7B-D1FB-43E6-BE5C-F30644F8A42F}" = SSC VPN Profile 1.0(1)

"{EEDE649C-7181-40AD-91AB-0D1AB22607C7}" = TAM E-SSO AccessAgent

"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Graphics Media Accelerator Driver

"{F1D7AC58-554A-4A58-B784-B61558B1449A}" = QLBCASL

"{F3C1DE9E-5E16-4BA9-B854-7B53A45E3579}" = Cisco VPN Client 5.0.05.0290(1)

"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel® Control Center

"DWG TrueView 2011" = DWG TrueView 2011

"LiveUpdate" = LiveUpdate 3.3 (Symantec Corporation)

"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.70.0.1100

"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1

"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1

"PROPLUS" = Microsoft Office Professional Plus 2007

"SAPGUI710" = SAP GUI for Windows 7.20

========== Last 20 Event Log Errors ==========

[ Application Events ]

Error - 8/6/2012 5:00:44 AM | Computer Name = L11109429.zen824 | Source = Communicator | ID =

15728643

Description = Communicator was unable to resolve the DNS hostname of the login server

external.zen824. Resolution: If you are using manual configuration for

Communicator, please check that the server name is typed correctly and in full.

If you are using automatic configuration, the network administrator will need to

double-check the DNS A record configuration for external.zen824 because

it could not be resolved.

Error - 8/6/2012 5:02:14 AM | Computer Name = L11109429.zen824 | Source = Communicator | ID =

15728643

Description = Communicator was unable to resolve the DNS hostname of the login server

sgkdhmcpool1.zen824. Resolution: If you are using manual configuration

for Communicator, please check that the server name is typed correctly and in full.

If you are using automatic configuration, the network administrator will need

to double-check the DNS A record configuration for sgkdhmcpool1.zen824

because it could not be resolved.

Error - 8/6/2012 5:02:14 AM | Computer Name = L11109429.zen824 | Source = Communicator | ID =

15728643

Description = Communicator was unable to resolve the DNS hostname of the login server

external.zen824. Resolution: If you are using manual configuration for

Communicator, please check that the server name is typed correctly and in full.

If you are using automatic configuration, the network administrator will need to

double-check the DNS A record configuration for external.zen824 because

it could not be resolved.

Error - 8/6/2012 5:02:44 AM | Computer Name = L11109429.zen824 | Source = Communicator | ID =

15728643

Description = Communicator was unable to resolve the DNS hostname of the login server

sgkdhmcpool1.zen824. Resolution: If you are using manual configuration

for Communicator, please check that the server name is typed correctly and in full.

If you are using automatic configuration, the network administrator will need

to double-check the DNS A record configuration for sgkdhmcpool1.zen824

because it could not be resolved.

Error - 8/6/2012 5:02:44 AM | Computer Name = L11109429.zen824 | Source = Communicator | ID =

15728643

Description = Communicator was unable to resolve the DNS hostname of the login server

external.zen824. Resolution: If you are using manual configuration for

Communicator, please check that the server name is typed correctly and in full.

If you are using automatic configuration, the network administrator will need to

double-check the DNS A record configuration for external.zen824 because

it could not be resolved.

Error - 8/6/2012 5:03:14 AM | Computer Name = L11109429.zen824 | Source = Communicator | ID =

15728643

Description = Communicator was unable to resolve the DNS hostname of the login server

sgkdhmcpool1.zen824. Resolution: If you are using manual configuration

for Communicator, please check that the server name is typed correctly and in full.

If you are using automatic configuration, the network administrator will need

to double-check the DNS A record configuration for sgkdhmcpool1.zen824

because it could not be resolved.

Error - 8/6/2012 5:03:14 AM | Computer Name = L11109429.zen824 | Source = Communicator | ID =

15728643

Description = Communicator was unable to resolve the DNS hostname of the login server

external.zen824. Resolution: If you are using manual configuration for

Communicator, please check that the server name is typed correctly and in full.

If you are using automatic configuration, the network administrator will need to

double-check the DNS A record configuration for external.zen824 because

it could not be resolved.

Error - 8/6/2012 5:03:44 AM | Computer Name = L11109429.zen824 | Source = Communicator | ID =

15728643

Description = Communicator was unable to resolve the DNS hostname of the login server

sgkdhmcpool1.zen824. Resolution: If you are using manual configuration

for Communicator, please check that the server name is typed correctly and in full.

If you are using automatic configuration, the network administrator will need

to double-check the DNS A record configuration for sgkdhmcpool1.zen824

because it could not be resolved.

Error - 8/6/2012 5:03:44 AM | Computer Name = L11109429.zen824 | Source = Communicator | ID =

15728643

Description = Communicator was unable to resolve the DNS hostname of the login server

external.zen824. Resolution: If you are using manual configuration for

Communicator, please check that the server name is typed correctly and in full.

If you are using automatic configuration, the network administrator will need to

double-check the DNS A record configuration for external.zen824 because

it could not be resolved.

Error - 8/6/2012 5:04:14 AM | Computer Name = L11109429.zen824 | Source = Communicator | ID =

15728643

Description = Communicator was unable to resolve the DNS hostname of the login server

sgkdhmcpool1.zen824. Resolution: If you are using manual configuration

for Communicator, please check that the server name is typed correctly and in full.

If you are using automatic configuration, the network administrator will need

to double-check the DNS A record configuration for sgkdhmcpool1.zen824

because it could not be resolved.

Error - 8/6/2012 5:04:14 AM | Computer Name = L11109429.zen824 | Source = Communicator | ID =

15728643

Description = Communicator was unable to resolve the DNS hostname of the login server

external.zen824. Resolution: If you are using manual configuration for

Communicator, please check that the server name is typed correctly and in full.

If you are using automatic configuration, the network administrator will need to

double-check the DNS A record configuration for external.zen824 because

it could not be resolved.

Error - 8/6/2012 5:04:44 AM | Computer Name = L11109429.zen824 | Source = Communicator | ID =

15728643

Description = Communicator was unable to resolve the DNS hostname of the login server

sgkdhmcpool1.zen824. Resolution: If you are using manual configuration

for Communicator, please check that the server name is typed correctly and in full.

If you are using automatic configuration, the network administrator will need

to double-check the DNS A record configuration for sgkdhmcpool1.zen824

because it could not be resolved.

[ OSession Events ]

Error - 13/12/2010 6:39:47 AM | Computer Name = L11109429.zen824 | Source = Microsoft Office 12

Sessions | ID = 7001

Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:

12.0.6504.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 29828

seconds with 4020 seconds of active time. This session ended with a crash.

Error - 17/2/2011 4:18:11 AM | Computer Name = L11109429.zen824 | Source = Microsoft Office 12

Sessions | ID = 7001

Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:

12.0.6504.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 15215

seconds with 1380 seconds of active time. This session ended with a crash.

Error - 27/2/2011 10:12:45 PM | Computer Name = L11109429.zen824 | Source = Microsoft Office 12

Sessions | ID = 7001

Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:

12.0.6504.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 78

seconds with 60 seconds of active time. This session ended with a crash.

Error - 11/8/2011 12:42:05 AM | Computer Name = L11109429.zen824 | Source = Microsoft Office 12

Sessions | ID = 7001

Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:

12.0.6504.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 89150

seconds with 2160 seconds of active time. This session ended with a crash.

Error - 8/11/2011 3:53:45 AM | Computer Name = L11109429.zen824 | Source = Microsoft Office 12

Sessions | ID = 7001

Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:

12.0.6504.5001, Microsoft Office Version: 12.0.6425.1000. This session lasted 16119

seconds with 1080 seconds of active time. This session ended with a crash.

Error - 23/3/2012 2:56:30 AM | Computer Name = L11109429.zen824 | Source = Microsoft Office 12

Sessions | ID = 7001

Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:

12.0.6565.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 18382

seconds with 300 seconds of active time. This session ended with a crash.

Error - 23/4/2012 10:43:53 PM | Computer Name = L11109429.zen824 | Source = Microsoft Office 12

Sessions | ID = 7001

Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:

12.0.6539.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 503025

seconds with 2520 seconds of active time. This session ended with a crash.

Error - 29/8/2012 4:40:13 AM | Computer Name = L11109429.zen824 | Source = Microsoft Office 12

Sessions | ID = 7001

Description = ID: 0, Application Name: Microsoft Office Word, Application Version:

12.0.6661.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 284

seconds with 120 seconds of active time. This session ended with a crash.

[ System Events ]

Error - 3/2/2012 8:00:04 AM | Computer Name = L11109429.zen824 | Source = NETLOGON | ID = 5719

Description = This computer was not able to set up a secure session with a domain

controller

in domain SOE due to the following: %%1311 This may lead to authentication problems.

Make sure that this computer is connected to the network. If the problem persists,

please

contact your domain administrator. ADDITIONAL INFO If this computer is a domain

controller

for the specified domain, it sets up the secure session to the primary domain controller

emulator in the specified domain. Otherwise, this computer sets up the secure session

to any domain controller in the specified domain.

Error - 3/2/2012 8:27:31 AM | Computer Name = L11109429.zen824 | Source = Microsoft-Windows-

GroupPolicy | ID = 1129

Description = The processing of Group Policy failed because of lack of network connectivity

to a domain controller. This may be a transient condition. A success message would

be generated once the machine gets connected to the domain controller and Group

Policy has succesfully processed. If you do not see a success message for several

hours, then contact your administrator.

Error - 3/2/2012 8:35:35 AM | Computer Name = L11109429.zen824 | Source = Microsoft-Windows-

GroupPolicy | ID = 1129

Description = The processing of Group Policy failed because of lack of network connectivity

to a domain controller. This may be a transient condition. A success message would

be generated once the machine gets connected to the domain controller and Group

Policy has succesfully processed. If you do not see a success message for several

hours, then contact your administrator.

Error - 6/2/2012 12:02:44 AM | Computer Name = L11109429.zen824 | Source = NETLOGON | ID = 5719

Description = This computer was not able to set up a secure session with a domain

controller

in domain SOE due to the following: %%1311 This may lead to authentication problems.

Make sure that this computer is connected to the network. If the problem persists,

please

contact your domain administrator. ADDITIONAL INFO If this computer is a domain

controller

for the specified domain, it sets up the secure session to the primary domain controller

emulator in the specified domain. Otherwise, this computer sets up the secure session

to any domain controller in the specified domain.

Error - 6/2/2012 12:02:45 AM | Computer Name = L11109429.zen824 | Source = Microsoft-Windows-

GroupPolicy | ID = 1129

Description = The processing of Group Policy failed because of lack of network connectivity

to a domain controller. This may be a transient condition. A success message would

be generated once the machine gets connected to the domain controller and Group

Policy has succesfully processed. If you do not see a success message for several

hours, then contact your administrator.

Error - 6/2/2012 12:02:49 AM | Computer Name = L11109429.zen824 | Source = Microsoft-Windows-

GroupPolicy | ID = 1129

Description = The processing of Group Policy failed because of lack of network connectivity

to a domain controller. This may be a transient condition. A success message would

be generated once the machine gets connected to the domain controller and Group

Policy has succesfully processed. If you do not see a success message for several

hours, then contact your administrator.

Error - 6/2/2012 12:04:03 AM | Computer Name = L11109429.zen824 | Source = DCOM | ID = 10005

Description =

Error - 6/2/2012 12:04:03 AM | Computer Name = L11109429.zen824 | Source = Service Control

Manager | ID = 7009

Description =

Error - 6/2/2012 12:04:03 AM | Computer Name = L11109429.zen824 | Source = Service Control

Manager | ID = 7000

Description =

Error - 6/2/2012 12:15:44 AM | Computer Name = L11109429.zen824 | Source = DCOM | ID = 10010

Description =

< End of report >

[Maurice Naggar]

Hello Zen824 and welcome to MalwareBytes forums.

Please do not try anything else on your own. You should not have copy-catted anyone else's fixes. Not a good idea on your own.

Did you also know making the 1st reply to your own original post makes the request harder to spot ??

Always Copy and Paste any log I ask for. You may use a separate post for each, as needed.

Treat this computer as if it were in isolation / quarantine.

No websurfing, no online transactions.

About when did this issue first start? Was there a significant or noticeable "message/warning" just before or during the original incident?

Please read all my directions. If you have a question, STOP and ask first.

DO NOT make changes or additions on your own.

Do as much as possible of the following:

Step 1

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

For directions on how, see How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

Do NOT turn off the firewall

Please download Rkill by Grinler and save it to your desktop.

Link 2
Link 3
Link 4
Double-click on the Rkill desktop icon to run the tool.
If using Vista or Windows 7, right-click on it and Run As Administrator.
A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
If not, delete the file, then download and use the one provided in Link 2.
If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
If the tool does not run from any of the links provided, please let me know.
If your antivirus program gives a prompt message, respond positive to allow RKILL to run.
If a malware-rogue gives a message regarding RKILL, proceed forward to running RKILL

IF you still have a problem running RKILL, you can download iExplore.exe or eXplorer.exe, which are renamed copies of rkill.com, and try them instead.

When all done, rkill.txt log file will be on your desktop. Copy & Paste contents of Rkill.txt into a reply.

More Information about Rkill can be found at this link: http://www.bleepingcomputer.com/forums/topic308364.html

Step 2

• Download & SAVE to your Desktop >> Tigzy's RogueKillerfrom here << or
  >> from here <<
  
• Quit all programs that you may have started.
  
• Please disconnect any USB or external drives from the computer before you run this scan!
  
• For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.
  For Windows XP, double-click to start.
  
• Wait until Prescan has finished ...
  
• Then Click on Scan button at upper right of screen.
  
• Wait until the Status box shows "Scan Finished"
  
• Click on Report and copy/paste the content of the Notepad into your next reply.
  
• The log should be found in RKreport[1].txt on your Desktop
  
• Do NOT press any Fix button.
  
• Exit/Close RogueKiller

There will be -lots- to do later.

[Maurice Naggar]

@Zen824

Questions for you: Is this connected to a local network?

Does this system belong to a corporate entity or an organization?

[zen824]

@Zen824

Questions for you: Is this connected to a local network?

Does this system belong to a corporate entity or an organization?

Yes it is connected to a local network. System belong to an organization..wil try other your steps tmr..

[Maurice Naggar]

"This system" must be disconnected from your network.

Reminder that you have other support options:

If you are in an organization or a corporate customer, contact Corporate Support for assistance.

If you would like to use our Malwarebytes Premium Consumer Services partner

Comprehensive fee based solutions to all your computer support needs — from installation and set-up to troubleshooting and tune-ups please go to the Malwarebytes Premium Services support site.

These fee based services are provided by a third-party vendor and not directly by the Malwarebytes Corporation

[Maurice Naggar]

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!