Jump to content

Matthew22

Honorary Members
 View Profile  See their activity

  • Posts

    28

  • Joined

  • Last visited

Reputation

0 Neutral
  1. Matthew22
    ok will get to it as soon as im free
  2. Matthew22
    Alright!! No shortcuts found anywhere. Thank you so much for your help
  3. Matthew22
    nvm i googled it. ok time to test this out
  4. Matthew22
    how to create a new system restore point?
  5. Matthew22
    well it all started with the shortcut virus, so should I plug in something to test?
  6. Matthew22
    ok finished, no log files?
  7. Matthew22
    C:\FRST\Quarantine\3a583\2c4e2.js JS/Kryptik.ALI trojan C:\ProgramData\WildTangent\GameInstalls\WTA-2e68460f-590a-4542-975e-38f0a2f505f9-extr.exe a variant of Win32/Kryptik.AGZ trojan C:\Users\All Users\WildTangent\GameInstalls\WTA-2e68460f-590a-4542-975e-38f0a2f505f9-extr.exe a variant of Win32/Kryptik.AGZ trojan
  8. Matthew22
    I am scanning now and it detected JS/Kryptik.ALItrojan are you sure i should'nt delete yet?
  9. Matthew22
    OMG i tried to go online and this came out! We're sorry...... but your computer or network may be sending automated queries. To protect our users, we can't process your request right now. See Google Help for more information.
  10. Matthew22
    Ok I see Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 03-09-2013 03Ran by Neoh (administrator) on USER on 05-09-2013 18:47:53Running from C:\Users\Neoh\DesktopWindows 8 Single Language (X64) OS Language: English(US)Internet Explorer Version 10Boot Mode: Normal ==================== Processes (Whitelisted) ================= (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\Splendid\ColorUService.exe(ASUS) C:\Program Files\ASUS\P4G\BatteryLife.exe(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe(ASUS) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x64\QuickGesture64.exe(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x86\QuickGesture.exe(ASUS) C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe() C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\AsusWSWinService.exe(ASUS) C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnWMI.exe(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\adminservice.exe(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe(Microsoft Corporation) C:\Windows\system32\dashost.exe(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe(Pandora.TV) C:\Program Files (x86)\PANDORA.TV\PanService\PandoraService.exe(Intel Corporation) C:\Windows\system32\igfxpers.exe(PandoraTV) C:\Program Files (x86)\PANDORA.TV\PanService\PanProcess.exe(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe(Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4406.1205_x64__8wekyb3d8bbwe\LiveComm.exe(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPCenter.exe(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPHelper.exe(Intel Corporation) C:\Windows\System32\igfxtray.exe(Intel Corporation) C:\Windows\System32\hkcmd.exe(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe(Dropbox, Inc.) C:\Users\Neoh\AppData\Roaming\Dropbox\bin\Dropbox.exe(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe(Yahoo! Inc.) C:\Program Files (x86)\Yahoo!\Messenger\ymsgr_tray.exe(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe(Microsoft Corporation) C:\Windows\system32\msiexec.exe(Farbar) C:\Users\Neoh\Desktop\fix.rar.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13535304 2013-04-24] (Realtek Semiconductor)HKLM\...\Run: [RtHDVBg] - C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1307720 2013-04-24] (Realtek Semiconductor)HKLM\...\Policies\Explorer: [NoDrives] 0HKCU\...\Run: [Messenger (Yahoo!)] - C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe [5244216 2009-11-11] (Yahoo! Inc.)HKCU\...\Run: [2c4e2] - C:\Users\Neoh\AppData\Roaming\3a583\2c4e2.js [x]HKCU\...\Policies\Explorer: [NoDrives] 0HKLM-x32\...\Run: [ASUSPRP] - C:\Program Files (x86)\ASUS\APRP\APRP.EXE [3187360 2013-04-24] (ASUSTek Computer Inc.)HKLM-x32\...\Run: [ASUSWebStorage] - C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\AsusWSPanel.exe [3576784 2012-12-19] (ASUS Cloud Corporation)HKLM-x32\...\Run: [RemoteControl10] - C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [91432 2012-03-29] (CyberLink Corp.)HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-05] (Adobe Systems Incorporated)Startup: C:\Users\Neoh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnkShortcutTarget: Dropbox.lnk -> C:\Users\Neoh\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) ==================== Internet (Whitelisted) ==================== ProxyEnable: Internet Explorer proxy is enabled.StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exeSearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = BHO: CIESpeechBHO Class - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Qualcomm Atheros Commnucations)BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation) FireFox:========FF ProfilePath: C:\Users\Neoh\AppData\Roaming\Mozilla\Firefox\Profiles\qkkklbw0.defaultFF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_94.dll ()FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll ()FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 - C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] C:\Program Files\McAfee\MSK Chrome: =======CHR RestoreOnStartup: "https://www.google.com/"CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter}CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.62\PepperFlash\pepflashplayer.dll ()CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewerCHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.62\ppGoogleNaClPluginChrome.dll ()CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.62\pdf.dll ()CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)CHR Plugin: (Intel\u00AE Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)CHR Plugin: (Intel\u00AE Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)CHR Plugin: (WildTangent Games App V2 Presence Detector) - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()CHR Plugin: (Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll ()CHR Plugin: (McAfee SecurityCenter) - c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL No FileCHR Extension: (Google Docs) - C:\Users\Neoh\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0CHR Extension: (Google Drive) - C:\Users\Neoh\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0CHR Extension: (YouTube) - C:\Users\Neoh\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0CHR Extension: (Google Search) - C:\Users\Neoh\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0CHR Extension: (Chrome In-App Payments service) - C:\Users\Neoh\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.10_0CHR Extension: (Gmail) - C:\Users\Neoh\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0 ==================== Services (Whitelisted) ================= R2 ASUS InstantOn; C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe [277120 2012-04-14] (ASUS)R2 Asus WebStorage Windows Service; C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\AsusWSWinService.exe [72192 2012-12-19] ()R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [226944 2012-12-29] (Qualcomm Atheros Commnucations)R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [129856 2012-07-06] (Intel Corporation)R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [166720 2012-07-06] (Intel Corporation)S3 npggsvc; C:\Windows\SysWow64\GameMon.des [5102040 2013-04-04] (INCA Internet Co., Ltd.)R2 PanService; C:\Program Files (x86)\PANDORA.TV\PanService\PandoraService.exe [625304 2012-09-28] (Pandora.TV)R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [14920 2013-04-24] (Microsoft Corporation)R2 ZAtheros Bt and Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [323584 2012-12-29] (Atheros) ==================== Drivers (Whitelisted) ==================== R3 ATP; C:\Windows\System32\drivers\AsusTP.sys [65784 2013-02-07] (ASUS Corporation)R3 bmusbser; C:\Windows\system32\DRIVERS\bmusbser.sys [119552 2009-05-22] (BM)R3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2012-12-29] (Qualcomm Atheros)R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [202752 2012-07-26] (Microsoft Corporation)R3 kbfiltr; C:\Windows\System32\drivers\kbfiltr.sys [14992 2012-08-02] ( )U5 AppMgmt; C:\Windows\system32\svchost.exe [29696 2013-04-24] (Microsoft Corporation)S3 catchme; \??\C:\fix.exe\catchme.sys [x]U0 msahci; ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-09-05 14:22 - 2013-09-05 14:22 - 00000000 ____D C:\Program Files (x86)\Audacity 1.3 Beta (Unicode)2013-09-05 13:47 - 2013-09-05 13:47 - 00001818 _____ C:\Users\Neoh\Desktop\aswMBR.txt2013-09-05 13:47 - 2013-09-05 13:47 - 00000512 _____ C:\Users\Neoh\Desktop\MBR.dat2013-09-05 13:33 - 2013-09-05 13:33 - 04745728 _____ (AVAST Software) C:\Users\Neoh\Downloads\aswmbr.exe2013-09-05 08:45 - 2013-09-05 08:45 - 00017437 _____ C:\Users\Neoh\Desktop\dds.txt2013-09-05 08:45 - 2013-09-05 08:45 - 00007918 _____ C:\Users\Neoh\Desktop\attach.txt2013-09-05 08:43 - 2013-09-05 08:44 - 00688992 ____R (Swearware) C:\Users\Neoh\Downloads\dds.com2013-09-04 19:24 - 2013-09-04 19:25 - 00891144 _____ C:\Users\Neoh\Desktop\SecurityCheck.exe2013-09-04 17:41 - 2013-09-04 17:42 - 00000000 ____D C:\AdwCleaner2013-09-04 17:33 - 2013-09-04 17:33 - 00000000 ____D C:\Windows\ERUNT2013-09-04 14:05 - 2013-09-04 14:06 - 01037222 _____ C:\Users\Neoh\Desktop\AdwCleaner.exe2013-09-04 14:04 - 2013-09-04 14:05 - 01028757 _____ (Thisisu) C:\Users\Neoh\Desktop\JRT.exe2013-09-04 13:47 - 2013-09-04 13:47 - 00000000 __SHD C:\Users\Neoh\AppData\Roaming\3a5832013-09-04 12:46 - 2013-09-04 12:47 - 01950416 _____ (Farbar) C:\Users\Neoh\Desktop\fix.rar.exe2013-09-03 22:44 - 2013-09-05 16:47 - 00000000 ___RD C:\Users\Neoh\Dropbox2013-09-03 22:44 - 2013-09-03 22:44 - 00001002 _____ C:\Users\Neoh\Desktop\Dropbox.lnk2013-09-03 22:43 - 2013-09-03 22:43 - 00000000 ____D C:\Users\Neoh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox2013-09-03 22:41 - 2013-09-05 18:42 - 00000000 ____D C:\Users\Neoh\AppData\Roaming\Dropbox2013-09-03 22:31 - 2013-09-03 22:38 - 32966136 _____ (Dropbox, Inc.) C:\Users\Neoh\Downloads\Dropbox 2.0.26.exe2013-09-03 18:00 - 2013-09-03 18:00 - 00018374 _____ C:\ComboFix.txt2013-09-03 17:45 - 2013-09-03 17:31 - 05119472 ____R (Swearware) C:\Users\Neoh\Desktop\winlogon.exe.exe2013-09-03 17:30 - 2013-09-03 17:31 - 05119472 ____R (Swearware) C:\Users\Neoh\Downloads\ComboFix.exe2013-09-03 17:23 - 2013-09-03 17:23 - 00000611 _____ C:\Users\Public\Desktop\CSL 3.5G Connect.lnk2013-09-02 19:43 - 2013-09-03 17:44 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)2013-09-02 19:40 - 2013-09-03 17:44 - 00000000 ____D C:\Users\Neoh\Desktop\mbar2013-09-02 16:46 - 2013-09-02 16:46 - 00000000 ____D C:\FRST2013-09-02 12:06 - 2013-05-02 23:29 - 00278800 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe2013-09-01 21:13 - 2013-09-01 21:13 - 01038464 _____ (Bleeping Computer, LLC) C:\Users\Neoh\Downloads\rkill64-7800.exe2013-09-01 21:13 - 2013-09-01 21:13 - 01038464 _____ (Bleeping Computer, LLC) C:\Users\Neoh\Downloads\rkill64.exe2013-09-01 21:12 - 2013-09-01 21:12 - 01898112 _____ (Bleeping Computer, LLC) C:\Users\Neoh\Downloads\run.com.exe2013-09-01 13:48 - 2013-09-03 18:00 - 00000000 ____D C:\Qoobox2013-09-01 13:48 - 2013-09-01 13:53 - 00000000 ____D C:\Windows\erdnt2013-09-01 13:48 - 2011-06-26 14:45 - 00256000 _____ C:\Windows\PEV.exe2013-09-01 13:48 - 2010-11-08 01:20 - 00208896 _____ C:\Windows\MBR.exe2013-09-01 13:48 - 2009-04-20 12:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe2013-09-01 13:48 - 2000-08-31 08:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe2013-09-01 13:48 - 2000-08-31 08:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe2013-09-01 13:48 - 2000-08-31 08:00 - 00212480 _____ (SteelWerX) C:\Windows\SWXCACLS.exe2013-09-01 13:48 - 2000-08-31 08:00 - 00098816 _____ C:\Windows\sed.exe2013-09-01 13:48 - 2000-08-31 08:00 - 00080412 _____ C:\Windows\grep.exe2013-09-01 13:48 - 2000-08-31 08:00 - 00068096 _____ C:\Windows\zip.exe2013-09-01 00:52 - 2013-09-01 09:40 - 00000029 _____ C:\Users\Neoh\AppData\Roaming\mbam.context.scan2013-09-01 00:33 - 2013-09-01 00:33 - 00000000 ____D C:\Users\Neoh\AppData\Roaming\Malwarebytes2013-09-01 00:32 - 2013-09-05 18:40 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware2013-09-01 00:32 - 2013-09-01 00:32 - 00000000 ____D C:\ProgramData\Malwarebytes2013-08-31 23:24 - 2013-08-31 23:24 - 00000000 ____D C:\Users\Neoh\AppData\Roaming\IObit2013-08-31 23:24 - 2013-08-31 23:24 - 00000000 ____D C:\ProgramData\IObit2013-08-31 23:23 - 2013-08-31 23:23 - 00000000 ____D C:\Program Files (x86)\IObit2013-08-31 17:57 - 2013-08-31 17:59 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Neoh\Downloads\mbam-setup-1.75.0.1300 (1).exe2013-08-31 17:42 - 2013-08-31 17:42 - 00000000 ____D C:\Program Files\CSL 3.5G Connect2013-08-31 17:23 - 2013-08-31 17:24 - 00806717 _____ C:\Users\Neoh\Downloads\Shortcut Virus Remover v3.1.exe2013-08-31 17:21 - 2013-08-31 17:22 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Neoh\Desktop\winlogo.exe.exe2013-08-31 16:10 - 2013-09-01 01:47 - 00340354 _____ C:\Users\Neoh\AppData\Roaming\ICARE_ACTIVITY.LOG2013-08-31 16:09 - 2013-09-01 09:20 - 04613956 _____ C:\Users\Neoh\AppData\Roaming\ICARE.LOG2013-08-31 16:08 - 2013-08-31 16:08 - 00017028 _____ C:\Users\Neoh\Downloads\AutoRunExterminator-1.8.zip2013-08-31 15:46 - 2013-08-31 23:49 - 00000000 ____D C:\Users\Neoh\Desktop\New folder2013-08-31 02:12 - 2013-08-31 02:12 - 00000000 ____D C:\Users\Neoh\AppData\Roaming\Media Player Classic2013-08-31 01:07 - 2013-08-31 01:07 - 00000000 __SHD C:\3bfda2013-08-30 23:11 - 2013-08-30 23:11 - 00000000 ____D C:\Users\Neoh\AppData\Roaming\NVIDIA2013-08-28 20:12 - 2013-08-31 17:29 - 00000000 ____D C:\Program Files\Recuva2013-08-28 20:12 - 2013-08-31 15:50 - 00001660 _____ C:\Users\Public\Desktop\Recuva.lnk2013-08-28 09:58 - 2013-09-04 12:39 - 00000000 ____D C:\Windows\System32\Tasks\NCH Software2013-08-28 09:58 - 2013-08-28 09:58 - 00000000 ____D C:\ProgramData\NCH Software2013-08-28 09:57 - 2013-08-28 09:58 - 00000000 ____D C:\Program Files (x86)\NCH Software2013-08-28 09:57 - 2013-08-28 09:57 - 03292760 _____ (NCH Software) C:\Users\Neoh\Downloads\vpsetup.exe2013-08-28 09:57 - 2013-08-28 09:57 - 00001136 _____ C:\Users\Public\Desktop\VideoPad Video Editor.lnk2013-08-28 09:57 - 2013-08-28 09:57 - 00000000 ____D C:\Users\Neoh\AppData\Roaming\NCH Software2013-08-28 02:03 - 2013-08-28 02:03 - 00000310 _____ C:\Windows\AutoKMS.log2013-08-28 00:27 - 2013-08-31 23:54 - 00000000 ____D C:\Users\Neoh\Google Drive2013-08-28 00:27 - 2013-08-28 00:27 - 00001658 _____ C:\Users\Neoh\Desktop\Google Drive.lnk2013-08-28 00:18 - 2013-08-28 00:18 - 00784832 _____ (Google Inc.) C:\Users\Neoh\Downloads\googledrivesync.exe2013-08-27 22:27 - 2013-09-05 15:24 - 00003596 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-458189604-2422199037-1606706877-10022013-08-27 22:27 - 2013-08-27 22:27 - 00000184 _____ C:\Windows\AutoKMS.ini2013-08-27 21:56 - 2013-08-27 21:56 - 00000000 ____D C:\Windows\System32\Tasks\OfficeSoftwareProtectionPlatform2013-08-27 21:56 - 2013-08-27 21:56 - 00000000 ____D C:\Users\Neoh\AppData\Local\Microsoft Help2013-08-27 21:56 - 2013-08-27 21:56 - 00000000 ____D C:\Program Files\Microsoft Office2013-08-27 21:56 - 2013-08-27 21:56 - 00000000 ____D C:\Program Files (x86)\Microsoft Analysis Services2013-08-27 21:55 - 2013-08-27 22:03 - 00000000 ____D C:\ProgramData\Microsoft Help2013-08-27 21:55 - 2013-08-27 22:00 - 00000000 ____D C:\Program Files (x86)\Microsoft Office2013-08-27 21:55 - 2013-08-27 21:55 - 00000000 ___RD C:\MSOCache2013-08-27 21:35 - 2013-09-03 21:54 - 00000000 ____D C:\Users\Neoh\AppData\Local\CrashDumps2013-08-27 21:32 - 2013-08-27 21:32 - 00000000 ____D C:\Program Files\Common Files\INCA Shared2013-08-27 21:32 - 2013-04-04 01:27 - 05102040 _____ (INCA Internet Co., Ltd.) C:\Windows\SysWOW64\GameMon.des2013-08-27 21:32 - 2012-01-01 15:33 - 00004774 _____ (INCA Internet Co., Ltd.) C:\Windows\SysWOW64\npptNT2.sys2013-08-27 21:32 - 2003-07-20 08:17 - 00005174 _____ C:\Windows\SysWOW64\nppt9x.vxd2013-08-27 21:31 - 2013-08-27 21:31 - 00000000 ____D C:\Program Files (x86)\Combined Community Codec Pack2013-08-27 21:27 - 2013-08-27 21:28 - 09283128 _____ (CCCP Project ) C:\Users\Neoh\Downloads\Combined-Community-Codec-Pack-2013-08-01.exe2013-08-27 21:22 - 2013-08-27 21:22 - 00001062 _____ C:\Users\Neoh\Desktop\GUpdate_SINGAPORE - Shortcut.lnk2013-08-27 21:20 - 2013-08-27 21:20 - 00000000 ____D C:\Users\Neoh\AppData\Local\Adobe2013-08-27 21:19 - 2013-08-31 17:31 - 00000000 ____D C:\Program Files (x86)\CSL 3.5G Connect2013-08-27 21:19 - 2009-05-22 16:02 - 00119552 _____ (BM) C:\Windows\system32\Drivers\bmusbser.sys2013-08-27 21:19 - 2009-05-22 16:02 - 00103424 _____ (Thesycon GmbH) C:\Windows\SysWOW64\MyDIT_GenClassCoInst.dll2013-08-27 20:33 - 2013-08-27 20:33 - 00000000 ____D C:\Users\Public\CyberLink2013-08-27 20:33 - 2013-08-27 20:33 - 00000000 ____D C:\Users\Neoh\Documents\CyberLink2013-08-27 20:33 - 2013-08-27 20:33 - 00000000 ____D C:\Users\Neoh\AppData\Roaming\CyberLink2013-08-27 20:33 - 2013-08-27 20:33 - 00000000 ____D C:\Users\Neoh\AppData\Local\Cyberlink2013-08-27 20:33 - 2013-08-27 20:33 - 00000000 ____D C:\ProgramData\CyberLink2013-08-27 20:27 - 2013-08-27 20:27 - 00001037 _____ C:\Users\Neoh\Desktop\KMPlayer.lnk2013-08-27 20:27 - 2013-08-27 20:27 - 00000000 ____D C:\Users\Neoh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\The KMPlayer2013-08-27 20:27 - 2013-08-27 20:27 - 00000000 ____D C:\Program Files (x86)\The KMPlayer2013-08-27 20:27 - 2013-08-27 20:27 - 00000000 ____D C:\Program Files (x86)\PANDORA.TV2013-08-27 18:26 - 2013-08-27 18:27 - 00000000 ____D C:\ProgramData\Yahoo!2013-08-27 18:25 - 2013-08-30 22:16 - 00000000 ____D C:\ProgramData\Adobe2013-08-27 18:25 - 2013-08-27 18:26 - 00000000 ____D C:\Program Files (x86)\Yahoo!2013-08-27 18:25 - 2013-08-27 18:25 - 00000000 ____D C:\Program Files (x86)\Adobe2013-08-27 18:24 - 2013-09-05 18:28 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job2013-08-27 18:24 - 2013-08-27 18:32 - 00003718 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater2013-08-27 18:23 - 2013-08-27 18:23 - 00001149 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk2013-08-27 18:23 - 2013-08-27 18:23 - 00000000 ____D C:\Users\Neoh\AppData\Roaming\Mozilla2013-08-27 18:23 - 2013-08-27 18:23 - 00000000 ____D C:\Users\Neoh\AppData\Local\Mozilla2013-08-27 18:23 - 2013-08-27 18:23 - 00000000 ____D C:\ProgramData\Mozilla2013-08-27 18:23 - 2013-08-27 18:23 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service2013-08-27 18:23 - 2013-08-27 18:23 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox2013-08-27 18:22 - 2013-08-30 18:41 - 00002185 _____ C:\Users\Public\Desktop\Google Chrome.lnk2013-08-27 18:21 - 2013-09-05 18:41 - 00000900 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job2013-08-27 18:21 - 2013-09-05 18:37 - 00000904 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job2013-08-27 18:21 - 2013-08-28 00:25 - 00000000 ____D C:\Users\Neoh\AppData\Local\Google2013-08-27 18:21 - 2013-08-28 00:25 - 00000000 ____D C:\Program Files (x86)\Google2013-08-27 18:21 - 2013-08-27 18:32 - 00003876 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA2013-08-27 18:21 - 2013-08-27 18:32 - 00003640 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore2013-08-27 18:20 - 2013-08-27 18:20 - 00000000 ____D C:\Program Files\7-Zip2013-08-27 18:19 - 2013-08-27 18:19 - 00000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdFs_01_11_00.Wdf2013-08-27 18:17 - 2013-08-27 18:17 - 00000000 ____D C:\Users\Neoh\AppData\Roaming\Macromedia2013-08-27 18:16 - 2013-09-04 13:00 - 00000000 ____D C:\Users\Neoh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup2013-08-27 18:16 - 2013-09-01 01:47 - 00000000 ____D C:\Users\Neoh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools2013-08-27 18:16 - 2013-08-28 11:26 - 00000000 ____D C:\Users\Neoh\Documents\Bluetooth Folder2013-08-27 18:16 - 2013-08-27 18:16 - 00000000 ____D C:\Windows\System32\Tasks\WPD2013-08-27 18:16 - 2013-08-27 18:16 - 00000000 ____D C:\Users\Neoh\AppData\Roaming\Atheros2013-08-27 18:16 - 2013-08-27 18:16 - 00000000 ____D C:\Users\Neoh\AppData\Roaming\ASUS WebStorage2013-08-27 18:16 - 2013-08-27 18:16 - 00000000 ____D C:\Users\Neoh\AppData\Local\BMExplorer2013-08-27 18:15 - 2013-08-27 21:20 - 00000000 ____D C:\Users\Neoh\AppData\Roaming\Adobe2013-08-27 18:15 - 2013-08-27 18:15 - 00001432 _____ C:\Users\Neoh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk2013-08-27 18:14 - 2013-09-05 18:41 - 00000074 _____ C:\Users\Neoh\AppData\Roaming\sp_data.sys2013-08-27 18:14 - 2013-08-27 18:14 - 00000192 _____ C:\Windows\FixPatch.log2013-08-27 18:13 - 2013-09-03 22:44 - 00000000 ____D C:\Users\Neoh2013-08-27 18:13 - 2013-09-01 01:48 - 00000000 ____D C:\Users\Neoh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories2013-08-27 18:13 - 2013-09-01 01:48 - 00000000 ____D C:\Users\Neoh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility2013-08-27 18:13 - 2013-09-01 01:47 - 00000000 ____D C:\Users\Neoh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools2013-08-27 18:13 - 2013-09-01 01:47 - 00000000 ____D C:\Users\Neoh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance2013-08-27 18:13 - 2013-08-27 20:07 - 00000000 ____D C:\Users\Neoh\AppData\Local\VirtualStore2013-08-27 18:13 - 2013-08-27 18:15 - 00000000 ____D C:\Users\Neoh\AppData\Local\Packages2013-08-27 18:13 - 2013-08-27 18:14 - 00000000 ____D C:\Users\Neoh\AppData\Local\ASUS2013-08-27 18:13 - 2013-08-27 18:13 - 00000020 ___SH C:\Users\Neoh\ntuser.ini2013-08-27 18:13 - 2013-04-24 12:10 - 00002102 _____ C:\Users\Neoh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SkyDrive.lnk ==================== One Month Modified Files and Folders ======= 2013-09-05 18:42 - 2013-09-03 22:41 - 00000000 ____D C:\Users\Neoh\AppData\Roaming\Dropbox2013-09-05 18:42 - 2013-07-18 13:28 - 01249932 _____ C:\Windows\WindowsUpdate.log2013-09-05 18:41 - 2013-08-27 18:21 - 00000900 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job2013-09-05 18:41 - 2013-08-27 18:14 - 00000074 _____ C:\Users\Neoh\AppData\Roaming\sp_data.sys2013-09-05 18:41 - 2012-07-26 15:22 - 00000006 ____H C:\Windows\Tasks\SA.DAT2013-09-05 18:40 - 2013-09-01 00:32 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware2013-09-05 18:37 - 2013-08-27 18:21 - 00000904 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job2013-09-05 18:28 - 2013-08-27 18:24 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job2013-09-05 18:00 - 2012-07-26 16:12 - 00000000 ____D C:\Windows\system32\sru2013-09-05 16:47 - 2013-09-03 22:44 - 00000000 ___RD C:\Users\Neoh\Dropbox2013-09-05 15:24 - 2013-09-05 14:45 - 00000000 ____D C:\Users\Neoh\AppData\Roaming\Audacity2013-09-05 15:24 - 2013-08-27 22:27 - 00003596 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-458189604-2422199037-1606706877-10022013-09-05 14:22 - 2013-09-05 14:22 - 00000000 ____D C:\Program Files (x86)\Audacity 1.3 Beta (Unicode)2013-09-05 13:47 - 2013-09-05 13:47 - 00001818 _____ C:\Users\Neoh\Desktop\aswMBR.txt2013-09-05 13:47 - 2013-09-05 13:47 - 00000512 _____ C:\Users\Neoh\Desktop\MBR.dat2013-09-05 13:33 - 2013-09-05 13:33 - 04745728 _____ (AVAST Software) C:\Users\Neoh\Downloads\aswmbr.exe2013-09-05 08:45 - 2013-09-05 08:45 - 00017437 _____ C:\Users\Neoh\Desktop\dds.txt2013-09-05 08:45 - 2013-09-05 08:45 - 00007918 _____ C:\Users\Neoh\Desktop\attach.txt2013-09-05 08:44 - 2013-09-05 08:43 - 00688992 ____R (Swearware) C:\Users\Neoh\Downloads\dds.com2013-09-04 19:47 - 2012-07-26 13:26 - 00262144 ___SH C:\Windows\system32\config\BBI2013-09-04 19:25 - 2013-09-04 19:24 - 00891144 _____ C:\Users\Neoh\Desktop\SecurityCheck.exe2013-09-04 17:42 - 2013-09-04 17:41 - 00000000 ____D C:\AdwCleaner2013-09-04 17:33 - 2013-09-04 17:33 - 00000000 ____D C:\Windows\ERUNT2013-09-04 14:06 - 2013-09-04 14:05 - 01037222 _____ C:\Users\Neoh\Desktop\AdwCleaner.exe2013-09-04 14:05 - 2013-09-04 14:04 - 01028757 _____ (Thisisu) C:\Users\Neoh\Desktop\JRT.exe2013-09-04 13:47 - 2013-09-04 13:47 - 00000000 __SHD C:\Users\Neoh\AppData\Roaming\3a5832013-09-04 13:00 - 2013-08-27 18:16 - 00000000 ____D C:\Users\Neoh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup2013-09-04 12:47 - 2013-09-04 12:46 - 01950416 _____ (Farbar) C:\Users\Neoh\Desktop\fix.rar.exe2013-09-04 12:46 - 2012-07-26 15:28 - 00848230 _____ C:\Windows\system32\PerfStringBackup.INI2013-09-04 12:39 - 2013-08-28 09:58 - 00000000 ____D C:\Windows\System32\Tasks\NCH Software2013-09-03 22:44 - 2013-09-03 22:44 - 00001002 _____ C:\Users\Neoh\Desktop\Dropbox.lnk2013-09-03 22:44 - 2013-08-27 18:13 - 00000000 ____D C:\Users\Neoh2013-09-03 22:43 - 2013-09-03 22:43 - 00000000 ____D C:\Users\Neoh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox2013-09-03 22:38 - 2013-09-03 22:31 - 32966136 _____ (Dropbox, Inc.) C:\Users\Neoh\Downloads\Dropbox 2.0.26.exe2013-09-03 21:57 - 2012-08-02 11:32 - 00023714 _____ C:\Windows\PFRO.log2013-09-03 21:54 - 2013-08-27 21:35 - 00000000 ____D C:\Users\Neoh\AppData\Local\CrashDumps2013-09-03 18:00 - 2013-09-03 18:00 - 00018374 _____ C:\ComboFix.txt2013-09-03 18:00 - 2013-09-01 13:48 - 00000000 ____D C:\Qoobox2013-09-03 17:58 - 2012-07-26 13:26 - 00000215 _____ C:\Windows\system.ini2013-09-03 17:44 - 2013-09-02 19:43 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)2013-09-03 17:44 - 2013-09-02 19:40 - 00000000 ____D C:\Users\Neoh\Desktop\mbar2013-09-03 17:31 - 2013-09-03 17:45 - 05119472 ____R (Swearware) C:\Users\Neoh\Desktop\winlogon.exe.exe2013-09-03 17:31 - 2013-09-03 17:30 - 05119472 ____R (Swearware) C:\Users\Neoh\Downloads\ComboFix.exe2013-09-03 17:23 - 2013-09-03 17:23 - 00000611 _____ C:\Users\Public\Desktop\CSL 3.5G Connect.lnk2013-09-02 16:46 - 2013-09-02 16:46 - 00000000 ____D C:\FRST2013-09-01 21:13 - 2013-09-01 21:13 - 01038464 _____ (Bleeping Computer, LLC) C:\Users\Neoh\Downloads\rkill64-7800.exe2013-09-01 21:13 - 2013-09-01 21:13 - 01038464 _____ (Bleeping Computer, LLC) C:\Users\Neoh\Downloads\rkill64.exe2013-09-01 21:12 - 2013-09-01 21:12 - 01898112 _____ (Bleeping Computer, LLC) C:\Users\Neoh\Downloads\run.com.exe2013-09-01 20:10 - 2012-07-26 15:21 - 00038411 _____ C:\Windows\setupact.log2013-09-01 13:54 - 2012-07-26 13:37 - 00000000 __RHD C:\Users\Default2013-09-01 13:53 - 2013-09-01 13:48 - 00000000 ____D C:\Windows\erdnt2013-09-01 09:40 - 2013-09-01 00:52 - 00000029 _____ C:\Users\Neoh\AppData\Roaming\mbam.context.scan2013-09-01 09:20 - 2013-08-31 16:09 - 04613956 _____ C:\Users\Neoh\AppData\Roaming\ICARE.LOG2013-09-01 01:48 - 2013-08-27 18:13 - 00000000 ____D C:\Users\Neoh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories2013-09-01 01:48 - 2013-08-27 18:13 - 00000000 ____D C:\Users\Neoh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility2013-09-01 01:47 - 2013-08-31 16:10 - 00340354 _____ C:\Users\Neoh\AppData\Roaming\ICARE_ACTIVITY.LOG2013-09-01 01:47 - 2013-08-27 18:16 - 00000000 ____D C:\Users\Neoh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools2013-09-01 01:47 - 2013-08-27 18:13 - 00000000 ____D C:\Users\Neoh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools2013-09-01 01:47 - 2013-08-27 18:13 - 00000000 ____D C:\Users\Neoh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance2013-09-01 00:33 - 2013-09-01 00:33 - 00000000 ____D C:\Users\Neoh\AppData\Roaming\Malwarebytes2013-09-01 00:32 - 2013-09-01 00:32 - 00000000 ____D C:\ProgramData\Malwarebytes2013-08-31 23:54 - 2013-08-28 00:27 - 00000000 ____D C:\Users\Neoh\Google Drive2013-08-31 23:52 - 2012-07-26 16:12 - 00000000 ____D C:\Users\Public\Libraries2013-08-31 23:49 - 2013-08-31 15:46 - 00000000 ____D C:\Users\Neoh\Desktop\New folder2013-08-31 23:31 - 2013-04-24 12:11 - 00000000 ____D C:\ProgramData\McAfee2013-08-31 23:28 - 2012-07-26 16:12 - 00000000 ___HD C:\Windows\ELAMBKUP2013-08-31 23:24 - 2013-08-31 23:24 - 00000000 ____D C:\Users\Neoh\AppData\Roaming\IObit2013-08-31 23:24 - 2013-08-31 23:24 - 00000000 ____D C:\ProgramData\IObit2013-08-31 23:23 - 2013-08-31 23:23 - 00000000 ____D C:\Program Files (x86)\IObit2013-08-31 22:19 - 2013-04-24 12:09 - 07275552 _____ C:\Windows\AsDebug.log2013-08-31 17:59 - 2013-08-31 17:57 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Neoh\Downloads\mbam-setup-1.75.0.1300 (1).exe2013-08-31 17:42 - 2013-08-31 17:42 - 00000000 ____D C:\Program Files\CSL 3.5G Connect2013-08-31 17:31 - 2013-08-27 21:19 - 00000000 ____D C:\Program Files (x86)\CSL 3.5G Connect2013-08-31 17:29 - 2013-08-28 20:12 - 00000000 ____D C:\Program Files\Recuva2013-08-31 17:24 - 2013-08-31 17:23 - 00806717 _____ C:\Users\Neoh\Downloads\Shortcut Virus Remover v3.1.exe2013-08-31 17:22 - 2013-08-31 17:21 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Neoh\Desktop\winlogo.exe.exe2013-08-31 16:08 - 2013-08-31 16:08 - 00017028 _____ C:\Users\Neoh\Downloads\AutoRunExterminator-1.8.zip2013-08-31 15:50 - 2013-08-28 20:12 - 00001660 _____ C:\Users\Public\Desktop\Recuva.lnk2013-08-31 02:12 - 2013-08-31 02:12 - 00000000 ____D C:\Users\Neoh\AppData\Roaming\Media Player Classic2013-08-31 01:07 - 2013-08-31 01:07 - 00000000 __SHD C:\3bfda2013-08-30 23:11 - 2013-08-30 23:11 - 00000000 ____D C:\Users\Neoh\AppData\Roaming\NVIDIA2013-08-30 22:16 - 2013-08-27 18:25 - 00000000 ____D C:\ProgramData\Adobe2013-08-30 18:41 - 2013-08-27 18:22 - 00002185 _____ C:\Users\Public\Desktop\Google Chrome.lnk2013-08-30 01:24 - 2012-07-26 16:12 - 00000000 ____D C:\Windows\AUInstallAgent2013-08-28 11:26 - 2013-08-27 18:16 - 00000000 ____D C:\Users\Neoh\Documents\Bluetooth Folder2013-08-28 09:58 - 2013-08-28 09:58 - 00000000 ____D C:\ProgramData\NCH Software2013-08-28 09:58 - 2013-08-28 09:57 - 00000000 ____D C:\Program Files (x86)\NCH Software2013-08-28 09:57 - 2013-08-28 09:57 - 03292760 _____ (NCH Software) C:\Users\Neoh\Downloads\vpsetup.exe2013-08-28 09:57 - 2013-08-28 09:57 - 00001136 _____ C:\Users\Public\Desktop\VideoPad Video Editor.lnk2013-08-28 09:57 - 2013-08-28 09:57 - 00000000 ____D C:\Users\Neoh\AppData\Roaming\NCH Software2013-08-28 02:13 - 2012-07-26 16:12 - 00000000 ____D C:\Windows\rescache2013-08-28 02:03 - 2013-08-28 02:03 - 00000310 _____ C:\Windows\AutoKMS.log2013-08-28 00:27 - 2013-08-28 00:27 - 00001658 _____ C:\Users\Neoh\Desktop\Google Drive.lnk2013-08-28 00:25 - 2013-08-27 18:21 - 00000000 ____D C:\Users\Neoh\AppData\Local\Google2013-08-28 00:25 - 2013-08-27 18:21 - 00000000 ____D C:\Program Files (x86)\Google2013-08-28 00:18 - 2013-08-28 00:18 - 00784832 _____ (Google Inc.) C:\Users\Neoh\Downloads\googledrivesync.exe2013-08-27 22:27 - 2013-08-27 22:27 - 00000184 _____ C:\Windows\AutoKMS.ini2013-08-27 22:17 - 2013-04-24 12:01 - 00420904 _____ C:\Windows\system32\FNTCACHE.DAT2013-08-27 22:15 - 2012-07-26 16:12 - 00000000 ____D C:\Windows\WinStore2013-08-27 22:15 - 2012-07-26 16:12 - 00000000 ____D C:\Windows\SysWOW64\th-TH2013-08-27 22:15 - 2012-07-26 16:12 - 00000000 ____D C:\Windows\SysWOW64\migwiz2013-08-27 22:15 - 2012-07-26 16:12 - 00000000 ____D C:\Program Files\Windows Photo Viewer2013-08-27 22:15 - 2012-07-26 16:12 - 00000000 ____D C:\Program Files\Windows Defender2013-08-27 22:15 - 2012-07-26 16:12 - 00000000 ____D C:\Program Files\Common Files\System2013-08-27 22:15 - 2012-07-26 16:12 - 00000000 ____D C:\Program Files (x86)\Windows Photo Viewer2013-08-27 22:15 - 2012-07-26 16:12 - 00000000 ____D C:\Program Files (x86)\Windows Defender2013-08-27 22:15 - 2012-07-26 15:52 - 00000000 ____D C:\Program Files\Windows Journal2013-08-27 22:15 - 2012-07-26 15:51 - 00000000 ____D C:\Windows\SysWOW64\WCN2013-08-27 22:15 - 2012-07-26 15:51 - 00000000 ____D C:\Windows\SysWOW64\slmgr2013-08-27 22:15 - 2012-07-26 13:38 - 00000000 ____D C:\Windows\SysWOW64\oobe2013-08-27 22:15 - 2012-07-26 13:37 - 00000000 ____D C:\Windows\servicing2013-08-27 22:14 - 2012-07-26 16:12 - 00000000 ___RD C:\Windows\ImmersiveControlPanel2013-08-27 22:14 - 2012-07-26 16:12 - 00000000 ____D C:\Windows\system32\th-TH2013-08-27 22:14 - 2012-07-26 16:12 - 00000000 ____D C:\Windows\system32\migwiz2013-08-27 22:14 - 2012-07-26 16:12 - 00000000 ____D C:\Windows\PolicyDefinitions2013-08-27 22:14 - 2012-07-26 15:51 - 00000000 ____D C:\Windows\system32\WCN2013-08-27 22:14 - 2012-07-26 15:51 - 00000000 ____D C:\Windows\system32\slmgr2013-08-27 22:14 - 2012-07-26 13:38 - 00000000 ____D C:\Windows\system32\Sysprep2013-08-27 22:14 - 2012-07-26 13:38 - 00000000 ____D C:\Windows\system32\oobe2013-08-27 22:13 - 2012-07-26 16:12 - 00000000 ____D C:\Windows\system32\SystemResetPlatform2013-08-27 22:10 - 2012-07-26 16:12 - 00000000 ____D C:\Windows\SysWOW64\MUI2013-08-27 22:10 - 2012-07-26 16:12 - 00000000 ____D C:\Windows\SysWOW64\Com2013-08-27 22:10 - 2012-07-26 15:51 - 00000000 ____D C:\Windows\SysWOW64\winrm2013-08-27 22:10 - 2012-07-26 15:51 - 00000000 ____D C:\Windows\SysWOW64\Printing_Admin_Scripts2013-08-27 22:10 - 2012-07-26 13:38 - 00000000 ____D C:\Windows\SysWOW64\Dism2013-08-27 22:09 - 2012-07-26 16:12 - 00000000 ____D C:\Windows\IME2013-08-27 22:08 - 2012-07-26 16:12 - 00000000 ____D C:\Windows\system32\MUI2013-08-27 22:08 - 2012-07-26 15:51 - 00000000 ____D C:\Windows\system32\winrm2013-08-27 22:08 - 2012-07-26 15:51 - 00000000 ____D C:\Windows\system32\Printing_Admin_Scripts2013-08-27 22:08 - 2012-07-26 13:38 - 00000000 ____D C:\Windows\system32\Dism2013-08-27 22:07 - 2012-07-26 16:12 - 00000000 ____D C:\Windows\system32\Com2013-08-27 22:03 - 2013-08-27 21:55 - 00000000 ____D C:\ProgramData\Microsoft Help2013-08-27 22:00 - 2013-08-27 21:55 - 00000000 ____D C:\Program Files (x86)\Microsoft Office2013-08-27 22:00 - 2012-07-26 15:52 - 00000000 ____D C:\Windows\ShellNew2013-08-27 21:56 - 2013-08-27 21:56 - 00000000 ____D C:\Windows\System32\Tasks\OfficeSoftwareProtectionPlatform2013-08-27 21:56 - 2013-08-27 21:56 - 00000000 ____D C:\Users\Neoh\AppData\Local\Microsoft Help2013-08-27 21:56 - 2013-08-27 21:56 - 00000000 ____D C:\Program Files\Microsoft Office2013-08-27 21:56 - 2013-08-27 21:56 - 00000000 ____D C:\Program Files (x86)\Microsoft Analysis Services2013-08-27 21:56 - 2012-07-26 16:12 - 00000000 ____D C:\Program Files\Common Files\microsoft shared2013-08-27 21:55 - 2013-08-27 21:55 - 00000000 ___RD C:\MSOCache2013-08-27 21:32 - 2013-08-27 21:32 - 00000000 ____D C:\Program Files\Common Files\INCA Shared2013-08-27 21:31 - 2013-08-27 21:31 - 00000000 ____D C:\Program Files (x86)\Combined Community Codec Pack2013-08-27 21:28 - 2013-08-27 21:27 - 09283128 _____ (CCCP Project ) C:\Users\Neoh\Downloads\Combined-Community-Codec-Pack-2013-08-01.exe2013-08-27 21:22 - 2013-08-27 21:22 - 00001062 _____ C:\Users\Neoh\Desktop\GUpdate_SINGAPORE - Shortcut.lnk2013-08-27 21:20 - 2013-08-27 21:20 - 00000000 ____D C:\Users\Neoh\AppData\Local\Adobe2013-08-27 21:20 - 2013-08-27 18:15 - 00000000 ____D C:\Users\Neoh\AppData\Roaming\Adobe2013-08-27 20:33 - 2013-08-27 20:33 - 00000000 ____D C:\Users\Public\CyberLink2013-08-27 20:33 - 2013-08-27 20:33 - 00000000 ____D C:\Users\Neoh\Documents\CyberLink2013-08-27 20:33 - 2013-08-27 20:33 - 00000000 ____D C:\Users\Neoh\AppData\Roaming\CyberLink2013-08-27 20:33 - 2013-08-27 20:33 - 00000000 ____D C:\Users\Neoh\AppData\Local\Cyberlink2013-08-27 20:33 - 2013-08-27 20:33 - 00000000 ____D C:\ProgramData\CyberLink2013-08-27 20:27 - 2013-08-27 20:27 - 00001037 _____ C:\Users\Neoh\Desktop\KMPlayer.lnk2013-08-27 20:27 - 2013-08-27 20:27 - 00000000 ____D C:\Users\Neoh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\The KMPlayer2013-08-27 20:27 - 2013-08-27 20:27 - 00000000 ____D C:\Program Files (x86)\The KMPlayer2013-08-27 20:27 - 2013-08-27 20:27 - 00000000 ____D C:\Program Files (x86)\PANDORA.TV2013-08-27 20:07 - 2013-08-27 18:13 - 00000000 ____D C:\Users\Neoh\AppData\Local\VirtualStore2013-08-27 18:32 - 2013-08-27 18:24 - 00003718 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater2013-08-27 18:32 - 2013-08-27 18:21 - 00003876 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA2013-08-27 18:32 - 2013-08-27 18:21 - 00003640 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore2013-08-27 18:27 - 2013-08-27 18:26 - 00000000 ____D C:\ProgramData\Yahoo!2013-08-27 18:26 - 2013-08-27 18:25 - 00000000 ____D C:\Program Files (x86)\Yahoo!2013-08-27 18:25 - 2013-08-27 18:25 - 00000000 ____D C:\Program Files (x86)\Adobe2013-08-27 18:23 - 2013-08-27 18:23 - 00001149 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk2013-08-27 18:23 - 2013-08-27 18:23 - 00000000 ____D C:\Users\Neoh\AppData\Roaming\Mozilla2013-08-27 18:23 - 2013-08-27 18:23 - 00000000 ____D C:\Users\Neoh\AppData\Local\Mozilla2013-08-27 18:23 - 2013-08-27 18:23 - 00000000 ____D C:\ProgramData\Mozilla2013-08-27 18:23 - 2013-08-27 18:23 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service2013-08-27 18:23 - 2013-08-27 18:23 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox2013-08-27 18:20 - 2013-08-27 18:20 - 00000000 ____D C:\Program Files\7-Zip2013-08-27 18:19 - 2013-08-27 18:19 - 00000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdFs_01_11_00.Wdf2013-08-27 18:19 - 2012-07-26 16:12 - 00000000 ____D C:\Windows\system32\restore2013-08-27 18:17 - 2013-08-27 18:17 - 00000000 ____D C:\Users\Neoh\AppData\Roaming\Macromedia2013-08-27 18:17 - 2012-07-26 13:26 - 00262144 ___SH C:\Windows\system32\config\ELAM2013-08-27 18:16 - 2013-08-27 18:16 - 00000000 ____D C:\Windows\System32\Tasks\WPD2013-08-27 18:16 - 2013-08-27 18:16 - 00000000 ____D C:\Users\Neoh\AppData\Roaming\Atheros2013-08-27 18:16 - 2013-08-27 18:16 - 00000000 ____D C:\Users\Neoh\AppData\Roaming\ASUS WebStorage2013-08-27 18:16 - 2013-08-27 18:16 - 00000000 ____D C:\Users\Neoh\AppData\Local\BMExplorer2013-08-27 18:16 - 2013-07-18 13:44 - 00000000 ____D C:\ProgramData\Atheros2013-08-27 18:15 - 2013-08-27 18:15 - 00001432 _____ C:\Users\Neoh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk2013-08-27 18:15 - 2013-08-27 18:13 - 00000000 ____D C:\Users\Neoh\AppData\Local\Packages2013-08-27 18:14 - 2013-08-27 18:14 - 00000192 _____ C:\Windows\FixPatch.log2013-08-27 18:14 - 2013-08-27 18:13 - 00000000 ____D C:\Users\Neoh\AppData\Local\ASUS2013-08-27 18:14 - 2012-08-02 11:52 - 00000000 ____D C:\Windows\Log2013-08-27 18:13 - 2013-08-27 18:13 - 00000020 ___SH C:\Users\Neoh\ntuser.ini Files to move or delete:====================C:\Users\Neoh\AppData\Local\Temp\Quarantine.exeC:\Users\Neoh\AppData\Local\Temp\RarSFX0\SecurityCheck\Objlist.exeC:\Users\Neoh\AppData\Local\Temp\RarSFX0\SecurityCheck\runprocesses.exeC:\Users\Neoh\AppData\Local\Temp\RarSFX0\SecurityCheck\uninstalllist.exeC:\Users\Neoh\AppData\Local\Temp\RarSFX0\SecurityCheck\Other\cmdinfo.exeC:\Users\Neoh\AppData\Local\Temp\RarSFX0\SecurityCheck\Other\nircmdc.exeC:\Users\Neoh\AppData\Local\Temp\RarSFX0\SecurityCheck\Other\sed.exeC:\Users\Neoh\AppData\Local\Temp\RarSFX0\SecurityCheck\Other\swreg.exeC:\Users\Neoh\AppData\Local\Temp\jrt\erunt\ERUNT.EXE ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legitC:\Windows\System32\wininit.exe => MD5 is legitC:\Windows\explorer.exe => MD5 is legitC:\Windows\SysWOW64\explorer.exe => MD5 is legitC:\Windows\System32\svchost.exe => MD5 is legitC:\Windows\SysWOW64\svchost.exe => MD5 is legitC:\Windows\System32\services.exe => MD5 is legitC:\Windows\System32\User32.dll => MD5 is legitC:\Windows\SysWOW64\User32.dll => MD5 is legitC:\Windows\System32\userinit.exe => MD5 is legitC:\Windows\SysWOW64\userinit.exe => MD5 is legitC:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2012-08-02 11:32 ==================== End Of Log ============================ btw I will be busy during the weekends because of some college camp so I may not be able to reply until Sunday so please do not close the thread yet
  11. Matthew22
    the scan took less than a minute btw
  12. Matthew22
    aswMBR version 0.9.9.1771 Copyright© 2011 AVAST Software Run date: 2013-09-05 13:34:04 ----------------------------- 13:34:04.007 OS Version: Windows x64 6.2.9200 13:34:04.008 Number of processors: 4 586 0x3A09 13:34:04.009 ComputerName: USER UserName: Neoh 13:34:04.107 Initialze error 1 13:46:34.747 AVAST engine defs: 13090401 13:47:11.405 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\0000003b 13:47:11.408 Disk 0 Vendor: ST750LM022_HN-M750MBB 2AR20002 Size: 715404MB BusType: 11 13:47:11.434 Disk 0 MBR read successfully 13:47:11.435 Disk 0 MBR scan 13:47:11.445 Disk 0 unknown MBR code 13:47:11.447 Disk 0 Partition 1 00 EE GPT 2097151 MB offset 1 13:47:11.454 Disk 0 scanning C:\Windows\system32\drivers 13:47:11.456 Service scanning 13:47:12.088 Modules scanning 13:47:12.091 Disk 0 trace - called modules: 13:47:12.094 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys storport.sys hal.dll iaStorA.sys 13:47:12.097 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80051cb060] 13:47:12.100 3 CLASSPNP.SYS[fffff88000acf8aa] -> nt!IofCallDriver -> [0xfffffa80046e1380] 13:47:12.104 5 ACPI.sys[fffff88001186a91] -> nt!IofCallDriver -> \Device\0000003b[0xfffffa80046e37f0] 13:47:12.113 AVAST engine scan C:\Windows 13:47:12.117 AVAST engine scan C:\Windows\system32 13:47:12.122 AVAST engine scan C:\Windows\system32\drivers 13:47:12.126 AVAST engine scan C:\Users\Neoh 13:47:12.131 AVAST engine scan C:\ProgramData 13:47:12.135 Scan finished successfully 13:47:25.504 Disk 0 MBR fix error 13:47:31.907 Disk 0 MBR has been saved successfully to "C:\Users\Neoh\Desktop\MBR.dat" 13:47:31.910 The log file has been saved successfully to "C:\Users\Neoh\Desktop\aswMBR.txt"
  13. Matthew22
    could it be that combofix messed up my system? I read it is not windows 8 supported. Maybe the worm did something. The avast will take some time, will get back to you later
  14. Matthew22
    well before i came to this forum for help my friend tried to help me, when he ran msconfig it simply wouldnt run. But I tried it earlier and it ran just fine DDS (Ver_2012-11-20.01) - NTFS_AMD64 Internet Explorer: 10.0.9200.16519 Run by Neoh at 8:44:39 on 2013-09-05 Microsoft Windows 8 Single Language 6.2.9200.0.1252.60.1033.18.3982.1997 [GMT 8:00] . AV: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . ============== Running Processes =============== . C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\nvvsvc.exe C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\system32\dwm.exe C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe C:\Windows\system32\nvvsvc.exe C:\Windows\system32\svchost.exe -k NetworkService C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe C:\Windows\system32\taskhostex.exe C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe C:\Program Files\ASUS\P4G\BatteryLife.exe C:\Program Files (x86)\ASUS\Splendid\ColorUService.exe C:\Program Files (x86)\ASUS\Splendid\ACMON.exe C:\Windows\Explorer.EXE C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x64\QuickGesture64.exe C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x86\QuickGesture.exe C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\AsusWSWinService.exe C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnWMI.exe C:\Program Files (x86)\Bluetooth Suite\adminservice.exe C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe C:\Program Files\Intel\iCLS Client\HeciServer.exe C:\Windows\system32\dashost.exe C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe C:\Program Files (x86)\PANDORA.TV\PanService\PandoraService.exe C:\Windows\system32\igfxpers.exe C:\Program Files (x86)\PANDORA.TV\PanService\PanProcess.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4406.1205_x64__8wekyb3d8bbwe\LiveComm.exe C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPCenter.exe C:\Windows\system32\SearchIndexer.exe C:\Program Files\NVIDIA Corporation\Display\nvtray.exe C:\Windows\System32\RuntimeBroker.exe C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPHelper.exe C:\Windows\System32\igfxtray.exe C:\Windows\System32\hkcmd.exe C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe C:\Users\Neoh\AppData\Roaming\Dropbox\bin\Dropbox.exe C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe C:\Program Files (x86)\Yahoo!\Messenger\ymsgr_tray.exe C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe D:\CSL 3.5G Connect\WirelessModem.exe C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\system32\taskhost.exe C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Windows\system32\msiexec.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\SearchFilterHost.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\System32\cscript.exe . ============== Pseudo HJT Report =============== . BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL uRun: [Messenger (Yahoo!)] "C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe" -quiet uRun: [2c4e2] C:\Users\Neoh\AppData\Roaming\3a583\2c4e2.js mRun: [ASUSPRP] "C:\Program Files (x86)\ASUS\APRP\APRP.EXE" mRun: [ASUSWebStorage] C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\AsusWSPanel.exe /S mRun: [RemoteControl10] "C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe" mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" StartupFolder: C:\Users\Neoh\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Neoh\AppData\Roaming\Dropbox\bin\Dropbox.exe uPolicies-Explorer: NoDrives = dword:0 mPolicies-Explorer: NoDrives = dword:0 mPolicies-System: DisableCAD = dword:1 IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll TCP: Interfaces\{F46A7214-0E0F-4A7D-B392-68315AAB09C9} : DHCPNameServer = 192.168.43.1 TCP: Interfaces\{F46A7214-0E0F-4A7D-B392-68315AAB09C9}\14E6F6478656270275966696 : DHCPNameServer = 202.188.0.133 202.188.1.5 TCP: Interfaces\{F47837F1-241F-4B30-A58D-E802A30D8ED1} : DHCPNameServer = 40.53.1.201 40.53.1.203 Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll SSODL: WebCheck - <orphaned> mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.62\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome x64-BHO: CIESpeechBHO Class: {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL x64-Run: [igfxTray] C:\Windows\System32\igfxtray.exe x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s x64-Run: [RtHDVBg] "C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe" /MAXX3 x64-mPolicies-Explorer: NoDrives = dword:0 x64-mPolicies-System: DisableCAD = dword:1 x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll x64-IE: {7815BE26-237D-41A8-A98F-F7BD75F71086} - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned> x64-Notify: igfxcui - igfxdev.dll x64-SSODL: WebCheck - <orphaned> . ================= FIREFOX =================== . FF - ProfilePath - C:\Users\Neoh\AppData\Roaming\Mozilla\Firefox\Profiles\qkkklbw0.default\ . ============= SERVICES / DRIVERS =============== . R0 iaStorA;iaStorA;C:\Windows\System32\Drivers\iaStorA.sys [2013-5-7 652784] R0 nvpciflt;nvpciflt;C:\Windows\System32\Drivers\nvpciflt.sys [2013-7-18 30496] R1 ATKWMIACPIIO;ATKWMIACPI Driver;C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [2011-9-8 17536] R2 ASMMAP64;ASMMAP64;C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-7-3 15416] R2 ASUS InstantOn;ASUS InstantOn Service;C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe [2012-4-14 277120] R2 Asus WebStorage Windows Service;Asus WebStorage Windows Service;C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\AsusWSWinService.exe [2012-12-19 72192] R2 AtherosSvc;AtherosSvc;C:\Program Files (x86)\Bluetooth Suite\AdminService.exe [2012-12-29 226944] R2 IconMan_R;IconMan_R;C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2013-7-18 2466448] R2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2012-6-20 634632] R2 Intel® ME Service;Intel® ME Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [2013-7-18 129856] R2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe [2013-7-18 166720] R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-9-4 418376] R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-9-4 701512] R2 PanService;PandoraService;C:\Program Files (x86)\PANDORA.TV\PanService\PandoraService.exe [2013-8-27 625304] R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2013-7-18 365376] R2 ZAtheros Bt and Wlan Coex Agent;ZAtheros Bt and Wlan Coex Agent;C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [2012-12-29 323584] R3 AiCharger;ASUS Charger Driver;C:\Windows\System32\Drivers\AiCharger.sys [2012-9-19 17152] R3 AthBTPort;Qualcomm Atheros Virtual Bluetooth Class;C:\Windows\System32\Drivers\btath_flt.sys [2013-7-18 89320] R3 ATP;ASUS Input Device;C:\Windows\System32\Drivers\AsusTP.sys [2013-2-7 65784] R3 bmusbser;Network Connect USB Device for Legacy Serial Communication;C:\Windows\System32\Drivers\bmusbser.sys [2013-8-27 119552] R3 BTATH_BUS;Qualcomm Atheros Bluetooth Bus;C:\Windows\System32\Drivers\btath_bus.sys [2013-7-18 33944] R3 BTATH_HCRP;Bluetooth HCRP Server driver;C:\Windows\System32\Drivers\btath_hcrp.sys [2013-7-18 179432] R3 BTATH_LWFLT;Bluetooth LWFLT Device;C:\Windows\System32\Drivers\btath_lwflt.sys [2013-7-18 77464] R3 BtFilter;BtFilter;C:\Windows\System32\Drivers\btfilter.sys [2013-7-18 578792] R3 BthLEEnum;Bluetooth Low Energy Driver;C:\Windows\System32\Drivers\BthLEEnum.sys [2012-7-26 202752] R3 HIDSwitch;ASUS Wireless Radio Control;C:\Windows\System32\Drivers\AsHIDSwitch64.sys [2013-5-7 21152] R3 ICCS;Intel® Integrated Clock Controller Service - Intel® ICCS;C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe [2013-7-18 169752] R3 IntcDAud;Intel® Display Audio;C:\Windows\System32\Drivers\IntcDAud.sys [2013-5-7 342528] R3 MBAMProtector;MBAMProtector;C:\Windows\System32\Drivers\mbam.sys [2013-9-4 25928] R3 RSBASTOR;Realtek PCIE CardReader Driver - BA;C:\Windows\System32\Drivers\RtsBaStor.sys [2013-7-18 298640] R3 RTL8168;Realtek 8168 NT Driver;C:\Windows\System32\Drivers\Rt630x64.sys [2013-7-18 723088] S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-13 206072] S3 npggsvc;nProtect GameGuard Service;C:\Windows\System32\GameMon.des -service --> C:\Windows\System32\GameMon.des -service [?] S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\System32\Drivers\wdcsam64.sys [2008-5-6 14464] . =============== Created Last 30 ================ . 2013-09-04 19:00:00 9515512 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{45D53B59-B304-402B-AEBE-066F75121579}\mpengine.dll 2013-09-04 11:24:17 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys 2013-09-04 09:41:06 -------- d-----w- C:\AdwCleaner 2013-09-04 09:33:42 -------- d-----w- C:\Windows\ERUNT 2013-09-04 05:47:57 -------- d-sh--w- C:\Users\Neoh\AppData\Roaming\3a583 2013-09-04 05:42:14 270512 ----a-w- C:\ProgramData\Microsoft\Windows\Sqm\Manifest\Sqm10215.bin 2013-09-03 14:44:38 -------- d-----r- C:\Users\Neoh\Dropbox 2013-09-03 14:41:21 -------- d-----w- C:\Users\Neoh\AppData\Roaming\Dropbox 2013-09-03 10:00:08 -------- d-sh--w- C:\$RECYCLE.BIN 2013-09-02 11:43:17 -------- d-----w- C:\ProgramData\Malwarebytes' Anti-Malware (portable) 2013-09-02 08:46:59 -------- d-----w- C:\FRST 2013-09-02 04:06:14 278800 ------w- C:\Windows\System32\MpSigStub.exe 2013-09-01 05:48:35 98816 ----a-w- C:\Windows\sed.exe 2013-09-01 05:48:35 256000 ----a-w- C:\Windows\PEV.exe 2013-09-01 05:48:35 208896 ----a-w- C:\Windows\MBR.exe 2013-08-31 16:33:01 -------- d-----w- C:\Users\Neoh\AppData\Roaming\Malwarebytes 2013-08-31 16:32:32 -------- d-----w- C:\ProgramData\Malwarebytes 2013-08-31 16:32:29 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware 2013-08-31 15:24:28 -------- d-----w- C:\ProgramData\IObit 2013-08-31 15:24:04 -------- d-----w- C:\Users\Neoh\AppData\Roaming\IObit 2013-08-31 15:23:34 -------- d-----w- C:\Program Files (x86)\IObit 2013-08-31 10:19:36 -------- d-----w- C:\Users\Neoh\AppData\Local\ElevatedDiagnostics 2013-08-31 09:42:09 -------- d-----w- C:\Program Files\CSL 3.5G Connect 2013-08-31 08:53:34 -------- d-----w- C:\Users\Neoh\AppData\Local\Diagnostics 2013-08-30 17:07:28 -------- d-sh--w- C:\3bfda 2013-08-30 15:11:59 -------- d-----w- C:\Users\Neoh\AppData\Roaming\NVIDIA 2013-08-28 01:57:51 -------- d-----w- C:\Program Files (x86)\NCH Software 2013-08-28 01:57:24 -------- d-----w- C:\Users\Neoh\AppData\Roaming\NCH Software 2013-08-27 16:27:25 -------- d-----w- C:\Users\Neoh\Google Drive 2013-08-27 13:56:11 -------- d-----w- C:\Program Files (x86)\Microsoft Analysis Services 2013-08-27 13:56:01 -------- d-----w- C:\Users\Neoh\AppData\Local\Microsoft Help 2013-08-27 13:35:51 -------- d-----w- C:\Users\Neoh\AppData\Local\CrashDumps 2013-08-27 13:32:24 5102040 ----a-w- C:\Windows\SysWow64\GameMon.des 2013-08-27 13:32:14 4774 ----a-w- C:\Windows\SysWow64\npptNT2.sys 2013-08-27 13:32:13 5174 ----a-w- C:\Windows\SysWow64\nppt9x.vxd 2013-08-27 13:32:11 -------- d-----w- C:\Program Files\Common Files\INCA Shared 2013-08-27 13:31:06 -------- d-----w- C:\Program Files (x86)\Combined Community Codec Pack 2013-08-27 13:30:36 -------- d-----w- C:\Users\Neoh\AppData\Local\Programs 2013-08-27 13:20:35 -------- d-----w- C:\Users\Neoh\AppData\Local\Adobe 2013-08-27 13:19:43 119552 ----a-w- C:\Windows\System32\drivers\bmusbser.sys 2013-08-27 13:19:41 103424 ----a-w- C:\Windows\SysWow64\MyDIT_GenClassCoInst.dll 2013-08-27 13:19:40 -------- d-----w- C:\Program Files (x86)\CSL 3.5G Connect 2013-08-27 12:33:37 -------- d-----w- C:\Users\Neoh\AppData\Local\Cyberlink 2013-08-27 12:27:28 -------- d-----w- C:\Program Files (x86)\PANDORA.TV 2013-08-27 12:27:13 -------- d-----w- C:\Program Files (x86)\The KMPlayer 2013-08-27 10:25:37 -------- d-----w- C:\Program Files (x86)\Yahoo! 2013-08-27 10:21:36 -------- d-----w- C:\Users\Neoh\AppData\Local\Google 2013-08-27 10:16:46 50784 ----a-w- C:\ProgramData\Microsoft\windowsfiltering\Sqm\Manifest\Sqm3.bin 2013-08-27 10:16:41 17536 ----a-w- C:\ProgramData\Microsoft\windowssampling\Sqm\Manifest\Sqm3.bin 2013-08-27 10:16:35 -------- d-----w- C:\Users\Neoh\AppData\Local\BMExplorer 2013-08-27 10:16:29 -------- d-----w- C:\Users\Neoh\AppData\Roaming\ASUS WebStorage 2013-08-27 10:16:28 -------- d-----w- C:\Users\Neoh\AppData\Roaming\Atheros 2013-08-27 10:16:01 -------- d-----w- C:\Users\Neoh\Searches 2013-08-27 10:16:01 -------- d-----w- C:\Users\Neoh\Contacts 2013-08-27 10:14:49 74 ----a-w- C:\Users\Neoh\AppData\Roaming\sp_data.sys . ==================== Find3M ==================== . 2013-07-18 05:47:26 499712 ----a-w- C:\Windows\SysWow64\msvcp71.dll 2013-07-18 05:47:26 348160 ----a-w- C:\Windows\SysWow64\msvcr71.dll 2013-07-18 05:47:26 29480 ----a-w- C:\Windows\SysWow64\msxml3a.dll . ============= FINISH: 8:45:05.50 =============== attach.txt
  15. Matthew22
    Malwarebytes Anti-Malware (Trial) 1.75.0.1300 www.malwarebytes.org Database version: v2013.09.04.04 Windows 8 x64 NTFS Internet Explorer 10.0.9200.16519 Neoh :: USER [administrator] Protection: Disabled 4/9/2013 7:30:14 PM mbam-log-2013-09-04 (19-30-14).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 245461 Time elapsed: 3 minute(s), 1 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end Results of screen317's Security Check version 0.99.73 x64 (UAC is enabled) Internet Explorer 10 ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Enabled! Windows Defender WMI entry may not exist for antivirus; attempting automatic update. `````````Anti-malware/Other Utilities Check:````````` Malwarebytes Anti-Malware version 1.75.0.1300 Adobe Flash Player 11.8.800.94 Adobe Reader XI Mozilla Firefox 20.0.1 Firefox out of Date! Google Chrome 29.0.1547.57 Google Chrome 29.0.1547.62 ````````Process Check: objlist.exe by Laurent```````` Windows Defender MSMpEng.exe Windows Defender MsMpEng.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: % ````````````````````End of Log``````````````````````
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.