jeje9010

i got this and I tried again and i got it again , too. should I keep in trying the steps again for adding the txt. file to combo??

Malwarebytes Anti-Malware (PRO) 1.75.0.1300 www.malwarebytes.org Database version: v2013.09.17.02 Windows 8 x64 NTFS Internet Explorer 10.0.9200.16688 asus :: ASUS1 [administrator] Protection: Disabled 9/19/2013 7:59:04 PM mbam-log-2013-09-19 (19-59-04).txt Scan type: Full scan (C:\|D:\|E:\|) Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 461384 Time elapsed: 1 hour(s), 4 minute(s), 8 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\FilesFrog Update Checker (PUP.Optional.Somoto.A) -> Quarantined and deleted successfully. Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 15 C:\Users\asus\AppData\Local\FilesFrog Update Checker\uninstall.exe (PUP.Optional.Somoto.A) -> Quarantined and deleted successfully. C:\Users\asus\AppData\Local\Google\Chrome\User Data\Default\Cache\f_004e14 (PUP.Optional.OpenCandy) -> Quarantined and deleted successfully. C:\Users\asus\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3441HU74\search_defender_166[1].exe (PUP.Optional.SProtect.A) -> Quarantined and deleted successfully. C:\Users\asus\AppData\Local\temp\a2zLyrics_1060-8102_v122.exe (PUP.Optional.Adtool) -> Quarantined and deleted successfully. C:\Users\asus\AppData\Local\temp\appshat-distribution.exe (PUP.Optional.Somoto.A) -> Quarantined and deleted successfully. C:\Users\asus\AppData\Local\temp\biclient.exe (PUP.Optional.Somoto.A) -> Quarantined and deleted successfully. C:\Users\asus\AppData\Local\temp\BI_RunOnce.exe (PUP.Optional.Somoto.A) -> Quarantined and deleted successfully. C:\Users\asus\AppData\Local\temp\minibar-master.exe (PUP.Optional.MiniBar.A) -> Quarantined and deleted successfully. C:\Users\asus\AppData\Local\temp\Tsu7C9A37A3.dll (PUP.Optional.Tarma.A) -> Quarantined and deleted successfully. C:\Users\asus\AppData\Local\temp\UpdateCheckerSetup.exe (PUP.Optional.Somoto.A) -> Quarantined and deleted successfully. C:\Users\asus\AppData\Local\temp\{B5B3ED58-0B59-4024-A2CF-437B6E50CFAE}\Setup.exe (PUP.Optional.Tarma.A) -> Quarantined and deleted successfully. C:\Users\asus\AppData\Local\temp\{B5B3ED58-0B59-4024-A2CF-437B6E50CFAE}\Addons\assistant_v3.exe (PUP.Optional.SProtect.A) -> Quarantined and deleted successfully. C:\Users\asus\Downloads\7ZipSetup.exe (PUP.Optional.Somoto) -> Quarantined and deleted successfully. C:\Users\asus\Downloads\Mazika2daY.CoM.Microsoft Toolkit v2.4.2 Final.rar.exe (PUP.Optional.Installrex) -> Quarantined and deleted successfully. C:\Windows\AutoKMS.exe (Riskware.Keygen) -> Quarantined and deleted successfully. (end)

yea sure iam with you but sometimes i get busy with my college's work - i will do what you asked me to do now

but windows defender is off. yes it is there in my laptop. but, it is off and not monitering my laptop

OMG after I finished combo I thought my laptop was going to die cuz the screen turned blue was nothing on it. then i restarted the laptop and now it is ok here the log >>>>>> ComboFix 13-09-17.01 - asus 09/17/2013 20:33:29.3.4 - x64 Microsoft Windows 8 6.2.9200.0.1252.1.1033.18.6034.4414 [GMT 3:00] Running from: c:\users\asus\Desktop\ComboFix.exe AV: Kaspersky Internet Security *Disabled/Updated* {C3113FBF-4BCB-4461-D78D-6EDFEC9593E5} AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} FW: Kaspersky Internet Security *Disabled* {FB2ABE9A-01A4-4539-FCD2-C7EA1246D49E} SP: Kaspersky Internet Security *Disabled/Updated* {7870DE5B-6DF1-4BEF-ED3D-55AD9712D958} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\users\asus\AppData\Local\Google\Chrome\User Data\Default\Preferences . ---- Previous Run ------- . c:\program files (x86)\Conduit c:\program files (x86)\Conduit\Community Alerts\Alert.dll c:\program files (x86)\Maxthon c:\program files (x86)\Maxthon\Addons\Avatarext\MxAvatarExt.dll c:\program files (x86)\Maxthon\Addons\CloudsSvc\MxCloudsSvc.dat c:\program files (x86)\Maxthon\Addons\CloudsSvc\MxCloudsSvc.dll c:\program files (x86)\Maxthon\Addons\ExtTools\MxExtTools.dat c:\program files (x86)\Maxthon\Addons\ExtTools\MxExtTools.dll c:\program files (x86)\Maxthon\Addons\Misc\MxAddonMisc.dat c:\program files (x86)\Maxthon\Addons\Misc\MxAddonMisc.dll c:\program files (x86)\Maxthon\Addons\Mobile\android\Adb.exe c:\program files (x86)\Maxthon\Addons\Mobile\android\AdbWinApi.dll c:\program files (x86)\Maxthon\Addons\Mobile\android\AdbWinUsbApi.dll c:\program files (x86)\Maxthon\Addons\Mobile\MxMobile.dat c:\program files (x86)\Maxthon\Addons\Mobile\MxMobile.dll c:\program files (x86)\Maxthon\Addons\MsgPush\MxMsgPush.dll c:\program files (x86)\Maxthon\Addons\TabsSync\MxTabsSync.dll c:\program files (x86)\Maxthon\Addons\Ueip\MxUeip.dll c:\program files (x86)\Maxthon\Bin\default.dat c:\program files (x86)\Maxthon\Bin\Maxthon.dll c:\program files (x86)\Maxthon\Bin\Maxthon.exe c:\program files (x86)\Maxthon\Bin\Maxzlib.dll c:\program files (x86)\Maxthon\Bin\Microsoft.VC90.CRT\Microsoft.VC90.CRT.manifest c:\program files (x86)\Maxthon\Bin\Microsoft.VC90.CRT\msvcm90.dll c:\program files (x86)\Maxthon\Bin\Microsoft.VC90.CRT\msvcp90.dll c:\program files (x86)\Maxthon\Bin\Microsoft.VC90.CRT\msvcr90.dll c:\program files (x86)\Maxthon\Bin\Mx3UnInstall.exe c:\program files (x86)\Maxthon\Bin\MxAccountSvc.dll c:\program files (x86)\Maxthon\Bin\MxAddonsMgr.dll c:\program files (x86)\Maxthon\Bin\MxApp.dll c:\program files (x86)\Maxthon\Bin\MxAppFrame.dll c:\program files (x86)\Maxthon\Bin\MxAppLoader.exe c:\program files (x86)\Maxthon\Bin\MxCore.dll c:\program files (x86)\Maxthon\Bin\MxCoreMan.dll c:\program files (x86)\Maxthon\Bin\MxCrashCatch.dll c:\program files (x86)\Maxthon\Bin\MxCrashReport.exe c:\program files (x86)\Maxthon\Bin\MxDb.dll c:\program files (x86)\Maxthon\Bin\MxDownloader.dll c:\program files (x86)\Maxthon\Bin\MxEncode.dll c:\program files (x86)\Maxthon\Bin\MxFilePackage.dll c:\program files (x86)\Maxthon\Bin\MxFileSync.dll c:\program files (x86)\Maxthon\Bin\MxHttpRq.dll c:\program files (x86)\Maxthon\Bin\MxIPC.dll c:\program files (x86)\Maxthon\Bin\MxMsg.dll c:\program files (x86)\Maxthon\Bin\MxResMgr.dll c:\program files (x86)\Maxthon\Bin\MxRsc.dll c:\program files (x86)\Maxthon\Bin\MxSvTrace.dll c:\program files (x86)\Maxthon\Bin\MxTool.dll c:\program files (x86)\Maxthon\Bin\MxUI.dll c:\program files (x86)\Maxthon\Bin\MxUp.exe c:\program files (x86)\Maxthon\Bin\mxver.db c:\program files (x86)\Maxthon\Bin\MxWKView.dll c:\program files (x86)\Maxthon\Bin\MxXDR.dll c:\program files (x86)\Maxthon\Bin\page.dat c:\program files (x86)\Maxthon\Bin\ui.dat c:\program files (x86)\Maxthon\Core\Trident\MxTrident.dll c:\program files (x86)\Maxthon\Core\Webkit\avcodec-54.dll c:\program files (x86)\Maxthon\Core\Webkit\avformat-54.dll c:\program files (x86)\Maxthon\Core\Webkit\avutil-51.dll c:\program files (x86)\Maxthon\Core\Webkit\D3DCompiler_43.dll c:\program files (x86)\Maxthon\Core\Webkit\d3dx9_43.dll c:\program files (x86)\Maxthon\Core\Webkit\libEGL.dll c:\program files (x86)\Maxthon\Core\Webkit\libGLESv2.dll c:\program files (x86)\Maxthon\Core\Webkit\MxHwDec.dll c:\program files (x86)\Maxthon\Core\Webkit\MxNPPluginsFile.xml c:\program files (x86)\Maxthon\Core\Webkit\MxWebkit.dll c:\program files (x86)\Maxthon\Core\Webkit\Npplugins\np-mswmp.dll c:\program files (x86)\Maxthon\Core\Webkit\Npplugins\npaliedit.dll c:\program files (x86)\Maxthon\Core\Webkit\Npplugins\NPCMBEdit.dll c:\program files (x86)\Maxthon\Core\Webkit\Npplugins\NPSWF32.dll c:\program files (x86)\Maxthon\Language\ar-bh.ini c:\program files (x86)\Maxthon\Language\ar-sa.ini c:\program files (x86)\Maxthon\Language\ar-ye.ini c:\program files (x86)\Maxthon\Language\be-by.ini c:\program files (x86)\Maxthon\Language\bg-bg.ini c:\program files (x86)\Maxthon\Language\bn-in.ini c:\program files (x86)\Maxthon\Language\ca-es.ini c:\program files (x86)\Maxthon\Language\cs-cz.ini c:\program files (x86)\Maxthon\Language\de-de.ini c:\program files (x86)\Maxthon\Language\el-gr.ini c:\program files (x86)\Maxthon\Language\en.ini c:\program files (x86)\Maxthon\Language\es-ar.ini c:\program files (x86)\Maxthon\Language\es-es.ini c:\program files (x86)\Maxthon\Language\es-mx.ini c:\program files (x86)\Maxthon\Language\et-ee.ini c:\program files (x86)\Maxthon\Language\fa-ir.ini c:\program files (x86)\Maxthon\Language\fi-fi.ini c:\program files (x86)\Maxthon\Language\fr-fr.ini c:\program files (x86)\Maxthon\Language\he-il.ini c:\program files (x86)\Maxthon\Language\hi-in.ini c:\program files (x86)\Maxthon\Language\hu-hu.ini c:\program files (x86)\Maxthon\Language\id-id.ini c:\program files (x86)\Maxthon\Language\it-it.ini c:\program files (x86)\Maxthon\Language\ja-jp.ini c:\program files (x86)\Maxthon\Language\ka-ge.ini c:\program files (x86)\Maxthon\Language\ko-kr.ini c:\program files (x86)\Maxthon\Language\license_en.txt c:\program files (x86)\Maxthon\Language\license_zh-cn.txt c:\program files (x86)\Maxthon\Language\ml-in.ini c:\program files (x86)\Maxthon\Language\mn-cyrl-mn.ini c:\program files (x86)\Maxthon\Language\nb-no.ini c:\program files (x86)\Maxthon\Language\nl-nl.ini c:\program files (x86)\Maxthon\Language\pl-pl.ini c:\program files (x86)\Maxthon\Language\pt-br.ini c:\program files (x86)\Maxthon\Language\pt-pt.ini c:\program files (x86)\Maxthon\Language\ro-ro.ini c:\program files (x86)\Maxthon\Language\ru-ru.ini c:\program files (x86)\Maxthon\Language\sk-sk.ini c:\program files (x86)\Maxthon\Language\sr-cyrl-cs.ini c:\program files (x86)\Maxthon\Language\sv-se.ini c:\program files (x86)\Maxthon\Language\ta-in.ini c:\program files (x86)\Maxthon\Language\th-th.ini c:\program files (x86)\Maxthon\Language\tr-tr.ini c:\program files (x86)\Maxthon\Language\uk-ua.ini c:\program files (x86)\Maxthon\Language\vi-vn.ini c:\program files (x86)\Maxthon\Language\zh-cn.ini c:\program files (x86)\Maxthon\Language\zh-tw.ini c:\program files (x86)\Maxthon\Modules\MxCaptureScreen3\MxCaptureScreen3.dll c:\program files (x86)\Maxthon\Modules\MxCmpUrl\MxCmpUrl.dll c:\program files (x86)\Maxthon\Modules\MxDock\language\ar-bh.ini c:\program files (x86)\Maxthon\Modules\MxDock\language\ar-sa.ini c:\program files (x86)\Maxthon\Modules\MxDock\language\ar-ye.ini c:\program files (x86)\Maxthon\Modules\MxDock\language\be-by.ini c:\program files (x86)\Maxthon\Modules\MxDock\language\bg-bg.ini c:\program files (x86)\Maxthon\Modules\MxDock\language\bn-in.ini c:\program files (x86)\Maxthon\Modules\MxDock\language\ca-es.ini c:\program files (x86)\Maxthon\Modules\MxDock\language\cs-cz.ini c:\program files (x86)\Maxthon\Modules\MxDock\language\de-de.ini c:\program files (x86)\Maxthon\Modules\MxDock\language\el-gr.ini c:\program files (x86)\Maxthon\Modules\MxDock\language\en.ini c:\program files (x86)\Maxthon\Modules\MxDock\language\es-ar.ini c:\program files (x86)\Maxthon\Modules\MxDock\language\es-es.ini c:\program files (x86)\Maxthon\Modules\MxDock\language\es-mx.ini c:\program files (x86)\Maxthon\Modules\MxDock\language\et-ee.ini c:\program files (x86)\Maxthon\Modules\MxDock\language\fa-ir.ini c:\program files (x86)\Maxthon\Modules\MxDock\language\fi-fi.ini c:\program files (x86)\Maxthon\Modules\MxDock\language\fr-fr.ini c:\program files (x86)\Maxthon\Modules\MxDock\language\he-il.ini c:\program files (x86)\Maxthon\Modules\MxDock\language\hi-in.ini c:\program files (x86)\Maxthon\Modules\MxDock\language\hu-hu.ini c:\program files (x86)\Maxthon\Modules\MxDock\language\id-id.ini c:\program files (x86)\Maxthon\Modules\MxDock\language\it-it.ini c:\program files (x86)\Maxthon\Modules\MxDock\language\ja-jp.ini c:\program files (x86)\Maxthon\Modules\MxDock\language\ka-ge.ini c:\program files (x86)\Maxthon\Modules\MxDock\language\ko-kr.ini c:\program files (x86)\Maxthon\Modules\MxDock\language\ml-in.ini c:\program files (x86)\Maxthon\Modules\MxDock\language\mn-cyrl-mn.ini c:\program files (x86)\Maxthon\Modules\MxDock\language\nb-no.ini c:\program files (x86)\Maxthon\Modules\MxDock\language\nl-nl.ini c:\program files (x86)\Maxthon\Modules\MxDock\language\pl-pl.ini c:\program files (x86)\Maxthon\Modules\MxDock\language\pt-br.ini c:\program files (x86)\Maxthon\Modules\MxDock\language\pt-pt.ini c:\program files (x86)\Maxthon\Modules\MxDock\language\ro-ro.ini c:\program files (x86)\Maxthon\Modules\MxDock\language\ru-ru.ini c:\program files (x86)\Maxthon\Modules\MxDock\language\sk-sk.ini c:\program files (x86)\Maxthon\Modules\MxDock\language\sr-cyrl-cs.ini c:\program files (x86)\Maxthon\Modules\MxDock\language\sv-se.ini c:\program files (x86)\Maxthon\Modules\MxDock\language\ta-in.ini c:\program files (x86)\Maxthon\Modules\MxDock\language\th-th.ini c:\program files (x86)\Maxthon\Modules\MxDock\language\tr-tr.ini c:\program files (x86)\Maxthon\Modules\MxDock\language\uk-ua.ini c:\program files (x86)\Maxthon\Modules\MxDock\language\vi-vn.ini c:\program files (x86)\Maxthon\Modules\MxDock\language\zh-cn.ini c:\program files (x86)\Maxthon\Modules\MxDock\language\zh-tw.ini c:\program files (x86)\Maxthon\Modules\MxDock\MxDock.exe c:\program files (x86)\Maxthon\Modules\MxDock\res_en.dll c:\program files (x86)\Maxthon\Modules\MxDock\res_zh-cn.dll c:\program files (x86)\Maxthon\Modules\MxDock\Sound.WAV c:\program files (x86)\Maxthon\Modules\MxFavDb\MxFav.dll c:\program files (x86)\Maxthon\Modules\MxFavDb\MxFavDb.dll c:\program files (x86)\Maxthon\Modules\MxHistory\MxHistory.dll c:\program files (x86)\Maxthon\Modules\MxMultiSearch\MxMultiSearch.dll c:\program files (x86)\Maxthon\Modules\MxMute\MxMute.dll c:\program files (x86)\Maxthon\Modules\MxPicLib\MxPicLib.dll c:\program files (x86)\Maxthon\Modules\MxPrint\MxPrint.dll c:\program files (x86)\Maxthon\Modules\MxQRGen\MxQRGen.dll c:\program files (x86)\Maxthon\Modules\MxSandBox\MxSec.dll c:\program files (x86)\Maxthon\Modules\MxSiteIcon\MxSiteIcon.dll c:\program files (x86)\Maxthon\Modules\MxSmartUrl\MxSmartUrl.dll c:\program files (x86)\Maxthon\Modules\MxStorage\MxStorage.dll c:\program files (x86)\Maxthon\Modules\MxSvInfo\MxSvInfo.dll c:\program files (x86)\Maxthon\Modules\MxSync\MxSync.dll c:\program files (x86)\Maxthon\Modules\MxUrlSec\MxUrlSec.dll c:\program files (x86)\Nation Toolbar c:\program files (x86)\Nation Toolbar\Chrome.zip c:\program files (x86)\Nation Toolbar\chrome_search.exe c:\program files (x86)\Nation Toolbar\inst.txt c:\program files (x86)\Nation Toolbar\sheller.exe c:\program files (x86)\Nation Toolbar\tab.zip c:\program files (x86)\Nation Toolbar\tabinst.txt c:\program files (x86)\Nation Toolbar\tbcore3.dll c:\program files (x86)\Nation Toolbar\tbid.txt c:\program files (x86)\Nation Toolbar\tbunsr278F.tmp\tbcore3.dll . . ((((((((((((((((((((((((( Files Created from 2013-08-17 to 2013-09-17 ))))))))))))))))))))))))))))))) . . 2013-09-17 17:41 . 2013-09-17 17:41 -------- d-----w- c:\users\Default\AppData\Local\temp 2013-09-17 17:41 . 2013-09-17 17:41 -------- d-----w- c:\users\asus\AppData\Local\temp 2013-09-17 03:48 . 2013-09-17 07:46 -------- d-----w- c:\users\asus\AppData\Roaming\BITS 2013-09-17 03:48 . 2013-09-17 03:48 -------- d-----w- c:\users\asus\AppData\Roaming\FlashgetSetup 2013-09-17 03:48 . 2013-09-17 03:48 -------- d-----w- c:\program files (x86)\FlashGet Network 2013-09-15 14:53 . 2013-09-15 14:57 -------- d-----w- c:\users\asus\AppData\Roaming\TP 2013-09-13 18:13 . 2013-09-13 18:13 -------- d-----w- c:\programdata\Baidu 2013-09-13 18:12 . 2013-09-13 18:12 -------- d-----w- c:\windows\ServiceProfiles\LocalService\winhttp 2013-09-11 03:28 . 2013-08-21 04:11 19246592 ----a-w- c:\windows\system32\mshtml.dll 2013-09-11 03:27 . 2013-07-09 08:04 120144 ----a-w- c:\windows\system32\drivers\msgpioclx.sys 2013-09-10 07:18 . 2013-09-10 07:18 -------- d-----w- c:\users\asus\AppData\Roaming\ImTOO 2013-09-10 07:18 . 2013-09-10 07:18 -------- d-----w- c:\program files (x86)\ImTOO 2013-09-10 06:43 . 2013-09-10 06:43 -------- d-----w- c:\users\asus\AppData\Roaming\AVCutty 2013-09-10 06:35 . 2013-09-10 06:35 -------- d-----w- c:\program files (x86)\Davis Software 2013-09-10 06:32 . 2013-09-10 06:32 -------- d-----w- c:\users\asus\AppData\Local\Spoon 2013-09-10 06:14 . 2013-09-10 06:14 36864 ----a-w- c:\windows\unslive.exe 2013-09-10 06:13 . 2013-09-10 06:13 -------- d-----w- C:\tape-indices 2013-09-10 05:47 . 2013-09-10 05:47 -------- d-----w- c:\users\asus\AppData\Roaming\Xilisoft 2013-09-10 05:47 . 2013-09-10 05:47 -------- d-----w- c:\program files (x86)\Xilisoft 2013-09-10 05:18 . 2013-09-10 05:18 -------- d-----w- c:\program files (x86)\Wondershare 2013-09-10 04:42 . 2013-07-30 14:16 941992 ----a-w- c:\windows\SysWow64\WPShellExt64.dll 2013-09-10 04:42 . 2013-09-10 04:42 -------- d-----w- c:\programdata\Wondershare Player 2013-09-10 04:41 . 2013-09-10 04:41 -------- d-----w- c:\users\asus\AppData\Local\Wondershare 2013-09-10 04:41 . 2013-09-10 04:41 -------- d-----w- c:\program files (x86)\Common Files\Wondershare 2013-09-08 11:15 . 2013-09-17 17:25 -------- d-----w- c:\users\asus\AppData\Local\Pokki 2013-09-08 11:13 . 2013-09-08 11:13 -------- d-----w- c:\users\asus\AppData\Roaming\baidu 2013-09-08 11:12 . 2013-09-08 11:12 -------- d-----w- c:\programdata\Babylon 2013-09-08 11:03 . 2013-09-08 11:03 -------- d-----w- c:\program files (x86)\Baidu Security 2013-09-06 19:44 . 2013-09-06 19:45 -------- d-----w- c:\users\asus\AppData\Local\Facebook 2013-09-06 03:02 . 2013-09-06 03:04 -------- d-----w- c:\users\Guest 2013-09-05 13:25 . 2013-09-17 14:22 -------- d-----w- c:\users\asus\AppData\Local\CrashDumps 2013-09-05 02:01 . 2013-09-05 02:01 -------- d-----w- c:\users\asus\AppData\Roaming\TamoSoft 2013-09-05 02:01 . 2013-09-05 02:01 -------- d-----w- c:\programdata\TamoSoft 2013-09-05 02:01 . 2013-09-05 02:01 -------- d-----w- c:\program files (x86)\SmartWhois 2013-09-05 01:21 . 2013-09-05 01:24 -------- d-----w- c:\program files\CCleaner 2013-09-05 00:49 . 2013-09-05 01:27 -------- d-----w- c:\programdata\AntiSpyInfo 2013-09-05 00:28 . 2013-09-05 00:33 -------- d-----w- c:\programdata\Spybot - Search & Destroy 2013-09-04 16:08 . 2013-09-04 16:08 -------- d-----w- c:\users\asus\AppData\Roaming\Malwarebytes 2013-09-04 16:08 . 2013-09-04 16:08 -------- d-----w- c:\programdata\Malwarebytes 2013-09-04 16:08 . 2013-09-04 16:08 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware 2013-09-04 16:08 . 2013-04-04 11:50 25928 ----a-w- c:\windows\system32\drivers\mbam.sys 2013-09-04 15:59 . 2013-09-04 15:59 270512 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10215.bin 2013-09-04 02:45 . 2013-09-04 02:45 -------- d-----w- c:\windows\SysWow64\drivers\UMDF\es-ES 2013-09-04 02:45 . 2013-09-04 02:45 -------- d-----w- c:\windows\SysWow64\0C0A 2013-09-04 02:44 . 2013-09-04 02:44 -------- d-----w- c:\windows\system32\0C0A 2013-08-31 03:07 . 2013-08-31 03:07 -------- d-----w- c:\users\asus\AppData\Local\TechSmith 2013-08-30 05:08 . 2013-08-30 05:08 -------- d-----w- c:\users\asus\AppData\Roaming\TechSmith 2013-08-30 05:04 . 2013-08-30 05:04 -------- d-----w- c:\programdata\regid.1995-08.com.techsmith 2013-08-30 05:04 . 2013-08-30 05:04 -------- d-----w- c:\program files (x86)\QuickTime 2013-08-30 05:04 . 2013-08-30 05:04 -------- d-----w- c:\program files (x86)\Common Files\TechSmith Shared 2013-08-30 05:03 . 2013-08-30 05:03 -------- d-----w- c:\programdata\TechSmith 2013-08-30 05:03 . 2013-08-30 05:03 -------- d-----w- c:\program files (x86)\TechSmith 2013-08-30 04:31 . 2013-08-30 04:31 -------- d-----w- c:\users\asus\AppData\Local\Programs 2013-08-30 04:10 . 2013-09-15 14:59 -------- d-----w- c:\users\asus\AppData\Roaming\uTorrent 2013-08-26 05:35 . 2013-08-26 05:35 -------- d-----w- c:\users\asus\AppData\Local\Deployment 2013-08-26 05:35 . 2013-08-26 05:35 -------- d-----w- c:\users\asus\AppData\Local\Apps 2013-08-24 01:28 . 2013-08-24 01:48 -------- d-----w- c:\users\asus\AppData\Roaming\SecondLife 2013-08-24 01:28 . 2013-08-24 01:50 -------- d-----w- c:\users\asus\AppData\Local\SecondLife 2013-08-24 01:13 . 2013-08-24 01:13 -------- d-----w- C:\Makena 2013-08-24 01:13 . 2008-10-15 03:22 4379984 ----a-w- c:\windows\SysWow64\D3DX9_40.dll 2013-08-22 23:14 . 2013-08-22 23:14 -------- d-----w- c:\users\asus\AppData\Local\Macromedia 2013-08-22 23:11 . 2013-08-23 00:54 -------- d-----w- c:\users\asus\AppData\Roaming\IMVU 2013-08-22 12:37 . 2013-09-04 02:42 -------- d-----w- C:\sources 2013-08-21 05:51 . 2013-08-21 05:51 -------- d-----w- c:\users\asus\AppData\Roaming\Maxthon3 . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-09-17 07:47 . 2013-08-12 19:18 422 ----a-w- c:\users\asus\AppData\Roaming\sp_data.sys 2013-09-12 09:17 . 2013-08-15 03:44 79143768 ----a-w- c:\windows\system32\MRT.exe 2013-09-05 20:09 . 2012-07-26 08:14 78296 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2013-09-05 20:09 . 2012-07-26 08:14 694232 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2013-08-14 01:22 . 2012-07-26 08:13 22240 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll 2013-08-13 14:43 . 2013-08-13 14:43 50784 ----a-w- c:\programdata\Microsoft\windowsfiltering\Sqm\Manifest\Sqm3.bin 2013-08-13 14:43 . 2013-08-13 14:43 17536 ----a-w- c:\programdata\Microsoft\windowssampling\Sqm\Manifest\Sqm3.bin 2013-08-12 19:26 . 2013-08-12 19:26 312232 ----a-w- c:\windows\system32\javaws.exe 2013-08-12 19:26 . 2013-08-12 19:26 189352 ----a-w- c:\windows\system32\javaw.exe 2013-08-12 19:26 . 2013-08-12 19:26 108968 ----a-w- c:\windows\system32\WindowsAccessBridge-64.dll 2013-08-12 19:26 . 2013-08-12 19:26 972712 ----a-w- c:\windows\system32\deployJava1.dll 2013-08-12 19:26 . 2013-08-12 19:26 1093032 ----a-w- c:\windows\system32\npDeployJava1.dll 2013-08-12 19:26 . 2013-08-12 19:26 188840 ----a-w- c:\windows\system32\java.exe 2013-08-12 19:26 . 2013-08-12 19:26 867240 ----a-w- c:\windows\SysWow64\npDeployJava1.dll 2013-08-12 19:26 . 2013-08-12 19:26 789416 ----a-w- c:\windows\SysWow64\deployJava1.dll 2013-08-12 19:26 . 2013-08-12 19:26 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll 2013-07-13 06:18 . 2013-08-14 01:25 337408 ----a-w- c:\windows\system32\wintrust.dll 2013-07-13 06:16 . 2013-08-14 01:25 68096 ----a-w- c:\windows\system32\cryptsvc.dll 2013-07-13 06:16 . 2013-08-14 01:25 1889280 ----a-w- c:\windows\system32\crypt32.dll 2013-07-13 06:15 . 2013-08-14 01:25 124416 ----a-w- c:\windows\system32\apprepapi.dll 2013-07-13 06:15 . 2013-08-14 01:25 98304 ----a-w- c:\windows\system32\apprepsync.dll 2013-07-13 04:24 . 2013-08-14 01:25 261120 ----a-w- c:\windows\SysWow64\wintrust.dll 2013-07-13 04:23 . 2013-08-14 01:25 1568256 ----a-w- c:\windows\SysWow64\crypt32.dll 2013-07-13 04:23 . 2013-08-14 01:25 87040 ----a-w- c:\windows\SysWow64\apprepapi.dll 2013-07-13 04:23 . 2013-08-14 01:25 74240 ----a-w- c:\windows\SysWow64\apprepsync.dll 2013-07-09 06:07 . 2013-08-14 01:27 2233168 ----a-w- c:\windows\system32\drivers\tcpip.sys 2013-07-02 00:44 . 2013-08-14 02:24 36288 ----a-w- c:\windows\system32\drivers\WdBoot.sys 2013-07-01 22:08 . 2013-08-14 02:24 247216 ----a-w- c:\windows\system32\drivers\WdFilter.sys 2013-06-21 01:09 . 2013-06-21 01:09 42184 ----a-w- c:\windows\system32\drivers\taphss6.sys . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}] 2013-09-09 11:06 3122864 ----a-w- c:\program files (x86)\AVG SafeGuard toolbar\15.5.0.2\AVG SafeGuard toolbar_toolbar.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar] "{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files (x86)\AVG SafeGuard toolbar\15.5.0.2\AVG SafeGuard toolbar_toolbar.dll" [2013-09-09 3122864] . [HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}] [HKEY_CLASSES_ROOT\AVG SafeGuard toolbar.PugiObj.1] [HKEY_CLASSES_ROOT\AVG SafeGuard toolbar.PugiObj] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "AVP"="c:\program files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\runner_avp.exe" [2013-05-03 24504] "vProt"="c:\program files (x86)\AVG SafeGuard toolbar\vprot.exe" [2013-09-09 2314416] "Baidu PC Faster 3.7.0.0"="c:\program files (x86)\Baidu Security\PC Faster\3.7.0.0\PCFaster.exe" [2013-08-29 1808368] "Wondershare Helper Compact.exe"="c:\program files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe" [2013-07-25 1985824] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "EnableUIADesktopToggle"= 0 (0x0) "EnableCursorSuppression"= 1 (0x1) "ConsentPromptBehaviorUser"= 3 (0x3) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32] "mixer3"=wdmaud.drv . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean64.exe . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] @="" . [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AutoUpdateDisableNotify"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus] "DisableMonitoring"=dword:00000001 . R0 klelam;klelam;c:\windows\system32\DRIVERS\klelam.sys;c:\windows\SYSNATIVE\DRIVERS\klelam.sys [x] R2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x] R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x] R3 AMPPALP;Intel® Centrino® Wireless Bluetooth® + High Speed Protocol;c:\windows\system32\DRIVERS\amppal.sys;c:\windows\SYSNATIVE\DRIVERS\amppal.sys [x] R3 intaud_WaveExtensible;Intel WiDi Audio Device;c:\windows\system32\drivers\intelaud.sys;c:\windows\SYSNATIVE\drivers\intelaud.sys [x] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x] R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [x] R3 taphss6;Anchorfree HSS VPN Adapter;c:\windows\system32\DRIVERS\taphss6.sys;c:\windows\SYSNATIVE\DRIVERS\taphss6.sys [x] R3 WUDFWpdMtp;WUDFWpdMtp;c:\windows\system32\DRIVERS\WUDFRd.sys;c:\windows\SYSNATIVE\DRIVERS\WUDFRd.sys [x] S0 iaStorA;iaStorA;c:\windows\System32\drivers\iaStorA.sys;c:\windows\SYSNATIVE\drivers\iaStorA.sys [x] S1 ATKWMIACPIIO;ATKWMIACPI Driver;c:\program files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys;c:\program files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [x] S1 BprotectEx;Baidu ProtectEx;c:\windows\System32\drivers\BprotectEx.sys;c:\windows\SYSNATIVE\drivers\BprotectEx.sys [x] S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys;c:\windows\SYSNATIVE\DRIVERS\klim6.sys [x] S1 klwfp;klwfp;c:\windows\system32\DRIVERS\klwfp.sys;c:\windows\SYSNATIVE\DRIVERS\klwfp.sys [x] S1 kneps;kneps;c:\windows\system32\DRIVERS\kneps.sys;c:\windows\SYSNATIVE\DRIVERS\kneps.sys [x] S2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® + High Speed Service;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe [x] S2 ASMMAP64;ASMMAP64;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [x] S2 ASUS InstantOn;ASUS InstantOn Service;c:\program files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe;c:\program files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe [x] S2 Bluetooth Device Monitor;Bluetooth Device Monitor;c:\program files (x86)\Intel\Bluetooth\devmonsrv.exe;c:\program files (x86)\Intel\Bluetooth\devmonsrv.exe [x] S2 Bluetooth OBEX Service;Bluetooth OBEX Service;c:\program files (x86)\Intel\Bluetooth\obexsrv.exe;c:\program files (x86)\Intel\Bluetooth\obexsrv.exe [x] S2 BTHSSecurityMgr;Intel® Centrino® Wireless Bluetooth® + High Speed Security Service;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe [x] S2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x] S2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [x] S2 PanService;PandoraService;c:\program files (x86)\PANDORA.TV\PanService\PandoraService.exe;c:\program files (x86)\PANDORA.TV\PanService\PandoraService.exe [x] S2 PCFasterSvc_{PCFaster_3.7.0.0};Baidu PC Faster Service 3.7.0.0;c:\program files (x86)\Baidu Security\PC Faster\3.7.0.0\PCFasterSvc.exe;c:\program files (x86)\Baidu Security\PC Faster\3.7.0.0\PCFasterSvc.exe [x] S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x] S2 vToolbarUpdater15.5.0;vToolbarUpdater15.5.0;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.5.0\ToolbarUpdater.exe;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.5.0\ToolbarUpdater.exe [x] S2 ZeroConfigService;Intel® PROSet/Wireless Zero Configuration Service;c:\program files\Intel\WiFi\bin\ZeroConfigService.exe;c:\program files\Intel\WiFi\bin\ZeroConfigService.exe [x] S3 AiCharger;ASUS Charger Driver;c:\windows\system32\DRIVERS\AiCharger.sys;c:\windows\SYSNATIVE\DRIVERS\AiCharger.sys [x] S3 AMPPAL;Intel® Centrino® Wireless Bluetooth® + High Speed Virtual Adapter;c:\windows\System32\drivers\AMPPAL.sys;c:\windows\SYSNATIVE\drivers\AMPPAL.sys [x] S3 ATP;ASUS PS/2 Port Input Device;c:\windows\System32\drivers\AsusTP.sys;c:\windows\SYSNATIVE\drivers\AsusTP.sys [x] S3 BthLEEnum;Bluetooth Low Energy Driver;c:\windows\system32\DRIVERS\BthLEEnum.sys;c:\windows\SYSNATIVE\DRIVERS\BthLEEnum.sys [x] S3 btmaux;Intel Bluetooth Auxiliary Service;c:\windows\system32\DRIVERS\btmaux.sys;c:\windows\SYSNATIVE\DRIVERS\btmaux.sys [x] S3 btmhsf;btmhsf;c:\windows\system32\DRIVERS\btmhsf.sys;c:\windows\SYSNATIVE\DRIVERS\btmhsf.sys [x] S3 HIDSwitch;ASUS Wireless Radio Control;c:\windows\System32\drivers\AsHIDSwitch64.sys;c:\windows\SYSNATIVE\drivers\AsHIDSwitch64.sys [x] S3 iBtFltCoex;iBtFltCoex;c:\windows\system32\DRIVERS\iBtFltCoex.sys;c:\windows\SYSNATIVE\DRIVERS\iBtFltCoex.sys [x] S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x] S3 iwdbus;IWD Bus Enumerator;c:\windows\System32\drivers\iwdbus.sys;c:\windows\SYSNATIVE\drivers\iwdbus.sys [x] S3 klkbdflt;Kaspersky Lab KLKBDFLT;c:\windows\system32\DRIVERS\klkbdflt.sys;c:\windows\SYSNATIVE\DRIVERS\klkbdflt.sys [x] S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys;c:\windows\SYSNATIVE\DRIVERS\klmouflt.sys [x] S3 NETwNe64;@oem12.inf,___ %NIC_Service_DispName_WIN8_64%;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 8 - 64 Bit;c:\windows\system32\DRIVERS\NETwew00.sys;c:\windows\SYSNATIVE\DRIVERS\NETwew00.sys [x] S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\System32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x] S3 RTL8168;Realtek 8168 NT Driver;c:\windows\system32\DRIVERS\Rt630x64.sys;c:\windows\SYSNATIVE\DRIVERS\Rt630x64.sys [x] S3 usb3Hub;USB-IF USB 3.0 Hub;c:\windows\System32\drivers\usb3Hub.sys;c:\windows\SYSNATIVE\drivers\usb3Hub.sys [x] S3 XHCIPort;USB-IF xHCI USB Host Controller;c:\windows\System32\drivers\XHCIPort.sys;c:\windows\SYSNATIVE\drivers\XHCIPort.sys [x] . . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}] 2013-09-05 09:41 1177552 ----a-w- c:\program files (x86)\Google\Chrome\Application\29.0.1547.66\Installer\chrmstp.exe . Contents of the 'Scheduled Tasks' folder . 2013-09-17 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-08-21 16:43] . 2013-09-13 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1579019205-3585864088-4210726827-1001Core.job - c:\users\asus\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-09-06 19:44] . 2013-09-17 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1579019205-3585864088-4210726827-1001UA.job - c:\users\asus\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-09-06 19:44] . 2013-09-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-08-26 05:35] . 2013-09-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-08-26 05:35] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_B] @="{6D4133E5-0742-4ADC-8A8C-9303440F7190}" [HKEY_CLASSES_ROOT\CLSID\{6D4133E5-0742-4ADC-8A8C-9303440F7190}] 2012-03-13 09:23 1500672 ----a-w- c:\program files (x86)\ASUS\WebStorage Sync Agent\1.1.9.120\AsusWSShellExt64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_O] @="{64174815-8D98-4CE6-8646-4C039977D808}" [HKEY_CLASSES_ROOT\CLSID\{64174815-8D98-4CE6-8646-4C039977D808}] 2012-03-13 09:23 1500672 ----a-w- c:\program files (x86)\ASUS\WebStorage Sync Agent\1.1.9.120\AsusWSShellExt64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_U] @="{1C5AB7B1-0B38-4EC4-9093-7FD277E2AF4D}" [HKEY_CLASSES_ROOT\CLSID\{1C5AB7B1-0B38-4EC4-9093-7FD277E2AF4D}] 2012-03-13 09:23 1500672 ----a-w- c:\program files (x86)\ASUS\WebStorage Sync Agent\1.1.9.120\AsusWSShellExt64.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-10-15 171040] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-10-15 399392] "RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2012-10-18 13213328] "BTMTrayAgent"="c:\program files (x86)\Intel\Bluetooth\btmshell.dll" [2012-07-21 11554176] . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = https://www.google.com.sa/ mLocal Page = c:\windows\SysWOW64\blank.htm IE: Add to Anti-Banner - c:\program files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ie_banner_deny.htm IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000 IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105 IE: Send to Bluetooth - c:\program files (x86)\Intel\Bluetooth\btSendToObject.htm IE: ????? ??? ???? Bluetooth - c:\program files (x86)\Intel\Bluetooth\btSendToObject.htm TCP: DhcpNameServer = 192.168.1.1 192.168.1.1 Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\15.5.0\ViProtocol.dll FF - ProfilePath - c:\users\asus\AppData\Roaming\Mozilla\Firefox\Profiles\oxczlsci.default\ FF - prefs.js: keyword.URL - FF - ExtSQL: 2013-08-12 22:38; anti_banner@kaspersky.com; c:\program files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\anti_banner@kaspersky.com FF - ExtSQL: 2013-08-12 22:38; content_blocker@kaspersky.com; c:\program files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\content_blocker@kaspersky.com FF - ExtSQL: 2013-08-12 22:38; online_banking@kaspersky.com; c:\program files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\online_banking@kaspersky.com FF - ExtSQL: 2013-08-12 22:38; url_advisor@kaspersky.com; c:\program files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\url_advisor@kaspersky.com FF - ExtSQL: 2013-08-12 22:38; virtual_keyboard@kaspersky.com; c:\program files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\virtual_keyboard@kaspersky.com FF - ExtSQL: 2013-08-24 03:31; afext@anchorfree.com; c:\program files (x86)\Mozilla Firefox\browser\extensions\afext@anchorfree.com FF - ExtSQL: 2013-09-09 14:06; avg@toolbar; c:\programdata\AVG SafeGuard toolbar\FireFoxExt\15.5.0.2 FF - ExtSQL: 2013-09-17 07:00; WebSiteRecommendation@weliketheweb.com; c:\users\asus\AppData\Roaming\Mozilla\Firefox\Profiles\oxczlsci.default\extensions\WebSiteRecommendation@weliketheweb.com FF - user.js: extensions.delta.tlbrSrchUrl - FF - user.js: extensions.delta.id - 7c53b2de000000000000685d439f2708 FF - user.js: extensions.delta.appId - {C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3} FF - user.js: extensions.delta.instlDay - 15956 FF - user.js: extensions.delta.vrsn - 1.8.24.6 FF - user.js: extensions.delta.vrsni - 1.8.24.6 FF - user.js: extensions.delta.vrsnTs - 1.8.24.614:14 FF - user.js: extensions.delta.prtnrId - delta FF - user.js: extensions.delta.prdct - delta FF - user.js: extensions.delta.aflt - babsst FF - user.js: extensions.delta.smplGrp - none FF - user.js: extensions.delta.tlbrId - base FF - user.js: extensions.delta.instlRef - sst FF - user.js: extensions.delta.dfltLng - en FF - user.js: extensions.delta.excTlbr - false FF - user.js: extensions.delta.ffxUnstlRst - true FF - user.js: extensions.delta.admin - false FF - user.js: extensions.delta_i.babTrack - affID=123621&tsp=4999 FF - user.js: extensions.delta_i.babExt - FF - user.js: extensions.delta_i.srcExt - ss FF - user.js: extensions.delta.autoRvrt - false FF - user.js: extensions.delta.rvrt - false FF - user.js: extensions.delta.newTab - false . - - - - ORPHANS REMOVED - - - - . URLSearchHooks-{76a39c95-086b-44df-bb69-b9e158ecffcf} - (no file) Toolbar-Locked - (no file) Wow6432Node-HKCU-Run-Pokki - %LOCALAPPDATA%\Pokki\Engine\Launcher.dll BHO-{F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - (no file) . . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}] @Denied: (A) (Everyone) . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3] @Denied: (A) (Everyone) . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) @SACL=(02 0000) . Completion time: 2013-09-17 20:45:15 ComboFix-quarantined-files.txt 2013-09-17 17:45 ComboFix2.txt 2013-09-05 15:18 . Pre-Run: 236,062,035,968 bytes free Post-Run: 236,119,638,016 bytes free . - - End Of File - - 20DA54AD952D002BF4EC5DE270E4D963

by the way i could disable the ads by going to extentions then delete 'webs recommandactions' . but, i did not install it before

aswMBR version 0.9.9.1771 Copyright© 2011 AVAST Software Run date: 2013-09-17 17:22:14 ----------------------------- 17:22:14.687 OS Version: Windows x64 6.2.9200 17:22:14.687 Number of processors: 4 586 0x3A09 17:22:14.688 ComputerName: ASUS1 UserName: asus 17:22:14.710 Initialze error 1 17:22:49.987 AVAST engine defs: 13091700 17:22:59.843 Service scanning 17:23:00.457 Modules scanning 17:23:00.460 Disk 0 trace - called modules: 17:23:00.476 17:23:00.480 AVAST engine scan C:\Windows 17:23:00.484 AVAST engine scan C:\Windows\system32 17:23:00.488 AVAST engine scan C:\Windows\system32\drivers 17:23:00.493 AVAST engine scan C:\Users\asus 17:23:00.499 AVAST engine scan C:\ProgramData 17:23:00.503 Scan finished successfully 17:23:10.415 The log file has been saved successfully to "C:\Users\asus\Downloads\aswMBR.txt"

Attach >>>>>>>>>>>>>>>>>> . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2012-11-20.01) . Microsoft Windows 8 Boot Device: \Device\HarddiskVolume1 Install Date: 8/12/2013 10:16:55 PM System Uptime: 9/17/2013 10:44:47 AM (5 hours ago) . Motherboard: ASUSTeK COMPUTER INC. | | Q500A Processor: Intel® Core i5-3210M CPU @ 2.50GHz | SOCKET 0 | 1200/100mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 279 GiB total, 220.229 GiB free. D: is FIXED (NTFS) - 398 GiB total, 397.992 GiB free. E: is CDROM () . ==== Disabled Device Manager Items ============= . ==== System Restore Points =================== . RP9: 9/4/2013 5:30:29 AM - Windows Update RP10: 9/4/2013 6:24:13 PM - Restore Operation RP11: 9/6/2013 10:26:27 AM - ComboFix created restore point RP12: 9/10/2013 9:29:32 AM - Installed Microsoft Visual C++ 2005 Redistributable RP13: 9/13/2013 8:53:10 PM - Removed Microsoft Office Home and Student 2010 RP14: 9/17/2013 6:45:35 AM - Uniblue SpeedUpMyPC installation . ==== Installed Programs ====================== . µTorrent Adobe Flash Player 11 Plugin Adobe Reader X MUI ASUS Instant Connect ASUS InstantOn ASUS LifeFrame3 ASUS Live Update ASUS Power4Gear Hybrid ASUS Smart Gesture ASUS Splendid Video Enhancement Technology ASUS Tutor ASUS USB Charger Plus ASUS WebStorage Sync Agent ASUSDVD ATK Package AVG SafeGuard toolbar Baidu PC Faster Camtasia Studio 8 CCleaner Classic Shell Facebook Video Calling 1.2.0.287 Google Chrome Google Update Helper Hao123-Client ImTOO Video Cutter 2 IMVU Avatar Chat Software Intel PROSet Wireless Intel® Management Engine Components Intel® Processor Graphics Intel® PROSet/Wireless for Bluetooth® + High Speed Intel® PROSet/Wireless Software for Bluetooth® Technology Intel® SDK for OpenCL - CPU Only Runtime Package Intel® WiDi Intel® PROSet/Wireless WiFi Software Intel® Trusted Connect Service Client Java 7 Update 25 Java 7 Update 25 (64-bit) Java Auto Updater K-Lite Codec Pack 7.6.7 (Full) Kaspersky Internet Security 2013 Malwarebytes Anti-Malware version 1.75.0.1300 Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Mozilla Firefox 23.0.1 (x86 en-US) Mozilla Maintenance Service MSVCRT Redists Pandora Service Pokki Realtek Ethernet Controller Driver Realtek High Definition Audio Driver Realtek USB 2.0 Card Reader Shared C Run-time for x64 SmartWhois The KMPlayer (remove only) Vegas Pro 12.0 (64-bit) VLC media player 1.1.11 Windows Driver Package - ASUS (ATP) Mouse (10/29/2012 1.0.0.148) WinFlash WinRAR 5.00 beta 8 (64-bit) Wondershare Video Editor(Build 3.1.4) Xilisoft Video Splitter 2 . ==== End Of File ===========================

DDS >>>>>>>>>>> DDS (Ver_2012-11-20.01) - NTFS_AMD64 Internet Explorer: 10.0.9200.16688 BrowserJavaVersion: 10.25.2 Run by asus at 15:48:35 on 2013-09-17 Microsoft Windows 8 6.2.9200.0.1252.1.1033.18.6034.3369 [GMT 3:00] . AV: Kaspersky Internet Security *Enabled/Updated* {C3113FBF-4BCB-4461-D78D-6EDFEC9593E5} AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: Kaspersky Internet Security *Enabled/Updated* {7870DE5B-6DF1-4BEF-ED3D-55AD9712D958} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} FW: Kaspersky Internet Security *Enabled* {FB2ABE9A-01A4-4539-FCD2-C7EA1246D49E} . ============== Running Processes =============== . C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\system32\dwm.exe C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Program Files\Classic Shell\ClassicShellService.exe C:\Windows\system32\svchost.exe -k NetworkService C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe C:\Windows\system32\WLANExt.exe C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe C:\Windows\system32\dashost.exe C:\Program Files\Intel\WiFi\bin\EvtEng.exe C:\Program Files\Intel\iCLS Client\HeciServer.exe C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe C:\Program Files (x86)\PANDORA.TV\PanService\PandoraService.exe C:\Program Files (x86)\Baidu Security\PC Faster\3.7.0.0\PCFasterSvc.exe C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.5.0\ToolbarUpdater.exe C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.5.0\loggingserver.exe C:\Windows\system32\wbem\unsecapp.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Windows\system32\wbem\wmiprvse.exe C:\Program Files (x86)\PANDORA.TV\PanService\PanProcess.exe C:\Program Files\ASUS\P4G\BatteryLife.exe C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnCfg.exe C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe C:\Windows\system32\taskhostex.exe C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnWMI.exe C:\Program Files\Classic Shell\ClassicStartMenu.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe C:\Windows\Explorer.EXE C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe C:\Users\asus\AppData\Local\Pokki\Engine\pokki.exe C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe\LiveComm.exe C:\Windows\system32\SearchIndexer.exe C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x64\QuickGesture64.exe C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x86\QuickGesture.exe C:\Windows\System32\igfxtray.exe C:\Windows\System32\hkcmd.exe C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe C:\Windows\System32\rundll32.exe C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe C:\Program Files (x86)\Baidu Security\PC Faster\3.7.0.0\PCFaster.exe C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe C:\Program Files (x86)\ASUS\Splendid\ACMON.exe C:\Users\asus\AppData\Local\Pokki\Engine\pokki.exe C:\Windows\System32\RuntimeBroker.exe C:\Users\asus\AppData\Local\Pokki\Engine\pokki.exe C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe C:\Users\asus\AppData\Local\Pokki\Engine\pokki.exe C:\Program Files (x86)\ASUS\Splendid\ColorUService.exe C:\Windows\system32\igfxpers.exe C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Users\asus\AppData\Local\Pokki\Engine\pokki.exe C:\Windows\SysWOW64\ACEngSvr.exe C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPHelper.exe C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe C:\Windows\system32\mspaint.exe C:\Program Files (x86)\Mozilla Firefox\firefox.exe C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe C:\Users\asus\AppData\Local\Pokki\Engine\pokki.exe C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPCenter.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\SearchFilterHost.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\System32\cscript.exe . ============== Pseudo HJT Report =============== . uURLSearchHooks: {76a39c95-086b-44df-bb69-b9e158ecffcf} - <orphaned> BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO: Content Blocker Plugin: {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\ContentBlocker\ie_content_blocker_plugin.dll BHO: Virtual Keyboard Plugin: {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll BHO: AVG SafeGuard toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG SafeGuard toolbar\15.5.0.2\AVG SafeGuard toolbar_toolbar.dll BHO: Safe Money Plugin: {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\OnlineBanking\online_banking_bho.dll BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll BHO: URL Advisor Plugin: {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll TB: AVG SafeGuard toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG SafeGuard toolbar\15.5.0.2\AVG SafeGuard toolbar_toolbar.dll uRun: [Pokki] C:\Windows\System32\rundll32.exe "C:\Users\asus\AppData\Local\Pokki\Engine\Launcher.dll",RunLaunchPlatform mRun: [AVP] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\runner_avp.exe" mRun: [vProt] "C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe" mRun: [baidu PC Faster 3.7.0.0] "C:\Program Files (x86)\Baidu Security\PC Faster\3.7.0.0\PCFaster.exe" -auto -start mRun: [Wondershare Helper Compact.exe] C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe uPolicies-Explorer: NoDrives = dword:0 mPolicies-Explorer: NoDriveTypeAutoRun = dword:28 mPolicies-Explorer: NoDrives = dword:0 IE: Add to Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ie_banner_deny.htm IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 IE: Send to Bluetooth - C:\Program Files (x86)\Intel\Bluetooth\btSendToObject.htm IE: ????? ??? ???? Bluetooth - <no file> IE: {0C4CC089-D306-440D-9772-464E226F6539} - {0BA14598-4178-4CE5-B1F1-B5C6408A3F2E} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll IE: {FD9DE2B4-C926-4460-81C4-FC58C6F1062E} - C:\Program Files (x86)\SmartWhois\swmsie.exe IE: {FF983118-58C7-4AD4-B5A7-691C39CB7B42} - C:\Program Files (x86)\SmartWhois\swmsie.exe TCP: NameServer = 192.168.1.1 192.168.1.1 TCP: Interfaces\{958B2E52-9881-4BB0-B80E-FB26F359D3DB} : DHCPNameServer = 192.168.1.1 192.168.1.1 TCP: Interfaces\{958B2E52-9881-4BB0-B80E-FB26F359D3DB}\356523 : DHCPNameServer = 192.168.2.1 Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\15.5.0\ViProtocol.dll SSODL: WebCheck - <orphaned> mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.66\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome x64-BHO: Content Blocker Plugin: {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll x64-BHO: Virtual Keyboard Plugin: {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll x64-BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll x64-BHO: Safe Money Plugin: {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\OnlineBanking\online_banking_bho.dll x64-BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll x64-BHO: URL Advisor Plugin: {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\UrlAdvisor\klwtbbho.dll x64-BHO: {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - <orphaned> x64-Run: [igfxTray] C:\Windows\System32\igfxtray.exe x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s x64-Run: [bTMTrayAgent] rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll",TrayApp x64-mPolicies-Explorer: NoDriveTypeAutoRun = dword:28 x64-mPolicies-Explorer: NoDrives = dword:0 x64-IE: {0C4CC089-D306-440D-9772-464E226F6539} - {0BA14598-4178-4CE5-B1F1-B5C6408A3F2E} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll x64-IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\UrlAdvisor\klwtbbho.dll x64-IE: {FD9DE2B4-C926-4460-81C4-FC58C6F1062E} - C:\Program Files (x86)\SmartWhois\swmsie.exe x64-IE: {FF983118-58C7-4AD4-B5A7-691C39CB7B42} - C:\Program Files (x86)\SmartWhois\swmsie.exe x64-Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - <orphaned> x64-Notify: igfxcui - igfxdev.dll x64-SSODL: WebCheck - <orphaned> . ================= FIREFOX =================== . FF - ProfilePath - C:\Users\asus\AppData\Roaming\Mozilla\Firefox\Profiles\oxczlsci.default\ FF - prefs.js: keyword.URL - FF - plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\15.5.0\npsitesafety.dll FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll FF - plugin: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll FF - plugin: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll FF - plugin: C:\Users\asus\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_168.dll FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll FF - plugin: C:\Windows\SysWOW64\npmproxy.dll FF - ExtSQL: 2013-08-12 22:38; anti_banner@kaspersky.com; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\anti_banner@kaspersky.com FF - ExtSQL: 2013-08-12 22:38; content_blocker@kaspersky.com; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\content_blocker@kaspersky.com FF - ExtSQL: 2013-08-12 22:38; online_banking@kaspersky.com; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\online_banking@kaspersky.com FF - ExtSQL: 2013-08-12 22:38; url_advisor@kaspersky.com; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\url_advisor@kaspersky.com FF - ExtSQL: 2013-08-12 22:38; virtual_keyboard@kaspersky.com; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\virtual_keyboard@kaspersky.com FF - ExtSQL: 2013-08-24 03:31; afext@anchorfree.com; C:\Program Files (x86)\Mozilla Firefox\browser\extensions\afext@anchorfree.com FF - ExtSQL: 2013-09-09 14:06; avg@toolbar; C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\15.5.0.2 FF - ExtSQL: 2013-09-17 07:00; WebSiteRecommendation@weliketheweb.com; C:\Users\asus\AppData\Roaming\Mozilla\Firefox\Profiles\oxczlsci.default\extensions\WebSiteRecommendation@weliketheweb.com . ---- FIREFOX POLICIES ---- FF - user.js: extensions.delta.tlbrSrchUrl - FF - user.js: extensions.delta.id - 7c53b2de000000000000685d439f2708 FF - user.js: extensions.delta.appId - {C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3} FF - user.js: extensions.delta.instlDay - 15956 FF - user.js: extensions.delta.vrsn - 1.8.24.6 FF - user.js: extensions.delta.vrsni - 1.8.24.6 FF - user.js: extensions.delta.vrsnTs - 1.8.24.614:14:06 FF - user.js: extensions.delta.prtnrId - delta FF - user.js: extensions.delta.prdct - delta FF - user.js: extensions.delta.aflt - babsst FF - user.js: extensions.delta.smplGrp - none FF - user.js: extensions.delta.tlbrId - base FF - user.js: extensions.delta.instlRef - sst FF - user.js: extensions.delta.dfltLng - en FF - user.js: extensions.delta.excTlbr - false FF - user.js: extensions.delta.ffxUnstlRst - true FF - user.js: extensions.delta.admin - false FF - user.js: extensions.delta_i.babTrack - affID=123621&tsp=4999 FF - user.js: extensions.delta_i.babExt - FF - user.js: extensions.delta_i.srcExt - ss FF - user.js: extensions.delta.autoRvrt - false FF - user.js: extensions.delta.rvrt - false FF - user.js: extensions.delta.newTab - false . . . . . . ============= SERVICES / DRIVERS =============== . R0 iaStorA;iaStorA;C:\Windows\System32\Drivers\iaStorA.sys [2012-11-13 645952] R1 ATKWMIACPIIO;ATKWMIACPI Driver;C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [2011-9-7 17536] R1 BprotectEx;Baidu ProtectEx;C:\Windows\System32\Drivers\BprotectEx.sys [2013-9-8 78144] R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;C:\Windows\System32\Drivers\klim6.sys [2012-8-3 28504] R1 klwfp;klwfp;C:\Windows\System32\Drivers\klwfp.sys [2013-5-3 50448] R1 kneps;kneps;C:\Windows\System32\Drivers\kneps.sys [2013-5-3 178448] R2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® + High Speed Service;C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe [2012-9-13 731688] R2 ASMMAP64;ASMMAP64;C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-7-3 15416] R2 ASUS InstantOn;ASUS InstantOn Service;C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe [2012-4-13 277120] R2 AVP;Kaspersky Anti-Virus Service;C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe [2013-5-3 356376] R2 Bluetooth Device Monitor;Bluetooth Device Monitor;C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe [2013-1-15 1091520] R2 Bluetooth OBEX Service;Bluetooth OBEX Service;C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe [2013-1-15 1107904] R2 BTHSSecurityMgr;Intel® Centrino® Wireless Bluetooth® + High Speed Security Service;C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe [2012-8-16 135984] R2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2012-4-21 635104] R2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe [2013-1-15 165760] R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-9-4 418376] R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-9-4 701512] R2 PanService;PandoraService;C:\Program Files (x86)\PANDORA.TV\PanService\PandoraService.exe [2013-9-8 625304] R2 PCFasterSvc_{PCFaster_3.7.0.0};Baidu PC Faster Service 3.7.0.0;C:\Program Files (x86)\Baidu Security\PC Faster\3.7.0.0\PCFasterSvc.exe [2013-8-29 636912] R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2013-1-15 364416] R2 vToolbarUpdater15.5.0;vToolbarUpdater15.5.0;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.5.0\ToolbarUpdater.exe [2013-9-9 1643184] R2 ZeroConfigService;Intel® PROSet/Wireless Zero Configuration Service;C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [2012-9-25 1153840] R3 AiCharger;ASUS Charger Driver;C:\Windows\System32\Drivers\AiCharger.sys [2012-7-25 17152] R3 AMPPAL;Intel® Centrino® Wireless Bluetooth® + High Speed Virtual Adapter;C:\Windows\System32\Drivers\AmpPal.sys [2012-9-13 162344] R3 ATP;ASUS PS/2 Port Input Device;C:\Windows\System32\Drivers\AsusTP.sys [2012-10-31 61824] R3 BthLEEnum;Bluetooth Low Energy Driver;C:\Windows\System32\Drivers\BthLEEnum.sys [2012-7-26 202752] R3 btmaux;Intel Bluetooth Auxiliary Service;C:\Windows\System32\Drivers\btmaux.sys [2013-1-15 110592] R3 btmhsf;btmhsf;C:\Windows\System32\Drivers\btmhsf.sys [2013-1-15 825344] R3 HIDSwitch;ASUS Wireless Radio Control;C:\Windows\System32\Drivers\AsHIDSwitch64.sys [2012-11-13 21152] R3 iBtFltCoex;iBtFltCoex;C:\Windows\System32\Drivers\iBtFltCoex.sys [2013-1-15 55848] R3 IntcDAud;Intel® Display Audio;C:\Windows\System32\Drivers\IntcDAud.sys [2012-11-13 342528] R3 iwdbus;IWD Bus Enumerator;C:\Windows\System32\Drivers\iwdbus.sys [2012-10-10 25568] R3 klkbdflt;Kaspersky Lab KLKBDFLT;C:\Windows\System32\Drivers\klkbdflt.sys [2013-5-3 29016] R3 klmouflt;Kaspersky Lab KLMOUFLT;C:\Windows\System32\Drivers\klmouflt.sys [2013-5-3 29528] R3 MBAMProtector;MBAMProtector;C:\Windows\System32\Drivers\mbam.sys [2013-9-4 25928] R3 NETwNe64;@oem12.inf,___ %NIC_Service_DispName_WIN8_64%;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 8 - 64 Bit;C:\Windows\System32\Drivers\NETwew00.sys [2012-10-10 4309032] R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\Drivers\RtsUStor.sys [2013-1-15 252048] R3 RTL8168;Realtek 8168 NT Driver;C:\Windows\System32\Drivers\Rt630x64.sys [2013-1-15 690832] R3 usb3Hub;USB-IF USB 3.0 Hub;C:\Windows\System32\Drivers\usb3Hub.sys [2012-10-10 47072] R3 XHCIPort;USB-IF xHCI USB Host Controller;C:\Windows\System32\Drivers\xHCIPort.sys [2012-10-10 188896] S0 klelam;klelam;C:\Windows\System32\Drivers\klelam.sys [2012-7-28 29616] S3 AMPPALP;Intel® Centrino® Wireless Bluetooth® + High Speed Protocol;C:\Windows\System32\Drivers\AmpPal.sys [2012-9-13 162344] S3 intaud_WaveExtensible;Intel WiDi Audio Device;C:\Windows\System32\Drivers\intelaud.sys [2012-10-10 35296] S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2012-9-25 272176] S3 taphss6;Anchorfree HSS VPN Adapter;C:\Windows\System32\Drivers\taphss6.sys [2013-6-21 42184] S3 WUDFWpdMtp;WUDFWpdMtp;C:\Windows\System32\Drivers\WUDFRd.sys [2012-7-26 198656] . =============== Created Last 30 ================ . 2013-09-17 03:48:40 -------- d-----w- C:\Users\asus\AppData\Roaming\FlashgetSetup 2013-09-17 03:48:40 -------- d-----w- C:\Users\asus\AppData\Roaming\BITS 2013-09-17 03:48:31 -------- d-----w- C:\Program Files (x86)\FlashGet Network 2013-09-15 14:53:34 -------- d-----w- C:\Users\asus\AppData\Roaming\TP 2013-09-13 18:13:58 -------- d-----w- C:\ProgramData\Baidu 2013-09-11 03:27:59 447488 ----a-w- C:\Windows\System32\wwansvc.dll 2013-09-10 07:18:15 -------- d-----w- C:\Users\asus\AppData\Roaming\ImTOO 2013-09-10 07:18:15 -------- d-----w- C:\Program Files (x86)\ImTOO 2013-09-10 06:43:23 -------- d-----w- C:\Users\asus\AppData\Roaming\AVCutty 2013-09-10 06:35:18 -------- d-----w- C:\Program Files (x86)\Davis Software 2013-09-10 06:32:20 -------- d-----w- C:\Users\asus\AppData\Local\Spoon 2013-09-10 06:14:17 36864 ----a-w- C:\Windows\unslive.exe 2013-09-10 06:13:39 -------- d-----w- C:\tape-indices 2013-09-10 05:47:37 -------- d-----w- C:\Users\asus\AppData\Roaming\Xilisoft 2013-09-10 05:47:37 -------- d-----w- C:\Program Files (x86)\Xilisoft 2013-09-10 05:18:44 -------- d-----w- C:\Program Files (x86)\Wondershare 2013-09-10 04:42:11 941992 ----a-w- C:\Windows\SysWow64\WPShellExt64.dll 2013-09-10 04:42:05 -------- d-----w- C:\ProgramData\Wondershare Player 2013-09-10 04:41:44 -------- d-----w- C:\Users\asus\AppData\Local\Wondershare 2013-09-10 04:41:39 -------- d-----w- C:\Program Files (x86)\Common Files\Wondershare 2013-09-08 11:15:46 -------- d-----w- C:\Users\asus\AppData\Local\Pokki 2013-09-08 11:13:36 -------- d-----w- C:\Users\asus\AppData\Roaming\baidu 2013-09-08 11:12:54 -------- d-----w- C:\ProgramData\Babylon 2013-09-08 11:08:35 -------- d-----w- C:\Users\asus\AppData\Roaming\Baidu Security 2013-09-08 11:08:30 78144 ----a-w- C:\Windows\System32\drivers\BprotectEx.sys 2013-09-08 11:07:28 -------- d-----w- C:\Program Files (x86)\PANDORA.TV 2013-09-08 11:05:50 -------- d-----w- C:\Program Files (x86)\The KMPlayer 2013-09-08 11:05:06 -------- d-----w- C:\Users\asus\AppData\Local\AVG SafeGuard toolbar 2013-09-08 11:04:50 45856 ----a-w- C:\Windows\System32\drivers\avgtpx64.sys 2013-09-08 11:04:42 -------- d-----w- C:\ProgramData\AVG SafeGuard toolbar 2013-09-08 11:04:42 -------- d-----w- C:\Program Files (x86)\Common Files\AVG Secure Search 2013-09-08 11:04:41 -------- d-----w- C:\Program Files (x86)\AVG SafeGuard toolbar 2013-09-08 11:04:10 -------- d-----w- C:\Program Files (x86)\SimilarSites 2013-09-08 11:04:02 -------- d--h--w- C:\ProgramData\Common Files 2013-09-08 11:03:55 -------- d-----w- C:\Users\asus\AppData\Roaming\SimilarSites 2013-09-08 11:03:48 -------- d-----w- C:\ProgramData\Baidu Security 2013-09-08 11:03:48 -------- d-----w- C:\Program Files (x86)\Baidu Security 2013-09-06 19:44:50 -------- d-----w- C:\Users\asus\AppData\Local\Facebook 2013-09-06 07:38:05 -------- d-sh--w- C:\$RECYCLE.BIN 2013-09-06 07:36:05 -------- d-----w- C:\Users\asus\AppData\Local\temp 2013-09-06 07:26:18 -------- d-----w- C:\ComboFix 2013-09-05 15:06:16 98816 ----a-w- C:\Windows\sed.exe 2013-09-05 15:06:16 256000 ----a-w- C:\Windows\PEV.exe 2013-09-05 15:06:16 208896 ----a-w- C:\Windows\MBR.exe 2013-09-05 13:25:03 -------- d-----w- C:\Users\asus\AppData\Local\CrashDumps 2013-09-05 02:01:31 -------- d-----w- C:\Users\asus\AppData\Roaming\TamoSoft 2013-09-05 02:01:11 -------- d-----w- C:\ProgramData\TamoSoft 2013-09-05 02:01:02 -------- d-----w- C:\Program Files (x86)\SmartWhois 2013-09-05 01:21:27 -------- d-----w- C:\Program Files\CCleaner 2013-09-05 00:49:05 -------- d-----w- C:\ProgramData\AntiSpyInfo 2013-09-05 00:28:07 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy 2013-09-04 16:08:23 -------- d-----w- C:\Users\asus\AppData\Roaming\Malwarebytes 2013-09-04 16:08:19 -------- d-----w- C:\ProgramData\Malwarebytes 2013-09-04 16:08:17 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys 2013-09-04 16:08:17 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware 2013-09-04 15:59:16 270512 ----a-w- C:\ProgramData\Microsoft\Windows\Sqm\Manifest\Sqm10215.bin 2013-09-04 02:45:12 -------- d-----w- C:\Windows\SysWow64\drivers\UMDF\es-ES 2013-09-04 02:45:12 -------- d-----w- C:\Windows\SysWow64\0C0A 2013-09-04 02:44:16 -------- d-----w- C:\Windows\System32\0C0A 2013-08-31 03:07:13 -------- d-----w- C:\Users\asus\AppData\Local\TechSmith 2013-08-30 05:08:45 -------- d-----w- C:\Users\asus\AppData\Roaming\TechSmith 2013-08-30 05:04:17 -------- d-----w- C:\ProgramData\regid.1995-08.com.techsmith 2013-08-30 05:04:07 -------- d-----w- C:\Program Files (x86)\Common Files\TechSmith Shared 2013-08-30 04:31:36 -------- d-----w- C:\Users\asus\AppData\Local\Programs 2013-08-30 04:10:58 -------- d-----w- C:\Users\asus\AppData\Roaming\uTorrent 2013-08-26 05:35:29 -------- d-----w- C:\Users\asus\AppData\Local\Deployment 2013-08-26 05:35:29 -------- d-----w- C:\Users\asus\AppData\Local\Apps 2013-08-24 01:28:42 -------- d-----w- C:\Users\asus\AppData\Local\SecondLife 2013-08-24 01:13:50 -------- d-----w- C:\Makena 2013-08-24 01:13:38 4379984 ----a-w- C:\Windows\SysWow64\D3DX9_40.dll 2013-08-22 23:14:45 -------- d-----w- C:\Users\asus\AppData\Local\Macromedia 2013-08-22 23:11:45 -------- d-----w- C:\Users\asus\AppData\Roaming\IMVU 2013-08-22 23:09:48 -------- d-----w- C:\Users\asus\AppData\Roaming\IMVUClient 2013-08-22 12:37:33 -------- d-----w- C:\sources 2013-08-21 05:51:23 -------- d-----w- C:\Users\asus\AppData\Roaming\Maxthon3 . ==================== Find3M ==================== . 2013-09-17 07:47:47 422 ----a-w- C:\Users\asus\AppData\Roaming\sp_data.sys 2013-09-05 20:09:17 78296 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2013-09-05 20:09:17 694232 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe 2013-08-21 04:12:06 2241024 ----a-w- C:\Windows\System32\wininet.dll 2013-08-21 04:11:59 915968 ----a-w- C:\Windows\System32\uxtheme.dll 2013-08-21 04:11:59 53760 ----a-w- C:\Windows\System32\UXInit.dll 2013-08-21 04:11:07 3959296 ----a-w- C:\Windows\System32\jscript9.dll 2013-08-21 04:11:04 67072 ----a-w- C:\Windows\System32\iesetup.dll 2013-08-21 04:11:04 136704 ----a-w- C:\Windows\System32\iesysprep.dll 2013-08-21 02:34:51 2706432 ----a-w- C:\Windows\System32\mshtml.tlb 2013-08-21 02:06:11 1767936 ----a-w- C:\Windows\SysWow64\wininet.dll 2013-08-21 02:06:06 44032 ----a-w- C:\Windows\SysWow64\UXInit.dll 2013-08-21 02:05:28 2876928 ----a-w- C:\Windows\SysWow64\jscript9.dll 2013-08-21 02:05:25 61440 ----a-w- C:\Windows\SysWow64\iesetup.dll 2013-08-21 02:05:25 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll 2013-08-21 01:43:54 2706432 ----a-w- C:\Windows\SysWow64\mshtml.tlb 2013-08-20 23:52:56 534528 ----a-w- C:\Windows\SysWow64\uxtheme.dll 2013-08-16 05:41:13 58200 ----a-w- C:\Windows\System32\drivers\dam.sys 2013-08-16 05:39:26 2371728 ----a-w- C:\Windows\System32\WSService.dll 2013-08-16 05:32:48 209200 ----a-w- C:\Windows\System32\NotificationUI.exe 2013-08-16 05:22:22 40448 ----a-w- C:\Windows\System32\wuapp.exe 2013-08-16 05:22:11 4917760 ----a-w- C:\Windows\System32\sppsvc.exe 2013-08-16 05:20:30 105984 ----a-w- C:\Windows\System32\WinSetupUI.dll 2013-08-15 22:43:21 35328 ----a-w- C:\Windows\SysWow64\wuapp.exe 2013-08-15 22:43:07 84992 ----a-w- C:\Windows\SysWow64\wudriver.dll 2013-08-15 22:43:07 126976 ----a-w- C:\Windows\SysWow64\wuwebv.dll 2013-08-15 22:43:03 562688 ----a-w- C:\Windows\SysWow64\WSShared.dll 2013-08-15 22:43:03 159232 ----a-w- C:\Windows\SysWow64\WSSync.dll 2013-08-15 22:43:02 83968 ----a-w- C:\Windows\SysWow64\OEMLicense.dll 2013-08-15 22:43:02 167424 ----a-w- C:\Windows\SysWow64\WSClient.dll 2013-08-15 22:43:02 143872 ----a-w- C:\Windows\SysWow64\Windows.ApplicationModel.Store.dll 2013-08-15 22:43:02 124928 ----a-w- C:\Windows\SysWow64\Windows.ApplicationModel.Store.TestingFramework.dll 2013-08-15 22:42:52 76800 ----a-w- C:\Windows\SysWow64\setupcln.dll 2013-08-15 22:42:47 91648 ----a-w- C:\Windows\SysWow64\sppc.dll 2013-08-12 19:26:44 108968 ----a-w- C:\Windows\System32\WindowsAccessBridge-64.dll 2013-08-12 19:26:43 972712 ----a-w- C:\Windows\System32\deployJava1.dll 2013-08-12 19:26:43 1093032 ----a-w- C:\Windows\System32\npDeployJava1.dll 2013-08-12 19:26:15 96168 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll 2013-08-12 19:26:15 867240 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll 2013-08-12 19:26:15 789416 ----a-w- C:\Windows\SysWow64\deployJava1.dll 2013-08-03 04:30:14 4038144 ----a-w- C:\Windows\System32\win32k.sys 2013-07-13 06:18:21 337408 ----a-w- C:\Windows\System32\wintrust.dll 2013-07-13 06:16:06 68096 ----a-w- C:\Windows\System32\cryptsvc.dll 2013-07-13 06:16:06 1889280 ----a-w- C:\Windows\System32\crypt32.dll 2013-07-13 06:15:53 98304 ----a-w- C:\Windows\System32\apprepsync.dll 2013-07-13 06:15:53 124416 ----a-w- C:\Windows\System32\apprepapi.dll 2013-07-13 04:24:58 261120 ----a-w- C:\Windows\SysWow64\wintrust.dll 2013-07-13 04:23:11 1568256 ----a-w- C:\Windows\SysWow64\crypt32.dll 2013-07-13 04:23:03 87040 ----a-w- C:\Windows\SysWow64\apprepapi.dll 2013-07-13 04:23:03 74240 ----a-w- C:\Windows\SysWow64\apprepsync.dll 2013-07-09 08:04:07 120144 ----a-w- C:\Windows\System32\drivers\msgpioclx.sys 2013-07-09 06:18:21 439488 ----a-w- C:\Windows\System32\WerFault.exe 2013-07-09 06:07:17 2233168 ----a-w- C:\Windows\System32\drivers\tcpip.sys 2013-07-09 04:25:45 385768 ----a-w- C:\Windows\SysWow64\WerFault.exe 2013-07-09 03:57:19 245760 ----a-w- C:\Windows\SysWow64\LocationApi.dll 2013-07-08 22:46:00 543744 ----a-w- C:\Windows\System32\wwanmm.dll 2013-07-08 22:46:00 414208 ----a-w- C:\Windows\System32\wwanconn.dll 2013-07-08 22:46:00 370688 ----a-w- C:\Windows\System32\Wwanadvui.dll 2013-07-08 22:45:16 312832 ----a-w- C:\Windows\System32\LocationApi.dll 2013-07-06 00:16:17 1025024 ----a-w- C:\Windows\System32\localspl.dll 2013-07-03 00:23:43 391168 ----a-w- C:\Windows\System32\Windows.Networking.BackgroundTransfer.dll 2013-07-03 00:23:12 778752 ----a-w- C:\Windows\System32\oleaut32.dll 2013-07-03 00:22:26 1300480 ----a-w- C:\Windows\System32\gdi32.dll 2013-07-03 00:11:23 268800 ----a-w- C:\Windows\SysWow64\Windows.Networking.BackgroundTransfer.dll 2013-07-03 00:11:02 551424 ----a-w- C:\Windows\SysWow64\oleaut32.dll 2013-07-02 00:44:14 36288 ----a-w- C:\Windows\System32\drivers\WdBoot.sys 2013-07-01 22:08:49 247216 ----a-w- C:\Windows\System32\drivers\WdFilter.sys 2013-06-30 22:30:14 67072 ----a-w- C:\Windows\SysWow64\openfiles.exe 2013-06-30 22:29:22 77312 ----a-w- C:\Windows\System32\openfiles.exe 2013-06-29 06:15:54 195416 ----a-w- C:\Windows\System32\drivers\sdbus.sys 2013-06-29 06:15:47 125784 ----a-w- C:\Windows\System32\drivers\dumpsd.sys 2013-06-29 05:43:16 327512 ----a-w- C:\Windows\System32\drivers\Classpnp.sys 2013-06-29 01:12:01 1022464 ----a-w- C:\Windows\SysWow64\gdi32.dll 2013-06-26 03:01:38 321536 ----a-w- C:\Windows\System32\drivers\udfs.sys 2013-06-26 02:59:34 341504 ----a-w- C:\Windows\System32\drivers\HdAudio.sys 2013-06-24 22:54:45 74240 ----a-w- C:\Windows\System32\wcmcsp.dll 2013-06-24 22:54:45 263680 ----a-w- C:\Windows\System32\wcmsvc.dll 2013-06-21 01:09:44 42184 ----a-w- C:\Windows\System32\drivers\taphss6.sys . ============= FINISH: 15:49:43.88 ===============

hello the log >>> Malwarebytes Anti-Malware (PRO) 1.75.0.1300 www.malwarebytes.org Database version: v2013.09.17.02 Windows 8 x64 NTFS Internet Explorer 10.0.9200.16688 asus :: ASUS1 [administrator] Protection: Enabled 9/17/2013 10:35:25 AM mbam-log-2013-09-17 (10-35-25).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 253549 Time elapsed: 6 minute(s), 54 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 4 HKCR\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3} (PUP.Optional.Delta.A) -> Quarantined and deleted successfully. HKCR\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3} (PUP.Optional.BrowseFox.A) -> Quarantined and deleted successfully. HKCU\Software\BabSolution\Updater (PUP.Optional.Babylon.A) -> Quarantined and deleted successfully. HKCU\SOFTWARE\INSTALLCORE (PUP.Optional.InstallCore.A) -> Quarantined and deleted successfully. Registry Values Detected: 1 HKCU\Software\InstallCore|tb (PUP.Optional.InstallCore.A) -> Data: 0F -> Quarantined and deleted successfully. Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 6 C:\Users\asus\AppData\Roaming\Babylon (PUP.Optional.Babylon.A) -> Quarantined and deleted successfully. C:\Users\asus\AppData\Roaming\OpenCandy (PUP.Optional.OpenCandy) -> Quarantined and deleted successfully. C:\Users\asus\AppData\Roaming\OpenCandy\13C26973827D4FD0A5F3C845B117E2B5 (PUP.Optional.OpenCandy) -> Quarantined and deleted successfully. C:\Users\asus\AppData\Roaming\OpenCandy\2B5C1FBEE80A4BEEB5B38EEE7A8007CC (PUP.Optional.OpenCandy) -> Quarantined and deleted successfully. C:\Users\asus\AppData\Roaming\OpenCandy\A12809BE3B2247E1BE7E7BEA2D35D6C8 (PUP.Optional.OpenCandy) -> Quarantined and deleted successfully. C:\Users\asus\AppData\Roaming\OpenCandy\E54966B61E5740DAB4DB3C1BA89C544E (PUP.Optional.OpenCandy) -> Quarantined and deleted successfully. Files Detected: 13 C:\Users\asus\AppData\Roaming\OpenCandy\13C26973827D4FD0A5F3C845B117E2B5\DeltaTB.exe (PUP.Optional.Babylon.A) -> Quarantined and deleted successfully. C:\Users\asus\AppData\Roaming\OpenCandy\A12809BE3B2247E1BE7E7BEA2D35D6C8\LatestDLMgr.exe (PUP.Optional.OpenCandy.A) -> Quarantined and deleted successfully. C:\Users\asus\AppData\Roaming\OpenCandy\E54966B61E5740DAB4DB3C1BA89C544E\LatestDLMgr.exe (PUP.Optional.OpenCandy.A) -> Quarantined and deleted successfully. C:\Users\asus\AppData\Local\temp\nsz3530.tmp\OCSetupHlp.dll (PUP.Optional.OpenCandy) -> Quarantined and deleted successfully. C:\Users\asus\Downloads\JDownloaderSetup-aoc-jd (1).exe (PUP.Optional.OpenCandy) -> Quarantined and deleted successfully. C:\Users\asus\Downloads\JDownloaderSetup-aoc-jd.exe (PUP.Optional.OpenCandy) -> Quarantined and deleted successfully. C:\Users\asus\Downloads\TheKMPlayerSetup.exe (PUP.Optional.Installcore) -> Quarantined and deleted successfully. C:\Users\asus\AppData\Roaming\Babylon\log_file.txt (PUP.Optional.Babylon.A) -> Quarantined and deleted successfully. C:\Users\asus\AppData\Roaming\OpenCandy\2B5C1FBEE80A4BEEB5B38EEE7A8007CC\PokkiInstaller.exe (PUP.Optional.OpenCandy) -> Quarantined and deleted successfully. C:\Users\asus\AppData\Roaming\OpenCandy\A12809BE3B2247E1BE7E7BEA2D35D6C8\barc_p1v3.exe (PUP.Optional.OpenCandy) -> Quarantined and deleted successfully. C:\Users\asus\AppData\Roaming\OpenCandy\A12809BE3B2247E1BE7E7BEA2D35D6C8\chrometest.html (PUP.Optional.OpenCandy) -> Quarantined and deleted successfully. C:\Users\asus\AppData\Roaming\OpenCandy\E54966B61E5740DAB4DB3C1BA89C544E\speedupmypcROW.exe (PUP.Optional.OpenCandy) -> Quarantined and deleted successfully. C:\Users\asus\AppData\Roaming\OpenCandy\E54966B61E5740DAB4DB3C1BA89C544E\speedupmypcROW_p2v0.exe (PUP.Optional.OpenCandy) -> Quarantined and deleted successfully. (end) and i will do now the other things

hi, I had a problem before and I posted it here then i thought everything is okay but, these 2 days I have ads on the websites I visit even your site see here in your site: ---------------------- here in wikipedia : ___________________ I ran the scan by your program and there were threats that I removed. But, I still get these ads! why do I still get them although I removed the threats by your program

Malwarebytes Anti-Malware (PRO) 1.75.0.1300 www.malwarebytes.org Database version: v2013.09.04.06 Windows 8 x64 NTFS Internet Explorer 10.0.9200.16660 asus :: ASUS1 [administrator] Protection: Disabled 9/6/2013 10:45:24 AM mbam-log-2013-09-06 (10-45-24).txt Scan type: Full scan (C:\|D:\|E:\|) Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 448370 Time elapsed: 46 minute(s), 31 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 1 C:\Users\asus\Downloads\SoftonicDownloader_for_malwarebytes-anti-malware.exe (PUP.Optional.Softonic) -> Quarantined and deleted successfully. (end)

ComboFix 13-09-04.04 - asus 09/06/2013 10:28:22.2.4 - x64 Microsoft Windows 8 6.2.9200.0.1252.1.1033.18.6034.4383 [GMT 3:00] Running from: C:\Users\asus\Desktop\ComboFix.exe Command switches used :: C:\Users\asus\Desktop\CFScript.txt AV: Kaspersky Internet Security *Disabled/Updated* {C3113FBF-4BCB-4461-D78D-6EDFEC9593E5} AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} FW: Kaspersky Internet Security *Disabled* {FB2ABE9A-01A4-4539-FCD2-C7EA1246D49E} SP: Kaspersky Internet Security *Disabled/Updated* {7870DE5B-6DF1-4BEF-ED3D-55AD9712D958} SP: Spybot - Search and Destroy *Disabled/Outdated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Created a new restore point ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) c:\program files (x86)\Conduit c:\program files (x86)\Conduit\Community Alerts\Alert.dll c:\program files (x86)\Maxthon c:\program files (x86)\Maxthon\Addons\Avatarext\MxAvatarExt.dll c:\program files (x86)\Maxthon\Addons\CloudsSvc\MxCloudsSvc.dat c:\program files (x86)\Maxthon\Addons\CloudsSvc\MxCloudsSvc.dll c:\program files (x86)\Maxthon\Addons\ExtTools\MxExtTools.dat c:\program files (x86)\Maxthon\Addons\ExtTools\MxExtTools.dll c:\program files (x86)\Maxthon\Addons\Misc\MxAddonMisc.dat c:\program files (x86)\Maxthon\Addons\Misc\MxAddonMisc.dll c:\program files (x86)\Maxthon\Addons\Mobile\android\Adb.exe c:\program files (x86)\Maxthon\Addons\Mobile\android\AdbWinApi.dll c:\program files (x86)\Maxthon\Addons\Mobile\android\AdbWinUsbApi.dll c:\program files (x86)\Maxthon\Addons\Mobile\MxMobile.dat c:\program files (x86)\Maxthon\Addons\Mobile\MxMobile.dll c:\program files (x86)\Maxthon\Addons\MsgPush\MxMsgPush.dll c:\program files (x86)\Maxthon\Addons\TabsSync\MxTabsSync.dll c:\program files (x86)\Maxthon\Addons\Ueip\MxUeip.dll c:\program files (x86)\Maxthon\Bin\default.dat c:\program files (x86)\Maxthon\Bin\Maxthon.dll c:\program files (x86)\Maxthon\Bin\Maxthon.exe c:\program files (x86)\Maxthon\Bin\Maxzlib.dll c:\program files (x86)\Maxthon\Bin\Microsoft.VC90.CRT\Microsoft.VC90.CRT.manifest c:\program files (x86)\Maxthon\Bin\Microsoft.VC90.CRT\msvcm90.dll c:\program files (x86)\Maxthon\Bin\Microsoft.VC90.CRT\msvcp90.dll c:\program files (x86)\Maxthon\Bin\Microsoft.VC90.CRT\msvcr90.dll c:\program files (x86)\Maxthon\Bin\Mx3UnInstall.exe c:\program files (x86)\Maxthon\Bin\MxAccountSvc.dll c:\program files (x86)\Maxthon\Bin\MxAddonsMgr.dll c:\program files (x86)\Maxthon\Bin\MxApp.dll c:\program files (x86)\Maxthon\Bin\MxAppFrame.dll c:\program files (x86)\Maxthon\Bin\MxAppLoader.exe c:\program files (x86)\Maxthon\Bin\MxCore.dll c:\program files (x86)\Maxthon\Bin\MxCoreMan.dll c:\program files (x86)\Maxthon\Bin\MxCrashCatch.dll c:\program files (x86)\Maxthon\Bin\MxCrashReport.exe c:\program files (x86)\Maxthon\Bin\MxDb.dll c:\program files (x86)\Maxthon\Bin\MxDownloader.dll c:\program files (x86)\Maxthon\Bin\MxEncode.dll c:\program files (x86)\Maxthon\Bin\MxFilePackage.dll c:\program files (x86)\Maxthon\Bin\MxFileSync.dll c:\program files (x86)\Maxthon\Bin\MxHttpRq.dll c:\program files (x86)\Maxthon\Bin\MxIPC.dll c:\program files (x86)\Maxthon\Bin\MxMsg.dll c:\program files (x86)\Maxthon\Bin\MxResMgr.dll c:\program files (x86)\Maxthon\Bin\MxRsc.dll c:\program files (x86)\Maxthon\Bin\MxSvTrace.dll c:\program files (x86)\Maxthon\Bin\MxTool.dll c:\program files (x86)\Maxthon\Bin\MxUI.dll c:\program files (x86)\Maxthon\Bin\MxUp.exe c:\program files (x86)\Maxthon\Bin\mxver.db c:\program files (x86)\Maxthon\Bin\MxWKView.dll c:\program files (x86)\Maxthon\Bin\MxXDR.dll c:\program files (x86)\Maxthon\Bin\page.dat c:\program files (x86)\Maxthon\Bin\ui.dat c:\program files (x86)\Maxthon\Core\Trident\MxTrident.dll c:\program files (x86)\Maxthon\Core\Webkit\avcodec-54.dll c:\program files (x86)\Maxthon\Core\Webkit\avformat-54.dll c:\program files (x86)\Maxthon\Core\Webkit\avutil-51.dll c:\program files (x86)\Maxthon\Core\Webkit\D3DCompiler_43.dll c:\program files (x86)\Maxthon\Core\Webkit\d3dx9_43.dll c:\program files (x86)\Maxthon\Core\Webkit\libEGL.dll c:\program files (x86)\Maxthon\Core\Webkit\libGLESv2.dll c:\program files (x86)\Maxthon\Core\Webkit\MxHwDec.dll c:\program files (x86)\Maxthon\Core\Webkit\MxNPPluginsFile.xml c:\program files (x86)\Maxthon\Core\Webkit\MxWebkit.dll c:\program files (x86)\Maxthon\Core\Webkit\Npplugins\np-mswmp.dll c:\program files (x86)\Maxthon\Core\Webkit\Npplugins\npaliedit.dll c:\program files (x86)\Maxthon\Core\Webkit\Npplugins\NPCMBEdit.dll c:\program files (x86)\Maxthon\Core\Webkit\Npplugins\NPSWF32.dll c:\program files (x86)\Maxthon\Language\ar-bh.ini c:\program files (x86)\Maxthon\Language\ar-sa.ini c:\program files (x86)\Maxthon\Language\ar-ye.ini c:\program files (x86)\Maxthon\Language\be-by.ini c:\program files (x86)\Maxthon\Language\bg-bg.ini c:\program files (x86)\Maxthon\Language\bn-in.ini c:\program files (x86)\Maxthon\Language\ca-es.ini c:\program files (x86)\Maxthon\Language\cs-cz.ini c:\program files (x86)\Maxthon\Language\de-de.ini c:\program files (x86)\Maxthon\Language\el-gr.ini c:\program files (x86)\Maxthon\Language\en.ini c:\program files (x86)\Maxthon\Language\es-ar.ini c:\program files (x86)\Maxthon\Language\es-es.ini c:\program files (x86)\Maxthon\Language\es-mx.ini c:\program files (x86)\Maxthon\Language\et-ee.ini c:\program files (x86)\Maxthon\Language\fa-ir.ini c:\program files (x86)\Maxthon\Language\fi-fi.ini c:\program files (x86)\Maxthon\Language\fr-fr.ini c:\program files (x86)\Maxthon\Language\he-il.ini c:\program files (x86)\Maxthon\Language\hi-in.ini c:\program files (x86)\Maxthon\Language\hu-hu.ini c:\program files (x86)\Maxthon\Language\id-id.ini c:\program files (x86)\Maxthon\Language\it-it.ini c:\program files (x86)\Maxthon\Language\ja-jp.ini c:\program files (x86)\Maxthon\Language\ka-ge.ini c:\program files (x86)\Maxthon\Language\ko-kr.ini c:\program files (x86)\Maxthon\Language\license_en.txt c:\program files (x86)\Maxthon\Language\license_zh-cn.txt c:\program files (x86)\Maxthon\Language\ml-in.ini c:\program files (x86)\Maxthon\Language\mn-cyrl-mn.ini c:\program files (x86)\Maxthon\Language\nb-no.ini c:\program files (x86)\Maxthon\Language\nl-nl.ini c:\program files (x86)\Maxthon\Language\pl-pl.ini c:\program files (x86)\Maxthon\Language\pt-br.ini c:\program files (x86)\Maxthon\Language\pt-pt.ini c:\program files (x86)\Maxthon\Language\ro-ro.ini c:\program files (x86)\Maxthon\Language\ru-ru.ini c:\program files (x86)\Maxthon\Language\sk-sk.ini c:\program files (x86)\Maxthon\Language\sr-cyrl-cs.ini c:\program files (x86)\Maxthon\Language\sv-se.ini c:\program files (x86)\Maxthon\Language\ta-in.ini c:\program files (x86)\Maxthon\Language\th-th.ini c:\program files (x86)\Maxthon\Language\tr-tr.ini c:\program files (x86)\Maxthon\Language\uk-ua.ini c:\program files (x86)\Maxthon\Language\vi-vn.ini c:\program files (x86)\Maxthon\Language\zh-cn.ini c:\program files (x86)\Maxthon\Language\zh-tw.ini c:\program files (x86)\Maxthon\Modules\MxCaptureScreen3\MxCaptureScreen3.dll c:\program files (x86)\Maxthon\Modules\MxCmpUrl\MxCmpUrl.dll c:\program files (x86)\Maxthon\Modules\MxDock\language\ar-bh.ini c:\program files (x86)\Maxthon\Modules\MxDock\language\ar-sa.ini c:\program files (x86)\Maxthon\Modules\MxDock\language\ar-ye.ini c:\program files (x86)\Maxthon\Modules\MxDock\language\be-by.ini c:\program files (x86)\Maxthon\Modules\MxDock\language\bg-bg.ini c:\program files (x86)\Maxthon\Modules\MxDock\language\bn-in.ini c:\program files (x86)\Maxthon\Modules\MxDock\language\ca-es.ini c:\program files (x86)\Maxthon\Modules\MxDock\language\cs-cz.ini c:\program files (x86)\Maxthon\Modules\MxDock\language\de-de.ini c:\program files (x86)\Maxthon\Modules\MxDock\language\el-gr.ini c:\program files (x86)\Maxthon\Modules\MxDock\language\en.ini c:\program files (x86)\Maxthon\Modules\MxDock\language\es-ar.ini c:\program files (x86)\Maxthon\Modules\MxDock\language\es-es.ini c:\program files (x86)\Maxthon\Modules\MxDock\language\es-mx.ini c:\program files (x86)\Maxthon\Modules\MxDock\language\et-ee.ini c:\program files (x86)\Maxthon\Modules\MxDock\language\fa-ir.ini c:\program files (x86)\Maxthon\Modules\MxDock\language\fi-fi.ini c:\program files (x86)\Maxthon\Modules\MxDock\language\fr-fr.ini c:\program files (x86)\Maxthon\Modules\MxDock\language\he-il.ini c:\program files (x86)\Maxthon\Modules\MxDock\language\hi-in.ini c:\program files (x86)\Maxthon\Modules\MxDock\language\hu-hu.ini c:\program files (x86)\Maxthon\Modules\MxDock\language\id-id.ini c:\program files (x86)\Maxthon\Modules\MxDock\language\it-it.ini c:\program files (x86)\Maxthon\Modules\MxDock\language\ja-jp.ini c:\program files (x86)\Maxthon\Modules\MxDock\language\ka-ge.ini c:\program files (x86)\Maxthon\Modules\MxDock\language\ko-kr.ini c:\program files (x86)\Maxthon\Modules\MxDock\language\ml-in.ini c:\program files (x86)\Maxthon\Modules\MxDock\language\mn-cyrl-mn.ini c:\program files (x86)\Maxthon\Modules\MxDock\language\nb-no.ini c:\program files (x86)\Maxthon\Modules\MxDock\language\nl-nl.ini c:\program files (x86)\Maxthon\Modules\MxDock\language\pl-pl.ini c:\program files (x86)\Maxthon\Modules\MxDock\language\pt-br.ini c:\program files (x86)\Maxthon\Modules\MxDock\language\pt-pt.ini c:\program files (x86)\Maxthon\Modules\MxDock\language\ro-ro.ini c:\program files (x86)\Maxthon\Modules\MxDock\language\ru-ru.ini c:\program files (x86)\Maxthon\Modules\MxDock\language\sk-sk.ini c:\program files (x86)\Maxthon\Modules\MxDock\language\sr-cyrl-cs.ini c:\program files (x86)\Maxthon\Modules\MxDock\language\sv-se.ini c:\program files (x86)\Maxthon\Modules\MxDock\language\ta-in.ini c:\program files (x86)\Maxthon\Modules\MxDock\language\th-th.ini c:\program files (x86)\Maxthon\Modules\MxDock\language\tr-tr.ini c:\program files (x86)\Maxthon\Modules\MxDock\language\uk-ua.ini c:\program files (x86)\Maxthon\Modules\MxDock\language\vi-vn.ini c:\program files (x86)\Maxthon\Modules\MxDock\language\zh-cn.ini c:\program files (x86)\Maxthon\Modules\MxDock\language\zh-tw.ini c:\program files (x86)\Maxthon\Modules\MxDock\MxDock.exe c:\program files (x86)\Maxthon\Modules\MxDock\res_en.dll c:\program files (x86)\Maxthon\Modules\MxDock\res_zh-cn.dll c:\program files (x86)\Maxthon\Modules\MxDock\Sound.WAV c:\program files (x86)\Maxthon\Modules\MxFavDb\MxFav.dll c:\program files (x86)\Maxthon\Modules\MxFavDb\MxFavDb.dll c:\program files (x86)\Maxthon\Modules\MxHistory\MxHistory.dll c:\program files (x86)\Maxthon\Modules\MxMultiSearch\MxMultiSearch.dll c:\program files (x86)\Maxthon\Modules\MxMute\MxMute.dll c:\program files (x86)\Maxthon\Modules\MxPicLib\MxPicLib.dll c:\program files (x86)\Maxthon\Modules\MxPrint\MxPrint.dll c:\program files (x86)\Maxthon\Modules\MxQRGen\MxQRGen.dll c:\program files (x86)\Maxthon\Modules\MxSandBox\MxSec.dll c:\program files (x86)\Maxthon\Modules\MxSiteIcon\MxSiteIcon.dll c:\program files (x86)\Maxthon\Modules\MxSmartUrl\MxSmartUrl.dll c:\program files (x86)\Maxthon\Modules\MxStorage\MxStorage.dll c:\program files (x86)\Maxthon\Modules\MxSvInfo\MxSvInfo.dll c:\program files (x86)\Maxthon\Modules\MxSync\MxSync.dll c:\program files (x86)\Maxthon\Modules\MxUrlSec\MxUrlSec.dll c:\program files (x86)\Nation Toolbar c:\program files (x86)\Nation Toolbar\Chrome.zip c:\program files (x86)\Nation Toolbar\chrome_search.exe c:\program files (x86)\Nation Toolbar\inst.txt c:\program files (x86)\Nation Toolbar\sheller.exe c:\program files (x86)\Nation Toolbar\tab.zip c:\program files (x86)\Nation Toolbar\tabinst.txt c:\program files (x86)\Nation Toolbar\tbcore3.dll c:\program files (x86)\Nation Toolbar\tbid.txt c:\program files (x86)\Nation Toolbar\tbunsr278F.tmp\tbcore3.dll ((((((((((((((((((((((((( Files Created from 2013-08-06 to 2013-09-06 ))))))))))))))))))))))))))))))) 2013-09-06 07:36:05 . 2013-09-06 07:36:05 -------- d-----w- C:\Users\Default\AppData\Local\temp 2013-09-06 03:02:36 . 2013-09-06 03:04:08 -------- d-----w- C:\Users\Guest 2013-09-06 00:39:14 . 2013-09-06 00:39:17 -------- d-----w- C:\Windows\ServiceProfiles\LocalService\winhttp 2013-09-05 15:40:06 . 2013-09-05 15:40:06 -------- d-----w- C:\ProgramData\hsswpr 2013-09-05 02:01:11 . 2013-09-05 02:01:11 -------- d-----w- C:\ProgramData\TamoSoft 2013-09-05 02:01:02 . 2013-09-05 02:01:13 -------- d-----w- C:\Program Files (x86)\SmartWhois 2013-09-05 01:21:27 . 2013-09-05 01:24:20 -------- d-----w- C:\Program Files\CCleaner 2013-09-05 00:49:05 . 2013-09-05 01:27:30 -------- d-----w- C:\ProgramData\AntiSpyInfo 2013-09-05 00:28:07 . 2013-09-05 00:33:33 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy 2013-09-05 00:27:18 . 2013-09-05 01:28:41 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy 2 2013-09-04 16:08:19 . 2013-09-04 16:08:19 -------- d-----w- C:\ProgramData\Malwarebytes 2013-09-04 16:08:17 . 2013-09-04 16:08:21 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware 2013-09-04 16:08:17 . 2013-04-04 11:50:32 25928 ----a-w- C:\Windows\system32\drivers\mbam.sys 2013-09-04 15:59:16 . 2013-09-04 15:59:16 270512 ----a-w- C:\ProgramData\Microsoft\Windows\Sqm\Manifest\Sqm10215.bin 2013-09-04 02:45:12 . 2013-09-04 02:45:12 -------- d-----w- C:\Windows\SysWow64\drivers\UMDF\es-ES 2013-09-04 02:45:12 . 2013-09-04 02:45:12 -------- d-----w- C:\Windows\SysWow64\0C0A 2013-09-04 02:44:16 . 2013-09-04 02:44:16 -------- d-----w- C:\Windows\system32\0C0A 2013-08-30 05:04:17 . 2013-08-30 05:04:17 -------- d-----w- C:\ProgramData\regid.1995-08.com.techsmith 2013-08-30 05:04:16 . 2013-08-30 05:04:16 -------- d-----w- C:\Program Files (x86)\QuickTime 2013-08-30 05:04:07 . 2013-08-30 05:04:07 -------- d-----w- C:\Program Files (x86)\Common Files\TechSmith Shared 2013-08-30 05:03:53 . 2013-08-30 05:03:53 -------- d-----w- C:\ProgramData\TechSmith 2013-08-30 05:03:53 . 2013-08-30 05:03:53 -------- d-----w- C:\Program Files (x86)\TechSmith 2013-08-24 01:28:12 . 2013-08-24 01:28:39 -------- d-----w- C:\Program Files (x86)\SecondLifeViewer 2013-08-24 01:13:50 . 2013-08-24 01:13:50 -------- d-----w- C:\Makena 2013-08-24 01:13:38 . 2008-10-15 03:22:52 4379984 ----a-w- C:\Windows\SysWow64\D3DX9_40.dll 2013-08-22 12:37:33 . 2013-09-04 02:42:26 -------- d-----w- C:\sources 2013-08-18 02:12:46 . 2012-10-12 06:13:32 109568 ----a-w- C:\Windows\system32\dskquota.dll 2013-08-18 02:12:45 . 2012-10-12 05:39:54 82944 ----a-w- C:\Windows\SysWow64\dskquota.dll 2013-08-18 02:12:34 . 2012-10-24 04:54:04 396008 ----a-w- C:\Windows\system32\hal.dll 2013-08-18 02:12:30 . 2012-10-17 04:32:52 1172992 ----a-w- C:\Windows\system32\mfnetsrc.dll 2013-08-18 02:12:30 . 2012-10-17 04:32:51 677888 ----a-w- C:\Windows\system32\mfnetcore.dll 2013-08-18 02:12:30 . 2012-10-17 04:32:51 673280 ----a-w- C:\Windows\system32\mfmpeg2srcsnk.dll 2013-08-18 02:12:30 . 2012-10-17 03:57:37 929792 ----a-w- C:\Windows\SysWow64\mfnetsrc.dll 2013-08-18 02:12:30 . 2012-10-17 03:57:37 568832 ----a-w- C:\Windows\SysWow64\mfnetcore.dll 2013-08-18 02:12:30 . 2012-10-17 03:57:37 513024 ----a-w- C:\Windows\SysWow64\mfmpeg2srcsnk.dll 2013-08-18 02:12:03 . 2012-10-11 05:45:52 3236864 ----a-w- C:\Program Files\Common Files\Microsoft Shared\ink\tipskins.dll 2013-08-18 02:12:01 . 2012-10-11 05:46:07 1395712 ----a-w- C:\Windows\system32\Windows.UI.Immersive.dll 2013-08-18 02:10:59 . 2013-06-16 22:41:31 997632 ----a-w- C:\Windows\system32\drivers\ndis.sys 2013-08-18 02:09:59 . 2012-11-06 04:00:44 99328 ----a-w- C:\Windows\system32\wushareduxresources.dll 2013-08-18 02:08:58 . 2012-12-04 04:21:42 368640 ----a-w- C:\Windows\system32\sppwinob.dll 2013-08-18 02:08:12 . 2013-06-21 05:04:24 19187712 ----a-w- C:\Program Files\Common Files\Microsoft Shared\Microsoft Camera Codec Pack\MicrosoftRawCodec.dll 2013-08-18 02:08:11 . 2013-06-21 04:46:18 18523648 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\Microsoft Camera Codec Pack\MicrosoftRawCodec.dll 2013-08-18 01:34:58 . 2013-03-02 08:21:56 550912 ----a-w- C:\Windows\SysWow64\drvstore.dll 2013-08-18 01:31:30 . 2013-08-18 01:31:30 -------- d-----w- C:\ProgramData\Sony 2013-08-18 01:31:30 . 2013-08-18 01:31:30 -------- d-----w- C:\Program Files\Sony 2013-08-18 01:31:30 . 2013-08-18 01:31:30 -------- d-----w- C:\Program Files (x86)\Sony 2013-08-18 01:30:44 . 2012-08-31 00:53:55 17888 ----a-w- C:\Windows\SysWow64\msvcr100_clr0400.dll 2013-08-18 01:29:13 . 2012-08-31 00:52:59 17888 ----a-w- C:\Windows\system32\msvcr100_clr0400.dll 2013-08-18 01:26:59 . 2013-04-09 04:50:39 1285632 ----a-w- C:\Windows\system32\schedsvc.dll 2013-08-18 01:13:37 . 2013-08-18 01:13:54 -------- d-----w- C:\Program Files\WinRAR 2013-08-15 03:44:58 . 2013-08-15 03:45:56 -------- d-----w- C:\Windows\system32\MRT 2013-08-15 03:42:34 . 2013-08-15 03:42:34 -------- d-----w- C:\Users\Default\AppData\Local\Microsoft Help 2013-08-15 02:09:14 . 2013-03-06 07:10:10 112872 ----a-w- C:\Windows\system32\consent.exe 2013-08-15 02:09:14 . 2013-03-06 06:31:28 19758592 ----a-w- C:\Windows\system32\shell32.dll 2013-08-15 02:09:14 . 2013-03-06 06:31:26 222208 ----a-w- C:\Windows\system32\shdocvw.dll 2013-08-15 02:09:14 . 2013-03-06 06:29:15 70144 ----a-w- C:\Windows\system32\appinfo.dll 2013-08-15 02:08:00 . 2012-11-07 23:04:04 149264 ----a-w- C:\Program Files\Windows Defender\SymSrv.dll 2013-08-15 02:08:00 . 2012-11-07 23:04:00 1558912 ----a-w- C:\Program Files\Windows Defender\DbgHelp.dll 2013-08-14 05:13:48 . 2013-08-14 05:13:48 -------- d-----w- C:\Windows\PCHEALTH 2013-08-14 05:10:33 . 2013-08-14 05:10:33 -------- d-----w- C:\Program Files\Microsoft Office 2013-08-14 05:10:29 . 2013-08-14 05:10:29 -------- d-----w- C:\Program Files (x86)\Microsoft Analysis Services 2013-08-14 05:10:05 . 2013-08-14 05:10:05 -------- d-----r- C:\MSOCache 2013-08-14 05:04:38 . 2013-08-15 03:58:58 -------- d-----w- C:\ProgramData\Microsoft Help 2013-08-14 01:27:55 . 2013-05-23 23:02:30 1314816 ----a-w- C:\Windows\system32\rpcrt4.dll 2013-08-14 01:25:21 . 2013-07-13 06:18:21 337408 ----a-w- C:\Windows\system32\wintrust.dll 2013-08-14 01:25:21 . 2013-07-13 06:16:06 68096 ----a-w- C:\Windows\system32\cryptsvc.dll 2013-08-14 01:25:21 . 2013-07-13 06:16:06 1889280 ----a-w- C:\Windows\system32\crypt32.dll 2013-08-14 01:25:21 . 2013-07-13 06:15:53 124416 ----a-w- C:\Windows\system32\apprepapi.dll 2013-08-14 01:25:21 . 2013-07-13 04:24:58 261120 ----a-w- C:\Windows\SysWow64\wintrust.dll 2013-08-14 01:25:21 . 2013-07-13 04:23:11 1568256 ----a-w- C:\Windows\SysWow64\crypt32.dll 2013-08-14 01:25:21 . 2013-07-13 04:23:03 87040 ----a-w- C:\Windows\SysWow64\apprepapi.dll 2013-08-14 01:25:20 . 2013-07-13 06:15:53 98304 ----a-w- C:\Windows\system32\apprepsync.dll 2013-08-14 01:25:20 . 2013-07-13 04:23:03 74240 ----a-w- C:\Windows\SysWow64\apprepsync.dll 2013-08-13 15:15:16 . 2013-08-13 15:15:16 -------- d-----w- C:\Program Files (x86)\VideoLAN 2013-08-13 15:13:23 . 2011-03-02 10:43:46 175616 ----a-w- C:\Windows\SysWow64\unrar.dll 2013-08-13 15:13:22 . 2011-08-22 08:00:00 74752 ----a-w- C:\Windows\SysWow64\ff_vfw.dll 2013-08-13 15:13:22 . 2011-07-16 14:17:06 151552 ----a-w- C:\Windows\SysWow64\ac3acm.acm 2013-08-13 15:13:22 . 2011-06-24 14:44:30 243200 ----a-w- C:\Windows\SysWow64\xvidvfw.dll 2013-08-13 15:13:22 . 2011-06-24 14:28:22 650752 ----a-w- C:\Windows\SysWow64\xvidcore.dll 2013-08-13 15:13:22 . 2010-11-03 18:08:48 237568 ----a-w- C:\Windows\SysWow64\yv12vfw.dll 2013-08-13 15:13:22 . 2008-09-24 18:41:12 839680 ----a-w- C:\Windows\SysWow64\lameACM.acm 2013-08-13 15:13:21 . 2013-08-13 15:13:22 -------- d-----w- C:\Program Files (x86)\K-Lite Codec Pack 2013-08-13 14:57:01 . 2013-08-13 14:57:01 -------- d-----w- C:\Windows\SysWow64\drivers\ar-SA 2013-08-13 14:56:33 . 2013-08-13 14:56:35 -------- d-----w- C:\Windows\SysWow64\wbem\ar-SA 2013-08-13 14:56:26 . 2013-08-13 14:56:26 -------- d-----w- C:\Windows\ar-SA 2013-08-13 14:56:24 . 2013-08-13 14:56:25 -------- d-----w- C:\Windows\system32\drivers\ar-SA 2013-08-13 14:56:24 . 2013-08-13 14:56:24 -------- d-----w- C:\Windows\system32\ar 2013-08-13 14:55:35 . 2013-08-13 14:55:41 -------- d-----w- C:\Windows\system32\wbem\ar-SA 2013-08-13 14:43:45 . 2013-08-13 14:43:45 50784 ----a-w- C:\ProgramData\Microsoft\windowsfiltering\Sqm\Manifest\Sqm3.bin 2013-08-13 14:43:40 . 2013-08-13 14:43:40 17536 ----a-w- C:\ProgramData\Microsoft\windowssampling\Sqm\Manifest\Sqm3.bin 2013-08-12 20:33:39 . 2013-05-15 02:25:59 888320 ----a-w- C:\Windows\system32\autochk.exe 2013-08-12 20:33:39 . 2013-05-15 02:25:44 542208 ----a-w- C:\Windows\system32\untfs.dll 2013-08-12 20:33:39 . 2013-05-15 02:24:10 793088 ----a-w- C:\Windows\SysWow64\autochk.exe 2013-08-12 20:33:39 . 2013-05-15 02:24:01 482816 ----a-w- C:\Windows\SysWow64\untfs.dll 2013-08-12 20:33:37 . 2013-05-30 23:24:29 1257472 ----a-w- C:\Windows\system32\kernel32.dll 2013-08-12 20:33:33 . 2013-05-23 23:01:46 1300992 ----a-w- C:\Windows\system32\gdi32.dll 2013-08-12 20:33:33 . 2013-05-23 22:27:05 1022464 ----a-w- C:\Windows\SysWow64\gdi32.dll 2013-08-12 20:31:10 . 2013-04-10 22:35:00 2035200 ----a-w- C:\Program Files\Common Files\Microsoft Shared\ink\InkObj.dll 2013-08-12 20:31:10 . 2013-04-10 22:35:00 1272320 ----a-w- C:\Program Files\Common Files\Microsoft Shared\ink\journal.dll 2013-08-12 20:31:09 . 2013-04-10 22:35:09 1617920 ----a-w- C:\Program Files\Windows Journal\NBDoc.DLL 2013-08-12 20:31:09 . 2013-04-10 22:35:00 1306112 ----a-w- C:\Program Files\Windows Journal\JNTFiltr.dll 2013-08-12 20:31:08 . 2013-04-16 02:34:44 1455368 ----a-w- C:\Windows\system32\drivers\dxgkrnl.sys 2013-08-12 20:31:08 . 2013-04-11 04:12:06 1029632 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\journal.dll 2013-08-12 20:31:08 . 2013-04-11 04:12:04 1413632 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\InkObj.dll 2013-08-12 20:31:08 . 2013-04-10 22:35:00 1318912 ----a-w- C:\Program Files\Windows Journal\JNWDRV.dll 2013-08-12 20:31:07 . 2013-01-10 01:40:38 303848 ----a-w- C:\Windows\system32\drivers\dxgmms1.sys 2013-08-12 20:29:57 . 2013-02-02 08:23:30 830464 ----a-w- C:\Windows\system32\wbem\WmiPrvSD.dll 2013-08-12 20:28:15 . 2013-04-27 05:20:12 733184 ----a-w- C:\Windows\system32\win32spl.dll 2013-08-12 19:39:12 . 2013-05-03 00:11:42 64856 ----a-w- C:\Windows\system32\klfphc.dll 2013-08-12 19:38:40 . 2013-09-06 04:39:18 -------- d-----w- C:\ProgramData\Kaspersky Lab 2013-08-12 19:38:40 . 2013-08-12 19:38:40 -------- d-----w- C:\Program Files (x86)\Kaspersky Lab 2013-08-12 19:38:27 . 2013-05-03 00:11:42 90208 ----a-w- C:\Windows\system32\drivers\klflt.sys 2013-08-12 19:38:27 . 2013-05-03 00:11:42 619616 ----a-w- C:\Windows\system32\drivers\klif.sys 2013-08-12 19:32:11 . 2013-08-12 19:32:12 -------- d-----w- C:\Program Files\Classic Shell 2013-08-12 19:25:34 . 2013-08-12 19:25:49 -------- d-----w- C:\Program Files (x86)\Google 2013-08-12 19:16:56 . 2013-09-04 15:43:31 -------- d-----w- C:\Users\asus . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) 2013-08-14 01:22:44 . 2012-07-26 08:13:01 22240 ----a-w- C:\ProgramData\Microsoft\IdentityCRL\production\ppcrlconfig600.dll 2013-06-27 22:04:51 . 2012-07-26 08:14:35 78200 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2013-06-27 22:04:51 . 2012-07-26 08:14:35 693112 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe 2013-06-21 01:09:44 . 2013-06-21 01:09:44 42184 ----a-w- C:\Windows\system32\drivers\taphss6.sys ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "uTorrent"="C:\Users\asus\AppData\Roaming\uTorrent\uTorrent.exe" [2013-08-30 04:11:59 1130576] [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "Adobe Reader Speed Launcher"="C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2010-11-16 04:02:24 35736] "Adobe ARM"="C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-16 04:02:22 932288] "RemoteControl10"="C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe" [2012-03-29 02:34:30 91432] "ASUSWebStorage"="C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.9.120\AsusWSPanel.exe" [2012-08-28 01:09:32 3417984] "SunJavaUpdateSched"="C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-03-12 14:32:50 253816] "AVP"="C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\runner_avp.exe" [2013-05-03 00:11:44 24504] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "EnableUIADesktopToggle"= 0 (0x0) "EnableCursorSuppression"= 1 (0x1) "ConsentPromptBehaviorUser"= 3 (0x3) [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32] "mixer3"=wdmaud.drv [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean64.exe [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] @="" [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus] "DisableMonitoring"=dword:00000001 R0 klelam;klelam;C:\Windows\system32\DRIVERS\klelam.sys;C:\Windows\SYSNATIVE\DRIVERS\klelam.sys [x] R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x] R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x] R2 ZeroConfigService;Intel® PROSet/Wireless Zero Configuration Service;C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe;C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [x] R3 AMPPALP;Intel® Centrino® Wireless Bluetooth® + High Speed Protocol;C:\Windows\system32\DRIVERS\amppal.sys;C:\Windows\SYSNATIVE\DRIVERS\amppal.sys [x] R3 intaud_WaveExtensible;Intel WiDi Audio Device;C:\Windows\system32\drivers\intelaud.sys;C:\Windows\SYSNATIVE\drivers\intelaud.sys [x] R3 MBAMProtector;MBAMProtector;C:\Windows\system32\drivers\mbam.sys;C:\Windows\SYSNATIVE\drivers\mbam.sys [x] R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [x] R3 taphss6;Anchorfree HSS VPN Adapter;C:\Windows\system32\DRIVERS\taphss6.sys;C:\Windows\SYSNATIVE\DRIVERS\taphss6.sys [x] R3 WUDFWpdMtp;WUDFWpdMtp;C:\Windows\system32\DRIVERS\WUDFRd.sys;C:\Windows\SYSNATIVE\DRIVERS\WUDFRd.sys [x] S0 iaStorA;iaStorA;C:\Windows\System32\drivers\iaStorA.sys;C:\Windows\SYSNATIVE\drivers\iaStorA.sys [x] S1 ATKWMIACPIIO;ATKWMIACPI Driver;C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys;C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [x] S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;C:\Windows\system32\DRIVERS\klim6.sys;C:\Windows\SYSNATIVE\DRIVERS\klim6.sys [x] S1 klwfp;klwfp;C:\Windows\system32\DRIVERS\klwfp.sys;C:\Windows\SYSNATIVE\DRIVERS\klwfp.sys [x] S1 kneps;kneps;C:\Windows\system32\DRIVERS\kneps.sys;C:\Windows\SYSNATIVE\DRIVERS\kneps.sys [x] S2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® + High Speed Service;C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe;C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe [x] S2 ASMMAP64;ASMMAP64;C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys;C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [x] S2 ASUS InstantOn;ASUS InstantOn Service;C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe;C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe [x] S2 Bluetooth Device Monitor;Bluetooth Device Monitor;C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe;C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe [x] S2 Bluetooth OBEX Service;Bluetooth OBEX Service;C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe;C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe [x] S2 BTHSSecurityMgr;Intel® Centrino® Wireless Bluetooth® + High Speed Security Service;C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe;C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe [x] S2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe;C:\Program Files\Intel\iCLS Client\HeciServer.exe [x] S2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe;C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [x] S2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x] S3 AiCharger;ASUS Charger Driver;C:\Windows\system32\DRIVERS\AiCharger.sys;C:\Windows\SYSNATIVE\DRIVERS\AiCharger.sys [x] S3 AMPPAL;Intel® Centrino® Wireless Bluetooth® + High Speed Virtual Adapter;C:\Windows\System32\drivers\AMPPAL.sys;C:\Windows\SYSNATIVE\drivers\AMPPAL.sys [x] S3 ATP;ASUS PS/2 Port Input Device;C:\Windows\System32\drivers\AsusTP.sys;C:\Windows\SYSNATIVE\drivers\AsusTP.sys [x] S3 BthLEEnum;Bluetooth Low Energy Driver;C:\Windows\system32\DRIVERS\BthLEEnum.sys;C:\Windows\SYSNATIVE\DRIVERS\BthLEEnum.sys [x] S3 btmaux;Intel Bluetooth Auxiliary Service;C:\Windows\system32\DRIVERS\btmaux.sys;C:\Windows\SYSNATIVE\DRIVERS\btmaux.sys [x] S3 btmhsf;btmhsf;C:\Windows\system32\DRIVERS\btmhsf.sys;C:\Windows\SYSNATIVE\DRIVERS\btmhsf.sys [x] S3 HIDSwitch;ASUS Wireless Radio Control;C:\Windows\System32\drivers\AsHIDSwitch64.sys;C:\Windows\SYSNATIVE\drivers\AsHIDSwitch64.sys [x] S3 iBtFltCoex;iBtFltCoex;C:\Windows\system32\DRIVERS\iBtFltCoex.sys;C:\Windows\SYSNATIVE\DRIVERS\iBtFltCoex.sys [x] S3 IntcDAud;Intel® Display Audio;C:\Windows\system32\DRIVERS\IntcDAud.sys;C:\Windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x] S3 iwdbus;IWD Bus Enumerator;C:\Windows\System32\drivers\iwdbus.sys;C:\Windows\SYSNATIVE\drivers\iwdbus.sys [x] S3 klkbdflt;Kaspersky Lab KLKBDFLT;C:\Windows\system32\DRIVERS\klkbdflt.sys;C:\Windows\SYSNATIVE\DRIVERS\klkbdflt.sys [x] S3 klmouflt;Kaspersky Lab KLMOUFLT;C:\Windows\system32\DRIVERS\klmouflt.sys;C:\Windows\SYSNATIVE\DRIVERS\klmouflt.sys [x] S3 NETwNe64;@oem12.inf,___ %NIC_Service_DispName_WIN8_64%;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 8 - 64 Bit;C:\Windows\system32\DRIVERS\NETwew00.sys;C:\Windows\SYSNATIVE\DRIVERS\NETwew00.sys [x] S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\Drivers\RtsUStor.sys;C:\Windows\SYSNATIVE\Drivers\RtsUStor.sys [x] S3 RTL8168;Realtek 8168 NT Driver;C:\Windows\system32\DRIVERS\Rt630x64.sys;C:\Windows\SYSNATIVE\DRIVERS\Rt630x64.sys [x] S3 usb3Hub;USB-IF USB 3.0 Hub;C:\Windows\System32\drivers\usb3Hub.sys;C:\Windows\SYSNATIVE\drivers\usb3Hub.sys [x] S3 XHCIPort;USB-IF xHCI USB Host Controller;C:\Windows\System32\drivers\XHCIPort.sys;C:\Windows\SYSNATIVE\drivers\XHCIPort.sys [x] [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}] 2013-09-05 09:41:41 1177552 ----a-w- C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.66\Installer\chrmstp.exe Contents of the 'Scheduled Tasks' folder 2013-09-06 C:\Windows\Tasks\Adobe Flash Player Updater.job - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-08-21 05:51:02 . 2013-08-21 05:51:02] 2013-09-06 C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-08-26 05:36:01 . 2013-08-26 05:35:59] 2013-09-06 C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-08-26 05:36:01 . 2013-08-26 05:35:59] --------- X64 Entries ----------- [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_B] @="{6D4133E5-0742-4ADC-8A8C-9303440F7190}" [HKEY_CLASSES_ROOT\CLSID\{6D4133E5-0742-4ADC-8A8C-9303440F7190}] 2012-03-13 09:23:30 1500672 ----a-w- C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.9.120\AsusWSShellExt64.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_O] @="{64174815-8D98-4CE6-8646-4C039977D808}" [HKEY_CLASSES_ROOT\CLSID\{64174815-8D98-4CE6-8646-4C039977D808}] 2012-03-13 09:23:30 1500672 ----a-w- C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.9.120\AsusWSShellExt64.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_U] @="{1C5AB7B1-0B38-4EC4-9093-7FD277E2AF4D}" [HKEY_CLASSES_ROOT\CLSID\{1C5AB7B1-0B38-4EC4-9093-7FD277E2AF4D}] 2012-03-13 09:23:30 1500672 ----a-w- C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.9.120\AsusWSShellExt64.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="C:\Windows\system32\igfxtray.exe" [2012-10-15 04:10:14 171040] "HotKeysCmds"="C:\Windows\system32\hkcmd.exe" [2012-10-15 04:09:52 399392] "RTHDVCPL"="C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" [2012-10-18 09:42:22 13213328] "BTMTrayAgent"="C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll" [2012-07-21 02:16:02 11554176] ------- Supplementary Scan ------- uLocal Page = C:\Windows\system32\blank.htm mLocal Page = C:\Windows\SysWOW64\blank.htm IE: Add to Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ie_banner_deny.htm IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 IE: Send to Bluetooth - C:\Program Files (x86)\Intel\Bluetooth\btSendToObject.htm IE: ????? ??? ???? Bluetooth - C:\Program Files (x86)\Intel\Bluetooth\btSendToObject.htm TCP: DhcpNameServer = 192.168.1.1 192.168.1.1 - - - - ORPHANS REMOVED - - - - Toolbar-Locked - (no file) BHO-{F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - (no file) AddRemove-Maxthon3 - C:\Program Files (x86)\Maxthon\Bin\Mx3Uninstall.exe --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}] @Denied: (A) (Everyone) "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3] @Denied: (A) (Everyone) [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0] "Key"="ActionsPane3" "Location"="C:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) @SACL=(02 0000)

see here again : and I searched for them . They are from china, too