Autorun.inf virus cannot be deleted with Malwarebytes

[Matthew22]

Hello i recently got infected with a virus that makes all the folders in my external hard disk into shortcuts. I have tried many ways to get rid of it including CMD prompt and several shortcut virus removers but the virus comes back after a few seconds. My infected external hard disks have 3 extra files in them called "Recycle.Bin", "System Volume Information" and "recycler" theres also an autorun.inf file that cannot be deleted. After searching the internet for several days I came across a similar topic on this forum and it recomended the use of ComboFix. I tried it and I was told to put the log in the forum for further assistance.

 

ComboFix 13-08-31.01 - Neoh 01/09/2013  13:49:29.1.4 - x64

Microsoft Windows 8 Single Language  6.2.9200.0.1252.60.1033.18.3982.2284 [GMT 8:00]

Running from: c:\users\Neoh\Desktop\fix.exe.exe

AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: IObit Malware Fighter *Disabled/Updated* {A751AC20-3B48-5237-898A-78C4436BB78D}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\programdata\SetStretch.exe

c:\programdata\SetStretch.VBS

c:\windows\msvcr71.dll

.

.

(((((((((((((((((((((((((   Files Created from 2013-08-01 to 2013-09-01  )))))))))))))))))))))))))))))))

.

.

2013-08-31 16:32 . 2013-08-31 16:32 -------- d-----w- c:\programdata\Malwarebytes

2013-08-31 16:32 . 2013-08-31 16:40 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2013-08-31 16:32 . 2013-04-04 06:50 25928 ----a-w- c:\windows\system32\drivers\mbam.sys

2013-08-31 15:24 . 2013-08-31 15:24 -------- d-----w- c:\programdata\IObit

2013-08-31 15:23 . 2013-08-31 15:23 -------- d-----w- c:\program files (x86)\IObit

2013-08-31 09:42 . 2013-08-31 09:42 -------- d-----w- c:\program files\CSL 3.5G Connect

2013-08-30 17:07 . 2013-08-30 17:07 -------- d-----w- C:\3bfda

2013-08-28 12:12 . 2013-08-31 09:29 -------- d-----w- c:\program files\Recuva

2013-08-28 01:58 . 2013-08-28 01:58 -------- d-----w- c:\programdata\NCH Software

2013-08-28 01:57 . 2013-08-28 01:58 -------- d-----w- c:\program files (x86)\NCH Software

2013-08-28 01:11 . 2013-08-31 15:55 -------- d-----w- c:\users\Public\AccountPictures

2013-08-27 18:11 . 2013-08-27 18:11 240304 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10214.bin

2013-08-27 13:56 . 2013-08-27 13:56 -------- d-----w- c:\program files\Microsoft Office

2013-08-27 13:56 . 2013-08-27 13:56 -------- d-----w- c:\program files (x86)\Microsoft Analysis Services

2013-08-27 13:55 . 2013-08-27 14:03 -------- d-----w- c:\programdata\Microsoft Help

2013-08-27 13:55 . 2013-08-27 13:55 -------- d-----r- C:\MSOCache

2013-08-27 13:32 . 2013-04-03 17:27 5102040 ----a-w- c:\windows\SysWow64\GameMon.des

2013-08-27 13:32 . 2012-01-01 07:33 4774 ----a-w- c:\windows\SysWow64\npptNT2.sys

2013-08-27 13:32 . 2003-07-20 00:17 5174 ----a-w- c:\windows\SysWow64\nppt9x.vxd

2013-08-27 13:32 . 2013-08-27 13:32 -------- d-----w- c:\program files\Common Files\INCA Shared

2013-08-27 13:31 . 2013-08-27 13:31 -------- d-----w- c:\program files (x86)\Combined Community Codec Pack

2013-08-27 13:19 . 2009-05-22 08:02 119552 ----a-w- c:\windows\system32\drivers\bmusbser.sys

2013-08-27 13:19 . 2009-05-22 08:02 103424 ----a-w- c:\windows\SysWow64\MyDIT_GenClassCoInst.dll

2013-08-27 13:19 . 2013-08-31 09:31 -------- d-----w- c:\program files (x86)\CSL 3.5G Connect

2013-08-27 12:33 . 2013-08-27 12:33 -------- d-----w- c:\users\Public\CyberLink

2013-08-27 12:33 . 2013-08-27 12:33 -------- d-----w- c:\programdata\CyberLink

2013-08-27 12:27 . 2013-08-27 12:27 -------- d-----w- c:\program files (x86)\PANDORA.TV

2013-08-27 12:27 . 2013-08-27 12:27 -------- d-----w- c:\program files (x86)\The KMPlayer

2013-08-27 10:26 . 2013-08-27 10:27 -------- d-----w- c:\programdata\Yahoo!

2013-08-27 10:25 . 2013-08-27 10:26 -------- d-----w- c:\program files (x86)\Yahoo!

2013-08-27 10:25 . 2013-08-27 10:25 -------- d-----w- c:\program files (x86)\Common Files\Adobe

2013-08-27 10:23 . 2013-08-27 10:23 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service

2013-08-27 10:21 . 2013-08-27 16:25 -------- d-----w- c:\program files (x86)\Google

2013-08-27 10:20 . 2013-08-27 10:20 -------- d-----w- c:\program files\7-Zip

2013-08-27 10:16 . 2013-08-27 10:16 50784 ----a-w- c:\programdata\Microsoft\windowsfiltering\Sqm\Manifest\Sqm3.bin

2013-08-27 10:16 . 2013-08-27 10:16 17536 ----a-w- c:\programdata\Microsoft\windowssampling\Sqm\Manifest\Sqm3.bin

2013-08-27 10:13 . 2013-08-29 11:57 -------- d-----w- c:\users\Neoh

.

.

.

((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2013-08-27 10:13 . 2012-07-26 08:13 22240 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll

2013-07-18 05:47 . 2013-07-18 05:47 499712 ----a-w- c:\windows\SysWow64\msvcp71.dll

2013-07-18 05:47 . 2013-07-18 05:47 348160 ----a-w- c:\windows\SysWow64\msvcr71.dll

2013-07-18 05:47 . 2013-07-18 05:47 29480 ----a-w- c:\windows\SysWow64\msxml3a.dll

.

.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown 

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"2c4e2"="c:\users\Neoh\AppData\Roaming\3a583\2c4e2.js" [X]

"Messenger (Yahoo!)"="c:\program files (x86)\Yahoo!\Messenger\YahooMessenger.exe" [2009-11-10 5244216]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"ASUSPRP"="c:\program files (x86)\ASUS\APRP\APRP.EXE" [2013-04-24 3187360]

"ASUSWebStorage"="c:\program files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\AsusWSPanel.exe" [2012-12-19 3576784]

"RemoteControl10"="c:\program files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe" [2012-03-29 91432]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]

"IObit Malware Fighter"="c:\program files (x86)\IObit\IObit Malware Fighter\IMF.exe" [2013-08-16 1549120]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"EnableUIADesktopToggle"= 0 (0x0)

"EnableCursorSuppression"= 1 (0x1)

"ConsentPromptBehaviorUser"= 3 (0x3)

"DisableCAD"= 1 (0x1)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]

"LoadAppInit_DLLs"=1 (0x1)

"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\IMFservice]

@="Service"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc]

@=""

.

R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [x]

R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des;c:\windows\SYSNATIVE\GameMon.des [x]

R3 UrlFilter;UrlFilter;c:\program files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\UrlFilter.sys;c:\program files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\UrlFilter.sys [x]

R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\System32\drivers\wdcsam64.sys;c:\windows\SYSNATIVE\drivers\wdcsam64.sys [x]

R4 FileMonitor;FileMonitor;c:\program files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\FileMonitor.sys;c:\program files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\FileMonitor.sys [x]

S0 iaStorA;iaStorA;c:\windows\System32\drivers\iaStorA.sys;c:\windows\SYSNATIVE\drivers\iaStorA.sys [x]

S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys;c:\windows\SYSNATIVE\DRIVERS\nvpciflt.sys [x]

S1 ATKWMIACPIIO;ATKWMIACPI Driver;c:\program files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys;c:\program files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [x]

S2 ASMMAP64;ASMMAP64;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [x]

S2 ASUS InstantOn;ASUS InstantOn Service;c:\program files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe;c:\program files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe [x]

S2 Asus WebStorage Windows Service;Asus WebStorage Windows Service;c:\program files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\AsusWSWinService.exe;c:\program files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\AsusWSWinService.exe [x]

S2 AtherosSvc;AtherosSvc;c:\program files (x86)\Bluetooth Suite\adminservice.exe;c:\program files (x86)\Bluetooth Suite\adminservice.exe [x]

S2 IconMan_R;IconMan_R;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [x]

S2 IMFservice;IMF Service;c:\program files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe;c:\program files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe [x]

S2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]

S2 Intel® ME Service;Intel® ME Service;c:\program files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [x]

S2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [x]

S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]

S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]

S2 PanService;PandoraService;c:\program files (x86)\PANDORA.TV\PanService\PandoraService.exe;c:\program files (x86)\PANDORA.TV\PanService\PandoraService.exe [x]

S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]

S2 ZAtheros Bt and Wlan Coex Agent;ZAtheros Bt and Wlan Coex Agent;c:\program files (x86)\Bluetooth Suite\Ath_CoexAgent.exe;c:\program files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [x]

S3 AiCharger;ASUS Charger Driver;c:\windows\system32\DRIVERS\AiCharger.sys;c:\windows\SYSNATIVE\DRIVERS\AiCharger.sys [x]

S3 AthBTPort;Qualcomm Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys;c:\windows\SYSNATIVE\DRIVERS\btath_flt.sys [x]

S3 ATP;ASUS Input Device;c:\windows\System32\drivers\AsusTP.sys;c:\windows\SYSNATIVE\drivers\AsusTP.sys [x]

S3 bmusbser;Network Connect USB Device for Legacy Serial Communication;c:\windows\system32\DRIVERS\bmusbser.sys;c:\windows\SYSNATIVE\DRIVERS\bmusbser.sys [x]

S3 BTATH_BUS;Qualcomm Atheros Bluetooth Bus;c:\windows\System32\drivers\btath_bus.sys;c:\windows\SYSNATIVE\drivers\btath_bus.sys [x]

S3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\System32\drivers\btath_hcrp.sys;c:\windows\SYSNATIVE\drivers\btath_hcrp.sys [x]

S3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys;c:\windows\SYSNATIVE\DRIVERS\btath_lwflt.sys [x]

S3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys;c:\windows\SYSNATIVE\DRIVERS\btfilter.sys [x]

S3 BthLEEnum;Bluetooth Low Energy Driver;c:\windows\system32\DRIVERS\BthLEEnum.sys;c:\windows\SYSNATIVE\DRIVERS\BthLEEnum.sys [x]

S3 HIDSwitch;ASUS Wireless Radio Control;c:\windows\System32\drivers\AsHIDSwitch64.sys;c:\windows\SYSNATIVE\drivers\AsHIDSwitch64.sys [x]

S3 ICCS;Intel® Integrated Clock Controller Service - Intel® ICCS;c:\program files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe;c:\program files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe [x]

S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]

S3 RegFilter;RegFilter;c:\program files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\regfilter.sys;c:\program files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\regfilter.sys [x]

S3 RSBASTOR;Realtek PCIE CardReader Driver - BA;c:\windows\system32\DRIVERS\RtsBaStor.sys;c:\windows\SYSNATIVE\DRIVERS\RtsBaStor.sys [x]

S3 RTL8168;Realtek 8168 NT Driver;c:\windows\system32\DRIVERS\Rt630x64.sys;c:\windows\SYSNATIVE\DRIVERS\Rt630x64.sys [x]

.

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]

2013-08-30 10:38 1177552 ----a-w- c:\program files (x86)\Google\Chrome\Application\29.0.1547.62\Installer\chrmstp.exe

.

Contents of the 'Scheduled Tasks' folder

.

2013-09-01 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-08-27 10:32]

.

2013-09-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-08-27 10:21]

.

2013-09-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-08-27 10:21]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\!AsusWSShellExt_B]

@="{6D4133E5-0742-4ADC-8A8C-9303440F7190}"

[HKEY_CLASSES_ROOT\CLSID\{6D4133E5-0742-4ADC-8A8C-9303440F7190}]

2012-09-27 07:15 1472512 ----a-w- c:\program files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\AsusWSShellExt64.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\!AsusWSShellExt_O]

@="{64174815-8D98-4CE6-8646-4C039977D808}"

[HKEY_CLASSES_ROOT\CLSID\{64174815-8D98-4CE6-8646-4C039977D808}]

2012-09-27 07:15 1472512 ----a-w- c:\program files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\AsusWSShellExt64.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\!AsusWSShellExt_U]

@="{1C5AB7B1-0B38-4EC4-9093-7FD277E2AF4D}"

[HKEY_CLASSES_ROOT\CLSID\{1C5AB7B1-0B38-4EC4-9093-7FD277E2AF4D}]

2012-09-27 07:15 1472512 ----a-w- c:\program files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\AsusWSShellExt64.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]

@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"

[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]

2013-06-27 08:11 778704 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]

@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"

[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]

2013-06-27 08:11 778704 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedViewOverlay]

@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"

[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]

2013-06-27 08:11 778704 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]

@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"

[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]

2013-06-27 08:11 778704 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]

@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"

[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]

2013-06-27 08:11 778704 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2013-02-21 171992]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2013-02-21 399832]

"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2013-04-24 13535304]

"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2013-04-24 1307720]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"AppInit_DLLs"=c:\windows\System32\nvinitx.dll

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

mLocal Page = c:\windows\SysWOW64\blank.htm

IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105

TCP: Interfaces\{CAC55C7A-405F-466D-88B0-6F509E667897}: NameServer = 203.82.64.129 203.82.64.145

FF - ProfilePath - c:\users\Neoh\AppData\Roaming\Mozilla\Firefox\Profiles\qkkklbw0.default\

.

- - - - ORPHANS REMOVED - - - -

.

Toolbar-Locked - (no file)

ShellIconOverlayIdentifiers-{F241C880-6982-4CE5-8CF7-7085BA96DA5A} - (no file)

ShellIconOverlayIdentifiers-{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} - (no file)

ShellIconOverlayIdentifiers-{BBACC218-34EA-4666-9D7A-C78F2274A524} - (no file)

Toolbar-Locked - (no file)

ShellIconOverlayIdentifiers-{F241C880-6982-4CE5-8CF7-7085BA96DA5A} - (no file)

ShellIconOverlayIdentifiers-{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} - (no file)

ShellIconOverlayIdentifiers-{BBACC218-34EA-4666-9D7A-C78F2274A524} - (no file)

.

.

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\npggsvc]

"ImagePath"="c:\windows\system32\GameMon.des -service"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]

@Denied: (A) (Everyone)

"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]

@Denied: (A) (Everyone)

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]

"Key"="ActionsPane3"

"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e96d-e325-11ce-bfc1-08002be10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

@SACL=(02 0000)

.

Completion time: 2013-09-01  13:54:33

ComboFix-quarantined-files.txt  2013-09-01 05:54

.

Pre-Run: 177,808,629,760 bytes free

Post-Run: 178,035,535,872 bytes free

.

- - End Of File - - 86F7EDCA065BFBA6677F0719A4A74683

5FB38429D5D77768867C76DCBDB35194

 

[AdvancedSetup]

I notice that you're running IObit Malware Fighter

 

The company behind this product was found to be stealing our database.
Personally I would not trust installing any software from a company that resorts to stealing someone's technology to sell their product.
Please see the following links and make up your own mind if you want to keep this on your system. If needed I can help you remove it.
 

• IOBit Steals Malwarebytes' Intellectual Property
• IOBit's Denial of Theft Unconvincing
• IOBit Theft Conclusion
• IObit: Trusting Your Antivirus Vendor
• Malwarebytes: IObit Stole Our Signatures Database
• IObit accused of stealing from Malwarebytes

 

 

 

 

 

 

Please visit this webpage and read the ComboFix User's Guide:

• Once you've read the article and are ready to use the program you can download it directly from the link below.
• Important! - Please make sure you save combofix to your desktop and do not run it from your browser
• Direct download link for: ComboFix.exe
• Please make sure you disable your security applications before running ComboFix.
• Once Combofix has completed it will produce and open a log file.  Please be patient as it can take some time to load.
• Please attach that log file to your next reply.
• If needed the file can be located here:  C:\combofix.txt
• NOTE: If you receive the message "illegal operation has been attempted on a registry key that has been marked for deletion", just reboot the computer.

 

 

 

[Matthew22]

I read that ComboFix is not supported by Windows 8? Also IObit was recomended by a friend, I am planning to uninstall it after I downloaded avast when I am free. 

[AdvancedSetup]

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

• Double-click to run it. When the tool opens click Yes to disclaimer.
• Press Scan button.
• It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
• The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
  

 

[Matthew22]

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-09-2013 04

Ran by Neoh (administrator) on USER on 02-09-2013 16:47:10

Running from C:\Users\Neoh\Desktop

Windows 8 Single Language (X64) OS Language: English(US)

Internet Explorer Version 10

Boot Mode: Normal

 

==================== Processes (Whitelisted) =================

 

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe

(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe

(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe

(IObit) C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe

(ASUS) C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe

() C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\AsusWSWinService.exe

(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\adminservice.exe

(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe

(Microsoft Corporation) C:\Windows\system32\dashost.exe

(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe

(Pandora.TV) C:\Program Files (x86)\PANDORA.TV\PanService\PandoraService.exe

(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe

(Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe

(PandoraTV) C:\Program Files (x86)\PANDORA.TV\PanService\PanProcess.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe

(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\Splendid\ColorUService.exe

(ASUS) C:\Program Files\ASUS\P4G\BatteryLife.exe

(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe

(ASUS) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe

(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe

(ASUS) C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnWMI.exe

(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe

(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe

(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe

(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4406.1205_x64__8wekyb3d8bbwe\LiveComm.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe

(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe

(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x64\QuickGesture64.exe

(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x86\QuickGesture.exe

(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPHelper.exe

(Intel Corporation) C:\Windows\system32\igfxpers.exe

(Intel Corporation) C:\Windows\System32\igfxtray.exe

(Intel Corporation) C:\Windows\System32\hkcmd.exe

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe

(Microsoft Corporation) C:\Windows\System32\WScript.exe

(Yahoo! Inc.) C:\Program Files (x86)\Yahoo!\Messenger\ymsgr_tray.exe

(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe

(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe

(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPCenter.exe

() C:\Program Files\CSL 3.5G Connect\WirelessModem.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Farbar) C:\Users\Neoh\Desktop\Far.exe.exe

 

==================== Registry (Whitelisted) ==================

 

HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13535304 2013-04-24] (Realtek Semiconductor)

HKLM\...\Run: [RtHDVBg] - C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1307720 2013-04-24] (Realtek Semiconductor)

HKLM\...\Policies\Explorer: [NoDrives] 0

HKCU\...\Run: [Messenger (Yahoo!)] - C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe [5244216 2009-11-11] (Yahoo! Inc.)

HKCU\...\Run: [2c4e2] - C:\Users\Neoh\AppData\Roaming\3a583\2c4e2.js [47534 2013-09-02] ()

HKCU\...\Policies\Explorer: [NoDrives] 0

HKLM-x32\...\Run: [ASUSPRP] - C:\Program Files (x86)\ASUS\APRP\APRP.EXE [3187360 2013-04-24] (ASUSTek Computer Inc.)

HKLM-x32\...\Run: [ASUSWebStorage] - C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\AsusWSPanel.exe [3576784 2012-12-19] (ASUS Cloud Corporation)

HKLM-x32\...\Run: [RemoteControl10] - C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [91432 2012-03-29] (CyberLink Corp.)

HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-05] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [iObit Malware Fighter] - C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe [1549120 2013-08-16] (IObit)

AppInit_DLLs: C:\Windows\System32\nvinitx.dll [245872 2013-03-07] (NVIDIA Corporation)

AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll [201576 2013-03-07] (NVIDIA Corporation)

Startup: C:\Users\Neoh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\7f0c7.js ()

 

==================== Internet (Whitelisted) ====================

 

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://asus13.msn.com

StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe

SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=ASU2JS

SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=ASU2JS

SearchScopes: HKLM-x32 - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=ASU2JS

SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=ASU2JS

SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 

SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 

BHO: CIESpeechBHO Class - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Qualcomm Atheros Commnucations)

BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)

BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)

Tcpip\..\Interfaces\{CAC55C7A-405F-466D-88B0-6F509E667897}: [NameServer]203.82.64.145 203.82.64.129

 

FireFox:

========

FF ProfilePath: C:\Users\Neoh\AppData\Roaming\Mozilla\Firefox\Profiles\qkkklbw0.default

FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_94.dll ()

FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll ()

FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)

FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)

FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 - C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)

FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)

FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)

FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()

FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] C:\Program Files\McAfee\MSK

 

Chrome: 

=======

CHR RestoreOnStartup: "https://www.google.com/"

CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}

CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter}

CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.62\PepperFlash\pepflashplayer.dll ()

CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer

CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.62\ppGoogleNaClPluginChrome.dll ()

CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.62\pdf.dll ()

CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)

CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)

CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)

CHR Plugin: (Intel\u00AE Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)

CHR Plugin: (Intel\u00AE Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)

CHR Plugin: (WildTangent Games App V2 Presence Detector) - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()

CHR Plugin: (Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll ()

CHR Plugin: (McAfee SecurityCenter) - c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL No File

CHR Extension: (Google Docs) - C:\Users\Neoh\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0

CHR Extension: (Google Drive) - C:\Users\Neoh\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0

CHR Extension: (YouTube) - C:\Users\Neoh\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0

CHR Extension: (Google Search) - C:\Users\Neoh\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0

CHR Extension: (Chrome In-App Payments service) - C:\Users\Neoh\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.10_0

CHR Extension: (Gmail) - C:\Users\Neoh\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0

 

==================== Services (Whitelisted) =================

 

R2 ASUS InstantOn; C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe [277120 2012-04-14] (ASUS)

R2 Asus WebStorage Windows Service; C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\AsusWSWinService.exe [72192 2012-12-19] ()

R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [226944 2012-12-29] (Qualcomm Atheros Commnucations)

R2 IMFservice; C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe [335168 2013-04-25] (IObit)

R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [129856 2012-07-06] (Intel Corporation)

R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [166720 2012-07-06] (Intel Corporation)

S3 npggsvc; C:\Windows\SysWow64\GameMon.des [5102040 2013-04-04] (INCA Internet Co., Ltd.)

R2 PanService; C:\Program Files (x86)\PANDORA.TV\PanService\PandoraService.exe [625304 2012-09-28] (Pandora.TV)

R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [14920 2013-04-24] (Microsoft Corporation)

R2 ZAtheros Bt and Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [323584 2012-12-29] (Atheros)

 

==================== Drivers (Whitelisted) ====================

 

R3 ATP; C:\Windows\System32\drivers\AsusTP.sys [65784 2013-02-07] (ASUS Corporation)

R3 bmusbser; C:\Windows\system32\DRIVERS\bmusbser.sys [119552 2009-05-22] (BM)

R3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2012-12-29] (Qualcomm Atheros)

R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [202752 2012-07-26] (Microsoft Corporation)

S4 FileMonitor; C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\FileMonitor.sys [23048 2013-03-23] (IObit)

S4 FileMonitor; C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\FileMonitor.sys [23048 2013-03-23] (IObit)

R3 kbfiltr; C:\Windows\System32\drivers\kbfiltr.sys [14992 2012-08-02] ( )

R3 RegFilter; C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\regfilter.sys [34336 2013-03-26] (IObit.com)

R3 RegFilter; C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\regfilter.sys [34336 2013-03-26] (IObit.com)

S3 UrlFilter; C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\UrlFilter.sys [23016 2013-03-26] (IObit.com)

S3 UrlFilter; C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\UrlFilter.sys [23016 2013-03-26] (IObit.com)

U5 AppMgmt; C:\Windows\system32\svchost.exe [29696 2013-04-24] (Microsoft Corporation)

S3 catchme; \??\C:\fix.exe\catchme.sys [x]

U0 msahci; 

 

==================== NetSvcs (Whitelisted) ===================

 

 

==================== One Month Created Files and Folders ========

 

2013-09-02 16:45 - 2013-09-02 16:45 - 01085803 _____ (Farbar) C:\Users\Neoh\Desktop\FRST.exe

2013-09-02 16:43 - 2013-09-02 16:43 - 01951950 _____ (Farbar) C:\Users\Neoh\Desktop\Far.exe.exe

2013-09-02 16:41 - 2013-09-02 16:41 - 00018534 _____ C:\Users\Neoh\Desktop\combofix.txt

2013-09-02 16:40 - 2013-09-02 16:40 - 00018534 _____ C:\ComboFix.txt

2013-09-02 12:06 - 2013-05-02 23:29 - 00278800 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe

2013-09-01 21:13 - 2013-09-01 21:13 - 01038464 _____ (Bleeping Computer, LLC) C:\Users\Neoh\Downloads\rkill64-7800.exe

2013-09-01 21:13 - 2013-09-01 21:13 - 01038464 _____ (Bleeping Computer, LLC) C:\Users\Neoh\Downloads\rkill64.exe

2013-09-01 21:12 - 2013-09-01 21:12 - 01898112 _____ (Bleeping Computer, LLC) C:\Users\Neoh\Downloads\run.com.exe

2013-09-01 13:48 - 2013-09-02 16:40 - 00000000 ____D C:\Qoobox

2013-09-01 13:48 - 2013-09-01 13:53 - 00000000 ____D C:\Windows\erdnt

2013-09-01 13:48 - 2011-06-26 14:45 - 00256000 _____ C:\Windows\PEV.exe

2013-09-01 13:48 - 2010-11-08 01:20 - 00208896 _____ C:\Windows\MBR.exe

2013-09-01 13:48 - 2009-04-20 12:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe

2013-09-01 13:48 - 2000-08-31 08:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe

2013-09-01 13:48 - 2000-08-31 08:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe

2013-09-01 13:48 - 2000-08-31 08:00 - 00212480 _____ (SteelWerX) C:\Windows\SWXCACLS.exe

2013-09-01 13:48 - 2000-08-31 08:00 - 00098816 _____ C:\Windows\sed.exe

2013-09-01 13:48 - 2000-08-31 08:00 - 00080412 _____ C:\Windows\grep.exe

2013-09-01 13:48 - 2000-08-31 08:00 - 00068096 _____ C:\Windows\zip.exe

2013-09-01 13:30 - 2013-09-02 16:34 - 05116805 ____R (Swearware) C:\Users\Neoh\Desktop\fix.exe.exe

2013-09-01 00:52 - 2013-09-01 09:40 - 00000029 _____ C:\Users\Neoh\AppData\Roaming\mbam.context.scan

2013-09-01 00:33 - 2013-09-01 00:33 - 00000000 ____D C:\Users\Neoh\AppData\Roaming\Malwarebytes

2013-09-01 00:32 - 2013-09-02 01:00 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware

2013-09-01 00:32 - 2013-09-01 00:32 - 00000000 ____D C:\ProgramData\Malwarebytes

2013-08-31 23:24 - 2013-08-31 23:24 - 00001175 _____ C:\Users\Public\Desktop\IObit Malware Fighter.lnk

2013-08-31 23:24 - 2013-08-31 23:24 - 00000000 ____D C:\Users\Neoh\AppData\Roaming\IObit

2013-08-31 23:24 - 2013-08-31 23:24 - 00000000 ____D C:\ProgramData\IObit

2013-08-31 23:23 - 2013-08-31 23:23 - 00000000 ____D C:\Program Files (x86)\IObit

2013-08-31 17:57 - 2013-08-31 17:59 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Neoh\Downloads\mbam-setup-1.75.0.1300 (1).exe

2013-08-31 17:42 - 2013-09-01 01:41 - 00000615 _____ C:\Users\Public\Desktop\CSL 3.5G Connect.lnk

2013-08-31 17:42 - 2013-08-31 17:42 - 00000000 ____D C:\Program Files\CSL 3.5G Connect

2013-08-31 17:23 - 2013-08-31 17:24 - 00806717 _____ C:\Users\Neoh\Downloads\Shortcut Virus Remover v3.1.exe

2013-08-31 17:21 - 2013-08-31 17:22 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Neoh\Downloads\winlogon.exe.exe

2013-08-31 16:10 - 2013-09-01 01:47 - 00340354 _____ C:\Users\Neoh\AppData\Roaming\ICARE_ACTIVITY.LOG

2013-08-31 16:09 - 2013-09-01 09:20 - 04613956 _____ C:\Users\Neoh\AppData\Roaming\ICARE.LOG

2013-08-31 16:08 - 2013-08-31 16:08 - 00017028 _____ C:\Users\Neoh\Downloads\AutoRunExterminator-1.8.zip

2013-08-31 15:46 - 2013-08-31 23:49 - 00000000 ____D C:\Users\Neoh\Desktop\New folder

2013-08-31 02:12 - 2013-08-31 02:12 - 00000000 ____D C:\Users\Neoh\AppData\Roaming\Media Player Classic

2013-08-31 01:07 - 2013-08-31 01:07 - 00000000 __SHD C:\Users\Neoh\AppData\Roaming\3a583

2013-08-31 01:07 - 2013-08-31 01:07 - 00000000 __SHD C:\3bfda

2013-08-30 23:11 - 2013-08-30 23:11 - 00000000 ____D C:\Users\Neoh\AppData\Roaming\NVIDIA

2013-08-28 20:12 - 2013-08-31 17:29 - 00000000 ____D C:\Program Files\Recuva

2013-08-28 20:12 - 2013-08-31 15:50 - 00001660 _____ C:\Users\Public\Desktop\Recuva.lnk

2013-08-28 09:58 - 2013-08-28 10:46 - 00000000 ____D C:\Windows\System32\Tasks\NCH Software

2013-08-28 09:58 - 2013-08-28 09:58 - 00000000 ____D C:\ProgramData\NCH Software

2013-08-28 09:57 - 2013-08-28 09:58 - 00000000 ____D C:\Program Files (x86)\NCH Software

2013-08-28 09:57 - 2013-08-28 09:57 - 03292760 _____ (NCH Software) C:\Users\Neoh\Downloads\vpsetup.exe

2013-08-28 09:57 - 2013-08-28 09:57 - 00001136 _____ C:\Users\Public\Desktop\VideoPad Video Editor.lnk

2013-08-28 09:57 - 2013-08-28 09:57 - 00000000 ____D C:\Users\Neoh\AppData\Roaming\NCH Software

2013-08-28 02:03 - 2013-08-28 02:03 - 00000310 _____ C:\Windows\AutoKMS.log

2013-08-28 00:27 - 2013-08-31 23:54 - 00000000 ____D C:\Users\Neoh\Google Drive

2013-08-28 00:27 - 2013-08-28 00:27 - 00001658 _____ C:\Users\Neoh\Desktop\Google Drive.lnk

2013-08-28 00:25 - 2013-08-28 00:25 - 00002046 _____ C:\Users\Public\Desktop\Google Slides.lnk

2013-08-28 00:25 - 2013-08-28 00:25 - 00002042 _____ C:\Users\Public\Desktop\Google Sheets.lnk

2013-08-28 00:25 - 2013-08-28 00:25 - 00002030 _____ C:\Users\Public\Desktop\Google Docs.lnk

2013-08-28 00:18 - 2013-08-28 00:18 - 00784832 _____ (Google Inc.) C:\Users\Neoh\Downloads\googledrivesync.exe

2013-08-27 22:27 - 2013-09-01 19:59 - 00003598 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-458189604-2422199037-1606706877-1002

2013-08-27 22:27 - 2013-08-27 22:27 - 00000184 _____ C:\Windows\AutoKMS.ini

2013-08-27 21:56 - 2013-08-27 21:56 - 00000000 ____D C:\Windows\System32\Tasks\OfficeSoftwareProtectionPlatform

2013-08-27 21:56 - 2013-08-27 21:56 - 00000000 ____D C:\Users\Neoh\AppData\Local\Microsoft Help

2013-08-27 21:56 - 2013-08-27 21:56 - 00000000 ____D C:\Program Files\Microsoft Office

2013-08-27 21:56 - 2013-08-27 21:56 - 00000000 ____D C:\Program Files (x86)\Microsoft Analysis Services

2013-08-27 21:55 - 2013-08-27 22:03 - 00000000 ____D C:\ProgramData\Microsoft Help

2013-08-27 21:55 - 2013-08-27 22:00 - 00000000 ____D C:\Program Files (x86)\Microsoft Office

2013-08-27 21:55 - 2013-08-27 21:55 - 00000000 ___RD C:\MSOCache

2013-08-27 21:35 - 2013-08-31 01:20 - 00000000 ____D C:\Users\Neoh\AppData\Local\CrashDumps

2013-08-27 21:32 - 2013-08-27 21:32 - 00000000 ____D C:\Program Files\Common Files\INCA Shared

2013-08-27 21:32 - 2013-04-04 01:27 - 05102040 _____ (INCA Internet Co., Ltd.) C:\Windows\SysWOW64\GameMon.des

2013-08-27 21:32 - 2012-01-01 15:33 - 00004774 _____ (INCA Internet Co., Ltd.) C:\Windows\SysWOW64\npptNT2.sys

2013-08-27 21:32 - 2003-07-20 08:17 - 00005174 _____ C:\Windows\SysWOW64\nppt9x.vxd

2013-08-27 21:31 - 2013-08-27 21:31 - 00000000 ____D C:\Program Files (x86)\Combined Community Codec Pack

2013-08-27 21:27 - 2013-08-27 21:28 - 09283128 _____ (CCCP Project                                                ) C:\Users\Neoh\Downloads\Combined-Community-Codec-Pack-2013-08-01.exe

2013-08-27 21:22 - 2013-08-27 21:22 - 00001062 _____ C:\Users\Neoh\Desktop\GUpdate_SINGAPORE - Shortcut.lnk

2013-08-27 21:20 - 2013-08-27 21:20 - 00000000 ____D C:\Users\Neoh\AppData\Local\Adobe

2013-08-27 21:19 - 2013-08-31 17:31 - 00000000 ____D C:\Program Files (x86)\CSL 3.5G Connect

2013-08-27 21:19 - 2009-05-22 16:02 - 00119552 _____ (BM) C:\Windows\system32\Drivers\bmusbser.sys

2013-08-27 21:19 - 2009-05-22 16:02 - 00103424 _____ (Thesycon GmbH) C:\Windows\SysWOW64\MyDIT_GenClassCoInst.dll

2013-08-27 20:33 - 2013-08-27 20:33 - 00000000 ____D C:\Users\Public\CyberLink

2013-08-27 20:33 - 2013-08-27 20:33 - 00000000 ____D C:\Users\Neoh\Documents\CyberLink

2013-08-27 20:33 - 2013-08-27 20:33 - 00000000 ____D C:\Users\Neoh\AppData\Roaming\CyberLink

2013-08-27 20:33 - 2013-08-27 20:33 - 00000000 ____D C:\Users\Neoh\AppData\Local\Cyberlink

2013-08-27 20:33 - 2013-08-27 20:33 - 00000000 ____D C:\ProgramData\CyberLink

2013-08-27 20:27 - 2013-08-27 20:27 - 00001037 _____ C:\Users\Neoh\Desktop\KMPlayer.lnk

2013-08-27 20:27 - 2013-08-27 20:27 - 00000000 ____D C:\Users\Neoh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\The KMPlayer

2013-08-27 20:27 - 2013-08-27 20:27 - 00000000 ____D C:\Program Files (x86)\The KMPlayer

2013-08-27 20:27 - 2013-08-27 20:27 - 00000000 ____D C:\Program Files (x86)\PANDORA.TV

2013-08-27 18:27 - 2013-08-27 18:27 - 00001161 _____ C:\Users\Public\Desktop\Yahoo! Messenger.lnk

2013-08-27 18:26 - 2013-08-27 18:27 - 00000000 ____D C:\ProgramData\Yahoo!

2013-08-27 18:25 - 2013-08-30 22:16 - 00000000 ____D C:\ProgramData\Adobe

2013-08-27 18:25 - 2013-08-27 18:26 - 00000000 ____D C:\Program Files (x86)\Yahoo!

2013-08-27 18:25 - 2013-08-27 18:25 - 00000000 ____D C:\Program Files (x86)\Adobe

2013-08-27 18:24 - 2013-09-02 16:28 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job

2013-08-27 18:24 - 2013-08-27 18:32 - 00003718 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater

2013-08-27 18:23 - 2013-08-27 18:23 - 00001149 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk

2013-08-27 18:23 - 2013-08-27 18:23 - 00000000 ____D C:\Users\Neoh\AppData\Roaming\Mozilla

2013-08-27 18:23 - 2013-08-27 18:23 - 00000000 ____D C:\Users\Neoh\AppData\Local\Mozilla

2013-08-27 18:23 - 2013-08-27 18:23 - 00000000 ____D C:\ProgramData\Mozilla

2013-08-27 18:23 - 2013-08-27 18:23 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service

2013-08-27 18:23 - 2013-08-27 18:23 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox

2013-08-27 18:22 - 2013-08-30 18:41 - 00002185 _____ C:\Users\Public\Desktop\Google Chrome.lnk

2013-08-27 18:21 - 2013-09-02 16:37 - 00000904 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2013-08-27 18:21 - 2013-09-02 11:20 - 00000900 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2013-08-27 18:21 - 2013-08-28 00:25 - 00000000 ____D C:\Users\Neoh\AppData\Local\Google

2013-08-27 18:21 - 2013-08-28 00:25 - 00000000 ____D C:\Program Files (x86)\Google

2013-08-27 18:21 - 2013-08-27 18:32 - 00003876 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA

2013-08-27 18:21 - 2013-08-27 18:32 - 00003640 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore

2013-08-27 18:20 - 2013-08-27 18:20 - 00000000 ____D C:\Program Files\7-Zip

2013-08-27 18:19 - 2013-08-27 18:19 - 00000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdFs_01_11_00.Wdf

2013-08-27 18:17 - 2013-08-27 18:17 - 00000000 ____D C:\Users\Neoh\AppData\Roaming\Macromedia

2013-08-27 18:16 - 2013-09-02 16:00 - 00000000 ____D C:\Users\Neoh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup

2013-08-27 18:16 - 2013-09-01 01:47 - 00000000 ____D C:\Users\Neoh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools

2013-08-27 18:16 - 2013-08-28 11:26 - 00000000 ____D C:\Users\Neoh\Documents\Bluetooth Folder

2013-08-27 18:16 - 2013-08-27 18:16 - 00000000 ____D C:\Windows\System32\Tasks\WPD

2013-08-27 18:16 - 2013-08-27 18:16 - 00000000 ____D C:\Users\Neoh\AppData\Roaming\Atheros

2013-08-27 18:16 - 2013-08-27 18:16 - 00000000 ____D C:\Users\Neoh\AppData\Roaming\ASUS WebStorage

2013-08-27 18:16 - 2013-08-27 18:16 - 00000000 ____D C:\Users\Neoh\AppData\Local\BMExplorer

2013-08-27 18:15 - 2013-08-27 21:20 - 00000000 ____D C:\Users\Neoh\AppData\Roaming\Adobe

2013-08-27 18:15 - 2013-08-27 18:15 - 00001432 _____ C:\Users\Neoh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk

2013-08-27 18:14 - 2013-09-02 11:20 - 00000074 _____ C:\Users\Neoh\AppData\Roaming\sp_data.sys

2013-08-27 18:14 - 2013-08-27 18:14 - 00000192 _____ C:\Windows\FixPatch.log

2013-08-27 18:13 - 2013-09-01 01:48 - 00000000 ____D C:\Users\Neoh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories

2013-08-27 18:13 - 2013-09-01 01:48 - 00000000 ____D C:\Users\Neoh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility

2013-08-27 18:13 - 2013-09-01 01:47 - 00000000 ____D C:\Users\Neoh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools

2013-08-27 18:13 - 2013-09-01 01:47 - 00000000 ____D C:\Users\Neoh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance

2013-08-27 18:13 - 2013-08-29 19:57 - 00000000 ____D C:\Users\Neoh

2013-08-27 18:13 - 2013-08-27 20:07 - 00000000 ____D C:\Users\Neoh\AppData\Local\VirtualStore

2013-08-27 18:13 - 2013-08-27 18:15 - 00000000 ____D C:\Users\Neoh\AppData\Local\Packages

2013-08-27 18:13 - 2013-08-27 18:14 - 00000000 ____D C:\Users\Neoh\AppData\Local\ASUS

2013-08-27 18:13 - 2013-08-27 18:13 - 00000020 ___SH C:\Users\Neoh\ntuser.ini

2013-08-27 18:13 - 2013-04-24 12:10 - 00002102 _____ C:\Users\Neoh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SkyDrive.lnk

 

==================== One Month Modified Files and Folders =======

 

2013-09-02 16:46 - 2013-09-02 16:46 - 00000000 ____D C:\FRST

2013-09-02 16:46 - 2013-07-18 13:28 - 02037451 _____ C:\Windows\WindowsUpdate.log

2013-09-02 16:45 - 2013-09-02 16:45 - 01085803 _____ (Farbar) C:\Users\Neoh\Desktop\FRST.exe

2013-09-02 16:43 - 2013-09-02 16:43 - 01951950 _____ (Farbar) C:\Users\Neoh\Desktop\Far.exe.exe

2013-09-02 16:41 - 2013-09-02 16:41 - 00018534 _____ C:\Users\Neoh\Desktop\combofix.txt

2013-09-02 16:40 - 2013-09-02 16:40 - 00018534 _____ C:\ComboFix.txt

2013-09-02 16:40 - 2013-09-01 13:48 - 00000000 ____D C:\Qoobox

2013-09-02 16:39 - 2012-07-26 13:26 - 00000215 _____ C:\Windows\system.ini

2013-09-02 16:37 - 2013-08-27 18:21 - 00000904 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2013-09-02 16:34 - 2013-09-01 13:30 - 05116805 ____R (Swearware) C:\Users\Neoh\Desktop\fix.exe.exe

2013-09-02 16:28 - 2013-08-27 18:24 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job

2013-09-02 16:00 - 2013-08-27 18:16 - 00000000 ____D C:\Users\Neoh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup

2013-09-02 16:00 - 2012-07-26 16:12 - 00000000 ____D C:\Windows\system32\sru

2013-09-02 11:20 - 2013-08-27 18:21 - 00000900 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2013-09-02 11:20 - 2013-08-27 18:14 - 00000074 _____ C:\Users\Neoh\AppData\Roaming\sp_data.sys

2013-09-02 01:00 - 2013-09-01 00:32 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware

2013-09-02 00:50 - 2012-07-26 15:22 - 00000006 ____H C:\Windows\Tasks\SA.DAT

2013-09-02 00:41 - 2012-08-02 11:32 - 00021508 _____ C:\Windows\PFRO.log

2013-09-02 00:41 - 2012-07-26 13:26 - 00262144 ___SH C:\Windows\system32\config\BBI

2013-09-01 21:13 - 2013-09-01 21:13 - 01038464 _____ (Bleeping Computer, LLC) C:\Users\Neoh\Downloads\rkill64-7800.exe

2013-09-01 21:13 - 2013-09-01 21:13 - 01038464 _____ (Bleeping Computer, LLC) C:\Users\Neoh\Downloads\rkill64.exe

2013-09-01 21:12 - 2013-09-01 21:12 - 01898112 _____ (Bleeping Computer, LLC) C:\Users\Neoh\Downloads\run.com.exe

2013-09-01 20:23 - 2012-07-26 15:28 - 00848230 _____ C:\Windows\system32\PerfStringBackup.INI

2013-09-01 20:10 - 2012-07-26 15:21 - 00038411 _____ C:\Windows\setupact.log

2013-09-01 19:59 - 2013-08-27 22:27 - 00003598 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-458189604-2422199037-1606706877-1002

2013-09-01 13:54 - 2012-07-26 13:37 - 00000000 __RHD C:\Users\Default

2013-09-01 13:53 - 2013-09-01 13:48 - 00000000 ____D C:\Windows\erdnt

2013-09-01 09:40 - 2013-09-01 00:52 - 00000029 _____ C:\Users\Neoh\AppData\Roaming\mbam.context.scan

2013-09-01 09:20 - 2013-08-31 16:09 - 04613956 _____ C:\Users\Neoh\AppData\Roaming\ICARE.LOG

2013-09-01 01:48 - 2013-08-27 18:13 - 00000000 ____D C:\Users\Neoh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories

2013-09-01 01:48 - 2013-08-27 18:13 - 00000000 ____D C:\Users\Neoh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility

2013-09-01 01:47 - 2013-08-31 16:10 - 00340354 _____ C:\Users\Neoh\AppData\Roaming\ICARE_ACTIVITY.LOG

2013-09-01 01:47 - 2013-08-27 18:16 - 00000000 ____D C:\Users\Neoh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools

2013-09-01 01:47 - 2013-08-27 18:13 - 00000000 ____D C:\Users\Neoh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools

2013-09-01 01:47 - 2013-08-27 18:13 - 00000000 ____D C:\Users\Neoh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance

2013-09-01 01:41 - 2013-08-31 17:42 - 00000615 _____ C:\Users\Public\Desktop\CSL 3.5G Connect.lnk

2013-09-01 00:33 - 2013-09-01 00:33 - 00000000 ____D C:\Users\Neoh\AppData\Roaming\Malwarebytes

2013-09-01 00:32 - 2013-09-01 00:32 - 00000000 ____D C:\ProgramData\Malwarebytes

2013-08-31 23:54 - 2013-08-28 00:27 - 00000000 ____D C:\Users\Neoh\Google Drive

2013-08-31 23:52 - 2012-07-26 16:12 - 00000000 ____D C:\Users\Public\Libraries

2013-08-31 23:49 - 2013-08-31 15:46 - 00000000 ____D C:\Users\Neoh\Desktop\New folder

2013-08-31 23:31 - 2013-04-24 12:11 - 00000000 ____D C:\ProgramData\McAfee

2013-08-31 23:28 - 2012-07-26 16:12 - 00000000 ___HD C:\Windows\ELAMBKUP

2013-08-31 23:24 - 2013-08-31 23:24 - 00001175 _____ C:\Users\Public\Desktop\IObit Malware Fighter.lnk

2013-08-31 23:24 - 2013-08-31 23:24 - 00000000 ____D C:\Users\Neoh\AppData\Roaming\IObit

2013-08-31 23:24 - 2013-08-31 23:24 - 00000000 ____D C:\ProgramData\IObit

2013-08-31 23:23 - 2013-08-31 23:23 - 00000000 ____D C:\Program Files (x86)\IObit

2013-08-31 22:19 - 2013-04-24 12:09 - 07275552 _____ C:\Windows\AsDebug.log

2013-08-31 17:59 - 2013-08-31 17:57 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Neoh\Downloads\mbam-setup-1.75.0.1300 (1).exe

2013-08-31 17:42 - 2013-08-31 17:42 - 00000000 ____D C:\Program Files\CSL 3.5G Connect

2013-08-31 17:31 - 2013-08-27 21:19 - 00000000 ____D C:\Program Files (x86)\CSL 3.5G Connect

2013-08-31 17:29 - 2013-08-28 20:12 - 00000000 ____D C:\Program Files\Recuva

2013-08-31 17:24 - 2013-08-31 17:23 - 00806717 _____ C:\Users\Neoh\Downloads\Shortcut Virus Remover v3.1.exe

2013-08-31 17:22 - 2013-08-31 17:21 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Neoh\Downloads\winlogon.exe.exe

2013-08-31 16:08 - 2013-08-31 16:08 - 00017028 _____ C:\Users\Neoh\Downloads\AutoRunExterminator-1.8.zip

2013-08-31 15:50 - 2013-08-28 20:12 - 00001660 _____ C:\Users\Public\Desktop\Recuva.lnk

2013-08-31 02:12 - 2013-08-31 02:12 - 00000000 ____D C:\Users\Neoh\AppData\Roaming\Media Player Classic

2013-08-31 01:20 - 2013-08-27 21:35 - 00000000 ____D C:\Users\Neoh\AppData\Local\CrashDumps

2013-08-31 01:07 - 2013-08-31 01:07 - 00000000 __SHD C:\Users\Neoh\AppData\Roaming\3a583

2013-08-31 01:07 - 2013-08-31 01:07 - 00000000 __SHD C:\3bfda

2013-08-30 23:11 - 2013-08-30 23:11 - 00000000 ____D C:\Users\Neoh\AppData\Roaming\NVIDIA

2013-08-30 22:16 - 2013-08-27 18:25 - 00000000 ____D C:\ProgramData\Adobe

2013-08-30 18:41 - 2013-08-27 18:22 - 00002185 _____ C:\Users\Public\Desktop\Google Chrome.lnk

2013-08-30 01:24 - 2012-07-26 16:12 - 00000000 ____D C:\Windows\AUInstallAgent

2013-08-29 19:57 - 2013-08-27 18:13 - 00000000 ____D C:\Users\Neoh

2013-08-28 11:26 - 2013-08-27 18:16 - 00000000 ____D C:\Users\Neoh\Documents\Bluetooth Folder

2013-08-28 10:46 - 2013-08-28 09:58 - 00000000 ____D C:\Windows\System32\Tasks\NCH Software

2013-08-28 09:58 - 2013-08-28 09:58 - 00000000 ____D C:\ProgramData\NCH Software

2013-08-28 09:58 - 2013-08-28 09:57 - 00000000 ____D C:\Program Files (x86)\NCH Software

2013-08-28 09:57 - 2013-08-28 09:57 - 03292760 _____ (NCH Software) C:\Users\Neoh\Downloads\vpsetup.exe

2013-08-28 09:57 - 2013-08-28 09:57 - 00001136 _____ C:\Users\Public\Desktop\VideoPad Video Editor.lnk

2013-08-28 09:57 - 2013-08-28 09:57 - 00000000 ____D C:\Users\Neoh\AppData\Roaming\NCH Software

2013-08-28 02:13 - 2012-07-26 16:12 - 00000000 ____D C:\Windows\rescache

2013-08-28 02:03 - 2013-08-28 02:03 - 00000310 _____ C:\Windows\AutoKMS.log

2013-08-28 00:27 - 2013-08-28 00:27 - 00001658 _____ C:\Users\Neoh\Desktop\Google Drive.lnk

2013-08-28 00:25 - 2013-08-28 00:25 - 00002046 _____ C:\Users\Public\Desktop\Google Slides.lnk

2013-08-28 00:25 - 2013-08-28 00:25 - 00002042 _____ C:\Users\Public\Desktop\Google Sheets.lnk

2013-08-28 00:25 - 2013-08-28 00:25 - 00002030 _____ C:\Users\Public\Desktop\Google Docs.lnk

2013-08-28 00:25 - 2013-08-27 18:21 - 00000000 ____D C:\Users\Neoh\AppData\Local\Google

2013-08-28 00:25 - 2013-08-27 18:21 - 00000000 ____D C:\Program Files (x86)\Google

2013-08-28 00:18 - 2013-08-28 00:18 - 00784832 _____ (Google Inc.) C:\Users\Neoh\Downloads\googledrivesync.exe

2013-08-27 22:27 - 2013-08-27 22:27 - 00000184 _____ C:\Windows\AutoKMS.ini

2013-08-27 22:17 - 2013-04-24 12:01 - 00420904 _____ C:\Windows\system32\FNTCACHE.DAT

2013-08-27 22:15 - 2012-07-26 16:12 - 00000000 ____D C:\Windows\WinStore

2013-08-27 22:15 - 2012-07-26 16:12 - 00000000 ____D C:\Windows\SysWOW64\th-TH

2013-08-27 22:15 - 2012-07-26 16:12 - 00000000 ____D C:\Windows\SysWOW64\migwiz

2013-08-27 22:15 - 2012-07-26 16:12 - 00000000 ____D C:\Program Files\Windows Photo Viewer

2013-08-27 22:15 - 2012-07-26 16:12 - 00000000 ____D C:\Program Files\Windows Defender

2013-08-27 22:15 - 2012-07-26 16:12 - 00000000 ____D C:\Program Files\Common Files\System

2013-08-27 22:15 - 2012-07-26 16:12 - 00000000 ____D C:\Program Files (x86)\Windows Photo Viewer

2013-08-27 22:15 - 2012-07-26 16:12 - 00000000 ____D C:\Program Files (x86)\Windows Defender

2013-08-27 22:15 - 2012-07-26 15:52 - 00000000 ____D C:\Program Files\Windows Journal

2013-08-27 22:15 - 2012-07-26 15:51 - 00000000 ____D C:\Windows\SysWOW64\WCN

2013-08-27 22:15 - 2012-07-26 15:51 - 00000000 ____D C:\Windows\SysWOW64\slmgr

2013-08-27 22:15 - 2012-07-26 13:38 - 00000000 ____D C:\Windows\SysWOW64\oobe

2013-08-27 22:15 - 2012-07-26 13:37 - 00000000 ____D C:\Windows\servicing

2013-08-27 22:14 - 2012-07-26 16:12 - 00000000 ___RD C:\Windows\ImmersiveControlPanel

2013-08-27 22:14 - 2012-07-26 16:12 - 00000000 ____D C:\Windows\system32\th-TH

2013-08-27 22:14 - 2012-07-26 16:12 - 00000000 ____D C:\Windows\system32\migwiz

2013-08-27 22:14 - 2012-07-26 16:12 - 00000000 ____D C:\Windows\PolicyDefinitions

2013-08-27 22:14 - 2012-07-26 15:51 - 00000000 ____D C:\Windows\system32\WCN

2013-08-27 22:14 - 2012-07-26 15:51 - 00000000 ____D C:\Windows\system32\slmgr

2013-08-27 22:14 - 2012-07-26 13:38 - 00000000 ____D C:\Windows\system32\Sysprep

2013-08-27 22:14 - 2012-07-26 13:38 - 00000000 ____D C:\Windows\system32\oobe

2013-08-27 22:13 - 2012-07-26 16:12 - 00000000 ____D C:\Windows\system32\SystemResetPlatform

2013-08-27 22:10 - 2012-07-26 16:12 - 00000000 ____D C:\Windows\SysWOW64\MUI

2013-08-27 22:10 - 2012-07-26 16:12 - 00000000 ____D C:\Windows\SysWOW64\Com

2013-08-27 22:10 - 2012-07-26 15:51 - 00000000 ____D C:\Windows\SysWOW64\winrm

2013-08-27 22:10 - 2012-07-26 15:51 - 00000000 ____D C:\Windows\SysWOW64\Printing_Admin_Scripts

2013-08-27 22:10 - 2012-07-26 13:38 - 00000000 ____D C:\Windows\SysWOW64\Dism

2013-08-27 22:09 - 2012-07-26 16:12 - 00000000 ____D C:\Windows\IME

2013-08-27 22:08 - 2012-07-26 16:12 - 00000000 ____D C:\Windows\system32\MUI

2013-08-27 22:08 - 2012-07-26 15:51 - 00000000 ____D C:\Windows\system32\winrm

2013-08-27 22:08 - 2012-07-26 15:51 - 00000000 ____D C:\Windows\system32\Printing_Admin_Scripts

2013-08-27 22:08 - 2012-07-26 13:38 - 00000000 ____D C:\Windows\system32\Dism

2013-08-27 22:07 - 2012-07-26 16:12 - 00000000 ____D C:\Windows\system32\Com

2013-08-27 22:03 - 2013-08-27 21:55 - 00000000 ____D C:\ProgramData\Microsoft Help

2013-08-27 22:00 - 2013-08-27 21:55 - 00000000 ____D C:\Program Files (x86)\Microsoft Office

2013-08-27 22:00 - 2012-07-26 15:52 - 00000000 ____D C:\Windows\ShellNew

2013-08-27 21:56 - 2013-08-27 21:56 - 00000000 ____D C:\Windows\System32\Tasks\OfficeSoftwareProtectionPlatform

2013-08-27 21:56 - 2013-08-27 21:56 - 00000000 ____D C:\Users\Neoh\AppData\Local\Microsoft Help

2013-08-27 21:56 - 2013-08-27 21:56 - 00000000 ____D C:\Program Files\Microsoft Office

2013-08-27 21:56 - 2013-08-27 21:56 - 00000000 ____D C:\Program Files (x86)\Microsoft Analysis Services

2013-08-27 21:56 - 2012-07-26 16:12 - 00000000 ____D C:\Program Files\Common Files\microsoft shared

2013-08-27 21:55 - 2013-08-27 21:55 - 00000000 ___RD C:\MSOCache

2013-08-27 21:32 - 2013-08-27 21:32 - 00000000 ____D C:\Program Files\Common Files\INCA Shared

2013-08-27 21:31 - 2013-08-27 21:31 - 00000000 ____D C:\Program Files (x86)\Combined Community Codec Pack

2013-08-27 21:28 - 2013-08-27 21:27 - 09283128 _____ (CCCP Project                                                ) C:\Users\Neoh\Downloads\Combined-Community-Codec-Pack-2013-08-01.exe

2013-08-27 21:22 - 2013-08-27 21:22 - 00001062 _____ C:\Users\Neoh\Desktop\GUpdate_SINGAPORE - Shortcut.lnk

2013-08-27 21:20 - 2013-08-27 21:20 - 00000000 ____D C:\Users\Neoh\AppData\Local\Adobe

2013-08-27 21:20 - 2013-08-27 18:15 - 00000000 ____D C:\Users\Neoh\AppData\Roaming\Adobe

2013-08-27 20:33 - 2013-08-27 20:33 - 00000000 ____D C:\Users\Public\CyberLink

2013-08-27 20:33 - 2013-08-27 20:33 - 00000000 ____D C:\Users\Neoh\Documents\CyberLink

2013-08-27 20:33 - 2013-08-27 20:33 - 00000000 ____D C:\Users\Neoh\AppData\Roaming\CyberLink

2013-08-27 20:33 - 2013-08-27 20:33 - 00000000 ____D C:\Users\Neoh\AppData\Local\Cyberlink

2013-08-27 20:33 - 2013-08-27 20:33 - 00000000 ____D C:\ProgramData\CyberLink

2013-08-27 20:27 - 2013-08-27 20:27 - 00001037 _____ C:\Users\Neoh\Desktop\KMPlayer.lnk

2013-08-27 20:27 - 2013-08-27 20:27 - 00000000 ____D C:\Users\Neoh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\The KMPlayer

2013-08-27 20:27 - 2013-08-27 20:27 - 00000000 ____D C:\Program Files (x86)\The KMPlayer

2013-08-27 20:27 - 2013-08-27 20:27 - 00000000 ____D C:\Program Files (x86)\PANDORA.TV

2013-08-27 20:07 - 2013-08-27 18:13 - 00000000 ____D C:\Users\Neoh\AppData\Local\VirtualStore

2013-08-27 18:32 - 2013-08-27 18:24 - 00003718 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater

2013-08-27 18:32 - 2013-08-27 18:21 - 00003876 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA

2013-08-27 18:32 - 2013-08-27 18:21 - 00003640 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore

2013-08-27 18:27 - 2013-08-27 18:27 - 00001161 _____ C:\Users\Public\Desktop\Yahoo! Messenger.lnk

2013-08-27 18:27 - 2013-08-27 18:26 - 00000000 ____D C:\ProgramData\Yahoo!

2013-08-27 18:26 - 2013-08-27 18:25 - 00000000 ____D C:\Program Files (x86)\Yahoo!

2013-08-27 18:25 - 2013-08-27 18:25 - 00000000 ____D C:\Program Files (x86)\Adobe

2013-08-27 18:23 - 2013-08-27 18:23 - 00001149 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk

2013-08-27 18:23 - 2013-08-27 18:23 - 00000000 ____D C:\Users\Neoh\AppData\Roaming\Mozilla

2013-08-27 18:23 - 2013-08-27 18:23 - 00000000 ____D C:\Users\Neoh\AppData\Local\Mozilla

2013-08-27 18:23 - 2013-08-27 18:23 - 00000000 ____D C:\ProgramData\Mozilla

2013-08-27 18:23 - 2013-08-27 18:23 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service

2013-08-27 18:23 - 2013-08-27 18:23 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox

2013-08-27 18:20 - 2013-08-27 18:20 - 00000000 ____D C:\Program Files\7-Zip

2013-08-27 18:19 - 2013-08-27 18:19 - 00000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdFs_01_11_00.Wdf

2013-08-27 18:19 - 2012-07-26 16:12 - 00000000 ____D C:\Windows\system32\restore

2013-08-27 18:17 - 2013-08-27 18:17 - 00000000 ____D C:\Users\Neoh\AppData\Roaming\Macromedia

2013-08-27 18:17 - 2012-07-26 13:26 - 00262144 ___SH C:\Windows\system32\config\ELAM

2013-08-27 18:16 - 2013-08-27 18:16 - 00000000 ____D C:\Windows\System32\Tasks\WPD

2013-08-27 18:16 - 2013-08-27 18:16 - 00000000 ____D C:\Users\Neoh\AppData\Roaming\Atheros

2013-08-27 18:16 - 2013-08-27 18:16 - 00000000 ____D C:\Users\Neoh\AppData\Roaming\ASUS WebStorage

2013-08-27 18:16 - 2013-08-27 18:16 - 00000000 ____D C:\Users\Neoh\AppData\Local\BMExplorer

2013-08-27 18:16 - 2013-07-18 13:44 - 00000000 ____D C:\ProgramData\Atheros

2013-08-27 18:15 - 2013-08-27 18:15 - 00001432 _____ C:\Users\Neoh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk

2013-08-27 18:15 - 2013-08-27 18:13 - 00000000 ____D C:\Users\Neoh\AppData\Local\Packages

2013-08-27 18:14 - 2013-08-27 18:14 - 00000192 _____ C:\Windows\FixPatch.log

2013-08-27 18:14 - 2013-08-27 18:13 - 00000000 ____D C:\Users\Neoh\AppData\Local\ASUS

2013-08-27 18:14 - 2012-08-02 11:52 - 00000000 ____D C:\Windows\Log

2013-08-27 18:13 - 2013-08-27 18:13 - 00000020 ___SH C:\Users\Neoh\ntuser.ini

 

==================== Bamital & volsnap Check =================

 

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\SysWOW64\explorer.exe => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\SysWOW64\svchost.exe => MD5 is legit

C:\Windows\System32\services.exe => MD5 is legit

C:\Windows\System32\User32.dll => MD5 is legit

C:\Windows\SysWOW64\User32.dll => MD5 is legit

C:\Windows\System32\userinit.exe => MD5 is legit

C:\Windows\SysWOW64\userinit.exe => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

 

 

LastRegBack: 2012-08-02 11:32

 

==================== End Of Log ============================

Addition.txt

[AdvancedSetup]

Getting late here so I'm going to be leaving but I'll check back on you later on.

 

Please download Malwarebytes Anti-Rootkit from HERE
If needed there is a self help tutorial here: MBAR tutorial
 

• Unzip the contents to a folder in a convenient location.
• Open the folder where the contents were unzipped and run mbar.exe
• Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
• Click on the Cleanup button to remove any threats and reboot if prompted to do so.
• Wait while the system shuts down and the cleanup process is performed.
• Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
• When done, please post the two logs produced they will be in the MBAR folder... mbar-log.txt and system-log.txt

 

 

[Matthew22]

ok thanks i will post as soon as i can

[Matthew22]

Ok i've done and scanned and it said there was no malware found, how can this be?

 

 

 

 

 

 

 

---------------------------------------

Malwarebytes Anti-Rootkit BETA 1.07.0.1005

 

© Malwarebytes Corporation 2011-2012

 

OS version: 6.2.9200 Windows 8 x64

 

Account is Administrative

 

Internet Explorer version: 10.0.9200.16519

 

File system is: NTFS

Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED

CPU speed: 1.796000 GHz

Memory total: 4175171584, free: 2372931584

 

Downloaded database version: v2013.09.02.03

Downloaded database version: v2013.08.06.01

=======================================

Initializing...

------------ Kernel report ------------

     09/02/2013 19:43:16

------------ Loaded modules -----------

\SystemRoot\system32\ntoskrnl.exe

\SystemRoot\system32\hal.dll

\SystemRoot\system32\kd.dll

\SystemRoot\system32\mcupdate_GenuineIntel.dll

\SystemRoot\System32\drivers\CLFS.SYS

\SystemRoot\System32\drivers\tm.sys

\SystemRoot\system32\PSHED.dll

\SystemRoot\system32\BOOTVID.dll

\SystemRoot\system32\CI.dll

\SystemRoot\System32\drivers\msrpc.sys

\SystemRoot\system32\drivers\Wdf01000.sys

\SystemRoot\system32\drivers\WDFLDR.SYS

\SystemRoot\System32\Drivers\acpiex.sys

\SystemRoot\System32\Drivers\WppRecorder.sys

\SystemRoot\System32\drivers\ACPI.sys

\SystemRoot\System32\drivers\WMILIB.SYS

\SystemRoot\System32\Drivers\cng.sys

\SystemRoot\System32\drivers\msisadrv.sys

\SystemRoot\System32\drivers\pci.sys

\SystemRoot\System32\drivers\vdrvroot.sys

\SystemRoot\system32\drivers\pdc.sys

\SystemRoot\System32\drivers\partmgr.sys

\SystemRoot\System32\drivers\spaceport.sys

\SystemRoot\System32\drivers\volmgr.sys

\SystemRoot\System32\drivers\volmgrx.sys

\SystemRoot\System32\drivers\mountmgr.sys

\SystemRoot\System32\drivers\iaStorA.sys

\SystemRoot\System32\drivers\storport.sys

\SystemRoot\system32\drivers\fltmgr.sys

\SystemRoot\System32\drivers\fileinfo.sys

\SystemRoot\system32\drivers\WdFilter.sys

\SystemRoot\System32\Drivers\Ntfs.sys

\SystemRoot\System32\Drivers\ksecdd.sys

\SystemRoot\System32\drivers\pcw.sys

\SystemRoot\System32\Drivers\Fs_Rec.sys

\SystemRoot\system32\drivers\ndis.sys

\SystemRoot\system32\drivers\NETIO.SYS

\SystemRoot\System32\Drivers\ksecpkg.sys

\SystemRoot\System32\drivers\tcpip.sys

\SystemRoot\System32\drivers\fwpkclnt.sys

\SystemRoot\system32\DRIVERS\wfplwfs.sys

\SystemRoot\System32\DRIVERS\fvevol.sys

\SystemRoot\System32\drivers\volsnap.sys

\SystemRoot\System32\drivers\rdyboost.sys

\SystemRoot\system32\DRIVERS\nvpciflt.sys

\SystemRoot\System32\Drivers\mup.sys

\SystemRoot\System32\drivers\disk.sys

\SystemRoot\System32\drivers\CLASSPNP.SYS

\SystemRoot\System32\Drivers\crashdmp.sys

\SystemRoot\System32\drivers\cdrom.sys

\SystemRoot\System32\Drivers\Null.SYS

\SystemRoot\System32\Drivers\Beep.SYS

\SystemRoot\System32\drivers\BasicRender.sys

\SystemRoot\System32\drivers\dxgkrnl.sys

\SystemRoot\System32\drivers\watchdog.sys

\SystemRoot\System32\drivers\dxgmms1.sys

\SystemRoot\System32\drivers\BasicDisplay.sys

\SystemRoot\System32\Drivers\Npfs.SYS

\SystemRoot\System32\Drivers\Msfs.SYS

\SystemRoot\system32\DRIVERS\tdx.sys

\SystemRoot\system32\DRIVERS\TDI.SYS

\SystemRoot\system32\drivers\ws2ifsl.sys

\SystemRoot\System32\DRIVERS\netbt.sys

\SystemRoot\system32\drivers\afd.sys

\SystemRoot\system32\DRIVERS\pacer.sys

\SystemRoot\system32\DRIVERS\vwififlt.sys

\SystemRoot\system32\DRIVERS\netbios.sys

\SystemRoot\system32\DRIVERS\rdbss.sys

\SystemRoot\system32\DRIVERS\wanarp.sys

\SystemRoot\system32\drivers\nsiproxy.sys

\SystemRoot\System32\drivers\npsvctrig.sys

\SystemRoot\System32\drivers\mssmbios.sys

\SystemRoot\System32\drivers\discache.sys

\SystemRoot\System32\Drivers\dfsc.sys

\??\C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys

\SystemRoot\system32\DRIVERS\ndistapi.sys

\SystemRoot\system32\DRIVERS\ndiswan.sys

\SystemRoot\system32\DRIVERS\rassstp.sys

\SystemRoot\system32\DRIVERS\AgileVpn.sys

\SystemRoot\system32\DRIVERS\tunnel.sys

\SystemRoot\System32\drivers\CompositeBus.sys

\SystemRoot\system32\DRIVERS\kdnic.sys

\SystemRoot\System32\drivers\umbus.sys

\SystemRoot\system32\DRIVERS\nvlddmkm.sys

\SystemRoot\system32\DRIVERS\igdkmd64.sys

\SystemRoot\system32\DRIVERS\AiCharger.sys

\SystemRoot\System32\drivers\USBXHCI.SYS

\SystemRoot\System32\drivers\ucx01000.sys

\SystemRoot\System32\drivers\HECIx64.sys

\SystemRoot\System32\drivers\usbehci.sys

\SystemRoot\System32\drivers\USBPORT.SYS

\SystemRoot\System32\drivers\HDAudBus.sys

\SystemRoot\system32\DRIVERS\athw8x.sys

\SystemRoot\System32\drivers\vwifibus.sys

\SystemRoot\system32\DRIVERS\RtsBaStor.sys

\SystemRoot\system32\DRIVERS\Rt630x64.sys

\SystemRoot\System32\drivers\i8042prt.sys

\SystemRoot\System32\drivers\AsusTP.sys

\SystemRoot\System32\drivers\mouclass.sys

\SystemRoot\System32\drivers\kbfiltr.sys

\SystemRoot\System32\drivers\kbdclass.sys

\SystemRoot\System32\drivers\CmBatt.sys

\SystemRoot\System32\drivers\BATTC.SYS

\SystemRoot\System32\drivers\wmiacpi.sys

\SystemRoot\System32\drivers\intelppm.sys

\SystemRoot\System32\drivers\AsHIDSwitch64.sys

\SystemRoot\System32\drivers\HIDCLASS.SYS

\SystemRoot\System32\drivers\HIDPARSE.SYS

\SystemRoot\system32\DRIVERS\raspptp.sys

\SystemRoot\system32\DRIVERS\rasl2tp.sys

\SystemRoot\system32\DRIVERS\raspppoe.sys

\SystemRoot\System32\drivers\swenum.sys

\SystemRoot\System32\drivers\ks.sys

\SystemRoot\System32\drivers\btath_bus.sys

\SystemRoot\System32\drivers\rdpbus.sys

\SystemRoot\System32\Drivers\NDProxy.SYS

\SystemRoot\System32\drivers\usbhub.sys

\SystemRoot\System32\drivers\USBD.SYS

\SystemRoot\System32\drivers\UsbHub3.sys

\SystemRoot\system32\drivers\RTKVHD64.sys

\SystemRoot\system32\drivers\portcls.sys

\SystemRoot\system32\drivers\drmk.sys

\SystemRoot\system32\drivers\ksthunk.sys

\SystemRoot\system32\DRIVERS\IntcDAud.sys

\SystemRoot\System32\Drivers\fastfat.SYS

\SystemRoot\System32\drivers\usbccgp.sys

\SystemRoot\System32\drivers\hidusb.sys

\SystemRoot\system32\DRIVERS\btfilter.sys

\SystemRoot\System32\Drivers\BTHUSB.sys

\SystemRoot\System32\Drivers\bthport.sys

\SystemRoot\System32\Drivers\usbvideo.sys

\SystemRoot\system32\DRIVERS\BthLEEnum.sys

\SystemRoot\system32\DRIVERS\rfcomm.sys

\SystemRoot\system32\DRIVERS\BthEnum.sys

\SystemRoot\system32\DRIVERS\bthpan.sys

\SystemRoot\System32\drivers\btath_hcrp.sys

\SystemRoot\system32\DRIVERS\btath_flt.sys

\SystemRoot\system32\DRIVERS\btath_lwflt.sys

\SystemRoot\System32\Drivers\dump_diskdump.sys

\SystemRoot\System32\Drivers\dump_iaStorA.sys

\SystemRoot\System32\Drivers\dump_dumpfve.sys

\SystemRoot\System32\win32k.sys

\SystemRoot\system32\DRIVERS\monitor.sys

\SystemRoot\System32\TSDDD.dll

\SystemRoot\system32\drivers\luafv.sys

\SystemRoot\system32\drivers\WudfPf.sys

\SystemRoot\system32\DRIVERS\lltdio.sys

\SystemRoot\system32\DRIVERS\nwifi.sys

\SystemRoot\system32\DRIVERS\ndisuio.sys

\SystemRoot\system32\DRIVERS\rspndr.sys

\SystemRoot\system32\DRIVERS\vwifimp.sys

\??\C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys

\SystemRoot\system32\drivers\HTTP.sys

\SystemRoot\system32\DRIVERS\bowser.sys

\SystemRoot\System32\drivers\mpsdrv.sys

\SystemRoot\system32\DRIVERS\mrxsmb.sys

\SystemRoot\system32\DRIVERS\mrxsmb10.sys

\SystemRoot\system32\DRIVERS\mrxsmb20.sys

\SystemRoot\system32\drivers\Ndu.sys

\SystemRoot\system32\drivers\peauth.sys

\SystemRoot\System32\Drivers\secdrv.SYS

\SystemRoot\System32\DRIVERS\srvnet.sys

\SystemRoot\System32\drivers\tcpipreg.sys

\SystemRoot\System32\drivers\condrv.sys

\SystemRoot\System32\DRIVERS\srv2.sys

\SystemRoot\System32\DRIVERS\srv.sys

\??\C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\regfilter.sys

\SystemRoot\system32\DRIVERS\cdfs.sys

\SystemRoot\system32\DRIVERS\asyncmac.sys

\SystemRoot\System32\drivers\rdpvideominiport.sys

\SystemRoot\System32\drivers\mouhid.sys

\SystemRoot\System32\cdd.dll

\SystemRoot\System32\drivers\kbdhid.sys

\SystemRoot\system32\DRIVERS\bmusbser.sys

\SystemRoot\system32\drivers\modem.sys

\SystemRoot\System32\drivers\USBSTOR.SYS

\SystemRoot\system32\DRIVERS\WUDFRd.sys

\SystemRoot\System32\drivers\WpdUpFltr.sys

\??\C:\Windows\system32\Drivers\PROCEXP113.SYS

\??\C:\Windows\system32\drivers\mbamchameleon.sys

\??\C:\Windows\system32\drivers\MBAMSwissArmy.sys

----------- End -----------

Done!

<<<1>>>

Upper Device Name: \Device\Harddisk1\DR2

Upper Device Object: 0xfffffa80051926c0

Upper Device Driver Name: \Driver\disk\

Lower Device Name: \Device\000000a7\

Lower Device Object: 0xfffffa8007534060

Lower Device Driver Name: \Driver\USBSTOR\

<<<1>>>

Upper Device Name: \Device\Harddisk0\DR0

Upper Device Object: 0xfffffa80051d3060

Upper Device Driver Name: \Driver\disk\

Lower Device Name: \Device\0000003b\

Lower Device Object: 0xfffffa800471f7f0

Lower Device Driver Name: \Driver\iaStorA\

<<<2>>>

Physical Sector Size: 512

Drive: 0, DevicePointer: 0xfffffa80051d3060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\

--------- Disk Stack ------

DevicePointer: 0xfffffa8004977980, DeviceName: Unknown, DriverName: \Driver\partmgr\

DevicePointer: 0xfffffa80051d3060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\

DevicePointer: 0xfffffa800471be40, DeviceName: Unknown, DriverName: \Driver\ACPI\

DevicePointer: 0xfffffa800471f7f0, DeviceName: \Device\0000003b\, DriverName: \Driver\iaStorA\

------------ End ----------

Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\

Upper DeviceData: 0x0, 0x0, 0x0

Lower DeviceData: 0x0, 0x0, 0x0

<<<3>>>

Volume: C:

File system type: NTFS

SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes

<<<2>>>

<<<3>>>

Volume: C:

File system type: NTFS

SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes

Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...

<<<2>>>

<<<3>>>

Volume: C:

File system type: NTFS

SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes

Done!

Drive 0

Scanning MBR on drive 0...

Inspecting partition table:

This drive is a GPT Drive.

MBR Signature: 55AA

Disk Signature: 91A883DE

 

GPT Protective MBR Partition information:

 

    Partition 0 type is EFI-GPT (0xee)

    Partition is NOT ACTIVE.

    Partition starts at LBA: 1  Numsec = 4294967295

 

    Partition 1 type is Empty (0x0)

    Partition is NOT ACTIVE.

    Partition starts at LBA: 0  Numsec = 0

 

    Partition 2 type is Empty (0x0)

    Partition is NOT ACTIVE.

    Partition starts at LBA: 0  Numsec = 0

 

    Partition 3 type is Empty (0x0)

    Partition is NOT ACTIVE.

    Partition starts at LBA: 0  Numsec = 0

 

GPT Partition information:

 

    GPT Header Signature 4546492050415254

    GPT Header Revision 65536 Size 92 CRC 3815060198

    GPT Header CurrentLba = 1 BackupLba 1465149167

    GPT Header FirstUsableLba 34  LastUsableLba 1465149134

    GPT Header Guid ab4e2f73-3bec-44ea-9a26-671fa59b242a

    GPT Header Contains 128 partition entries starting at LBA 2

    GPT Header Partition entry size = 128

 

    Backup GPT header Signature 4546492050415254

    Backup GPT header Revision 65536 Size 92 CRC 3815060198

    Backup GPT header CurrentLba = 1465149167 BackupLba 1

    Backup GPT header FirstUsableLba 34  LastUsableLba 1465149134

    Backup GPT header Guid ab4e2f73-3bec-44ea-9a26-671fa59b242a

    Backup GPT header Contains 128 partition entries starting at LBA 1465149135

    Backup GPT header Partition entry size = 128

 

    Partition 0 Type c12a7328-f81f-11d2-ba4b-0a0c93ec93b

    Partition ID 3d144cab-8e85-42f7-a63a-9670fbd02664

    FirstLBA 2048  Last LBA 616447

    Attributes 0

    Partition Name                 EFI system partition

 

    GPT Partition 0 is bootable

    Partition 1 Type de94bba4-6d1-4d40-a16a-bfd5179d6ac

    Partition ID 55afac51-43c6-4405-b450-f952aae59a7

    FirstLBA 616448  Last LBA 2459647

    Attributes 1

    Partition Name                 Basic data partition

 

    Partition 2 Type e3c9e316-b5c-4db8-817d-f92df0215ae

    Partition ID fc53217c-1135-4fe5-82a2-dcee532a61f1

    FirstLBA 2459648  Last LBA 2721791

    Attributes 0

    Partition Name         Microsoft reserved partition

 

    Partition 3 Type ebd0a0a2-b9e5-4433-87c0-68b6b72699c7

    Partition ID d9072b83-329a-420c-862-91ecacf6e9

    FirstLBA 2721792  Last LBA 588779519

    Attributes 0

    Partition Name                 Basic data partition

 

    Partition 4 Type ebd0a0a2-b9e5-4433-87c0-68b6b72699c7

    Partition ID 4e82c014-77fd-4a7b-add2-a1172deb2a5e

    FirstLBA 588779520  Last LBA 1423183871

    Attributes 0

    Partition Name                 Basic data partition

 

    Partition 5 Type de94bba4-6d1-4d40-a16a-bfd5179d6ac

    Partition ID 5b71d179-848-4a9e-aeb4-e555f06f813b

    FirstLBA 1423183872  Last LBA 1465147391

    Attributes 1

    Partition Name                 Basic data partition

 

Disk Size: 750156374016 bytes

Sector size: 512 bytes

 

Done!

Physical Sector Size: 0

Drive: 1, DevicePointer: 0xfffffa80051926c0, DeviceName: \Device\Harddisk1\DR2\, DriverName: \Driver\disk\

--------- Disk Stack ------

DevicePointer: 0xfffffa800a881040, DeviceName: Unknown, DriverName: \Driver\partmgr\

DevicePointer: 0xfffffa80051926c0, DeviceName: \Device\Harddisk1\DR2\, DriverName: \Driver\disk\

DevicePointer: 0xfffffa8007534060, DeviceName: \Device\000000a7\, DriverName: \Driver\USBSTOR\

------------ End ----------

Scan finished

=======================================

 

 

Removal queue found; removal started

Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR_0_i.mbam...

Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR_0_r.mbam...

Removal finished

 

mbar-log-2013-09-02 (19-43-20).txt

[Matthew22]

Is there a possibility that the virus is gone? I could test this by inserting a fresh pendrive in but I do not feel like taking the risk

[AdvancedSetup]

It has probably been removed but please go ahead and download a new fresh copy of combofix and run that again please.

 

Please visit this webpage and read the ComboFix User's Guide:

• Once you've read the article and are ready to use the program you can download it directly from the link below.
• Important! - Please make sure you save combofix to your desktop and do not run it from your browser
• Direct download link for: ComboFix.exe
• Please make sure you disable your security applications before running ComboFix.
• Once Combofix has completed it will produce and open a log file.  Please be patient as it can take some time to load.
• Please attach that log file to your next reply.
• If needed the file can be located here:  C:\combofix.txt
• NOTE: If you receive the message "illegal operation has been attempted on a registry key that has been marked for deletion", just reboot the computer.
  

 

[Matthew22]

ok damn i run my ComboFix and then it updated and when it was done the entire file was deleted. I downloaded a new one and I cannot open it even after i tried changing its name. I ran Rkill and it still didnt work

[Matthew22]

Combofix will immediately close after you open it

[Matthew22]

No wait my bad, i created a shortcut instead of moving the combofix file to my desktop. I ran earlier and here is the log 

 

ComboFix 13-09-02.02 - Neoh 03/09/2013  17:46:51.5.4 - x64

Microsoft Windows 8 Single Language  6.2.9200.0.1252.60.1033.18.3982.2468 [GMT 8:00]

Running from: c:\users\Neoh\Desktop\winlogon.exe.exe

AV: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: IObit Malware Fighter *Disabled/Updated* {A751AC20-3B48-5237-898A-78C4436BB78D}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

(((((((((((((((((((((((((   Files Created from 2013-08-03 to 2013-09-03  )))))))))))))))))))))))))))))))

.

.

2013-09-03 09:50 . 2013-09-03 09:50 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp

2013-09-03 09:50 . 2013-09-03 09:50 -------- d-----w- c:\users\Default\AppData\Local\temp

2013-09-02 11:43 . 2013-09-03 09:44 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)

2013-09-02 08:46 . 2013-09-02 08:46 -------- d-----w- C:\FRST

2013-09-02 04:06 . 2013-08-05 17:58 9515512 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{568A79FB-0D9F-471B-B818-95FD63FCEA88}\mpengine.dll

2013-09-02 04:06 . 2013-05-02 15:29 278800 ------w- c:\windows\system32\MpSigStub.exe

2013-08-31 16:32 . 2013-08-31 16:32 -------- d-----w- c:\programdata\Malwarebytes

2013-08-31 16:32 . 2013-09-01 17:00 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2013-08-31 15:24 . 2013-08-31 15:24 -------- d-----w- c:\programdata\IObit

2013-08-31 15:23 . 2013-08-31 15:23 -------- d-----w- c:\program files (x86)\IObit

2013-08-31 09:42 . 2013-08-31 09:42 -------- d-----w- c:\program files\CSL 3.5G Connect

2013-08-30 17:07 . 2013-08-30 17:07 -------- d-----w- C:\3bfda

2013-08-28 12:12 . 2013-08-31 09:29 -------- d-----w- c:\program files\Recuva

2013-08-28 01:58 . 2013-08-28 01:58 -------- d-----w- c:\programdata\NCH Software

2013-08-28 01:57 . 2013-08-28 01:58 -------- d-----w- c:\program files (x86)\NCH Software

2013-08-28 01:11 . 2013-08-31 15:55 -------- d-----w- c:\users\Public\AccountPictures

2013-08-27 18:11 . 2013-08-27 18:11 240304 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10214.bin

2013-08-27 13:56 . 2013-08-27 13:56 -------- d-----w- c:\program files\Microsoft Office

2013-08-27 13:56 . 2013-08-27 13:56 -------- d-----w- c:\program files (x86)\Microsoft Analysis Services

2013-08-27 13:55 . 2013-08-27 14:03 -------- d-----w- c:\programdata\Microsoft Help

2013-08-27 13:55 . 2013-08-27 13:55 -------- d-----r- C:\MSOCache

2013-08-27 13:32 . 2013-04-03 17:27 5102040 ----a-w- c:\windows\SysWow64\GameMon.des

2013-08-27 13:32 . 2012-01-01 07:33 4774 ----a-w- c:\windows\SysWow64\npptNT2.sys

2013-08-27 13:32 . 2003-07-20 00:17 5174 ----a-w- c:\windows\SysWow64\nppt9x.vxd

2013-08-27 13:32 . 2013-08-27 13:32 -------- d-----w- c:\program files\Common Files\INCA Shared

2013-08-27 13:31 . 2013-08-27 13:31 -------- d-----w- c:\program files (x86)\Combined Community Codec Pack

2013-08-27 13:19 . 2009-05-22 08:02 119552 ----a-w- c:\windows\system32\drivers\bmusbser.sys

2013-08-27 13:19 . 2009-05-22 08:02 103424 ----a-w- c:\windows\SysWow64\MyDIT_GenClassCoInst.dll

2013-08-27 13:19 . 2013-08-31 09:31 -------- d-----w- c:\program files (x86)\CSL 3.5G Connect

2013-08-27 12:33 . 2013-08-27 12:33 -------- d-----w- c:\users\Public\CyberLink

2013-08-27 12:33 . 2013-08-27 12:33 -------- d-----w- c:\programdata\CyberLink

2013-08-27 12:27 . 2013-08-27 12:27 -------- d-----w- c:\program files (x86)\PANDORA.TV

2013-08-27 12:27 . 2013-08-27 12:27 -------- d-----w- c:\program files (x86)\The KMPlayer

2013-08-27 10:26 . 2013-08-27 10:27 -------- d-----w- c:\programdata\Yahoo!

2013-08-27 10:25 . 2013-08-27 10:26 -------- d-----w- c:\program files (x86)\Yahoo!

2013-08-27 10:25 . 2013-08-27 10:25 -------- d-----w- c:\program files (x86)\Common Files\Adobe

2013-08-27 10:23 . 2013-08-27 10:23 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service

2013-08-27 10:21 . 2013-08-27 16:25 -------- d-----w- c:\program files (x86)\Google

2013-08-27 10:20 . 2013-08-27 10:20 -------- d-----w- c:\program files\7-Zip

2013-08-27 10:16 . 2013-08-27 10:16 50784 ----a-w- c:\programdata\Microsoft\windowsfiltering\Sqm\Manifest\Sqm3.bin

2013-08-27 10:16 . 2013-08-27 10:16 17536 ----a-w- c:\programdata\Microsoft\windowssampling\Sqm\Manifest\Sqm3.bin

2013-08-27 10:13 . 2013-08-29 11:57 -------- d-----w- c:\users\Neoh

.

.

.

((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2013-08-27 10:13 . 2012-07-26 08:13 22240 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll

2013-07-18 05:47 . 2013-07-18 05:47 499712 ----a-w- c:\windows\SysWow64\msvcp71.dll

2013-07-18 05:47 . 2013-07-18 05:47 348160 ----a-w- c:\windows\SysWow64\msvcr71.dll

2013-07-18 05:47 . 2013-07-18 05:47 29480 ----a-w- c:\windows\SysWow64\msxml3a.dll

.

.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown 

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"2c4e2"="c:\users\Neoh\AppData\Roaming\3a583\2c4e2.js" [X]

"Messenger (Yahoo!)"="c:\program files (x86)\Yahoo!\Messenger\YahooMessenger.exe" [2009-11-10 5244216]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"ASUSPRP"="c:\program files (x86)\ASUS\APRP\APRP.EXE" [2013-04-24 3187360]

"ASUSWebStorage"="c:\program files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\AsusWSPanel.exe" [2012-12-19 3576784]

"RemoteControl10"="c:\program files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe" [2012-03-29 91432]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]

"IObit Malware Fighter"="c:\program files (x86)\IObit\IObit Malware Fighter\IMF.exe" [2013-08-16 1549120]

.

c:\users\Neoh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

7e0c.js [2013-9-3 47534]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"EnableUIADesktopToggle"= 0 (0x0)

"EnableCursorSuppression"= 1 (0x1)

"ConsentPromptBehaviorUser"= 3 (0x3)

"DisableCAD"= 1 (0x1)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]

"LoadAppInit_DLLs"=1 (0x1)

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\IMFservice]

@="Service"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc]

@=""

.

R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [x]

R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des;c:\windows\SYSNATIVE\GameMon.des [x]

R3 RegFilter;RegFilter;c:\program files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\regfilter.sys;c:\program files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\regfilter.sys [x]

R3 UrlFilter;UrlFilter;c:\program files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\UrlFilter.sys;c:\program files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\UrlFilter.sys [x]

R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\System32\drivers\wdcsam64.sys;c:\windows\SYSNATIVE\drivers\wdcsam64.sys [x]

R4 FileMonitor;FileMonitor;c:\program files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\FileMonitor.sys;c:\program files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\FileMonitor.sys [x]

S0 iaStorA;iaStorA;c:\windows\System32\drivers\iaStorA.sys;c:\windows\SYSNATIVE\drivers\iaStorA.sys [x]

S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys;c:\windows\SYSNATIVE\DRIVERS\nvpciflt.sys [x]

S1 ATKWMIACPIIO;ATKWMIACPI Driver;c:\program files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys;c:\program files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [x]

S2 ASMMAP64;ASMMAP64;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [x]

S2 ASUS InstantOn;ASUS InstantOn Service;c:\program files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe;c:\program files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe [x]

S2 Asus WebStorage Windows Service;Asus WebStorage Windows Service;c:\program files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\AsusWSWinService.exe;c:\program files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\AsusWSWinService.exe [x]

S2 AtherosSvc;AtherosSvc;c:\program files (x86)\Bluetooth Suite\adminservice.exe;c:\program files (x86)\Bluetooth Suite\adminservice.exe [x]

S2 IconMan_R;IconMan_R;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [x]

S2 IMFservice;IMF Service;c:\program files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe;c:\program files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe [x]

S2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]

S2 Intel® ME Service;Intel® ME Service;c:\program files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [x]

S2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [x]

S2 PanService;PandoraService;c:\program files (x86)\PANDORA.TV\PanService\PandoraService.exe;c:\program files (x86)\PANDORA.TV\PanService\PandoraService.exe [x]

S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]

S2 ZAtheros Bt and Wlan Coex Agent;ZAtheros Bt and Wlan Coex Agent;c:\program files (x86)\Bluetooth Suite\Ath_CoexAgent.exe;c:\program files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [x]

S3 AiCharger;ASUS Charger Driver;c:\windows\system32\DRIVERS\AiCharger.sys;c:\windows\SYSNATIVE\DRIVERS\AiCharger.sys [x]

S3 AthBTPort;Qualcomm Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys;c:\windows\SYSNATIVE\DRIVERS\btath_flt.sys [x]

S3 ATP;ASUS Input Device;c:\windows\System32\drivers\AsusTP.sys;c:\windows\SYSNATIVE\drivers\AsusTP.sys [x]

S3 bmusbser;Network Connect USB Device for Legacy Serial Communication;c:\windows\system32\DRIVERS\bmusbser.sys;c:\windows\SYSNATIVE\DRIVERS\bmusbser.sys [x]

S3 BTATH_BUS;Qualcomm Atheros Bluetooth Bus;c:\windows\System32\drivers\btath_bus.sys;c:\windows\SYSNATIVE\drivers\btath_bus.sys [x]

S3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\System32\drivers\btath_hcrp.sys;c:\windows\SYSNATIVE\drivers\btath_hcrp.sys [x]

S3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys;c:\windows\SYSNATIVE\DRIVERS\btath_lwflt.sys [x]

S3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys;c:\windows\SYSNATIVE\DRIVERS\btfilter.sys [x]

S3 BthLEEnum;Bluetooth Low Energy Driver;c:\windows\system32\DRIVERS\BthLEEnum.sys;c:\windows\SYSNATIVE\DRIVERS\BthLEEnum.sys [x]

S3 HIDSwitch;ASUS Wireless Radio Control;c:\windows\System32\drivers\AsHIDSwitch64.sys;c:\windows\SYSNATIVE\drivers\AsHIDSwitch64.sys [x]

S3 ICCS;Intel® Integrated Clock Controller Service - Intel® ICCS;c:\program files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe;c:\program files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe [x]

S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]

S3 RSBASTOR;Realtek PCIE CardReader Driver - BA;c:\windows\system32\DRIVERS\RtsBaStor.sys;c:\windows\SYSNATIVE\DRIVERS\RtsBaStor.sys [x]

S3 RTL8168;Realtek 8168 NT Driver;c:\windows\system32\DRIVERS\Rt630x64.sys;c:\windows\SYSNATIVE\DRIVERS\Rt630x64.sys [x]

.

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]

2013-08-30 10:38 1177552 ----a-w- c:\program files (x86)\Google\Chrome\Application\29.0.1547.62\Installer\chrmstp.exe

.

Contents of the 'Scheduled Tasks' folder

.

2013-09-03 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-08-27 10:32]

.

2013-09-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-08-27 10:21]

.

2013-09-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-08-27 10:21]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\!AsusWSShellExt_B]

@="{6D4133E5-0742-4ADC-8A8C-9303440F7190}"

[HKEY_CLASSES_ROOT\CLSID\{6D4133E5-0742-4ADC-8A8C-9303440F7190}]

2012-09-27 07:15 1472512 ----a-w- c:\program files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\AsusWSShellExt64.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\!AsusWSShellExt_O]

@="{64174815-8D98-4CE6-8646-4C039977D808}"

[HKEY_CLASSES_ROOT\CLSID\{64174815-8D98-4CE6-8646-4C039977D808}]

2012-09-27 07:15 1472512 ----a-w- c:\program files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\AsusWSShellExt64.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\!AsusWSShellExt_U]

@="{1C5AB7B1-0B38-4EC4-9093-7FD277E2AF4D}"

[HKEY_CLASSES_ROOT\CLSID\{1C5AB7B1-0B38-4EC4-9093-7FD277E2AF4D}]

2012-09-27 07:15 1472512 ----a-w- c:\program files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\AsusWSShellExt64.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]

@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"

[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]

2013-06-27 08:11 778704 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]

@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"

[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]

2013-06-27 08:11 778704 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedViewOverlay]

@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"

[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]

2013-06-27 08:11 778704 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]

@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"

[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]

2013-06-27 08:11 778704 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]

@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"

[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]

2013-06-27 08:11 778704 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2013-02-21 171992]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2013-02-21 399832]

"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2013-04-24 13535304]

"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2013-04-24 1307720]

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

mLocal Page = c:\windows\SysWOW64\blank.htm

IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105

TCP: Interfaces\{CAC55C7A-405F-466D-88B0-6F509E667897}: NameServer = 203.82.64.129 203.82.64.145

FF - ProfilePath - c:\users\Neoh\AppData\Roaming\Mozilla\Firefox\Profiles\qkkklbw0.default\

.

- - - - ORPHANS REMOVED - - - -

.

Toolbar-Locked - (no file)

ShellIconOverlayIdentifiers-{F241C880-6982-4CE5-8CF7-7085BA96DA5A} - (no file)

ShellIconOverlayIdentifiers-{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} - (no file)

ShellIconOverlayIdentifiers-{BBACC218-34EA-4666-9D7A-C78F2274A524} - (no file)

.

.

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\npggsvc]

"ImagePath"="c:\windows\system32\GameMon.des -service"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]

@Denied: (A) (Everyone)

"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]

@Denied: (A) (Everyone)

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]

"Key"="ActionsPane3"

"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e96d-e325-11ce-bfc1-08002be10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

@SACL=(02 0000)

.

Completion time: 2013-09-03  17:51:43

ComboFix-quarantined-files.txt  2013-09-03 09:51

ComboFix2.txt  2013-09-02 08:40

ComboFix3.txt  2013-09-01 11:46

ComboFix4.txt  2013-09-01 06:30

ComboFix5.txt  2013-09-03 09:46

.

Pre-Run: 176,790,237,184 bytes free

Post-Run: 176,726,269,952 bytes free

.

- - End Of File - - 5B649C950357D7D4C7839F5752CC23CF

5FB38429D5D77768867C76DCBDB35194

[AdvancedSetup]

Okay good.  Please run this again and post back the new log.  Delete any current FRST logs you have now.

 

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

• Double-click to run it. When the tool opens click Yes to disclaimer.
• Press Scan button.
• It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
• The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
  

 

[Matthew22]

here is the FRST.txt

 

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 03-09-2013 03

Ran by Neoh (administrator) on USER on 04-09-2013 12:49:23

Running from C:\Users\Neoh\Desktop

Windows 8 Single Language (X64) OS Language: English(US)

Internet Explorer Version 10

Boot Mode: Normal

 

==================== Processes (Whitelisted) =================

 

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe

(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe

(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe

(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe

(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\Splendid\ColorUService.exe

(ASUS) C:\Program Files\ASUS\P4G\BatteryLife.exe

(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe

(ASUS) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe

(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe

(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe

(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x64\QuickGesture64.exe

(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x86\QuickGesture.exe

(ASUS) C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe

(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPCenter.exe

() C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\AsusWSWinService.exe

(ASUS) C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnWMI.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe

(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\adminservice.exe

(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe

(Microsoft Corporation) C:\Windows\system32\dashost.exe

(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe

(Pandora.TV) C:\Program Files (x86)\PANDORA.TV\PanService\PandoraService.exe

(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe

(Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe

(PandoraTV) C:\Program Files (x86)\PANDORA.TV\PanService\PanProcess.exe

(Intel Corporation) C:\Windows\system32\igfxpers.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe

(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4406.1205_x64__8wekyb3d8bbwe\LiveComm.exe

(Intel Corporation) C:\Windows\System32\igfxtray.exe

(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe

(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe

(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPHelper.exe

(Intel Corporation) C:\Windows\System32\hkcmd.exe

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe

(Microsoft Corporation) C:\Windows\System32\WScript.exe

(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe

(Yahoo! Inc.) C:\Program Files (x86)\Yahoo!\Messenger\ymsgr_tray.exe

(Dropbox, Inc.) C:\Users\Neoh\AppData\Roaming\Dropbox\bin\Dropbox.exe

() D:\CSL 3.5G Connect\WirelessModem.exe

(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Farbar) C:\Users\Neoh\Desktop\fix.rar.exe

(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe

 

==================== Registry (Whitelisted) ==================

 

HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13535304 2013-04-24] (Realtek Semiconductor)

HKLM\...\Run: [RtHDVBg] - C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1307720 2013-04-24] (Realtek Semiconductor)

HKLM\...\Policies\Explorer: [NoDrives] 0

HKCU\...\Run: [Messenger (Yahoo!)] - C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe [5244216 2009-11-11] (Yahoo! Inc.)

HKCU\...\Run: [2c4e2] - C:\Users\Neoh\AppData\Roaming\3a583\2c4e2.js [47534 2013-09-04] ()

HKCU\...\Policies\Explorer: [NoDrives] 0

HKLM-x32\...\Run: [ASUSPRP] - C:\Program Files (x86)\ASUS\APRP\APRP.EXE [3187360 2013-04-24] (ASUSTek Computer Inc.)

HKLM-x32\...\Run: [ASUSWebStorage] - C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\AsusWSPanel.exe [3576784 2012-12-19] (ASUS Cloud Corporation)

HKLM-x32\...\Run: [RemoteControl10] - C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [91432 2012-03-29] (CyberLink Corp.)

HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-05] (Adobe Systems Incorporated)

Startup: C:\Users\Neoh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\7b0.js ()

Startup: C:\Users\Neoh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk

ShortcutTarget: Dropbox.lnk -> C:\Users\Neoh\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

 

==================== Internet (Whitelisted) ====================

 

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://asus13.msn.com

StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe

SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=ASU2JS

SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=ASU2JS

SearchScopes: HKLM-x32 - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=ASU2JS

SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=ASU2JS

SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 

SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 

BHO: CIESpeechBHO Class - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Qualcomm Atheros Commnucations)

BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)

BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)

Tcpip\..\Interfaces\{CAC55C7A-405F-466D-88B0-6F509E667897}: [NameServer]203.82.64.129 203.82.64.145

 

FireFox:

========

FF ProfilePath: C:\Users\Neoh\AppData\Roaming\Mozilla\Firefox\Profiles\qkkklbw0.default

FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_94.dll ()

FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll ()

FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)

FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)

FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 - C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)

FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)

FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)

FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()

FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] C:\Program Files\McAfee\MSK

 

Chrome: 

=======

CHR RestoreOnStartup: "https://www.google.com/"

CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}

CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter}

CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.62\PepperFlash\pepflashplayer.dll ()

CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer

CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.62\ppGoogleNaClPluginChrome.dll ()

CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.62\pdf.dll ()

CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)

CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)

CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)

CHR Plugin: (Intel\u00AE Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)

CHR Plugin: (Intel\u00AE Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)

CHR Plugin: (WildTangent Games App V2 Presence Detector) - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()

CHR Plugin: (Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll ()

CHR Plugin: (McAfee SecurityCenter) - c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL No File

CHR Extension: (Google Docs) - C:\Users\Neoh\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0

CHR Extension: (Google Drive) - C:\Users\Neoh\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0

CHR Extension: (YouTube) - C:\Users\Neoh\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0

CHR Extension: (Google Search) - C:\Users\Neoh\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0

CHR Extension: (Chrome In-App Payments service) - C:\Users\Neoh\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.10_0

CHR Extension: (Gmail) - C:\Users\Neoh\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0

 

==================== Services (Whitelisted) =================

 

R2 ASUS InstantOn; C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe [277120 2012-04-14] (ASUS)

R2 Asus WebStorage Windows Service; C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\AsusWSWinService.exe [72192 2012-12-19] ()

R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [226944 2012-12-29] (Qualcomm Atheros Commnucations)

R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [129856 2012-07-06] (Intel Corporation)

R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [166720 2012-07-06] (Intel Corporation)

S3 npggsvc; C:\Windows\SysWow64\GameMon.des [5102040 2013-04-04] (INCA Internet Co., Ltd.)

R2 PanService; C:\Program Files (x86)\PANDORA.TV\PanService\PandoraService.exe [625304 2012-09-28] (Pandora.TV)

R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [14920 2013-04-24] (Microsoft Corporation)

R2 ZAtheros Bt and Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [323584 2012-12-29] (Atheros)

 

==================== Drivers (Whitelisted) ====================

 

R3 ATP; C:\Windows\System32\drivers\AsusTP.sys [65784 2013-02-07] (ASUS Corporation)

R3 bmusbser; C:\Windows\system32\DRIVERS\bmusbser.sys [119552 2009-05-22] (BM)

R3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2012-12-29] (Qualcomm Atheros)

R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [202752 2012-07-26] (Microsoft Corporation)

R3 kbfiltr; C:\Windows\System32\drivers\kbfiltr.sys [14992 2012-08-02] ( )

U5 AppMgmt; C:\Windows\system32\svchost.exe [29696 2013-04-24] (Microsoft Corporation)

S3 catchme; \??\C:\fix.exe\catchme.sys [x]

U0 msahci; 

 

========================== Drivers MD5 =======================

 

C:\Windows\System32\drivers\1394ohci.sys E890C46E4754F0DF51BAFCC8D2E07498

C:\Windows\System32\drivers\3ware.sys 4F18D4C7EA14F11A7211F60D553C03DB

C:\Windows\System32\drivers\ACPI.sys 975AABEB243B800C23626D6B652C5A9C

C:\Windows\System32\Drivers\acpiex.sys DC968C37822117E576B933F34A2D130C

C:\Windows\System32\drivers\acpipagr.sys 0CA9F7C3A78227C21A0A7854E245CFB2

C:\Windows\System32\drivers\acpipmi.sys 8EB8DA03B142D3DD1EB9ED8107A76C43

C:\Windows\System32\drivers\acpitime.sys CBCE725C5D86ABA7D2604E22951AA9B8

C:\Windows\System32\drivers\adp94xx.sys 93C6388592B99925C1D1576E465BC80F

C:\Windows\System32\drivers\adpahci.sys D27763E0247292654E7F7D16444C7C72

C:\Windows\System32\drivers\adpu320.sys 67B90070FF48F794AF19F9FCF0080D75

C:\Windows\system32\drivers\afd.sys 36D6A3201721558A8AFBCC09C2DA4C2C

C:\Windows\system32\DRIVERS\agrsm64.sys 98022774D9930ECBB292E70DB7601DF6

C:\Windows\System32\drivers\agp440.sys 01590377A5AB19E792528C628A2A68F9

C:\Windows\system32\DRIVERS\AiCharger.sys 16F6F6B7903B913AB41AB848C8BB5658

C:\Windows\System32\drivers\amdk8.sys 5A81054B824004B1ECC04F0034A1CDF9

C:\Windows\System32\drivers\amdppm.sys B849D453E644FAB9BC8EF6DC8CA9C4C6

C:\Windows\System32\drivers\amdsata.sys 35A0EB5AECB0FA3C41A2FB514A562304

C:\Windows\System32\drivers\amdsbs.sys 00452671904F5EE94B50BF0219C97164

C:\Windows\System32\drivers\amdxata.sys EA3FFE53E92E59C87E3ECA9BEB20D9B7

C:\Windows\system32\drivers\appid.sys 83B3682CE922FB0F415734B26D9D6233

C:\Windows\System32\drivers\arc.sys E933401B392387F4BE34DE8BAF1722A7

C:\Windows\System32\drivers\arcsas.sys 07CA323EF2E8247A568AB0F3662AD644

C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys 4C016FD76ED5C05E84CA8CAB77993961

C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys 4C016FD76ED5C05E84CA8CAB77993961

C:\Windows\System32\DRIVERS\asyncmac.sys 74DBAEC35366C4EE7670428808715A6A

C:\Windows\System32\drivers\atapi.sys A721FF570C2387E383BDDEA9632863C9

C:\Windows\system32\DRIVERS\btath_flt.sys CE2BCBDC20734F372B70B94704D3092D

C:\Windows\system32\DRIVERS\athw8x.sys 4883D2A68AA1465A6640ED6744840D3B

C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys 41CEAFFCF3550785E59E3EC9BEE8D97A

C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys 41CEAFFCF3550785E59E3EC9BEE8D97A

C:\Windows\System32\drivers\AsusTP.sys 3903D1056E778BAEFA310B9B6EA6053E

C:\Windows\System32\drivers\bxvbda.sys 87AB5BB072A3F128541D5B815F82FFDD

C:\Windows\System32\drivers\BasicDisplay.sys 81703BC5D68DEDBB086C2368FBE7B334

C:\Windows\System32\drivers\BasicRender.sys 5EC68164E14D25675C98BBB5F09E8606

C:\Windows\System32\Drivers\Beep.sys 9E7AEA59776D904607985AFFE7E5E183

C:\Windows\system32\DRIVERS\bmusbser.sys ED5622610395D9987DD8F8F06D526422

C:\Windows\System32\DRIVERS\bowser.sys B17AC10B47C7FCB44D22A1F06415840E

C:\Windows\System32\drivers\btath_bus.sys D5418AF1B9AC86D89C045026EFBD5FB7

C:\Windows\System32\drivers\btath_hcrp.sys 4AF7C20F94DAC343C01ED671C82DCB99

C:\Windows\system32\DRIVERS\btath_lwflt.sys 785C38070043BEEE9E9D591DE4067244

C:\Windows\system32\DRIVERS\btfilter.sys 32DDD9C91224BE4BB4AB9DC96E4A9FBB

C:\Windows\System32\drivers\BthAvrcpTg.sys F17DEEAC7D51D44CF1BFF8DD4F0A2B6D

C:\Windows\system32\DRIVERS\BthEnum.sys A8B20D852B07AE19A13B5D47EC4E4C3B

C:\Windows\System32\drivers\bthhfenum.sys 616EB8748C988AEE98D93DA141C3D3B4

C:\Windows\System32\drivers\BthHFHid.sys DCB4EBD928A6FB368BE6CAE522412DE1

C:\Windows\system32\DRIVERS\BthLEEnum.sys 42201C346F0B8C458E1E9CDE04D68A2C

C:\Windows\System32\drivers\bthmodem.sys 033916CE8784A848B9A3D686B7F66D97

C:\Windows\system32\DRIVERS\bthpan.sys 091BB978E9504D0AD14586929431A957

C:\Windows\System32\Drivers\BTHport.sys B2FD839F9AF51B8580C02B89AC6C6C89

C:\Windows\System32\Drivers\BTHUSB.sys 1F715957F5236D30B6020A19A4271F6A

C:\Windows\System32\DRIVERS\cdfs.sys 990B1BABE6E81FB18E65A87EBEFB1772

C:\Windows\System32\drivers\cdrom.sys 339BFF85D788268752DA8C9644B188EE

C:\Windows\System32\drivers\circlass.sys F64B7D1A37CC1D5F421D5359EEC81E2E

C:\Windows\System32\drivers\CLFS.sys 9905168708DB68849B879B5548F68AB3

C:\Windows\System32\drivers\CmBatt.sys 2DC8538A2260647484A6C921CA837313

C:\Windows\System32\Drivers\cng.sys E708BFF0473EC6B271EA46B65B16CA56

C:\Windows\System32\drivers\CompositeBus.sys 0E5B1E9E7122EDAAF1F6CE047965CA92

C:\Windows\System32\drivers\condrv.sys D9CB0782AF819548072AA45B70F8B22D

C:\Windows\System32\drivers\dam.sys C4D01BD86D6B207275FC143EEA951D75

C:\Windows\System32\Drivers\dfsc.sys 09D9EB9E7898F8E6561473A20CC808B9

C:\Windows\System32\drivers\discache.sys 3C736FAE17BA6F91BA37594AAB139CD0

C:\Windows\System32\drivers\disk.sys 560495FF4CA22E1D9B1972FA18F43B6F

C:\Windows\System32\drivers\dmvsc.sys 82A7C72593793FE1EADA7A305BD1567A

C:\Windows\system32\drivers\drmkaud.sys 9C7C183F937951AE17C5B8B3259CF3FF

C:\Windows\System32\drivers\dxgkrnl.sys ED120AA770A78B5079F8C7BB5AF8A035

C:\Windows\system32\DRIVERS\e1i63x64.sys 651FBD69A9713D623D456A240F96179C

C:\Windows\System32\drivers\evbda.sys 5AB97B3282D7D6114949D1EB5C8598E4

C:\Windows\System32\drivers\EhStorClass.sys 66D60BD9A4C05616ABECA2A901475098

C:\Windows\System32\drivers\EhStorTcgDrv.sys A61D0F543024E458C0FE32352E1978E2

C:\Windows\System32\drivers\errdev.sys D790D058D67582DB9C84C2D33695FE6B

C:\Windows\System32\Drivers\exfat.sys 7A4D6FEB8C52B3FE855E4DCDF9107E03

C:\Windows\System32\Drivers\fastfat.sys 60996602A7111FD2D086E803F33E4282

C:\Windows\System32\drivers\fdc.sys 73B2D11DF0B6E03A0CB0323218ACB3E4

C:\Windows\System32\drivers\fileinfo.sys 88A9EBACD1058ABB237A6B4E96E7F397

C:\Windows\System32\drivers\filetrace.sys 9E4EE3A0B00FF7D5F42A4AF9744CBA02

C:\Windows\System32\drivers\flpydisk.sys B1D4C168FF7B8579E3745888658FFB1D

C:\Windows\System32\drivers\fltmgr.sys B33EC133AE4E6C1881D2302D93D2467D

C:\Windows\System32\drivers\FsDepends.sys A5F7873A39E4E9FAAAE59B7E9E36B705

C:\Windows\System32\Drivers\Fs_Rec.sys A6DD7D491F587F4BC13FB972977DC8E8

C:\Windows\System32\DRIVERS\fvevol.sys FA228F4BB10DC7ED7E7D131C034E2331

C:\Windows\System32\drivers\fxppm.sys A969D92973DFA895E7776B4BFE36DBB2

C:\Windows\System32\drivers\gagp30kx.sys 52BC441E07A827EBAB70CDC7EAEDB28D

C:\Windows\System32\drivers\vmgencounter.sys 721F8EEF5E9747F32670DEFF7FB92541

C:\Windows\System32\Drivers\msgpioclx.sys CA18ECFCFFDD638ECE80799A9056B238

C:\Windows\system32\drivers\HdAudio.sys C2504AA983B5D411F7D31402E8B57725

C:\Windows\System32\drivers\HDAudBus.sys 7D87B5B6C7188D553E11B59DC7F0B111

C:\Windows\System32\drivers\HidBatt.sys 3F76BBA53D65E85A7F53E7A71082082C

C:\Windows\System32\drivers\hidbth.sys A25BAE8C1F2830C8E5625EC7E4E968BE

C:\Windows\System32\drivers\hidi2c.sys CC4A07E51D89575CAB6F4EB590D87CD4

C:\Windows\System32\drivers\hidir.sys DC96F7DACB777CDEAEF9958A50BFDA06

C:\Windows\System32\drivers\AsHIDSwitch64.sys A9F2301B8D28BB4D887F5AEBB55ACB3A

C:\Windows\System32\drivers\hidusb.sys 590B6F71BCDA4368B4BF7D8DF22B60F7

C:\Windows\System32\drivers\HpSAMD.sys 64DB7A8D97CA53DCCF93D0A1E08342CF

C:\Windows\System32\drivers\HTTP.sys 29CB98187BB5711F7759540976D295FC

C:\Windows\System32\drivers\hwpolicy.sys 2A98301068801700906C06649860FE94

C:\Windows\System32\drivers\hyperkbd.sys DC76901D82097C9E297F20C287CB9A27

C:\Windows\system32\DRIVERS\HyperVideo.sys 716413AB3CA12DE0A7222D28C1C9352C

C:\Windows\System32\drivers\i8042prt.sys C9E9CBF73AFFBFE3E801EFB516787BA3

C:\Windows\System32\drivers\iaStorA.sys FA4C48E36F0B24E7E33D3E7E1844B9C9

C:\Windows\System32\drivers\iaStorV.sys 5E394EBD26FD68AA9300332C46BEDD62

C:\Windows\system32\DRIVERS\igdkmd64.sys 0245CD3AE14CACF6E2503C42019431D7

C:\Windows\System32\drivers\iirsp.sys 24847A06B84339FEEDE5CABF3D27D320

C:\Windows\system32\drivers\RTKVHD64.sys 5A51EF46FE265B15203277AD517DE6EA

C:\Windows\system32\DRIVERS\IntcDAud.sys F5495B38BFB9149925F54F65AB40EFBF

C:\Windows\System32\drivers\intelide.sys 4F37726CF764CA18A8A84F85EF3A7F24

C:\Windows\System32\drivers\intelppm.sys E15CDF68DD73423F15D4AC404793AF0D

C:\Windows\System32\DRIVERS\ipfltdrv.sys 8FCA66234A0933D796BB780B7953BAB9

C:\Windows\System32\drivers\IPMIDrv.sys 6E98A046A12AA113F8898AA5D612BD6E

C:\Windows\System32\drivers\ipnat.sys 3969B9C218DD3FAA9F4ED2FFC3651C02

C:\Windows\System32\drivers\irenum.sys 25CD7C4BB2863FFC2B0B311F0AEBF77C

C:\Windows\System32\drivers\isapnp.sys D940C5BB9DC92E588533C19ABCC3D2C2

C:\Windows\System32\drivers\msiscsi.sys 69C8BF0BC2B0EA10F130F4D3104DC2EF

C:\Windows\System32\drivers\kbdclass.sys 8FBD94B69D6423E20ABCD59D86368B21

C:\Windows\System32\drivers\kbdhid.sys E88C932ABDF8185A62C8F2FC7B051FB6

C:\Windows\System32\drivers\kbfiltr.sys A8080BEBCDB7A16495CE1205921DCAC5

C:\Windows\system32\DRIVERS\kdnic.sys FB6C185092E18011EF49989425C2AA87

C:\Windows\System32\Drivers\ksecdd.sys DFA480F6DED551464F3A5B959F437800

C:\Windows\System32\Drivers\ksecpkg.sys 127FB0AAD232BAAD2C9BBACD374F4FC5

C:\Windows\system32\drivers\ksthunk.sys 81492FEEBF2F26455B00EE8DBAE8A1B0

C:\Windows\system32\DRIVERS\lltdio.sys CEEFD29FC551F289810B0B9381B321DC

C:\Windows\System32\drivers\lsi_sas.sys 022CDD12161B063D7852B1075BF3FFF2

C:\Windows\System32\drivers\lsi_sas2.sys 07AD59D669B996F29F91817F0ECFA34F

C:\Windows\System32\drivers\lsi_scsi.sys 216FB796AA4E252ACCE93B1BCB80B5EC

C:\Windows\System32\drivers\lsi_sss.sys 5E80530AF37102488EE980B4A92AF99F

C:\Windows\system32\drivers\luafv.sys 2BDC5D711FA61307CE6190D47C956368

C:\Windows\System32\drivers\megasas.sys 9B0D829C3BE4E7472DB9DD2B79908E3C

C:\Windows\System32\drivers\MegaSR.sys ECC3F54C7AFC318271C4F0B4606D8DB0

C:\Windows\System32\drivers\HECIx64.sys 772A1DEEDFDBC244183B5C805D1B7D85

C:\Windows\System32\drivers\modem.sys 780098AD5DA8A4822E2563984C85EF7B

C:\Windows\system32\DRIVERS\monitor.sys 83EB0BF7E6EBD5B1AAC97F9DBD5EB935

C:\Windows\System32\drivers\mouclass.sys 618446B98C79776654340CE27C73485E

C:\Windows\System32\drivers\mouhid.sys CB2527B8B87D83E56FBF3944BBB6F606

C:\Windows\System32\drivers\mountmgr.sys 89D263DBF08119CE16273991C120D6DD

C:\Windows\System32\drivers\mpsdrv.sys 0D1609DD82C7440F5D5BF21A9D4D5C0C

C:\Windows\system32\drivers\mrxdav.sys 3D70147F55F1EC84EB9139ED7FFE48BC

C:\Windows\System32\DRIVERS\mrxsmb.sys 877D60D6E4156EC4A2E0B6871D41BED9

C:\Windows\System32\DRIVERS\mrxsmb10.sys 06D5F2FA3C61E8EA91648EA8E9F99FD3

C:\Windows\System32\DRIVERS\mrxsmb20.sys E078446D4B8622AA6030C7B8A1A08962

C:\Windows\system32\DRIVERS\bridge.sys 98487487D6B3797CA927E9D7B030AE13

C:\Windows\System32\Drivers\Msfs.sys 3886F1F2A4D2900ABAA7E4486BEEE6A2

C:\Windows\System32\drivers\msgpiowin32.sys C32A7A39B960A42BA9D4FBE47213CA03

C:\Windows\System32\drivers\mshidkmdf.sys D3857A767B91A061B408CCAB02DA4F40

C:\Windows\System32\drivers\mshidumdf.sys 839B48910FB1E887635C48F3EC11A05E

C:\Windows\System32\drivers\msisadrv.sys 55C0DB741E3AB7463242B185B1C2997C

C:\Windows\system32\drivers\MSKSSRV.sys 509809566E49F4411055864EA8D437CD

C:\Windows\system32\DRIVERS\mslldp.sys 63145201D6458E4958E572E7D6FC2604

C:\Windows\system32\drivers\MSPCLOCK.sys 99D526E803DB6D7FF290FD98B6204641

C:\Windows\system32\drivers\MSPQM.sys 06FA77C3E2A491ADCD704C5E73006269

C:\Windows\System32\Drivers\MsRPC.sys E134EC4DE11CF78CB01432D180710D84

C:\Windows\System32\drivers\mssmbios.sys B5AECF12F09DEE97C9FCAA5BA016CE1E

C:\Windows\system32\drivers\MSTEE.sys 72D66A05E0F99F2528F6C6204FD22AA1

C:\Windows\System32\drivers\MTConfig.sys 8AAAE399FC255FA105D4158CBA289001

C:\Windows\System32\Drivers\mup.sys 3BCB702F3E6CC622DCAFCAA45D7CDE0A

C:\Windows\System32\drivers\mvumis.sys 3A1E095277BBD406CEA8EA6B76950664

C:\Windows\system32\DRIVERS\nwifi.sys 43D7388A90A4C6EA346A4D6FF0377479

C:\Windows\System32\drivers\ndis.sys 03CFE4108D1DE16D6C59455B5C73319C

C:\Windows\system32\DRIVERS\ndiscap.sys 39C8A1D9D46F5E83A016BCAB72455284

C:\Windows\system32\DRIVERS\NdisImPlatform.sys 762941932B7E4C588E48A577BA9D6440

C:\Windows\system32\DRIVERS\ndistapi.sys 7A6F8A6D0E01432EBA294EF29CDD0FA7

C:\Windows\system32\DRIVERS\ndisuio.sys 79AB68BB3FFF974AD4F41FA559F4EC67

C:\Windows\system32\DRIVERS\ndiswan.sys 62C7DBF4F9301F76CF87D4B9D8F57BF8

C:\Windows\system32\DRIVERS\ndiswan.sys 62C7DBF4F9301F76CF87D4B9D8F57BF8

C:\Windows\System32\Drivers\NDProxy.sys CE6EBC0AD38CC6482D8FBB744FF15CE2

C:\Windows\System32\drivers\Ndu.sys D3F60A4345FCA9C1BE68AD7D0D6DE770

C:\Windows\System32\DRIVERS\netbios.sys 7C203A76394F9AE68F69EEE5F9612C4A

C:\Windows\System32\DRIVERS\netbt.sys 7CEC25C682D319D484630B3952C31A11

C:\Windows\system32\DRIVERS\NETwNs64.sys 57B9C04D673F236D41FAB03842C8640B

C:\Windows\System32\drivers\nfrd960.sys 12DD2800E4EEA37DC9AE256AD62423B4

C:\Windows\System32\Drivers\Npfs.sys 17E19A742FB30C002F8B43575451DBE1

C:\Windows\System32\drivers\npsvctrig.sys 8ED299C30792544264E558BEA79F0947

C:\Windows\System32\drivers\nsiproxy.sys 689B3B1E95C70ABF7AFF29F9406EF1E0

C:\Windows\System32\Drivers\Ntfs.sys 76929F4A69E425911A63B407E26C2589

C:\Windows\System32\Drivers\Null.sys 4163ADE07DB51843AE31F65B94F5398D

C:\Windows\system32\DRIVERS\nvlddmkm.sys 2C32BF1B8D31545243092F48A3BE009B

C:\Windows\System32\DRIVERS\nvpciflt.sys CB189CC57439DD021389078217998637

C:\Windows\System32\drivers\nvraid.sys D6D34118263412D3AAA8348A9572B7F2

C:\Windows\System32\drivers\nvstor.sys 27AFC428D1D32ABD04A86763A4EDDEA9

C:\Windows\System32\drivers\nv_agp.sys 051CFB5107BAAE510419BDC41F8C4036

C:\Windows\System32\drivers\parport.sys 4563DAF8C6A740AD7F501E219BD10766

C:\Windows\System32\drivers\partmgr.sys D6ACCF9F2EEEEA711C14EFD976E573F3

C:\Windows\System32\drivers\pci.sys 4A003E8F718C1E6A2050CA98CD53E3E2

C:\Windows\System32\drivers\pciide.sys F9908D274D458220F91E89B54D78D837

C:\Windows\System32\drivers\pcmcia.sys 84D19CB6102627932DCB5DFDF89FE269

C:\Windows\System32\drivers\pcw.sys CEBBAD5391C2644560C55628A40BFD27

C:\Windows\System32\drivers\pdc.sys AECC24430301DBC6A76916E3029B6B83

C:\Windows\System32\drivers\peauth.sys 70DBB6A8B52B3830922F1C5789E1BEEB

C:\Windows\system32\DRIVERS\raspptp.sys 362D47E5B4D67270DE4B8606036F4ADD

C:\Windows\System32\drivers\processr.sys DD979EB6A7212F60E4AFBE96EDC7AE6D

C:\Windows\system32\DRIVERS\pacer.sys EB8034147D4820CD31BFCB11A2A652DF

C:\Windows\system32\drivers\qwavedrv.sys 13D47BB0CCA2FC51BD15F8E85C6A078E

C:\Windows\System32\DRIVERS\rasacd.sys 873C60F8178100557740A832FCE10B5F

C:\Windows\system32\DRIVERS\AgileVpn.sys 69B93F623B130976243ECA3D84CC99CA

C:\Windows\system32\DRIVERS\rasl2tp.sys A14D625C5AEE5FFE0F47D1A1D419FAAE

C:\Windows\system32\DRIVERS\raspppoe.sys 00695B9C2DB6111064499C529E90C042

C:\Windows\system32\DRIVERS\rassstp.sys A7F24D8CD1956B0A1FDCB86CC5114DE4

C:\Windows\System32\DRIVERS\rdbss.sys B72C33DBD5326B3864CF2091AF8B906B

C:\Windows\System32\drivers\rdpbus.sys CA7DF5EC95D8DE0DD24BE7FF97369F68

C:\Windows\System32\drivers\rdpdr.sys B2A3AD74FF2E2FFA73AF2567108231B3

C:\Windows\System32\drivers\rdpvideominiport.sys 57F4787E4602A3FCA719C0A33137C6DA

C:\Windows\System32\Drivers\RDPWD.sys B3CB0721E81E30419CE7D837EF4EA151

C:\Windows\System32\drivers\rdyboost.sys 62C1F8A0685FE07E998AA296C4F697C4

C:\Windows\system32\DRIVERS\rfcomm.sys 17EF582CBC4809F96B9E6D0543480763

C:\Windows\system32\DRIVERS\RtsBaStor.sys C648C1FC380D17CB1D6CEEBA168CB15F

C:\Windows\system32\DRIVERS\rspndr.sys E04E770DD198B9399640717145E79EBF

C:\Windows\system32\DRIVERS\Rt630x64.sys 17DFD02577A5A635FA9642E1F7AE866B

C:\Windows\System32\drivers\vms3cap.sys 752EC7DCD2F96871A3857EEE6AFE965A

C:\Windows\System32\drivers\sbp2port.sys 9C7B28CE0D136DB226E24DB3BC817F92

C:\Windows\System32\DRIVERS\scfilter.sys 5D7733A12756B267FCA021672B26BC9E

C:\Windows\System32\drivers\sdbus.sys 12F06525912BBEF67837DE47D87C60A9

C:\Windows\System32\drivers\sdstor.sys BB107AA9980B0DA4E19A3A90C3BD4460

C:\Windows\System32\Drivers\secdrv.sys ==> MD5 is legit

C:\Windows\System32\drivers\SerCx.sys 87C46B239A7EEF30FDFDD5E9BD46130C

C:\Windows\System32\drivers\serenum.sys 7A1F9347C85FD55E39B8A76B3A25C5AD

C:\Windows\System32\drivers\serial.sys F640A0A218BBF857F1D04A15D7D939F6

C:\Windows\System32\drivers\sermouse.sys F1A5F56B2620B862CC28FF96A0A6DAAB

C:\Windows\System32\drivers\sfloppy.sys 7EE65419B29302C795714FF8073969A1

C:\Windows\System32\drivers\SiSRaid2.sys 2560721D6F16D5B611C36A3A9D28C1B2

C:\Windows\System32\drivers\sisraid4.sys 3AA8FDE1DBF65BB8B88B053529554A0D

C:\Windows\System32\drivers\spaceport.sys 465F3C355CE5ED2779B8F460F14C5A78

C:\Windows\System32\drivers\SpbCx.sys 3D8679C8DF52EB26EB7583A4E0A29202

C:\Windows\System32\DRIVERS\srv.sys 0F1FCD575A03ABDE13FCA9D0ADE4DDA6

C:\Windows\System32\DRIVERS\srv2.sys C2106BB710AA34A046126AED7BCA6964

C:\Windows\System32\DRIVERS\srvnet.sys 9400C71F5A1A380B494B6922F007D485

C:\Windows\System32\drivers\stexstor.sys 4E85355B94CFCB67C135F6521A4895A7

C:\Windows\System32\drivers\storahci.sys C588BBD37B432CE3204E5765B459E6B2

C:\Windows\System32\DRIVERS\vmstorfl.sys F74DBC95A57B1EE866D3732EB5F79BE2

C:\Windows\System32\drivers\storvsc.sys 543CD3CC0E05B8D8815E0D4F040B6F59

C:\Windows\System32\drivers\swenum.sys 4AFD66AAE74FFB5986BC240744DC5FC9

C:\Windows\System32\drivers\tcpip.sys F4F78B7F39BD56BD0BFE4C4399398F6F

C:\Windows\system32\DRIVERS\tcpip.sys F4F78B7F39BD56BD0BFE4C4399398F6F

C:\Windows\System32\drivers\tcpipreg.sys 8F2A13A5DF99D72FDDE87F502A66F989

C:\Windows\System32\DRIVERS\tdx.sys 73DC722CE5DF26D7638CE2446F2655C7

C:\Windows\System32\drivers\terminpt.sys F7C8AB5D8AFFAA318D6A21093D139BF4

C:\Windows\system32\drivers\tpm.sys B44EFE254C0B3719E4037088D24FE4B5

C:\Windows\System32\drivers\tsusbflt.sys 4E7C5FB10A50435523DE0CAA37DE2BD3

C:\Windows\System32\drivers\TsUsbGD.sys 16D684A820872EE54F6370703AC0B513

C:\Windows\system32\DRIVERS\tunnel.sys 78C9EE193AC2B4CBDBC48B620314D740

C:\Windows\System32\drivers\uagp35.sys 6D4F67CA56ACA2085DFA2CD89EAFBC1A

C:\Windows\System32\drivers\uaspstor.sys 6FD6D03B7752C78712E5CFF29A305026

C:\Windows\System32\drivers\ucx01000.sys 1ED222DFE6C13DA50FE081ABF90CAFE1

C:\Windows\System32\DRIVERS\udfs.sys DC5A461591C71AF7F19DC048A81E3F88

C:\Windows\System32\drivers\uliagpkx.sys 07FEBCDF24FABA0D47B635D85A0FFB7A

C:\Windows\System32\drivers\umbus.sys 02CEB3FE6152668A7BA420B93B664860

C:\Windows\System32\drivers\umpass.sys 991EE6B5FC41EAEF99C8AF5B92F2CA09

C:\Windows\System32\drivers\usbccgp.sys 2AF9F0E16D75B8F783A1ACE74EF51C9B

C:\Windows\System32\drivers\usbcir.sys B395B62B62F28106218FA6FB17F4C797

C:\Windows\System32\drivers\usbehci.sys 52F267AEE8CA5AA5CEB88C6A71EE1E86

C:\Windows\System32\drivers\usbhub.sys ADBF89B8E0BB372FEFE2E4B84E1E20AE

C:\Windows\System32\drivers\UsbHub3.sys C5986337DE3BF63ABD9ED4D834D34B89

C:\Windows\System32\drivers\usbohci.sys 325F6179009B5A7F6118951A5BA422AB

C:\Windows\System32\drivers\usbprint.sys BA3ABE0CD1C14B3295BAD0F076B84CAC

C:\Windows\System32\drivers\USBSTOR.SYS F77177F6C95B2116EE7AD23B5EF57007

C:\Windows\System32\drivers\usbuhci.sys D25EF4A6EC244C5DE85D88A05B7C149D

C:\Windows\System32\Drivers\usbvideo.sys 09799E701B4327097E9F63D3FE221083

C:\Windows\System32\drivers\USBXHCI.SYS 9CD4259AD15F84DE27B94A956C978D6C

C:\Windows\System32\drivers\vdrvroot.sys BACECBFF9C97F7627A60B0E0F1FE7EE8

C:\Windows\System32\drivers\VerifierExt.sys 74FA2D4368DE6F6CE14393EDF1F342BE

C:\Windows\System32\drivers\vhdmp.sys 8628FA679F0EC4B709CCD1F6B6A3233B

C:\Windows\System32\drivers\viaide.sys F5B4A14B00E89250C50982AC762DDD1D

C:\Windows\System32\drivers\vmbus.sys 78DB50F7329F6D1311658DABFFFC8BE0

C:\Windows\System32\drivers\VMBusHID.sys ECFEE2F2BA3932C7880D1A8F67D68F91

C:\Windows\System32\drivers\volmgr.sys CB60FAAED8B49B812EBBF77EB87D9B18

C:\Windows\System32\drivers\volmgrx.sys A74101DA9809251BCD0E5A26BAE0F824

C:\Windows\System32\drivers\volsnap.sys 2FB3CDFD5EAF4CD9D4AFAF96877D13AE

C:\Windows\System32\drivers\vpci.sys A8DA1C1B52ECEA3726DEBED4FF1B700D

C:\Windows\System32\drivers\vsmraid.sys 38A60CD9C009C55C6D3B5586F8E6A353

C:\Windows\System32\drivers\vstxraid.sys A0F6FE0FC2F647C22BBFD6BD4249DBCC

C:\Windows\System32\drivers\vwifibus.sys 62460A45435A26A334907E3F2EA45611

C:\Windows\system32\DRIVERS\vwififlt.sys 095E943D27025E4D588AF0A72CC2318F

C:\Windows\system32\DRIVERS\vwifimp.sys 73FA1A41A97A5C34ADC03B3577FF1A86

C:\Windows\System32\drivers\wacompen.sys 6B806E893714019969E2B50D7EF6A4D9

C:\Windows\system32\DRIVERS\wanarp.sys 6081CEC9EF9EB145D8B46655C7708D51

C:\Windows\system32\DRIVERS\wanarp.sys 6081CEC9EF9EB145D8B46655C7708D51

C:\Windows\System32\drivers\wd.sys B3A4D918DAB90505B6BC7B70632913CB

C:\Windows\System32\drivers\WdBoot.sys 6F4B5DDDC3B86091E94BC47347A78AF7

C:\Windows\System32\drivers\wdcsam64.sys ==> MD5 is legit

C:\Windows\System32\drivers\Wdf01000.sys 2ADC985B85A71BD7D99712EC0C24358B

C:\Windows\System32\drivers\WdFilter.sys 99D404A9A0AFC4734E014EBEBAC13F8F

C:\Windows\System32\DRIVERS\wfplwfs.sys FE762D3498719C3A23471BBA62F747B4

C:\Windows\System32\drivers\wimmount.sys A3C7624A42A3447EF5EDD1ED37FE4E60

C:\Windows\system32\DRIVERS\WinUSB.sys BB20956C424531003F7FA6CD36F11D5D

C:\Windows\System32\drivers\wmiacpi.sys E2A596CACFC6504306CDB7B593B90084

C:\Windows\System32\DRIVERS\wpcfltr.sys C6FF953D5D6F2EAE3B8883474D5076B3

C:\Windows\System32\drivers\WpdUpFltr.sys 0346CAFC181C91C6E2330332EB332ED6

C:\Windows\system32\drivers\ws2ifsl.sys BC8B5CB336E63BB25EAD1CE8EDD34B81

C:\Windows\System32\drivers\WSDPrint.sys 74EFDA0526862C3D8D01A776182798EA

C:\Windows\System32\drivers\WudfPf.sys AB886378EEB55C6C75B4F2D14B6C869F

C:\Windows\System32\drivers\WUDFRd.sys DDA4CAF29D8C0A297F886BFE561E6659

C:\Windows\system32\DRIVERS\WUDFRd.sys DDA4CAF29D8C0A297F886BFE561E6659

 

==================== NetSvcs (Whitelisted) ===================

 

 

==================== One Month Created Files and Folders ========

 

2013-09-03 22:44 - 2013-09-04 12:42 - 00000000 ___RD C:\Users\Neoh\Dropbox

2013-09-03 22:44 - 2013-09-03 22:44 - 00001002 _____ C:\Users\Neoh\Desktop\Dropbox.lnk

2013-09-03 22:43 - 2013-09-03 22:43 - 00000000 ____D C:\Users\Neoh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox

2013-09-03 22:41 - 2013-09-04 12:43 - 00000000 ____D C:\Users\Neoh\AppData\Roaming\Dropbox

2013-09-03 22:31 - 2013-09-03 22:38 - 32966136 _____ (Dropbox, Inc.) C:\Users\Neoh\Downloads\Dropbox 2.0.26.exe

2013-09-03 18:00 - 2013-09-03 18:00 - 00018374 _____ C:\ComboFix.txt

2013-09-03 17:45 - 2013-09-03 17:31 - 05119472 ____R (Swearware) C:\Users\Neoh\Desktop\winlogon.exe.exe

2013-09-03 17:30 - 2013-09-03 17:31 - 05119472 ____R (Swearware) C:\Users\Neoh\Downloads\ComboFix.exe

2013-09-03 17:23 - 2013-09-03 17:23 - 00000611 _____ C:\Users\Public\Desktop\CSL 3.5G Connect.lnk

2013-09-02 19:43 - 2013-09-03 17:44 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)

2013-09-02 19:40 - 2013-09-03 17:44 - 00000000 ____D C:\Users\Neoh\Desktop\mbar

2013-09-02 19:31 - 2013-09-02 19:33 - 12907592 _____ (Malwarebytes Corp.) C:\Users\Neoh\Desktop\mbar-1.07.0.1005.exe

2013-09-02 16:46 - 2013-09-02 16:46 - 00000000 ____D C:\FRST

2013-09-02 16:43 - 2013-09-02 16:43 - 01951950 _____ (Farbar) C:\Users\Neoh\Desktop\Far.exe.exe

2013-09-02 12:06 - 2013-05-02 23:29 - 00278800 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe

2013-09-01 21:13 - 2013-09-01 21:13 - 01038464 _____ (Bleeping Computer, LLC) C:\Users\Neoh\Downloads\rkill64-7800.exe

2013-09-01 21:13 - 2013-09-01 21:13 - 01038464 _____ (Bleeping Computer, LLC) C:\Users\Neoh\Downloads\rkill64.exe

2013-09-01 21:12 - 2013-09-01 21:12 - 01898112 _____ (Bleeping Computer, LLC) C:\Users\Neoh\Downloads\run.com.exe

2013-09-01 13:48 - 2013-09-03 18:00 - 00000000 ____D C:\Qoobox

2013-09-01 13:48 - 2013-09-01 13:53 - 00000000 ____D C:\Windows\erdnt

2013-09-01 13:48 - 2011-06-26 14:45 - 00256000 _____ C:\Windows\PEV.exe

2013-09-01 13:48 - 2010-11-08 01:20 - 00208896 _____ C:\Windows\MBR.exe

2013-09-01 13:48 - 2009-04-20 12:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe

2013-09-01 13:48 - 2000-08-31 08:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe

2013-09-01 13:48 - 2000-08-31 08:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe

2013-09-01 13:48 - 2000-08-31 08:00 - 00212480 _____ (SteelWerX) C:\Windows\SWXCACLS.exe

2013-09-01 13:48 - 2000-08-31 08:00 - 00098816 _____ C:\Windows\sed.exe

2013-09-01 13:48 - 2000-08-31 08:00 - 00080412 _____ C:\Windows\grep.exe

2013-09-01 13:48 - 2000-08-31 08:00 - 00068096 _____ C:\Windows\zip.exe

2013-09-01 00:52 - 2013-09-01 09:40 - 00000029 _____ C:\Users\Neoh\AppData\Roaming\mbam.context.scan

2013-09-01 00:33 - 2013-09-01 00:33 - 00000000 ____D C:\Users\Neoh\AppData\Roaming\Malwarebytes

2013-09-01 00:32 - 2013-09-02 01:00 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware

2013-09-01 00:32 - 2013-09-01 00:32 - 00000000 ____D C:\ProgramData\Malwarebytes

2013-08-31 23:24 - 2013-08-31 23:24 - 00000000 ____D C:\Users\Neoh\AppData\Roaming\IObit

2013-08-31 23:24 - 2013-08-31 23:24 - 00000000 ____D C:\ProgramData\IObit

2013-08-31 23:23 - 2013-08-31 23:23 - 00000000 ____D C:\Program Files (x86)\IObit

2013-08-31 17:57 - 2013-08-31 17:59 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Neoh\Downloads\mbam-setup-1.75.0.1300 (1).exe

2013-08-31 17:42 - 2013-08-31 17:42 - 00000000 ____D C:\Program Files\CSL 3.5G Connect

2013-08-31 17:23 - 2013-08-31 17:24 - 00806717 _____ C:\Users\Neoh\Downloads\Shortcut Virus Remover v3.1.exe

2013-08-31 17:21 - 2013-08-31 17:22 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Neoh\Downloads\winlogon.exe.exe

2013-08-31 16:10 - 2013-09-01 01:47 - 00340354 _____ C:\Users\Neoh\AppData\Roaming\ICARE_ACTIVITY.LOG

2013-08-31 16:09 - 2013-09-01 09:20 - 04613956 _____ C:\Users\Neoh\AppData\Roaming\ICARE.LOG

2013-08-31 16:08 - 2013-08-31 16:08 - 00017028 _____ C:\Users\Neoh\Downloads\AutoRunExterminator-1.8.zip

2013-08-31 15:46 - 2013-08-31 23:49 - 00000000 ____D C:\Users\Neoh\Desktop\New folder

2013-08-31 02:12 - 2013-08-31 02:12 - 00000000 ____D C:\Users\Neoh\AppData\Roaming\Media Player Classic

2013-08-31 01:07 - 2013-08-31 01:07 - 00000000 __SHD C:\Users\Neoh\AppData\Roaming\3a583

2013-08-31 01:07 - 2013-08-31 01:07 - 00000000 __SHD C:\3bfda

2013-08-30 23:11 - 2013-08-30 23:11 - 00000000 ____D C:\Users\Neoh\AppData\Roaming\NVIDIA

2013-08-28 20:12 - 2013-08-31 17:29 - 00000000 ____D C:\Program Files\Recuva

2013-08-28 20:12 - 2013-08-31 15:50 - 00001660 _____ C:\Users\Public\Desktop\Recuva.lnk

2013-08-28 09:58 - 2013-09-04 12:39 - 00000000 ____D C:\Windows\System32\Tasks\NCH Software

2013-08-28 09:58 - 2013-08-28 09:58 - 00000000 ____D C:\ProgramData\NCH Software

2013-08-28 09:57 - 2013-08-28 09:58 - 00000000 ____D C:\Program Files (x86)\NCH Software

2013-08-28 09:57 - 2013-08-28 09:57 - 03292760 _____ (NCH Software) C:\Users\Neoh\Downloads\vpsetup.exe

2013-08-28 09:57 - 2013-08-28 09:57 - 00001136 _____ C:\Users\Public\Desktop\VideoPad Video Editor.lnk

2013-08-28 09:57 - 2013-08-28 09:57 - 00000000 ____D C:\Users\Neoh\AppData\Roaming\NCH Software

2013-08-28 02:03 - 2013-08-28 02:03 - 00000310 _____ C:\Windows\AutoKMS.log

2013-08-28 00:27 - 2013-08-31 23:54 - 00000000 ____D C:\Users\Neoh\Google Drive

2013-08-28 00:27 - 2013-08-28 00:27 - 00001658 _____ C:\Users\Neoh\Desktop\Google Drive.lnk

2013-08-28 00:25 - 2013-08-28 00:25 - 00002046 _____ C:\Users\Public\Desktop\Google Slides.lnk

2013-08-28 00:25 - 2013-08-28 00:25 - 00002042 _____ C:\Users\Public\Desktop\Google Sheets.lnk

2013-08-28 00:25 - 2013-08-28 00:25 - 00002030 _____ C:\Users\Public\Desktop\Google Docs.lnk

2013-08-28 00:18 - 2013-08-28 00:18 - 00784832 _____ (Google Inc.) C:\Users\Neoh\Downloads\googledrivesync.exe

2013-08-27 22:27 - 2013-09-01 19:59 - 00003598 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-458189604-2422199037-1606706877-1002

2013-08-27 22:27 - 2013-08-27 22:27 - 00000184 _____ C:\Windows\AutoKMS.ini

2013-08-27 21:56 - 2013-08-27 21:56 - 00000000 ____D C:\Windows\System32\Tasks\OfficeSoftwareProtectionPlatform

2013-08-27 21:56 - 2013-08-27 21:56 - 00000000 ____D C:\Users\Neoh\AppData\Local\Microsoft Help

2013-08-27 21:56 - 2013-08-27 21:56 - 00000000 ____D C:\Program Files\Microsoft Office

2013-08-27 21:56 - 2013-08-27 21:56 - 00000000 ____D C:\Program Files (x86)\Microsoft Analysis Services

2013-08-27 21:55 - 2013-08-27 22:03 - 00000000 ____D C:\ProgramData\Microsoft Help

2013-08-27 21:55 - 2013-08-27 22:00 - 00000000 ____D C:\Program Files (x86)\Microsoft Office

2013-08-27 21:55 - 2013-08-27 21:55 - 00000000 ___RD C:\MSOCache

2013-08-27 21:35 - 2013-09-03 21:54 - 00000000 ____D C:\Users\Neoh\AppData\Local\CrashDumps

2013-08-27 21:32 - 2013-08-27 21:32 - 00000000 ____D C:\Program Files\Common Files\INCA Shared

2013-08-27 21:32 - 2013-04-04 01:27 - 05102040 _____ (INCA Internet Co., Ltd.) C:\Windows\SysWOW64\GameMon.des

2013-08-27 21:32 - 2012-01-01 15:33 - 00004774 _____ (INCA Internet Co., Ltd.) C:\Windows\SysWOW64\npptNT2.sys

2013-08-27 21:32 - 2003-07-20 08:17 - 00005174 _____ C:\Windows\SysWOW64\nppt9x.vxd

2013-08-27 21:31 - 2013-08-27 21:31 - 00000000 ____D C:\Program Files (x86)\Combined Community Codec Pack

2013-08-27 21:27 - 2013-08-27 21:28 - 09283128 _____ (CCCP Project                                                ) C:\Users\Neoh\Downloads\Combined-Community-Codec-Pack-2013-08-01.exe

2013-08-27 21:22 - 2013-08-27 21:22 - 00001062 _____ C:\Users\Neoh\Desktop\GUpdate_SINGAPORE - Shortcut.lnk

2013-08-27 21:20 - 2013-08-27 21:20 - 00000000 ____D C:\Users\Neoh\AppData\Local\Adobe

2013-08-27 21:19 - 2013-08-31 17:31 - 00000000 ____D C:\Program Files (x86)\CSL 3.5G Connect

2013-08-27 21:19 - 2009-05-22 16:02 - 00119552 _____ (BM) C:\Windows\system32\Drivers\bmusbser.sys

2013-08-27 21:19 - 2009-05-22 16:02 - 00103424 _____ (Thesycon GmbH) C:\Windows\SysWOW64\MyDIT_GenClassCoInst.dll

2013-08-27 20:33 - 2013-08-27 20:33 - 00000000 ____D C:\Users\Public\CyberLink

2013-08-27 20:33 - 2013-08-27 20:33 - 00000000 ____D C:\Users\Neoh\Documents\CyberLink

2013-08-27 20:33 - 2013-08-27 20:33 - 00000000 ____D C:\Users\Neoh\AppData\Roaming\CyberLink

2013-08-27 20:33 - 2013-08-27 20:33 - 00000000 ____D C:\Users\Neoh\AppData\Local\Cyberlink

2013-08-27 20:33 - 2013-08-27 20:33 - 00000000 ____D C:\ProgramData\CyberLink

2013-08-27 20:27 - 2013-08-27 20:27 - 00001037 _____ C:\Users\Neoh\Desktop\KMPlayer.lnk

2013-08-27 20:27 - 2013-08-27 20:27 - 00000000 ____D C:\Users\Neoh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\The KMPlayer

2013-08-27 20:27 - 2013-08-27 20:27 - 00000000 ____D C:\Program Files (x86)\The KMPlayer

2013-08-27 20:27 - 2013-08-27 20:27 - 00000000 ____D C:\Program Files (x86)\PANDORA.TV

2013-08-27 18:27 - 2013-08-27 18:27 - 00001161 _____ C:\Users\Public\Desktop\Yahoo! Messenger.lnk

2013-08-27 18:26 - 2013-08-27 18:27 - 00000000 ____D C:\ProgramData\Yahoo!

2013-08-27 18:25 - 2013-08-30 22:16 - 00000000 ____D C:\ProgramData\Adobe

2013-08-27 18:25 - 2013-08-27 18:26 - 00000000 ____D C:\Program Files (x86)\Yahoo!

2013-08-27 18:25 - 2013-08-27 18:25 - 00000000 ____D C:\Program Files (x86)\Adobe

2013-08-27 18:24 - 2013-09-04 01:28 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job

2013-08-27 18:24 - 2013-08-27 18:32 - 00003718 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater

2013-08-27 18:23 - 2013-08-27 18:23 - 00001149 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk

2013-08-27 18:23 - 2013-08-27 18:23 - 00000000 ____D C:\Users\Neoh\AppData\Roaming\Mozilla

2013-08-27 18:23 - 2013-08-27 18:23 - 00000000 ____D C:\Users\Neoh\AppData\Local\Mozilla

2013-08-27 18:23 - 2013-08-27 18:23 - 00000000 ____D C:\ProgramData\Mozilla

2013-08-27 18:23 - 2013-08-27 18:23 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service

2013-08-27 18:23 - 2013-08-27 18:23 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox

2013-08-27 18:22 - 2013-08-30 18:41 - 00002185 _____ C:\Users\Public\Desktop\Google Chrome.lnk

2013-08-27 18:21 - 2013-09-04 12:41 - 00000900 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2013-08-27 18:21 - 2013-09-04 01:37 - 00000904 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2013-08-27 18:21 - 2013-08-28 00:25 - 00000000 ____D C:\Users\Neoh\AppData\Local\Google

2013-08-27 18:21 - 2013-08-28 00:25 - 00000000 ____D C:\Program Files (x86)\Google

2013-08-27 18:21 - 2013-08-27 18:32 - 00003876 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA

2013-08-27 18:21 - 2013-08-27 18:32 - 00003640 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore

2013-08-27 18:20 - 2013-08-27 18:20 - 00000000 ____D C:\Program Files\7-Zip

2013-08-27 18:19 - 2013-08-27 18:19 - 00000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdFs_01_11_00.Wdf

2013-08-27 18:17 - 2013-08-27 18:17 - 00000000 ____D C:\Users\Neoh\AppData\Roaming\Macromedia

2013-08-27 18:16 - 2013-09-04 12:38 - 00000000 ____D C:\Users\Neoh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup

2013-08-27 18:16 - 2013-09-01 01:47 - 00000000 ____D C:\Users\Neoh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools

2013-08-27 18:16 - 2013-08-28 11:26 - 00000000 ____D C:\Users\Neoh\Documents\Bluetooth Folder

2013-08-27 18:16 - 2013-08-27 18:16 - 00000000 ____D C:\Windows\System32\Tasks\WPD

2013-08-27 18:16 - 2013-08-27 18:16 - 00000000 ____D C:\Users\Neoh\AppData\Roaming\Atheros

2013-08-27 18:16 - 2013-08-27 18:16 - 00000000 ____D C:\Users\Neoh\AppData\Roaming\ASUS WebStorage

2013-08-27 18:16 - 2013-08-27 18:16 - 00000000 ____D C:\Users\Neoh\AppData\Local\BMExplorer

2013-08-27 18:15 - 2013-08-27 21:20 - 00000000 ____D C:\Users\Neoh\AppData\Roaming\Adobe

2013-08-27 18:15 - 2013-08-27 18:15 - 00001432 _____ C:\Users\Neoh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk

2013-08-27 18:14 - 2013-09-04 12:42 - 00000074 _____ C:\Users\Neoh\AppData\Roaming\sp_data.sys

2013-08-27 18:14 - 2013-08-27 18:14 - 00000192 _____ C:\Windows\FixPatch.log

2013-08-27 18:13 - 2013-09-03 22:44 - 00000000 ____D C:\Users\Neoh

2013-08-27 18:13 - 2013-09-01 01:48 - 00000000 ____D C:\Users\Neoh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories

2013-08-27 18:13 - 2013-09-01 01:48 - 00000000 ____D C:\Users\Neoh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility

2013-08-27 18:13 - 2013-09-01 01:47 - 00000000 ____D C:\Users\Neoh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools

2013-08-27 18:13 - 2013-09-01 01:47 - 00000000 ____D C:\Users\Neoh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance

2013-08-27 18:13 - 2013-08-27 20:07 - 00000000 ____D C:\Users\Neoh\AppData\Local\VirtualStore

2013-08-27 18:13 - 2013-08-27 18:15 - 00000000 ____D C:\Users\Neoh\AppData\Local\Packages

2013-08-27 18:13 - 2013-08-27 18:14 - 00000000 ____D C:\Users\Neoh\AppData\Local\ASUS

2013-08-27 18:13 - 2013-08-27 18:13 - 00000020 ___SH C:\Users\Neoh\ntuser.ini

2013-08-27 18:13 - 2013-04-24 12:10 - 00002102 _____ C:\Users\Neoh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SkyDrive.lnk

 

==================== One Month Modified Files and Folders =======

 

2013-09-04 12:47 - 2013-09-04 12:46 - 01950416 _____ (Farbar) C:\Users\Neoh\Desktop\fix.rar.exe

2013-09-04 12:46 - 2012-07-26 15:28 - 00848230 _____ C:\Windows\system32\PerfStringBackup.INI

2013-09-04 12:44 - 2013-07-18 13:28 - 01822050 _____ C:\Windows\WindowsUpdate.log

2013-09-04 12:43 - 2013-09-03 22:41 - 00000000 ____D C:\Users\Neoh\AppData\Roaming\Dropbox

2013-09-04 12:42 - 2013-09-03 22:44 - 00000000 ___RD C:\Users\Neoh\Dropbox

2013-09-04 12:42 - 2013-08-27 18:14 - 00000074 _____ C:\Users\Neoh\AppData\Roaming\sp_data.sys

2013-09-04 12:41 - 2013-08-27 18:21 - 00000900 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2013-09-04 12:41 - 2012-07-26 15:22 - 00000006 ____H C:\Windows\Tasks\SA.DAT

2013-09-04 12:40 - 2012-07-26 13:26 - 00262144 ___SH C:\Windows\system32\config\BBI

2013-09-04 12:39 - 2013-08-28 09:58 - 00000000 ____D C:\Windows\System32\Tasks\NCH Software

2013-09-04 12:38 - 2013-08-27 18:16 - 00000000 ____D C:\Users\Neoh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup

2013-09-04 12:38 - 2012-07-26 16:12 - 00000000 ____D C:\Windows\system32\sru

2013-09-04 01:37 - 2013-08-27 18:21 - 00000904 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2013-09-04 01:28 - 2013-08-27 18:24 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job

2013-09-03 22:44 - 2013-09-03 22:44 - 00001002 _____ C:\Users\Neoh\Desktop\Dropbox.lnk

2013-09-03 22:44 - 2013-08-27 18:13 - 00000000 ____D C:\Users\Neoh

2013-09-03 22:43 - 2013-09-03 22:43 - 00000000 ____D C:\Users\Neoh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox

2013-09-03 22:38 - 2013-09-03 22:31 - 32966136 _____ (Dropbox, Inc.) C:\Users\Neoh\Downloads\Dropbox 2.0.26.exe

2013-09-03 21:57 - 2012-08-02 11:32 - 00023714 _____ C:\Windows\PFRO.log

2013-09-03 21:54 - 2013-08-27 21:35 - 00000000 ____D C:\Users\Neoh\AppData\Local\CrashDumps

2013-09-03 18:00 - 2013-09-03 18:00 - 00018374 _____ C:\ComboFix.txt

2013-09-03 18:00 - 2013-09-01 13:48 - 00000000 ____D C:\Qoobox

2013-09-03 17:58 - 2012-07-26 13:26 - 00000215 _____ C:\Windows\system.ini

2013-09-03 17:44 - 2013-09-02 19:43 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)

2013-09-03 17:44 - 2013-09-02 19:40 - 00000000 ____D C:\Users\Neoh\Desktop\mbar

2013-09-03 17:31 - 2013-09-03 17:45 - 05119472 ____R (Swearware) C:\Users\Neoh\Desktop\winlogon.exe.exe

2013-09-03 17:31 - 2013-09-03 17:30 - 05119472 ____R (Swearware) C:\Users\Neoh\Downloads\ComboFix.exe

2013-09-03 17:23 - 2013-09-03 17:23 - 00000611 _____ C:\Users\Public\Desktop\CSL 3.5G Connect.lnk

2013-09-02 19:33 - 2013-09-02 19:31 - 12907592 _____ (Malwarebytes Corp.) C:\Users\Neoh\Desktop\mbar-1.07.0.1005.exe

2013-09-02 16:46 - 2013-09-02 16:46 - 00000000 ____D C:\FRST

2013-09-02 16:43 - 2013-09-02 16:43 - 01951950 _____ (Farbar) C:\Users\Neoh\Desktop\Far.exe.exe

2013-09-02 01:00 - 2013-09-01 00:32 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware

2013-09-01 21:13 - 2013-09-01 21:13 - 01038464 _____ (Bleeping Computer, LLC) C:\Users\Neoh\Downloads\rkill64-7800.exe

2013-09-01 21:13 - 2013-09-01 21:13 - 01038464 _____ (Bleeping Computer, LLC) C:\Users\Neoh\Downloads\rkill64.exe

2013-09-01 21:12 - 2013-09-01 21:12 - 01898112 _____ (Bleeping Computer, LLC) C:\Users\Neoh\Downloads\run.com.exe

2013-09-01 20:10 - 2012-07-26 15:21 - 00038411 _____ C:\Windows\setupact.log

2013-09-01 19:59 - 2013-08-27 22:27 - 00003598 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-458189604-2422199037-1606706877-1002

2013-09-01 13:54 - 2012-07-26 13:37 - 00000000 __RHD C:\Users\Default

2013-09-01 13:53 - 2013-09-01 13:48 - 00000000 ____D C:\Windows\erdnt

2013-09-01 09:40 - 2013-09-01 00:52 - 00000029 _____ C:\Users\Neoh\AppData\Roaming\mbam.context.scan

2013-09-01 09:20 - 2013-08-31 16:09 - 04613956 _____ C:\Users\Neoh\AppData\Roaming\ICARE.LOG

2013-09-01 01:48 - 2013-08-27 18:13 - 00000000 ____D C:\Users\Neoh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories

2013-09-01 01:48 - 2013-08-27 18:13 - 00000000 ____D C:\Users\Neoh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility

2013-09-01 01:47 - 2013-08-31 16:10 - 00340354 _____ C:\Users\Neoh\AppData\Roaming\ICARE_ACTIVITY.LOG

2013-09-01 01:47 - 2013-08-27 18:16 - 00000000 ____D C:\Users\Neoh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools

2013-09-01 01:47 - 2013-08-27 18:13 - 00000000 ____D C:\Users\Neoh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools

2013-09-01 01:47 - 2013-08-27 18:13 - 00000000 ____D C:\Users\Neoh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance

2013-09-01 00:33 - 2013-09-01 00:33 - 00000000 ____D C:\Users\Neoh\AppData\Roaming\Malwarebytes

2013-09-01 00:32 - 2013-09-01 00:32 - 00000000 ____D C:\ProgramData\Malwarebytes

2013-08-31 23:54 - 2013-08-28 00:27 - 00000000 ____D C:\Users\Neoh\Google Drive

2013-08-31 23:52 - 2012-07-26 16:12 - 00000000 ____D C:\Users\Public\Libraries

2013-08-31 23:49 - 2013-08-31 15:46 - 00000000 ____D C:\Users\Neoh\Desktop\New folder

2013-08-31 23:31 - 2013-04-24 12:11 - 00000000 ____D C:\ProgramData\McAfee

2013-08-31 23:28 - 2012-07-26 16:12 - 00000000 ___HD C:\Windows\ELAMBKUP

2013-08-31 23:24 - 2013-08-31 23:24 - 00000000 ____D C:\Users\Neoh\AppData\Roaming\IObit

2013-08-31 23:24 - 2013-08-31 23:24 - 00000000 ____D C:\ProgramData\IObit

2013-08-31 23:23 - 2013-08-31 23:23 - 00000000 ____D C:\Program Files (x86)\IObit

2013-08-31 22:19 - 2013-04-24 12:09 - 07275552 _____ C:\Windows\AsDebug.log

2013-08-31 17:59 - 2013-08-31 17:57 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Neoh\Downloads\mbam-setup-1.75.0.1300 (1).exe

2013-08-31 17:42 - 2013-08-31 17:42 - 00000000 ____D C:\Program Files\CSL 3.5G Connect

2013-08-31 17:31 - 2013-08-27 21:19 - 00000000 ____D C:\Program Files (x86)\CSL 3.5G Connect

2013-08-31 17:29 - 2013-08-28 20:12 - 00000000 ____D C:\Program Files\Recuva

2013-08-31 17:24 - 2013-08-31 17:23 - 00806717 _____ C:\Users\Neoh\Downloads\Shortcut Virus Remover v3.1.exe

2013-08-31 17:22 - 2013-08-31 17:21 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Neoh\Downloads\winlogon.exe.exe

2013-08-31 16:08 - 2013-08-31 16:08 - 00017028 _____ C:\Users\Neoh\Downloads\AutoRunExterminator-1.8.zip

2013-08-31 15:50 - 2013-08-28 20:12 - 00001660 _____ C:\Users\Public\Desktop\Recuva.lnk

2013-08-31 02:12 - 2013-08-31 02:12 - 00000000 ____D C:\Users\Neoh\AppData\Roaming\Media Player Classic

2013-08-31 01:07 - 2013-08-31 01:07 - 00000000 __SHD C:\Users\Neoh\AppData\Roaming\3a583

2013-08-31 01:07 - 2013-08-31 01:07 - 00000000 __SHD C:\3bfda

2013-08-30 23:11 - 2013-08-30 23:11 - 00000000 ____D C:\Users\Neoh\AppData\Roaming\NVIDIA

2013-08-30 22:16 - 2013-08-27 18:25 - 00000000 ____D C:\ProgramData\Adobe

2013-08-30 18:41 - 2013-08-27 18:22 - 00002185 _____ C:\Users\Public\Desktop\Google Chrome.lnk

2013-08-30 01:24 - 2012-07-26 16:12 - 00000000 ____D C:\Windows\AUInstallAgent

2013-08-28 11:26 - 2013-08-27 18:16 - 00000000 ____D C:\Users\Neoh\Documents\Bluetooth Folder

2013-08-28 09:58 - 2013-08-28 09:58 - 00000000 ____D C:\ProgramData\NCH Software

2013-08-28 09:58 - 2013-08-28 09:57 - 00000000 ____D C:\Program Files (x86)\NCH Software

2013-08-28 09:57 - 2013-08-28 09:57 - 03292760 _____ (NCH Software) C:\Users\Neoh\Downloads\vpsetup.exe

2013-08-28 09:57 - 2013-08-28 09:57 - 00001136 _____ C:\Users\Public\Desktop\VideoPad Video Editor.lnk

2013-08-28 09:57 - 2013-08-28 09:57 - 00000000 ____D C:\Users\Neoh\AppData\Roaming\NCH Software

2013-08-28 02:13 - 2012-07-26 16:12 - 00000000 ____D C:\Windows\rescache

2013-08-28 02:03 - 2013-08-28 02:03 - 00000310 _____ C:\Windows\AutoKMS.log

2013-08-28 00:27 - 2013-08-28 00:27 - 00001658 _____ C:\Users\Neoh\Desktop\Google Drive.lnk

2013-08-28 00:25 - 2013-08-28 00:25 - 00002046 _____ C:\Users\Public\Desktop\Google Slides.lnk

2013-08-28 00:25 - 2013-08-28 00:25 - 00002042 _____ C:\Users\Public\Desktop\Google Sheets.lnk

2013-08-28 00:25 - 2013-08-28 00:25 - 00002030 _____ C:\Users\Public\Desktop\Google Docs.lnk

2013-08-28 00:25 - 2013-08-27 18:21 - 00000000 ____D C:\Users\Neoh\AppData\Local\Google

2013-08-28 00:25 - 2013-08-27 18:21 - 00000000 ____D C:\Program Files (x86)\Google

2013-08-28 00:18 - 2013-08-28 00:18 - 00784832 _____ (Google Inc.) C:\Users\Neoh\Downloads\googledrivesync.exe

2013-08-27 22:27 - 2013-08-27 22:27 - 00000184 _____ C:\Windows\AutoKMS.ini

2013-08-27 22:17 - 2013-04-24 12:01 - 00420904 _____ C:\Windows\system32\FNTCACHE.DAT

2013-08-27 22:15 - 2012-07-26 16:12 - 00000000 ____D C:\Windows\WinStore

2013-08-27 22:15 - 2012-07-26 16:12 - 00000000 ____D C:\Windows\SysWOW64\th-TH

2013-08-27 22:15 - 2012-07-26 16:12 - 00000000 ____D C:\Windows\SysWOW64\migwiz

2013-08-27 22:15 - 2012-07-26 16:12 - 00000000 ____D C:\Program Files\Windows Photo Viewer

2013-08-27 22:15 - 2012-07-26 16:12 - 00000000 ____D C:\Program Files\Windows Defender

2013-08-27 22:15 - 2012-07-26 16:12 - 00000000 ____D C:\Program Files\Common Files\System

2013-08-27 22:15 - 2012-07-26 16:12 - 00000000 ____D C:\Program Files (x86)\Windows Photo Viewer

2013-08-27 22:15 - 2012-07-26 16:12 - 00000000 ____D C:\Program Files (x86)\Windows Defender

2013-08-27 22:15 - 2012-07-26 15:52 - 00000000 ____D C:\Program Files\Windows Journal

2013-08-27 22:15 - 2012-07-26 15:51 - 00000000 ____D C:\Windows\SysWOW64\WCN

2013-08-27 22:15 - 2012-07-26 15:51 - 00000000 ____D C:\Windows\SysWOW64\slmgr

2013-08-27 22:15 - 2012-07-26 13:38 - 00000000 ____D C:\Windows\SysWOW64\oobe

2013-08-27 22:15 - 2012-07-26 13:37 - 00000000 ____D C:\Windows\servicing

2013-08-27 22:14 - 2012-07-26 16:12 - 00000000 ___RD C:\Windows\ImmersiveControlPanel

2013-08-27 22:14 - 2012-07-26 16:12 - 00000000 ____D C:\Windows\system32\th-TH

2013-08-27 22:14 - 2012-07-26 16:12 - 00000000 ____D C:\Windows\system32\migwiz

2013-08-27 22:14 - 2012-07-26 16:12 - 00000000 ____D C:\Windows\PolicyDefinitions

2013-08-27 22:14 - 2012-07-26 15:51 - 00000000 ____D C:\Windows\system32\WCN

2013-08-27 22:14 - 2012-07-26 15:51 - 00000000 ____D C:\Windows\system32\slmgr

2013-08-27 22:14 - 2012-07-26 13:38 - 00000000 ____D C:\Windows\system32\Sysprep

2013-08-27 22:14 - 2012-07-26 13:38 - 00000000 ____D C:\Windows\system32\oobe

2013-08-27 22:13 - 2012-07-26 16:12 - 00000000 ____D C:\Windows\system32\SystemResetPlatform

2013-08-27 22:10 - 2012-07-26 16:12 - 00000000 ____D C:\Windows\SysWOW64\MUI

2013-08-27 22:10 - 2012-07-26 16:12 - 00000000 ____D C:\Windows\SysWOW64\Com

2013-08-27 22:10 - 2012-07-26 15:51 - 00000000 ____D C:\Windows\SysWOW64\winrm

2013-08-27 22:10 - 2012-07-26 15:51 - 00000000 ____D C:\Windows\SysWOW64\Printing_Admin_Scripts

2013-08-27 22:10 - 2012-07-26 13:38 - 00000000 ____D C:\Windows\SysWOW64\Dism

2013-08-27 22:09 - 2012-07-26 16:12 - 00000000 ____D C:\Windows\IME

2013-08-27 22:08 - 2012-07-26 16:12 - 00000000 ____D C:\Windows\system32\MUI

2013-08-27 22:08 - 2012-07-26 15:51 - 00000000 ____D C:\Windows\system32\winrm

2013-08-27 22:08 - 2012-07-26 15:51 - 00000000 ____D C:\Windows\system32\Printing_Admin_Scripts

2013-08-27 22:08 - 2012-07-26 13:38 - 00000000 ____D C:\Windows\system32\Dism

2013-08-27 22:07 - 2012-07-26 16:12 - 00000000 ____D C:\Windows\system32\Com

2013-08-27 22:03 - 2013-08-27 21:55 - 00000000 ____D C:\ProgramData\Microsoft Help

2013-08-27 22:00 - 2013-08-27 21:55 - 00000000 ____D C:\Program Files (x86)\Microsoft Office

2013-08-27 22:00 - 2012-07-26 15:52 - 00000000 ____D C:\Windows\ShellNew

2013-08-27 21:56 - 2013-08-27 21:56 - 00000000 ____D C:\Windows\System32\Tasks\OfficeSoftwareProtectionPlatform

2013-08-27 21:56 - 2013-08-27 21:56 - 00000000 ____D C:\Users\Neoh\AppData\Local\Microsoft Help

2013-08-27 21:56 - 2013-08-27 21:56 - 00000000 ____D C:\Program Files\Microsoft Office

2013-08-27 21:56 - 2013-08-27 21:56 - 00000000 ____D C:\Program Files (x86)\Microsoft Analysis Services

2013-08-27 21:56 - 2012-07-26 16:12 - 00000000 ____D C:\Program Files\Common Files\microsoft shared

2013-08-27 21:55 - 2013-08-27 21:55 - 00000000 ___RD C:\MSOCache

2013-08-27 21:32 - 2013-08-27 21:32 - 00000000 ____D C:\Program Files\Common Files\INCA Shared

2013-08-27 21:31 - 2013-08-27 21:31 - 00000000 ____D C:\Program Files (x86)\Combined Community Codec Pack

2013-08-27 21:28 - 2013-08-27 21:27 - 09283128 _____ (CCCP Project                                                ) C:\Users\Neoh\Downloads\Combined-Community-Codec-Pack-2013-08-01.exe

2013-08-27 21:22 - 2013-08-27 21:22 - 00001062 _____ C:\Users\Neoh\Desktop\GUpdate_SINGAPORE - Shortcut.lnk

2013-08-27 21:20 - 2013-08-27 21:20 - 00000000 ____D C:\Users\Neoh\AppData\Local\Adobe

2013-08-27 21:20 - 2013-08-27 18:15 - 00000000 ____D C:\Users\Neoh\AppData\Roaming\Adobe

2013-08-27 20:33 - 2013-08-27 20:33 - 00000000 ____D C:\Users\Public\CyberLink

2013-08-27 20:33 - 2013-08-27 20:33 - 00000000 ____D C:\Users\Neoh\Documents\CyberLink

2013-08-27 20:33 - 2013-08-27 20:33 - 00000000 ____D C:\Users\Neoh\AppData\Roaming\CyberLink

2013-08-27 20:33 - 2013-08-27 20:33 - 00000000 ____D C:\Users\Neoh\AppData\Local\Cyberlink

2013-08-27 20:33 - 2013-08-27 20:33 - 00000000 ____D C:\ProgramData\CyberLink

2013-08-27 20:27 - 2013-08-27 20:27 - 00001037 _____ C:\Users\Neoh\Desktop\KMPlayer.lnk

2013-08-27 20:27 - 2013-08-27 20:27 - 00000000 ____D C:\Users\Neoh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\The KMPlayer

2013-08-27 20:27 - 2013-08-27 20:27 - 00000000 ____D C:\Program Files (x86)\The KMPlayer

2013-08-27 20:27 - 2013-08-27 20:27 - 00000000 ____D C:\Program Files (x86)\PANDORA.TV

2013-08-27 20:07 - 2013-08-27 18:13 - 00000000 ____D C:\Users\Neoh\AppData\Local\VirtualStore

2013-08-27 18:32 - 2013-08-27 18:24 - 00003718 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater

2013-08-27 18:32 - 2013-08-27 18:21 - 00003876 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA

2013-08-27 18:32 - 2013-08-27 18:21 - 00003640 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore

2013-08-27 18:27 - 2013-08-27 18:27 - 00001161 _____ C:\Users\Public\Desktop\Yahoo! Messenger.lnk

2013-08-27 18:27 - 2013-08-27 18:26 - 00000000 ____D C:\ProgramData\Yahoo!

2013-08-27 18:26 - 2013-08-27 18:25 - 00000000 ____D C:\Program Files (x86)\Yahoo!

2013-08-27 18:25 - 2013-08-27 18:25 - 00000000 ____D C:\Program Files (x86)\Adobe

2013-08-27 18:23 - 2013-08-27 18:23 - 00001149 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk

2013-08-27 18:23 - 2013-08-27 18:23 - 00000000 ____D C:\Users\Neoh\AppData\Roaming\Mozilla

2013-08-27 18:23 - 2013-08-27 18:23 - 00000000 ____D C:\Users\Neoh\AppData\Local\Mozilla

2013-08-27 18:23 - 2013-08-27 18:23 - 00000000 ____D C:\ProgramData\Mozilla

2013-08-27 18:23 - 2013-08-27 18:23 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service

2013-08-27 18:23 - 2013-08-27 18:23 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox

2013-08-27 18:20 - 2013-08-27 18:20 - 00000000 ____D C:\Program Files\7-Zip

2013-08-27 18:19 - 2013-08-27 18:19 - 00000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdFs_01_11_00.Wdf

2013-08-27 18:19 - 2012-07-26 16:12 - 00000000 ____D C:\Windows\system32\restore

2013-08-27 18:17 - 2013-08-27 18:17 - 00000000 ____D C:\Users\Neoh\AppData\Roaming\Macromedia

2013-08-27 18:17 - 2012-07-26 13:26 - 00262144 ___SH C:\Windows\system32\config\ELAM

2013-08-27 18:16 - 2013-08-27 18:16 - 00000000 ____D C:\Windows\System32\Tasks\WPD

2013-08-27 18:16 - 2013-08-27 18:16 - 00000000 ____D C:\Users\Neoh\AppData\Roaming\Atheros

2013-08-27 18:16 - 2013-08-27 18:16 - 00000000 ____D C:\Users\Neoh\AppData\Roaming\ASUS WebStorage

2013-08-27 18:16 - 2013-08-27 18:16 - 00000000 ____D C:\Users\Neoh\AppData\Local\BMExplorer

2013-08-27 18:16 - 2013-07-18 13:44 - 00000000 ____D C:\ProgramData\Atheros

2013-08-27 18:15 - 2013-08-27 18:15 - 00001432 _____ C:\Users\Neoh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk

2013-08-27 18:15 - 2013-08-27 18:13 - 00000000 ____D C:\Users\Neoh\AppData\Local\Packages

2013-08-27 18:14 - 2013-08-27 18:14 - 00000192 _____ C:\Windows\FixPatch.log

2013-08-27 18:14 - 2013-08-27 18:13 - 00000000 ____D C:\Users\Neoh\AppData\Local\ASUS

2013-08-27 18:14 - 2012-08-02 11:52 - 00000000 ____D C:\Windows\Log

2013-08-27 18:13 - 2013-08-27 18:13 - 00000020 ___SH C:\Users\Neoh\ntuser.ini

 

Files to move or delete:

====================

C:\Users\Neoh\AppData\Local\Temp\nscFD50.tmp\DropboxNSISTools.dll

C:\Users\Neoh\AppData\Local\Temp\nscFD50.tmp\UAC.dll

C:\Users\Neoh\AppData\Local\Temp\is-8K6AC.tmp\UninstallPromote.exe

C:\Users\Neoh\AppData\Local\Temp\is-8K6AC.tmp\_isetup\_shfoldr.dll

 

==================== Bamital & volsnap Check =================

 

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\SysWOW64\explorer.exe => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\SysWOW64\svchost.exe => MD5 is legit

C:\Windows\System32\services.exe => MD5 is legit

C:\Windows\System32\User32.dll => MD5 is legit

C:\Windows\SysWOW64\User32.dll => MD5 is legit

C:\Windows\System32\userinit.exe => MD5 is legit

C:\Windows\SysWOW64\userinit.exe => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

 

==================== BCD ================================

 

Firmware Boot Manager

---------------------

identifier              {fwbootmgr}

displayorder            {bootmgr}

                        {0616ff01-ef69-11e2-be6a-806e6f6e6963}

timeout                 2

 

Windows Boot Manager

--------------------

identifier              {bootmgr}

device                  partition=\Device\HarddiskVolume1

path                    \EFI\Microsoft\Boot\bootmgfw.efi

description             Windows Boot Manager

locale                  en-US

inherit                 {globalsettings}

default                 {current}

resumeobject            {03794cbd-ef71-11e2-a2ee-81fca9974655}

displayorder            {current}

toolsdisplayorder       {memdiag}

timeout                 30

 

Firmware Application (101fffff)

-------------------------------

identifier              {0616ff01-ef69-11e2-be6a-806e6f6e6963}

description             CD/DVD Drive 

 

Windows Boot Loader

-------------------

identifier              {current}

device                  partition=C:

path                    \Windows\system32\winload.efi

description             Windows 8

locale                  en-US

inherit                 {bootloadersettings}

recoverysequence        {03794cc0-ef71-11e2-a2ee-81fca9974655}

recoveryenabled         Yes

isolatedcontext         Yes

allowedinmemorysettings 0x15000075

osdevice                partition=C:

systemroot              \Windows

resumeobject            {03794cbd-ef71-11e2-a2ee-81fca9974655}

nx                      OptIn

bootmenupolicy          Standard

 

Windows Boot Loader

-------------------

identifier              {03794cbf-ef71-11e2-a2ee-81fca9974655}

device                  ramdisk=[\Device\HarddiskVolume2]\sources\boot.wim,{ramdiskoptions}

path                    \windows\system32\boot\winload.efi

description             WinPE

osdevice                ramdisk=[\Device\HarddiskVolume2]\sources\boot.wim,{ramdiskoptions}

systemroot              \windows

nx                      OptIn

detecthal               Yes

winpe                   Yes

 

Windows Boot Loader

-------------------

identifier              {03794cc0-ef71-11e2-a2ee-81fca9974655}

device                  ramdisk=[\Device\HarddiskVolume2]\Recovery\WindowsRE\Winre.wim,{03794cc1-ef71-11e2-a2ee-81fca9974655}

path                    \windows\system32\winload.efi

description             Windows Recovery Environment

locale                  en-us

inherit                 {bootloadersettings}

displaymessage          Recovery

displaymessageoverride  Recovery

osdevice                ramdisk=[\Device\HarddiskVolume2]\Recovery\WindowsRE\Winre.wim,{03794cc1-ef71-11e2-a2ee-81fca9974655}

systemroot              \windows

nx                      OptIn

bootmenupolicy          Standard

winpe                   Yes

 

Resume from Hibernate

---------------------

identifier              {03794cbd-ef71-11e2-a2ee-81fca9974655}

device                  partition=C:

path                    \Windows\system32\winresume.efi

description             Windows Resume Application

locale                  en-US

inherit                 {resumeloadersettings}

recoverysequence        {03794cc0-ef71-11e2-a2ee-81fca9974655}

recoveryenabled         Yes

isolatedcontext         Yes

allowedinmemorysettings 0x15000075

filedevice              partition=C:

filepath                \hiberfil.sys

bootmenupolicy          Standard

debugoptionenabled      No

 

Windows Memory Tester

---------------------

identifier              {memdiag}

device                  partition=\Device\HarddiskVolume1

path                    \EFI\Microsoft\Boot\memtest.efi

description             Windows Memory Diagnostic

locale                  en-US

inherit                 {globalsettings}

badmemoryaccess         Yes

 

EMS Settings

------------

identifier              {emssettings}

bootems                 No

 

Debugger Settings

-----------------

identifier              {dbgsettings}

debugtype               Serial

debugport               1

baudrate                115200

 

RAM Defects

-----------

identifier              {badmemory}

 

Global Settings

---------------

identifier              {globalsettings}

inherit                 {dbgsettings}

                        {emssettings}

                        {badmemory}

 

Boot Loader Settings

--------------------

identifier              {bootloadersettings}

inherit                 {globalsettings}

                        {hypervisorsettings}

 

Hypervisor Settings

-------------------

identifier              {hypervisorsettings}

hypervisordebugtype     Serial

hypervisordebugport     1

hypervisorbaudrate      115200

 

Resume Loader Settings

----------------------

identifier              {resumeloadersettings}

inherit                 {globalsettings}

 

Device options

--------------

identifier              {03794cc1-ef71-11e2-a2ee-81fca9974655}

description             Windows Recovery

ramdisksdidevice        partition=\Device\HarddiskVolume2

ramdisksdipath          \Recovery\WindowsRE\boot.sdi

 

Setup Ramdisk Options

---------------------

identifier              {ramdiskoptions}

description             Ramdisk options

ramdisksdidevice        partition=\Device\HarddiskVolume2

ramdisksdipath          \boot\boot.sdi

 

 

 

LastRegBack: 2012-08-02 11:32

 

==================== End Of Log ============================

 

 

 

and Im attaching the addition.txt in case you need it

Addition.txt

[AdvancedSetup]

Please download the attached fixlist.txt file and save it to the Desktop.
NOTE. It's important that both files, FRST or FRST64 and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system.

Run FRST or FRST64 and press the Fix button just once and wait.
If the tool needs a restart please make sure you let the system restart normally and let the tool complete its run after restart.
The tool will make a log on the Desktop (Fixlog.txt). Please attach or post it to your next reply.

Note: If the tool warned you about an outdated version please download and run the updated version.

fixlist.txt

[Matthew22]

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 03-09-2013 03

Ran by Neoh at 2013-09-04 13:47:53 Run:1

Running from C:\Users\Neoh\Desktop

Boot Mode: Normal

==============================================

 

Content of fixlist:

*****************

DeleteJunctionsInDirectory: C:\Program Files\Windows Defender

DeleteJunctionsInDirectory: C:\Program Files\Microsoft Security Client

HKCU\...\Run: [2c4e2] - C:\Users\Neoh\AppData\Roaming\3a583\2c4e2.js [47534 2013-09-04] ()

Startup: C:\Users\Neoh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\7b0.js ()

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://asus13.msn.com

SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=ASU2JS

SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=ASU2JS

SearchScopes: HKLM-x32 - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=ASU2JS

SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=ASU2JS

SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 

SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 

C:\Users\Neoh\AppData\Roaming\3a583

C:\Users\Neoh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\7b0.js

C:\Users\Neoh\AppData\Roaming\3a583\2c4e2.js

C:\Users\Neoh\AppData\Local\Temp\nscFD50.tmp\DropboxNSISTools.dll

C:\Users\Neoh\AppData\Local\Temp\nscFD50.tmp\UAC.dll

C:\Users\Neoh\AppData\Local\Temp\is-8K6AC.tmp\UninstallPromote.exe

C:\Users\Neoh\AppData\Local\Temp\is-8K6AC.tmp\_isetup\_shfoldr.dll

 

*****************

 

"C:\Program Files\Windows Defender" => Deleting reparse point and unlocking started.

"C:\Program Files\Windows Defender" => Deleting reparse point and unlocking completed.

"C:\Program Files\Microsoft Security Client" => Not Found

HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\2c4e2 => Value deleted successfully.

C:\Users\Neoh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\7b0.js not found.

HKCU\Software\Microsoft\Internet Explorer\Main\\Search Page => Value deleted successfully.

HKCU\Software\Microsoft\Internet Explorer\Main\\Start Page => Value deleted successfully.

HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.

HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key deleted successfully.

HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key not found.

HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.

HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key deleted successfully.

HKCR\Wow6432Node\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key not found.

HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value deleted successfully.

HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key deleted successfully.

HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key not found.

C:\Users\Neoh\AppData\Roaming\3a583 => Moved successfully.

"C:\Users\Neoh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\7b0.js" => File/Directory not found.

"C:\Users\Neoh\AppData\Roaming\3a583\2c4e2.js" => File/Directory not found.

C:\Users\Neoh\AppData\Local\Temp\nscFD50.tmp\DropboxNSISTools.dll => Moved successfully.

C:\Users\Neoh\AppData\Local\Temp\nscFD50.tmp\UAC.dll => Moved successfully.

C:\Users\Neoh\AppData\Local\Temp\is-8K6AC.tmp\UninstallPromote.exe => Moved successfully.

C:\Users\Neoh\AppData\Local\Temp\is-8K6AC.tmp\_isetup\_shfoldr.dll => Moved successfully.

 

==== End of Fixlog ====

[AdvancedSetup]

Please restart the computer and then run the following

Please download Junkware Removal Tool to your desktop.

• Shutdown your antivirus to avoid any conflicts.
• Right click over JRT.exe and select Run as administrator on Windows Vista or Windows 7, double-click on XP.
• The tool will open and start scanning your system.
• Please be patient as this can take a while to complete.
• On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
• Post the contents of JRT.txt into your next reply message
• When completed make sure to re-enable your antivirus

 

 

 

Next, Please download AdwCleaner by Xplode and save to your Desktop.

• Double click on AdwCleaner.exe to run the tool.

• Click on the Scan button.
• AdwCleaner will begin...be patient as the scan may take some time to complete.
• After the scan has finished, click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
• The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it. If you see an entry you want to keep, let me know about it.
• Copy and paste the contents of that logfile in your next reply.
• A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.

[Matthew22]

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Thisisu

Version: 5.5.7 (09.01.2013:1)

OS: Windows 8 Single Language x64

Ran by Neoh on Wed 04/09/2013 at 17:33:44.10

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

 

 

 

~~~ Services

 

 

 

~~~ Registry Values

 

Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Start Page

Successfully repaired: [Registry Value] HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Start Page

Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main\\Start Page

Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\Main\\Start Page

Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\Main\\Start Page

Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-21-458189604-2422199037-1606706877-1002\Software\Microsoft\Internet Explorer\Main\\Start Page

 

 

 

~~~ Registry Keys

 

Failed to delete: [Registry Key] HKEY_CLASSES_ROOT\Interface\{2CE4D4CF-B278-4126-AD1E-B622DA2E8339}

Failed to delete: [Registry Key] HKEY_CLASSES_ROOT\Wow6432Node\Interface\{2CE4D4CF-B278-4126-AD1E-B622DA2E8339}

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\conduit

Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\conduit

Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Interface\{2CE4D4CF-B278-4126-AD1E-B622DA2E8339}

Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\Interface\{2CE4D4CF-B278-4126-AD1E-B622DA2E8339}

Successfully deleted: [Registry Key] "hkey_current_user\software\apn pip"

 

 

 

~~~ Files

 

 

 

~~~ Folders

 

 

 

~~~ Event Viewer Logs were cleared

 

 

 

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan was completed on Wed 04/09/2013 at 17:38:54.64

End of JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

 

 

 

 

 

 

 

 

 

 

# AdwCleaner v3.002 - Report created 04/09/2013 at 17:42:11

# Updated 01/09/2013 by Xplode

# Operating System : Windows 8 Single Language  (64 bits)

# Username : Neoh - USER

# Running from : C:\Users\Neoh\Desktop\AdwCleaner.exe

# Option : Clean

 

***** [ Services ] *****

 

 

***** [ Files / Folders ] *****

 

 

***** [ Shortcuts ] *****

 

 

***** [ Registry ] *****

 

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{2CE4D4CF-B278-4126-AD1E-B622DA2E8339}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2CE4D4CF-B278-4126-AD1E-B622DA2E8339}

Key Deleted : HKLM\Software\Conduit

Key Deleted : HKLM\Software\PIP

 

***** [ Browsers ] *****

 

-\\ Internet Explorer v10.0.9200.16519

 

 

-\\ Mozilla Firefox v20.0.1 (en-US)

 

[ File : C:\Users\Neoh\AppData\Roaming\Mozilla\Firefox\Profiles\qkkklbw0.default\prefs.js ]

 

 

-\\ Google Chrome v29.0.1547.62

 

[ File : C:\Users\Neoh\AppData\Local\Google\Chrome\User Data\Default\preferences ]

 

 

*************************

 

AdwCleaner[R0].txt - [1109 octets] - [04/09/2013 17:41:12]

AdwCleaner[s0].txt - [1039 octets] - [04/09/2013 17:42:11]

 

########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [1099 octets] ##########

 

[AdvancedSetup]

Please see if you can start MBAM now and check for updates and do a Quick Scan and have it remove anything it finds and post back the new log.

 

Then also run the following

 

Please download Security Check from here or here.

• Save it to your Desktop.
• Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
• A Notepad document should open automatically called checkup.txt; please post the contents of that document.
  

 

[Matthew22]

Ok will do. Btw should I have mentioned that a friend of mine tried to open msconfig and it wouldnt open?

[Matthew22]

Malwarebytes Anti-Malware (Trial) 1.75.0.1300

www.malwarebytes.org

 

Database version: v2013.09.04.04

 

Windows 8 x64 NTFS

Internet Explorer 10.0.9200.16519

Neoh :: USER [administrator]

 

Protection: Disabled

 

4/9/2013 7:30:14 PM

mbam-log-2013-09-04 (19-30-14).txt

 

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 245461

Time elapsed: 3 minute(s), 1 second(s)

 

Memory Processes Detected: 0

(No malicious items detected)

 

Memory Modules Detected: 0

(No malicious items detected)

 

Registry Keys Detected: 0

(No malicious items detected)

 

Registry Values Detected: 0

(No malicious items detected)

 

Registry Data Items Detected: 0

(No malicious items detected)

 

Folders Detected: 0

(No malicious items detected)

 

Files Detected: 0

(No malicious items detected)

 

(end

 

 

 

 Results of screen317's Security Check version 0.99.73  

   x64 (UAC is enabled)  

 Internet Explorer 10  

``````````````Antivirus/Firewall Check:`````````````` 

 Windows Firewall Enabled!  

Windows Defender   

 WMI entry may not exist for antivirus; attempting automatic update. 

`````````Anti-malware/Other Utilities Check:````````` 

 Malwarebytes Anti-Malware version 1.75.0.1300  

 Adobe Flash Player 11.8.800.94  

 Adobe Reader XI  

 Mozilla Firefox 20.0.1 Firefox out of Date!  

 Google Chrome 29.0.1547.57  

 Google Chrome 29.0.1547.62  

````````Process Check: objlist.exe by Laurent````````  

 Windows Defender MSMpEng.exe 

 Windows Defender MsMpEng.exe   

`````````````````System Health check````````````````` 

 Total Fragmentation on Drive C:  % 

````````````````````End of Log`````````````````````` 

 

[AdvancedSetup]

What error message do you get when trying to run MSCONFIG ?
 
Please run a new DDS scan if it will run and post back the results.
 


Download DDS from one of the locations below and save to your Desktop
dds.scr
dds.com

Temporarily disable any script blocker if your Anti-Virus/Anti-Malware has it.
How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

Once downloaded you can disconnect from the Internet and disable your Ant-Virus temporarily if needed.
Then double click dds.scr or dds.com to run the tool.
Click the Run button if prompted with an Open File - Security Warning dialog box.
A black DOS console should open and run for a moment.

• When done, DDS will open two (2) logs:
  • DDS.txt
  • Attach.txt

• Save both reports to your desktop
• Please include the following logs in your next reply as an attachment: DDS.txt and Attach.txt
• You can ignore the note about zipping the Attach.txt file and just post it or attach it.

[Matthew22]

well before i came to this forum for help my friend tried to help me, when he ran msconfig it simply wouldnt run. But I tried it earlier and it ran just fine

 

 

 

 

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64 

Internet Explorer: 10.0.9200.16519

Run by Neoh at 8:44:39 on 2013-09-05

Microsoft Windows 8 Single Language  6.2.9200.0.1252.60.1033.18.3982.1997 [GMT 8:00]

.

AV: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\nvvsvc.exe

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\system32\dwm.exe

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe

C:\Windows\system32\nvvsvc.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe

C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe

C:\Windows\system32\taskhostex.exe

C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe

C:\Program Files\ASUS\P4G\BatteryLife.exe

C:\Program Files (x86)\ASUS\Splendid\ColorUService.exe

C:\Program Files (x86)\ASUS\Splendid\ACMON.exe

C:\Windows\Explorer.EXE

C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe

C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe

C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x64\QuickGesture64.exe

C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x86\QuickGesture.exe

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe

C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\AsusWSWinService.exe

C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnWMI.exe

C:\Program Files (x86)\Bluetooth Suite\adminservice.exe

C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe

C:\Program Files\Intel\iCLS Client\HeciServer.exe

C:\Windows\system32\dashost.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe

C:\Program Files (x86)\PANDORA.TV\PanService\PandoraService.exe

C:\Windows\system32\igfxpers.exe

C:\Program Files (x86)\PANDORA.TV\PanService\PanProcess.exe

C:\Program Files\Windows Defender\MsMpEng.exe

C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe

C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe

C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4406.1205_x64__8wekyb3d8bbwe\LiveComm.exe

C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPCenter.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\NVIDIA Corporation\Display\nvtray.exe

C:\Windows\System32\RuntimeBroker.exe

C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPHelper.exe

C:\Windows\System32\igfxtray.exe

C:\Windows\System32\hkcmd.exe

C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe

C:\Users\Neoh\AppData\Roaming\Dropbox\bin\Dropbox.exe

C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe

C:\Program Files (x86)\Yahoo!\Messenger\ymsgr_tray.exe

C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

D:\CSL 3.5G Connect\WirelessModem.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\system32\taskhost.exe

C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Windows\system32\msiexec.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\System32\cscript.exe

.

============== Pseudo HJT Report ===============

.

BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL

uRun: [Messenger (Yahoo!)] "C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe" -quiet

uRun: [2c4e2] C:\Users\Neoh\AppData\Roaming\3a583\2c4e2.js

mRun: [ASUSPRP] "C:\Program Files (x86)\ASUS\APRP\APRP.EXE"

mRun: [ASUSWebStorage] C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\AsusWSPanel.exe /S

mRun: [RemoteControl10] "C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe"

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

StartupFolder: C:\Users\Neoh\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Neoh\AppData\Roaming\Dropbox\bin\Dropbox.exe

uPolicies-Explorer: NoDrives = dword:0

mPolicies-Explorer: NoDrives = dword:0

mPolicies-System: DisableCAD = dword:1

IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

TCP: Interfaces\{F46A7214-0E0F-4A7D-B392-68315AAB09C9} : DHCPNameServer = 192.168.43.1

TCP: Interfaces\{F46A7214-0E0F-4A7D-B392-68315AAB09C9}\14E6F6478656270275966696 : DHCPNameServer = 202.188.0.133 202.188.1.5

TCP: Interfaces\{F47837F1-241F-4B30-A58D-E802A30D8ED1} : DHCPNameServer = 40.53.1.201 40.53.1.203

Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

SSODL: WebCheck - <orphaned>

mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.62\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome

x64-BHO: CIESpeechBHO Class: {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll

x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL

x64-Run: [igfxTray] C:\Windows\System32\igfxtray.exe

x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe

x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s

x64-Run: [RtHDVBg] "C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe" /MAXX3

x64-mPolicies-Explorer: NoDrives = dword:0

x64-mPolicies-System: DisableCAD = dword:1

x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll

x64-IE: {7815BE26-237D-41A8-A98F-F7BD75F71086} - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll

x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL

x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>

x64-Notify: igfxcui - igfxdev.dll

x64-SSODL: WebCheck - <orphaned>

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\Neoh\AppData\Roaming\Mozilla\Firefox\Profiles\qkkklbw0.default\

.

============= SERVICES / DRIVERS ===============

.

R0 iaStorA;iaStorA;C:\Windows\System32\Drivers\iaStorA.sys [2013-5-7 652784]

R0 nvpciflt;nvpciflt;C:\Windows\System32\Drivers\nvpciflt.sys [2013-7-18 30496]

R1 ATKWMIACPIIO;ATKWMIACPI Driver;C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [2011-9-8 17536]

R2 ASMMAP64;ASMMAP64;C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-7-3 15416]

R2 ASUS InstantOn;ASUS InstantOn Service;C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe [2012-4-14 277120]

R2 Asus WebStorage Windows Service;Asus WebStorage Windows Service;C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\AsusWSWinService.exe [2012-12-19 72192]

R2 AtherosSvc;AtherosSvc;C:\Program Files (x86)\Bluetooth Suite\AdminService.exe [2012-12-29 226944]

R2 IconMan_R;IconMan_R;C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2013-7-18 2466448]

R2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2012-6-20 634632]

R2 Intel® ME Service;Intel® ME Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [2013-7-18 129856]

R2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe [2013-7-18 166720]

R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-9-4 418376]

R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-9-4 701512]

R2 PanService;PandoraService;C:\Program Files (x86)\PANDORA.TV\PanService\PandoraService.exe [2013-8-27 625304]

R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2013-7-18 365376]

R2 ZAtheros Bt and Wlan Coex Agent;ZAtheros Bt and Wlan Coex Agent;C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [2012-12-29 323584]

R3 AiCharger;ASUS Charger Driver;C:\Windows\System32\Drivers\AiCharger.sys [2012-9-19 17152]

R3 AthBTPort;Qualcomm Atheros Virtual Bluetooth Class;C:\Windows\System32\Drivers\btath_flt.sys [2013-7-18 89320]

R3 ATP;ASUS Input Device;C:\Windows\System32\Drivers\AsusTP.sys [2013-2-7 65784]

R3 bmusbser;Network Connect USB Device for Legacy Serial Communication;C:\Windows\System32\Drivers\bmusbser.sys [2013-8-27 119552]

R3 BTATH_BUS;Qualcomm Atheros Bluetooth Bus;C:\Windows\System32\Drivers\btath_bus.sys [2013-7-18 33944]

R3 BTATH_HCRP;Bluetooth HCRP Server driver;C:\Windows\System32\Drivers\btath_hcrp.sys [2013-7-18 179432]

R3 BTATH_LWFLT;Bluetooth LWFLT Device;C:\Windows\System32\Drivers\btath_lwflt.sys [2013-7-18 77464]

R3 BtFilter;BtFilter;C:\Windows\System32\Drivers\btfilter.sys [2013-7-18 578792]

R3 BthLEEnum;Bluetooth Low Energy Driver;C:\Windows\System32\Drivers\BthLEEnum.sys [2012-7-26 202752]

R3 HIDSwitch;ASUS Wireless Radio Control;C:\Windows\System32\Drivers\AsHIDSwitch64.sys [2013-5-7 21152]

R3 ICCS;Intel® Integrated Clock Controller Service - Intel® ICCS;C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe [2013-7-18 169752]

R3 IntcDAud;Intel® Display Audio;C:\Windows\System32\Drivers\IntcDAud.sys [2013-5-7 342528]

R3 MBAMProtector;MBAMProtector;C:\Windows\System32\Drivers\mbam.sys [2013-9-4 25928]

R3 RSBASTOR;Realtek PCIE CardReader Driver - BA;C:\Windows\System32\Drivers\RtsBaStor.sys [2013-7-18 298640]

R3 RTL8168;Realtek 8168 NT Driver;C:\Windows\System32\Drivers\Rt630x64.sys [2013-7-18 723088]

S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-13 206072]

S3 npggsvc;nProtect GameGuard Service;C:\Windows\System32\GameMon.des -service --> C:\Windows\System32\GameMon.des -service [?]

S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\System32\Drivers\wdcsam64.sys [2008-5-6 14464]

.

=============== Created Last 30 ================

.

2013-09-04 19:00:00 9515512 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{45D53B59-B304-402B-AEBE-066F75121579}\mpengine.dll

2013-09-04 11:24:17 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys

2013-09-04 09:41:06 -------- d-----w- C:\AdwCleaner

2013-09-04 09:33:42 -------- d-----w- C:\Windows\ERUNT

2013-09-04 05:47:57 -------- d-sh--w- C:\Users\Neoh\AppData\Roaming\3a583

2013-09-04 05:42:14 270512 ----a-w- C:\ProgramData\Microsoft\Windows\Sqm\Manifest\Sqm10215.bin

2013-09-03 14:44:38 -------- d-----r- C:\Users\Neoh\Dropbox

2013-09-03 14:41:21 -------- d-----w- C:\Users\Neoh\AppData\Roaming\Dropbox

2013-09-03 10:00:08 -------- d-sh--w- C:\$RECYCLE.BIN

2013-09-02 11:43:17 -------- d-----w- C:\ProgramData\Malwarebytes' Anti-Malware (portable)

2013-09-02 08:46:59 -------- d-----w- C:\FRST

2013-09-02 04:06:14 278800 ------w- C:\Windows\System32\MpSigStub.exe

2013-09-01 05:48:35 98816 ----a-w- C:\Windows\sed.exe

2013-09-01 05:48:35 256000 ----a-w- C:\Windows\PEV.exe

2013-09-01 05:48:35 208896 ----a-w- C:\Windows\MBR.exe

2013-08-31 16:33:01 -------- d-----w- C:\Users\Neoh\AppData\Roaming\Malwarebytes

2013-08-31 16:32:32 -------- d-----w- C:\ProgramData\Malwarebytes

2013-08-31 16:32:29 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware

2013-08-31 15:24:28 -------- d-----w- C:\ProgramData\IObit

2013-08-31 15:24:04 -------- d-----w- C:\Users\Neoh\AppData\Roaming\IObit

2013-08-31 15:23:34 -------- d-----w- C:\Program Files (x86)\IObit

2013-08-31 10:19:36 -------- d-----w- C:\Users\Neoh\AppData\Local\ElevatedDiagnostics

2013-08-31 09:42:09 -------- d-----w- C:\Program Files\CSL 3.5G Connect

2013-08-31 08:53:34 -------- d-----w- C:\Users\Neoh\AppData\Local\Diagnostics

2013-08-30 17:07:28 -------- d-sh--w- C:\3bfda

2013-08-30 15:11:59 -------- d-----w- C:\Users\Neoh\AppData\Roaming\NVIDIA

2013-08-28 01:57:51 -------- d-----w- C:\Program Files (x86)\NCH Software

2013-08-28 01:57:24 -------- d-----w- C:\Users\Neoh\AppData\Roaming\NCH Software

2013-08-27 16:27:25 -------- d-----w- C:\Users\Neoh\Google Drive

2013-08-27 13:56:11 -------- d-----w- C:\Program Files (x86)\Microsoft Analysis Services

2013-08-27 13:56:01 -------- d-----w- C:\Users\Neoh\AppData\Local\Microsoft Help

2013-08-27 13:35:51 -------- d-----w- C:\Users\Neoh\AppData\Local\CrashDumps

2013-08-27 13:32:24 5102040 ----a-w- C:\Windows\SysWow64\GameMon.des

2013-08-27 13:32:14 4774 ----a-w- C:\Windows\SysWow64\npptNT2.sys

2013-08-27 13:32:13 5174 ----a-w- C:\Windows\SysWow64\nppt9x.vxd

2013-08-27 13:32:11 -------- d-----w- C:\Program Files\Common Files\INCA Shared

2013-08-27 13:31:06 -------- d-----w- C:\Program Files (x86)\Combined Community Codec Pack

2013-08-27 13:30:36 -------- d-----w- C:\Users\Neoh\AppData\Local\Programs

2013-08-27 13:20:35 -------- d-----w- C:\Users\Neoh\AppData\Local\Adobe

2013-08-27 13:19:43 119552 ----a-w- C:\Windows\System32\drivers\bmusbser.sys

2013-08-27 13:19:41 103424 ----a-w- C:\Windows\SysWow64\MyDIT_GenClassCoInst.dll

2013-08-27 13:19:40 -------- d-----w- C:\Program Files (x86)\CSL 3.5G Connect

2013-08-27 12:33:37 -------- d-----w- C:\Users\Neoh\AppData\Local\Cyberlink

2013-08-27 12:27:28 -------- d-----w- C:\Program Files (x86)\PANDORA.TV

2013-08-27 12:27:13 -------- d-----w- C:\Program Files (x86)\The KMPlayer

2013-08-27 10:25:37 -------- d-----w- C:\Program Files (x86)\Yahoo!

2013-08-27 10:21:36 -------- d-----w- C:\Users\Neoh\AppData\Local\Google

2013-08-27 10:16:46 50784 ----a-w- C:\ProgramData\Microsoft\windowsfiltering\Sqm\Manifest\Sqm3.bin

2013-08-27 10:16:41 17536 ----a-w- C:\ProgramData\Microsoft\windowssampling\Sqm\Manifest\Sqm3.bin

2013-08-27 10:16:35 -------- d-----w- C:\Users\Neoh\AppData\Local\BMExplorer

2013-08-27 10:16:29 -------- d-----w- C:\Users\Neoh\AppData\Roaming\ASUS WebStorage

2013-08-27 10:16:28 -------- d-----w- C:\Users\Neoh\AppData\Roaming\Atheros

2013-08-27 10:16:01 -------- d-----w- C:\Users\Neoh\Searches

2013-08-27 10:16:01 -------- d-----w- C:\Users\Neoh\Contacts

2013-08-27 10:14:49 74 ----a-w- C:\Users\Neoh\AppData\Roaming\sp_data.sys

.

==================== Find3M  ====================

.

2013-07-18 05:47:26 499712 ----a-w- C:\Windows\SysWow64\msvcp71.dll

2013-07-18 05:47:26 348160 ----a-w- C:\Windows\SysWow64\msvcr71.dll

2013-07-18 05:47:26 29480 ----a-w- C:\Windows\SysWow64\msxml3a.dll

.

============= FINISH:  8:45:05.50 ===============

 

attach.txt

[AdvancedSetup]

Well you appear to still have something going on. Not sure if it's a real infection or some type of conflict but these errors are not normal and should not be happening.
 

==== Event Viewer Messages From Past Week ========.4/9/2013 2:16:25 AM, Error: Service Control Manager [7031]  - The Workstation service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.4/9/2013 2:16:25 AM, Error: Service Control Manager [7031]  - The Telephony service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.4/9/2013 2:16:25 AM, Error: Service Control Manager [7031]  - The Network Location Awareness service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 100 milliseconds: Restart the service.4/9/2013 2:16:25 AM, Error: Service Control Manager [7031]  - The DNS Client service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.4/9/2013 2:16:25 AM, Error: Service Control Manager [7031]  - The Cryptographic Services service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.4/9/2013 12:40:11 PM, Error: Service Control Manager [7032]  - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Telephony service, but this action failed with the following error:  An instance of the service is already running.4/9/2013 12:40:11 PM, Error: Service Control Manager [7032]  - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the DNS Client service, but this action failed with the following error:  An instance of the service is already running.

Please try running the following for me.


Please download aswMBR ( 4.5MB ) to your desktop.

• Double click the aswMBR.exe icon, and click Run.
• There will be a short delay before the next dialog box comes up. Please just wait a minute or two.
• When asked if you'd like to "download the latest Avast! virus definitions", click Yes.
• Typically this is about a 100MB download so depending on your connection speed it can take a short while to download and become ready.
• Click the Scan button to start the scan once the update has finished downloading
• On completion of the scan, click the save log button, save it to your desktop, then copy and paste it in your next reply.

Note: There will also be a file on your desktop named MBR.dat do not delete this for now. It is an actual backup of the MBR (master boot record).