Jump to content

I have ads virus on websites


Recommended Posts

hi,

 

 

I had a problem before and I posted it here

 

 

then i thought everything is okay

 

but, these 2 days I have ads on the websites I visit even your site

 

 

see here in your site:

----------------------

 

l4NqXB7.png

 

here in wikipedia :

 

___________________

 

 

 

ZroIpZE.png

 

I ran the scan by your program and there were threats that I removed. But, I still get these ads! why do I still get them although I removed the threats by your program

 

 

 

Link to post
Share on other sites

Hi there,
my name is Marius and I will assist you with your malware related problems.

Before we move on, please read the following points carefully.

  • First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while following my instructions, Stop there and tell me the exact nature of your problem.
  • Do not run any other scans without instruction or add/remove software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
  • My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.

 
 
 
You told us that you removed several items with Malwarebytes´ Antimalware. This tool creates a log on every run and we need to see them.


  • The logs can be found here:
    C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
  • Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt
  • Zip any and all of these logs and attach the file to your next reply.

 

 

 

Scan with DDS

Download DDS and save it to your desktop from here or here or
here.

Disable any script blocker, and then double click dds.scr to run the tool.

When done, DDS will open two (2) logs

DDS.txt: save to your desktop then post its contents in your topic
Attach.txt: save to your desktop then attach it to your next reply

 

 

 

Scan with aswMBR

Please download aswMBR ( 4.5MB ) to your desktop.

  • Double click the aswMBR.exe icon, and click Run.
  • There will be a short delay before the next dialog box comes up. Please just wait a minute or two.
  • When asked if you'd like to "download the latest Avast! virus definitions", click Yes.
  • Typically this is about a 100MB download so depending on your connection speed it can take a short while to download and become ready.
  • Click the Scan button to start the scan once the update has finished downloading
  • On completion of the scan, click the save log button, save it to your desktop, then copy and paste it in your next reply.


Note: There will also be a file on your desktop named MBR.dat do not delete this for now. It is an actual backup of the MBR (master boot record).

Link to post
Share on other sites

hello :)

 

 

the log >>>

 

 

Malwarebytes Anti-Malware (PRO) 1.75.0.1300
www.malwarebytes.org

Database version: v2013.09.17.02

Windows 8 x64 NTFS
Internet Explorer 10.0.9200.16688
asus :: ASUS1 [administrator]

Protection: Enabled

9/17/2013 10:35:25 AM
mbam-log-2013-09-17 (10-35-25).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 253549
Time elapsed: 6 minute(s), 54 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 4
HKCR\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3} (PUP.Optional.Delta.A) -> Quarantined and deleted successfully.
HKCR\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3} (PUP.Optional.BrowseFox.A) -> Quarantined and deleted successfully.
HKCU\Software\BabSolution\Updater (PUP.Optional.Babylon.A) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\INSTALLCORE (PUP.Optional.InstallCore.A) -> Quarantined and deleted successfully.

Registry Values Detected: 1
HKCU\Software\InstallCore|tb (PUP.Optional.InstallCore.A) -> Data: 0F -> Quarantined and deleted successfully.

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 6
C:\Users\asus\AppData\Roaming\Babylon (PUP.Optional.Babylon.A) -> Quarantined and deleted successfully.
C:\Users\asus\AppData\Roaming\OpenCandy (PUP.Optional.OpenCandy) -> Quarantined and deleted successfully.
C:\Users\asus\AppData\Roaming\OpenCandy\13C26973827D4FD0A5F3C845B117E2B5 (PUP.Optional.OpenCandy) -> Quarantined and deleted successfully.
C:\Users\asus\AppData\Roaming\OpenCandy\2B5C1FBEE80A4BEEB5B38EEE7A8007CC (PUP.Optional.OpenCandy) -> Quarantined and deleted successfully.
C:\Users\asus\AppData\Roaming\OpenCandy\A12809BE3B2247E1BE7E7BEA2D35D6C8 (PUP.Optional.OpenCandy) -> Quarantined and deleted successfully.
C:\Users\asus\AppData\Roaming\OpenCandy\E54966B61E5740DAB4DB3C1BA89C544E (PUP.Optional.OpenCandy) -> Quarantined and deleted successfully.

Files Detected: 13
C:\Users\asus\AppData\Roaming\OpenCandy\13C26973827D4FD0A5F3C845B117E2B5\DeltaTB.exe (PUP.Optional.Babylon.A) -> Quarantined and deleted successfully.
C:\Users\asus\AppData\Roaming\OpenCandy\A12809BE3B2247E1BE7E7BEA2D35D6C8\LatestDLMgr.exe (PUP.Optional.OpenCandy.A) -> Quarantined and deleted successfully.
C:\Users\asus\AppData\Roaming\OpenCandy\E54966B61E5740DAB4DB3C1BA89C544E\LatestDLMgr.exe (PUP.Optional.OpenCandy.A) -> Quarantined and deleted successfully.
C:\Users\asus\AppData\Local\temp\nsz3530.tmp\OCSetupHlp.dll (PUP.Optional.OpenCandy) -> Quarantined and deleted successfully.
C:\Users\asus\Downloads\JDownloaderSetup-aoc-jd (1).exe (PUP.Optional.OpenCandy) -> Quarantined and deleted successfully.
C:\Users\asus\Downloads\JDownloaderSetup-aoc-jd.exe (PUP.Optional.OpenCandy) -> Quarantined and deleted successfully.
C:\Users\asus\Downloads\TheKMPlayerSetup.exe (PUP.Optional.Installcore) -> Quarantined and deleted successfully.
C:\Users\asus\AppData\Roaming\Babylon\log_file.txt (PUP.Optional.Babylon.A) -> Quarantined and deleted successfully.
C:\Users\asus\AppData\Roaming\OpenCandy\2B5C1FBEE80A4BEEB5B38EEE7A8007CC\PokkiInstaller.exe (PUP.Optional.OpenCandy) -> Quarantined and deleted successfully.
C:\Users\asus\AppData\Roaming\OpenCandy\A12809BE3B2247E1BE7E7BEA2D35D6C8\barc_p1v3.exe (PUP.Optional.OpenCandy) -> Quarantined and deleted successfully.
C:\Users\asus\AppData\Roaming\OpenCandy\A12809BE3B2247E1BE7E7BEA2D35D6C8\chrometest.html (PUP.Optional.OpenCandy) -> Quarantined and deleted successfully.
C:\Users\asus\AppData\Roaming\OpenCandy\E54966B61E5740DAB4DB3C1BA89C544E\speedupmypcROW.exe (PUP.Optional.OpenCandy) -> Quarantined and deleted successfully.
C:\Users\asus\AppData\Roaming\OpenCandy\E54966B61E5740DAB4DB3C1BA89C544E\speedupmypcROW_p2v0.exe (PUP.Optional.OpenCandy) -> Quarantined and deleted successfully.

(end)
 

 

 

 

and i will do now the other things

Link to post
Share on other sites

DDS >>>>>>>>>>>

 

 

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 10.0.9200.16688  BrowserJavaVersion: 10.25.2
Run by asus at 15:48:35 on 2013-09-17
Microsoft Windows 8  6.2.9200.0.1252.1.1033.18.6034.3369 [GMT 3:00]
.
AV: Kaspersky Internet Security *Enabled/Updated* {C3113FBF-4BCB-4461-D78D-6EDFEC9593E5}
AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Kaspersky Internet Security *Enabled/Updated* {7870DE5B-6DF1-4BEF-ED3D-55AD9712D958}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky Internet Security *Enabled* {FB2ABE9A-01A4-4539-FCD2-C7EA1246D49E}
.
============== Running Processes ===============
.
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\dwm.exe
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Program Files\Classic Shell\ClassicShellService.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
C:\Windows\system32\WLANExt.exe
C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe
C:\Windows\system32\dashost.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Program Files\Intel\iCLS Client\HeciServer.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files (x86)\PANDORA.TV\PanService\PandoraService.exe
C:\Program Files (x86)\Baidu Security\PC Faster\3.7.0.0\PCFasterSvc.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.5.0\ToolbarUpdater.exe
C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.5.0\loggingserver.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\PANDORA.TV\PanService\PanProcess.exe
C:\Program Files\ASUS\P4G\BatteryLife.exe
C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnCfg.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
C:\Windows\system32\taskhostex.exe
C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnWMI.exe
C:\Program Files\Classic Shell\ClassicStartMenu.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
C:\Users\asus\AppData\Local\Pokki\Engine\pokki.exe
C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe\LiveComm.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x64\QuickGesture64.exe
C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x86\QuickGesture.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Windows\System32\rundll32.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe
C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe
C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
C:\Program Files (x86)\Baidu Security\PC Faster\3.7.0.0\PCFaster.exe
C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
C:\Users\asus\AppData\Local\Pokki\Engine\pokki.exe
C:\Windows\System32\RuntimeBroker.exe
C:\Users\asus\AppData\Local\Pokki\Engine\pokki.exe
C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe
C:\Users\asus\AppData\Local\Pokki\Engine\pokki.exe
C:\Program Files (x86)\ASUS\Splendid\ColorUService.exe
C:\Windows\system32\igfxpers.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Users\asus\AppData\Local\Pokki\Engine\pokki.exe
C:\Windows\SysWOW64\ACEngSvr.exe
C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPHelper.exe
C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Windows\system32\mspaint.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe
C:\Users\asus\AppData\Local\Pokki\Engine\pokki.exe
C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPCenter.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.

uURLSearchHooks: {76a39c95-086b-44df-bb69-b9e158ecffcf} - <orphaned>
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Content Blocker Plugin: {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\ContentBlocker\ie_content_blocker_plugin.dll
BHO: Virtual Keyboard Plugin: {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: AVG SafeGuard toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG SafeGuard toolbar\15.5.0.2\AVG SafeGuard toolbar_toolbar.dll
BHO: Safe Money Plugin: {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\OnlineBanking\online_banking_bho.dll
BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: URL Advisor Plugin: {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll
TB: AVG SafeGuard toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG SafeGuard toolbar\15.5.0.2\AVG SafeGuard toolbar_toolbar.dll
uRun: [Pokki] C:\Windows\System32\rundll32.exe "C:\Users\asus\AppData\Local\Pokki\Engine\Launcher.dll",RunLaunchPlatform
mRun: [AVP] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\runner_avp.exe"
mRun: [vProt] "C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe"
mRun: [baidu PC Faster 3.7.0.0] "C:\Program Files (x86)\Baidu Security\PC Faster\3.7.0.0\PCFaster.exe" -auto -start
mRun: [Wondershare Helper Compact.exe] C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDriveTypeAutoRun = dword:28
mPolicies-Explorer: NoDrives = dword:0
IE: Add to Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ie_banner_deny.htm
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: Send to Bluetooth - C:\Program Files (x86)\Intel\Bluetooth\btSendToObject.htm
IE: ????? ??? ???? Bluetooth - <no file>
IE: {0C4CC089-D306-440D-9772-464E226F6539} - {0BA14598-4178-4CE5-B1F1-B5C6408A3F2E} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll
IE: {FD9DE2B4-C926-4460-81C4-FC58C6F1062E} - C:\Program Files (x86)\SmartWhois\swmsie.exe
IE: {FF983118-58C7-4AD4-B5A7-691C39CB7B42} - C:\Program Files (x86)\SmartWhois\swmsie.exe
TCP: NameServer = 192.168.1.1 192.168.1.1
TCP: Interfaces\{958B2E52-9881-4BB0-B80E-FB26F359D3DB} : DHCPNameServer = 192.168.1.1 192.168.1.1
TCP: Interfaces\{958B2E52-9881-4BB0-B80E-FB26F359D3DB}\356523 : DHCPNameServer = 192.168.2.1
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\15.5.0\ViProtocol.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.66\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: Content Blocker Plugin: {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll
x64-BHO: Virtual Keyboard Plugin: {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
x64-BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
x64-BHO: Safe Money Plugin: {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\OnlineBanking\online_banking_bho.dll
x64-BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
x64-BHO: URL Advisor Plugin: {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\UrlAdvisor\klwtbbho.dll
x64-BHO: {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - <orphaned>
x64-Run: [igfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [bTMTrayAgent] rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll",TrayApp
x64-mPolicies-Explorer: NoDriveTypeAutoRun = dword:28
x64-mPolicies-Explorer: NoDrives = dword:0
x64-IE: {0C4CC089-D306-440D-9772-464E226F6539} - {0BA14598-4178-4CE5-B1F1-B5C6408A3F2E} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
x64-IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\UrlAdvisor\klwtbbho.dll
x64-IE: {FD9DE2B4-C926-4460-81C4-FC58C6F1062E} - C:\Program Files (x86)\SmartWhois\swmsie.exe
x64-IE: {FF983118-58C7-4AD4-B5A7-691C39CB7B42} - C:\Program Files (x86)\SmartWhois\swmsie.exe
x64-Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\asus\AppData\Roaming\Mozilla\Firefox\Profiles\oxczlsci.default\
FF - prefs.js: keyword.URL -
FF - plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\15.5.0\npsitesafety.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll
FF - plugin: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: C:\Users\asus\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_168.dll
FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
FF - ExtSQL: 2013-08-12 22:38; anti_banner@kaspersky.com; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\anti_banner@kaspersky.com
FF - ExtSQL: 2013-08-12 22:38; content_blocker@kaspersky.com; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\content_blocker@kaspersky.com
FF - ExtSQL: 2013-08-12 22:38; online_banking@kaspersky.com; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\online_banking@kaspersky.com
FF - ExtSQL: 2013-08-12 22:38; url_advisor@kaspersky.com; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\url_advisor@kaspersky.com
FF - ExtSQL: 2013-08-12 22:38; virtual_keyboard@kaspersky.com; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\virtual_keyboard@kaspersky.com
FF - ExtSQL: 2013-08-24 03:31; afext@anchorfree.com; C:\Program Files (x86)\Mozilla Firefox\browser\extensions\afext@anchorfree.com
FF - ExtSQL: 2013-09-09 14:06; avg@toolbar; C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\15.5.0.2
FF - ExtSQL: 2013-09-17 07:00; WebSiteRecommendation@weliketheweb.com; C:\Users\asus\AppData\Roaming\Mozilla\Firefox\Profiles\oxczlsci.default\extensions\WebSiteRecommendation@weliketheweb.com
.
---- FIREFOX POLICIES ----
FF - user.js: extensions.delta.tlbrSrchUrl -
FF - user.js: extensions.delta.id - 7c53b2de000000000000685d439f2708
FF - user.js: extensions.delta.appId - {C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
FF - user.js: extensions.delta.instlDay - 15956
FF - user.js: extensions.delta.vrsn - 1.8.24.6
FF - user.js: extensions.delta.vrsni - 1.8.24.6
FF - user.js: extensions.delta.vrsnTs - 1.8.24.614:14:06
FF - user.js: extensions.delta.prtnrId - delta
FF - user.js: extensions.delta.prdct - delta
FF - user.js: extensions.delta.aflt - babsst
FF - user.js: extensions.delta.smplGrp - none
FF - user.js: extensions.delta.tlbrId - base
FF - user.js: extensions.delta.instlRef - sst
FF - user.js: extensions.delta.dfltLng - en
FF - user.js: extensions.delta.excTlbr - false
FF - user.js: extensions.delta.ffxUnstlRst - true
FF - user.js: extensions.delta.admin - false
FF - user.js: extensions.delta_i.babTrack - affID=123621&tsp=4999
FF - user.js: extensions.delta_i.babExt -
FF - user.js: extensions.delta_i.srcExt - ss
FF - user.js: extensions.delta.autoRvrt - false
FF - user.js: extensions.delta.rvrt - false
FF - user.js: extensions.delta.newTab - false
.
.
.
.
.
.
============= SERVICES / DRIVERS ===============
.
R0 iaStorA;iaStorA;C:\Windows\System32\Drivers\iaStorA.sys [2012-11-13 645952]
R1 ATKWMIACPIIO;ATKWMIACPI Driver;C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [2011-9-7 17536]
R1 BprotectEx;Baidu ProtectEx;C:\Windows\System32\Drivers\BprotectEx.sys [2013-9-8 78144]
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;C:\Windows\System32\Drivers\klim6.sys [2012-8-3 28504]
R1 klwfp;klwfp;C:\Windows\System32\Drivers\klwfp.sys [2013-5-3 50448]
R1 kneps;kneps;C:\Windows\System32\Drivers\kneps.sys [2013-5-3 178448]
R2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® + High Speed Service;C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe [2012-9-13 731688]
R2 ASMMAP64;ASMMAP64;C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-7-3 15416]
R2 ASUS InstantOn;ASUS InstantOn Service;C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe [2012-4-13 277120]
R2 AVP;Kaspersky Anti-Virus Service;C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe [2013-5-3 356376]
R2 Bluetooth Device Monitor;Bluetooth Device Monitor;C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe [2013-1-15 1091520]
R2 Bluetooth OBEX Service;Bluetooth OBEX Service;C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe [2013-1-15 1107904]
R2 BTHSSecurityMgr;Intel® Centrino® Wireless Bluetooth® + High Speed Security Service;C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe [2012-8-16 135984]
R2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2012-4-21 635104]
R2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe [2013-1-15 165760]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-9-4 418376]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-9-4 701512]
R2 PanService;PandoraService;C:\Program Files (x86)\PANDORA.TV\PanService\PandoraService.exe [2013-9-8 625304]
R2 PCFasterSvc_{PCFaster_3.7.0.0};Baidu PC Faster Service 3.7.0.0;C:\Program Files (x86)\Baidu Security\PC Faster\3.7.0.0\PCFasterSvc.exe [2013-8-29 636912]
R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2013-1-15 364416]
R2 vToolbarUpdater15.5.0;vToolbarUpdater15.5.0;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.5.0\ToolbarUpdater.exe [2013-9-9 1643184]
R2 ZeroConfigService;Intel® PROSet/Wireless Zero Configuration Service;C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [2012-9-25 1153840]
R3 AiCharger;ASUS Charger Driver;C:\Windows\System32\Drivers\AiCharger.sys [2012-7-25 17152]
R3 AMPPAL;Intel® Centrino® Wireless Bluetooth® + High Speed Virtual Adapter;C:\Windows\System32\Drivers\AmpPal.sys [2012-9-13 162344]
R3 ATP;ASUS PS/2 Port Input Device;C:\Windows\System32\Drivers\AsusTP.sys [2012-10-31 61824]
R3 BthLEEnum;Bluetooth Low Energy Driver;C:\Windows\System32\Drivers\BthLEEnum.sys [2012-7-26 202752]
R3 btmaux;Intel Bluetooth Auxiliary Service;C:\Windows\System32\Drivers\btmaux.sys [2013-1-15 110592]
R3 btmhsf;btmhsf;C:\Windows\System32\Drivers\btmhsf.sys [2013-1-15 825344]
R3 HIDSwitch;ASUS Wireless Radio Control;C:\Windows\System32\Drivers\AsHIDSwitch64.sys [2012-11-13 21152]
R3 iBtFltCoex;iBtFltCoex;C:\Windows\System32\Drivers\iBtFltCoex.sys [2013-1-15 55848]
R3 IntcDAud;Intel® Display Audio;C:\Windows\System32\Drivers\IntcDAud.sys [2012-11-13 342528]
R3 iwdbus;IWD Bus Enumerator;C:\Windows\System32\Drivers\iwdbus.sys [2012-10-10 25568]
R3 klkbdflt;Kaspersky Lab KLKBDFLT;C:\Windows\System32\Drivers\klkbdflt.sys [2013-5-3 29016]
R3 klmouflt;Kaspersky Lab KLMOUFLT;C:\Windows\System32\Drivers\klmouflt.sys [2013-5-3 29528]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\Drivers\mbam.sys [2013-9-4 25928]
R3 NETwNe64;@oem12.inf,___ %NIC_Service_DispName_WIN8_64%;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 8 - 64 Bit;C:\Windows\System32\Drivers\NETwew00.sys [2012-10-10 4309032]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\Drivers\RtsUStor.sys [2013-1-15 252048]
R3 RTL8168;Realtek 8168 NT Driver;C:\Windows\System32\Drivers\Rt630x64.sys [2013-1-15 690832]
R3 usb3Hub;USB-IF USB 3.0 Hub;C:\Windows\System32\Drivers\usb3Hub.sys [2012-10-10 47072]
R3 XHCIPort;USB-IF xHCI USB Host Controller;C:\Windows\System32\Drivers\xHCIPort.sys [2012-10-10 188896]
S0 klelam;klelam;C:\Windows\System32\Drivers\klelam.sys [2012-7-28 29616]
S3 AMPPALP;Intel® Centrino® Wireless Bluetooth® + High Speed Protocol;C:\Windows\System32\Drivers\AmpPal.sys [2012-9-13 162344]
S3 intaud_WaveExtensible;Intel WiDi Audio Device;C:\Windows\System32\Drivers\intelaud.sys [2012-10-10 35296]
S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2012-9-25 272176]
S3 taphss6;Anchorfree HSS VPN Adapter;C:\Windows\System32\Drivers\taphss6.sys [2013-6-21 42184]
S3 WUDFWpdMtp;WUDFWpdMtp;C:\Windows\System32\Drivers\WUDFRd.sys [2012-7-26 198656]
.
=============== Created Last 30 ================
.
2013-09-17 03:48:40    --------    d-----w-    C:\Users\asus\AppData\Roaming\FlashgetSetup
2013-09-17 03:48:40    --------    d-----w-    C:\Users\asus\AppData\Roaming\BITS
2013-09-17 03:48:31    --------    d-----w-    C:\Program Files (x86)\FlashGet Network
2013-09-15 14:53:34    --------    d-----w-    C:\Users\asus\AppData\Roaming\TP
2013-09-13 18:13:58    --------    d-----w-    C:\ProgramData\Baidu
2013-09-11 03:27:59    447488    ----a-w-    C:\Windows\System32\wwansvc.dll
2013-09-10 07:18:15    --------    d-----w-    C:\Users\asus\AppData\Roaming\ImTOO
2013-09-10 07:18:15    --------    d-----w-    C:\Program Files (x86)\ImTOO
2013-09-10 06:43:23    --------    d-----w-    C:\Users\asus\AppData\Roaming\AVCutty
2013-09-10 06:35:18    --------    d-----w-    C:\Program Files (x86)\Davis Software
2013-09-10 06:32:20    --------    d-----w-    C:\Users\asus\AppData\Local\Spoon
2013-09-10 06:14:17    36864    ----a-w-    C:\Windows\unslive.exe
2013-09-10 06:13:39    --------    d-----w-    C:\tape-indices
2013-09-10 05:47:37    --------    d-----w-    C:\Users\asus\AppData\Roaming\Xilisoft
2013-09-10 05:47:37    --------    d-----w-    C:\Program Files (x86)\Xilisoft
2013-09-10 05:18:44    --------    d-----w-    C:\Program Files (x86)\Wondershare
2013-09-10 04:42:11    941992    ----a-w-    C:\Windows\SysWow64\WPShellExt64.dll
2013-09-10 04:42:05    --------    d-----w-    C:\ProgramData\Wondershare Player
2013-09-10 04:41:44    --------    d-----w-    C:\Users\asus\AppData\Local\Wondershare
2013-09-10 04:41:39    --------    d-----w-    C:\Program Files (x86)\Common Files\Wondershare
2013-09-08 11:15:46    --------    d-----w-    C:\Users\asus\AppData\Local\Pokki
2013-09-08 11:13:36    --------    d-----w-    C:\Users\asus\AppData\Roaming\baidu
2013-09-08 11:12:54    --------    d-----w-    C:\ProgramData\Babylon
2013-09-08 11:08:35    --------    d-----w-    C:\Users\asus\AppData\Roaming\Baidu Security
2013-09-08 11:08:30    78144    ----a-w-    C:\Windows\System32\drivers\BprotectEx.sys
2013-09-08 11:07:28    --------    d-----w-    C:\Program Files (x86)\PANDORA.TV
2013-09-08 11:05:50    --------    d-----w-    C:\Program Files (x86)\The KMPlayer
2013-09-08 11:05:06    --------    d-----w-    C:\Users\asus\AppData\Local\AVG SafeGuard toolbar
2013-09-08 11:04:50    45856    ----a-w-    C:\Windows\System32\drivers\avgtpx64.sys
2013-09-08 11:04:42    --------    d-----w-    C:\ProgramData\AVG SafeGuard toolbar
2013-09-08 11:04:42    --------    d-----w-    C:\Program Files (x86)\Common Files\AVG Secure Search
2013-09-08 11:04:41    --------    d-----w-    C:\Program Files (x86)\AVG SafeGuard toolbar
2013-09-08 11:04:10    --------    d-----w-    C:\Program Files (x86)\SimilarSites
2013-09-08 11:04:02    --------    d--h--w-    C:\ProgramData\Common Files
2013-09-08 11:03:55    --------    d-----w-    C:\Users\asus\AppData\Roaming\SimilarSites
2013-09-08 11:03:48    --------    d-----w-    C:\ProgramData\Baidu Security
2013-09-08 11:03:48    --------    d-----w-    C:\Program Files (x86)\Baidu Security
2013-09-06 19:44:50    --------    d-----w-    C:\Users\asus\AppData\Local\Facebook
2013-09-06 07:38:05    --------    d-sh--w-    C:\$RECYCLE.BIN
2013-09-06 07:36:05    --------    d-----w-    C:\Users\asus\AppData\Local\temp
2013-09-06 07:26:18    --------    d-----w-    C:\ComboFix
2013-09-05 15:06:16    98816    ----a-w-    C:\Windows\sed.exe
2013-09-05 15:06:16    256000    ----a-w-    C:\Windows\PEV.exe
2013-09-05 15:06:16    208896    ----a-w-    C:\Windows\MBR.exe
2013-09-05 13:25:03    --------    d-----w-    C:\Users\asus\AppData\Local\CrashDumps
2013-09-05 02:01:31    --------    d-----w-    C:\Users\asus\AppData\Roaming\TamoSoft
2013-09-05 02:01:11    --------    d-----w-    C:\ProgramData\TamoSoft
2013-09-05 02:01:02    --------    d-----w-    C:\Program Files (x86)\SmartWhois
2013-09-05 01:21:27    --------    d-----w-    C:\Program Files\CCleaner
2013-09-05 00:49:05    --------    d-----w-    C:\ProgramData\AntiSpyInfo
2013-09-05 00:28:07    --------    d-----w-    C:\ProgramData\Spybot - Search & Destroy
2013-09-04 16:08:23    --------    d-----w-    C:\Users\asus\AppData\Roaming\Malwarebytes
2013-09-04 16:08:19    --------    d-----w-    C:\ProgramData\Malwarebytes
2013-09-04 16:08:17    25928    ----a-w-    C:\Windows\System32\drivers\mbam.sys
2013-09-04 16:08:17    --------    d-----w-    C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-09-04 15:59:16    270512    ----a-w-    C:\ProgramData\Microsoft\Windows\Sqm\Manifest\Sqm10215.bin
2013-09-04 02:45:12    --------    d-----w-    C:\Windows\SysWow64\drivers\UMDF\es-ES
2013-09-04 02:45:12    --------    d-----w-    C:\Windows\SysWow64\0C0A
2013-09-04 02:44:16    --------    d-----w-    C:\Windows\System32\0C0A
2013-08-31 03:07:13    --------    d-----w-    C:\Users\asus\AppData\Local\TechSmith
2013-08-30 05:08:45    --------    d-----w-    C:\Users\asus\AppData\Roaming\TechSmith
2013-08-30 05:04:17    --------    d-----w-    C:\ProgramData\regid.1995-08.com.techsmith
2013-08-30 05:04:07    --------    d-----w-    C:\Program Files (x86)\Common Files\TechSmith Shared
2013-08-30 04:31:36    --------    d-----w-    C:\Users\asus\AppData\Local\Programs
2013-08-30 04:10:58    --------    d-----w-    C:\Users\asus\AppData\Roaming\uTorrent
2013-08-26 05:35:29    --------    d-----w-    C:\Users\asus\AppData\Local\Deployment
2013-08-26 05:35:29    --------    d-----w-    C:\Users\asus\AppData\Local\Apps
2013-08-24 01:28:42    --------    d-----w-    C:\Users\asus\AppData\Local\SecondLife
2013-08-24 01:13:50    --------    d-----w-    C:\Makena
2013-08-24 01:13:38    4379984    ----a-w-    C:\Windows\SysWow64\D3DX9_40.dll
2013-08-22 23:14:45    --------    d-----w-    C:\Users\asus\AppData\Local\Macromedia
2013-08-22 23:11:45    --------    d-----w-    C:\Users\asus\AppData\Roaming\IMVU
2013-08-22 23:09:48    --------    d-----w-    C:\Users\asus\AppData\Roaming\IMVUClient
2013-08-22 12:37:33    --------    d-----w-    C:\sources
2013-08-21 05:51:23    --------    d-----w-    C:\Users\asus\AppData\Roaming\Maxthon3
.
==================== Find3M  ====================
.
2013-09-17 07:47:47    422    ----a-w-    C:\Users\asus\AppData\Roaming\sp_data.sys
2013-09-05 20:09:17    78296    ----a-w-    C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-09-05 20:09:17    694232    ----a-w-    C:\Windows\SysWow64\FlashPlayerApp.exe
2013-08-21 04:12:06    2241024    ----a-w-    C:\Windows\System32\wininet.dll
2013-08-21 04:11:59    915968    ----a-w-    C:\Windows\System32\uxtheme.dll
2013-08-21 04:11:59    53760    ----a-w-    C:\Windows\System32\UXInit.dll
2013-08-21 04:11:07    3959296    ----a-w-    C:\Windows\System32\jscript9.dll
2013-08-21 04:11:04    67072    ----a-w-    C:\Windows\System32\iesetup.dll
2013-08-21 04:11:04    136704    ----a-w-    C:\Windows\System32\iesysprep.dll
2013-08-21 02:34:51    2706432    ----a-w-    C:\Windows\System32\mshtml.tlb
2013-08-21 02:06:11    1767936    ----a-w-    C:\Windows\SysWow64\wininet.dll
2013-08-21 02:06:06    44032    ----a-w-    C:\Windows\SysWow64\UXInit.dll
2013-08-21 02:05:28    2876928    ----a-w-    C:\Windows\SysWow64\jscript9.dll
2013-08-21 02:05:25    61440    ----a-w-    C:\Windows\SysWow64\iesetup.dll
2013-08-21 02:05:25    109056    ----a-w-    C:\Windows\SysWow64\iesysprep.dll
2013-08-21 01:43:54    2706432    ----a-w-    C:\Windows\SysWow64\mshtml.tlb
2013-08-20 23:52:56    534528    ----a-w-    C:\Windows\SysWow64\uxtheme.dll
2013-08-16 05:41:13    58200    ----a-w-    C:\Windows\System32\drivers\dam.sys
2013-08-16 05:39:26    2371728    ----a-w-    C:\Windows\System32\WSService.dll
2013-08-16 05:32:48    209200    ----a-w-    C:\Windows\System32\NotificationUI.exe
2013-08-16 05:22:22    40448    ----a-w-    C:\Windows\System32\wuapp.exe
2013-08-16 05:22:11    4917760    ----a-w-    C:\Windows\System32\sppsvc.exe
2013-08-16 05:20:30    105984    ----a-w-    C:\Windows\System32\WinSetupUI.dll
2013-08-15 22:43:21    35328    ----a-w-    C:\Windows\SysWow64\wuapp.exe
2013-08-15 22:43:07    84992    ----a-w-    C:\Windows\SysWow64\wudriver.dll
2013-08-15 22:43:07    126976    ----a-w-    C:\Windows\SysWow64\wuwebv.dll
2013-08-15 22:43:03    562688    ----a-w-    C:\Windows\SysWow64\WSShared.dll
2013-08-15 22:43:03    159232    ----a-w-    C:\Windows\SysWow64\WSSync.dll
2013-08-15 22:43:02    83968    ----a-w-    C:\Windows\SysWow64\OEMLicense.dll
2013-08-15 22:43:02    167424    ----a-w-    C:\Windows\SysWow64\WSClient.dll
2013-08-15 22:43:02    143872    ----a-w-    C:\Windows\SysWow64\Windows.ApplicationModel.Store.dll
2013-08-15 22:43:02    124928    ----a-w-    C:\Windows\SysWow64\Windows.ApplicationModel.Store.TestingFramework.dll
2013-08-15 22:42:52    76800    ----a-w-    C:\Windows\SysWow64\setupcln.dll
2013-08-15 22:42:47    91648    ----a-w-    C:\Windows\SysWow64\sppc.dll
2013-08-12 19:26:44    108968    ----a-w-    C:\Windows\System32\WindowsAccessBridge-64.dll
2013-08-12 19:26:43    972712    ----a-w-    C:\Windows\System32\deployJava1.dll
2013-08-12 19:26:43    1093032    ----a-w-    C:\Windows\System32\npDeployJava1.dll
2013-08-12 19:26:15    96168    ----a-w-    C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2013-08-12 19:26:15    867240    ----a-w-    C:\Windows\SysWow64\npDeployJava1.dll
2013-08-12 19:26:15    789416    ----a-w-    C:\Windows\SysWow64\deployJava1.dll
2013-08-03 04:30:14    4038144    ----a-w-    C:\Windows\System32\win32k.sys
2013-07-13 06:18:21    337408    ----a-w-    C:\Windows\System32\wintrust.dll
2013-07-13 06:16:06    68096    ----a-w-    C:\Windows\System32\cryptsvc.dll
2013-07-13 06:16:06    1889280    ----a-w-    C:\Windows\System32\crypt32.dll
2013-07-13 06:15:53    98304    ----a-w-    C:\Windows\System32\apprepsync.dll
2013-07-13 06:15:53    124416    ----a-w-    C:\Windows\System32\apprepapi.dll
2013-07-13 04:24:58    261120    ----a-w-    C:\Windows\SysWow64\wintrust.dll
2013-07-13 04:23:11    1568256    ----a-w-    C:\Windows\SysWow64\crypt32.dll
2013-07-13 04:23:03    87040    ----a-w-    C:\Windows\SysWow64\apprepapi.dll
2013-07-13 04:23:03    74240    ----a-w-    C:\Windows\SysWow64\apprepsync.dll
2013-07-09 08:04:07    120144    ----a-w-    C:\Windows\System32\drivers\msgpioclx.sys
2013-07-09 06:18:21    439488    ----a-w-    C:\Windows\System32\WerFault.exe
2013-07-09 06:07:17    2233168    ----a-w-    C:\Windows\System32\drivers\tcpip.sys
2013-07-09 04:25:45    385768    ----a-w-    C:\Windows\SysWow64\WerFault.exe
2013-07-09 03:57:19    245760    ----a-w-    C:\Windows\SysWow64\LocationApi.dll
2013-07-08 22:46:00    543744    ----a-w-    C:\Windows\System32\wwanmm.dll
2013-07-08 22:46:00    414208    ----a-w-    C:\Windows\System32\wwanconn.dll
2013-07-08 22:46:00    370688    ----a-w-    C:\Windows\System32\Wwanadvui.dll
2013-07-08 22:45:16    312832    ----a-w-    C:\Windows\System32\LocationApi.dll
2013-07-06 00:16:17    1025024    ----a-w-    C:\Windows\System32\localspl.dll
2013-07-03 00:23:43    391168    ----a-w-    C:\Windows\System32\Windows.Networking.BackgroundTransfer.dll
2013-07-03 00:23:12    778752    ----a-w-    C:\Windows\System32\oleaut32.dll
2013-07-03 00:22:26    1300480    ----a-w-    C:\Windows\System32\gdi32.dll
2013-07-03 00:11:23    268800    ----a-w-    C:\Windows\SysWow64\Windows.Networking.BackgroundTransfer.dll
2013-07-03 00:11:02    551424    ----a-w-    C:\Windows\SysWow64\oleaut32.dll
2013-07-02 00:44:14    36288    ----a-w-    C:\Windows\System32\drivers\WdBoot.sys
2013-07-01 22:08:49    247216    ----a-w-    C:\Windows\System32\drivers\WdFilter.sys
2013-06-30 22:30:14    67072    ----a-w-    C:\Windows\SysWow64\openfiles.exe
2013-06-30 22:29:22    77312    ----a-w-    C:\Windows\System32\openfiles.exe
2013-06-29 06:15:54    195416    ----a-w-    C:\Windows\System32\drivers\sdbus.sys
2013-06-29 06:15:47    125784    ----a-w-    C:\Windows\System32\drivers\dumpsd.sys
2013-06-29 05:43:16    327512    ----a-w-    C:\Windows\System32\drivers\Classpnp.sys
2013-06-29 01:12:01    1022464    ----a-w-    C:\Windows\SysWow64\gdi32.dll
2013-06-26 03:01:38    321536    ----a-w-    C:\Windows\System32\drivers\udfs.sys
2013-06-26 02:59:34    341504    ----a-w-    C:\Windows\System32\drivers\HdAudio.sys
2013-06-24 22:54:45    74240    ----a-w-    C:\Windows\System32\wcmcsp.dll
2013-06-24 22:54:45    263680    ----a-w-    C:\Windows\System32\wcmsvc.dll
2013-06-21 01:09:44    42184    ----a-w-    C:\Windows\System32\drivers\taphss6.sys
.
============= FINISH: 15:49:43.88 ===============
 

Link to post
Share on other sites

Attach >>>>>>>>>>>>>>>>>>

 

 

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 8
Boot Device: \Device\HarddiskVolume1
Install Date: 8/12/2013 10:16:55 PM
System Uptime: 9/17/2013 10:44:47 AM (5 hours ago)
.
Motherboard: ASUSTeK COMPUTER INC. |  | Q500A
Processor: Intel® Core i5-3210M CPU @ 2.50GHz | SOCKET 0 | 1200/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 279 GiB total, 220.229 GiB free.
D: is FIXED (NTFS) - 398 GiB total, 397.992 GiB free.
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP9: 9/4/2013 5:30:29 AM - Windows Update
RP10: 9/4/2013 6:24:13 PM - Restore Operation
RP11: 9/6/2013 10:26:27 AM - ComboFix created restore point
RP12: 9/10/2013 9:29:32 AM - Installed Microsoft Visual C++ 2005 Redistributable
RP13: 9/13/2013 8:53:10 PM - Removed Microsoft Office Home and Student 2010
RP14: 9/17/2013 6:45:35 AM - Uniblue SpeedUpMyPC installation
.
==== Installed Programs ======================
.
µTorrent
Adobe Flash Player 11 Plugin
Adobe Reader X MUI
ASUS Instant Connect
ASUS InstantOn
ASUS LifeFrame3
ASUS Live Update
ASUS Power4Gear Hybrid
ASUS Smart Gesture
ASUS Splendid Video Enhancement Technology
ASUS Tutor
ASUS USB Charger Plus
ASUS WebStorage Sync Agent
ASUSDVD
ATK Package
AVG SafeGuard toolbar
Baidu PC Faster
Camtasia Studio 8
CCleaner
Classic Shell
Facebook Video Calling 1.2.0.287
Google Chrome
Google Update Helper
Hao123-Client
ImTOO Video Cutter 2
IMVU Avatar Chat Software
Intel PROSet Wireless
Intel® Management Engine Components
Intel® Processor Graphics
Intel® PROSet/Wireless for Bluetooth® + High Speed
Intel® PROSet/Wireless Software for Bluetooth® Technology
Intel® SDK for OpenCL - CPU Only Runtime Package
Intel® WiDi
Intel® PROSet/Wireless WiFi Software
Intel® Trusted Connect Service Client
Java 7 Update 25
Java 7 Update 25 (64-bit)
Java Auto Updater
K-Lite Codec Pack 7.6.7 (Full)
Kaspersky Internet Security 2013
Malwarebytes Anti-Malware version 1.75.0.1300
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
Mozilla Firefox 23.0.1 (x86 en-US)
Mozilla Maintenance Service
MSVCRT Redists
Pandora Service
Pokki
Realtek Ethernet Controller Driver
Realtek High Definition Audio Driver
Realtek USB 2.0 Card Reader
Shared C Run-time for x64
SmartWhois
The KMPlayer (remove only)
Vegas Pro 12.0 (64-bit)
VLC media player 1.1.11
Windows Driver Package - ASUS (ATP) Mouse  (10/29/2012 1.0.0.148)
WinFlash
WinRAR 5.00 beta 8 (64-bit)
Wondershare Video Editor(Build 3.1.4)
Xilisoft Video Splitter 2
.
==== End Of File ===========================
 

Link to post
Share on other sites

aswMBR version 0.9.9.1771 Copyright© 2011 AVAST Software
Run date: 2013-09-17 17:22:14
-----------------------------
17:22:14.687    OS Version: Windows x64 6.2.9200
17:22:14.687    Number of processors: 4 586 0x3A09
17:22:14.688    ComputerName: ASUS1  UserName: asus
17:22:14.710    Initialze error 1
17:22:49.987    AVAST engine defs: 13091700
17:22:59.843    Service scanning
17:23:00.457    Modules scanning
17:23:00.460    Disk 0 trace - called modules:
17:23:00.476    
17:23:00.480    AVAST engine scan C:\Windows
17:23:00.484    AVAST engine scan C:\Windows\system32
17:23:00.488    AVAST engine scan C:\Windows\system32\drivers
17:23:00.493    AVAST engine scan C:\Users\asus
17:23:00.499    AVAST engine scan C:\ProgramData
17:23:00.503    Scan finished successfully
17:23:10.415    The log file has been saved successfully to "C:\Users\asus\Downloads\aswMBR.txt"

 

Link to post
Share on other sites

Combofix

Combofix should only be run when adviced by a team member!

Link


Important - Save the file to your desktop!


  • Deactivate any and all of your antivirus programs /spyware scanners - they can prevent CF from doing its work.
  • Run Combofix.exe



When finished, Combofix creates a log file named C:\Combofix.txt. Please post its content in your next reply.

Note: When receiving an error message containing ""Illegal operation attempted on a registry key that has been marked for deletion" simply restart your computer to fix this.

Link to post
Share on other sites

OMG after I finished combo I thought my laptop was going to die cuz the screen turned blue was nothing on it.  then i restarted the laptop and now it is ok

 

 

here the log >>>>>>

 

 

 

ComboFix 13-09-17.01 - asus 09/17/2013  20:33:29.3.4 - x64
Microsoft Windows 8  6.2.9200.0.1252.1.1033.18.6034.4414 [GMT 3:00]
Running from: c:\users\asus\Desktop\ComboFix.exe
AV: Kaspersky Internet Security *Disabled/Updated* {C3113FBF-4BCB-4461-D78D-6EDFEC9593E5}
AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky Internet Security *Disabled* {FB2ABE9A-01A4-4539-FCD2-C7EA1246D49E}
SP: Kaspersky Internet Security *Disabled/Updated* {7870DE5B-6DF1-4BEF-ED3D-55AD9712D958}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\asus\AppData\Local\Google\Chrome\User Data\Default\Preferences
.
---- Previous Run -------
.
c:\program files (x86)\Conduit
c:\program files (x86)\Conduit\Community Alerts\Alert.dll
c:\program files (x86)\Maxthon
c:\program files (x86)\Maxthon\Addons\Avatarext\MxAvatarExt.dll
c:\program files (x86)\Maxthon\Addons\CloudsSvc\MxCloudsSvc.dat
c:\program files (x86)\Maxthon\Addons\CloudsSvc\MxCloudsSvc.dll
c:\program files (x86)\Maxthon\Addons\ExtTools\MxExtTools.dat
c:\program files (x86)\Maxthon\Addons\ExtTools\MxExtTools.dll
c:\program files (x86)\Maxthon\Addons\Misc\MxAddonMisc.dat
c:\program files (x86)\Maxthon\Addons\Misc\MxAddonMisc.dll
c:\program files (x86)\Maxthon\Addons\Mobile\android\Adb.exe
c:\program files (x86)\Maxthon\Addons\Mobile\android\AdbWinApi.dll
c:\program files (x86)\Maxthon\Addons\Mobile\android\AdbWinUsbApi.dll
c:\program files (x86)\Maxthon\Addons\Mobile\MxMobile.dat
c:\program files (x86)\Maxthon\Addons\Mobile\MxMobile.dll
c:\program files (x86)\Maxthon\Addons\MsgPush\MxMsgPush.dll
c:\program files (x86)\Maxthon\Addons\TabsSync\MxTabsSync.dll
c:\program files (x86)\Maxthon\Addons\Ueip\MxUeip.dll
c:\program files (x86)\Maxthon\Bin\default.dat
c:\program files (x86)\Maxthon\Bin\Maxthon.dll
c:\program files (x86)\Maxthon\Bin\Maxthon.exe
c:\program files (x86)\Maxthon\Bin\Maxzlib.dll
c:\program files (x86)\Maxthon\Bin\Microsoft.VC90.CRT\Microsoft.VC90.CRT.manifest
c:\program files (x86)\Maxthon\Bin\Microsoft.VC90.CRT\msvcm90.dll
c:\program files (x86)\Maxthon\Bin\Microsoft.VC90.CRT\msvcp90.dll
c:\program files (x86)\Maxthon\Bin\Microsoft.VC90.CRT\msvcr90.dll
c:\program files (x86)\Maxthon\Bin\Mx3UnInstall.exe
c:\program files (x86)\Maxthon\Bin\MxAccountSvc.dll
c:\program files (x86)\Maxthon\Bin\MxAddonsMgr.dll
c:\program files (x86)\Maxthon\Bin\MxApp.dll
c:\program files (x86)\Maxthon\Bin\MxAppFrame.dll
c:\program files (x86)\Maxthon\Bin\MxAppLoader.exe
c:\program files (x86)\Maxthon\Bin\MxCore.dll
c:\program files (x86)\Maxthon\Bin\MxCoreMan.dll
c:\program files (x86)\Maxthon\Bin\MxCrashCatch.dll
c:\program files (x86)\Maxthon\Bin\MxCrashReport.exe
c:\program files (x86)\Maxthon\Bin\MxDb.dll
c:\program files (x86)\Maxthon\Bin\MxDownloader.dll
c:\program files (x86)\Maxthon\Bin\MxEncode.dll
c:\program files (x86)\Maxthon\Bin\MxFilePackage.dll
c:\program files (x86)\Maxthon\Bin\MxFileSync.dll
c:\program files (x86)\Maxthon\Bin\MxHttpRq.dll
c:\program files (x86)\Maxthon\Bin\MxIPC.dll
c:\program files (x86)\Maxthon\Bin\MxMsg.dll
c:\program files (x86)\Maxthon\Bin\MxResMgr.dll
c:\program files (x86)\Maxthon\Bin\MxRsc.dll
c:\program files (x86)\Maxthon\Bin\MxSvTrace.dll
c:\program files (x86)\Maxthon\Bin\MxTool.dll
c:\program files (x86)\Maxthon\Bin\MxUI.dll
c:\program files (x86)\Maxthon\Bin\MxUp.exe
c:\program files (x86)\Maxthon\Bin\mxver.db
c:\program files (x86)\Maxthon\Bin\MxWKView.dll
c:\program files (x86)\Maxthon\Bin\MxXDR.dll
c:\program files (x86)\Maxthon\Bin\page.dat
c:\program files (x86)\Maxthon\Bin\ui.dat
c:\program files (x86)\Maxthon\Core\Trident\MxTrident.dll
c:\program files (x86)\Maxthon\Core\Webkit\avcodec-54.dll
c:\program files (x86)\Maxthon\Core\Webkit\avformat-54.dll
c:\program files (x86)\Maxthon\Core\Webkit\avutil-51.dll
c:\program files (x86)\Maxthon\Core\Webkit\D3DCompiler_43.dll
c:\program files (x86)\Maxthon\Core\Webkit\d3dx9_43.dll
c:\program files (x86)\Maxthon\Core\Webkit\libEGL.dll
c:\program files (x86)\Maxthon\Core\Webkit\libGLESv2.dll
c:\program files (x86)\Maxthon\Core\Webkit\MxHwDec.dll
c:\program files (x86)\Maxthon\Core\Webkit\MxNPPluginsFile.xml
c:\program files (x86)\Maxthon\Core\Webkit\MxWebkit.dll
c:\program files (x86)\Maxthon\Core\Webkit\Npplugins\np-mswmp.dll
c:\program files (x86)\Maxthon\Core\Webkit\Npplugins\npaliedit.dll
c:\program files (x86)\Maxthon\Core\Webkit\Npplugins\NPCMBEdit.dll
c:\program files (x86)\Maxthon\Core\Webkit\Npplugins\NPSWF32.dll
c:\program files (x86)\Maxthon\Language\ar-bh.ini
c:\program files (x86)\Maxthon\Language\ar-sa.ini
c:\program files (x86)\Maxthon\Language\ar-ye.ini
c:\program files (x86)\Maxthon\Language\be-by.ini
c:\program files (x86)\Maxthon\Language\bg-bg.ini
c:\program files (x86)\Maxthon\Language\bn-in.ini
c:\program files (x86)\Maxthon\Language\ca-es.ini
c:\program files (x86)\Maxthon\Language\cs-cz.ini
c:\program files (x86)\Maxthon\Language\de-de.ini
c:\program files (x86)\Maxthon\Language\el-gr.ini
c:\program files (x86)\Maxthon\Language\en.ini
c:\program files (x86)\Maxthon\Language\es-ar.ini
c:\program files (x86)\Maxthon\Language\es-es.ini
c:\program files (x86)\Maxthon\Language\es-mx.ini
c:\program files (x86)\Maxthon\Language\et-ee.ini
c:\program files (x86)\Maxthon\Language\fa-ir.ini
c:\program files (x86)\Maxthon\Language\fi-fi.ini
c:\program files (x86)\Maxthon\Language\fr-fr.ini
c:\program files (x86)\Maxthon\Language\he-il.ini
c:\program files (x86)\Maxthon\Language\hi-in.ini
c:\program files (x86)\Maxthon\Language\hu-hu.ini
c:\program files (x86)\Maxthon\Language\id-id.ini
c:\program files (x86)\Maxthon\Language\it-it.ini
c:\program files (x86)\Maxthon\Language\ja-jp.ini
c:\program files (x86)\Maxthon\Language\ka-ge.ini
c:\program files (x86)\Maxthon\Language\ko-kr.ini
c:\program files (x86)\Maxthon\Language\license_en.txt
c:\program files (x86)\Maxthon\Language\license_zh-cn.txt
c:\program files (x86)\Maxthon\Language\ml-in.ini
c:\program files (x86)\Maxthon\Language\mn-cyrl-mn.ini
c:\program files (x86)\Maxthon\Language\nb-no.ini
c:\program files (x86)\Maxthon\Language\nl-nl.ini
c:\program files (x86)\Maxthon\Language\pl-pl.ini
c:\program files (x86)\Maxthon\Language\pt-br.ini
c:\program files (x86)\Maxthon\Language\pt-pt.ini
c:\program files (x86)\Maxthon\Language\ro-ro.ini
c:\program files (x86)\Maxthon\Language\ru-ru.ini
c:\program files (x86)\Maxthon\Language\sk-sk.ini
c:\program files (x86)\Maxthon\Language\sr-cyrl-cs.ini
c:\program files (x86)\Maxthon\Language\sv-se.ini
c:\program files (x86)\Maxthon\Language\ta-in.ini
c:\program files (x86)\Maxthon\Language\th-th.ini
c:\program files (x86)\Maxthon\Language\tr-tr.ini
c:\program files (x86)\Maxthon\Language\uk-ua.ini
c:\program files (x86)\Maxthon\Language\vi-vn.ini
c:\program files (x86)\Maxthon\Language\zh-cn.ini
c:\program files (x86)\Maxthon\Language\zh-tw.ini
c:\program files (x86)\Maxthon\Modules\MxCaptureScreen3\MxCaptureScreen3.dll
c:\program files (x86)\Maxthon\Modules\MxCmpUrl\MxCmpUrl.dll
c:\program files (x86)\Maxthon\Modules\MxDock\language\ar-bh.ini
c:\program files (x86)\Maxthon\Modules\MxDock\language\ar-sa.ini
c:\program files (x86)\Maxthon\Modules\MxDock\language\ar-ye.ini
c:\program files (x86)\Maxthon\Modules\MxDock\language\be-by.ini
c:\program files (x86)\Maxthon\Modules\MxDock\language\bg-bg.ini
c:\program files (x86)\Maxthon\Modules\MxDock\language\bn-in.ini
c:\program files (x86)\Maxthon\Modules\MxDock\language\ca-es.ini
c:\program files (x86)\Maxthon\Modules\MxDock\language\cs-cz.ini
c:\program files (x86)\Maxthon\Modules\MxDock\language\de-de.ini
c:\program files (x86)\Maxthon\Modules\MxDock\language\el-gr.ini
c:\program files (x86)\Maxthon\Modules\MxDock\language\en.ini
c:\program files (x86)\Maxthon\Modules\MxDock\language\es-ar.ini
c:\program files (x86)\Maxthon\Modules\MxDock\language\es-es.ini
c:\program files (x86)\Maxthon\Modules\MxDock\language\es-mx.ini
c:\program files (x86)\Maxthon\Modules\MxDock\language\et-ee.ini
c:\program files (x86)\Maxthon\Modules\MxDock\language\fa-ir.ini
c:\program files (x86)\Maxthon\Modules\MxDock\language\fi-fi.ini
c:\program files (x86)\Maxthon\Modules\MxDock\language\fr-fr.ini
c:\program files (x86)\Maxthon\Modules\MxDock\language\he-il.ini
c:\program files (x86)\Maxthon\Modules\MxDock\language\hi-in.ini
c:\program files (x86)\Maxthon\Modules\MxDock\language\hu-hu.ini
c:\program files (x86)\Maxthon\Modules\MxDock\language\id-id.ini
c:\program files (x86)\Maxthon\Modules\MxDock\language\it-it.ini
c:\program files (x86)\Maxthon\Modules\MxDock\language\ja-jp.ini
c:\program files (x86)\Maxthon\Modules\MxDock\language\ka-ge.ini
c:\program files (x86)\Maxthon\Modules\MxDock\language\ko-kr.ini
c:\program files (x86)\Maxthon\Modules\MxDock\language\ml-in.ini
c:\program files (x86)\Maxthon\Modules\MxDock\language\mn-cyrl-mn.ini
c:\program files (x86)\Maxthon\Modules\MxDock\language\nb-no.ini
c:\program files (x86)\Maxthon\Modules\MxDock\language\nl-nl.ini
c:\program files (x86)\Maxthon\Modules\MxDock\language\pl-pl.ini
c:\program files (x86)\Maxthon\Modules\MxDock\language\pt-br.ini
c:\program files (x86)\Maxthon\Modules\MxDock\language\pt-pt.ini
c:\program files (x86)\Maxthon\Modules\MxDock\language\ro-ro.ini
c:\program files (x86)\Maxthon\Modules\MxDock\language\ru-ru.ini
c:\program files (x86)\Maxthon\Modules\MxDock\language\sk-sk.ini
c:\program files (x86)\Maxthon\Modules\MxDock\language\sr-cyrl-cs.ini
c:\program files (x86)\Maxthon\Modules\MxDock\language\sv-se.ini
c:\program files (x86)\Maxthon\Modules\MxDock\language\ta-in.ini
c:\program files (x86)\Maxthon\Modules\MxDock\language\th-th.ini
c:\program files (x86)\Maxthon\Modules\MxDock\language\tr-tr.ini
c:\program files (x86)\Maxthon\Modules\MxDock\language\uk-ua.ini
c:\program files (x86)\Maxthon\Modules\MxDock\language\vi-vn.ini
c:\program files (x86)\Maxthon\Modules\MxDock\language\zh-cn.ini
c:\program files (x86)\Maxthon\Modules\MxDock\language\zh-tw.ini
c:\program files (x86)\Maxthon\Modules\MxDock\MxDock.exe
c:\program files (x86)\Maxthon\Modules\MxDock\res_en.dll
c:\program files (x86)\Maxthon\Modules\MxDock\res_zh-cn.dll
c:\program files (x86)\Maxthon\Modules\MxDock\Sound.WAV
c:\program files (x86)\Maxthon\Modules\MxFavDb\MxFav.dll
c:\program files (x86)\Maxthon\Modules\MxFavDb\MxFavDb.dll
c:\program files (x86)\Maxthon\Modules\MxHistory\MxHistory.dll
c:\program files (x86)\Maxthon\Modules\MxMultiSearch\MxMultiSearch.dll
c:\program files (x86)\Maxthon\Modules\MxMute\MxMute.dll
c:\program files (x86)\Maxthon\Modules\MxPicLib\MxPicLib.dll
c:\program files (x86)\Maxthon\Modules\MxPrint\MxPrint.dll
c:\program files (x86)\Maxthon\Modules\MxQRGen\MxQRGen.dll
c:\program files (x86)\Maxthon\Modules\MxSandBox\MxSec.dll
c:\program files (x86)\Maxthon\Modules\MxSiteIcon\MxSiteIcon.dll
c:\program files (x86)\Maxthon\Modules\MxSmartUrl\MxSmartUrl.dll
c:\program files (x86)\Maxthon\Modules\MxStorage\MxStorage.dll
c:\program files (x86)\Maxthon\Modules\MxSvInfo\MxSvInfo.dll
c:\program files (x86)\Maxthon\Modules\MxSync\MxSync.dll
c:\program files (x86)\Maxthon\Modules\MxUrlSec\MxUrlSec.dll
c:\program files (x86)\Nation Toolbar
c:\program files (x86)\Nation Toolbar\Chrome.zip
c:\program files (x86)\Nation Toolbar\chrome_search.exe
c:\program files (x86)\Nation Toolbar\inst.txt
c:\program files (x86)\Nation Toolbar\sheller.exe
c:\program files (x86)\Nation Toolbar\tab.zip
c:\program files (x86)\Nation Toolbar\tabinst.txt
c:\program files (x86)\Nation Toolbar\tbcore3.dll
c:\program files (x86)\Nation Toolbar\tbid.txt
c:\program files (x86)\Nation Toolbar\tbunsr278F.tmp\tbcore3.dll
.
.
(((((((((((((((((((((((((   Files Created from 2013-08-17 to 2013-09-17  )))))))))))))))))))))))))))))))
.
.
2013-09-17 17:41 . 2013-09-17 17:41    --------    d-----w-    c:\users\Default\AppData\Local\temp
2013-09-17 17:41 . 2013-09-17 17:41    --------    d-----w-    c:\users\asus\AppData\Local\temp
2013-09-17 03:48 . 2013-09-17 07:46    --------    d-----w-    c:\users\asus\AppData\Roaming\BITS
2013-09-17 03:48 . 2013-09-17 03:48    --------    d-----w-    c:\users\asus\AppData\Roaming\FlashgetSetup
2013-09-17 03:48 . 2013-09-17 03:48    --------    d-----w-    c:\program files (x86)\FlashGet Network
2013-09-15 14:53 . 2013-09-15 14:57    --------    d-----w-    c:\users\asus\AppData\Roaming\TP
2013-09-13 18:13 . 2013-09-13 18:13    --------    d-----w-    c:\programdata\Baidu
2013-09-13 18:12 . 2013-09-13 18:12    --------    d-----w-    c:\windows\ServiceProfiles\LocalService\winhttp
2013-09-11 03:28 . 2013-08-21 04:11    19246592    ----a-w-    c:\windows\system32\mshtml.dll
2013-09-11 03:27 . 2013-07-09 08:04    120144    ----a-w-    c:\windows\system32\drivers\msgpioclx.sys
2013-09-10 07:18 . 2013-09-10 07:18    --------    d-----w-    c:\users\asus\AppData\Roaming\ImTOO
2013-09-10 07:18 . 2013-09-10 07:18    --------    d-----w-    c:\program files (x86)\ImTOO
2013-09-10 06:43 . 2013-09-10 06:43    --------    d-----w-    c:\users\asus\AppData\Roaming\AVCutty
2013-09-10 06:35 . 2013-09-10 06:35    --------    d-----w-    c:\program files (x86)\Davis Software
2013-09-10 06:32 . 2013-09-10 06:32    --------    d-----w-    c:\users\asus\AppData\Local\Spoon
2013-09-10 06:14 . 2013-09-10 06:14    36864    ----a-w-    c:\windows\unslive.exe
2013-09-10 06:13 . 2013-09-10 06:13    --------    d-----w-    C:\tape-indices
2013-09-10 05:47 . 2013-09-10 05:47    --------    d-----w-    c:\users\asus\AppData\Roaming\Xilisoft
2013-09-10 05:47 . 2013-09-10 05:47    --------    d-----w-    c:\program files (x86)\Xilisoft
2013-09-10 05:18 . 2013-09-10 05:18    --------    d-----w-    c:\program files (x86)\Wondershare
2013-09-10 04:42 . 2013-07-30 14:16    941992    ----a-w-    c:\windows\SysWow64\WPShellExt64.dll
2013-09-10 04:42 . 2013-09-10 04:42    --------    d-----w-    c:\programdata\Wondershare Player
2013-09-10 04:41 . 2013-09-10 04:41    --------    d-----w-    c:\users\asus\AppData\Local\Wondershare
2013-09-10 04:41 . 2013-09-10 04:41    --------    d-----w-    c:\program files (x86)\Common Files\Wondershare
2013-09-08 11:15 . 2013-09-17 17:25    --------    d-----w-    c:\users\asus\AppData\Local\Pokki
2013-09-08 11:13 . 2013-09-08 11:13    --------    d-----w-    c:\users\asus\AppData\Roaming\baidu
2013-09-08 11:12 . 2013-09-08 11:12    --------    d-----w-    c:\programdata\Babylon
2013-09-08 11:03 . 2013-09-08 11:03    --------    d-----w-    c:\program files (x86)\Baidu Security
2013-09-06 19:44 . 2013-09-06 19:45    --------    d-----w-    c:\users\asus\AppData\Local\Facebook
2013-09-06 03:02 . 2013-09-06 03:04    --------    d-----w-    c:\users\Guest
2013-09-05 13:25 . 2013-09-17 14:22    --------    d-----w-    c:\users\asus\AppData\Local\CrashDumps
2013-09-05 02:01 . 2013-09-05 02:01    --------    d-----w-    c:\users\asus\AppData\Roaming\TamoSoft
2013-09-05 02:01 . 2013-09-05 02:01    --------    d-----w-    c:\programdata\TamoSoft
2013-09-05 02:01 . 2013-09-05 02:01    --------    d-----w-    c:\program files (x86)\SmartWhois
2013-09-05 01:21 . 2013-09-05 01:24    --------    d-----w-    c:\program files\CCleaner
2013-09-05 00:49 . 2013-09-05 01:27    --------    d-----w-    c:\programdata\AntiSpyInfo
2013-09-05 00:28 . 2013-09-05 00:33    --------    d-----w-    c:\programdata\Spybot - Search & Destroy
2013-09-04 16:08 . 2013-09-04 16:08    --------    d-----w-    c:\users\asus\AppData\Roaming\Malwarebytes
2013-09-04 16:08 . 2013-09-04 16:08    --------    d-----w-    c:\programdata\Malwarebytes
2013-09-04 16:08 . 2013-09-04 16:08    --------    d-----w-    c:\program files (x86)\Malwarebytes' Anti-Malware
2013-09-04 16:08 . 2013-04-04 11:50    25928    ----a-w-    c:\windows\system32\drivers\mbam.sys
2013-09-04 15:59 . 2013-09-04 15:59    270512    ----a-w-    c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10215.bin
2013-09-04 02:45 . 2013-09-04 02:45    --------    d-----w-    c:\windows\SysWow64\drivers\UMDF\es-ES
2013-09-04 02:45 . 2013-09-04 02:45    --------    d-----w-    c:\windows\SysWow64\0C0A
2013-09-04 02:44 . 2013-09-04 02:44    --------    d-----w-    c:\windows\system32\0C0A
2013-08-31 03:07 . 2013-08-31 03:07    --------    d-----w-    c:\users\asus\AppData\Local\TechSmith
2013-08-30 05:08 . 2013-08-30 05:08    --------    d-----w-    c:\users\asus\AppData\Roaming\TechSmith
2013-08-30 05:04 . 2013-08-30 05:04    --------    d-----w-    c:\programdata\regid.1995-08.com.techsmith
2013-08-30 05:04 . 2013-08-30 05:04    --------    d-----w-    c:\program files (x86)\QuickTime
2013-08-30 05:04 . 2013-08-30 05:04    --------    d-----w-    c:\program files (x86)\Common Files\TechSmith Shared
2013-08-30 05:03 . 2013-08-30 05:03    --------    d-----w-    c:\programdata\TechSmith
2013-08-30 05:03 . 2013-08-30 05:03    --------    d-----w-    c:\program files (x86)\TechSmith
2013-08-30 04:31 . 2013-08-30 04:31    --------    d-----w-    c:\users\asus\AppData\Local\Programs
2013-08-30 04:10 . 2013-09-15 14:59    --------    d-----w-    c:\users\asus\AppData\Roaming\uTorrent
2013-08-26 05:35 . 2013-08-26 05:35    --------    d-----w-    c:\users\asus\AppData\Local\Deployment
2013-08-26 05:35 . 2013-08-26 05:35    --------    d-----w-    c:\users\asus\AppData\Local\Apps
2013-08-24 01:28 . 2013-08-24 01:48    --------    d-----w-    c:\users\asus\AppData\Roaming\SecondLife
2013-08-24 01:28 . 2013-08-24 01:50    --------    d-----w-    c:\users\asus\AppData\Local\SecondLife
2013-08-24 01:13 . 2013-08-24 01:13    --------    d-----w-    C:\Makena
2013-08-24 01:13 . 2008-10-15 03:22    4379984    ----a-w-    c:\windows\SysWow64\D3DX9_40.dll
2013-08-22 23:14 . 2013-08-22 23:14    --------    d-----w-    c:\users\asus\AppData\Local\Macromedia
2013-08-22 23:11 . 2013-08-23 00:54    --------    d-----w-    c:\users\asus\AppData\Roaming\IMVU
2013-08-22 12:37 . 2013-09-04 02:42    --------    d-----w-    C:\sources
2013-08-21 05:51 . 2013-08-21 05:51    --------    d-----w-    c:\users\asus\AppData\Roaming\Maxthon3
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-09-17 07:47 . 2013-08-12 19:18    422    ----a-w-    c:\users\asus\AppData\Roaming\sp_data.sys
2013-09-12 09:17 . 2013-08-15 03:44    79143768    ----a-w-    c:\windows\system32\MRT.exe
2013-09-05 20:09 . 2012-07-26 08:14    78296    ----a-w-    c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-09-05 20:09 . 2012-07-26 08:14    694232    ----a-w-    c:\windows\SysWow64\FlashPlayerApp.exe
2013-08-14 01:22 . 2012-07-26 08:13    22240    ----a-w-    c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2013-08-13 14:43 . 2013-08-13 14:43    50784    ----a-w-    c:\programdata\Microsoft\windowsfiltering\Sqm\Manifest\Sqm3.bin
2013-08-13 14:43 . 2013-08-13 14:43    17536    ----a-w-    c:\programdata\Microsoft\windowssampling\Sqm\Manifest\Sqm3.bin
2013-08-12 19:26 . 2013-08-12 19:26    312232    ----a-w-    c:\windows\system32\javaws.exe
2013-08-12 19:26 . 2013-08-12 19:26    189352    ----a-w-    c:\windows\system32\javaw.exe
2013-08-12 19:26 . 2013-08-12 19:26    108968    ----a-w-    c:\windows\system32\WindowsAccessBridge-64.dll
2013-08-12 19:26 . 2013-08-12 19:26    972712    ----a-w-    c:\windows\system32\deployJava1.dll
2013-08-12 19:26 . 2013-08-12 19:26    1093032    ----a-w-    c:\windows\system32\npDeployJava1.dll
2013-08-12 19:26 . 2013-08-12 19:26    188840    ----a-w-    c:\windows\system32\java.exe
2013-08-12 19:26 . 2013-08-12 19:26    867240    ----a-w-    c:\windows\SysWow64\npDeployJava1.dll
2013-08-12 19:26 . 2013-08-12 19:26    789416    ----a-w-    c:\windows\SysWow64\deployJava1.dll
2013-08-12 19:26 . 2013-08-12 19:26    96168    ----a-w-    c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-07-13 06:18 . 2013-08-14 01:25    337408    ----a-w-    c:\windows\system32\wintrust.dll
2013-07-13 06:16 . 2013-08-14 01:25    68096    ----a-w-    c:\windows\system32\cryptsvc.dll
2013-07-13 06:16 . 2013-08-14 01:25    1889280    ----a-w-    c:\windows\system32\crypt32.dll
2013-07-13 06:15 . 2013-08-14 01:25    124416    ----a-w-    c:\windows\system32\apprepapi.dll
2013-07-13 06:15 . 2013-08-14 01:25    98304    ----a-w-    c:\windows\system32\apprepsync.dll
2013-07-13 04:24 . 2013-08-14 01:25    261120    ----a-w-    c:\windows\SysWow64\wintrust.dll
2013-07-13 04:23 . 2013-08-14 01:25    1568256    ----a-w-    c:\windows\SysWow64\crypt32.dll
2013-07-13 04:23 . 2013-08-14 01:25    87040    ----a-w-    c:\windows\SysWow64\apprepapi.dll
2013-07-13 04:23 . 2013-08-14 01:25    74240    ----a-w-    c:\windows\SysWow64\apprepsync.dll
2013-07-09 06:07 . 2013-08-14 01:27    2233168    ----a-w-    c:\windows\system32\drivers\tcpip.sys
2013-07-02 00:44 . 2013-08-14 02:24    36288    ----a-w-    c:\windows\system32\drivers\WdBoot.sys
2013-07-01 22:08 . 2013-08-14 02:24    247216    ----a-w-    c:\windows\system32\drivers\WdFilter.sys
2013-06-21 01:09 . 2013-06-21 01:09    42184    ----a-w-    c:\windows\system32\drivers\taphss6.sys
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2013-09-09 11:06    3122864    ----a-w-    c:\program files (x86)\AVG SafeGuard toolbar\15.5.0.2\AVG SafeGuard toolbar_toolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files (x86)\AVG SafeGuard toolbar\15.5.0.2\AVG SafeGuard toolbar_toolbar.dll" [2013-09-09 3122864]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG SafeGuard toolbar.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG SafeGuard toolbar.PugiObj]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AVP"="c:\program files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\runner_avp.exe" [2013-05-03 24504]
"vProt"="c:\program files (x86)\AVG SafeGuard toolbar\vprot.exe" [2013-09-09 2314416]
"Baidu PC Faster 3.7.0.0"="c:\program files (x86)\Baidu Security\PC Faster\3.7.0.0\PCFaster.exe" [2013-08-29 1808368]
"Wondershare Helper Compact.exe"="c:\program files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe" [2013-07-25 1985824]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableCursorSuppression"= 1 (0x1)
"ConsentPromptBehaviorUser"= 3 (0x3)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer3"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute    REG_MULTI_SZ       autocheck autochk *\0\0sdnclean64.exe
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AutoUpdateDisableNotify"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
R0 klelam;klelam;c:\windows\system32\DRIVERS\klelam.sys;c:\windows\SYSNATIVE\DRIVERS\klelam.sys [x]
R2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]
R3 AMPPALP;Intel® Centrino® Wireless Bluetooth® + High Speed Protocol;c:\windows\system32\DRIVERS\amppal.sys;c:\windows\SYSNATIVE\DRIVERS\amppal.sys [x]
R3 intaud_WaveExtensible;Intel WiDi Audio Device;c:\windows\system32\drivers\intelaud.sys;c:\windows\SYSNATIVE\drivers\intelaud.sys [x]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [x]
R3 taphss6;Anchorfree HSS VPN Adapter;c:\windows\system32\DRIVERS\taphss6.sys;c:\windows\SYSNATIVE\DRIVERS\taphss6.sys [x]
R3 WUDFWpdMtp;WUDFWpdMtp;c:\windows\system32\DRIVERS\WUDFRd.sys;c:\windows\SYSNATIVE\DRIVERS\WUDFRd.sys [x]
S0 iaStorA;iaStorA;c:\windows\System32\drivers\iaStorA.sys;c:\windows\SYSNATIVE\drivers\iaStorA.sys [x]
S1 ATKWMIACPIIO;ATKWMIACPI Driver;c:\program files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys;c:\program files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [x]
S1 BprotectEx;Baidu ProtectEx;c:\windows\System32\drivers\BprotectEx.sys;c:\windows\SYSNATIVE\drivers\BprotectEx.sys [x]
S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys;c:\windows\SYSNATIVE\DRIVERS\klim6.sys [x]
S1 klwfp;klwfp;c:\windows\system32\DRIVERS\klwfp.sys;c:\windows\SYSNATIVE\DRIVERS\klwfp.sys [x]
S1 kneps;kneps;c:\windows\system32\DRIVERS\kneps.sys;c:\windows\SYSNATIVE\DRIVERS\kneps.sys [x]
S2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® + High Speed Service;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe [x]
S2 ASMMAP64;ASMMAP64;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [x]
S2 ASUS InstantOn;ASUS InstantOn Service;c:\program files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe;c:\program files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe [x]
S2 Bluetooth Device Monitor;Bluetooth Device Monitor;c:\program files (x86)\Intel\Bluetooth\devmonsrv.exe;c:\program files (x86)\Intel\Bluetooth\devmonsrv.exe [x]
S2 Bluetooth OBEX Service;Bluetooth OBEX Service;c:\program files (x86)\Intel\Bluetooth\obexsrv.exe;c:\program files (x86)\Intel\Bluetooth\obexsrv.exe [x]
S2 BTHSSecurityMgr;Intel® Centrino® Wireless Bluetooth® + High Speed Security Service;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe [x]
S2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]
S2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [x]
S2 PanService;PandoraService;c:\program files (x86)\PANDORA.TV\PanService\PandoraService.exe;c:\program files (x86)\PANDORA.TV\PanService\PandoraService.exe [x]
S2 PCFasterSvc_{PCFaster_3.7.0.0};Baidu PC Faster Service 3.7.0.0;c:\program files (x86)\Baidu Security\PC Faster\3.7.0.0\PCFasterSvc.exe;c:\program files (x86)\Baidu Security\PC Faster\3.7.0.0\PCFasterSvc.exe [x]
S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]
S2 vToolbarUpdater15.5.0;vToolbarUpdater15.5.0;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.5.0\ToolbarUpdater.exe;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.5.0\ToolbarUpdater.exe [x]
S2 ZeroConfigService;Intel® PROSet/Wireless Zero Configuration Service;c:\program files\Intel\WiFi\bin\ZeroConfigService.exe;c:\program files\Intel\WiFi\bin\ZeroConfigService.exe [x]
S3 AiCharger;ASUS Charger Driver;c:\windows\system32\DRIVERS\AiCharger.sys;c:\windows\SYSNATIVE\DRIVERS\AiCharger.sys [x]
S3 AMPPAL;Intel® Centrino® Wireless Bluetooth® + High Speed Virtual Adapter;c:\windows\System32\drivers\AMPPAL.sys;c:\windows\SYSNATIVE\drivers\AMPPAL.sys [x]
S3 ATP;ASUS PS/2 Port Input Device;c:\windows\System32\drivers\AsusTP.sys;c:\windows\SYSNATIVE\drivers\AsusTP.sys [x]
S3 BthLEEnum;Bluetooth Low Energy Driver;c:\windows\system32\DRIVERS\BthLEEnum.sys;c:\windows\SYSNATIVE\DRIVERS\BthLEEnum.sys [x]
S3 btmaux;Intel Bluetooth Auxiliary Service;c:\windows\system32\DRIVERS\btmaux.sys;c:\windows\SYSNATIVE\DRIVERS\btmaux.sys [x]
S3 btmhsf;btmhsf;c:\windows\system32\DRIVERS\btmhsf.sys;c:\windows\SYSNATIVE\DRIVERS\btmhsf.sys [x]
S3 HIDSwitch;ASUS Wireless Radio Control;c:\windows\System32\drivers\AsHIDSwitch64.sys;c:\windows\SYSNATIVE\drivers\AsHIDSwitch64.sys [x]
S3 iBtFltCoex;iBtFltCoex;c:\windows\system32\DRIVERS\iBtFltCoex.sys;c:\windows\SYSNATIVE\DRIVERS\iBtFltCoex.sys [x]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 iwdbus;IWD Bus Enumerator;c:\windows\System32\drivers\iwdbus.sys;c:\windows\SYSNATIVE\drivers\iwdbus.sys [x]
S3 klkbdflt;Kaspersky Lab KLKBDFLT;c:\windows\system32\DRIVERS\klkbdflt.sys;c:\windows\SYSNATIVE\DRIVERS\klkbdflt.sys [x]
S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys;c:\windows\SYSNATIVE\DRIVERS\klmouflt.sys [x]
S3 NETwNe64;@oem12.inf,___ %NIC_Service_DispName_WIN8_64%;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 8 - 64 Bit;c:\windows\system32\DRIVERS\NETwew00.sys;c:\windows\SYSNATIVE\DRIVERS\NETwew00.sys [x]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\System32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x]
S3 RTL8168;Realtek 8168 NT Driver;c:\windows\system32\DRIVERS\Rt630x64.sys;c:\windows\SYSNATIVE\DRIVERS\Rt630x64.sys [x]
S3 usb3Hub;USB-IF USB 3.0 Hub;c:\windows\System32\drivers\usb3Hub.sys;c:\windows\SYSNATIVE\drivers\usb3Hub.sys [x]
S3 XHCIPort;USB-IF xHCI USB Host Controller;c:\windows\System32\drivers\XHCIPort.sys;c:\windows\SYSNATIVE\drivers\XHCIPort.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-09-05 09:41    1177552    ----a-w-    c:\program files (x86)\Google\Chrome\Application\29.0.1547.66\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-09-17 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-08-21 16:43]
.
2013-09-13 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1579019205-3585864088-4210726827-1001Core.job
- c:\users\asus\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-09-06 19:44]
.
2013-09-17 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1579019205-3585864088-4210726827-1001UA.job
- c:\users\asus\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-09-06 19:44]
.
2013-09-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-08-26 05:35]
.
2013-09-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-08-26 05:35]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_B]
@="{6D4133E5-0742-4ADC-8A8C-9303440F7190}"
[HKEY_CLASSES_ROOT\CLSID\{6D4133E5-0742-4ADC-8A8C-9303440F7190}]
2012-03-13 09:23    1500672    ----a-w-    c:\program files (x86)\ASUS\WebStorage Sync Agent\1.1.9.120\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_O]
@="{64174815-8D98-4CE6-8646-4C039977D808}"
[HKEY_CLASSES_ROOT\CLSID\{64174815-8D98-4CE6-8646-4C039977D808}]
2012-03-13 09:23    1500672    ----a-w-    c:\program files (x86)\ASUS\WebStorage Sync Agent\1.1.9.120\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_U]
@="{1C5AB7B1-0B38-4EC4-9093-7FD277E2AF4D}"
[HKEY_CLASSES_ROOT\CLSID\{1C5AB7B1-0B38-4EC4-9093-7FD277E2AF4D}]
2012-03-13 09:23    1500672    ----a-w-    c:\program files (x86)\ASUS\WebStorage Sync Agent\1.1.9.120\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-10-15 171040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-10-15 399392]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2012-10-18 13213328]
"BTMTrayAgent"="c:\program files (x86)\Intel\Bluetooth\btmshell.dll" [2012-07-21 11554176]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = https://www.google.com.sa/
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Add to Anti-Banner - c:\program files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ie_banner_deny.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: Send to Bluetooth - c:\program files (x86)\Intel\Bluetooth\btSendToObject.htm
IE: ????? ??? ???? Bluetooth - c:\program files (x86)\Intel\Bluetooth\btSendToObject.htm
TCP: DhcpNameServer = 192.168.1.1 192.168.1.1
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\15.5.0\ViProtocol.dll
FF - ProfilePath - c:\users\asus\AppData\Roaming\Mozilla\Firefox\Profiles\oxczlsci.default\
FF - prefs.js: keyword.URL -
FF - ExtSQL: 2013-08-12 22:38; anti_banner@kaspersky.com; c:\program files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\anti_banner@kaspersky.com
FF - ExtSQL: 2013-08-12 22:38; content_blocker@kaspersky.com; c:\program files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\content_blocker@kaspersky.com
FF - ExtSQL: 2013-08-12 22:38; online_banking@kaspersky.com; c:\program files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\online_banking@kaspersky.com
FF - ExtSQL: 2013-08-12 22:38; url_advisor@kaspersky.com; c:\program files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\url_advisor@kaspersky.com
FF - ExtSQL: 2013-08-12 22:38; virtual_keyboard@kaspersky.com; c:\program files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\virtual_keyboard@kaspersky.com
FF - ExtSQL: 2013-08-24 03:31; afext@anchorfree.com; c:\program files (x86)\Mozilla Firefox\browser\extensions\afext@anchorfree.com
FF - ExtSQL: 2013-09-09 14:06; avg@toolbar; c:\programdata\AVG SafeGuard toolbar\FireFoxExt\15.5.0.2
FF - ExtSQL: 2013-09-17 07:00; WebSiteRecommendation@weliketheweb.com; c:\users\asus\AppData\Roaming\Mozilla\Firefox\Profiles\oxczlsci.default\extensions\WebSiteRecommendation@weliketheweb.com
FF - user.js: extensions.delta.tlbrSrchUrl -
FF - user.js: extensions.delta.id - 7c53b2de000000000000685d439f2708
FF - user.js: extensions.delta.appId - {C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
FF - user.js: extensions.delta.instlDay - 15956
FF - user.js: extensions.delta.vrsn - 1.8.24.6
FF - user.js: extensions.delta.vrsni - 1.8.24.6
FF - user.js: extensions.delta.vrsnTs - 1.8.24.614:14
FF - user.js: extensions.delta.prtnrId - delta
FF - user.js: extensions.delta.prdct - delta
FF - user.js: extensions.delta.aflt - babsst
FF - user.js: extensions.delta.smplGrp - none
FF - user.js: extensions.delta.tlbrId - base
FF - user.js: extensions.delta.instlRef - sst
FF - user.js: extensions.delta.dfltLng - en
FF - user.js: extensions.delta.excTlbr - false
FF - user.js: extensions.delta.ffxUnstlRst - true
FF - user.js: extensions.delta.admin - false
FF - user.js: extensions.delta_i.babTrack - affID=123621&tsp=4999
FF - user.js: extensions.delta_i.babExt -
FF - user.js: extensions.delta_i.srcExt - ss
FF - user.js: extensions.delta.autoRvrt - false
FF - user.js: extensions.delta.rvrt - false
FF - user.js: extensions.delta.newTab - false
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{76a39c95-086b-44df-bb69-b9e158ecffcf} - (no file)
Toolbar-Locked - (no file)
Wow6432Node-HKCU-Run-Pokki - %LOCALAPPDATA%\Pokki\Engine\Launcher.dll
BHO-{F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
@SACL=(02 0000)
.
Completion time: 2013-09-17  20:45:15
ComboFix-quarantined-files.txt  2013-09-17 17:45
ComboFix2.txt  2013-09-05 15:18
.
Pre-Run: 236,062,035,968 bytes free
Post-Run: 236,119,638,016 bytes free
.
- - End Of File - - 20DA54AD952D002BF4EC5DE270E4D963
 

Link to post
Share on other sites

Multiple Antivirus Programs installed!

I do not recommend that you have more than one anti-virus product installed and running on your computer at a time.

The reason for this is that if both products have their automatic (Real-Time) protection switched on, then those products which do not encrypt the virus strings within them can cause other anti-virus products to cause "false alarms". It can also lead to a clash as both products fight for access to files which are opened again this is the resident/automatic protection. In general terms, the two programs may conflict and cause:

1) False Alarms: When the anti virus software tells you that your PC has a virus when it actually doesn't.
2) System Performance Problems: Your system may lock up due to both products attempting to access the same file at the same time.

Therefore please go to add/remove in the control panel and remove either Windows Defender or Kaspersky.

Link to post
Share on other sites

I should have my coffee before answering... :(

 

 

Combofix scripting

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Download the attached CFScript.txt and save it to the location where Combofix is.


CFScriptB-4.gif


Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

 

 

 

Full System Scan with Malwarebytes Antimalware


  • If not existing, please download
Malwarebytes' Anti-Malware to your desktop. Double-click mbam-setup.exe and follow the prompts to install the program. At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.



If the program is already installed:

  • Run Malwarebytes Antimalware
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform fullscan, place a checkmark on all hard drives, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. Please save it to a convenient location.
  • The log can also be found here:
    C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
  • Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt
  • Post that log back here.

CFScript.txt

Link to post
Share on other sites

Malwarebytes Anti-Malware (PRO) 1.75.0.1300
www.malwarebytes.org

Database version: v2013.09.17.02

Windows 8 x64 NTFS
Internet Explorer 10.0.9200.16688
asus :: ASUS1 [administrator]

Protection: Disabled

9/19/2013 7:59:04 PM
mbam-log-2013-09-19 (19-59-04).txt

Scan type: Full scan (C:\|D:\|E:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 461384
Time elapsed: 1 hour(s), 4 minute(s), 8 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\FilesFrog Update Checker (PUP.Optional.Somoto.A) -> Quarantined and deleted successfully.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 15
C:\Users\asus\AppData\Local\FilesFrog Update Checker\uninstall.exe (PUP.Optional.Somoto.A) -> Quarantined and deleted successfully.
C:\Users\asus\AppData\Local\Google\Chrome\User Data\Default\Cache\f_004e14 (PUP.Optional.OpenCandy) -> Quarantined and deleted successfully.
C:\Users\asus\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3441HU74\search_defender_166[1].exe (PUP.Optional.SProtect.A) -> Quarantined and deleted successfully.
C:\Users\asus\AppData\Local\temp\a2zLyrics_1060-8102_v122.exe (PUP.Optional.Adtool) -> Quarantined and deleted successfully.
C:\Users\asus\AppData\Local\temp\appshat-distribution.exe (PUP.Optional.Somoto.A) -> Quarantined and deleted successfully.
C:\Users\asus\AppData\Local\temp\biclient.exe (PUP.Optional.Somoto.A) -> Quarantined and deleted successfully.
C:\Users\asus\AppData\Local\temp\BI_RunOnce.exe (PUP.Optional.Somoto.A) -> Quarantined and deleted successfully.
C:\Users\asus\AppData\Local\temp\minibar-master.exe (PUP.Optional.MiniBar.A) -> Quarantined and deleted successfully.
C:\Users\asus\AppData\Local\temp\Tsu7C9A37A3.dll (PUP.Optional.Tarma.A) -> Quarantined and deleted successfully.
C:\Users\asus\AppData\Local\temp\UpdateCheckerSetup.exe (PUP.Optional.Somoto.A) -> Quarantined and deleted successfully.
C:\Users\asus\AppData\Local\temp\{B5B3ED58-0B59-4024-A2CF-437B6E50CFAE}\Setup.exe (PUP.Optional.Tarma.A) -> Quarantined and deleted successfully.
C:\Users\asus\AppData\Local\temp\{B5B3ED58-0B59-4024-A2CF-437B6E50CFAE}\Addons\assistant_v3.exe (PUP.Optional.SProtect.A) -> Quarantined and deleted successfully.
C:\Users\asus\Downloads\7ZipSetup.exe (PUP.Optional.Somoto) -> Quarantined and deleted successfully.
C:\Users\asus\Downloads\Mazika2daY.CoM.Microsoft Toolkit v2.4.2 Final.rar.exe (PUP.Optional.Installrex) -> Quarantined and deleted successfully.
C:\Windows\AutoKMS.exe (Riskware.Keygen) -> Quarantined and deleted successfully.

(end)
 

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.