Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Shortcuts to All Files in Removable Disk


  • Please log in to reply
13 replies to this topic

#1 Dreamchaser_jc

Dreamchaser_jc

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:is balmy
  • Local time:03:04 AM

Posted 01 November 2013 - 09:47 AM

Dear all,

 

I was using my friend's laptop to work from it but all the files and folders in my USB device have become shortcuts. Every device that is plugged in will end up with the same fate. To clean them, I have to scan them on another computer and reset the attribute from the Command Prompt. Avast scan results will always yield infected .exe files with a long name.

 

I hope someone could help me return the laptop to her, cleaned.

 

Here's the DDS log. Thank you.

 

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 10.0.9200.16660
Run by jemiah at 22:29:23 on 2013-11-01
Microsoft Windows 7 Professional   6.1.7601.1.1252.60.1033.18.1012.128 [GMT 8:00]
.
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\System32\UMonit.exe
C:\Program Files\OSD\OSD.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Connection Manager\Bin\mcserver.exe
C:\Windows\system32\mspaint.exe
C:\Windows\system32\conhost.exe
C:\Program Files\Connection Manager\Bin\dbus-daemon.exe
C:\Program Files\Connection Manager\Bin\db_daemon.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Windows\explorer.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k secsvcs
.
============== Pseudo HJT Report ===============
.
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - c:\program files\windows live\companion\companioncore.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - c:\program files\microsoft office\office14\URLREDIR.DLL
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [Screen Saver Pro 3.1] c:\users\jemiah\appdata\roaming\ScreenSaverPro.scr
uRun: [Nrctcg] c:\users\jemiah\appdata\roaming\microsoft\Nrctcg.exe
uRun: [HW_OPENEYE_OUC_Celcom Broadband Manager] "c:\program files\celcom broadband manager\updatedog\ouc.exe"
mRun: [RTHDVCPL] c:\program files\realtek\audio\hda\RtHDVCpl.exe -s
mRun: [IAStorIcon] c:\program files\intel\intel® rapid storage technology\IAStorIcon.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [UMonit] c:\windows\system32\UMonit.exe
mRun: [FounderOSD] c:\program files\osd\OSD.exe
dRunOnce: [SPReview] "c:\windows\system32\spreview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\mctlsvc.lnk - c:\program files\connection manager\bin\mcserver.exe
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - c:\progra~1\micros~1\office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\micros~1\office14\ONBttnIE.dll/105
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - c:\program files\windows live\companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
TCP: Interfaces\{24BF8FD4-8D4D-4C96-A074-F284E425F4A5} : DHCPNameServer = 221.5.88.88 192.168.100.1
TCP: Interfaces\{37FB366F-CE6D-497E-8ABF-8893A5286BA3} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{64F105D7-1B17-4229-AC1D-E33D4C49897F}\A616E61623131303 : DHCPNameServer = 192.168.1.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
Notify: igfxcui - igfxdev.dll
SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files\intel\intel® rapid storage technology\IAStorDataMgrSvc.exe [2011-12-24 13592]
R3 DCamUSBNovatek;USB2.0 UVC Camera;c:\windows\system32\drivers\nvtcam.sys [2010-9-7 2704640]
R3 huawei_enumerator;huawei_enumerator;c:\windows\system32\drivers\ew_jubusenum.sys [2013-11-1 73216]
R3 netr28;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\drivers\netr28.sys [2011-12-24 1291840]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2011-12-24 414824]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-19 130384]
S2 HWDeviceService.exe;HWDeviceService.exe;c:\programdata\datacardservice\HWDeviceService.exe [2011-3-14 271712]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888]
S3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\drivers\ew_hwusbdev.sys [2013-11-1 102784]
S3 ewusbmbb;HUAWEI USB-WWAN miniport;c:\windows\system32\drivers\ewusbwwan.sys [2013-11-1 353280]
S3 fssfltr;fssfltr;c:\windows\system32\drivers\fssfltr.sys [2011-12-24 39272]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2010-9-23 1493352]
S3 massfilter;MBB Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [2012-7-28 9216]
S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 20992]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2013-6-22 52224]
S3 USTOR2K;USB Mass Storage Windows Driver;c:\windows\system32\drivers\ustor2k.sys [2012-1-6 29312]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2013-5-27 1343400]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\microsoft sql server\100\shared\sqladhlp.exe [2009-7-23 47128]
S4 RsFx0103;RsFx0103 Driver;c:\windows\system32\drivers\RsFx0103.sys [2009-3-30 239336]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\microsoft sql server\mssql10.sqlexpress\mssql\binn\SQLAGENT.EXE [2009-3-30 366936]
S4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\windows live\mesh\wlcrasvc.exe [2010-9-23 51040]
.
=============== Created Last 30 ================
.
2013-11-01 14:20:12    141824    --sha-w-    c:\users\jemiah\appdata\roaming\microsoft\Nrctcg.exe
2013-11-01 12:12:25    --------    d-----w-    c:\users\jemiah\appdata\roaming\Celcom Broadband Manager
2013-11-01 12:09:36    --------    d-----w-    c:\program files\Celcom Broadband Manager
2013-11-01 12:04:49    --------    d-----w-    c:\programdata\DatacardService
2013-10-27 04:23:52    60872    ----a-w-    c:\programdata\microsoft\windows defender\definition updates\{4af1afdb-04ca-4c42-b3e8-ab2c3ef2b4e0}\offreg.dll
2013-10-08 05:54:17    141824    ----a-w-    c:\users\jemiah\appdata\roaming\temp.bin
.
==================== Find3M  ====================
.
2013-08-11 10:52:36    9728    ---ha-w-    c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-08-06 20:22:04    238872    ------w-    c:\windows\system32\MpSigStub.exe
.
============= FINISH: 22:30:52.02 ===============
 



BC AdBot (Login to Remove)

 


#2 Aaflac

Aaflac

    Doin' Dis 'n Dat...


  • Malware Response Team
  • 2,307 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:USA
  • Local time:02:04 PM

Posted 01 November 2013 - 11:40 AM

Dreamchaser_jc,

:welcome: to BC forums!

Please do the following...


:step1: To stop the Autorun feature, download and run the following:
Microsoft Fix It 50471
http://support.microsoft.com/kb/967715
Scroll down to: How to disable or enable all Autorun features in Windows 7 and other operating systems

Click Run in the File Download dialog box, and follow the steps of the wizard.

Note: There is an option to enable Autorun automatically. You can do so later, if you wish.

Reboot the system after applying the Microsoft FixIt.



:step2: Please click on the Windows 7 Start button and then on Control Panel

In Control Panel, select the Folder Options link.
Click on the View tab in the Folder Options window.

In the Advanced settings area, locate the Hidden files and folders category.
Check: Show hidden files, folders, and drives
Uncheck: Hide protected operating system files (Recommended)

Click Apply and OK at the bottom of the Folder Options window.



:step3: Next, download UsbFix:
http://www.usbfix.net/
Press the green Download button.
Save to the Desktop.


In the next step, a window requesting the connection of removable drives appears. Please connect the problem USB drive when requested!


Right-click the downloaded USBFix file and select: Run as Administrator

Press: Research

This option scans the connected drives, and reports its infected Files and Folders

When done, the program closes on its own, and a report appears.

(The report file is also found at C:\UsbFix.txt)


>> Please post the UsbFix.txt (Research) report in your reply.




:step4: Once again, run USBFix as Administrator, but, this time, press: Listing

It creates a report of all the Folders and Files found at the root of every hard drive, partition, or removable drive connected.


>> Also post the UsbFix.txt (Listing) report in your reply.


Note 1: If USBFix does not run in normal Windows, please run in Safe Mode:

Restart your computer.

When the computer starts, tap the F8 key on the keyboard repeatedly until presented with the Advanced Boot Options menu

Using the arrow keys, select: Safe Mode

Press the Enter key on your keyboard to boot into the selected mode.


Note 2: If your AntiVirus program detects USB as malware, either let the AV program allow USBFix to run, or, temporarily disable your AntiVirus program:

Info - http://www.bleepingcomputer.com/forums/t/114351/how-to-temporarily-disable-your-anti-virus-firewall-and-anti-malware-programs/

When done with USBFix, re-enable your AV program.



:step5: Last, please download the Farbar Recovery Scan Tool

Download: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/

Select the version that applies to your system.

Save it to your Desktop.

Double-click the downloaded file to run it.

When the tool opens click Yes to the disclaimer.


Press the Scan button.


The tool makes a log (FRST.txt) in the same directory from which the tool is run (Desktop).

>> Please provide the FRST.txt in your reply.


The first time the tool is run, it also makes another log: Addition.txt

>> Also post the Addition.txt in your reply.

Edited by Aaflac, 01 November 2013 - 11:42 AM.

Old duck...


#3 Dreamchaser_jc

Dreamchaser_jc
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:is balmy
  • Local time:03:04 AM

Posted 02 November 2013 - 12:09 PM

Hi,

 

Thanks for the reply.

 

Sorry for the delay in posting my logs. In addition to that, I'd like to note that each time Windows starts, I get a "Dial-up Connection" popup and after that, every time I execute a program under "Run as Administrator". My Task Manager shows mspaint.exe running even though I don't have Paint open. Terminating it is also useless.

 

############################## | UsbFix V 7.148 | [Research]

User: jemiah (Administrator) # JEMIAH-AEROG
Updated 01/11/2013 by El Desaparecido - Team SosVirus
Started at 19:59:54 | 02/11/2013

Website: http://www.usbfix.net/
Forum : http://www.sosvirus.net/
Upload Malware: http://www.sosvirus.net/upload_malware.php
Contact: http://www.usbfix.net/contact/

PC: AeroGATE (H-S30N)
CPU: Intel® Atom™ CPU N455   @ 1.66GHz
RAM -> [Total : 1012 | Free : 89]
Bios: American Megatrends Inc.
Boot: Normal boot

OS: Microsoft Windows 7 Professional  (6.1.7601 32-Bit) Service Pack 1
WB: Windows Internet Explorer : 10.0.9200.16660

SC: Security Center Service [Enabled]
WU: Windows Update Service [Enabled]
AV: avast! Antivirus [(!) Disabled | Updated]
AS: Windows Defender : 6.1.7600.16385 (win7_rtm.090713-1255)
AS: Malwarebytes' Anti-Malware : 1.75.0001
FW: Windows FireWall Service [Enabled]

C:\ (%systemdrive%) -> Fixed drive # 59 Gb (23 Mb free - 39%) [os] # NTFS
D:\ -> Fixed drive # 40 Gb (34 Mb free - 86%) [PROGRAM] # NTFS
E:\ -> Fixed drive # 41 Gb (40 Mb free - 99%) [data] # NTFS
F:\ -> Removable drive # 4 Gb (641 Mb free - 17%) [SANDBOX] # FAT32

################## | Reference of comparison MD5 |

Md5 : c1877f39f100c4f27c2e9d31f6eacb06 -> C:\Users\jemiah\AppData\Roaming\ScreenSaverPro.scr
Md5 : c1877f39f100c4f27c2e9d31f6eacb06 -> C:\Users\jemiah\AppData\Roaming\ScreenSaverPro.scr
Md5 : c1877f39f100c4f27c2e9d31f6eacb06 -> C:\Users\jemiah\AppData\Roaming\temp.bin
Md5 : c1877f39f100c4f27c2e9d31f6eacb06 -> F:\.Trashes\e8b2c69b.exe

################## | Active Processes |

C:\Windows\system32\csrss.exe (ID: 476 |ParentID: 464)
C:\Windows\system32\wininit.exe (ID: 528 |ParentID: 464)
C:\Windows\system32\csrss.exe (ID: 536 |ParentID: 520)
C:\Windows\system32\services.exe (ID: 600 |ParentID: 528)
C:\Windows\system32\winlogon.exe (ID: 616 |ParentID: 520)
C:\Windows\system32\lsass.exe (ID: 644 |ParentID: 528)
C:\Windows\system32\lsm.exe (ID: 652 |ParentID: 528)
C:\Windows\system32\svchost.exe (ID: 764 |ParentID: 600)
C:\Windows\system32\svchost.exe (ID: 860 |ParentID: 600)
C:\Windows\System32\svchost.exe (ID: 920 |ParentID: 600)
C:\Windows\System32\svchost.exe (ID: 996 |ParentID: 600)
C:\Windows\system32\svchost.exe (ID: 1040 |ParentID: 600)
C:\Windows\system32\svchost.exe (ID: 1076 |ParentID: 600)
C:\Windows\system32\svchost.exe (ID: 1352 |ParentID: 600)
C:\Windows\system32\svchost.exe (ID: 1492 |ParentID: 600)
C:\Program Files\AVAST Software\Avast\AvastSvc.exe (ID: 1532 |ParentID: 600)
C:\Windows\System32\spoolsv.exe (ID: 1668 |ParentID: 600)
C:\ProgramData\DatacardService\HWDeviceService.exe (ID: 1772 |ParentID: 600)
C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe (ID: 1876 |ParentID: 600)
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe (ID: 2008 |ParentID: 600)
C:\Windows\system32\svchost.exe (ID: 2028 |ParentID: 600)
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (ID: 384 |ParentID: 600)
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe (ID: 1996 |ParentID: 384)
C:\Windows\system32\taskhost.exe (ID: 2544 |ParentID: 600)
C:\Windows\system32\Dwm.exe (ID: 2652 |ParentID: 996)
C:\Windows\Explorer.EXE (ID: 2676 |ParentID: 2604)
C:\ProgramData\DatacardService\DCSHelper.exe (ID: 2820 |ParentID: 1772)
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe (ID: 2920 |ParentID: 2676)
C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (ID: 2940 |ParentID: 2676)
C:\Windows\System32\igfxtray.exe (ID: 2960 |ParentID: 2676)
C:\Windows\System32\hkcmd.exe (ID: 2980 |ParentID: 2676)
C:\Windows\System32\igfxpers.exe (ID: 2992 |ParentID: 2676)
C:\Windows\System32\UMonit.exe (ID: 3048 |ParentID: 2676)
C:\Program Files\OSD\OSD.exe (ID: 3104 |ParentID: 2676)
C:\Windows\system32\igfxsrvc.exe (ID: 3140 |ParentID: 764)
C:\Program Files\AVAST Software\Avast\AvastUI.exe (ID: 3152 |ParentID: 2676)
C:\Program Files\Windows Sidebar\sidebar.exe (ID: 3164 |ParentID: 2676)
C:\Program Files\Connection Manager\Bin\mcserver.exe (ID: 3380 |ParentID: 2676)
C:\Users\jemiah\AppData\Roaming\Celcom Broadband Manager\ouc.exe (ID: 3412 |ParentID: 3336)
C:\Windows\system32\cmd.exe (ID: 3472 |ParentID: 3380)
C:\Windows\system32\conhost.exe (ID: 3492 |ParentID: 536)
C:\Program Files\Connection Manager\Bin\dbus-daemon.exe (ID: 3528 |ParentID: 3472)
C:\Windows\system32\SearchIndexer.exe (ID: 3540 |ParentID: 600)
C:\Program Files\Connection Manager\Bin\db_daemon.exe (ID: 3576 |ParentID: 3528)
C:\Windows\system32\svchost.exe (ID: 3696 |ParentID: 3248)
C:\Windows\system32\mspaint.exe (ID: 3728 |ParentID: 3696)
C:\Windows\system32\DllHost.exe (ID: 1504 |ParentID: 764)
C:\Windows\system32\svchost.exe (ID: 2524 |ParentID: 600)
C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe (ID: 2416 |ParentID: 600)
C:\Windows\system32\sppsvc.exe (ID: 2872 |ParentID: 600)
C:\Windows\system32\SearchProtocolHost.exe (ID: 2932 |ParentID: 3540)
C:\Windows\System32\svchost.exe (ID: 3692 |ParentID: 600)
\\?\C:\Windows\system32\wbem\WMIADAP.EXE (ID: 4052 |ParentID: 1076)
C:\Windows\system32\wbem\wmiprvse.exe (ID: 3600 |ParentID: 764)
C:\Windows\system32\wbem\wmiprvse.exe (ID: 1320 |ParentID: 764)
C:\Windows\system32\SearchFilterHost.exe (ID: 988 |ParentID: 3540)
C:\UsbFix\Go.exe (ID: 1676 |ParentID: 4008)
C:\Windows\System32\WUDFHost.exe (ID: 2768 |ParentID: 996)

################## | Regedit Run |

HKLM\SOFTWARE | Run : [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s
HKLM\SOFTWARE | Run : [IAStorIcon] - C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
HKLM\SOFTWARE | Run : [IgfxTray] - C:\Windows\system32\igfxtray.exe
HKLM\SOFTWARE | Run : [HotKeysCmds] - C:\Windows\system32\hkcmd.exe
HKLM\SOFTWARE | Run : [Persistence] - C:\Windows\system32\igfxpers.exe
HKLM\SOFTWARE | Run : [UMonit] - C:\Windows\system32\UMonit.exe
HKLM\SOFTWARE | Run : [FounderOSD] - C:\Program Files\OSD\OSD.exe
HKLM\SOFTWARE | Run : [avast] - "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
HKLM\SOFTWARE | RunOnce : [] -
HKU\S-1-5-19\SOFTWARE | Run : [Sidebar] - %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-20\SOFTWARE | Run : [Sidebar] - %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-21-2540543814-3018642377-997122714-1005\SOFTWARE | Run : [Sidebar] - C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
HKU\S-1-5-21-2540543814-3018642377-997122714-1005\SOFTWARE | Run : [Screen Saver Pro 3.1] - C:\Users\jemiah\AppData\Roaming\ScreenSaverPro.scr
HKU\S-1-5-21-2540543814-3018642377-997122714-1005\SOFTWARE | Run : [Nrctcg] - C:\Users\jemiah\AppData\Roaming\Microsoft\Nrctcg.exe
HKU\S-1-5-21-2540543814-3018642377-997122714-1005\SOFTWARE | Run : [HW_OPENEYE_OUC_Celcom Broadband Manager] - "C:\Program Files\Celcom Broadband Manager\UpdateDog\ouc.exe"
HKU\S-1-5-19\SOFTWARE | RunOnce : [mctadmin] - C:\Windows\System32\mctadmin.exe
HKU\S-1-5-20\SOFTWARE | RunOnce : [mctadmin] - C:\Windows\System32\mctadmin.exe
HKU\S-1-5-18\SOFTWARE | RunOnce : [SPReview] - "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601

################## | Generic Research |

Found ! C:\Users\jemiah\AppData\Roaming\Microsoft\Nrctcg.exe
Found ! F:\SKT.lnk
Found ! F:\SM.lnk
Found ! F:\HOST.lnk
Found ! F:\TOR.lnk
Found ! F:\Applications.lnk
Found ! F:\PRINT.lnk
Found ! F:\intropage.htm.lnk
Found ! F:\autorun.inf.lnk
Found ! F:\Softwares.lnk
Found ! F:\._.Trashes.lnk
Found ! F:\79.zip.lnk
Found ! F:\.Trashes.lnk
Found ! F:\.Spotlight-V100.lnk
Found ! F:\.fseventsd.lnk
Found ! F:\update_on_virology0001.tif.lnk
Found ! F:\PHA-razip.lnk
Found ! F:\.apdisk.lnk
Found ! F:\Participants.xlsx.lnk
Found ! F:\BC_Sites.lnk
Found ! F:\winrecoveryconsole.iso.lnk
Found ! F:\The_Hemolyzed_Specimen.pdf.lnk
Found ! F:\KNote.lnk
Found ! F:\TEMp.lnk
Found ! F:\map.pdf.lnk
Found ! F:\TechTalk_Jan2004_What_is_Hemolysis.pdf.lnk
Found ! F:\Append.docx.lnk
Found ! F:\GelDoc_User_2011-01-18_13hr_08min.jpg.lnk
Found ! F:\KeyNote_NF.lnk
Found ! F:\Managing-Preanalytical-Variables1.pdf.lnk
Found ! F:\QA.docx.lnk
Found ! F:\RoA.xlsx.lnk
Found ! F:\NaF_--_an_ineffective_inhibitor_of_glycolysis.pdf.lnk
Found ! F:\Gmail_-_Fwd__FedEx_AWB_794901165596,_from_Brisbane,_AU.pdf.lnk
Found ! F:\Cleaning.lnk
Found ! F:\CLSI_M100_2012.pdf.lnk
Found ! F:\Arahan_Kerja_Edit.lnk
Found ! F:\Note_to_PKBP.docx.lnk
Found ! F:\Cycle_1_2013.docx.lnk
Found ! F:\Monthly_QC_-_Components.docx.lnk
Found ! F:\cme_microbe.pptx.lnk
Found ! F:\Pengurusan_Patologi.docx.lnk
Found ! F:\Namelist_Pathology.docx.lnk
Found ! F:\ETest_Reading_print_for_lab.pdf.lnk
Found ! F:\Blood_Culture_Contamination.pdf.lnk
Found ! F:\CME_beta-lac_Announcement.docx.lnk
Found ! F:\Q.docx.lnk
Found ! F:\JC_d_Prelims.doc.lnk
Found ! F:\BACKUP.lnk
Found ! F:\Imipenem-Induced_Resistance_to_Antipseudomonal_f-Lactams_in_Pa.pdf.lnk
Found ! F:\swf.txt.lnk
Found ! F:\Whatchamacallit_lactamases.pptx.lnk
Found ! F:\Vids.lnk
Found ! F:\JC_d_edit_field.doc.lnk
Found ! F:\Maklum_balas_laporan_audit_dari_HSA_6_jun_2013.doc.lnk
Found ! F:\Can_the_Etest_Correctly_Determine_the_MICs_of_Lactam_and_Cephalosporin_Antibiotics_for_BLNAR_H_influenzae.pdf.lnk
Found ! F:\Persistence_of_Humoral_Response_against_Sporozoite_and_Blood-Stage_Malaria.pdf.lnk
Found ! F:\Ammendments_to_the_Thesis.docx.lnk
Found ! F:\Letter_for_MSL_International_students.docx.lnk
Found ! F:\Letter_of_MSL_Local_students.docx.lnk
Found ! F:\Transfer.lnk
Found ! F:\RECYCLER.lnk
Found ! F:\Letter_for_Embassy_of_Thailand.docx.lnk
Found ! F:\August_2013.xlsx.lnk
Found ! F:\Comparison_of_Three_Commercially_Available_Dengue_NS1_Antigen.pdf.lnk
Found ! F:\FORMAT_PERUNTUKKAN_DAN_PERBELANJAAN_2012-2013.xls.lnk
Found ! F:\Log_Book_Pegawai_Sains_C41_&_C44.doc.lnk
Found ! F:\lepto13091706_repeat.pdf.lnk
Found ! F:\CSF_preservation.pdf.lnk
Found ! F:\CPD_Log.pdf.lnk
Found ! F:\BB_Meeting_-_Mobile.pptx.lnk
Found ! F:\Rubber_Stamp.docx.lnk
Found ! F:\Sero_YoY.xlsx.lnk
Found ! F:\Tracing_PDN_Results_for_BATU_PAHAT.xlsx.lnk
Found ! F:\REAGENT_ABIS_2.doc.lnk
Found ! F:\SULIT_SEPT._13.doc.lnk
Found ! F:\Attendance_-_Perkhidmatan_Patologi.docx.lnk
Found ! F:\Attendance_-_HTC.docx.lnk
Found ! F:\Visio-Dinner.pdf.lnk
Found ! F:\ARCHITECT_CME.docx.lnk
Found ! F:\Q13-01134_®-HBATU_PAHAT_ARC.pdf.lnk
Found ! F:\OttercodeS_Soundboard_1_0_0_0.zip.lnk
Found ! F:\OttercodeS_Soundboard_1_0_0_0.lnk
Found ! F:\soundboard.zip.lnk
Found ! F:\background1.pptx.lnk
Found ! F:\TS102895255.potx.lnk
Found ! F:\TS001090287.pot.lnk
Found ! F:\MERS_CoV.docx.lnk
Found ! F:\MERS-CoV-J.pptx.lnk
Found ! F:\MERS-CoV-J-patho-Ver.pptx.lnk
Found ! F:\Julian_USM_mtsf.ppt.lnk
Found ! F:\Impregnable.ttf.lnk
Found ! F:\Letter_Head_Baru.lnk
Found ! F:\BOOTEX.LOG.lnk
Found ! F:\usbstor.inf.lnk
Found ! F:\MicrosoftFixit50471.msi.lnk
Found ! F:\.Trashes\e8b2c69b.exe
Found ! C:\Users\jemiah\AppData\Roaming\ScreenSaverPro.scr
Found ! C:\Users\jemiah\AppData\Roaming\temp.bin
Found ! F:\.Trashes\Desktop.ini
Found ! F:\Recycler\S-5-3-42-2819952290-8240758988-879315005-3665

################## | Comparison MD5 |

Found ! Md5 : C1877F39F100C4F27C2E9D31F6EACB06 -> C:\Users\jemiah\AppData\Roaming\Microsoft\Nrctcg.exe
Found ! Md5 : C1877F39F100C4F27C2E9D31F6EACB06 -> C:\Users\jemiah\AppData\Roaming\ScreenSaverPro.scr
Found ! Md5 : C1877F39F100C4F27C2E9D31F6EACB06 -> F:\.Trashes\e8b2c69b.exe
Found ! Md5 : C1877F39F100C4F27C2E9D31F6EACB06 -> F:\GwNbiuIBXLEtkeo.exe

################## | Registry |

Found ! HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowMyGames -> 0
Found ! HKU\S-1-5-21-2540543814-3018642377-997122714-1005\Software\Microsoft\Windows\CurrentVersion\Run|Nrctcg
Found ! HKCU\Software\Microsoft\Windows\CurrentVersion\Run|Nrctcg
Found ! HKU\S-1-5-21-2540543814-3018642377-997122714-1005\Software\Microsoft\Windows\CurrentVersion\Run|Screen Saver Pro 3.1
Found ! HKCU\Software\Microsoft\Windows\CurrentVersion\Run|Screen Saver Pro 3.1

################## | Vaccin |

F:\autorun.inf -> Vaccine created by Flash_Disinfector (sUBs)

################## | E.O.F | http://www.usbfix.net - http://www.sosvirus.net |




############################## | UsbFix V 7.148 | [Listing]

User: jemiah (Administrator) # JEMIAH-AEROG
Updated 01/11/2013 by El Desaparecido - Team SosVirus
Started at 00:55:59 | 03/11/2013

Website: http://www.usbfix.net/
Forum : http://www.sosvirus.net/
Upload Malware: http://www.sosvirus.net/upload_malware.php
Contact: http://www.usbfix.net/contact/

PC: AeroGATE (H-S30N)
CPU: Intel® Atom™ CPU N455   @ 1.66GHz
RAM -> [Total : 1012 | Free : 312]
Bios: American Megatrends Inc.
Boot: Normal boot

OS: Microsoft Windows 7 Professional  (6.1.7601 32-Bit) Service Pack 1
WB: Windows Internet Explorer : 10.0.9200.16660

SC: Security Center Service [Enabled]
WU: Windows Update Service [Enabled]
AV: avast! Antivirus [(!) Disabled | Updated]
AS: Windows Defender : 6.1.7600.16385 (win7_rtm.090713-1255)
AS: Malwarebytes' Anti-Malware : 1.75.0001
FW: Windows FireWall Service [Enabled]

C:\ (%systemdrive%) -> Fixed drive # 59 Gb (23 Mb free - 39%) [os] # NTFS
D:\ -> Fixed drive # 40 Gb (34 Mb free - 86%) [PROGRAM] # NTFS
E:\ -> Fixed drive # 41 Gb (40 Mb free - 99%) [data] # NTFS
F:\ -> Removable drive # 4 Gb (641 Mb free - 17%) [SANDBOX] # FAT32

################## | Listing |

[14/05/2012 - 20:57:00 | SHD ]     C:\$Recycle.Bin
[11/06/2009 - 05:42:20 | A | 24]     C:\autoexec.bat
[11/06/2009 - 05:42:20 | A | 10]     C:\config.sys
[28/07/2012 - 21:10:56 | A | 5402]     C:\debug1214.txt
[24/12/2011 - 07:25:58 | AD ]     C:\Digital Literacy
[14/07/2009 - 12:53:55 | SHD ]     C:\Documents and Settings
[02/02/2012 - 06:13:11 | D ]     C:\E-learning
[02/11/2013 - 19:53:58 | ASH | 796061696]     C:\hiberfil.sys
[24/12/2011 - 05:41:58 | D ]     C:\Intel
[06/01/2012 - 15:52:42 | RASH | 0]     C:\IO.SYS
[24/12/2011 - 02:28:46 | D ]     C:\LE20
[02/02/2012 - 08:28:08 | D ]     C:\MSDN Learning Content
[06/01/2012 - 15:52:42 | RASH | 0]     C:\MSDOS.SYS
[02/02/2012 - 06:00:19 | D ]     C:\MSIS INSTALL GUIDE
[14/05/2012 - 21:07:07 | RHD ]     C:\MSOCache
[02/11/2013 - 19:54:00 | ASH | 1073741824]     C:\pagefile.sys
[14/07/2009 - 10:37:05 | D ]     C:\PerfLogs
[01/11/2013 - 23:11:48 | RD ]     C:\Program Files
[01/11/2013 - 23:09:39 | HD ]     C:\ProgramData
[01/11/2013 - 22:19:34 | A | 525]     C:\rkill.log
[02/11/2013 - 19:51:55 | SHD ]     C:\System Volume Information
[03/11/2013 - 00:56:03 | D ]     C:\UsbFix
[03/11/2013 - 00:56:04 | A | 2327]     C:\UsbFix [Listing 1 ] JEMIAH-AEROG.txt
[02/11/2013 - 20:11:50 | A | 12440]     C:\UsbFix [Scan 1] JEMIAH-AEROG.txt
[14/05/2012 - 20:56:35 | RD ]     C:\Users
[01/11/2013 - 23:10:51 | D ]     C:\Windows
[14/05/2012 - 20:57:00 | D ]     D:\$RECYCLE.BIN
[31/10/2013 - 11:38:00 | D ]     D:\J
[27/09/2013 - 09:49:29 | D ]     D:\Jana2013
[15/05/2012 - 11:55:37 | D ]     D:\System Volume Information
[01/11/2013 - 23:44:44 | D ]     D:\transfer
[14/05/2012 - 20:57:00 | SHD ]     E:\$RECYCLE.BIN
[31/05/2006 - 08:59:26 | A | 4150]     E:\app.ico
[06/01/2012 - 14:51:05 | D ]     E:\Driver
[28/07/2012 - 23:25:56 | D ]     E:\Jalilah
[06/01/2012 - 00:21:41 | SHD ]     E:\System Volume Information
[17/10/2009 - 15:15:06 | SHD ]     F:\Applications
[15/02/2007 - 16:56:16 | SH | 6977]     F:\intropage.htm
[30/12/2010 - 19:46:52 | SHD ]     F:\autorun.inf
[30/12/2010 - 19:47:36 | SHD ]     F:\Softwares
[04/09/2012 - 10:32:50 | SH | 4096]     F:\._.Trashes
[23/04/2013 - 17:29:50 | SH | 167353]     F:\79.zip
[04/09/2012 - 10:32:50 | SHD ]     F:\.Trashes
[04/09/2012 - 10:32:50 | SHD ]     F:\.Spotlight-V100
[31/12/2010 - 12:18:34 | SHD ]     F:\RECYCLER
[04/09/2012 - 10:32:50 | SHD ]     F:\.fseventsd
[23/05/2013 - 11:30:08 | SH | 8946380]     F:\update_on_virology0001.tif
[04/09/2012 - 10:34:50 | SHD ]     F:\PHA-razip
[04/09/2012 - 10:41:16 | SH | 293]     F:\.apdisk
[22/04/2013 - 16:04:52 | SH | 13419]     F:\Participants.xlsx
[28/05/2013 - 11:51:58 | SHD ]     F:\SKT
[03/01/2011 - 14:58:34 | SHD ]     F:\BC_Sites
[03/01/2011 - 14:58:54 | SH | 7716864]     F:\winrecoveryconsole.iso
[07/05/2013 - 11:00:06 | SH | 453646]     F:\The_Hemolyzed_Specimen.pdf
[28/12/2010 - 15:44:06 | SHD ]     F:\KNote
[29/07/2013 - 05:04:12 | SHD ]     F:\TEMp
[25/09/2013 - 15:49:06 | SH | 138765]     F:\map.pdf
[24/10/2013 - 14:42:28 | SHD ]     F:\SM
[07/05/2013 - 10:59:36 | SH | 118708]     F:\TechTalk_Jan2004_What_is_Hemolysis.pdf
[31/07/2013 - 15:27:12 | SH | 30720]     F:\Append.docx
[02/11/2013 - 20:00:02 | N | 1756]     F:\SKT.lnk
[18/01/2011 - 13:09:10 | SH | 104399]     F:\GelDoc_User_2011-01-18_13hr_08min.jpg
[19/01/2011 - 18:29:14 | SHD ]     F:\KeyNote_NF
[27/05/2013 - 10:05:30 | SH | 1041893]     F:\Managing-Preanalytical-Variables1.pdf
[23/01/2011 - 12:20:14 | SHD ]     F:\HOST
[01/07/2013 - 10:11:46 | SH | 1199990]     F:\QA.docx
[08/04/2013 - 17:03:44 | SH | 11137]     F:\RoA.xlsx
[28/05/2013 - 18:31:52 | SH | 154571]     F:\NaF_--_an_ineffective_inhibitor_of_glycolysis.pdf
[27/03/2013 - 14:20:30 | SH | 51480]     F:\Gmail_-_Fwd__FedEx_AWB_794901165596,_from_Brisbane,_AU.pdf
[02/11/2013 - 20:00:02 | N | 1754]     F:\SM.lnk
[21/03/2011 - 21:28:30 | SHD ]     F:\Cleaning
[01/08/2013 - 12:19:00 | SH | 2047609]     F:\CLSI_M100_2012.pdf
[05/08/2013 - 09:23:26 | SHD ]     F:\Arahan_Kerja_Edit
[27/06/2013 - 16:07:50 | SH | 12295]     F:\Note_to_PKBP.docx
[21/08/2013 - 08:47:18 | SH | 43093]     F:\Cycle_1_2013.docx
[28/06/2013 - 11:15:34 | SH | 20546]     F:\Monthly_QC_-_Components.docx
[22/08/2013 - 14:25:22 | SH | 347703]     F:\cme_microbe.pptx
[01/07/2013 - 12:06:04 | SH | 279763]     F:\Pengurusan_Patologi.docx
[02/07/2013 - 09:53:24 | SH | 14018]     F:\Namelist_Pathology.docx
[19/07/2013 - 11:54:28 | SH | 4276016]     F:\ETest_Reading_print_for_lab.pdf
[05/08/2013 - 17:34:24 | SH | 56741]     F:\Blood_Culture_Contamination.pdf
[11/01/2012 - 01:02:52 | SHD ]     F:\TOR
[21/08/2013 - 09:22:38 | SH | 531968]     F:\CME_beta-lac_Announcement.docx
[19/07/2013 - 11:17:58 | SH | 90112]     F:\Q.docx
[19/07/2013 - 08:34:40 | SH | 1438404]     F:\Imipenem-Induced_Resistance_to_Antipseudomonal_f-Lactams_in_Pa.pdf
[02/09/2013 - 12:00:52 | SH | 59904]     F:\JC_d_Prelims.doc
[19/07/2013 - 08:36:12 | SH | 63]     F:\swf.txt
[22/08/2013 - 15:31:10 | SH | 2608000]     F:\Whatchamacallit_lactamases.pptx
[02/04/2012 - 00:31:34 | SHD ]     F:\PRINT
[20/08/2013 - 00:33:48 | SH | 2799104]     F:\Maklum_balas_laporan_audit_dari_HSA_6_jun_2013.doc
[02/11/2013 - 20:00:04 | N | 1758]     F:\HOST.lnk
[07/04/2012 - 13:56:42 | SHD ]     F:\Vids
[19/07/2013 - 12:04:42 | SH | 42223]     F:\Can_the_Etest_Correctly_Determine_the_MICs_of_Lactam_and_Cephalosporin_Antibiotics_for_BLNAR_H_influenzae.pdf
[22/07/2013 - 08:34:04 | SH | 145040]     F:\Persistence_of_Humoral_Response_against_Sporozoite_and_Blood-Stage_Malaria.pdf
[02/09/2013 - 11:43:14 | SH | 3694592]     F:\JC_d_edit_field.doc
[02/09/2013 - 15:56:58 | SH | 18375]     F:\Ammendments_to_the_Thesis.docx
[03/09/2013 - 08:49:02 | SH | 26151]     F:\Letter_for_MSL_International_students.docx
[03/09/2013 - 08:49:08 | SH | 27726]     F:\Letter_of_MSL_Local_students.docx
[03/09/2013 - 08:48:50 | SH | 25670]     F:\Letter_for_Embassy_of_Thailand.docx
[09/09/2013 - 12:22:56 | SH | 16281]     F:\August_2013.xlsx
[21/05/2013 - 17:04:14 | SH | 278613]     F:\Comparison_of_Three_Commercially_Available_Dengue_NS1_Antigen.pdf
[09/09/2013 - 16:19:42 | SH | 26624]     F:\FORMAT_PERUNTUKKAN_DAN_PERBELANJAAN_2012-2013.xls
[17/09/2013 - 12:17:42 | SH | 788480]     F:\Log_Book_Pegawai_Sains_C41_&_C44.doc
[17/09/2013 - 16:19:12 | SH | 19101]     F:\lepto13091706_repeat.pdf
[23/09/2013 - 13:19:40 | SH | 314657]     F:\CSF_preservation.pdf
[26/07/2013 - 08:28:18 | SH | 106939]     F:\CPD_Log.pdf
[02/11/2013 - 20:00:08 | N | 1756]     F:\TOR.lnk
[27/09/2013 - 11:18:30 | SH | 137400]     F:\BB_Meeting_-_Mobile.pptx
[08/10/2013 - 10:45:32 | SH | 15716]     F:\Rubber_Stamp.docx
[08/10/2013 - 10:27:50 | SH | 11072]     F:\Sero_YoY.xlsx
[10/10/2013 - 12:24:42 | SH | 10434]     F:\Tracing_PDN_Results_for_BATU_PAHAT.xlsx
[04/10/2013 - 18:32:30 | SH | 1891840]     F:\REAGENT_ABIS_2.doc
[08/10/2013 - 11:48:56 | SH | 108544]     F:\SULIT_SEPT._13.doc
[08/10/2013 - 14:31:36 | SH | 13908]     F:\Attendance_-_Perkhidmatan_Patologi.docx
[08/10/2013 - 14:31:54 | SH | 13964]     F:\Attendance_-_HTC.docx
[11/10/2013 - 15:49:30 | SH | 50503]     F:\Visio-Dinner.pdf
[22/10/2013 - 16:07:14 | SH | 303685]     F:\ARCHITECT_CME.docx
[23/10/2013 - 08:10:56 | SH | 133223]     F:\Q13-01134_®-HBATU_PAHAT_ARC.pdf
[24/10/2013 - 11:57:34 | SH | 992660]     F:\OttercodeS_Soundboard_1_0_0_0.zip
[24/10/2013 - 12:18:46 | SHD ]     F:\OttercodeS_Soundboard_1_0_0_0
[24/10/2013 - 12:19:30 | SH | 52026]     F:\soundboard.zip
[25/10/2013 - 18:00:52 | SH | 46485]     F:\background1.pptx
[25/10/2013 - 17:18:08 | SH | 814290]     F:\TS102895255.potx
[25/10/2013 - 17:17:30 | SH | 357376]     F:\TS001090287.pot
[01/11/2013 - 08:39:04 | SH | 279893]     F:\MERS_CoV.docx
[01/11/2013 - 09:28:56 | SH | 2108740]     F:\MERS-CoV-J.pptx
[02/11/2013 - 20:00:00 | N | 1774]     F:\Applications.lnk
[02/11/2013 - 20:00:08 | N | 1760]     F:\PRINT.lnk
[01/11/2013 - 14:36:14 | SH | 2108740]     F:\MERS-CoV-J-patho-Ver.pptx
[02/11/2013 - 20:00:00 | N | 1736]     F:\intropage.htm.lnk
[02/11/2013 - 20:00:00 | N | 1772]     F:\autorun.inf.lnk
[02/11/2013 - 20:00:00 | N | 1768]     F:\Softwares.lnk
[02/11/2013 - 20:00:00 | N | 1730]     F:\._.Trashes.lnk
[02/11/2013 - 20:00:00 | N | 1722]     F:\79.zip.lnk
[02/11/2013 - 20:00:00 | N | 1766]     F:\.Trashes.lnk
[02/11/2013 - 20:00:00 | N | 1780]     F:\.Spotlight-V100.lnk
[02/11/2013 - 20:00:02 | N | 1770]     F:\.fseventsd.lnk
[02/11/2013 - 20:00:02 | N | 1762]     F:\update_on_virology0001.tif.lnk
[02/11/2013 - 20:00:02 | N | 1768]     F:\PHA-razip.lnk
[02/11/2013 - 20:00:02 | N | 1724]     F:\.apdisk.lnk
[02/11/2013 - 20:00:02 | N | 1744]     F:\Participants.xlsx.lnk
[02/11/2013 - 20:00:02 | N | 1766]     F:\BC_Sites.lnk
[02/11/2013 - 20:00:02 | N | 1754]     F:\winrecoveryconsole.iso.lnk
[02/11/2013 - 20:00:02 | N | 1762]     F:\The_Hemolyzed_Specimen.pdf.lnk
[02/11/2013 - 20:00:02 | N | 1760]     F:\KNote.lnk
[02/11/2013 - 20:00:02 | N | 1758]     F:\TEMp.lnk
[02/11/2013 - 20:00:02 | N | 1724]     F:\map.pdf.lnk
[02/11/2013 - 20:00:04 | N | 1786]     F:\TechTalk_Jan2004_What_is_Hemolysis.pdf.lnk
[02/11/2013 - 20:00:04 | N | 1732]     F:\Append.docx.lnk
[02/11/2013 - 20:00:04 | N | 1784]     F:\GelDoc_User_2011-01-18_13hr_08min.jpg.lnk
[02/11/2013 - 20:00:04 | N | 1770]     F:\KeyNote_NF.lnk
[02/11/2013 - 20:00:04 | N | 1784]     F:\Managing-Preanalytical-Variables1.pdf.lnk
[02/11/2013 - 20:00:04 | N | 1724]     F:\QA.docx.lnk
[02/11/2013 - 20:00:04 | N | 1726]     F:\RoA.xlsx.lnk
[02/11/2013 - 20:00:04 | N | 1808]     F:\NaF_--_an_ineffective_inhibitor_of_glycolysis.pdf.lnk
[02/11/2013 - 20:00:06 | N | 1826]     F:\Gmail_-_Fwd__FedEx_AWB_794901165596,_from_Brisbane,_AU.pdf.lnk
[02/11/2013 - 20:00:06 | N | 1766]     F:\Cleaning.lnk
[02/11/2013 - 20:00:06 | N | 1746]     F:\CLSI_M100_2012.pdf.lnk
[02/11/2013 - 20:00:06 | N | 1784]     F:\Arahan_Kerja_Edit.lnk
[02/11/2013 - 20:00:06 | N | 1744]     F:\Note_to_PKBP.docx.lnk
[02/11/2013 - 20:00:06 | N | 1744]     F:\Cycle_1_2013.docx.lnk
[02/11/2013 - 20:00:06 | N | 1766]     F:\Monthly_QC_-_Components.docx.lnk
[02/11/2013 - 20:00:06 | N | 1742]     F:\cme_microbe.pptx.lnk
[02/11/2013 - 20:00:06 | N | 1758]     F:\Pengurusan_Patologi.docx.lnk
[02/11/2013 - 20:00:06 | N | 1756]     F:\Namelist_Pathology.docx.lnk
[02/11/2013 - 20:00:06 | N | 1772]     F:\ETest_Reading_print_for_lab.pdf.lnk
[02/11/2013 - 20:00:06 | N | 1772]     F:\Blood_Culture_Contamination.pdf.lnk
[02/11/2013 - 20:00:08 | N | 1770]     F:\CME_beta-lac_Announcement.docx.lnk
[02/11/2013 - 20:00:08 | N | 1722]     F:\Q.docx.lnk
[02/11/2013 - 20:00:08 | N | 1742]     F:\JC_d_Prelims.doc.lnk
[02/11/2013 - 20:00:14 | RS | 1762]     F:\BACKUP.lnk
[22/11/2012 - 11:51:48 | SHD ]     F:\BACKUP
[02/11/2013 - 20:00:08 | N | 1842]     F:\Imipenem-Induced_Resistance_to_Antipseudomonal_f-Lactams_in_Pa.pdf.lnk
[02/11/2013 - 20:00:08 | N | 1724]     F:\swf.txt.lnk
[02/11/2013 - 20:00:08 | N | 1772]     F:\Whatchamacallit_lactamases.pptx.lnk
[02/11/2013 - 20:00:08 | N | 1758]     F:\Vids.lnk
[02/11/2013 - 20:00:08 | N | 1748]     F:\JC_d_edit_field.doc.lnk
[26/11/2012 - 22:11:50 | SH | 6765568]     F:\Julian_USM_mtsf.ppt
[02/11/2013 - 20:00:08 | N | 1810]     F:\Maklum_balas_laporan_audit_dari_HSA_6_jun_2013.doc.lnk
[02/11/2013 - 20:00:08 | N | 1928]     F:\Can_the_Etest_Correctly_Determine_the_MICs_of_Lactam_and_Cephalosporin_Antibiotics_for_BLNAR_H_influenzae.pdf.lnk
[02/11/2013 - 20:00:08 | N | 1866]     F:\Persistence_of_Humoral_Response_against_Sporozoite_and_Blood-Stage_Malaria.pdf.lnk
[02/11/2013 - 20:00:08 | N | 1770]     F:\Ammendments_to_the_Thesis.docx.lnk
[02/11/2013 - 20:00:08 | N | 1794]     F:\Letter_for_MSL_International_students.docx.lnk
[02/11/2013 - 20:00:10 | N | 1776]     F:\Letter_of_MSL_Local_students.docx.lnk
[02/11/2013 - 20:00:16 | RS | 1766]     F:\Transfer.lnk
[18/02/2013 - 20:33:42 | SH | 180584]     F:\Impregnable.ttf
[02/11/2013 - 20:00:02 | N | 1766]     F:\RECYCLER.lnk
[06/03/2013 - 08:20:38 | SHD ]     F:\Letter_Head_Baru
[02/11/2013 - 20:00:10 | N | 1780]     F:\Letter_for_Embassy_of_Thailand.docx.lnk
[02/11/2013 - 20:00:10 | N | 1742]     F:\August_2013.xlsx.lnk
[02/11/2013 - 20:00:10 | N | 1840]     F:\Comparison_of_Three_Commercially_Available_Dengue_NS1_Antigen.pdf.lnk
[02/11/2013 - 20:00:10 | N | 1808]     F:\FORMAT_PERUNTUKKAN_DAN_PERBELANJAAN_2012-2013.xls.lnk
[02/11/2013 - 20:00:10 | N | 1782]     F:\Log_Book_Pegawai_Sains_C41_&_C44.doc.lnk
[02/11/2013 - 20:00:10 | N | 1758]     F:\lepto13091706_repeat.pdf.lnk
[09/03/2013 - 10:48:54 | SH | 1420]     F:\BOOTEX.LOG
[27/07/2007 - 20:00:00 | SH | 14578]     F:\usbstor.inf
[02/11/2013 - 20:00:12 | N | 1750]     F:\CSF_preservation.pdf.lnk
[02/11/2013 - 20:00:12 | N | 1732]     F:\CPD_Log.pdf.lnk
[02/11/2013 - 20:00:12 | N | 1758]     F:\BB_Meeting_-_Mobile.pptx.lnk
[02/11/2013 - 20:00:12 | N | 1744]     F:\Rubber_Stamp.docx.lnk
[02/11/2013 - 20:00:12 | N | 1736]     F:\Sero_YoY.xlsx.lnk
[02/11/2013 - 20:00:12 | N | 1788]     F:\Tracing_PDN_Results_for_BATU_PAHAT.xlsx.lnk
[02/11/2013 - 20:00:12 | N | 1746]     F:\REAGENT_ABIS_2.doc.lnk
[02/11/2013 - 20:00:12 | N | 1746]     F:\SULIT_SEPT._13.doc.lnk
[02/11/2013 - 20:00:12 | N | 1788]     F:\Attendance_-_Perkhidmatan_Patologi.docx.lnk
[02/11/2013 - 20:00:12 | N | 1752]     F:\Attendance_-_HTC.docx.lnk
[02/11/2013 - 20:00:12 | N | 1742]     F:\Visio-Dinner.pdf.lnk
[02/11/2013 - 20:00:12 | N | 1746]     F:\ARCHITECT_CME.docx.lnk
[02/11/2013 - 20:00:12 | N | 1776]     F:\Q13-01134_®-HBATU_PAHAT_ARC.pdf.lnk
[02/11/2013 - 20:00:12 | N | 1776]     F:\OttercodeS_Soundboard_1_0_0_0.zip.lnk
[02/11/2013 - 20:00:12 | N | 1808]     F:\OttercodeS_Soundboard_1_0_0_0.lnk
[02/11/2013 - 20:00:14 | N | 1738]     F:\soundboard.zip.lnk
[02/11/2013 - 20:00:14 | N | 1742]     F:\background1.pptx.lnk
[02/11/2013 - 20:00:14 | N | 1742]     F:\TS102895255.potx.lnk
[02/11/2013 - 20:00:14 | N | 1740]     F:\TS001090287.pot.lnk
[02/11/2013 - 20:00:14 | N | 1736]     F:\MERS_CoV.docx.lnk
[02/11/2013 - 20:00:14 | N | 1740]     F:\MERS-CoV-J.pptx.lnk
[02/11/2013 - 20:00:14 | N | 1760]     F:\MERS-CoV-J-patho-Ver.pptx.lnk
[02/11/2013 - 20:00:14 | N | 1748]     F:\Julian_USM_mtsf.ppt.lnk
[02/11/2013 - 20:00:14 | N | 1740]     F:\Impregnable.ttf.lnk
[02/11/2013 - 20:00:14 | N | 1782]     F:\Letter_Head_Baru.lnk
[02/11/2013 - 20:00:14 | N | 1730]     F:\BOOTEX.LOG.lnk
[02/11/2013 - 20:00:16 | N | 1732]     F:\usbstor.inf.lnk
[02/11/2013 - 20:00:16 | RS | 1756]     F:\MicrosoftFixit50471.msi.lnk
[02/11/2013 - 19:39:30 | SH | 141824]     F:\GwNbiuIBXLEtkeo.exe
[02/11/2013 - 19:37:48 | SH | 655360]     F:\MicrosoftFixit50471.msi
[02/11/2013 - 19:43:48 | SHD ]     F:\Transfer

################## | E.O.F |

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 31-10-2013
Ran by jemiah (administrator) on JEMIAH-AEROG on 03-11-2013 00:57:13
Running from C:\Users\jemiah\Desktop
Microsoft Windows 7 Professional  Service Pack 1 (X86) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) ===================

(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
() C:\ProgramData\DatacardService\HWDeviceService.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Huawei Technologies Co., Ltd.) C:\ProgramData\DatacardService\DCSHelper.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
() C:\Windows\System32\UMonit.exe
() C:\Program Files\OSD\OSD.exe
(Intel Corporation) C:\Windows\system32\igfxsrvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(ZTE) C:\Program Files\Connection Manager\Bin\mcserver.exe
(Huawei Technologies Co., Ltd.) C:\Users\jemiah\AppData\Roaming\Celcom Broadband Manager\ouc.exe
(Microsoft Corporation) C:\Windows\system32\cmd.exe
() C:\Program Files\Connection Manager\Bin\dbus-daemon.exe
() C:\Program Files\Connection Manager\Bin\db_daemon.exe
(Microsoft Corporation) C:\Windows\system32\mspaint.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [10828392 2011-08-27] (Realtek Semiconductor)
HKLM\...\Run: [IAStorIcon] - C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284440 2011-05-21] (Intel Corporation)
HKLM\...\Run: [HotKeysCmds] - C:\Windows\system32\hkcmd.exe [ ] ()
HKLM\...\Run: [UMonit] - C:\Windows\System32\UMonit.exe [36864 2009-12-23] ()
HKLM\...\Run: [FounderOSD] - C:\Program Files\OSD\OSD.exe [24576 2012-01-06] ()
HKLM\...\Run: [avast] - C:\Program Files\AVAST Software\Avast\AvastUI.exe [4858968 2013-05-09] (AVAST Software)
HKLM\...\Runonce: [] - [x]
HKCU\...\Run: [Screen Saver Pro 3.1] - C:\Users\jemiah\AppData\Roaming\ScreenSaverPro.scr [141824 2013-11-02] (Steganos GmbH )
HKCU\...\Run: [Nrctcg] - C:\Users\jemiah\AppData\Roaming\Microsoft\Nrctcg.exe [141824 2013-11-02] (Steganos GmbH )
HKCU\...\Run: [HW_OPENEYE_OUC_Celcom Broadband Manager] - C:\Program Files\Celcom Broadband Manager\UpdateDog\ouc.exe [110592 2009-07-27] (Huawei Technologies Co., Ltd.)
MountPoints2: {28374a28-7353-11e2-933b-001edef644e1} - F:\AutoRun.exe
MountPoints2: {29f15ffa-95d7-11e2-8e0d-001edef644e1} - F:\.\ShowModem.exe
MountPoints2: {9c0cb3ef-42ec-11e3-bc8a-001edef644e1} - F:\AutoRun.exe
MountPoints2: {c7053d6f-c43d-11e1-8dcf-001edef644e1} - F:\Install.exe

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://malaysia.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x7D6EA4D8DD95CE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-MY
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)

========================== Services (Whitelisted) =================

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [46808 2013-05-09] (AVAST Software)
R2 HWDeviceService.exe; C:\ProgramData\DatacardService\HWDeviceService.exe [271712 2011-03-14] ()

==================== Drivers (Whitelisted) ====================

R2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [29816 2013-05-09] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [66336 2013-05-09] (AVAST Software)
R1 aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys [61680 2013-05-09] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [49376 2013-05-09] ()
R1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [765736 2013-05-09] (AVAST Software)
R1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [368944 2013-05-09] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [174664 2013-05-09] ()
R3 DCamUSBNovatek; C:\Windows\System32\Drivers\nvtcam.sys [2704640 2010-09-07] (Novatek)
S3 ENTECH; C:\Windows\system32\DRIVERS\ENTECH.SYS [20400 1999-10-22] (EnTech Taiwan)
S3 massfilter; C:\Windows\System32\drivers\massfilter.sys [9216 2011-03-09] (MBB Incorporated)
S3 USTOR2K; C:\Windows\System32\DRIVERS\ustor2k.sys [29312 2009-03-09] ()
S1 aswTdi; No ImagePath
S1 MpKsl49d7b1cb; \??\C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{4D5A376F-C88B-4117-A296-830592CFF01E}\MpKsl49d7b1cb.sys [x]
S1 MpKsl7c80d482; \??\C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{4D5A376F-C88B-4117-A296-830592CFF01E}\MpKsl7c80d482.sys [x]
S1 MpKsl8ee410fc; \??\C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{4D5A376F-C88B-4117-A296-830592CFF01E}\MpKsl8ee410fc.sys [x]
S1 MpKsl94f0a201; \??\C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{4D5A376F-C88B-4117-A296-830592CFF01E}\MpKsl94f0a201.sys [x]
S1 MpKsla651afdc; \??\C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{4D5A376F-C88B-4117-A296-830592CFF01E}\MpKsla651afdc.sys [x]
S1 MpKsle0845eb1; \??\C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{4D5A376F-C88B-4117-A296-830592CFF01E}\MpKsle0845eb1.sys [x]
S3 USTORAGE; system32\DRIVERS\UStorage.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-11-03 00:57 - 2013-11-03 00:57 - 00000000 ____D C:\FRST
2013-11-03 00:55 - 2013-11-03 00:56 - 00015494 _____ C:\UsbFix [Listing 1 ] JEMIAH-AEROG.txt
2013-11-02 20:11 - 2013-11-02 20:11 - 00002062 _____ C:\Users\jemiah\Desktop\UsbFix Faire un Don.lnk
2013-11-02 19:59 - 2013-11-02 20:11 - 00012440 _____ C:\UsbFix [Scan 1] JEMIAH-AEROG.txt
2013-11-02 19:58 - 2013-11-03 00:56 - 00000000 ____D C:\UsbFix
2013-11-02 19:49 - 2013-11-02 19:39 - 00141824 ____N (Steganos GmbH ) C:\Users\jemiah\AppData\Roaming\ScreenSaverPro.scr
2013-11-02 19:47 - 2013-11-02 19:45 - 01089445 _____ (Farbar) C:\Users\jemiah\Desktop\FRST.exe
2013-11-02 19:47 - 2013-11-02 19:41 - 01177115 _____ (El Desaparecido - SosVirus.net - UsbFix.net) C:\Users\jemiah\Desktop\UsbFix.exe
2013-11-02 19:47 - 2013-11-02 19:37 - 00655360 _____ C:\Users\jemiah\Desktop\MicrosoftFixit50471.msi
2013-11-01 23:11 - 2013-11-01 23:11 - 00002077 _____ C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2013-11-01 23:11 - 2013-11-01 23:11 - 00000350 ____H C:\Windows\Tasks\avast! Emergency Update.job
2013-11-01 23:11 - 2013-11-01 23:11 - 00000000 ____D C:\Users\jemiah\AppData\Local\Google
2013-11-01 23:11 - 2013-11-01 23:11 - 00000000 ____D C:\Program Files\Google
2013-11-01 23:11 - 2013-05-09 16:59 - 00765736 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2013-11-01 23:11 - 2013-05-09 16:59 - 00368944 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2013-11-01 23:11 - 2013-05-09 16:59 - 00174664 _____ C:\Windows\system32\Drivers\aswVmm.sys
2013-11-01 23:11 - 2013-05-09 16:59 - 00066336 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2013-11-01 23:11 - 2013-05-09 16:59 - 00061680 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2013-11-01 23:11 - 2013-05-09 16:59 - 00049376 _____ C:\Windows\system32\Drivers\aswRvrt.sys
2013-11-01 23:11 - 2013-05-09 16:59 - 00029816 _____ (AVAST Software) C:\Windows\system32\Drivers\aswFsBlk.sys
2013-11-01 23:11 - 2013-05-09 16:58 - 00229648 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2013-11-01 23:10 - 2013-11-01 23:10 - 00000000 ____D C:\Program Files\AVAST Software
2013-11-01 23:10 - 2013-05-09 16:58 - 00041664 _____ (AVAST Software) C:\Windows\avastSS.scr
2013-11-01 23:09 - 2013-11-01 23:10 - 00000000 ____D C:\ProgramData\AVAST Software
2013-11-01 22:33 - 2013-11-01 22:33 - 00001069 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-11-01 22:33 - 2013-11-01 22:33 - 00000000 ____D C:\Users\jemiah\AppData\Roaming\Malwarebytes
2013-11-01 22:33 - 2013-11-01 22:33 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-11-01 22:33 - 2013-11-01 22:33 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-11-01 22:33 - 2013-04-04 14:50 - 00022856 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2013-11-01 22:19 - 2013-11-01 22:19 - 00000525 _____ C:\rkill.log
2013-11-01 20:12 - 2013-11-01 20:12 - 00000000 ____D C:\Users\jemiah\AppData\Roaming\Celcom Broadband Manager
2013-11-01 20:10 - 2013-11-01 20:10 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_ew_jubusenum_01007.Wdf
2013-11-01 20:10 - 2011-02-25 18:02 - 00090368 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\ew_jucdcacm.sys
2013-11-01 20:10 - 2011-01-30 18:19 - 00181760 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\ew_juwwanecm.sys
2013-11-01 20:10 - 2011-01-30 18:19 - 00073216 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\ew_jubusenum.sys
2013-11-01 20:10 - 2011-01-30 18:19 - 00064384 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\ew_jucdcecm.sys
2013-11-01 20:10 - 2011-01-30 18:19 - 00026624 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\ew_juextctrl.sys
2013-11-01 20:10 - 2010-12-24 11:48 - 00193792 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\ewusbmdm.sys
2013-11-01 20:10 - 2010-12-23 09:46 - 00353280 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\ewusbwwan.sys
2013-11-01 20:10 - 2010-10-08 16:55 - 00025856 _____ (Huawei Tech. Co., Ltd.) C:\Windows\system32\Drivers\ewdcsc.sys
2013-11-01 20:10 - 2010-09-26 18:09 - 00019200 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\ew_hwupgrade.sys
2013-11-01 20:10 - 2010-08-06 07:42 - 00861696 _____ (DiBcom SA) C:\Windows\system32\Drivers\mod7700.sys
2013-11-01 20:10 - 2010-07-27 09:52 - 00102784 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\ew_hwusbdev.sys
2013-11-01 20:10 - 2010-03-20 12:06 - 00011136 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\ew_usbenumfilter.sys
2013-11-01 20:10 - 2008-03-27 16:49 - 01112288 _____ (Microsoft Corporation) C:\Windows\system32\WdfCoInstaller01007.dll
2013-11-01 20:10 - 2008-03-27 16:49 - 01112288 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdfCoInstaller01007.dll
2013-11-01 20:09 - 2013-11-01 20:11 - 00000000 ____D C:\Program Files\Celcom Broadband Manager
2013-11-01 20:04 - 2013-11-01 20:11 - 00000000 ____D C:\ProgramData\DatacardService
2013-10-27 12:43 - 2013-10-27 12:27 - 00001844 _____ C:\Users\jemiah\Desktop\Atherosclerosis_(Understanding_Disease_Cardiovascular_Medicine).mp4.lnk
2013-10-27 12:37 - 2013-10-27 23:08 - 09324032 _____ C:\Users\jemiah\Desktop\UTHM.ppt
2013-10-27 12:35 - 2013-10-27 12:35 - 09452544 _____ C:\Users\jemiah\Desktop\UTHM_jc.ppt
2013-10-27 12:26 - 2013-09-29 00:47 - 00893440 _____ C:\Users\jemiah\Documents\IKMAL's PRESENTATION (PLASTIK).ppt
2013-10-27 12:26 - 2013-09-28 23:58 - 01024512 _____ C:\Users\jemiah\Documents\IKMAL's PRESENTATION (AIR MINERAL).ppt
2013-10-26 20:38 - 2013-10-31 19:20 - 00000000 ___RD C:\Users\jemiah\Desktop\my briefcase
2013-10-26 20:37 - 2013-10-26 20:37 - 00000097 _____ C:\Users\jemiah\Documents\diary notes.sb
2013-10-08 13:54 - 2013-11-02 19:39 - 00141824 _____ (Steganos GmbH ) C:\Users\jemiah\AppData\Roaming\temp.bin

==================== One Month Modified Files and Folders =======

2013-11-03 00:57 - 2013-11-03 00:57 - 00000000 ____D C:\FRST
2013-11-03 00:56 - 2013-11-03 00:55 - 00015494 _____ C:\UsbFix [Listing 1 ] JEMIAH-AEROG.txt
2013-11-03 00:56 - 2013-11-02 19:58 - 00000000 ____D C:\UsbFix
2013-11-02 20:11 - 2013-11-02 20:11 - 00002062 _____ C:\Users\jemiah\Desktop\UsbFix Faire un Don.lnk
2013-11-02 20:11 - 2013-11-02 19:59 - 00012440 _____ C:\UsbFix [Scan 1] JEMIAH-AEROG.txt
2013-11-02 20:03 - 2009-07-14 12:34 - 00010448 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-11-02 20:03 - 2009-07-14 12:34 - 00010448 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-11-02 20:00 - 2011-12-24 02:44 - 00871154 _____ C:\Windows\system32\PerfStringBackup.INI
2013-11-02 19:59 - 2011-12-24 02:34 - 02048887 _____ C:\Windows\WindowsUpdate.log
2013-11-02 19:54 - 2009-07-14 12:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-11-02 19:54 - 2009-07-14 12:39 - 00056540 _____ C:\Windows\setupact.log
2013-11-02 19:49 - 2009-07-14 10:37 - 00000000 ____D C:\Windows\tracing
2013-11-02 19:45 - 2013-11-02 19:47 - 01089445 _____ (Farbar) C:\Users\jemiah\Desktop\FRST.exe
2013-11-02 19:41 - 2013-11-02 19:47 - 01177115 _____ (El Desaparecido - SosVirus.net - UsbFix.net) C:\Users\jemiah\Desktop\UsbFix.exe
2013-11-02 19:39 - 2013-11-02 19:49 - 00141824 ____N (Steganos GmbH ) C:\Users\jemiah\AppData\Roaming\ScreenSaverPro.scr
2013-11-02 19:39 - 2013-10-08 13:54 - 00141824 _____ (Steganos GmbH ) C:\Users\jemiah\AppData\Roaming\temp.bin
2013-11-02 19:37 - 2013-11-02 19:47 - 00655360 _____ C:\Users\jemiah\Desktop\MicrosoftFixit50471.msi
2013-11-01 23:11 - 2013-11-01 23:11 - 00002077 _____ C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2013-11-01 23:11 - 2013-11-01 23:11 - 00000350 ____H C:\Windows\Tasks\avast! Emergency Update.job
2013-11-01 23:11 - 2013-11-01 23:11 - 00000000 ____D C:\Users\jemiah\AppData\Local\Google
2013-11-01 23:11 - 2013-11-01 23:11 - 00000000 ____D C:\Program Files\Google
2013-11-01 23:11 - 2009-07-14 10:04 - 00002577 _____ C:\Windows\system32\config.nt
2013-11-01 23:10 - 2013-11-01 23:10 - 00000000 ____D C:\Program Files\AVAST Software
2013-11-01 23:10 - 2013-11-01 23:09 - 00000000 ____D C:\ProgramData\AVAST Software
2013-11-01 22:33 - 2013-11-01 22:33 - 00001069 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-11-01 22:33 - 2013-11-01 22:33 - 00000000 ____D C:\Users\jemiah\AppData\Roaming\Malwarebytes
2013-11-01 22:33 - 2013-11-01 22:33 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-11-01 22:33 - 2013-11-01 22:33 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-11-01 22:19 - 2013-11-01 22:19 - 00000525 _____ C:\rkill.log
2013-11-01 20:12 - 2013-11-01 20:12 - 00000000 ____D C:\Users\jemiah\AppData\Roaming\Celcom Broadband Manager
2013-11-01 20:11 - 2013-11-01 20:09 - 00000000 ____D C:\Program Files\Celcom Broadband Manager
2013-11-01 20:11 - 2013-11-01 20:04 - 00000000 ____D C:\ProgramData\DatacardService
2013-11-01 20:10 - 2013-11-01 20:10 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_ew_jubusenum_01007.Wdf
2013-11-01 20:03 - 2012-07-02 20:04 - 00000000 ____D C:\Windows\system32\SupportAppXL
2013-11-01 20:03 - 2011-12-24 05:53 - 00000000 ___HD C:\Program Files\InstallShield Installation Information
2013-10-31 19:20 - 2013-10-26 20:38 - 00000000 ___RD C:\Users\jemiah\Desktop\my briefcase
2013-10-27 23:08 - 2013-10-27 12:37 - 09324032 _____ C:\Users\jemiah\Desktop\UTHM.ppt
2013-10-27 21:11 - 2009-07-14 10:37 - 00000000 ____D C:\Windows\system32\NDF
2013-10-27 12:35 - 2013-10-27 12:35 - 09452544 _____ C:\Users\jemiah\Desktop\UTHM_jc.ppt
2013-10-27 12:27 - 2013-10-27 12:43 - 00001844 _____ C:\Users\jemiah\Desktop\Atherosclerosis_(Understanding_Disease_Cardiovascular_Medicine).mp4.lnk
2013-10-26 20:37 - 2013-10-26 20:37 - 00000097 _____ C:\Users\jemiah\Documents\diary notes.sb
2013-10-26 20:30 - 2012-05-14 20:56 - 00000000 ____D C:\Users\jemiah\AppData\Local\VirtualStore
2013-10-18 22:55 - 2009-07-14 10:37 - 00000000 ____D C:\Windows\system32\LogFiles
2013-10-18 22:42 - 2013-08-13 19:39 - 00000000 ____D C:\Users\jemiah\AppData\Local\Windows Live
2013-10-18 22:24 - 2013-04-03 20:04 - 00034964 _____ C:\Users\jemiah\Documents\my movie.wlmp
2013-10-18 13:16 - 2009-07-14 10:37 - 00000000 ____D C:\Windows\rescache

Some content of TEMP:
====================
C:\Users\jemiah\AppData\Local\Temp\ntdll_dump.dll
C:\Users\jemiah\AppData\Local\Temp\SmallBasicLibrary.dll


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-10-27 18:18

==================== End Of Log ============================


Additional scan result of Farbar Recovery Scan Tool (x86) Version: 31-10-2013
Ran by jemiah at 2013-11-03 00:58:39
Running from C:\Users\jemiah\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: avast! Antivirus (Disabled - Up to date) {2B2D1395-420B-D5C9-657E-930FE358FC3C}
AS: avast! Antivirus (Disabled - Up to date) {904CF271-6431-DA47-5FCE-A87D98DFB681}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

Adobe Flash Player 11 ActiveX (Version: 11.1.102.55)
avast! Free Antivirus (Version: 8.0.1489.0)
Celcom Broadband Manager (Version: 15.001.05.12.91)
Computer Basics (Version: 1.0.0)
Computer Security and Privacy (Version: 1.0.0)
Connection Manager (Version: 1.00.0000)
Create Templates and Tutorials
crse0029SKA (Version: 1.0.0)
Crystal Reports for Visual Studio (Version: 12.51.0.240)
D3DX10 (Version: 15.4.2368.0902)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Digital Lifestyles (Version: 1.0.0)
Dotfuscator Software Services - Community Edition (Version: 5.0.2300.0)
Genesys USB Mass Storage Device (Version: 3.0.3.1)
Intel® Control Center (Version: 1.2.1.1007)
Intel® Graphics Media Accelerator Driver (Version: 8.14.10.2230)
Intel® Rapid Storage Technology (Version: 10.6.0.1002)
Junk Mail filter update (Version: 15.4.3502.0922)
Learning Essentials for Microsoft Office (Version: 2.0)
Malwarebytes Anti-Malware version 1.75.0.1300 (Version: 1.75.0.1300)
Mesh Runtime (Version: 15.4.5722.2)
Messenger Companion (Version: 15.4.3502.0922)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft .NET Framework 4 Multi-Targeting Pack (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft ASP.NET MVC 2 - Visual Studio 2010 Tools (Version: 2.0.50217.0)
Microsoft ASP.NET MVC 2 (Version: 2.0.50217.0)
Microsoft Help Viewer 1.0 (Version: 1.0.30319)
Microsoft Mathematics (Version: 4.0)
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Access Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Excel MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Home and Student 2010 (Version: 14.0.6029.1000)
Microsoft Office OneNote MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Outlook MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office PowerPoint MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (French) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (Spanish) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proofing (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Publisher MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Single Image 2010 (Version: 14.0.6029.1000)
Microsoft Office Word MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Silverlight (Version: 5.1.20513.0)
Microsoft Silverlight 3 SDK (Version: 3.0.40818.0)
Microsoft Small Basic v0.9 (Version: 0.9.0.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft SQL Server 2008
Microsoft SQL Server 2008 Browser (Version: 10.1.2531.0)
Microsoft SQL Server 2008 Common Files (Version: 10.0.1600.22)
Microsoft SQL Server 2008 Common Files (Version: 10.1.2531.0)
Microsoft SQL Server 2008 Database Engine Services (Version: 10.1.2531.0)
Microsoft SQL Server 2008 Database Engine Shared (Version: 10.1.2531.0)
Microsoft SQL Server 2008 Native Client (Version: 10.1.2531.0)
Microsoft SQL Server 2008 R2 Data-Tier Application Framework (Version: 10.50.1447.4)
Microsoft SQL Server 2008 R2 Data-Tier Application Project (Version: 10.50.1447.4)
Microsoft SQL Server 2008 R2 Management Objects (Version: 10.50.1447.4)
Microsoft SQL Server 2008 R2 Transact-SQL Language Service (Version: 10.50.1447.4)
Microsoft SQL Server 2008 RsFx Driver (Version: 10.1.2531.0)
Microsoft SQL Server 2008 Setup Support Files  (Version: 10.1.2731.0)
Microsoft SQL Server Compact 3.5 Design Tools ENU (Version: 3.5.5386.0)
Microsoft SQL Server Compact 3.5 SP2 ENU (Version: 3.5.8080.0)
Microsoft SQL Server Database Publishing Wizard 1.4 (Version: 10.1.2512.8)
Microsoft SQL Server System CLR Types (Version: 10.50.1447.4)
Microsoft SQL Server VSS Writer (Version: 10.1.2531.0)
Microsoft Sync Framework Runtime v1.0 SP1 (x86) (Version: 1.0.3010.0)
Microsoft Sync Framework SDK v1.0 SP1 (Version: 1.0.3010.0)
Microsoft Sync Framework Services v1.0 SP1 (x86) (Version: 1.0.3010.0)
Microsoft Sync Services for ADO.NET v2.0 SP1 (x86) (Version: 2.0.3010.0)
Microsoft Team Foundation Server 2010 Object Model - ENU (Version: 10.0.30319)
Microsoft Visual Basic 2008 Express Edition - ENU
Microsoft Visual Basic 2008 Express Edition - ENU (Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974 (Version: 9.0.30729.4974)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual C++ 2010  x86 Runtime - 10.0.30319 (Version: 10.0.30319)
Microsoft Visual F# 2.0 Runtime (Version: 10.0.30319)
Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools (Version: 10.0.30319)
Microsoft Visual Studio 2010 Office Developer Tools (x86) (Version: 10.0.30319)
Microsoft Visual Studio 2010 Professional - ENU (Version: 10.0.30319)
Microsoft Visual Studio 2010 SharePoint Developer Tools (Version: 10.0.30319)
Microsoft Visual Studio 2010 Tools for Office Runtime (x86) (Version: 10.0.40303)
Microsoft Visual Studio 2010 Tools for Office Runtime (x86) (Version: 10.0.40308)
Microsoft Visual Studio Macro Tools (Version: 9.0.30729)
Microsoft Windows SDK for Visual Studio 2008 Express Tools for .NET Framework (Version: 3.5.21022)
Microsoft Windows SDK for Visual Studio 2008 Express Tools for Win32 (Version: 6.1.5288.17011)
MSVCRT (Version: 15.4.2862.0708)
OSD (Version: 1.00.0000)
Productivity Programs (Version: 1.0.0)
Ralink RT2860 Wireless LAN Card (Version: 1.5.12.0)
Realtek Ethernet Controller Driver (Version: 7.48.823.2011)
Realtek High Definition Audio Driver (Version: 6.0.1.6449)
Service Pack 1 for SQL Server 2008 (KB968369) (Version: 10.1.2531.0)
Sql Server Customer Experience Improvement Program (Version: 10.1.2531.0)
The Internet and the World Wide Web (Version: 1.0.0)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2836939) (Version: 1)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553378) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition
Update for Microsoft Office 2010 (KB2687503) 32-Bit Edition
Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition
Update for Microsoft Office 2010 (KB2767886) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2597090) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
Update for Microsoft PowerPoint 2010 (KB2598240) 32-Bit Edition
UsbFix By El Desaparecido
VC Runtimes MSI (Version: 9.0.21022)
Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU (Version: 4.0.8080.0)
Web Deployment Tool (Version: 1.1.0618)
Windows Live Communications Platform (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3502.0922)
Windows Live Family Safety (Version: 15.4.3502.0922)
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0)
Windows Live Installer (Version: 15.4.3502.0922)
Windows Live Mail (Version: 15.4.3502.0922)
Windows Live Mesh (Version: 15.4.3502.0922)
Windows Live Mesh ActiveX Control for Remote Connections (Version: 15.4.5722.2)
Windows Live Messenger (Version: 15.4.3502.0922)
Windows Live Messenger Companion Core (Version: 15.4.3502.0922)
Windows Live MIME IFilter (Version: 15.4.3502.0922)
Windows Live Movie Maker (Version: 15.4.3502.0922)
Windows Live Photo Common (Version: 15.4.3502.0922)
Windows Live Photo Gallery (Version: 15.4.3502.0922)
Windows Live PIMT Platform (Version: 15.4.3502.0922)
Windows Live Remote Client (Version: 15.4.5722.2)
Windows Live Remote Client Resources (Version: 15.4.5722.2)
Windows Live Remote Service (Version: 15.4.5722.2)
Windows Live Remote Service Resources (Version: 15.4.5722.2)
Windows Live SOXE (Version: 15.4.3502.0922)
Windows Live SOXE Definitions (Version: 15.4.3502.0922)
Windows Live UX Platform (Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (Version: 15.4.3502.0922)
Windows Live Writer (Version: 15.4.3502.0922)
Windows Live Writer Resources (Version: 15.4.3502.0922)

==================== Restore Points  =========================

01-11-2013 12:02:29 Removed Celcom Broadband
02-11-2013 11:51:19 Installed Microsoft Fix it 50471

==================== Hosts content: ==========================

2009-07-14 10:04 - 2009-06-11 05:39 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {955F6759-D2F3-49DA-BF38-92A96FFC6986} - System32\Tasks\Games\UpdateCheck_S-1-5-21-2540543814-3018642377-997122714-1005
Task: {B073FC64-44DE-44FE-9CA7-FE179899C054} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: C:\Windows\Tasks\avast! Emergency Update.job => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe

==================== Loaded Modules (whitelisted) =============

2011-12-07 07:44 - 2011-12-07 07:44 - 00049152 _____ () C:\Program Files\OSD\HOOK.dll
2012-01-06 14:56 - 2008-10-18 19:08 - 00180224 _____ () C:\Windows\System32\ustor.dll
2011-12-07 07:55 - 2011-12-07 07:55 - 00929792 _____ () C:\Program Files\OSD\pic.dll
2012-07-28 21:10 - 2011-05-06 11:03 - 00594944 _____ () C:\Program Files\Connection Manager\Bin\dbus-1.dll
2012-07-28 21:10 - 2011-05-10 08:44 - 00094720 _____ () C:\Program Files\Connection Manager\Bin\itapi.dll
2012-07-28 21:10 - 2011-05-10 08:44 - 00026112 _____ () C:\Program Files\Connection Manager\Bin\log.dll
2012-07-28 21:10 - 2010-10-14 17:37 - 00971776 _____ () C:\Program Files\Connection Manager\Bin\libxml2.dll
2012-07-28 21:10 - 2010-10-14 17:37 - 00080688 _____ () C:\Program Files\Connection Manager\Bin\zlib1.dll
2012-07-28 21:10 - 2011-05-10 08:44 - 00054784 _____ () C:\Program Files\Connection Manager\Bin\coder.dll
2012-07-28 21:10 - 2011-05-10 08:44 - 00043008 _____ () C:\Program Files\Connection Manager\Bin\audio.dll
2012-07-28 21:10 - 2011-05-10 08:44 - 00034816 _____ () C:\Program Files\Connection Manager\Bin\libConfig.dll
2012-07-28 21:10 - 2011-05-10 15:46 - 00020992 _____ () C:\Program Files\Connection Manager\Bin\libctlsvr.dll
2012-07-28 21:10 - 2007-09-09 23:07 - 00151552 _____ () C:\Program Files\Connection Manager\Bin\libexpat.dll
2012-07-28 21:10 - 2011-05-06 11:02 - 00341504 _____ () C:\Program Files\Connection Manager\Bin\sqlite3.dll

==================== Safe Mode (whitelisted) ===================


==================== Faulty Device Manager Devices =============

Name: MpKsl94f0a201
Description: MpKsl94f0a201
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: MpKsl94f0a201
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: MpKsl7c80d482
Description: MpKsl7c80d482
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: MpKsl7c80d482
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: MpKsl49d7b1cb
Description: MpKsl49d7b1cb
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: MpKsl49d7b1cb
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: MpKsla651afdc
Description: MpKsla651afdc
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: MpKsla651afdc
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: MpKsle0845eb1
Description: MpKsle0845eb1
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: MpKsle0845eb1
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: MpKsl8ee410fc
Description: MpKsl8ee410fc
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: MpKsl8ee410fc
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.


==================== Event log errors: =========================

Application errors:
==================
Error: (11/01/2013 11:10:20 PM) (Source: System Restore) (User: )
Description: Failed to create restore point (Process = C:\Users\jemiah\AppData\Local\Temp\_av_sfx.tm~22634034-778a-48f9-b1b3-df8338881db0\avast.setup /sfx /sfxstorage "C:\Users\jemiah\AppData\Local\Temp\_av_sfx.tm~22634034-778a-48f9-b1b3-df8338881db0" /GetEdition:free /edition "1" /brandcode "A"  /srcpath "D:\transfer" /sfxname "avast_free_antivirus_setup"; Description = avast! Free Antivirus Setup; Error = 0x8007043c).

Error: (11/01/2013 08:02:28 PM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.


Operation:
   Gathering Writer Data

Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {c6e0e6e1-ed40-47e5-a8a3-58306162c87c}

Error: (10/27/2013 06:20:57 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Dependent Assembly Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (10/27/2013 00:45:27 PM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.


Operation:
   Gathering Writer Data

Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {fded77dc-5ecf-4d22-b354-bdb39e6a8cc2}

Error: (10/18/2013 01:12:10 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Dependent Assembly Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (10/08/2013 02:08:04 PM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.


Operation:
   Gathering Writer Data

Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {976b1918-be9a-49e1-9ee1-4420e2f31b2c}

Error: (09/28/2013 10:30:25 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Dependent Assembly Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (09/27/2013 09:36:21 AM) (Source: Office Software Protection Platform Service) (User: )
Description: Acquisition of Rights Account Certificate failed. hr=0x80072EE7

Error: (09/27/2013 09:36:21 AM) (Source: Office Software Protection Platform Service) (User: )
Description: License acquisition failure details.
hr=0x80072EE7

Error: (09/27/2013 09:36:07 AM) (Source: Office Software Protection Platform Service) (User: )
Description: Acquisition of Rights Account Certificate failed. hr=0x80072EE7


System errors:
=============
Error: (11/02/2013 07:59:34 PM) (Source: Disk) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR2.

Error: (11/02/2013 07:59:34 PM) (Source: Disk) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR2.

Error: (11/02/2013 07:59:32 PM) (Source: Disk) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR2.

Error: (11/02/2013 07:54:30 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
aswTdi
cdrom

Error: (11/02/2013 07:49:03 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
aswTdi
cdrom

Error: (11/02/2013 07:46:36 PM) (Source: Service Control Manager) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068

Error: (11/02/2013 07:46:36 PM) (Source: Service Control Manager) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068

Error: (11/02/2013 07:46:36 PM) (Source: Service Control Manager) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068

Error: (11/02/2013 07:46:36 PM) (Source: Service Control Manager) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068

Error: (11/02/2013 07:46:36 PM) (Source: Service Control Manager) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068


Microsoft Office Sessions:
=========================
Error: (11/01/2013 11:10:20 PM) (Source: System Restore)(User: )
Description: C:\Users\jemiah\AppData\Local\Temp\_av_sfx.tm~22634034-778a-48f9-b1b3-df8338881db0\avast.setup /sfx /sfxstorage "C:\Users\jemiah\AppData\Local\Temp\_av_sfx.tm~22634034-778a-48f9-b1b3-df8338881db0" /GetEdition:free /edition "1" /brandcode "A"  /srcpath "D:\transfer" /sfxname "avast_free_antivirus_setup"avast! Free Antivirus Setup0x8007043c

Error: (11/01/2013 08:02:28 PM) (Source: VSS)(User: )
Description: 0x80070005, Access is denied.


Operation:
   Gathering Writer Data

Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {c6e0e6e1-ed40-47e5-a8a3-58306162c87c}

Error: (10/27/2013 06:20:57 PM) (Source: SideBySide)(User: )
Description: Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"C:\Program Files\Microsoft Visual Studio 10.0\Common7\IDE\Remote Debugger\x64\msvsmon.exe

Error: (10/27/2013 00:45:27 PM) (Source: VSS)(User: )
Description: 0x80070005, Access is denied.


Operation:
   Gathering Writer Data

Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {fded77dc-5ecf-4d22-b354-bdb39e6a8cc2}

Error: (10/18/2013 01:12:10 PM) (Source: SideBySide)(User: )
Description: Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"C:\Program Files\Microsoft Visual Studio 10.0\Common7\IDE\Remote Debugger\x64\msvsmon.exe

Error: (10/08/2013 02:08:04 PM) (Source: VSS)(User: )
Description: 0x80070005, Access is denied.


Operation:
   Gathering Writer Data

Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {976b1918-be9a-49e1-9ee1-4420e2f31b2c}

Error: (09/28/2013 10:30:25 PM) (Source: SideBySide)(User: )
Description: Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"C:\Program Files\Microsoft Visual Studio 10.0\Common7\IDE\Remote Debugger\x64\msvsmon.exe

Error: (09/27/2013 09:36:21 AM) (Source: Office Software Protection Platform Service)(User: )
Description: hr=0x80072EE75dbe2163-3fa9-464c-b8b7-caadde61e4ff

Error: (09/27/2013 09:36:21 AM) (Source: Office Software Protection Platform Service)(User: )
Description: hr=0x80072EE700010001(0x00000000, 09:36:20:986 - http://go.microsoft.com/fwlink/?LinkID=120750)
00020001(0x00000000, 09:36:20:986)
00030001(0x00000000, 09:36:20:987 - http://go.microsoft.com)
00030002(0x00000000, 09:36:20:987 - 0)
00040001(0x00000000, 09:36:20:987 - http://go.microsoft.com)
00040002(0x00000000, 09:36:21:012 - 1, <NULL>, <NULL>, <NULL>)
00040004(0x80072F94, 09:36:21:038 - <NULL>)
00040006(0x00000000, 09:36:21:038 - 1, http://go.microsoft.com, <NULL>, <local>)
00020005(0x00000000, 09:36:21:038 - 0)
00020007(0x80072EE7, 09:36:21:040)
00010002(0x80072EE7, 09:36:21:040 - <NULL>)
00010003(0x80072EE7, 09:36:21:040)

Error: (09/27/2013 09:36:07 AM) (Source: Office Software Protection Platform Service)(User: )
Description: hr=0x80072EE75dbe2163-3fa9-464c-b8b7-caadde61e4ff


==================== Memory info ===========================

Percentage of memory in use: 81%
Total physical RAM: 1012.25 MB
Available physical RAM: 187.79 MB
Total Pagefile: 2036.25 MB
Available Pagefile: 963.59 MB
Total Virtual: 2047.88 MB
Available Virtual: 1908.03 MB

==================== Drives ================================

Drive c: (os) (Fixed) (Total:58.59 GB) (Free:22.52 GB) NTFS
Drive d: (PROGRAM) (Fixed) (Total:40.04 GB) (Free:34.26 GB) NTFS
Drive e: (data) (Fixed) (Total:40.65 GB) (Free:40.29 GB) NTFS
Drive f: (SANDBOX) (Removable) (Total:3.73 GB) (Free:0.63 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 149 GB) (Disk ID: C03AF4BE)
Partition 1: (Active) - (Size=10 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=59 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=40 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=41 GB) - (Type=OF Extended)

========================================================
Disk: 1 (Size: 4 GB) (Disk ID: 2813EE5A)
Partition 1: (Not Active) - (Size=4 GB) - (Type=0C)

==================== End Of Log ============================
 


Edited by Dreamchaser_jc, 02 November 2013 - 12:27 PM.


#4 Aaflac

Aaflac

    Doin' Dis 'n Dat...


  • Malware Response Team
  • 2,307 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:USA
  • Local time:02:04 PM

Posted 02 November 2013 - 08:01 PM

Please run CKScanner, and post its result in your reply:

 

CKScanner download:

http://downloads.malwareremoval.com/CKScanner.exe

Important: - Save it to the Desktop

Double-click CKScanner.exe, then, click: Search For Files

 
When a list appears, click: Save List To File

A message box verifies the file saved.

 

Double-click the CKFiles.txt on your Desktop, and provide its contents in your reply.


Old duck...


#5 Dreamchaser_jc

Dreamchaser_jc
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:is balmy
  • Local time:03:04 AM

Posted 02 November 2013 - 08:45 PM

Here's what I got

 

CKScanner 2.4 - Additional Security Risks - These are not necessarily bad

scanner sequence 3.MN.11.NHAPJZ

 -----EOF-----



#6 Aaflac

Aaflac

    Doin' Dis 'n Dat...


  • Malware Response Team
  • 2,307 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:USA
  • Local time:02:04 PM

Posted 02 November 2013 - 09:23 PM

:step1:  Please press the Windows Key and the R key at the same time for the Run prompt to appear.

In the Run prompt, type the following in the Open area, and press Enter: cmd

 

When the Command Prompt opens, copy/paste (with the mouse) the following, and press: Enter

attrib -h -s -r -a /s /d F:\*.*

(The drive letter F should be the same if you left the drive in the same USB port)

 

:step2:  Now, please run USBFix once again

 

Press: Deletion

 

When done, the program closes on its own, and a report appears.

The report file is also found at C:\UsbFix.txt

>> Please post the UsbFix.txt (Deletion) report in your reply.

 

Note: As before, if your AntiVirus program detects USB as malware, either let the AV program allow USBFix to run, or, temporarily disable your AntiVirus program.

 

Check the USB drive and see if the shortcuts are gone.


 


Edited by Aaflac, 02 November 2013 - 09:26 PM.

Old duck...


#7 Dreamchaser_jc

Dreamchaser_jc
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:is balmy
  • Local time:03:04 AM

Posted 02 November 2013 - 10:16 PM

Here you go:

 

############################## | UsbFix V 7.148 | [Deletion]

User: jemiah (Administrator) # JEMIAH-AEROG
Updated 01/11/2013 by El Desaparecido - Team SosVirus
Started at 11:03:15 | 03/11/2013

Website: http://www.usbfix.net/
Forum : http://www.sosvirus.net/
Upload Malware: http://www.sosvirus.net/upload_malware.php
Contact: http://www.usbfix.net/contact/

PC: AeroGATE (H-S30N)
CPU: Intel® Atom™ CPU N455   @ 1.66GHz
RAM -> [Total : 1012 | Free : 444]
Bios: American Megatrends Inc.
Boot: Fail-safe boot

OS: Microsoft Windows 7 Professional  (6.1.7601 32-Bit) Service Pack 1
WB: Windows Internet Explorer : 10.0.9200.16660

SC: Security Center Service [Enabled]
WU: Windows Update Service [Enabled]
AV: avast! Antivirus [Enabled | Updated]
AS: Windows Defender : 6.1.7600.16385 (win7_rtm.090713-1255)
AS: Malwarebytes' Anti-Malware : 1.75.0001
FW: Windows FireWall Service [(!) Disabled]

C:\ (%systemdrive%) -> Fixed drive # 59 Gb (22 Mb free - 38%) [os] # NTFS
D:\ -> Fixed drive # 40 Gb (34 Mb free - 86%) [PROGRAM] # NTFS
E:\ -> Fixed drive # 41 Gb (40 Mb free - 99%) [data] # NTFS
F:\ -> Removable drive # 4 Gb (636 Mb free - 17%) [SANDBOX] # FAT32

################## | Reference of comparison MD5 |

Md5 : c1877f39f100c4f27c2e9d31f6eacb06 -> C:\Users\jemiah\AppData\Roaming\ScreenSaverPro.scr
Md5 : c1877f39f100c4f27c2e9d31f6eacb06 -> C:\Users\jemiah\AppData\Roaming\ScreenSaverPro.scr
Md5 : c1877f39f100c4f27c2e9d31f6eacb06 -> C:\Users\jemiah\AppData\Roaming\temp.bin
Md5 : c1877f39f100c4f27c2e9d31f6eacb06 -> F:\.Trashes\e8b2c69b.exe

################## | Stopped processes |

Stopped! C:\Windows\Explorer.EXE (ID: 1064 |ParentID: 1056)
Stopped! C:\Windows\system32\ctfmon.exe (ID: 1108 |ParentID: 1064)
Stopped! C:\Windows\system32\DllHost.exe (ID: 1360 |ParentID: 616)
Stopped! C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (ID: 1864 |ParentID: 1064)

################## | Regedit Run |

HKLM\SOFTWARE | Run : [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s
HKLM\SOFTWARE | Run : [IAStorIcon] - C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
HKLM\SOFTWARE | Run : [IgfxTray] - C:\Windows\system32\igfxtray.exe
HKLM\SOFTWARE | Run : [HotKeysCmds] - C:\Windows\system32\hkcmd.exe
HKLM\SOFTWARE | Run : [Persistence] - C:\Windows\system32\igfxpers.exe
HKLM\SOFTWARE | Run : [UMonit] - C:\Windows\system32\UMonit.exe
HKLM\SOFTWARE | Run : [FounderOSD] - C:\Program Files\OSD\OSD.exe
HKLM\SOFTWARE | Run : [avast] - "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
HKLM\SOFTWARE | RunOnce : [] -
HKU\S-1-5-19\SOFTWARE | Run : [Sidebar] - %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-20\SOFTWARE | Run : [Sidebar] - %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-21-2540543814-3018642377-997122714-1005\SOFTWARE | Run : [Sidebar] - C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
HKU\S-1-5-21-2540543814-3018642377-997122714-1005\SOFTWARE | Run : [Screen Saver Pro 3.1] - C:\Users\jemiah\AppData\Roaming\ScreenSaverPro.scr
HKU\S-1-5-21-2540543814-3018642377-997122714-1005\SOFTWARE | Run : [Nrctcg] - C:\Users\jemiah\AppData\Roaming\Microsoft\Nrctcg.exe
HKU\S-1-5-21-2540543814-3018642377-997122714-1005\SOFTWARE | Run : [HW_OPENEYE_OUC_Celcom Broadband Manager] - "C:\Program Files\Celcom Broadband Manager\UpdateDog\ouc.exe"
HKU\S-1-5-19\SOFTWARE | RunOnce : [mctadmin] - C:\Windows\System32\mctadmin.exe
HKU\S-1-5-20\SOFTWARE | RunOnce : [mctadmin] - C:\Windows\System32\mctadmin.exe
HKU\S-1-5-18\SOFTWARE | RunOnce : [SPReview] - "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601

################## | Generic Research |

Deleted ! C:\Users\jemiah\AppData\Roaming\Microsoft\Nrctcg.exe
Deleted ! F:\._.Trashes.lnk
Deleted ! F:\.apdisk.lnk
Deleted ! F:\.Trashes\e8b2c69b.exe
Deleted ! C:\Users\jemiah\AppData\Roaming\ScreenSaverPro.scr
Deleted ! C:\Users\jemiah\AppData\Roaming\temp.bin
Deleted ! F:\.Trashes\Desktop.ini
Deleted ! F:\Recycler\S-5-3-42-2819952290-8240758988-879315005-3665

(!) Temporary files deleted.

################## | Comparison MD5 |


################## | Registry |

Repaired ! HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowMyGames -> 1
Deleted ! HKU\S-1-5-21-2540543814-3018642377-997122714-1005\Software\Microsoft\Windows\CurrentVersion\Run|Nrctcg
Deleted ! HKU\S-1-5-21-2540543814-3018642377-997122714-1005\Software\Microsoft\Windows\CurrentVersion\Run|Screen Saver Pro 3.1
Deleted ! HKU\S-1-5-21-2540543814-3018642377-997122714-1005\Software\.\.\.\.\Mountpoints2\{28374a28-7353-11e2-933b-001edef644e1}
Deleted ! HKU\S-1-5-21-2540543814-3018642377-997122714-1005\Software\.\.\.\.\Mountpoints2\{9c0cb3ef-42ec-11e3-bc8a-001edef644e1}
Deleted ! HKU\S-1-5-21-2540543814-3018642377-997122714-1005\Software\.\.\.\.\Mountpoints2\{c7053d6f-c43d-11e1-8dcf-001edef644e1}

################## | Listing |

[14/05/2012 - 20:57:00 | SHD ]     C:\$Recycle.Bin
[11/06/2009 - 05:42:20 | N | 24]     C:\autoexec.bat
[11/06/2009 - 05:42:20 | N | 10]     C:\config.sys
[28/07/2012 - 21:10:56 | N | 5402]     C:\debug1214.txt
[24/12/2011 - 07:25:58 | D ]     C:\Digital Literacy
[14/07/2009 - 12:53:55 | SHD ]     C:\Documents and Settings
[02/02/2012 - 06:13:11 | D ]     C:\E-learning
[03/11/2013 - 00:57:04 | D ]     C:\FRST
[03/11/2013 - 10:46:25 | ASH | 796061696]     C:\hiberfil.sys
[24/12/2011 - 05:41:58 | D ]     C:\Intel
[06/01/2012 - 15:52:42 | N | 0]     C:\IO.SYS
[24/12/2011 - 02:28:46 | D ]     C:\LE20
[03/11/2013 - 01:01:56 | N | 72526]     C:\logsbc.txt
[02/02/2012 - 08:28:08 | D ]     C:\MSDN Learning Content
[06/01/2012 - 15:52:42 | N | 0]     C:\MSDOS.SYS
[02/02/2012 - 06:00:19 | D ]     C:\MSIS INSTALL GUIDE
[14/05/2012 - 21:07:07 | RHD ]     C:\MSOCache
[03/11/2013 - 10:46:29 | ASH | 1073741824]     C:\pagefile.sys
[14/07/2009 - 10:37:05 | D ]     C:\PerfLogs
[01/11/2013 - 23:11:48 | D ]     C:\Program Files
[01/11/2013 - 23:09:39 | HD ]     C:\ProgramData
[01/11/2013 - 22:19:34 | N | 525]     C:\rkill.log
[02/11/2013 - 19:51:55 | SHD ]     C:\System Volume Information
[03/11/2013 - 11:07:58 | D ]     C:\UsbFix
[03/11/2013 - 11:13:07 | A | 6216]     C:\UsbFix [Clean 1] JEMIAH-AEROG.txt
[03/11/2013 - 00:56:05 | N | 15494]     C:\UsbFix [Listing 1 ] JEMIAH-AEROG.txt
[02/11/2013 - 20:11:50 | N | 12440]     C:\UsbFix [Scan 1] JEMIAH-AEROG.txt
[14/05/2012 - 20:56:35 | RD ]     C:\Users
[03/11/2013 - 00:57:13 | D ]     C:\Windows
[14/05/2012 - 20:57:00 | D ]     D:\$RECYCLE.BIN
[31/10/2013 - 11:38:00 | D ]     D:\J
[27/09/2013 - 09:49:29 | D ]     D:\Jana2013
[15/05/2012 - 11:55:37 | D ]     D:\System Volume Information
[01/11/2013 - 23:44:44 | D ]     D:\transfer
[14/05/2012 - 20:57:00 | SHD ]     E:\$RECYCLE.BIN
[31/05/2006 - 08:59:26 | N | 4150]     E:\app.ico
[06/01/2012 - 14:51:05 | D ]     E:\Driver
[28/07/2012 - 23:25:56 | D ]     E:\Jalilah
[06/01/2012 - 00:21:41 | SHD ]     E:\System Volume Information
[17/10/2009 - 15:15:06 | D ]     F:\Applications
[15/02/2007 - 16:56:16 | N | 6977]     F:\intropage.htm
[30/12/2010 - 19:46:52 | SHD ]     F:\autorun.inf
[30/12/2010 - 19:47:36 | D ]     F:\Softwares
[04/09/2012 - 10:32:50 | N | 4096]     F:\._.Trashes
[23/04/2013 - 17:29:50 | N | 167353]     F:\79.zip
[04/09/2012 - 10:32:50 | SHD ]     F:\.Trashes
[04/09/2012 - 10:32:50 | SHD ]     F:\.Spotlight-V100
[31/12/2010 - 12:18:34 | SHD ]     F:\RECYCLER
[04/09/2012 - 10:32:50 | D ]     F:\.fseventsd
[23/05/2013 - 11:30:08 | N | 8946380]     F:\update_on_virology0001.tif
[04/09/2012 - 10:34:50 | D ]     F:\PHA-razip
[04/09/2012 - 10:41:16 | N | 293]     F:\.apdisk
[22/04/2013 - 16:04:52 | N | 13419]     F:\Participants.xlsx
[28/05/2013 - 11:51:58 | D ]     F:\SKT
[03/01/2011 - 14:58:34 | D ]     F:\BC_Sites
[03/01/2011 - 14:58:54 | N | 7716864]     F:\winrecoveryconsole.iso
[07/05/2013 - 11:00:06 | N | 453646]     F:\The_Hemolyzed_Specimen.pdf
[28/12/2010 - 15:44:06 | D ]     F:\KNote
[29/07/2013 - 05:04:12 | D ]     F:\TEMp
[25/09/2013 - 15:49:06 | N | 138765]     F:\map.pdf
[24/10/2013 - 14:42:28 | D ]     F:\SM
[07/05/2013 - 10:59:36 | N | 118708]     F:\TechTalk_Jan2004_What_is_Hemolysis.pdf
[31/07/2013 - 15:27:12 | N | 30720]     F:\Append.docx
[18/01/2011 - 13:09:10 | N | 104399]     F:\GelDoc_User_2011-01-18_13hr_08min.jpg
[19/01/2011 - 18:29:14 | D ]     F:\KeyNote_NF
[27/05/2013 - 10:05:30 | N | 1041893]     F:\Managing-Preanalytical-Variables1.pdf
[23/01/2011 - 12:20:14 | D ]     F:\HOST
[01/07/2013 - 10:11:46 | N | 1199990]     F:\QA.docx
[08/04/2013 - 17:03:44 | N | 11137]     F:\RoA.xlsx
[28/05/2013 - 18:31:52 | N | 154571]     F:\NaF_--_an_ineffective_inhibitor_of_glycolysis.pdf
[27/03/2013 - 14:20:30 | N | 51480]     F:\Gmail_-_Fwd__FedEx_AWB_794901165596,_from_Brisbane,_AU.pdf
[21/03/2011 - 21:28:30 | D ]     F:\Cleaning
[01/08/2013 - 12:19:00 | N | 2047609]     F:\CLSI_M100_2012.pdf
[05/08/2013 - 09:23:26 | D ]     F:\Arahan_Kerja_Edit
[27/06/2013 - 16:07:50 | N | 12295]     F:\Note_to_PKBP.docx
[21/08/2013 - 08:47:18 | N | 43093]     F:\Cycle_1_2013.docx
[28/06/2013 - 11:15:34 | N | 20546]     F:\Monthly_QC_-_Components.docx
[22/08/2013 - 14:25:22 | N | 347703]     F:\cme_microbe.pptx
[01/07/2013 - 12:06:04 | N | 279763]     F:\Pengurusan_Patologi.docx
[02/07/2013 - 09:53:24 | N | 14018]     F:\Namelist_Pathology.docx
[19/07/2013 - 11:54:28 | N | 4276016]     F:\ETest_Reading_print_for_lab.pdf
[05/08/2013 - 17:34:24 | N | 56741]     F:\Blood_Culture_Contamination.pdf
[11/01/2012 - 01:02:52 | D ]     F:\TOR
[21/08/2013 - 09:22:38 | N | 531968]     F:\CME_beta-lac_Announcement.docx
[19/07/2013 - 11:17:58 | N | 90112]     F:\Q.docx
[19/07/2013 - 08:34:40 | N | 1438404]     F:\Imipenem-Induced_Resistance_to_Antipseudomonal_f-Lactams_in_Pa.pdf
[02/09/2013 - 12:00:52 | N | 59904]     F:\JC_d_Prelims.doc
[19/07/2013 - 08:36:12 | N | 63]     F:\swf.txt
[22/08/2013 - 15:31:10 | N | 2608000]     F:\Whatchamacallit_lactamases.pptx
[02/04/2012 - 00:31:34 | D ]     F:\PRINT
[20/08/2013 - 00:33:48 | N | 2799104]     F:\Maklum_balas_laporan_audit_dari_HSA_6_jun_2013.doc
[07/04/2012 - 13:56:42 | D ]     F:\Vids
[19/07/2013 - 12:04:42 | N | 42223]     F:\Can_the_Etest_Correctly_Determine_the_MICs_of_Lactam_and_Cephalosporin_Antibiotics_for_BLNAR_H_influenzae.pdf
[22/07/2013 - 08:34:04 | N | 145040]     F:\Persistence_of_Humoral_Response_against_Sporozoite_and_Blood-Stage_Malaria.pdf
[02/09/2013 - 11:43:14 | N | 3694592]     F:\JC_d_edit_field.doc
[02/09/2013 - 15:56:58 | N | 18375]     F:\Ammendments_to_the_Thesis.docx
[03/09/2013 - 08:49:02 | N | 26151]     F:\Letter_for_MSL_International_students.docx
[03/09/2013 - 08:49:08 | N | 27726]     F:\Letter_of_MSL_Local_students.docx
[03/09/2013 - 08:48:50 | N | 25670]     F:\Letter_for_Embassy_of_Thailand.docx
[09/09/2013 - 12:22:56 | N | 16281]     F:\August_2013.xlsx
[21/05/2013 - 17:04:14 | N | 278613]     F:\Comparison_of_Three_Commercially_Available_Dengue_NS1_Antigen.pdf
[09/09/2013 - 16:19:42 | N | 26624]     F:\FORMAT_PERUNTUKKAN_DAN_PERBELANJAAN_2012-2013.xls
[17/09/2013 - 12:17:42 | N | 788480]     F:\Log_Book_Pegawai_Sains_C41_&_C44.doc
[17/09/2013 - 16:19:12 | N | 19101]     F:\lepto13091706_repeat.pdf
[23/09/2013 - 13:19:40 | N | 314657]     F:\CSF_preservation.pdf
[26/07/2013 - 08:28:18 | N | 106939]     F:\CPD_Log.pdf
[27/09/2013 - 11:18:30 | N | 137400]     F:\BB_Meeting_-_Mobile.pptx
[08/10/2013 - 10:45:32 | N | 15716]     F:\Rubber_Stamp.docx
[08/10/2013 - 10:27:50 | N | 11072]     F:\Sero_YoY.xlsx
[10/10/2013 - 12:24:42 | N | 10434]     F:\Tracing_PDN_Results_for_BATU_PAHAT.xlsx
[04/10/2013 - 18:32:30 | N | 1891840]     F:\REAGENT_ABIS_2.doc
[08/10/2013 - 11:48:56 | N | 108544]     F:\SULIT_SEPT._13.doc
[08/10/2013 - 14:31:36 | N | 13908]     F:\Attendance_-_Perkhidmatan_Patologi.docx
[08/10/2013 - 14:31:54 | N | 13964]     F:\Attendance_-_HTC.docx
[11/10/2013 - 15:49:30 | N | 50503]     F:\Visio-Dinner.pdf
[22/10/2013 - 16:07:14 | N | 303685]     F:\ARCHITECT_CME.docx
[23/10/2013 - 08:10:56 | N | 133223]     F:\Q13-01134_®-HBATU_PAHAT_ARC.pdf
[24/10/2013 - 11:57:34 | N | 992660]     F:\OttercodeS_Soundboard_1_0_0_0.zip
[24/10/2013 - 12:18:46 | D ]     F:\OttercodeS_Soundboard_1_0_0_0
[24/10/2013 - 12:19:30 | N | 52026]     F:\soundboard.zip
[25/10/2013 - 18:00:52 | N | 46485]     F:\background1.pptx
[25/10/2013 - 17:18:08 | N | 814290]     F:\TS102895255.potx
[25/10/2013 - 17:17:30 | N | 357376]     F:\TS001090287.pot
[01/11/2013 - 08:39:04 | N | 279893]     F:\MERS_CoV.docx
[01/11/2013 - 09:28:56 | N | 2108740]     F:\MERS-CoV-J.pptx
[01/11/2013 - 14:36:14 | N | 2108740]     F:\MERS-CoV-J-patho-Ver.pptx
[22/11/2012 - 11:51:48 | D ]     F:\BACKUP
[26/11/2012 - 22:11:50 | N | 6765568]     F:\Julian_USM_mtsf.ppt
[18/02/2013 - 20:33:42 | N | 180584]     F:\Impregnable.ttf
[03/11/2013 - 01:01:58 | N | 72526]     F:\logsbc.txt
[06/03/2013 - 08:20:38 | D ]     F:\Letter_Head_Baru
[03/11/2013 - 09:34:18 | N | 468480]     F:\CKScanner.exe
[09/03/2013 - 10:48:54 | N | 1420]     F:\BOOTEX.LOG
[27/07/2007 - 20:00:00 | N | 14578]     F:\usbstor.inf
[03/11/2013 - 10:39:58 | N | 7211664]     F:\mbam-rules.exe
[02/11/2013 - 19:37:48 | N | 655360]     F:\MicrosoftFixit50471.msi
[02/11/2013 - 19:43:48 | D ]     F:\Transfer

################## | Vaccin |

F:\Autorun.inf -> Vaccine created by UsbFix (El Desaparecido)

################## | E.O.F | http://www.usbfix.net - http://www.sosvirus.net |
 



#8 Aaflac

Aaflac

    Doin' Dis 'n Dat...


  • Malware Response Team
  • 2,307 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:USA
  • Local time:02:04 PM

Posted 02 November 2013 - 11:02 PM

Are the shortcuts gone?

Lets focus on both your computer and the pendrives...

:step1: With the pen drives connected, please run Malwarebytes Anti-Malware:
Download: http://www.bleepingcomputer.com/download/malwarebytes-anti-malware/
Save to the Desktop
Double-click the downloaded MBAM file to run it.

When the installation begins, follow the prompts in the setup process.
DO NOT make any changes to default settings and when the program has finished installing, make sure only the following options are checked:
>Update Malwarebytes Anti-Malware
>Launch Malwarebytes Anti-Malware
Uncheck:
>Enable free trial of Malwarebytes Anti-Malware PRO
Click on the Finish button.

If an update is found, the program automatically updates itself.
At the program console, on the Scanner tab, and select: Perform Full Scan

When the Select the Drives to scan prompt appears, make sure all drives (except: CD-Rom/DVD) are selected.
Next, click on the Scan button.

When the Malwarebytes scan is completed, click on: Show Results
When presented with a screen showing the malware detected, make sure everything is Checked, and click on: Remove Selected

When removal is completed, a report opens in Notepad.
>> Please copy/paste the entire contents of the MBAM report in your reply.

Note: If MBAM encounters a file that is difficult to remove, you are asked to reboot the computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) prevents MBAM from removing all the malware.



:step2: Also download RogueKiller:
http://tigzy.geekstogo.com/roguekiller.php
Select the version that applies to the system.
Save to the Desktop.

After closing all windows and browsers, right-click the downloaded RogueKiller file and select: Run as Administrator
At the program console, wait for the Prescan to finish. (Under Status, it says: Prescan finished.)
Press: SCAN
When done, a report opens on the Desktop: RKreport.txt
>> Please provide the RKreport.txt (Mode: Scan) in your reply.

Old duck...


#9 Dreamchaser_jc

Dreamchaser_jc
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:is balmy
  • Local time:03:04 AM

Posted 03 November 2013 - 02:13 AM

No more shortcuts in the removable drive.

 

MBAM: ImgBurn was downloaded last week to set it up to burn a recovery disc.

 

Here are the logs:

 

Malwarebytes Anti-Malware (Trial) 1.75.0.1300
www.malwarebytes.org

Database version: v2013.11.02.10

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 10.0.9200.16660
jemiah :: JEMIAH-AEROG [administrator]

Protection: Enabled

3/11/2013 12:57:33 PM
mbam-log-2013-11-03 (12-57-33).txt

Scan type: Full scan (C:\|D:\|E:\|F:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 335312
Time elapsed: 1 hour(s), 56 minute(s), 17 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 6
F:\Softwares\SetupImgBurn_2.5.8.0.exe (PUP.Optional.OpenCandy) -> No action taken.
C:\UsbFix\Quarantine\C\Users\jemiah\AppData\Roaming\ScreenSaverPro.scr.vir (Spyware.Zbot.ED) -> Quarantined and deleted successfully.
C:\UsbFix\Quarantine\C\Users\jemiah\AppData\Roaming\temp.bin.vir (Spyware.Zbot.ED) -> Quarantined and deleted successfully.
C:\UsbFix\Quarantine\C\Users\jemiah\AppData\Roaming\Microsoft\Nrctcg.exe.vir (Spyware.Zbot.ED) -> Quarantined and deleted successfully.
C:\UsbFix\Quarantine\F\.Trashes\e8b2c69b.exe.vir (Spyware.Zbot.ED) -> Quarantined and deleted successfully.
E:\Driver\VGA\vbios.zip (Spyware.OnLineGames) -> Quarantined and deleted successfully.

(end)
 

 

RogueKiller V8.7.5 [Oct 22 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.adlice.com/forum/
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 32 bits version
Started in : Normal mode
User : jemiah [Admin rights]
Mode : Scan -- Date : 11/03/2013 15:10:43
| ARK || FAK || MBR |

¤¤¤ Bad processes : 1 ¤¤¤
[SUSP PATH] ouc.exe -- C:\Users\jemiah\AppData\Roaming\Celcom Broadband Manager\ouc.exe [-] -> KILLED [TermProc]

¤¤¤ Registry Entries : 2 ¤¤¤
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Scheduled tasks : 0 ¤¤¤

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤

¤¤¤ External Hives: ¤¤¤

¤¤¤ Infection :  ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts




¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) ST9160314AS +++++
--- User ---
[MBR] d07231a052ba8a4de5783a1ee90eead1
[BSP] 7cf6436266ab40e715ea7100ca100bb5 : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 10000 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 20482048 | Size: 60000 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 143362048 | Size: 41000 Mo
3 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 227330048 | Size: 41625 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[0]_S_11032013_151043.txt >>
 


Edited by Dreamchaser_jc, 03 November 2013 - 05:59 AM.


#10 Aaflac

Aaflac

    Doin' Dis 'n Dat...


  • Malware Response Team
  • 2,307 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:USA
  • Local time:02:04 PM

Posted 03 November 2013 - 12:40 PM

Let's clean some more...

Please run the following when you have the time, it may take a while...

The ESET Online Scanner is implemented as an ActiveX control, so it is best run on Internet Explorer.
Right click the IE shortcut and select: Run as Administrator

Next, download: http://www.eset.com/us/online-scanner/
On the ESET website, click on: Run ESET Online Scanner
Click: Start
When asked, allow the add-on to be installed.
Click: Start, again

On the next prompt, Computer Scan Settings, check: Remove found threats
Next, click on: Advanced Settings
Make sure the following options are checked:
>Scan for potentially unwanted applications
>Scan for potentially unsafe applications
>Enable Anti-Stealth Technology

By Current Scan Targets, Operating memory, Local drives, press: Change
In Selection of Scan Targets, Local drives, select the USB drive in question.
Click: OK
Click: Start
Follow the prompts.

When the scan completes, if threats are found, in the Scan Results prompt click on: List of threats found
Click on: Export to text file
Save to the Desktop and name it: ESET Scan Results
Click on: Back
Place a check on: Uninstall application on close
Click on: Finish, and close the program.

If anything is found, please provide the ESET report in your reply to determine what further action is necessary.

Old duck...


#11 Dreamchaser_jc

Dreamchaser_jc
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:is balmy
  • Local time:03:04 AM

Posted 04 November 2013 - 03:40 AM

Everything came up clean. I guess that's the 'all-clear'?



#12 Aaflac

Aaflac

    Doin' Dis 'n Dat...


  • Malware Response Team
  • 2,307 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:USA
  • Local time:02:04 PM

Posted 04 November 2013 - 08:54 AM

Since the issue with the USB drive is solved, let's wrap up and remove the following tools and their reports, which are no longer needed.

These tools are updated frequently, and, if outdated, will not produce accurate results.

:step1: You can remove from the Desktop:
Microsoft Fix It 50471
UsbFix - Open the program and press: Uninstall
Farbar Recovery Scan Tool, as well as any fixlist and fixlog.
Also remove the FRST (or FRST64) folder, found normally on C:\FRST64 or C:\FRST
CKScanner and its CKFiles.txt report
RogueKiller and its RKreports


:step2: Next, go back to Control Panel, and select: Folder Options
Click on the View tab in the Folder Options window.

In the Advanced settings folders, and drives
Check: Hide protected operating system files (Recommended)

Click Apply and OK at the bottom of the Folder Options window.



:step3: Keep Malwarebytes Anti-Malware (MBAM), and use it regularly.
Any USB pendrives, SD cards, or External drives connected to someone else's computer, and then connected back to your computer should have a Full Scan performed. MBAM has the option of selecting which drives to scan, and includes removable drives.

If you are no longer having malware problems, you are good to go!

Thanks for following all the instructions and providing the reports!!

Have a great week, Dreamchaser_jc!!

Edited by Aaflac, 04 November 2013 - 08:55 AM.

Old duck...


#13 Dreamchaser_jc

Dreamchaser_jc
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:is balmy
  • Local time:03:04 AM

Posted 04 November 2013 - 11:31 AM

Thanks so much. I appreciate your help. Good day.



#14 Aaflac

Aaflac

    Doin' Dis 'n Dat...


  • Malware Response Team
  • 2,307 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:USA
  • Local time:02:04 PM

Posted 04 November 2013 - 09:48 PM

:thumbsup:

Old duck...





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users