Devilsraging Posted November 2, 2013 ID:749108 Share Posted November 2, 2013 Hi, it seems bitcoin has infected my svchost for awhile now, I have tried to remove it using malware anti - malware, but it never really did remove the problem. I have scanned this probably 20 or more times, and everytime it said "remove on reboot" or "quarantined and successfully removed". At first there was no harm keeping it, it didn't affect anything i do really. But then today, it seems to have sprung. Problem: On startup, everything seems to work fine, but as soon as svchost starts, it starts to lag like crazy; hovering over an icon, click on the start button, opening up anything, etc. At first i didn't know what it was, or why this is happening, but when i checked task manager, it seems like svchost.exe was running a big number. shown here: I knew it was the problem, because when i ended process of svchost, everything return to normal, my computer was running fast like it always does and everything seems to function fine, sounds, graphics, etc. So I ran a full scan and found 7 problems. Shown here: MBAM-log-2013-11-01 (18-21-37).txt Malwarebytes Anti-Malware 1.75.0.1300www.malwarebytes.orgDatabase version: v2013.11.01.07Windows 7 Service Pack 1 x64 NTFSInternet Explorer 10.0.9200.16721Quang Hong :: QUANGHONG-PC [administrator]11/1/2013 5:42:39 PMMBAM-log-2013-11-01 (18-21-37).txtScan type: Full scan (C:\|D:\|E:\|F:\|G:\|H:\|I:\|Q:\|)Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUMScan options disabled: P2PObjects scanned: 427455Time elapsed: 37 minute(s), 20 second(s)Memory Processes Detected: 0(No malicious items detected)Memory Modules Detected: 0(No malicious items detected)Registry Keys Detected: 0(No malicious items detected)Registry Values Detected: 0(No malicious items detected)Registry Data Items Detected: 0(No malicious items detected)Folders Detected: 0(No malicious items detected)Files Detected: 7C:\Users\Quang Hong\AppData\Local\Temp\svchost.exe (Riskware.Bitcoin) -> No action taken.C:\Users\Quang Hong\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PFGM2B1Y\svchost[1].exe (Riskware.Bitcoin) -> No action taken.C:\Users\Quang Hong\AppData\Local\Temp\phatk121016.cl (Trojan.BitcoinMiner) -> No action taken.C:\Users\Quang Hong\AppData\Local\Temp\scrypt130511.cl (Trojan.BitcoinMiner) -> No action taken.C:\Users\Quang Hong\AppData\Local\Temp\diablo130302.cl (Trojan.BitcoinMiner) -> No action taken.C:\Users\Quang Hong\AppData\Local\Temp\poclbm130302.cl (Trojan.BitcoinMiner) -> No action taken.C:\Users\Quang Hong\AppData\Local\Temp\diakgcn121016.cl (Trojan.BitcoinMiner) -> No action taken.(end) Link to post Share on other sites More sharing options...
MrCharlie Posted November 2, 2013 ID:749111 Share Posted November 2, 2013 Welcome to the forum, please start HERE Post back the 2 logs here.....DDS.txt and Attach.txt (please don't put logs in code or quotes and use the default font) General P2P/Piracy Warning: 1. If you're using Peer 2 Peer software such uTorrent, BitTorrent or similar you must either fully uninstall it or completely disable it from running while being assisted here. Failure to remove or disable such software will result in your topic being closed and no further assistance being provided. 2. If you have illegal/cracked software, cracks, keygens, custom (Adobe) host file, etc. on the system, please remove or uninstall them now and read the policy on Piracy. Failure to remove such software will result in your topic being closed and no further assistance being provided. <====><====><====><====><====><====><====><====> Next................ Please download and run RogueKiller 32 bit to your desktop. RogueKiller<---use this one for 64 bit systems Which system am I using? Quit all running programs. For Windows XP, double-click to start. For Vista or Windows 7-8, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run. Click Scan to scan the system. When the scan completes > Close out the program > Don't Fix anything! Don't run any other options, they're not all bad!!!!!!! Post back the report which should be located on your desktop. (please don't put logs in code or quotes and use the default font) MrC Note: Please read all of my instructions completely including these. Make sure system restore is turned on and running Make sure you're subscribed to this topic: Click on the Follow This Topic Button (at the top right of this page), make sure that the Receive notification box is checked and that it is set to Instantly Removing malware can be unpredictable...unlikely but things can go very wrong! Backup any files that cannot be replaced. You can copy them to a CD/DVD, external drive or a pen drive <+>Please don't run any other scans, download, install or uninstall any programs while I'm working with you. <+>The removal of malware isn't instantaneous, please be patient. <+>When we are done, I'll give to instructions on how to cleanup all the tools and logs <+>Please stick with me until I give you the "all clear" and Please don't waste my time by leaving before that. ------->Your topic will be closed if you haven't replied within 3 days!<-------- (If I don't respond within 24 hours, please send me a PM) Link to post Share on other sites More sharing options...
Devilsraging Posted November 2, 2013 Author ID:749115 Share Posted November 2, 2013 DDS (Ver_2012-11-20.01) - NTFS_AMD64Internet Explorer: 10.0.9200.16720Run by Quang Hong at 19:27:27 on 2013-11-01Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.16272.13700 [GMT -7:00].AV: Microsoft Security Essentials *Enabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}AV: Trend Micro Titanium Internet Security 2012 *Disabled/Updated* {7193B549-236F-55EE-9AEC-F65279E59A92}SP: Microsoft Security Essentials *Enabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}SP: Trend Micro Titanium Internet Security 2012 *Disabled/Updated* {CAF254AD-0555-5A60-A05C-CD200262D02F}SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}.============== Running Processes ===============.C:\windows\system32\lsm.exeC:\windows\system32\svchost.exe -k DcomLaunchC:\windows\system32\svchost.exe -k RPCSSC:\Program Files\Microsoft Security Client\MsMpEng.exeC:\windows\System32\svchost.exe -k LocalServiceNetworkRestrictedC:\windows\System32\svchost.exe -k LocalSystemNetworkRestrictedC:\windows\system32\svchost.exe -k LocalServiceC:\windows\system32\svchost.exe -k netsvcsC:\windows\system32\svchost.exe -k NetworkServiceC:\Windows\system32\FBAgent.exeC:\windows\System32\spoolsv.exeC:\windows\system32\svchost.exe -k LocalServiceNoNetworkC:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exeC:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exeC:\Program Files (x86)\Application Updater\ApplicationUpdater.exeC:\windows\system32\taskhost.exeC:\windows\system32\taskeng.exeC:\Program Files (x86)\ASUS\ASUS Instant On\AsInstantOn.exeC:\windows\system32\Dwm.exeC:\windows\Explorer.EXEC:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exeC:\Program Files (x86)\ASUS\AXSP\1.00.18\atkexComSvc.exeC:\Program Files (x86)\ASUS\AAHM\1.00.18\aaHMSvc.exeC:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exeC:\Windows\SysWOW64\AsHookDevice.exeC:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonationC:\Program Files (x86)\ASUS\AI Suite II\EPU\EPUHelp.exeC:\Program Files\Intel\iCLS Client\HeciServer.exeC:\Windows\System32\igfxtray.exeC:\Windows\System32\hkcmd.exeC:\Windows\System32\igfxpers.exeC:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exeC:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exeC:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exeC:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exeC:\windows\System32\svchost.exe -k HPZ12C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exeC:\windows\System32\svchost.exe -k HPZ12C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exeC:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exeC:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exeC:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.0.12\ToolbarUpdater.exeC:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXEC:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exeC:\Program Files\Microsoft Security Client\msseces.exeC:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.0.12\loggingserver.exeC:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exeC:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXEC:\Program Files (x86)\Pando Networks\Media Booster\PMB.exeC:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exeC:\Program Files (x86)\ASUS\AI Manager\AsShellApplication.exeC:\Program Files (x86)\ASUS\ASUS Easy Update\ALU.exeC:\Program Files (x86)\ASUS\ASUS Ai Charger\AiChargerAP.exeC:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exeC:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exeC:\windows\system32\SearchIndexer.exeC:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings64.exeC:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exeC:\windows\system32\svchost.exe -k NetworkServiceNetworkRestrictedC:\Program Files\Windows Media Player\wmpnetwk.exeC:\windows\System32\WUDFHost.exeC:\Program Files\Trend Micro\Titanium\TiMiniService.exeC:\Program Files\Trend Micro\Titanium\TiResumeSrv.exeC:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exeC:\Program Files\Microsoft Security Client\NisSrv.exeC:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exeC:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exeC:\Program Files (x86)\Skype\Phone\Skype.exeC:\Program Files (x86)\Mozilla Firefox\firefox.exeC:\Program Files (x86)\Mozilla Firefox\plugin-container.exeC:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exeC:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exeC:\windows\system32\svchost.exe -k SDRSVCC:\Program Files (x86)\Microsoft\BingBar\7.2.241.0\SeaPort.exeC:\windows\system32\wbem\wmiprvse.exeC:\windows\System32\cscript.exe.============== Pseudo HJT Report ===============.uURLSearchHooks: Vuze Remote Toolbar: {05478A66-EDB6-4A22-A870-A5987F80A7DA} - C:\Program Files (x86)\Vuze Remote Toolbar\IE\7.6\vuzeToolbarIE.dllmWinlogon: Userinit = userinit.exe,BHO: Vuze Remote Toolbar: {05478A66-EDB6-4A22-A870-A5987F80A7DA} - C:\Program Files (x86)\Vuze Remote Toolbar\IE\7.6\vuzeToolbarIE.dllBHO: TmIEPlugInBHO Class: {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\module\20004\2.0.1313\6.8.1072\TmIEPlg32.dllBHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dllBHO: AVG SafeGuard toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG SafeGuard toolbar\17.0.1.12\AVG SafeGuard toolbar_toolbar.dllBHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dllBHO: TmBpIeBHO Class: {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\module\20002\7.0.1081\7.0.1081\TmBpIe32.dllBHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.2.241.0\BingExt.dllTB: AVG SafeGuard toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG SafeGuard toolbar\17.0.1.12\AVG SafeGuard toolbar_toolbar.dllTB: Vuze Remote Toolbar: {05478A66-EDB6-4A22-A870-A5987F80A7DA} - C:\Program Files (x86)\Vuze Remote Toolbar\IE\7.6\vuzeToolbarIE.dllTB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.2.241.0\BingExt.dlluRun: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exemRun: [uSB3MON] "C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"mRun: [RunAIShell] C:\Program Files (x86)\ASUS\AI Manager\AsShellApplication.exemRun: [ASUS Easy Update] C:\Program Files (x86)\ASUS\ASUS Easy Update\ALU.exemRun: [ASUS Ai Charger] C:\Program Files (x86)\ASUS\ASUS Ai Charger\AiChargerAP.exemRun: [Adobe] C:\Users\Quang Hong\AppData\Roaming\Microsoft\Windows\Recent.vbemRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"mRun: [vProt] "C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe"mRun: [searchSettings] "C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe"mRun: [ApnTBMon] "C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe"mPolicies-Explorer: NoActiveDesktop = dword:1mPolicies-Explorer: NoActiveDesktopChanges = dword:1mPolicies-Explorer: HideSCAHealth = dword:1mPolicies-System: ConsentPromptBehaviorAdmin = dword:5mPolicies-System: ConsentPromptBehaviorUser = dword:3mPolicies-System: EnableUIADesktopToggle = dword:0IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dllIE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dllTCP: NameServer = 192.168.1.1TCP: Interfaces\{2D038650-7557-4AB3-A3D4-174E55595084} : DHCPNameServer = 192.168.1.1TCP: Interfaces\{659DB0DE-09CC-4F5B-9A25-91D01A7E7E78} : DHCPNameServer = 192.168.1.1Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dllHandler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dllHandler: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\module\20002\7.0.1081\7.0.1081\TmBpIe32.dllHandler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\module\20004\2.0.1313\6.8.1072\TmIEPlg32.dllHandler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\17.0.12\ViProtocol.dllHandler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dllAppInit_DLLs= c:\progra~2\browse~1\sprote~1.dllSSODL: WebCheck - <orphaned>x64-BHO: TmIEPlugInBHO Class: {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\module\20004\2.0.1313\6.8.1072\TmIEPlg.dllx64-BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dllx64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dllx64-BHO: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dllx64-BHO: TmBpIeBHO Class: {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\module\20002\7.0.1081\7.0.1081\TmBpIe64.dllx64-BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dllx64-Run: [VizorHtmlDialog.exe] "C:\Program Files\Trend Micro\Titanium\UIFramework\VizorHtmlDialog.exe" "DEF" "EULA" "C:\Program Files\Trend Micro\Titanium\www\Installer.cmpt\resources\preinstall_01_welcome_trial.html" "DEF" "DEF" "DEF"x64-Run: [Trend Micro Client Framework] "C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe"x64-Run: [Trend Micro Titanium] "C:\Program Files\Trend Micro\Titanium\VizorShortCut.exe" -ReFlush "none" "none"x64-Run: [igfxTray] C:\windows\System32\igfxtray.exex64-Run: [HotKeysCmds] C:\windows\System32\hkcmd.exex64-Run: [Persistence] C:\windows\System32\igfxpers.exex64-Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkeyx64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dllx64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dllx64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>x64-Handler: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\module\20002\7.0.1081\7.0.1081\TmBpIe64.dllx64-Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\module\20004\2.0.1313\6.8.1072\TmIEPlg.dllx64-Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - <orphaned>x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>x64-Notify: igfxcui - igfxdev.dllx64-SSODL: WebCheck - <orphaned>.================= FIREFOX ===================.FF - ProfilePath - C:\Users\Quang Hong\AppData\Roaming\Mozilla\Firefox\Profiles\80h62b6c.default\FF - prefs.js: browser.search.defaulturl -FF - prefs.js: browser.search.selectedEngine - AVG Secure SearchFF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLLFF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dllFF - plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\17.0.12\npsitesafety.dllFF - plugin: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dllFF - plugin: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dllFF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrlui.dllFF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dllFF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dllFF - plugin: C:\ProgramData\NexonUS\NGM\npNxGameUS.dllFF - plugin: C:\Users\Quang Hong\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dllFF - plugin: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dllFF - ExtSQL: 2013-09-03 10:04; avg@toolbar; C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\17.0.1.12.---- FIREFOX POLICIES ----.FF - user.js: extensions.funmoods.hmpg - trueFF - user.js: extensions.funmoods.dfltSrch - trueFF - user.js: extensions.funmoods.srchPrvdr - FunmoodsFF - user.js: extensions.funmoods.dnsErr - trueFF - user.js: extensions.funmoods_i.newTab - trueFF - user.js: extensions.funmoods.id - 74E543E21B8455E0FF - user.js: extensions.funmoods.instlDay - 15717FF - user.js: extensions.funmoods.vrsn - 1.5.23.22FF - user.js: extensions.funmoods.vrsni - 1.5.23.22FF - user.js: extensions.funmoods_i.vrsnTs - 1.5.23.222:9:47FF - user.js: extensions.funmoods.prtnrId - funmoodsFF - user.js: extensions.funmoods.prdct - funmoodsFF - user.js: extensions.funmoods.aflt - nv1FF - user.js: extensions.funmoods_i.smplGrp - noneFF - user.js: extensions.funmoods.tlbrId - baseFF - user.js: extensions.funmoods.instlRef - nv1FF - user.js: extensions.funmoods.dfltLng -FF - user.js: extensions.funmoods.excTlbr - falseFF - user.js: extensions.funmoods.autoRvrt - falseFF - user.js: extensions.funmoods.envrmnt - productionFF - user.js: extensions.funmoods.isdcmntcmplt - trueFF - user.js: extensions.funmoods.mntrvrsn - 1.3.0...============= SERVICES / DRIVERS ===============.R0 iusb3hcs;Intel® USB 3.0 Host Controller Switch Driver;C:\windows\System32\drivers\iusb3hcs.sys [2012-2-21 16152]R0 MpFilter;Microsoft Malware Protection Driver;C:\windows\System32\drivers\MpFilter.sys [2013-6-18 247216]R0 mv91xx;mv91xx;C:\windows\System32\drivers\mv91xx.sys [2012-2-9 293416]R1 avgtp;avgtp;C:\windows\System32\drivers\avgtpx64.sys [2013-8-25 46368]R1 tmevtmgr;tmevtmgr;C:\windows\System32\drivers\tmevtmgr.sys [2012-2-21 70928]R2 AFBAgent;AFBAgent;C:\windows\System32\FBAgent.exe [2012-2-21 379520]R2 APNMCP;Ask Update Service;C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe [2013-10-15 166352]R2 Application Updater;Application Updater;C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe [2013-9-2 807800]R2 asComSvc;ASUS Com Service;C:\Program Files (x86)\ASUS\AXSP\1.00.18\atkexComSvc.exe [2012-2-21 918448]R2 asHmComSvc;ASUS HM Com Service;C:\Program Files (x86)\ASUS\AAHM\1.00.18\aaHMSvc.exe [2012-2-21 950912]R2 AsSysCtrlService;ASUS System Control Service;C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe [2012-2-21 586880]R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2013-4-22 822504]R2 Device Handle Service;Device Handle Service;C:\Windows\SysWOW64\AsHookDevice.exe [2012-2-21 203392]R2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2012-2-2 628448]R2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe [2012-2-21 161560]R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-5-7 418376]R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-5-7 701512]R2 NisDrv;Microsoft Network Inspection System;C:\windows\System32\drivers\NisDrvWFP.sys [2012-8-30 139616]R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2013-6-26 523944]R2 Skype C2C Service;Skype C2C Service;C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2013-10-9 3275136]R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2012-2-21 363800]R2 vToolbarUpdater17.0.12;vToolbarUpdater17.0.12;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.0.12\ToolbarUpdater.exe [2013-10-1 1734680]R3 BBUpdate;BBUpdate;C:\Program Files (x86)\Microsoft\BingBar\7.2.241.0\SeaPort.EXE [2013-7-23 240288]R3 IntcDAud;Intel® Display Audio;C:\windows\System32\drivers\IntcDAud.sys [2012-2-21 331264]R3 iusb3hub;Intel® USB 3.0 Hub Driver;C:\windows\System32\drivers\iusb3hub.sys [2012-2-21 355096]R3 iusb3xhc;Intel® USB 3.0 eXtensible Host Controller Driver;C:\windows\System32\drivers\iusb3xhc.sys [2012-2-21 786200]R3 MBAMProtector;MBAMProtector;C:\windows\System32\drivers\mbam.sys [2013-5-7 25928]R3 netr28x;Ralink 802.11n Extensible Wireless Driver;C:\windows\System32\drivers\netr28x.sys [2012-2-9 1488448]R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2013-8-12 366600]R3 RTL8167;Realtek 8167 NT Driver;C:\windows\System32\drivers\Rt64win7.sys [2012-2-21 646248]R3 ScreamBAudioSvc;ScreamBee Audio;C:\windows\System32\drivers\ScreamingBAudio64.sys [2010-7-1 38992]R3 Sftfs;Sftfs;C:\windows\System32\drivers\Sftfslh.sys [2013-6-26 767144]R3 Sftplay;Sftplay;C:\windows\System32\drivers\Sftplaylh.sys [2013-6-26 273576]R3 Sftredir;Sftredir;C:\windows\System32\drivers\Sftredirlh.sys [2013-6-26 28840]R3 Sftvol;Sftvol;C:\windows\System32\drivers\Sftvollh.sys [2013-6-26 23208]R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2013-6-26 207528]R3 TiMiniService;TiMiniService;C:\Program Files\Trend Micro\Titanium\TiMiniService.exe [2012-2-21 247072]S2 BBSvc;BingBar Service;C:\Program Files (x86)\Microsoft\BingBar\7.2.241.0\BBSvc.EXE [2013-7-23 193696]S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-7-25 162672]S3 Amsp;Trend Micro Solution Platform;C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe [2012-2-21 275912]S3 asmthub3;ASMedia USB3 Hub Service;C:\windows\System32\drivers\asmthub3.sys [2012-2-9 129000]S3 asmtxhci;ASMEDIA XHCI Service;C:\windows\System32\drivers\asmtxhci.sys [2012-2-9 394216]S3 fssfltr;fssfltr;C:\windows\System32\drivers\fssfltr.sys [2012-2-21 48488]S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2011-5-13 1492840]S3 npggsvc;nProtect GameGuard Service;C:\windows\System32\GameMon.des -service --> C:\windows\System32\GameMon.des -service [?]S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\windows\System32\drivers\nusb3hub.sys [2012-2-9 80384]S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\windows\System32\drivers\nusb3xhc.sys [2012-2-9 181248]S3 TsUsbFlt;TsUsbFlt;C:\windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392]S3 TsUsbGD;Remote Desktop Generic USB Device;C:\windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232]S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\System32\Wat\WatAdminSvc.exe [2013-1-12 1255736]S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;C:\Program Files\Microsoft SQL Server\100\Shared\sqladhlp.exe [2009-7-22 61976]S4 RsFx0103;RsFx0103 Driver;C:\windows\System32\drivers\RsFx0103.sys [2009-3-30 311656]S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2009-3-30 427880]S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184].=============== Created Last 30 ================.2013-11-02 00:38:25 -------- d-----w- C:\Users\Quang Hong\AppData\Local\ElevatedDiagnostics2013-11-01 22:08:13 10280728 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{342CE869-5390-45FA-B46F-CB7CDFF4FA06}\mpengine.dll2013-11-01 07:34:08 -------- d-----w- C:\Users\Quang Hong\AppData\Roaming\SPORE2013-10-31 00:27:20 10280728 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll2013-10-25 05:06:48 -------- d-----w- C:\Users\Quang Hong\AppData\Local\VividMS2013-10-18 02:41:32 965000 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{472DE6E9-3C41-46C7-BBD2-A753F0DC4D2E}\gapaengine.dll2013-10-14 10:34:44 -------- d-----w- C:\ProgramData\Nexon2013-10-14 10:21:19 -------- d-----w- C:\ProgramData\NexonUS2013-10-09 08:11:13 -------- d-----w- C:\Users\Quang Hong\AppData\Local\TERA2013-10-05 00:50:28 -------- d-----w- C:\ProgramData\AskPartnerNetwork2013-10-05 00:50:28 -------- d-----w- C:\Program Files (x86)\AskPartnerNetwork2013-10-05 00:50:22 -------- d-----w- C:\ProgramData\APN2013-10-03 09:34:13 -------- d-----w- C:\Users\Quang Hong\AppData\Local\Warframe.==================== Find3M ====================.2013-10-12 18:38:36 71048 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl2013-10-12 18:38:36 692616 ----a-w- C:\windows\SysWow64\FlashPlayerApp.exe2013-10-02 00:13:45 46368 ----a-w- C:\windows\System32\drivers\avgtpx64.sys2013-09-22 23:28:06 1767936 ----a-w- C:\windows\SysWow64\wininet.dll2013-09-22 23:27:49 2876928 ----a-w- C:\windows\SysWow64\jscript9.dll2013-09-22 23:27:48 61440 ----a-w- C:\windows\SysWow64\iesetup.dll2013-09-22 23:27:48 109056 ----a-w- C:\windows\SysWow64\iesysprep.dll2013-09-22 22:55:10 2241024 ----a-w- C:\windows\System32\wininet.dll2013-09-22 22:54:51 3959296 ----a-w- C:\windows\System32\jscript9.dll2013-09-22 22:54:50 67072 ----a-w- C:\windows\System32\iesetup.dll2013-09-22 22:54:50 136704 ----a-w- C:\windows\System32\iesysprep.dll2013-09-21 03:38:39 2706432 ----a-w- C:\windows\System32\mshtml.tlb2013-09-21 03:30:24 2706432 ----a-w- C:\windows\SysWow64\mshtml.tlb2013-09-21 02:48:36 89600 ----a-w- C:\windows\System32\RegisterIEPKEYs.exe2013-09-21 02:39:47 71680 ----a-w- C:\windows\SysWow64\RegisterIEPKEYs.exe2013-09-14 01:10:19 497152 ----a-w- C:\windows\System32\drivers\afd.sys2013-09-08 02:30:37 1903552 ----a-w- C:\windows\System32\drivers\tcpip.sys2013-09-08 02:27:14 327168 ----a-w- C:\windows\System32\mswsock.dll2013-09-08 02:03:58 231424 ----a-w- C:\windows\SysWow64\mswsock.dll2013-09-04 12:12:11 343040 ----a-w- C:\windows\System32\drivers\usbhub.sys2013-09-04 12:11:51 325120 ----a-w- C:\windows\System32\drivers\usbport.sys2013-09-04 12:11:49 99840 ----a-w- C:\windows\System32\drivers\usbccgp.sys2013-09-04 12:11:43 52736 ----a-w- C:\windows\System32\drivers\usbehci.sys2013-09-04 12:11:43 30720 ----a-w- C:\windows\System32\drivers\usbuhci.sys2013-09-04 12:11:42 25600 ----a-w- C:\windows\System32\drivers\usbohci.sys2013-09-04 12:11:40 7808 ----a-w- C:\windows\System32\drivers\usbd.sys2013-08-29 02:17:48 5549504 ----a-w- C:\windows\System32\ntoskrnl.exe2013-08-29 02:16:35 1732032 ----a-w- C:\windows\System32\ntdll.dll2013-08-29 02:16:28 243712 ----a-w- C:\windows\System32\wow64.dll2013-08-29 02:16:14 859648 ----a-w- C:\windows\System32\tdh.dll2013-08-29 02:13:28 878080 ----a-w- C:\windows\System32\advapi32.dll2013-08-29 01:51:45 3969472 ----a-w- C:\windows\SysWow64\ntkrnlpa.exe2013-08-29 01:51:45 3914176 ----a-w- C:\windows\SysWow64\ntoskrnl.exe2013-08-29 01:50:31 5120 ----a-w- C:\windows\SysWow64\wow32.dll2013-08-29 01:50:30 1292192 ----a-w- C:\windows\SysWow64\ntdll.dll2013-08-29 01:50:16 619520 ----a-w- C:\windows\SysWow64\tdh.dll2013-08-29 01:48:17 640512 ----a-w- C:\windows\SysWow64\advapi32.dll2013-08-29 01:48:15 44032 ----a-w- C:\windows\apppatch\acwow64.dll2013-08-29 00:49:53 25600 ----a-w- C:\windows\SysWow64\setup16.exe2013-08-29 00:49:52 7680 ----a-w- C:\windows\SysWow64\instnm.exe2013-08-29 00:49:52 14336 ----a-w- C:\windows\SysWow64\ntvdm64.dll2013-08-29 00:49:49 2048 ----a-w- C:\windows\SysWow64\user.exe2013-08-28 01:21:06 3155968 ----a-w- C:\windows\System32\win32k.sys2013-08-28 01:12:33 461312 ----a-w- C:\windows\System32\scavengeui.dll2013-08-05 02:25:45 155584 ----a-w- C:\windows\System32\drivers\ataport.sys.============= FINISH: 19:27:59.95 =============== DDS (Ver_2012-11-20.01).Microsoft Windows 7 Home PremiumBoot Device: \Device\HarddiskVolume1Install Date: 1/8/2013 9:02:05 PMSystem Uptime: 11/1/2013 6:59:22 PM (1 hours ago).Motherboard: ASUSTeK COMPUTER INC. | | CM6870Processor: Intel® Core i7-3770 CPU @ 3.40GHz | LGA1155 | 3401/100mhz.==== Disk Partitions =========================.C: is FIXED (NTFS) - 745 GiB total, 649.731 GiB free.D: is FIXED (NTFS) - 1099 GiB total, 1009.643 GiB free.E: is CDROM ()F: is RemovableG: is RemovableH: is RemovableI: is RemovableJ: is CDROM ().==== Disabled Device Manager Items =============.==== System Restore Points ===================.RP237: 10/23/2013 12:14:54 PM - Windows UpdateRP238: 10/25/2013 6:18:49 PM - Installed DirectXRP239: 10/27/2013 11:42:12 AM - Windows UpdateRP240: 10/29/2013 3:00:11 AM - Windows UpdateRP241: 11/1/2013 12:14:56 AM - Installed SPORE™RP242: 11/1/2013 12:24:33 AM - Installed SPORE™RP243: 11/1/2013 12:26:20 AM - Installed SPORE™ Creepy & Cute Parts PackRP244: 11/1/2013 12:29:13 AM - Installed SPORE™ Galactic AdventuresRP245: 11/1/2013 12:30:36 AM - Installed SPORE™ Galactic AdventuresRP246: 11/1/2013 3:06:07 PM - Windows Update.==== Installed Programs ======================.64 Bit HP CIO Components Installer7-Zip 9.20Adobe Flash Player 11 ActiveXAdobe Flash Player 11 PluginAdobe Reader XI (11.0.05)Audacity 2.0.3AVG SafeGuard toolbarBing BarCCleanerCheat Engine 6.3Construct 2 r119Crystal Reports for Visual StudioDotfuscator Software Services - Community EditionFallout 3 - NMC's Texture PackFallout 3 - Wasteland EditionFast BootHotfix for Microsoft Visual Studio 2010 Professional - ENU (KB2542054)Intel® Trusted Connect Service ClientJava 7 Update 13 (64-bit)Java SE Development Kit 7 Update 13 (64-bit)Malwarebytes Anti-Malware version 1.75.0.1300MapleStoryMicrosoft .NET Framework 4 Client ProfileMicrosoft .NET Framework 4 ExtendedMicrosoft .NET Framework 4 Multi-Targeting PackMicrosoft Application Error ReportingMicrosoft ASP.NET MVC 2Microsoft ASP.NET MVC 2 - Visual Studio 2010 ToolsMicrosoft Games for Windows - LIVE RedistributableMicrosoft Help Viewer 1.0Microsoft Office 2010Microsoft Office Click-to-Run 2010Microsoft Office Starter 2010 - EnglishMicrosoft PowerPoint ViewerMicrosoft Security ClientMicrosoft Security EssentialsMicrosoft SilverlightMicrosoft Silverlight 3 SDKMicrosoft SQL Server 2008 (64-bit)Microsoft SQL Server 2008 BrowserMicrosoft SQL Server 2008 Common FilesMicrosoft SQL Server 2008 Database Engine ServicesMicrosoft SQL Server 2008 Database Engine SharedMicrosoft SQL Server 2008 Native ClientMicrosoft SQL Server 2008 R2 Data-Tier Application FrameworkMicrosoft SQL Server 2008 R2 Data-Tier Application ProjectMicrosoft SQL Server 2008 R2 Management ObjectsMicrosoft SQL Server 2008 R2 Management Objects (x64)Microsoft SQL Server 2008 R2 Transact-SQL Language ServiceMicrosoft SQL Server 2008 RsFx DriverMicrosoft SQL Server 2008 Setup Support FilesMicrosoft SQL Server Compact 3.5 SP2 ENUMicrosoft SQL Server Compact 3.5 SP2 x64 ENUMicrosoft SQL Server Database Publishing Wizard 1.4Microsoft SQL Server System CLR TypesMicrosoft SQL Server System CLR Types (x64)Microsoft SQL Server VSS WriterMicrosoft Sync Framework Runtime v1.0 SP1 (x64)Microsoft Sync Framework SDK v1.0 SP1Microsoft Sync Framework Services v1.0 SP1 (x64)Microsoft Sync Services for ADO.NET v2.0 SP1 (x64)Microsoft Team Foundation Server 2010 Object Model - ENUMicrosoft Visual C++ 2005 RedistributableMicrosoft Visual C++ 2005 Redistributable (x64)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161Microsoft Visual C++ 2010 x64 Designtime - 10.0.30319Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219Microsoft Visual C++ 2010 x64 Runtime - 10.0.30319Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219Microsoft Visual C++ 2010 x86 Runtime - 10.0.30319Microsoft Visual F# 2.0 RuntimeMicrosoft Visual Studio 2010 ADO.NET Entity Framework ToolsMicrosoft Visual Studio 2010 Office Developer Tools (x64)Microsoft Visual Studio 2010 Professional - ENUMicrosoft Visual Studio 2010 SharePoint Developer ToolsMicrosoft Visual Studio 2010 Tools for Office Runtime (x64)Microsoft Visual Studio Macro ToolsMicrosoft WSE 3.0 RuntimeMorphVOX ProMozilla Firefox 25.0 (x86 en-US)Mozilla Maintenance ServiceNBA 2K11NetBeans IDE 7.2.1Nexon Game ManagerooVooOovoo ToolbarPowerISOSaints Row IVSecurity Update for Microsoft .NET Framework 4 Client Profile (KB2604121)Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628)Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2)Security Update for Microsoft .NET Framework 4 Client Profile (KB2858302v2)Security Update for Microsoft .NET Framework 4 Extended (KB2487367)Security Update for Microsoft .NET Framework 4 Extended (KB2656351)Security Update for Microsoft .NET Framework 4 Extended (KB2736428)Security Update for Microsoft .NET Framework 4 Extended (KB2742595)Security Update for Microsoft .NET Framework 4 Extended (KB2858302v2)Security Update for Microsoft Visual Studio 2010 Professional - ENU (KB2251489)Security Update for Microsoft Visual Studio 2010 Professional - ENU (KB2644980)Security Update for Microsoft Visual Studio Macro Tools (KB2669970)Service Pack 1 for SQL Server 2008 (KB968369) (64-bit)Skype Click to CallSkype™ 6.7SPORE™SPORE™ Creepy & Cute Parts PackSPORE™ Galactic AdventuresSql Server Customer Experience Improvement ProgramThe MoviesThe Movies 1.1 PatchThe Movies Stunts & EffectsTrend Micro TitaniumTrend Micro Titanium Internet Security 2012Unity Web PlayerUpdate for Microsoft .NET Framework 4 Client Profile (KB2468871)Update for Microsoft .NET Framework 4 Client Profile (KB2533523)Update for Microsoft .NET Framework 4 Client Profile (KB2600217)Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3)Update for Microsoft .NET Framework 4 Extended (KB2468871)Update for Microsoft .NET Framework 4 Extended (KB2533523)Update for Microsoft .NET Framework 4 Extended (KB2600217)Update for Microsoft .NET Framework 4 Extended (KB2836939v3)Visual Studio 2010 Prerequisites - EnglishVisual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENUVuzeVuze Remote Toolbar v7.6WarframeWeb Deployment ToolWindows Live Family SafetyWindows Live ID Sign-in AssistantWindows Live Language SelectorWindows Live MIME IFilterWindows Live Remote ClientWindows Live Remote Client ResourcesWindows Live Remote ServiceWindows Live Remote Service Resources.==== Event Viewer Messages From Past Week ========.11/1/2013 7:00:00 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: sptd11/1/2013 6:59:24 PM, Error: sptd [4] - Driver detected an internal error in its data structures for .11/1/2013 6:25:06 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.11/1/2013 6:25:04 PM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.11/1/2013 6:25:04 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}11/1/2013 6:25:04 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}11/1/2013 6:25:03 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}11/1/2013 6:24:57 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}11/1/2013 6:24:53 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AsIO AsUpIO discache MpFilter SCDEmu spldr sptd tmactmon tmcomm tmevtmgr tmtdi Wanarpv611/1/2013 6:24:51 PM, Error: Service Control Manager [7001] - The Microsoft Network Inspection System service depends on the Microsoft Malware Protection Driver service which failed to start because of the following error: A device attached to the system is not functioning.11/1/2013 6:24:51 PM, Error: Service Control Manager [7001] - The Client Virtualization Handler service depends on the Application Virtualization Client service which failed to start because of the following error: The dependency service or group failed to start.11/1/2013 5:05:40 PM, Error: Service Control Manager [7043] - The Group Policy Client service did not shut down properly after receiving a preshutdown control.11/1/2013 5:05:40 PM, Error: Service Control Manager [7038] - The WdiServiceHost service was unable to log on as NT AUTHORITY\LocalService with the currently configured password due to the following error: The request is not supported. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).11/1/2013 5:05:40 PM, Error: Service Control Manager [7038] - The NisSrv service was unable to log on as NT AUTHORITY\LocalService with the currently configured password due to the following error: The request is not supported. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).11/1/2013 5:05:40 PM, Error: Service Control Manager [7038] - The netprofm service was unable to log on as NT AUTHORITY\LocalService with the currently configured password due to the following error: The request is not supported. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).11/1/2013 5:05:40 PM, Error: Service Control Manager [7038] - The BITS service was unable to log on as NT AUTHORITY\SYSTEM with the currently configured password due to the following error: The request is not supported. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).11/1/2013 5:05:40 PM, Error: Service Control Manager [7001] - The Client Virtualization Handler service depends on the Application Virtualization Client service which failed to start because of the following error: The operation completed successfully.11/1/2013 5:05:40 PM, Error: Service Control Manager [7000] - The Network List Service service failed to start due to the following error: The service did not start due to a logon failure.11/1/2013 5:05:40 PM, Error: Service Control Manager [7000] - The Microsoft Network Inspection service failed to start due to the following error: The service did not start due to a logon failure.11/1/2013 5:05:40 PM, Error: Service Control Manager [7000] - The Diagnostic Service Host service failed to start due to the following error: The service did not start due to a logon failure.11/1/2013 5:05:40 PM, Error: Service Control Manager [7000] - The Background Intelligent Transfer Service service failed to start due to the following error: The service did not start due to a logon failure.11/1/2013 2:44:54 PM, Error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.11/1/2013 2:44:54 PM, Error: Service Control Manager [7024] - The Windows Search service terminated with service-specific error %%-1073473535..==== End Of File =========================== Link to post Share on other sites More sharing options...
Devilsraging Posted November 2, 2013 Author ID:749117 Share Posted November 2, 2013 Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits versionStarted in : Normal modeUser : Quang Hong [Admin rights]Mode : Scan -- Date : 11/01/2013 19:46:02| ARK || FAK || MBR |¤¤¤ Bad processes : 0 ¤¤¤¤¤¤ Registry Entries : 3 ¤¤¤[RUN][sUSP PATH] HKLM\[...]\Wow6432Node\[...]\Run : Adobe (C:\Users\Quang Hong\AppData\Roaming\Microsoft\Windows\Recent.vbe [-]) -> FOUND[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND¤¤¤ Scheduled tasks : 1 ¤¤¤[V2][sUSP PATH] Funmoods : C:\Users\QUANGH~1\AppData\Roaming\Funmoods\UPDATE~1\UPDATE~1.EXE - /Check [x] -> FOUND¤¤¤ Startup Entries : 0 ¤¤¤¤¤¤ Web browsers : 0 ¤¤¤¤¤¤ Particular Files / Folders: ¤¤¤¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤¤¤¤ External Hives: ¤¤¤¤¤¤ Infection : ¤¤¤¤¤¤ HOSTS File: ¤¤¤--> %SystemRoot%\System32\drivers\etc\hosts¤¤¤ MBR Check: ¤¤¤+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) ST2000DL003-9VT166 ATA Device +++++--- User ---[MBR] 23171b577959dc88f06041a5043638a9[bSP] 7cce9389944c03baed16114499fb28f2 : Windows 7/8 MBR CodePartition table:0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo1 - [XXXXXX] FAT32 (0x1b) [HIDDEN!] Offset (sectors): 206848 | Size: 19024 Mo2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 39168000 | Size: 763090 Mo3 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 1601976348 | Size: 1125511 MoUser = LL1 ... OK!User = LL2 ... OK!Finished : << RKreport[0]_S_11012013_194602.txt >> Link to post Share on other sites More sharing options...
MrCharlie Posted November 2, 2013 ID:749118 Share Posted November 2, 2013 AV: Microsoft Security Essentials *Enabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}AV: Trend Micro Titanium Internet Security 2012 *Disabled/Updated* {7193B549-236F-55EE-9AEC-F65279E59A92}SP: Microsoft Security Essentials *Enabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}SP: Trend Micro Titanium Internet Security 2012 *Disabled/Updated* {CAF254AD-0555-5A60-A05C-CD200262D02F}SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} Why do you have MSE and Trend installed on the system??Having 2 anti-virus programs on the system only causes conflicts and spotty protection.Dangers of running 2 anti-virus programs~~~~~~~~~~~~~~~~~~~~~~~~~~Run RogueKiller again and click ScanWhen the scan completes > click on the Registry tabPut a check next to all of these and uncheck the rest: (if found) [RUN][sUSP PATH] HKLM\[...]\Wow6432Node\[...]\Run : Adobe (C:\Users\Quang Hong\AppData\Roaming\Microsoft\Windows\Recent.vbe [-]) -> FOUND[V2][sUSP PATH] Funmoods : C:\Users\QUANGH~1\AppData\Roaming\Funmoods\UPDATE~1\UPDATE~1.EXE - /Check [x] -> FOUNDNow click Delete on the right hand column under Options-------------Next:Lets clean out any adware now: (this will require a reboot so save all your work)Please download AdwCleaner by Xplode and save to your Desktop.Make sure you click on download buttons that look like this, not "sponsored ad links":Double click on AdwCleaner.exe to run the tool.Vista/Windows 7/8 users right-click and select Run As AdministratorClick on the Scan button.AdwCleaner will begin...be patient as the scan may take some time to complete.When it's done you'll see: Pending: Please uncheck elements you don't want removed.Now click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.Look over the log especially under Files/Folders for any program you want to save.If there's a program you may want to save, just uncheck it from AdwCleaner.If you're not sure, post the log for review. (all items found are adware/spyware/foistware)If you're ready to clean it all up.....click the Clean button.After rebooting, a logfile report (AdwCleaner[s0].txt) will open automatically.Copy and paste the contents of that logfile in your next reply.A copy of that logfile will also be saved in the C:\AdwCleaner folder.Items that are deleted are moved to the Quarantine Folder: C:\AdwCleaner\QuarantineTo restore an item that has been deleted:Go to Tools > Quarantine Manager > check what you want restored > now click on Restore.Then..................Open up Malwarebytes > Settings Tab > Scanner Settings > Under action for PUP > Select: Show in Results List and Check for removal.Please Update and run a Quick Scan with Malwarebytes Anti-Malware, post the report.Make sure that everything is checked, and click Remove Selected.~~~~~~~~~~~~~~~~~~~~~~~~~~Last......Please download Farbar Recovery Scan Tool and save it to a folder. (use correct version for your system.....Which system am I using?)Please make sure you click download buttons that look like this, not "sponsored ad links":Double-click to run it. When the tool opens click Yes to disclaimer.Press Scan button.It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.MrC Link to post Share on other sites More sharing options...
Devilsraging Posted November 2, 2013 Author ID:749121 Share Posted November 2, 2013 The first two right? Link to post Share on other sites More sharing options...
Devilsraging Posted November 2, 2013 Author ID:749127 Share Posted November 2, 2013 # AdwCleaner v3.010 - Report created 01/11/2013 at 20:58:41# Updated 20/10/2013 by Xplode# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)# Username : Quang Hong - QUANGHONG-PC# Running from : C:\Users\Quang Hong\Desktop\AdwCleaner.exe# Option : Clean***** [ Services ] *****Service Deleted : APNMCPService Deleted : Application UpdaterService Deleted : vToolbarUpdater17.0.12***** [ Files / Folders ] *****Folder Deleted : C:\ProgramData\apnFolder Deleted : C:\ProgramData\AskPartnerNetworkFolder Deleted : C:\Program Files (x86)\Application UpdaterFolder Deleted : C:\Program Files (x86)\AskPartnerNetworkFolder Deleted : C:\Program Files (x86)\Vuze Remote toolbarFolder Deleted : C:\Program Files (x86)\Common Files\AVG Secure SearchFolder Deleted : C:\Program Files (x86)\Common Files\spigotFolder Deleted : C:\Users\QUANGH~1\AppData\Local\Temp\apnFolder Deleted : C:\Users\Quang Hong\AppData\LocalLow\Search SettingsFile Deleted : C:\windows\System32\roboot64.exeFile Deleted : C:\Users\Quang Hong\AppData\Roaming\Mozilla\Firefox\Profiles\80h62b6c.default\bprotector_extensions.sqliteFile Deleted : C:\Users\Quang Hong\AppData\Roaming\Mozilla\Firefox\Profiles\80h62b6c.default\searchplugins\BrowserProtect.xmlFile Deleted : C:\Users\Quang Hong\AppData\Roaming\Mozilla\Firefox\Profiles\80h62b6c.default\searchplugins\delta.xmlFile Deleted : C:\Users\Quang Hong\AppData\Roaming\Mozilla\Firefox\Profiles\80h62b6c.default\user.jsFile Deleted : C:\windows\System32\Tasks\EPUpdater***** [ Shortcuts ] ********** [ Registry ] *****Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]Key Deleted : [x64] HKLM\SOFTWARE\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphhKey Deleted : [x64] HKLM\SOFTWARE\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehojKey Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\jbpkiefagocgkmemidfngdkamloieekfKey Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\ndibdjnfmopecpmkdieinmbadjfpblofKey Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLLKey Deleted : HKLM\SOFTWARE\Classes\AppID\escortApp.DLLKey Deleted : HKLM\SOFTWARE\Classes\AppID\escortEng.DLLKey Deleted : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLLKey Deleted : HKLM\SOFTWARE\Classes\AppID\esrv.EXEKey Deleted : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXEKey Deleted : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLLKey Deleted : HKLM\SOFTWARE\Classes\protocols\handler\viprotocolKey Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApiKey Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLEKey Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCSKey Deleted : HKLM\SOFTWARE\Microsoft\Tracing\BingBar_RASMANCSKey Deleted : HKLM\SOFTWARE\Microsoft\Tracing\FunmoodsSetup_RASAPI32Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\FunmoodsSetup_RASMANCSKey Deleted : HKLM\SOFTWARE\Microsoft\Tracing\UpdateTask_RASAPI32Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\UpdateTask_RASMANCSValue Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [ApnTbMon]Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [searchSettings]Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt]Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-pluginKey Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}Key Deleted : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}Key Deleted : HKLM\SOFTWARE\Classes\AppID\{960DF771-CFCB-4E53-A5B5-6EF2BBE6E706}Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}Key Deleted : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{05478A66-EDB6-4A22-A870-A5987F80A7DA}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{960DF771-CFCB-4E53-A5B5-6EF2BBE6E706}Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{05478A66-EDB6-4A22-A870-A5987F80A7DA}Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{05478A66-EDB6-4A22-A870-A5987F80A7DA}Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{05478A66-EDB6-4A22-A870-A5987F80A7DA}Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{05478A66-EDB6-4A22-A870-A5987F80A7DA}]Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{05478A66-EDB6-4A22-A870-A5987F80A7DA}]Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B}Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}Key Deleted : HKCU\Software\AskPartnerNetworkKey Deleted : HKCU\Software\Search SettingsKey Deleted : HKCU\Software\AppDataLow\Software\Search SettingsKey Deleted : HKLM\Software\Application UpdaterKey Deleted : HKLM\Software\AskPartnerNetworkKey Deleted : HKLM\Software\AVG Security ToolbarKey Deleted : HKLM\Software\IminentKey Deleted : HKLM\Software\Search SettingsKey Deleted : HKLM\Software\SP GlobalKey Deleted : HKLM\Software\SProtectorKey Deleted : [x64] HKLM\SOFTWARE\Tarma InstallerKey Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Funmoods***** [ Browsers ] *****-\\ Internet Explorer v10.0.9200.16720-\\ Mozilla Firefox v25.0 (en-US)[ File : C:\Users\Quang Hong\AppData\Roaming\Mozilla\Firefox\Profiles\80h62b6c.default\prefs.js ]Line Deleted : user_pref("aol_toolbar.default.homepage.check", false);Line Deleted : user_pref("aol_toolbar.default.search.check", false);Line Deleted : user_pref("browser.search.selectedEngine", "AVG Secure Search");Line Deleted : user_pref("extensions.BabylonToolbar.prtkDS", 0);Line Deleted : user_pref("extensions.BabylonToolbar.prtkHmpg", 0);Line Deleted : user_pref("extensions.funmoods.aflt", "nv1");Line Deleted : user_pref("extensions.funmoods.autoRvrt", false);Line Deleted : user_pref("extensions.funmoods.cntry", "US");Line Deleted : user_pref("extensions.funmoods.cv", "cv5");Line Deleted : user_pref("extensions.funmoods.dfltLng", "");Line Deleted : user_pref("extensions.funmoods.dfltSrch", true);Line Deleted : user_pref("extensions.funmoods.dnsErr", true);Line Deleted : user_pref("extensions.funmoods.envrmnt", "production");Line Deleted : user_pref("extensions.funmoods.excTlbr", false);Line Deleted : user_pref("extensions.funmoods.hdrMd5", "54BE1C1AA871B882C06C64BBC2D45578");Line Deleted : user_pref("extensions.funmoods.hmpg", true);Line Deleted : user_pref("extensions.funmoods.id", "74E543E21B8455E0");Line Deleted : user_pref("extensions.funmoods.instlDay", "15717");Line Deleted : user_pref("extensions.funmoods.instlRef", "nv1");Line Deleted : user_pref("extensions.funmoods.isdcmntcmplt", true);Line Deleted : user_pref("extensions.funmoods.lastVrsnTs", "1.5.23.222:9:47");Line Deleted : user_pref("extensions.funmoods.mntrvrsn", "1.3.0");Line Deleted : user_pref("extensions.funmoods.newTab", true);Line Deleted : user_pref("extensions.funmoods.prdct", "funmoods");Line Deleted : user_pref("extensions.funmoods.prtnrId", "funmoods");Line Deleted : user_pref("extensions.funmoods.sg", "none");Line Deleted : user_pref("extensions.funmoods.smplGrp", "none");Line Deleted : user_pref("extensions.funmoods.srchPrvdr", "Funmoods");Line Deleted : user_pref("extensions.funmoods.tlbrId", "base");Line Deleted : user_pref("extensions.funmoods.vrsn", "1.5.23.22");Line Deleted : user_pref("extensions.funmoods.vrsnTs", "1.5.23.222:9:47");Line Deleted : user_pref("extensions.funmoods.vrsni", "1.5.23.22");Line Deleted : user_pref("extensions.funmoods_i.newTab", true);Line Deleted : user_pref("extensions.funmoods_i.smplGrp", "none");Line Deleted : user_pref("extensions.funmoods_i.vrsnTs", "1.5.23.222:9:47");Line Deleted : user_pref("sweetim.toolbar.previous.browser.search.defaultenginename", "");Line Deleted : user_pref("sweetim.toolbar.previous.browser.search.selectedEngine", "");Line Deleted : user_pref("sweetim.toolbar.previous.browser.startup.homepage", "");Line Deleted : user_pref("sweetim.toolbar.previous.keyword.URL", "");Line Deleted : user_pref("sweetim.toolbar.scripts.1.domain-blacklist", "");Line Deleted : user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_DS", "");Line Deleted : user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_HP", "");Line Deleted : user_pref("sweetim.toolbar.searchguard.enable", "");-\\ Google Chrome v[ File : C:\Users\Quang Hong\AppData\Local\Google\Chrome\User Data\Default\preferences ]*************************AdwCleaner[R0].txt - [14161 octets] - [01/11/2013 20:43:30]AdwCleaner[s0].txt - [14160 octets] - [01/11/2013 20:58:41]########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [14221 octets] ########## Link to post Share on other sites More sharing options...
Devilsraging Posted November 2, 2013 Author ID:749129 Share Posted November 2, 2013 It's still the same result, but the lagging seems to have stopped Malwarebytes Anti-Malware 1.75.0.1300www.malwarebytes.orgDatabase version: v2013.11.02.02Windows 7 Service Pack 1 x64 NTFSInternet Explorer 10.0.9200.16721Quang Hong :: QUANGHONG-PC [administrator]11/1/2013 9:03:35 PMMBAM-log-2013-11-01 (21-06-59).txtScan type: Quick scanScan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUMScan options disabled: P2PObjects scanned: 205189Time elapsed: 2 minute(s), 42 second(s)Memory Processes Detected: 0(No malicious items detected)Memory Modules Detected: 0(No malicious items detected)Registry Keys Detected: 0(No malicious items detected)Registry Values Detected: 0(No malicious items detected)Registry Data Items Detected: 0(No malicious items detected)Folders Detected: 0(No malicious items detected)Files Detected: 7C:\Users\Quang Hong\AppData\Local\Temp\svchost.exe (Riskware.Bitcoin) -> No action taken.C:\Users\Quang Hong\Local Settings\Temporary Internet Files\Content.IE5\YPDS5HSR\svchost[1].exe (Riskware.Bitcoin) -> No action taken.C:\Users\Quang Hong\AppData\Local\Temp\phatk121016.cl (Trojan.BitcoinMiner) -> No action taken.C:\Users\Quang Hong\AppData\Local\Temp\scrypt130511.cl (Trojan.BitcoinMiner) -> No action taken.C:\Users\Quang Hong\AppData\Local\Temp\diablo130302.cl (Trojan.BitcoinMiner) -> No action taken.C:\Users\Quang Hong\AppData\Local\Temp\poclbm130302.cl (Trojan.BitcoinMiner) -> No action taken.C:\Users\Quang Hong\AppData\Local\Temp\diakgcn121016.cl (Trojan.BitcoinMiner) -> No action taken.(end) Link to post Share on other sites More sharing options...
Devilsraging Posted November 2, 2013 Author ID:749130 Share Posted November 2, 2013 Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 31-10-2013Ran by Quang Hong (administrator) on QUANGHONG-PC on 01-11-2013 21:14:50Running from C:\Users\Quang Hong\DesktopWindows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)Internet Explorer Version 10Boot Mode: Normal==================== Processes (Whitelisted) =================(ASUSTeK Computer Inc.) C:\Windows\system32\FBAgent.exe() C:\Program Files (x86)\ASUS\AXSP\1.00.18\atkexComSvc.exe(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AAHM\1.00.18\aaHMSvc.exe() C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe(Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.2.241.0\BBSvc.exe(ASUSTeK Computer Inc.) C:\Windows\SysWOW64\AsHookDevice.exe(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Instant On\AsInstantOn.exe(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe(Intel Corporation) C:\Windows\System32\igfxtray.exe(Intel Corporation) C:\Windows\System32\hkcmd.exe(Intel Corporation) C:\Windows\System32\igfxpers.exe(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe() C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\EPU\EPUHelp.exe(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Manager\AsShellApplication.exe(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Easy Update\ALU.exe(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Ai Charger\AiChargerAP.exe(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe(Skype Technologies S.A.) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe(Trend Micro Inc.) C:\Program Files\Trend Micro\Titanium\TiMiniService.exe(Trend Micro Inc.) C:\Program Files\Trend Micro\Titanium\TiResumeSrv.exe(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe==================== Registry (Whitelisted) ==================HKLM\...\Run: [VizorHtmlDialog.exe] - C:\Program Files\Trend Micro\Titanium\UIFramework\VizorHtmlDialog.exe [1654992 2011-10-26] (Trend Micro Inc.)HKLM\...\Run: [Trend Micro Client Framework] - C:\Program Files\Trend Micro\UniClient\UiFrmwrk\uiWatchDog.exe [213824 2011-10-03] (Trend Micro Inc.)HKLM\...\Run: [Trend Micro Titanium] - C:\Program Files\Trend Micro\Titanium\VizorShortCut.exe [416992 2011-08-02] (Trend Micro Inc.)HKLM\...\Run: [HotKeysCmds] - C:\windows\system32\hkcmd.exe [ ] ()HKLM\...\Run: [MSC] - C:\Program Files\Microsoft Security Client\msseces.exe [1356240 2013-08-12] (Microsoft Corporation)Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)HKLM\...\Policies\Explorer: [HideSCAHealth] 1HKCU\...\Run: [Pando Media Booster] - C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe [3093624 2013-01-08] ()HKLM-x32\...\Run: [uSB3MON] - C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-01-04] (Intel Corporation)HKLM-x32\...\Run: [RunAIShell] - C:\Program Files (x86)\ASUS\AI Manager\AsShellApplication.exe [232064 2009-12-23] (ASUSTeK Computer Inc.)HKLM-x32\...\Run: [ASUS Easy Update] - C:\Program Files (x86)\ASUS\ASUS Easy Update\ALU.exe [195200 2012-01-13] (ASUSTeK Computer Inc.)HKLM-x32\...\Run: [ASUS Ai Charger] - C:\Program Files (x86)\ASUS\ASUS Ai Charger\AiChargerAP.exe [465536 2011-09-27] (ASUSTek Computer Inc.)HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)HKLM-x32\...\Run: [] - [x]AppInit_DLLs-x32: c:\progra~2\browse~1\sprote~1.dll [ ] ()==================== Internet (Whitelisted) ====================HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://asus.msn.com/SearchScopes: HKLM - DefaultScope {B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B} URL =SearchScopes: HKCU - {F9D912DA-7196-46A2-979F-1D5648A69517} URL = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=994519&p={searchTerms}BHO: TmIEPlugInBHO Class - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\module\20004\2.0.1313\6.8.1072\TmIEPlg.dll (Trend Micro Inc.)BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)BHO: TmBpIeBHO Class - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\module\20002\7.0.1081\7.0.1081\TmBpIe64.dll (Trend Micro Inc.)BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)BHO-x32: TmIEPlugInBHO Class - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\module\20004\2.0.1313\6.8.1072\TmIEPlg32.dll (Trend Micro Inc.)BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)BHO-x32: TmBpIeBHO Class - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\module\20002\7.0.1081\7.0.1081\TmBpIe32.dll (Trend Micro Inc.)BHO-x32: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.2.241.0\BingExt.dll (Microsoft Corporation.)Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.2.241.0\BingExt.dll (Microsoft Corporation.)DPF: HKLM {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cabHandler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)Handler: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\module\20002\7.0.1081\7.0.1081\TmBpIe64.dll (Trend Micro Inc.)Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\module\20004\2.0.1313\6.8.1072\TmIEPlg.dll (Trend Micro Inc.)Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)Handler-x32: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\module\20002\7.0.1081\7.0.1081\TmBpIe32.dll (Trend Micro Inc.)Handler-x32: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\module\20004\2.0.1313\6.8.1072\TmIEPlg32.dll (Trend Micro Inc.)Tcpip\Parameters: [DhcpNameServer] 192.168.1.1FireFox:========FF ProfilePath: C:\Users\Quang Hong\AppData\Roaming\Mozilla\Firefox\Profiles\80h62b6c.defaultFF SearchEngineOrder.user_pref("browser.search.order.1", "");: user_pref("browser.search.order.1", "");FF SearchEngineOrder.user_pref("browser.search.order.1,S", "");: user_pref("browser.search.order.1,S", "");FF Homepage: https://www.google.comFF Plugin: @adobe.com/FlashPlayer - C:\windows\system32\Macromed\Flash\NPSWF64_11_9_900_117.dll ()FF Plugin: @java.com/DTPlugin,version=10.13.2 - C:\windows\system32\npDeployJava1.dll (Oracle Corporation)FF Plugin: @java.com/JavaPlugin,version=10.13.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)FF Plugin: @microsoft.com/GENUINE - disabled No FileFF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)FF Plugin-x32: @adobe.com/FlashPlayer - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll ()FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)FF Plugin-x32: @microsoft.com/GENUINE - disabled No FileFF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)FF Plugin-x32: @nexon.net/NxGame - C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon)FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\Quang Hong\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)FF Plugin HKCU: pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\safeguard-secure-search.xmlFF Extension: toolbar_OVO2V7 - C:\Users\Quang Hong\AppData\Roaming\Mozilla\Firefox\Profiles\80h62b6c.default\Extensions\toolbar_OVO2V7@apn.ask.com.xpiFF Extension: No Name - C:\Users\Quang Hong\AppData\Roaming\Mozilla\Firefox\Profiles\80h62b6c.default\Extensions\{badea1ae-72ed-4f6a-8c37-4db9a4ac7bc9}.xpiFF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}FF HKLM-x32\...\Firefox\Extensions: [{38783831-6098-4faa-A9C9-1EE1E343F4D2}] - C:\Program Files\Trend Micro\AMSP\Module\20002\7.0.1081\7.0.1081\firefoxextensionFF Extension: Trend Micro BEP Firefox Extension - C:\Program Files\Trend Micro\AMSP\Module\20002\7.0.1081\7.0.1081\firefoxextensionFF HKLM-x32\...\Firefox\Extensions: [{22C7F6C6-8D67-4534-92B5-529A0EC09405}] - C:\Program Files\Trend Micro\AMSP\module\20004\FxExt\firefoxextension\FF Extension: Trend Micro NSC Firefox Extension - C:\Program Files\Trend Micro\AMSP\module\20004\FxExt\firefoxextension\Chrome:=======CHR Extension: (Searcchh-NaEwTaab) - C:\Users\QUANGH~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\llgmcilhdoehggnbpkoligokkepibbgk\1CHR Extension: (Broywsee2save) - C:\Users\QUANGH~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ooljjlhbdgmannpklhpimgpnofnddmgk\1CHR HKLM-x32\...\Chrome\Extension: [hbcennhacfaagdopikcegfcobcadeocj] - C:\Program Files (x86)\Common Files\Spigot\GC\saebay_1.0.crxCHR HKLM-x32\...\Chrome\Extension: [icdlfehblmklkikfigmjhbmmpmkmpooj] - C:\Program Files (x86)\Common Files\Spigot\GC\errorassistant_1.1.crxCHR HKLM-x32\...\Chrome\Extension: [mhkaekfpcppmmioggniknbnbdbcigpkk] - C:\Program Files (x86)\Common Files\Spigot\GC\coupons_2.4.crxCHR HKLM-x32\...\Chrome\Extension: [pfndaklgolladniicklehhancnlgocpp] - C:\Program Files (x86)\Common Files\Spigot\GC\saamazon_1.0.crx==================== Services (Whitelisted) =================R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.00.18\atkexComSvc.exe [918448 2011-10-28] ()R2 asHmComSvc; C:\Program Files (x86)\ASUS\AAHM\1.00.18\aaHMSvc.exe [950912 2011-12-29] (ASUSTeK Computer Inc.)R2 AsSysCtrlService; C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe [586880 2010-10-21] ()R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [161560 2012-02-07] (Intel Corporation)R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2013-08-12] (Microsoft Corporation)R2 MSSQL$SQLEXPRESS; C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [57617752 2009-03-30] (Microsoft Corporation)R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [366600 2013-08-12] (Microsoft Corporation)S3 npggsvc; C:\windows\SysWow64\GameMon.des [4986712 2013-03-06] (INCA Internet Co., Ltd.)S4 SQLAgent$SQLEXPRESS; C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [427880 2009-03-30] (Microsoft Corporation)R3 TiMiniService; C:\Program Files\Trend Micro\Titanium\TiMiniService.exe [247072 2011-08-02] (Trend Micro Inc.)S3 Amsp; "C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe" coreFrameworkHost.exe -m=rb -dt=60000 -ad [x]==================== Drivers (Whitelisted) ====================R3 AiCharger; C:\Windows\SysWow64\drivers\AiCharger.sys [14592 2010-10-20] (ASUSTek Computer Inc.)R2 ASInsHelp; C:\Windows\SysWow64\drivers\AsInsHelp64.sys [11832 2008-01-04] ()R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [13440 2010-08-24] ()R1 AsUpIO; C:\Windows\SysWow64\drivers\AsUpIO.sys [14464 2010-08-02] ()R1 avgtp; C:\windows\system32\drivers\avgtpx64.sys [46368 2013-10-01] (AVG Technologies)R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [247216 2013-06-18] (Microsoft Corporation)R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [139616 2013-06-18] (Microsoft Corporation)S0 sptd; C:\Windows\System32\Drivers\sptd.sys [867064 2013-01-09] (Duplex Secure Ltd.)R1 tmactmon; C:\Windows\System32\DRIVERS\tmactmon.sys [91920 2011-08-11] (Trend Micro Inc.)R1 tmcomm; C:\Windows\System32\DRIVERS\tmcomm.sys [167696 2011-08-11] (Trend Micro Inc.)R1 tmevtmgr; C:\Windows\System32\DRIVERS\tmevtmgr.sys [70928 2011-08-11] (Trend Micro Inc.)R1 tmtdi; C:\Windows\System32\DRIVERS\tmtdi.sys [105744 2011-09-29] (Trend Micro Inc.)S3 EagleX64; \??\C:\windows\system32\drivers\EagleX64.sys [x]==================== NetSvcs (Whitelisted) ======================================= One Month Created Files and Folders ========2013-11-01 21:14 - 2013-11-01 21:14 - 00000000 ____D C:\FRST2013-11-01 21:13 - 2013-11-01 21:13 - 01957098 _____ (Farbar) C:\Users\Quang Hong\Desktop\FRST64.exe2013-11-01 20:43 - 2013-11-01 20:58 - 00000000 ____D C:\AdwCleaner2013-11-01 20:42 - 2013-11-01 20:42 - 01060070 _____ C:\Users\Quang Hong\Desktop\AdwCleaner.exe2013-11-01 20:41 - 2013-11-01 20:41 - 00002033 _____ C:\Users\Quang Hong\Desktop\RKreport[0]_D_11012013_204133.txt2013-11-01 20:12 - 2013-11-01 20:12 - 00001979 _____ C:\Users\Quang Hong\Desktop\RKreport[0]_S_11012013_201221.txt2013-11-01 19:46 - 2013-11-01 19:46 - 00001946 _____ C:\Users\Quang Hong\Desktop\RKreport[0]_S_11012013_194602.txt2013-11-01 19:44 - 2013-11-01 20:41 - 00000000 ____D C:\Users\Quang Hong\Desktop\RK_Quarantine2013-11-01 19:41 - 2013-11-01 19:41 - 04012032 _____ C:\Users\Quang Hong\Desktop\RogueKillerX64.exe2013-11-01 19:28 - 2013-11-01 19:28 - 00013040 _____ C:\Users\Quang Hong\Desktop\attach.txt2013-11-01 19:28 - 2013-11-01 19:27 - 00026255 _____ C:\Users\Quang Hong\Desktop\dds.txt2013-11-01 19:22 - 2013-11-01 19:22 - 00688992 ____R (Swearware) C:\Users\Quang Hong\Desktop\dds.com2013-11-01 19:22 - 2013-11-01 19:22 - 00688992 _____ (Swearware) C:\Users\Quang Hong\Desktop\dds.scr2013-11-01 17:39 - 2013-11-01 21:11 - 00004294 _____ C:\windows\PFRO.log2013-11-01 17:05 - 2013-11-01 21:11 - 00000280 _____ C:\windows\setupact.log2013-11-01 17:05 - 2013-11-01 17:05 - 00000000 _____ C:\windows\setuperr.log2013-11-01 00:34 - 2013-11-01 00:34 - 00000000 ____D C:\Users\Quang Hong\Documents\My Spore Creations2013-11-01 00:34 - 2013-11-01 00:34 - 00000000 ____D C:\Users\Quang Hong\AppData\Roaming\SPORE2013-10-29 16:17 - 2013-11-01 17:32 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox2013-10-24 22:06 - 2013-10-24 22:06 - 00000000 ____D C:\Users\Quang Hong\AppData\Local\VividMS2013-10-22 16:00 - 2013-11-01 15:44 - 00000000 ____D C:\Users\Quang Hong\Downloads\Downloaded2013-10-14 03:34 - 2013-10-14 03:34 - 00000000 ____D C:\ProgramData\Nexon2013-10-14 03:21 - 2013-10-14 03:21 - 00000000 ____D C:\ProgramData\NexonUS2013-10-13 12:22 - 2013-11-01 21:15 - 00389174 _____ C:\windows\WindowsUpdate.log2013-10-09 03:11 - 2013-09-22 16:28 - 01767936 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll2013-10-09 03:11 - 2013-09-22 16:28 - 01141248 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll2013-10-09 03:11 - 2013-09-22 16:27 - 14335488 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll2013-10-09 03:11 - 2013-09-22 16:27 - 13761024 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll2013-10-09 03:11 - 2013-09-22 16:27 - 02876928 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll2013-10-09 03:11 - 2013-09-22 16:27 - 02048512 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll2013-10-09 03:11 - 2013-09-22 16:27 - 00690688 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll2013-10-09 03:11 - 2013-09-22 16:27 - 00493056 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll2013-10-09 03:11 - 2013-09-22 16:27 - 00391168 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll2013-10-09 03:11 - 2013-09-22 16:27 - 00109056 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesysprep.dll2013-10-09 03:11 - 2013-09-22 16:27 - 00061440 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll2013-10-09 03:11 - 2013-09-22 16:27 - 00039424 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll2013-10-09 03:11 - 2013-09-22 16:27 - 00033280 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll2013-10-09 03:11 - 2013-09-22 15:55 - 02241024 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll2013-10-09 03:11 - 2013-09-22 15:55 - 01365504 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll2013-10-09 03:11 - 2013-09-22 15:55 - 00051712 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe2013-10-09 03:11 - 2013-09-22 15:54 - 19252224 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll2013-10-09 03:11 - 2013-09-22 15:54 - 15404544 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll2013-10-09 03:11 - 2013-09-22 15:54 - 03959296 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll2013-10-09 03:11 - 2013-09-22 15:54 - 02647552 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll2013-10-09 03:11 - 2013-09-22 15:54 - 00855552 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll2013-10-09 03:11 - 2013-09-22 15:54 - 00603136 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll2013-10-09 03:11 - 2013-09-22 15:54 - 00526336 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll2013-10-09 03:11 - 2013-09-22 15:54 - 00136704 _____ (Microsoft Corporation) C:\windows\system32\iesysprep.dll2013-10-09 03:11 - 2013-09-22 15:54 - 00067072 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll2013-10-09 03:11 - 2013-09-22 15:54 - 00053248 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll2013-10-09 03:11 - 2013-09-22 15:54 - 00039936 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll2013-10-09 03:11 - 2013-09-20 20:38 - 02706432 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb2013-10-09 03:11 - 2013-09-20 20:30 - 02706432 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb2013-10-09 03:11 - 2013-09-20 19:48 - 00089600 _____ (Microsoft Corporation) C:\windows\system32\RegisterIEPKEYs.exe2013-10-09 03:11 - 2013-09-20 19:39 - 00071680 _____ (Microsoft Corporation) C:\windows\SysWOW64\RegisterIEPKEYs.exe2013-10-09 01:11 - 2013-10-09 01:11 - 00000000 ____D C:\Users\Quang Hong\AppData\Local\TERA2013-10-09 00:01 - 2013-09-13 18:10 - 00497152 _____ (Microsoft Corporation) C:\windows\system32\Drivers\afd.sys2013-10-09 00:01 - 2013-09-07 19:30 - 01903552 _____ (Microsoft Corporation) C:\windows\system32\Drivers\tcpip.sys2013-10-09 00:01 - 2013-09-07 19:27 - 00327168 _____ (Microsoft Corporation) C:\windows\system32\mswsock.dll2013-10-09 00:01 - 2013-09-07 19:03 - 00231424 _____ (Microsoft Corporation) C:\windows\SysWOW64\mswsock.dll2013-10-09 00:01 - 2013-09-04 05:12 - 00343040 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbhub.sys2013-10-09 00:01 - 2013-09-04 05:11 - 00325120 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbport.sys2013-10-09 00:01 - 2013-09-04 05:11 - 00099840 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbccgp.sys2013-10-09 00:01 - 2013-09-04 05:11 - 00052736 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbehci.sys2013-10-09 00:01 - 2013-09-04 05:11 - 00030720 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbuhci.sys2013-10-09 00:01 - 2013-09-04 05:11 - 00025600 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbohci.sys2013-10-09 00:01 - 2013-09-04 05:11 - 00007808 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbd.sys2013-10-09 00:01 - 2013-08-28 19:17 - 05549504 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe2013-10-09 00:01 - 2013-08-28 19:16 - 01732032 _____ (Microsoft Corporation) C:\windows\system32\ntdll.dll2013-10-09 00:01 - 2013-08-28 19:16 - 00859648 _____ (Microsoft Corporation) C:\windows\system32\tdh.dll2013-10-09 00:01 - 2013-08-28 19:16 - 00243712 _____ (Microsoft Corporation) C:\windows\system32\wow64.dll2013-10-09 00:01 - 2013-08-28 19:13 - 00878080 _____ (Microsoft Corporation) C:\windows\system32\advapi32.dll2013-10-09 00:01 - 2013-08-28 18:51 - 03969472 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntkrnlpa.exe2013-10-09 00:01 - 2013-08-28 18:51 - 03914176 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntoskrnl.exe2013-10-09 00:01 - 2013-08-28 18:50 - 01292192 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntdll.dll2013-10-09 00:01 - 2013-08-28 18:50 - 00619520 _____ (Microsoft Corporation) C:\windows\SysWOW64\tdh.dll2013-10-09 00:01 - 2013-08-28 18:50 - 00005120 _____ (Microsoft Corporation) C:\windows\SysWOW64\wow32.dll2013-10-09 00:01 - 2013-08-28 18:48 - 00640512 _____ (Microsoft Corporation) C:\windows\SysWOW64\advapi32.dll2013-10-09 00:01 - 2013-08-28 17:49 - 00025600 _____ (Microsoft Corporation) C:\windows\SysWOW64\setup16.exe2013-10-09 00:01 - 2013-08-28 17:49 - 00014336 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntvdm64.dll2013-10-09 00:01 - 2013-08-28 17:49 - 00007680 _____ (Microsoft Corporation) C:\windows\SysWOW64\instnm.exe2013-10-09 00:01 - 2013-08-28 17:49 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\user.exe2013-10-09 00:01 - 2013-08-27 18:21 - 03155968 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys2013-10-09 00:01 - 2013-08-27 18:12 - 00461312 _____ (Microsoft Corporation) C:\windows\system32\scavengeui.dll2013-10-09 00:01 - 2013-08-01 05:09 - 00983488 _____ (Microsoft Corporation) C:\windows\system32\Drivers\dxgkrnl.sys2013-10-09 00:01 - 2013-07-20 03:33 - 00124112 _____ (Microsoft Corporation) C:\windows\system32\PresentationCFFRasterizerNative_v0300.dll2013-10-09 00:01 - 2013-07-20 03:33 - 00102608 _____ (Microsoft Corporation) C:\windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll2013-10-09 00:01 - 2013-07-12 03:41 - 00185344 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbvideo.sys2013-10-09 00:01 - 2013-07-12 03:41 - 00100864 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbcir.sys2013-10-09 00:01 - 2013-07-12 03:40 - 00109824 _____ (Microsoft Corporation) C:\windows\system32\Drivers\USBAUDIO.sys2013-10-09 00:01 - 2013-07-04 05:57 - 00259584 _____ (Microsoft Corporation) C:\windows\system32\WebClnt.dll2013-10-09 00:01 - 2013-07-04 05:50 - 00633856 _____ (Microsoft Corporation) C:\windows\system32\comctl32.dll2013-10-09 00:01 - 2013-07-04 05:50 - 00102400 _____ (Microsoft Corporation) C:\windows\system32\davclnt.dll2013-10-09 00:01 - 2013-07-04 04:57 - 00205824 _____ (Microsoft Corporation) C:\windows\SysWOW64\WebClnt.dll2013-10-09 00:01 - 2013-07-04 04:51 - 00081920 _____ (Microsoft Corporation) C:\windows\SysWOW64\davclnt.dll2013-10-09 00:01 - 2013-07-04 04:50 - 00530432 _____ (Microsoft Corporation) C:\windows\SysWOW64\comctl32.dll2013-10-09 00:01 - 2013-07-04 03:11 - 00140800 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxdav.sys2013-10-09 00:01 - 2013-07-02 21:05 - 00076800 _____ (Microsoft Corporation) C:\windows\system32\Drivers\hidclass.sys2013-10-09 00:01 - 2013-07-02 21:05 - 00032896 _____ (Microsoft Corporation) C:\windows\system32\Drivers\hidparse.sys2013-10-09 00:01 - 2013-06-25 15:55 - 00785624 _____ (Microsoft Corporation) C:\windows\system32\Drivers\Wdf01000.sys2013-10-09 00:01 - 2013-06-05 22:50 - 00041472 _____ (Microsoft Corporation) C:\windows\system32\lpk.dll2013-10-09 00:01 - 2013-06-05 22:49 - 00100864 _____ (Microsoft Corporation) C:\windows\system32\fontsub.dll2013-10-09 00:01 - 2013-06-05 22:49 - 00014336 _____ (Microsoft Corporation) C:\windows\system32\dciman32.dll2013-10-09 00:01 - 2013-06-05 22:47 - 00046080 _____ (Adobe Systems) C:\windows\system32\atmlib.dll2013-10-09 00:01 - 2013-06-05 21:57 - 00025600 _____ (Microsoft Corporation) C:\windows\SysWOW64\lpk.dll2013-10-09 00:01 - 2013-06-05 21:51 - 00070656 _____ (Microsoft Corporation) C:\windows\SysWOW64\fontsub.dll2013-10-09 00:01 - 2013-06-05 21:50 - 00010240 _____ (Microsoft Corporation) C:\windows\SysWOW64\dciman32.dll2013-10-09 00:01 - 2013-06-05 20:30 - 00368128 _____ (Adobe Systems Incorporated) C:\windows\system32\atmfd.dll2013-10-09 00:01 - 2013-06-05 20:01 - 00295424 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\atmfd.dll2013-10-09 00:01 - 2013-06-05 20:01 - 00034304 _____ (Adobe Systems) C:\windows\SysWOW64\atmlib.dll2013-10-04 17:50 - 2013-06-06 13:41 - 00489392 _____ (Ask Partner Network) C:\Users\Quang Hong\Documents\APNSetup.exe2013-10-03 02:34 - 2013-10-31 22:08 - 00000000 ____D C:\Users\Quang Hong\AppData\Local\Warframe2013-10-03 02:34 - 2013-10-03 02:34 - 00000000 ____D C:\Users\Quang Hong\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Warframe==================== One Month Modified Files and Folders =======2013-11-01 21:15 - 2013-10-13 12:22 - 00389174 _____ C:\windows\WindowsUpdate.log2013-11-01 21:15 - 2013-01-08 22:45 - 00000000 ____D C:\Users\Quang Hong\AppData\Local\PMB Files2013-11-01 21:14 - 2013-11-01 21:14 - 00000000 ____D C:\FRST2013-11-01 21:13 - 2013-11-01 21:13 - 01957098 _____ (Farbar) C:\Users\Quang Hong\Desktop\FRST64.exe2013-11-01 21:11 - 2013-11-01 17:39 - 00004294 _____ C:\windows\PFRO.log2013-11-01 21:11 - 2013-11-01 17:05 - 00000280 _____ C:\windows\setupact.log2013-11-01 21:11 - 2009-07-13 22:08 - 00000006 ____H C:\windows\Tasks\SA.DAT2013-11-01 21:07 - 2009-07-13 21:45 - 00016976 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A02013-11-01 21:07 - 2009-07-13 21:45 - 00016976 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A02013-11-01 20:58 - 2013-11-01 20:43 - 00000000 ____D C:\AdwCleaner2013-11-01 20:42 - 2013-11-01 20:42 - 01060070 _____ C:\Users\Quang Hong\Desktop\AdwCleaner.exe2013-11-01 20:41 - 2013-11-01 20:41 - 00002033 _____ C:\Users\Quang Hong\Desktop\RKreport[0]_D_11012013_204133.txt2013-11-01 20:41 - 2013-11-01 19:44 - 00000000 ____D C:\Users\Quang Hong\Desktop\RK_Quarantine2013-11-01 20:12 - 2013-11-01 20:12 - 00001979 _____ C:\Users\Quang Hong\Desktop\RKreport[0]_S_11012013_201221.txt2013-11-01 19:46 - 2013-11-01 19:46 - 00001946 _____ C:\Users\Quang Hong\Desktop\RKreport[0]_S_11012013_194602.txt2013-11-01 19:41 - 2013-11-01 19:41 - 04012032 _____ C:\Users\Quang Hong\Desktop\RogueKillerX64.exe2013-11-01 19:35 - 2013-08-23 13:58 - 00000000 ____D C:\Users\Quang Hong\AppData\Roaming\Skype2013-11-01 19:28 - 2013-11-01 19:28 - 00013040 _____ C:\Users\Quang Hong\Desktop\attach.txt2013-11-01 19:27 - 2013-11-01 19:28 - 00026255 _____ C:\Users\Quang Hong\Desktop\dds.txt2013-11-01 19:22 - 2013-11-01 19:22 - 00688992 ____R (Swearware) C:\Users\Quang Hong\Desktop\dds.com2013-11-01 19:22 - 2013-11-01 19:22 - 00688992 _____ (Swearware) C:\Users\Quang Hong\Desktop\dds.scr2013-11-01 17:32 - 2013-10-29 16:17 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox2013-11-01 17:05 - 2013-11-01 17:05 - 00000000 _____ C:\windows\setuperr.log2013-11-01 17:05 - 2009-07-13 22:08 - 00032614 _____ C:\windows\Tasks\SCHEDLGU.TXT2013-11-01 15:44 - 2013-10-22 16:00 - 00000000 ____D C:\Users\Quang Hong\Downloads\Downloaded2013-11-01 14:56 - 2013-01-08 22:28 - 00000000 ____D C:\Users\Quang Hong\AppData\Roaming\Azureus2013-11-01 00:34 - 2013-11-01 00:34 - 00000000 ____D C:\Users\Quang Hong\Documents\My Spore Creations2013-11-01 00:34 - 2013-11-01 00:34 - 00000000 ____D C:\Users\Quang Hong\AppData\Roaming\SPORE2013-11-01 00:29 - 2013-08-21 23:57 - 00000000 ____D C:\Program Files (x86)\Electronic Arts2013-11-01 00:29 - 2012-02-21 19:27 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information2013-10-31 22:08 - 2013-10-03 02:34 - 00000000 ____D C:\Users\Quang Hong\AppData\Local\Warframe2013-10-30 17:16 - 2013-01-08 22:15 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service2013-10-25 14:17 - 2013-03-16 11:52 - 00000000 ____D C:\windows\Minidump2013-10-24 22:14 - 2013-01-08 22:45 - 00000000 ____D C:\ProgramData\PMB Files2013-10-24 22:06 - 2013-10-24 22:06 - 00000000 ____D C:\Users\Quang Hong\AppData\Local\VividMS2013-10-16 03:00 - 2013-01-08 22:23 - 00002155 _____ C:\windows\epplauncher.mif2013-10-16 03:00 - 2013-01-08 22:23 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client2013-10-16 03:00 - 2013-01-08 22:22 - 00000000 ____D C:\Program Files\Microsoft Security Client2013-10-15 11:55 - 2013-08-23 13:58 - 00000000 ___RD C:\Program Files (x86)\Skype2013-10-15 01:52 - 2013-03-18 11:22 - 00000000 ____D C:\ProgramData\HappyCloud2013-10-14 03:34 - 2013-10-14 03:34 - 00000000 ____D C:\ProgramData\Nexon2013-10-14 03:21 - 2013-10-14 03:21 - 00000000 ____D C:\ProgramData\NexonUS2013-10-12 11:38 - 2013-01-08 22:39 - 00692616 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe2013-10-12 11:38 - 2012-02-21 19:27 - 00071048 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl2013-10-09 19:49 - 2011-12-27 17:49 - 00000000 ____D C:\windows\Panther2013-10-09 10:54 - 2009-07-13 22:13 - 00902112 _____ C:\windows\system32\PerfStringBackup.INI2013-10-09 10:48 - 2013-03-14 02:16 - 00000000 ____D C:\Program Files\Microsoft Silverlight2013-10-09 10:48 - 2013-03-14 02:16 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight2013-10-09 10:48 - 2009-07-13 21:45 - 00275712 _____ C:\windows\system32\FNTCACHE.DAT2013-10-09 03:09 - 2013-01-09 02:25 - 00895836 _____ C:\windows\SysWOW64\PerfStringBackup.INI2013-10-09 03:06 - 2013-08-15 02:18 - 00000000 ____D C:\windows\system32\MRT2013-10-09 03:04 - 2013-01-10 22:38 - 80541720 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe2013-10-09 01:11 - 2013-10-09 01:11 - 00000000 ____D C:\Users\Quang Hong\AppData\Local\TERA2013-10-05 10:40 - 2012-02-21 19:38 - 00001695 _____ C:\windows\system32\AutoRunFilter.ini2013-10-05 10:40 - 2012-02-21 19:38 - 00001498 _____ C:\windows\system32\ServiceFilter.ini2013-10-04 17:50 - 2013-01-29 22:10 - 00000000 ____D C:\Program Files (x86)\ooVoo2013-10-03 11:32 - 2009-07-13 20:20 - 00000000 ____D C:\windows\rescache2013-10-03 02:34 - 2013-10-03 02:34 - 00000000 ____D C:\Users\Quang Hong\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Warframe2013-10-02 10:13 - 2013-01-09 02:27 - 00000000 ____D C:\Users\Quang Hong\AppData\Local\TurbineSome content of TEMP:====================C:\Users\Quang Hong\AppData\Local\Temp\libcurl-4.dllC:\Users\Quang Hong\AppData\Local\Temp\libeay32.dllC:\Users\Quang Hong\AppData\Local\Temp\libidn-11.dllC:\Users\Quang Hong\AppData\Local\Temp\librtmp.dllC:\Users\Quang Hong\AppData\Local\Temp\libssh2.dllC:\Users\Quang Hong\AppData\Local\Temp\ntdll_dump.dllC:\Users\Quang Hong\AppData\Local\Temp\Quarantine.exeC:\Users\Quang Hong\AppData\Local\Temp\ssleay32.dllC:\Users\Quang Hong\AppData\Local\Temp\zlib1.dll==================== Bamital & volsnap Check =================C:\Windows\System32\winlogon.exe => MD5 is legitC:\Windows\System32\wininit.exe => MD5 is legitC:\Windows\SysWOW64\wininit.exe => MD5 is legitC:\Windows\explorer.exe => MD5 is legitC:\Windows\SysWOW64\explorer.exe => MD5 is legitC:\Windows\System32\svchost.exe => MD5 is legitC:\Windows\SysWOW64\svchost.exe => MD5 is legitC:\Windows\System32\services.exe => MD5 is legitC:\Windows\System32\User32.dll => MD5 is legitC:\Windows\SysWOW64\User32.dll => MD5 is legitC:\Windows\System32\userinit.exe => MD5 is legitC:\Windows\SysWOW64\userinit.exe => MD5 is legitC:\Windows\System32\Drivers\volsnap.sys => MD5 is legitLastRegBack: 2013-10-03 11:24==================== End Of Log ============================ Additional scan result of Farbar Recovery Scan Tool (x64) Version: 31-10-2013Ran by Quang Hong at 2013-11-01 21:15:28Running from C:\Users\Quang Hong\DesktopBoot Mode: Normal============================================================================== Security Center ========================AV: Microsoft Security Essentials (Enabled - Up to date) {B140BF4E-23BB-4198-90AB-A51A4C60A69C}AV: Trend Micro Titanium Internet Security 2012 (Disabled - Up to date) {7193B549-236F-55EE-9AEC-F65279E59A92}AS: Microsoft Security Essentials (Enabled - Up to date) {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}AS: Trend Micro Titanium Internet Security 2012 (Disabled - Up to date) {CAF254AD-0555-5A60-A05C-CD200262D02F}AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}==================== Installed Programs ======================64 Bit HP CIO Components Installer (Version: 1.2.0)7-Zip 9.20 (x32)Adobe Flash Player 11 ActiveX (x32 Version: 11.5.502.146)Adobe Flash Player 11 Plugin (x32 Version: 11.9.900.117)Adobe Reader XI (11.0.05) (x32 Version: 11.0.05)Audacity 2.0.3 (x32 Version: 2.0.3)AVG SafeGuard toolbar (x32 Version: 17.0.1.12)Bing Bar (x32 Version: 7.2.241.0)CCleaner (Version: 3.26)Cheat Engine 6.3 (x32)Construct 2 r119 (Version: 1.0.119.0)Crystal Reports for Visual Studio (x32 Version: 12.51.0.240)Dotfuscator Software Services - Community Edition (x32 Version: 5.0.2300.0)Fallout 3 - NMC's Texture Pack (x32)Fallout 3 - Wasteland Edition (x32)Fast Boot (Version: 2.0.0)Intel® Trusted Connect Service Client (Version: 1.23.605.1)Java 7 Update 13 (64-bit) (Version: 7.0.130)Java SE Development Kit 7 Update 13 (64-bit) (Version: 1.7.0.130)Malwarebytes Anti-Malware version 1.75.0.1300 (x32 Version: 1.75.0.1300)MapleStory (x32)Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)Microsoft .NET Framework 4 Extended (Version: 4.0.30319)Microsoft .NET Framework 4 Multi-Targeting Pack (x32 Version: 4.0.30319)Microsoft Application Error Reporting (Version: 12.0.6015.5000)Microsoft ASP.NET MVC 2 - Visual Studio 2010 Tools (x32 Version: 2.0.50217.0)Microsoft ASP.NET MVC 2 (x32 Version: 2.0.50217.0)Microsoft Games for Windows - LIVE Redistributable (x32 Version: 3.5.88.0)Microsoft Help Viewer 1.0 (Version: 1.0.30319)Microsoft Office 2010 (x32 Version: 14.0.4763.1000)Microsoft Office Click-to-Run 2010 (Version: 14.0.4763.1000)Microsoft Office Click-to-Run 2010 (x32 Version: 14.0.4763.1000)Microsoft Office Starter 2010 - English (x32 Version: 14.0.4763.1000)Microsoft PowerPoint Viewer (x32 Version: 14.0.7015.1000)Microsoft Security Client (Version: 4.3.0219.0)Microsoft Security Essentials (Version: 4.3.219.0)Microsoft Silverlight (Version: 5.1.20913.0)Microsoft Silverlight 3 SDK (x32 Version: 3.0.40818.0)Microsoft SQL Server 2008 (64-bit)Microsoft SQL Server 2008 Browser (x32 Version: 10.1.2531.0)Microsoft SQL Server 2008 Common Files (Version: 10.0.1600.22)Microsoft SQL Server 2008 Common Files (Version: 10.1.2531.0)Microsoft SQL Server 2008 Database Engine Services (Version: 10.1.2531.0)Microsoft SQL Server 2008 Database Engine Shared (Version: 10.1.2531.0)Microsoft SQL Server 2008 Native Client (Version: 10.1.2531.0)Microsoft SQL Server 2008 R2 Data-Tier Application Framework (x32 Version: 10.50.1447.4)Microsoft SQL Server 2008 R2 Data-Tier Application Project (x32 Version: 10.50.1447.4)Microsoft SQL Server 2008 R2 Management Objects (x32 Version: 10.50.1447.4)Microsoft SQL Server 2008 R2 Management Objects (x64) (Version: 10.50.1447.4)Microsoft SQL Server 2008 R2 Transact-SQL Language Service (x32 Version: 10.50.1447.4)Microsoft SQL Server 2008 RsFx Driver (Version: 10.1.2531.0)Microsoft SQL Server 2008 Setup Support Files (Version: 10.1.2731.0)Microsoft SQL Server Compact 3.5 SP2 ENU (x32 Version: 3.5.8080.0)Microsoft SQL Server Compact 3.5 SP2 x64 ENU (Version: 3.5.8080.0)Microsoft SQL Server Database Publishing Wizard 1.4 (x32 Version: 10.1.2512.8)Microsoft SQL Server System CLR Types (x32 Version: 10.50.1447.4)Microsoft SQL Server System CLR Types (x64) (Version: 10.50.1447.4)Microsoft SQL Server VSS Writer (Version: 10.1.2531.0)Microsoft Sync Framework Runtime v1.0 SP1 (x64) (Version: 1.0.3010.0)Microsoft Sync Framework SDK v1.0 SP1 (x32 Version: 1.0.3010.0)Microsoft Sync Framework Services v1.0 SP1 (x64) (Version: 1.0.3010.0)Microsoft Sync Services for ADO.NET v2.0 SP1 (x64) (Version: 2.0.3010.0)Microsoft Team Foundation Server 2010 Object Model - ENU (Version: 10.0.30319)Microsoft Visual C++ 2005 Redistributable (x32)Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.59192)Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974 (x32 Version: 9.0.30729.4974)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)Microsoft Visual C++ 2010 x64 Designtime - 10.0.30319 (Version: 10.0.30319)Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (Version: 10.0.40219)Microsoft Visual C++ 2010 x64 Runtime - 10.0.30319 (Version: 10.0.30319)Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219)Microsoft Visual C++ 2010 x86 Runtime - 10.0.30319 (x32 Version: 10.0.30319)Microsoft Visual F# 2.0 Runtime (x32 Version: 10.0.30319)Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools (x32 Version: 10.0.30319)Microsoft Visual Studio 2010 Office Developer Tools (x64) (Version: 10.0.30319)Microsoft Visual Studio 2010 Professional - ENU (x32 Version: 10.0.30319)Microsoft Visual Studio 2010 SharePoint Developer Tools (x32 Version: 10.0.30319)Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (Version: 10.0.40303)Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (Version: 10.0.40308)Microsoft Visual Studio Macro Tools (x32 Version: 9.0.30729)Microsoft WSE 3.0 Runtime (x32)MorphVOX Pro (x32 Version: 4.3.13)Mozilla Firefox 25.0 (x86 en-US) (x32 Version: 25.0)Mozilla Maintenance Service (x32 Version: 25.0)NBA 2K11 (x32 Version: 1.0.0)NetBeans IDE 7.2.1 (Version: 7.2.1)Nexon Game Manager (x32)ooVoo (x32 Version: 3.5.9060)Oovoo Toolbar (x32 Version: 12.6.0.1643)PowerISO (x32 Version: 5.5)Saints Row IV (x32 Version: 1)Service Pack 1 for SQL Server 2008 (KB968369) (64-bit) (Version: 10.1.2531.0)Skype Click to Call (x32 Version: 6.13.13771)Skype™ 6.7 (x32 Version: 6.7.102)SPORE™ (x32 Version: 1.05.0000)SPORE™ Creepy & Cute Parts Pack (x32 Version: 1.00.0000)SPORE™ Galactic Adventures (x32 Version: 1.01.0000)Sql Server Customer Experience Improvement Program (Version: 10.1.2531.0)The Movies (x32 Version: 1.0)The Movies 1.1 Patch (x32 Version: 1.0)The Movies Stunts & Effects (x32 Version: 1.0)The Movies Stunts & Effects (x32 Version: 1.2)Trend Micro Titanium (Version: 5.00)Trend Micro Titanium Internet Security 2012 (Version: 5.0)Unity Web Player (HKCU Version: )Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1)Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1)Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1)Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (x32 Version: 3)Update for Microsoft .NET Framework 4 Extended (KB2468871) (x32 Version: 1)Update for Microsoft .NET Framework 4 Extended (KB2533523) (x32 Version: 1)Update for Microsoft .NET Framework 4 Extended (KB2600217) (x32 Version: 1)Update for Microsoft .NET Framework 4 Extended (KB2836939v3) (x32 Version: 3)Visual Studio 2010 Prerequisites - English (Version: 10.0.30319)Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU (x32 Version: 4.0.8080.0)Vuze (Version: 5.0.0.0)Vuze Remote Toolbar v7.6 (x32 Version: 7.6)Warframe (x32 Version: 1.0.0)Web Deployment Tool (Version: 1.1.0618)Windows Live Family Safety (Version: 15.4.3538.0513)Windows Live ID Sign-in Assistant (Version: 7.250.4232.0)Windows Live Language Selector (Version: 15.4.3538.0513)Windows Live MIME IFilter (Version: 15.4.3502.0922)Windows Live Remote Client (Version: 15.4.5722.2)Windows Live Remote Client Resources (Version: 15.4.5722.2)Windows Live Remote Service (Version: 15.4.5722.2)Windows Live Remote Service Resources (Version: 15.4.5722.2)==================== Restore Points =========================23-10-2013 19:14:54 Windows Update26-10-2013 01:18:49 Installed DirectX27-10-2013 18:42:12 Windows Update29-10-2013 10:00:11 Windows Update01-11-2013 07:14:56 Installed SPORE™01-11-2013 07:24:33 Installed SPORE™01-11-2013 07:26:20 Installed SPORE™ Creepy & Cute Parts Pack01-11-2013 07:29:13 Installed SPORE™ Galactic Adventures01-11-2013 07:30:36 Installed SPORE™ Galactic Adventures01-11-2013 22:06:07 Windows Update==================== Hosts content: ==========================2009-07-13 19:34 - 2009-06-10 14:00 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts==================== Scheduled Tasks (whitelisted) =============Task: {1C7A24F6-FDB5-4329-8F5F-E7199F33A40B} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2012-12-19] (Piriform Ltd)Task: {2A8BA87F-07FB-4551-ABE5-D0402A0986CF} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvcTask: {742795C9-E2E6-4EE9-922E-050DE9B4F7AE} - System32\Tasks\ASUS\Asus HybridSleep Helper => C:\Program Files (x86)\ASUS\ASUS Instant On\AsInstantOn.exe [2011-12-28] (ASUSTeK Computer Inc.)Task: {7526B1FF-E735-4707-ACA9-0664265EBF77} - System32\Tasks\ASUS\ASUS AI Suite II Execute => C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe [2010-11-26] (ASUSTeK Computer Inc.)Task: {F7A41BCA-28D6-4657-9F6C-849ECAE90385} - System32\Tasks\ASUS\AsBackupWizard_Run => C:\Program Files (x86)\ASUS\\AsBackupWizard\\AsRunBkWizardHelper.exe [2010-04-23] (ASUSTeK Computer Inc.)==================== Loaded Modules (whitelisted) =============2012-02-21 18:51 - 2011-12-14 23:34 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll2012-02-21 19:34 - 2013-11-01 21:11 - 00025600 _____ () C:\Program Files (x86)\ASUS\AXSP\1.00.18\PEbiosinterface32.dll2012-02-21 19:34 - 2010-06-28 19:58 - 00104448 _____ () C:\Program Files (x86)\ASUS\AXSP\1.00.18\ATKEX.dll2012-02-21 19:39 - 2010-04-23 04:23 - 00011264 _____ () C:\Program Files (x86)\ASUS\ASUS Instant On\Images\AsMultiLang.dll2012-02-21 19:39 - 2011-06-13 10:53 - 00061440 _____ () C:\Program Files (x86)\ASUS\ASUS Instant On\MSPowerLib.dll2013-10-29 16:17 - 2013-10-29 16:17 - 03368048 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll2012-02-21 19:33 - 2012-02-07 18:39 - 01198872 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll==================== Alternate Data Streams (whitelisted) ============================= Safe Mode (whitelisted) ======================================= Faulty Device Manager Devices ================================= Event log errors: =========================Application errors:==================Error: (11/01/2013 09:13:27 PM) (Source: WinMgmt) (User: )Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003Error: (11/01/2013 09:01:28 PM) (Source: WinMgmt) (User: )Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003Error: (11/01/2013 07:01:22 PM) (Source: WinMgmt) (User: )Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003Error: (11/01/2013 06:26:27 PM) (Source: WinMgmt) (User: )Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003Error: (11/01/2013 05:41:12 PM) (Source: WinMgmt) (User: )Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003Error: (11/01/2013 05:08:41 PM) (Source: WinMgmt) (User: )Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003Error: (11/01/2013 04:46:25 PM) (Source: WinMgmt) (User: )Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003Error: (11/01/2013 03:50:33 PM) (Source: WinMgmt) (User: )Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003Error: (11/01/2013 03:41:56 PM) (Source: WinMgmt) (User: )Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003Error: (11/01/2013 02:56:04 PM) (Source: WinMgmt) (User: )Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003System errors:=============Error: (11/01/2013 09:12:09 PM) (Source: Service Control Manager) (User: )Description: The following boot-start or system-start driver(s) failed to load:sptdError: (11/01/2013 09:11:28 PM) (Source: sptd) (User: )Description: Driver detected an internal error in its data structures for .Error: (11/01/2013 09:00:16 PM) (Source: Service Control Manager) (User: )Description: The following boot-start or system-start driver(s) failed to load:sptdError: (11/01/2013 08:59:30 PM) (Source: sptd) (User: )Description: Driver detected an internal error in its data structures for .Error: (11/01/2013 07:00:00 PM) (Source: Service Control Manager) (User: )Description: The following boot-start or system-start driver(s) failed to load:sptdError: (11/01/2013 06:59:24 PM) (Source: sptd) (User: )Description: Driver detected an internal error in its data structures for .Error: (11/01/2013 06:25:06 PM) (Source: Service Control Manager) (User: )Description: The Computer Browser service depends on the Server service which failed to start because of the following error:%%1068Error: (11/01/2013 06:25:06 PM) (Source: Service Control Manager) (User: )Description: The Computer Browser service depends on the Server service which failed to start because of the following error:%%1068Error: (11/01/2013 06:25:04 PM) (Source: Service Control Manager) (User: )Description: The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error:%%1068Error: (11/01/2013 06:25:04 PM) (Source: DCOM) (User: )Description: 1084WSearch{9E175B6D-F52A-11D8-B9A5-505054503030}Microsoft Office Sessions:=========================Error: (11/01/2013 09:13:27 PM) (Source: WinMgmt)(User: )Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003Error: (11/01/2013 09:01:28 PM) (Source: WinMgmt)(User: )Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003Error: (11/01/2013 07:01:22 PM) (Source: WinMgmt)(User: )Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003Error: (11/01/2013 06:26:27 PM) (Source: WinMgmt)(User: )Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003Error: (11/01/2013 05:41:12 PM) (Source: WinMgmt)(User: )Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003Error: (11/01/2013 05:08:41 PM) (Source: WinMgmt)(User: )Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003Error: (11/01/2013 04:46:25 PM) (Source: WinMgmt)(User: )Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003Error: (11/01/2013 03:50:33 PM) (Source: WinMgmt)(User: )Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003Error: (11/01/2013 03:41:56 PM) (Source: WinMgmt)(User: )Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003Error: (11/01/2013 02:56:04 PM) (Source: WinMgmt)(User: )Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003==================== Memory info ===========================Percentage of memory in use: 16%Total physical RAM: 16271.6 MBAvailable physical RAM: 13590.43 MBTotal Pagefile: 32541.38 MBAvailable Pagefile: 29643.07 MBTotal Virtual: 8192 MBAvailable Virtual: 8191.8 MB==================== Drives ================================Drive c: (WIN7) (Fixed) (Total:745.21 GB) (Free:649.62 GB) NTFS ==>[system with boot components (obtained from reading drive)]Drive d: (DATA) (Fixed) (Total:1099.13 GB) (Free:1009.64 GB) NTFS==================== MBR & Partition Table ==========================================================================Disk: 0 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: 4500EEC2)Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)Partition 2: (Not Active) - (Size=19 GB) - (Type=1B)Partition 3: (Not Active) - (Size=745 GB) - (Type=07 NTFS)Partition 4: (Not Active) - (Size=-1018838824448) - (Type=07 NTFS)==================== End Of Log ============================ Link to post Share on other sites More sharing options...
Devilsraging Posted November 2, 2013 Author ID:749138 Share Posted November 2, 2013 Hey after following your instruction, I re-ran Malware anti-malware full scan and it did not find any infected files or virus, thanks for the help, i appreciate it. If it's not too much, can you help me clear up my computer of the files during this fix? Link to post Share on other sites More sharing options...
MrCharlie Posted November 2, 2013 ID:749210 Share Posted November 2, 2013 Good...... Download the attached fixlist.txt to the same folder as FRST. Run FRST and click Fix only once and wait The tool will create a log (Fixlog.txt) in the folder, please post it to your reply. Then...... Lets check your computers security before you go and we have a little cleanup to do also: Download Security Check by screen317 from HERE or HERE.Save it to your Desktop.Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.If you get Unsupported operating system. Aborting now, just reboot and try again.A Notepad document should open automatically called checkup.txt.Please Post the contents of that document.Do Not Attach It!!!MrC Link to post Share on other sites More sharing options...
Devilsraging Posted November 2, 2013 Author ID:749357 Share Posted November 2, 2013 download the attached fixlist.txt ? where do i download that? and where folder inside FRST do i place it in? Link to post Share on other sites More sharing options...
Devilsraging Posted November 2, 2013 Author ID:749358 Share Posted November 2, 2013 O wait i'm dumb nvm haha, but which folder inside FRST do i place it in? or just inside FRST is fine? Link to post Share on other sites More sharing options...
MrCharlie Posted November 2, 2013 ID:749362 Share Posted November 2, 2013 Where ever FRST is, that's where you want the Fixlist.txt. MrC Link to post Share on other sites More sharing options...
Devilsraging Posted November 2, 2013 Author ID:749387 Share Posted November 2, 2013 Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 31-10-2013Ran by Quang Hong at 2013-11-02 13:52:02 Run:1Running from C:\Users\Quang Hong\Desktop\pc fixBoot Mode: Normal==============================================Content of fixlist:*****************AppInit_DLLs-x32: c:\progra~2\browse~1\sprote~1.dll [ ] ()C:\Users\Quang Hong\AppData\Local\Temp\libcurl-4.dllC:\Users\Quang Hong\AppData\Local\Temp\libeay32.dllC:\Users\Quang Hong\AppData\Local\Temp\libidn-11.dllC:\Users\Quang Hong\AppData\Local\Temp\librtmp.dllC:\Users\Quang Hong\AppData\Local\Temp\libssh2.dllC:\Users\Quang Hong\AppData\Local\Temp\ntdll_dump.dllC:\Users\Quang Hong\AppData\Local\Temp\Quarantine.exeC:\Users\Quang Hong\AppData\Local\Temp\ssleay32.dllC:\Users\Quang Hong\AppData\Local\Temp\zlib1.dll*****************HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs => Value was restored successfully.C:\Users\Quang Hong\AppData\Local\Temp\libcurl-4.dll => Moved successfully.C:\Users\Quang Hong\AppData\Local\Temp\libeay32.dll => Moved successfully.C:\Users\Quang Hong\AppData\Local\Temp\libidn-11.dll => Moved successfully.C:\Users\Quang Hong\AppData\Local\Temp\librtmp.dll => Moved successfully.C:\Users\Quang Hong\AppData\Local\Temp\libssh2.dll => Moved successfully.C:\Users\Quang Hong\AppData\Local\Temp\ntdll_dump.dll => Moved successfully.C:\Users\Quang Hong\AppData\Local\Temp\Quarantine.exe => Moved successfully.C:\Users\Quang Hong\AppData\Local\Temp\ssleay32.dll => Moved successfully.C:\Users\Quang Hong\AppData\Local\Temp\zlib1.dll => Moved successfully.==== End of Fixlog ==== Link to post Share on other sites More sharing options...
Devilsraging Posted November 2, 2013 Author ID:749391 Share Posted November 2, 2013 Results of screen317's Security Check version 0.99.76 Windows 7 Service Pack 1 x64 (UAC is enabled) Internet Explorer 10 ``````````````Antivirus/Firewall Check:`````````````` Windows Security Center service is not running! This report may not be accurate! Windows Firewall Enabled! Microsoft Security Essentials Trend Micro Titanium Internet Security 2012 Antivirus up to date! (On Access scanning disabled!)`````````Anti-malware/Other Utilities Check:````````` Malwarebytes Anti-Malware version 1.75.0.1300 Adobe Flash Player 11.9.900.117 Adobe Reader XI Mozilla Firefox (25.0)````````Process Check: objlist.exe by Laurent```````` Microsoft Security Essentials MSMpEng.exe Microsoft Security Essentials msseces.exe Malwarebytes Anti-Malware mbamservice.exe Malwarebytes Anti-Malware mbamgui.exe Malwarebytes' Anti-Malware mbamscheduler.exe Trend Micro Titanium TiMiniService.exe Trend Micro Titanium TiResumeSrv.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: 11% Defragment your hard drive soon! (Do NOT defrag if SSD!)````````````````````End of Log`````````````````````` Link to post Share on other sites More sharing options...
MrCharlie Posted November 2, 2013 ID:749397 Share Posted November 2, 2013 Looks OK A little clean up to do.... Please Uninstall ComboFix: (if you used it) Press the Windows logo key + R to bring up the "run box" Copy and paste next command in the field: ComboFix /uninstall Make sure there's a space between Combofix and / Then hit enter. This will uninstall Combofix, delete its related folders and files, hide file extensions, hide the system/hidden files and clears System Restore cache and create new Restore point (If that doesn't work.....you can simply rename ComboFix.exe to Uninstall.exe and double click it to complete the uninstall or download and run the uninstaller) --------------------------------- Please download OTC to your desktop. http://oldtimer.geekstogo.com/OTC.exe Double-click OTC to run it. (Vista and up users, please right click on OTC and select "Run as an Administrator") Click on the CleanUp! button and follow the prompts. (If you get a warning from your firewall or other security programs regarding OTC attempting to contact the Internet, please allow the connection.) You will be asked to reboot the machine to finish the Cleanup process, choose Yes. After the reboot all the tools we used should be gone. Note: Some more recently created tools may not yet be removed by OTC. Feel free to manually delete any tools it leaves behind. Any other programs or logs you can manually delete. IE: RogueKiller.exe, RKreport.txt, RK_Quarantine folder, C:\FRST, MBAR, etc....AdwCleaner > just run the program and click uninstall. Note: If you used FRST and can't delete the quarantine folder: Download the fixlist.txt to the same folder as FRST. Run FRST and click Fix only once and wait That will delete the quarantine folder created by FRST. The rest you can manually delete. ------------------------------- Any questions...please post back. If you think I've helped you, please leave a comment > click on my avatar picture > click Profile Feed. Take a look at My Preventive Maintenance to avoid being infected again. (also HERE) Good Luck and Thanks for using the forum, MrC Link to post Share on other sites More sharing options...
Devilsraging Posted November 2, 2013 Author ID:749409 Share Posted November 2, 2013 Thank you so much Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted November 4, 2013 Root Admin ID:749903 Share Posted November 4, 2013 Glad we could help. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread. Thanks! Link to post Share on other sites More sharing options...
Recommended Posts