Jump to content

Recommended Posts

Hi, it seems bitcoin has infected my svchost for awhile now, I have tried to remove it using malware anti - malware, but it never really did remove the problem. I have scanned this probably 20 or more times, and everytime it said "remove on reboot" or "quarantined and successfully removed". At first there was no harm keeping it, it didn't affect anything i do really. But then today, it seems to have sprung.

 

Problem: On startup, everything seems to work fine, but as soon as svchost starts, it starts to lag like crazy; hovering over an icon, click on the start button, opening up anything, etc. At first i didn't know what it was, or why this is happening, but when i checked task manager, it seems like svchost.exe was running a big number. shown here: post-147671-0-48163500-1383355836_thumb. I knew it was the problem, because when i ended process of svchost, everything return to normal, my computer was running fast like it always does and everything seems to function fine, sounds, graphics, etc. So I ran a full scan and found 7 problems. Shown here: MBAM-log-2013-11-01 (18-21-37).txt

 

 

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.11.01.07

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16721
Quang Hong :: QUANGHONG-PC [administrator]

11/1/2013 5:42:39 PM
MBAM-log-2013-11-01 (18-21-37).txt

Scan type: Full scan (C:\|D:\|E:\|F:\|G:\|H:\|I:\|Q:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 427455
Time elapsed: 37 minute(s), 20 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 7
C:\Users\Quang Hong\AppData\Local\Temp\svchost.exe (Riskware.Bitcoin) -> No action taken.
C:\Users\Quang Hong\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PFGM2B1Y\svchost[1].exe (Riskware.Bitcoin) -> No action taken.
C:\Users\Quang Hong\AppData\Local\Temp\phatk121016.cl (Trojan.BitcoinMiner) -> No action taken.
C:\Users\Quang Hong\AppData\Local\Temp\scrypt130511.cl (Trojan.BitcoinMiner) -> No action taken.
C:\Users\Quang Hong\AppData\Local\Temp\diablo130302.cl (Trojan.BitcoinMiner) -> No action taken.
C:\Users\Quang Hong\AppData\Local\Temp\poclbm130302.cl (Trojan.BitcoinMiner) -> No action taken.
C:\Users\Quang Hong\AppData\Local\Temp\diakgcn121016.cl (Trojan.BitcoinMiner) -> No action taken.

(end)

 

 

Link to post
Share on other sites

Welcome to the forum, please start HERE

Post back the 2 logs here.....DDS.txt and Attach.txt

(please don't put logs in code or quotes and use the default font)

General P2P/Piracy Warning:

1. If you're using Peer 2 Peer software such uTorrent, BitTorrent or similar you must either fully uninstall it or completely disable it from running while being assisted here.

Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.

2. If you have illegal/cracked software, cracks, keygens, custom (Adobe) host file, etc. on the system, please remove or uninstall them now and read the policy on Piracy.

Failure to remove such software will result in your topic being closed and no further assistance being provided.

<====><====><====><====><====><====><====><====>

Next................

Please download and run RogueKiller 32 bit to your desktop.

RogueKiller<---use this one for 64 bit systems

Which system am I using?

Quit all running programs.

For Windows XP, double-click to start.

For Vista or Windows 7-8, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

Click Scan to scan the system.

When the scan completes > Close out the program > Don't Fix anything!

Don't run any other options, they're not all bad!!!!!!!

Post back the report which should be located on your desktop.

(please don't put logs in code or quotes and use the default font)

MrC

Note:

Please read all of my instructions completely including these.

Make sure system restore is turned on and running

Make sure you're subscribed to this topic: Click on the Follow This Topic Button (at the top right of this page), make sure that the Receive notification box is checked and that it is set to Instantly

Removing malware can be unpredictable...unlikely but things can go very wrong! Backup any files that cannot be replaced. You can copy them to a CD/DVD, external drive or a pen drive

<+>Please don't run any other scans, download, install or uninstall any programs while I'm working with you.

<+>The removal of malware isn't instantaneous, please be patient.

<+>When we are done, I'll give to instructions on how to cleanup all the tools and logs

<+>Please stick with me until I give you the "all clear" and Please don't waste my time by leaving before that.

------->Your topic will be closed if you haven't replied within 3 days!<--------

(If I don't respond within 24 hours, please send me a PM)

Link to post
Share on other sites

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 10.0.9200.16720
Run by Quang Hong at 19:27:27 on 2013-11-01
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.16272.13700 [GMT -7:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}
AV: Trend Micro Titanium Internet Security 2012 *Disabled/Updated* {7193B549-236F-55EE-9AEC-F65279E59A92}
SP: Microsoft Security Essentials *Enabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}
SP: Trend Micro Titanium Internet Security 2012 *Disabled/Updated* {CAF254AD-0555-5A60-A05C-CD200262D02F}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\FBAgent.exe
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe
C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe
C:\windows\system32\taskhost.exe
C:\windows\system32\taskeng.exe
C:\Program Files (x86)\ASUS\ASUS Instant On\AsInstantOn.exe
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe
C:\Program Files (x86)\ASUS\AXSP\1.00.18\atkexComSvc.exe
C:\Program Files (x86)\ASUS\AAHM\1.00.18\aaHMSvc.exe
C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe
C:\Windows\SysWOW64\AsHookDevice.exe
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\ASUS\AI Suite II\EPU\EPUHelp.exe
C:\Program Files\Intel\iCLS Client\HeciServer.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
C:\windows\System32\svchost.exe -k HPZ12
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\windows\System32\svchost.exe -k HPZ12
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.0.12\ToolbarUpdater.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.0.12\loggingserver.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
C:\Program Files (x86)\ASUS\AI Manager\AsShellApplication.exe
C:\Program Files (x86)\ASUS\ASUS Easy Update\ALU.exe
C:\Program Files (x86)\ASUS\ASUS Ai Charger\AiChargerAP.exe
C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe
C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe
C:\windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings64.exe
C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\windows\System32\WUDFHost.exe
C:\Program Files\Trend Micro\Titanium\TiMiniService.exe
C:\Program Files\Trend Micro\Titanium\TiResumeSrv.exe
C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
C:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe
C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe
C:\windows\system32\svchost.exe -k SDRSVC
C:\Program Files (x86)\Microsoft\BingBar\7.2.241.0\SeaPort.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.

uURLSearchHooks: Vuze Remote Toolbar: {05478A66-EDB6-4A22-A870-A5987F80A7DA} - C:\Program Files (x86)\Vuze Remote Toolbar\IE\7.6\vuzeToolbarIE.dll
mWinlogon: Userinit = userinit.exe,
BHO: Vuze Remote Toolbar: {05478A66-EDB6-4A22-A870-A5987F80A7DA} - C:\Program Files (x86)\Vuze Remote Toolbar\IE\7.6\vuzeToolbarIE.dll
BHO: TmIEPlugInBHO Class: {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\module\20004\2.0.1313\6.8.1072\TmIEPlg32.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: AVG SafeGuard toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG SafeGuard toolbar\17.0.1.12\AVG SafeGuard toolbar_toolbar.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: TmBpIeBHO Class: {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\module\20002\7.0.1081\7.0.1081\TmBpIe32.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.2.241.0\BingExt.dll
TB: AVG SafeGuard toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG SafeGuard toolbar\17.0.1.12\AVG SafeGuard toolbar_toolbar.dll
TB: Vuze Remote Toolbar: {05478A66-EDB6-4A22-A870-A5987F80A7DA} - C:\Program Files (x86)\Vuze Remote Toolbar\IE\7.6\vuzeToolbarIE.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.2.241.0\BingExt.dll
uRun: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
mRun: [uSB3MON] "C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
mRun: [RunAIShell] C:\Program Files (x86)\ASUS\AI Manager\AsShellApplication.exe
mRun: [ASUS Easy Update] C:\Program Files (x86)\ASUS\ASUS Easy Update\ALU.exe
mRun: [ASUS Ai Charger] C:\Program Files (x86)\ASUS\ASUS Ai Charger\AiChargerAP.exe
mRun: [Adobe] C:\Users\Quang Hong\AppData\Roaming\Microsoft\Windows\Recent.vbe
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [vProt] "C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe"
mRun: [searchSettings] "C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe"
mRun: [ApnTBMon] "C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe"
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-Explorer: HideSCAHealth = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{2D038650-7557-4AB3-A3D4-174E55595084} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{659DB0DE-09CC-4F5B-9A25-91D01A7E7E78} : DHCPNameServer = 192.168.1.1
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\module\20002\7.0.1081\7.0.1081\TmBpIe32.dll
Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\module\20004\2.0.1313\6.8.1072\TmIEPlg32.dll
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\17.0.12\ViProtocol.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
AppInit_DLLs= c:\progra~2\browse~1\sprote~1.dll
SSODL: WebCheck - <orphaned>
x64-BHO: TmIEPlugInBHO Class: {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\module\20004\2.0.1313\6.8.1072\TmIEPlg.dll
x64-BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-BHO: TmBpIeBHO Class: {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\module\20002\7.0.1081\7.0.1081\TmBpIe64.dll
x64-BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
x64-Run: [VizorHtmlDialog.exe] "C:\Program Files\Trend Micro\Titanium\UIFramework\VizorHtmlDialog.exe" "DEF" "EULA" "C:\Program Files\Trend Micro\Titanium\www\Installer.cmpt\resources\preinstall_01_welcome_trial.html" "DEF" "DEF" "DEF"
x64-Run: [Trend Micro Client Framework] "C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe"
x64-Run: [Trend Micro Titanium] "C:\Program Files\Trend Micro\Titanium\VizorShortCut.exe" -ReFlush "none" "none"
x64-Run: [igfxTray] C:\windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\windows\System32\igfxpers.exe
x64-Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll

x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\module\20002\7.0.1081\7.0.1081\TmBpIe64.dll
x64-Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\module\20004\2.0.1313\6.8.1072\TmIEPlg.dll
x64-Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Quang Hong\AppData\Roaming\Mozilla\Firefox\Profiles\80h62b6c.default\
FF - prefs.js: browser.search.defaulturl -
FF - prefs.js: browser.search.selectedEngine - AVG Secure Search

FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\17.0.12\npsitesafety.dll
FF - plugin: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll
FF - plugin: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll
FF - plugin: C:\Users\Quang Hong\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll
FF - ExtSQL: 2013-09-03 10:04; avg@toolbar; C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\17.0.1.12
.
---- FIREFOX POLICIES ----
.
FF - user.js: extensions.funmoods.hmpg - true

FF - user.js: extensions.funmoods.dfltSrch - true
FF - user.js: extensions.funmoods.srchPrvdr - Funmoods
FF - user.js: extensions.funmoods.dnsErr - true
FF - user.js: extensions.funmoods_i.newTab - true


FF - user.js: extensions.funmoods.id - 74E543E21B8455E0
FF - user.js: extensions.funmoods.instlDay - 15717
FF - user.js: extensions.funmoods.vrsn - 1.5.23.22
FF - user.js: extensions.funmoods.vrsni - 1.5.23.22
FF - user.js: extensions.funmoods_i.vrsnTs - 1.5.23.222:9:47
FF - user.js: extensions.funmoods.prtnrId - funmoods
FF - user.js: extensions.funmoods.prdct - funmoods
FF - user.js: extensions.funmoods.aflt - nv1
FF - user.js: extensions.funmoods_i.smplGrp - none
FF - user.js: extensions.funmoods.tlbrId - base
FF - user.js: extensions.funmoods.instlRef - nv1
FF - user.js: extensions.funmoods.dfltLng -
FF - user.js: extensions.funmoods.excTlbr - false
FF - user.js: extensions.funmoods.autoRvrt - false
FF - user.js: extensions.funmoods.envrmnt - production
FF - user.js: extensions.funmoods.isdcmntcmplt - true
FF - user.js: extensions.funmoods.mntrvrsn - 1.3.0
.
.
.
============= SERVICES / DRIVERS ===============
.
R0 iusb3hcs;Intel® USB 3.0 Host Controller Switch Driver;C:\windows\System32\drivers\iusb3hcs.sys [2012-2-21 16152]
R0 MpFilter;Microsoft Malware Protection Driver;C:\windows\System32\drivers\MpFilter.sys [2013-6-18 247216]
R0 mv91xx;mv91xx;C:\windows\System32\drivers\mv91xx.sys [2012-2-9 293416]
R1 avgtp;avgtp;C:\windows\System32\drivers\avgtpx64.sys [2013-8-25 46368]
R1 tmevtmgr;tmevtmgr;C:\windows\System32\drivers\tmevtmgr.sys [2012-2-21 70928]
R2 AFBAgent;AFBAgent;C:\windows\System32\FBAgent.exe [2012-2-21 379520]
R2 APNMCP;Ask Update Service;C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe [2013-10-15 166352]
R2 Application Updater;Application Updater;C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe [2013-9-2 807800]
R2 asComSvc;ASUS Com Service;C:\Program Files (x86)\ASUS\AXSP\1.00.18\atkexComSvc.exe [2012-2-21 918448]
R2 asHmComSvc;ASUS HM Com Service;C:\Program Files (x86)\ASUS\AAHM\1.00.18\aaHMSvc.exe [2012-2-21 950912]
R2 AsSysCtrlService;ASUS System Control Service;C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe [2012-2-21 586880]
R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2013-4-22 822504]
R2 Device Handle Service;Device Handle Service;C:\Windows\SysWOW64\AsHookDevice.exe [2012-2-21 203392]
R2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2012-2-2 628448]
R2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe [2012-2-21 161560]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-5-7 418376]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-5-7 701512]
R2 NisDrv;Microsoft Network Inspection System;C:\windows\System32\drivers\NisDrvWFP.sys [2012-8-30 139616]
R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2013-6-26 523944]
R2 Skype C2C Service;Skype C2C Service;C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2013-10-9 3275136]
R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2012-2-21 363800]
R2 vToolbarUpdater17.0.12;vToolbarUpdater17.0.12;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.0.12\ToolbarUpdater.exe [2013-10-1 1734680]
R3 BBUpdate;BBUpdate;C:\Program Files (x86)\Microsoft\BingBar\7.2.241.0\SeaPort.EXE [2013-7-23 240288]
R3 IntcDAud;Intel® Display Audio;C:\windows\System32\drivers\IntcDAud.sys [2012-2-21 331264]
R3 iusb3hub;Intel® USB 3.0 Hub Driver;C:\windows\System32\drivers\iusb3hub.sys [2012-2-21 355096]
R3 iusb3xhc;Intel® USB 3.0 eXtensible Host Controller Driver;C:\windows\System32\drivers\iusb3xhc.sys [2012-2-21 786200]
R3 MBAMProtector;MBAMProtector;C:\windows\System32\drivers\mbam.sys [2013-5-7 25928]
R3 netr28x;Ralink 802.11n Extensible Wireless Driver;C:\windows\System32\drivers\netr28x.sys [2012-2-9 1488448]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2013-8-12 366600]
R3 RTL8167;Realtek 8167 NT Driver;C:\windows\System32\drivers\Rt64win7.sys [2012-2-21 646248]
R3 ScreamBAudioSvc;ScreamBee Audio;C:\windows\System32\drivers\ScreamingBAudio64.sys [2010-7-1 38992]
R3 Sftfs;Sftfs;C:\windows\System32\drivers\Sftfslh.sys [2013-6-26 767144]
R3 Sftplay;Sftplay;C:\windows\System32\drivers\Sftplaylh.sys [2013-6-26 273576]
R3 Sftredir;Sftredir;C:\windows\System32\drivers\Sftredirlh.sys [2013-6-26 28840]
R3 Sftvol;Sftvol;C:\windows\System32\drivers\Sftvollh.sys [2013-6-26 23208]
R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2013-6-26 207528]
R3 TiMiniService;TiMiniService;C:\Program Files\Trend Micro\Titanium\TiMiniService.exe [2012-2-21 247072]
S2 BBSvc;BingBar Service;C:\Program Files (x86)\Microsoft\BingBar\7.2.241.0\BBSvc.EXE [2013-7-23 193696]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-7-25 162672]
S3 Amsp;Trend Micro Solution Platform;C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe [2012-2-21 275912]
S3 asmthub3;ASMedia USB3 Hub Service;C:\windows\System32\drivers\asmthub3.sys [2012-2-9 129000]
S3 asmtxhci;ASMEDIA XHCI Service;C:\windows\System32\drivers\asmtxhci.sys [2012-2-9 394216]
S3 fssfltr;fssfltr;C:\windows\System32\drivers\fssfltr.sys [2012-2-21 48488]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2011-5-13 1492840]
S3 npggsvc;nProtect GameGuard Service;C:\windows\System32\GameMon.des -service --> C:\windows\System32\GameMon.des -service [?]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\windows\System32\drivers\nusb3hub.sys [2012-2-9 80384]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\windows\System32\drivers\nusb3xhc.sys [2012-2-9 181248]
S3 TsUsbFlt;TsUsbFlt;C:\windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\System32\Wat\WatAdminSvc.exe [2013-1-12 1255736]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;C:\Program Files\Microsoft SQL Server\100\Shared\sqladhlp.exe [2009-7-22 61976]
S4 RsFx0103;RsFx0103 Driver;C:\windows\System32\drivers\RsFx0103.sys [2009-3-30 311656]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2009-3-30 427880]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2013-11-02 00:38:25    --------    d-----w-    C:\Users\Quang Hong\AppData\Local\ElevatedDiagnostics
2013-11-01 22:08:13    10280728    ----a-w-    C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{342CE869-5390-45FA-B46F-CB7CDFF4FA06}\mpengine.dll
2013-11-01 07:34:08    --------    d-----w-    C:\Users\Quang Hong\AppData\Roaming\SPORE
2013-10-31 00:27:20    10280728    ----a-w-    C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-10-25 05:06:48    --------    d-----w-    C:\Users\Quang Hong\AppData\Local\VividMS
2013-10-18 02:41:32    965000    ------w-    C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{472DE6E9-3C41-46C7-BBD2-A753F0DC4D2E}\gapaengine.dll
2013-10-14 10:34:44    --------    d-----w-    C:\ProgramData\Nexon
2013-10-14 10:21:19    --------    d-----w-    C:\ProgramData\NexonUS
2013-10-09 08:11:13    --------    d-----w-    C:\Users\Quang Hong\AppData\Local\TERA
2013-10-05 00:50:28    --------    d-----w-    C:\ProgramData\AskPartnerNetwork
2013-10-05 00:50:28    --------    d-----w-    C:\Program Files (x86)\AskPartnerNetwork
2013-10-05 00:50:22    --------    d-----w-    C:\ProgramData\APN
2013-10-03 09:34:13    --------    d-----w-    C:\Users\Quang Hong\AppData\Local\Warframe
.
==================== Find3M  ====================
.
2013-10-12 18:38:36    71048    ----a-w-    C:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-10-12 18:38:36    692616    ----a-w-    C:\windows\SysWow64\FlashPlayerApp.exe
2013-10-02 00:13:45    46368    ----a-w-    C:\windows\System32\drivers\avgtpx64.sys
2013-09-22 23:28:06    1767936    ----a-w-    C:\windows\SysWow64\wininet.dll
2013-09-22 23:27:49    2876928    ----a-w-    C:\windows\SysWow64\jscript9.dll
2013-09-22 23:27:48    61440    ----a-w-    C:\windows\SysWow64\iesetup.dll
2013-09-22 23:27:48    109056    ----a-w-    C:\windows\SysWow64\iesysprep.dll
2013-09-22 22:55:10    2241024    ----a-w-    C:\windows\System32\wininet.dll
2013-09-22 22:54:51    3959296    ----a-w-    C:\windows\System32\jscript9.dll
2013-09-22 22:54:50    67072    ----a-w-    C:\windows\System32\iesetup.dll
2013-09-22 22:54:50    136704    ----a-w-    C:\windows\System32\iesysprep.dll
2013-09-21 03:38:39    2706432    ----a-w-    C:\windows\System32\mshtml.tlb
2013-09-21 03:30:24    2706432    ----a-w-    C:\windows\SysWow64\mshtml.tlb
2013-09-21 02:48:36    89600    ----a-w-    C:\windows\System32\RegisterIEPKEYs.exe
2013-09-21 02:39:47    71680    ----a-w-    C:\windows\SysWow64\RegisterIEPKEYs.exe
2013-09-14 01:10:19    497152    ----a-w-    C:\windows\System32\drivers\afd.sys
2013-09-08 02:30:37    1903552    ----a-w-    C:\windows\System32\drivers\tcpip.sys
2013-09-08 02:27:14    327168    ----a-w-    C:\windows\System32\mswsock.dll
2013-09-08 02:03:58    231424    ----a-w-    C:\windows\SysWow64\mswsock.dll
2013-09-04 12:12:11    343040    ----a-w-    C:\windows\System32\drivers\usbhub.sys
2013-09-04 12:11:51    325120    ----a-w-    C:\windows\System32\drivers\usbport.sys
2013-09-04 12:11:49    99840    ----a-w-    C:\windows\System32\drivers\usbccgp.sys
2013-09-04 12:11:43    52736    ----a-w-    C:\windows\System32\drivers\usbehci.sys
2013-09-04 12:11:43    30720    ----a-w-    C:\windows\System32\drivers\usbuhci.sys
2013-09-04 12:11:42    25600    ----a-w-    C:\windows\System32\drivers\usbohci.sys
2013-09-04 12:11:40    7808    ----a-w-    C:\windows\System32\drivers\usbd.sys
2013-08-29 02:17:48    5549504    ----a-w-    C:\windows\System32\ntoskrnl.exe
2013-08-29 02:16:35    1732032    ----a-w-    C:\windows\System32\ntdll.dll
2013-08-29 02:16:28    243712    ----a-w-    C:\windows\System32\wow64.dll
2013-08-29 02:16:14    859648    ----a-w-    C:\windows\System32\tdh.dll
2013-08-29 02:13:28    878080    ----a-w-    C:\windows\System32\advapi32.dll
2013-08-29 01:51:45    3969472    ----a-w-    C:\windows\SysWow64\ntkrnlpa.exe
2013-08-29 01:51:45    3914176    ----a-w-    C:\windows\SysWow64\ntoskrnl.exe
2013-08-29 01:50:31    5120    ----a-w-    C:\windows\SysWow64\wow32.dll
2013-08-29 01:50:30    1292192    ----a-w-    C:\windows\SysWow64\ntdll.dll
2013-08-29 01:50:16    619520    ----a-w-    C:\windows\SysWow64\tdh.dll
2013-08-29 01:48:17    640512    ----a-w-    C:\windows\SysWow64\advapi32.dll
2013-08-29 01:48:15    44032    ----a-w-    C:\windows\apppatch\acwow64.dll
2013-08-29 00:49:53    25600    ----a-w-    C:\windows\SysWow64\setup16.exe
2013-08-29 00:49:52    7680    ----a-w-    C:\windows\SysWow64\instnm.exe
2013-08-29 00:49:52    14336    ----a-w-    C:\windows\SysWow64\ntvdm64.dll
2013-08-29 00:49:49    2048    ----a-w-    C:\windows\SysWow64\user.exe
2013-08-28 01:21:06    3155968    ----a-w-    C:\windows\System32\win32k.sys
2013-08-28 01:12:33    461312    ----a-w-    C:\windows\System32\scavengeui.dll
2013-08-05 02:25:45    155584    ----a-w-    C:\windows\System32\drivers\ataport.sys
.
============= FINISH: 19:27:59.95 ===============
 

DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 1/8/2013 9:02:05 PM
System Uptime: 11/1/2013 6:59:22 PM (1 hours ago)
.
Motherboard: ASUSTeK COMPUTER INC. |  | CM6870
Processor: Intel® Core i7-3770 CPU @ 3.40GHz | LGA1155 | 3401/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 745 GiB total, 649.731 GiB free.
D: is FIXED (NTFS) - 1099 GiB total, 1009.643 GiB free.
E: is CDROM ()
F: is Removable
G: is Removable
H: is Removable
I: is Removable
J: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP237: 10/23/2013 12:14:54 PM - Windows Update
RP238: 10/25/2013 6:18:49 PM - Installed DirectX
RP239: 10/27/2013 11:42:12 AM - Windows Update
RP240: 10/29/2013 3:00:11 AM - Windows Update
RP241: 11/1/2013 12:14:56 AM - Installed SPORE™
RP242: 11/1/2013 12:24:33 AM - Installed SPORE™
RP243: 11/1/2013 12:26:20 AM - Installed SPORE™ Creepy & Cute Parts Pack
RP244: 11/1/2013 12:29:13 AM - Installed SPORE™ Galactic Adventures
RP245: 11/1/2013 12:30:36 AM - Installed SPORE™ Galactic Adventures
RP246: 11/1/2013 3:06:07 PM - Windows Update
.
==== Installed Programs ======================
.
64 Bit HP CIO Components Installer
7-Zip 9.20
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader XI (11.0.05)
Audacity 2.0.3
AVG SafeGuard toolbar
Bing Bar
CCleaner
Cheat Engine 6.3
Construct 2 r119
Crystal Reports for Visual Studio
Dotfuscator Software Services - Community Edition
Fallout 3 - NMC's Texture Pack
Fallout 3 - Wasteland Edition
Fast Boot
Hotfix for Microsoft Visual Studio 2010 Professional - ENU (KB2542054)
Intel® Trusted Connect Service Client
Java 7 Update 13 (64-bit)
Java SE Development Kit 7 Update 13 (64-bit)
Malwarebytes Anti-Malware version 1.75.0.1300
MapleStory
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft .NET Framework 4 Multi-Targeting Pack
Microsoft Application Error Reporting
Microsoft ASP.NET MVC 2
Microsoft ASP.NET MVC 2 - Visual Studio 2010 Tools
Microsoft Games for Windows - LIVE Redistributable
Microsoft Help Viewer 1.0
Microsoft Office 2010
Microsoft Office Click-to-Run 2010
Microsoft Office Starter 2010 - English
Microsoft PowerPoint Viewer
Microsoft Security Client
Microsoft Security Essentials
Microsoft Silverlight
Microsoft Silverlight 3 SDK
Microsoft SQL Server 2008 (64-bit)
Microsoft SQL Server 2008 Browser
Microsoft SQL Server 2008 Common Files
Microsoft SQL Server 2008 Database Engine Services
Microsoft SQL Server 2008 Database Engine Shared
Microsoft SQL Server 2008 Native Client
Microsoft SQL Server 2008 R2 Data-Tier Application Framework
Microsoft SQL Server 2008 R2 Data-Tier Application Project
Microsoft SQL Server 2008 R2 Management Objects
Microsoft SQL Server 2008 R2 Management Objects (x64)
Microsoft SQL Server 2008 R2 Transact-SQL Language Service
Microsoft SQL Server 2008 RsFx Driver
Microsoft SQL Server 2008 Setup Support Files
Microsoft SQL Server Compact 3.5 SP2 ENU
Microsoft SQL Server Compact 3.5 SP2 x64 ENU
Microsoft SQL Server Database Publishing Wizard 1.4
Microsoft SQL Server System CLR Types
Microsoft SQL Server System CLR Types (x64)
Microsoft SQL Server VSS Writer
Microsoft Sync Framework Runtime v1.0 SP1 (x64)
Microsoft Sync Framework SDK v1.0 SP1
Microsoft Sync Framework Services v1.0 SP1 (x64)
Microsoft Sync Services for ADO.NET v2.0 SP1 (x64)
Microsoft Team Foundation Server 2010 Object Model - ENU
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010  x64 Designtime - 10.0.30319
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
Microsoft Visual C++ 2010  x64 Runtime - 10.0.30319
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
Microsoft Visual C++ 2010  x86 Runtime - 10.0.30319
Microsoft Visual F# 2.0 Runtime
Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools
Microsoft Visual Studio 2010 Office Developer Tools (x64)
Microsoft Visual Studio 2010 Professional - ENU
Microsoft Visual Studio 2010 SharePoint Developer Tools
Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
Microsoft Visual Studio Macro Tools
Microsoft WSE 3.0 Runtime
MorphVOX Pro
Mozilla Firefox 25.0 (x86 en-US)
Mozilla Maintenance Service
NBA 2K11
NetBeans IDE 7.2.1
Nexon Game Manager
ooVoo
Oovoo Toolbar
PowerISO
Saints Row IV
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2858302v2)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft .NET Framework 4 Extended (KB2736428)
Security Update for Microsoft .NET Framework 4 Extended (KB2742595)
Security Update for Microsoft .NET Framework 4 Extended (KB2858302v2)
Security Update for Microsoft Visual Studio 2010 Professional - ENU (KB2251489)
Security Update for Microsoft Visual Studio 2010 Professional - ENU (KB2644980)
Security Update for Microsoft Visual Studio Macro Tools (KB2669970)
Service Pack 1 for SQL Server 2008 (KB968369) (64-bit)
Skype Click to Call
Skype™ 6.7
SPORE™
SPORE™ Creepy & Cute Parts Pack
SPORE™ Galactic Adventures
Sql Server Customer Experience Improvement Program
The Movies
The Movies 1.1 Patch
The Movies Stunts & Effects
Trend Micro Titanium
Trend Micro Titanium Internet Security 2012
Unity Web Player
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2836939v3)
Visual Studio 2010 Prerequisites - English
Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU
Vuze
Vuze Remote Toolbar v7.6
Warframe
Web Deployment Tool
Windows Live Family Safety
Windows Live ID Sign-in Assistant
Windows Live Language Selector
Windows Live MIME IFilter
Windows Live Remote Client
Windows Live Remote Client Resources
Windows Live Remote Service
Windows Live Remote Service Resources
.
==== Event Viewer Messages From Past Week ========
.
11/1/2013 7:00:00 PM, Error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  sptd
11/1/2013 6:59:24 PM, Error: sptd [4]  - Driver detected an internal error in its data structures for .
11/1/2013 6:25:06 PM, Error: Service Control Manager [7001]  - The Computer Browser service depends on the Server service which failed to start because of the following error:  The dependency service or group failed to start.
11/1/2013 6:25:04 PM, Error: Service Control Manager [7001]  - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error:  The dependency service or group failed to start.
11/1/2013 6:25:04 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
11/1/2013 6:25:04 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
11/1/2013 6:25:03 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
11/1/2013 6:24:57 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
11/1/2013 6:24:53 PM, Error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  AsIO AsUpIO discache MpFilter SCDEmu spldr sptd tmactmon tmcomm tmevtmgr tmtdi Wanarpv6
11/1/2013 6:24:51 PM, Error: Service Control Manager [7001]  - The Microsoft Network Inspection System service depends on the Microsoft Malware Protection Driver service which failed to start because of the following error:  A device attached to the system is not functioning.
11/1/2013 6:24:51 PM, Error: Service Control Manager [7001]  - The Client Virtualization Handler service depends on the Application Virtualization Client service which failed to start because of the following error:  The dependency service or group failed to start.
11/1/2013 5:05:40 PM, Error: Service Control Manager [7043]  - The Group Policy Client service did not shut down properly after receiving a preshutdown control.
11/1/2013 5:05:40 PM, Error: Service Control Manager [7038]  - The WdiServiceHost service was unable to log on as NT AUTHORITY\LocalService with the currently configured password due to the following error:  The request is not supported. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
11/1/2013 5:05:40 PM, Error: Service Control Manager [7038]  - The NisSrv service was unable to log on as NT AUTHORITY\LocalService with the currently configured password due to the following error:  The request is not supported. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
11/1/2013 5:05:40 PM, Error: Service Control Manager [7038]  - The netprofm service was unable to log on as NT AUTHORITY\LocalService with the currently configured password due to the following error:  The request is not supported. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
11/1/2013 5:05:40 PM, Error: Service Control Manager [7038]  - The BITS service was unable to log on as NT AUTHORITY\SYSTEM with the currently configured password due to the following error:  The request is not supported. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
11/1/2013 5:05:40 PM, Error: Service Control Manager [7001]  - The Client Virtualization Handler service depends on the Application Virtualization Client service which failed to start because of the following error:  The operation completed successfully.
11/1/2013 5:05:40 PM, Error: Service Control Manager [7000]  - The Network List Service service failed to start due to the following error:  The service did not start due to a logon failure.
11/1/2013 5:05:40 PM, Error: Service Control Manager [7000]  - The Microsoft Network Inspection service failed to start due to the following error:  The service did not start due to a logon failure.
11/1/2013 5:05:40 PM, Error: Service Control Manager [7000]  - The Diagnostic Service Host service failed to start due to the following error:  The service did not start due to a logon failure.
11/1/2013 5:05:40 PM, Error: Service Control Manager [7000]  - The Background Intelligent Transfer Service service failed to start due to the following error:  The service did not start due to a logon failure.
11/1/2013 2:44:54 PM, Error: Service Control Manager [7031]  - The Windows Search service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.
11/1/2013 2:44:54 PM, Error: Service Control Manager [7024]  - The Windows Search service terminated with service-specific error %%-1073473535.
.
==== End Of File ===========================
 

Link to post
Share on other sites

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Quang Hong [Admin rights]
Mode : Scan -- Date : 11/01/2013 19:46:02
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 3 ¤¤¤
[RUN][sUSP PATH] HKLM\[...]\Wow6432Node\[...]\Run : Adobe (C:\Users\Quang Hong\AppData\Roaming\Microsoft\Windows\Recent.vbe [-]) -> FOUND
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Scheduled tasks : 1 ¤¤¤
[V2][sUSP PATH] Funmoods : C:\Users\QUANGH~1\AppData\Roaming\Funmoods\UPDATE~1\UPDATE~1.EXE - /Check [x] -> FOUND

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤

¤¤¤ External Hives: ¤¤¤

¤¤¤ Infection :  ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts




¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) ST2000DL003-9VT166 ATA Device +++++
--- User ---
[MBR] 23171b577959dc88f06041a5043638a9
[bSP] 7cce9389944c03baed16114499fb28f2 : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [XXXXXX] FAT32 (0x1b) [HIDDEN!] Offset (sectors): 206848 | Size: 19024 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 39168000 | Size: 763090 Mo
3 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 1601976348 | Size: 1125511 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[0]_S_11012013_194602.txt >>



 

Link to post
Share on other sites
AV: Microsoft Security Essentials *Enabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}

AV: Trend Micro Titanium Internet Security 2012 *Disabled/Updated* {7193B549-236F-55EE-9AEC-F65279E59A92}

SP: Microsoft Security Essentials *Enabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}

SP: Trend Micro Titanium Internet Security 2012 *Disabled/Updated* {CAF254AD-0555-5A60-A05C-CD200262D02F}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

 

Why do you have MSE and Trend installed on the system??

Having 2 anti-virus programs on the system only causes conflicts and spotty protection.

Dangers of running 2 anti-virus programs

~~~~~~~~~~~~~~~~~~~~~~~~~~

Run RogueKiller again and click Scan

When the scan completes > click on the Registry tab

Put a check next to all of these and uncheck the rest: (if found)

 

[RUN][sUSP PATH] HKLM\[...]\Wow6432Node\[...]\Run : Adobe (C:\Users\Quang Hong\AppData\Roaming\Microsoft\Windows\Recent.vbe [-]) -> FOUND

[V2][sUSP PATH] Funmoods : C:\Users\QUANGH~1\AppData\Roaming\Funmoods\UPDATE~1\UPDATE~1.EXE - /Check [x] -> FOUND

Now click Delete on the right hand column under Options

-------------

Next:

Lets clean out any adware now: (this will require a reboot so save all your work)

Please download AdwCleaner by Xplode and save to your Desktop.

Make sure you click on download buttons that look like this, not "sponsored ad links":

bleep-crop.jpg

  • Double click on AdwCleaner.exe to run the tool.

    Vista/Windows 7/8 users right-click and select Run As Administrator

  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • When it's done you'll see: Pending: Please uncheck elements you don't want removed.
  • Now click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • Look over the log especially under Files/Folders for any program you want to save.
  • If there's a program you may want to save, just uncheck it from AdwCleaner.
  • If you're not sure, post the log for review. (all items found are adware/spyware/foistware)
  • If you're ready to clean it all up.....click the Clean button.
  • After rebooting, a logfile report (AdwCleaner[s0].txt) will open automatically.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.
  • Items that are deleted are moved to the Quarantine Folder: C:\AdwCleaner\Quarantine
  • To restore an item that has been deleted:
  • Go to Tools > Quarantine Manager > check what you want restored > now click on Restore.

Then..................

Open up Malwarebytes > Settings Tab > Scanner Settings > Under action for PUP > Select: Show in Results List and Check for removal.

Please Update and run a Quick Scan with Malwarebytes Anti-Malware, post the report.

Make sure that everything is checked, and click Remove Selected.

~~~~~~~~~~~~~~~~~~~~~~~~~~

Last......

Please download Farbar Recovery Scan Tool and save it to a folder. (use correct version for your system.....Which system am I using?)

Please make sure you click download buttons that look like this, not "sponsored ad links":

bleep-crop.jpg

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
  • MrC
Link to post
Share on other sites

# AdwCleaner v3.010 - Report created 01/11/2013 at 20:58:41
# Updated 20/10/2013 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Quang Hong - QUANGHONG-PC
# Running from : C:\Users\Quang Hong\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****

Service Deleted : APNMCP
Service Deleted : Application Updater
Service Deleted : vToolbarUpdater17.0.12

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\apn
Folder Deleted : C:\ProgramData\AskPartnerNetwork
Folder Deleted : C:\Program Files (x86)\Application Updater
Folder Deleted : C:\Program Files (x86)\AskPartnerNetwork
Folder Deleted : C:\Program Files (x86)\Vuze Remote toolbar
Folder Deleted : C:\Program Files (x86)\Common Files\AVG Secure Search
Folder Deleted : C:\Program Files (x86)\Common Files\spigot
Folder Deleted : C:\Users\QUANGH~1\AppData\Local\Temp\apn
Folder Deleted : C:\Users\Quang Hong\AppData\LocalLow\Search Settings
File Deleted : C:\windows\System32\roboot64.exe
File Deleted : C:\Users\Quang Hong\AppData\Roaming\Mozilla\Firefox\Profiles\80h62b6c.default\bprotector_extensions.sqlite
File Deleted : C:\Users\Quang Hong\AppData\Roaming\Mozilla\Firefox\Profiles\80h62b6c.default\searchplugins\BrowserProtect.xml
File Deleted : C:\Users\Quang Hong\AppData\Roaming\Mozilla\Firefox\Profiles\80h62b6c.default\searchplugins\delta.xml
File Deleted : C:\Users\Quang Hong\AppData\Roaming\Mozilla\Firefox\Profiles\80h62b6c.default\user.js
File Deleted : C:\windows\System32\Tasks\EPUpdater

***** [ Shortcuts ] *****


***** [ Registry ] *****

Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]
Key Deleted : [x64] HKLM\SOFTWARE\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphh
Key Deleted : [x64] HKLM\SOFTWARE\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\jbpkiefagocgkmemidfngdkamloieekf
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Key Deleted : HKLM\SOFTWARE\Classes\protocols\handler\viprotocol
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\BingBar_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\FunmoodsSetup_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\FunmoodsSetup_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\UpdateTask_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\UpdateTask_RASMANCS
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [ApnTbMon]
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [searchSettings]
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt]
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{960DF771-CFCB-4E53-A5B5-6EF2BBE6E706}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{05478A66-EDB6-4A22-A870-A5987F80A7DA}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{960DF771-CFCB-4E53-A5B5-6EF2BBE6E706}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{05478A66-EDB6-4A22-A870-A5987F80A7DA}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{05478A66-EDB6-4A22-A870-A5987F80A7DA}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{05478A66-EDB6-4A22-A870-A5987F80A7DA}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{05478A66-EDB6-4A22-A870-A5987F80A7DA}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{05478A66-EDB6-4A22-A870-A5987F80A7DA}]
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\AskPartnerNetwork
Key Deleted : HKCU\Software\Search Settings
Key Deleted : HKCU\Software\AppDataLow\Software\Search Settings
Key Deleted : HKLM\Software\Application Updater
Key Deleted : HKLM\Software\AskPartnerNetwork
Key Deleted : HKLM\Software\AVG Security Toolbar
Key Deleted : HKLM\Software\Iminent
Key Deleted : HKLM\Software\Search Settings
Key Deleted : HKLM\Software\SP Global
Key Deleted : HKLM\Software\SProtector
Key Deleted : [x64] HKLM\SOFTWARE\Tarma Installer
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Funmoods

***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.16720


-\\ Mozilla Firefox v25.0 (en-US)

[ File : C:\Users\Quang Hong\AppData\Roaming\Mozilla\Firefox\Profiles\80h62b6c.default\prefs.js ]

Line Deleted : user_pref("aol_toolbar.default.homepage.check", false);
Line Deleted : user_pref("aol_toolbar.default.search.check", false);
Line Deleted : user_pref("browser.search.selectedEngine", "AVG Secure Search");
Line Deleted : user_pref("extensions.BabylonToolbar.prtkDS", 0);
Line Deleted : user_pref("extensions.BabylonToolbar.prtkHmpg", 0);
Line Deleted : user_pref("extensions.funmoods.aflt", "nv1");
Line Deleted : user_pref("extensions.funmoods.autoRvrt", false);
Line Deleted : user_pref("extensions.funmoods.cntry", "US");
Line Deleted : user_pref("extensions.funmoods.cv", "cv5");
Line Deleted : user_pref("extensions.funmoods.dfltLng", "");
Line Deleted : user_pref("extensions.funmoods.dfltSrch", true);
Line Deleted : user_pref("extensions.funmoods.dnsErr", true);
Line Deleted : user_pref("extensions.funmoods.envrmnt", "production");
Line Deleted : user_pref("extensions.funmoods.excTlbr", false);
Line Deleted : user_pref("extensions.funmoods.hdrMd5", "54BE1C1AA871B882C06C64BBC2D45578");
Line Deleted : user_pref("extensions.funmoods.hmpg", true);

Line Deleted : user_pref("extensions.funmoods.id", "74E543E21B8455E0");
Line Deleted : user_pref("extensions.funmoods.instlDay", "15717");
Line Deleted : user_pref("extensions.funmoods.instlRef", "nv1");
Line Deleted : user_pref("extensions.funmoods.isdcmntcmplt", true);
Line Deleted : user_pref("extensions.funmoods.lastVrsnTs", "1.5.23.222:9:47");
Line Deleted : user_pref("extensions.funmoods.mntrvrsn", "1.3.0");
Line Deleted : user_pref("extensions.funmoods.newTab", true);

Line Deleted : user_pref("extensions.funmoods.prdct", "funmoods");
Line Deleted : user_pref("extensions.funmoods.prtnrId", "funmoods");
Line Deleted : user_pref("extensions.funmoods.sg", "none");
Line Deleted : user_pref("extensions.funmoods.smplGrp", "none");
Line Deleted : user_pref("extensions.funmoods.srchPrvdr", "Funmoods");
Line Deleted : user_pref("extensions.funmoods.tlbrId", "base");

Line Deleted : user_pref("extensions.funmoods.vrsn", "1.5.23.22");
Line Deleted : user_pref("extensions.funmoods.vrsnTs", "1.5.23.222:9:47");
Line Deleted : user_pref("extensions.funmoods.vrsni", "1.5.23.22");
Line Deleted : user_pref("extensions.funmoods_i.newTab", true);
Line Deleted : user_pref("extensions.funmoods_i.smplGrp", "none");
Line Deleted : user_pref("extensions.funmoods_i.vrsnTs", "1.5.23.222:9:47");
Line Deleted : user_pref("sweetim.toolbar.previous.browser.search.defaultenginename", "");
Line Deleted : user_pref("sweetim.toolbar.previous.browser.search.selectedEngine", "");
Line Deleted : user_pref("sweetim.toolbar.previous.browser.startup.homepage", "");
Line Deleted : user_pref("sweetim.toolbar.previous.keyword.URL", "");
Line Deleted : user_pref("sweetim.toolbar.scripts.1.domain-blacklist", "");
Line Deleted : user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_DS", "");
Line Deleted : user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_HP", "");
Line Deleted : user_pref("sweetim.toolbar.searchguard.enable", "");

-\\ Google Chrome v

[ File : C:\Users\Quang Hong\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [14161 octets] - [01/11/2013 20:43:30]
AdwCleaner[s0].txt - [14160 octets] - [01/11/2013 20:58:41]

########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [14221 octets] ##########
 

Link to post
Share on other sites

It's still the same result, but the lagging seems to have stopped

 

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.11.02.02

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16721
Quang Hong :: QUANGHONG-PC [administrator]

11/1/2013 9:03:35 PM
MBAM-log-2013-11-01 (21-06-59).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 205189
Time elapsed: 2 minute(s), 42 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 7
C:\Users\Quang Hong\AppData\Local\Temp\svchost.exe (Riskware.Bitcoin) -> No action taken.
C:\Users\Quang Hong\Local Settings\Temporary Internet Files\Content.IE5\YPDS5HSR\svchost[1].exe (Riskware.Bitcoin) -> No action taken.
C:\Users\Quang Hong\AppData\Local\Temp\phatk121016.cl (Trojan.BitcoinMiner) -> No action taken.
C:\Users\Quang Hong\AppData\Local\Temp\scrypt130511.cl (Trojan.BitcoinMiner) -> No action taken.
C:\Users\Quang Hong\AppData\Local\Temp\diablo130302.cl (Trojan.BitcoinMiner) -> No action taken.
C:\Users\Quang Hong\AppData\Local\Temp\poclbm130302.cl (Trojan.BitcoinMiner) -> No action taken.
C:\Users\Quang Hong\AppData\Local\Temp\diakgcn121016.cl (Trojan.BitcoinMiner) -> No action taken.

(end)
 

Link to post
Share on other sites

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 31-10-2013
Ran by Quang Hong (administrator) on QUANGHONG-PC on 01-11-2013 21:14:50
Running from C:\Users\Quang Hong\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(ASUSTeK Computer Inc.) C:\Windows\system32\FBAgent.exe
() C:\Program Files (x86)\ASUS\AXSP\1.00.18\atkexComSvc.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AAHM\1.00.18\aaHMSvc.exe
() C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe
(Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.2.241.0\BBSvc.exe
(ASUSTeK Computer Inc.) C:\Windows\SysWOW64\AsHookDevice.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Instant On\AsInstantOn.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
() C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\EPU\EPUHelp.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Manager\AsShellApplication.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Easy Update\ALU.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Ai Charger\AiChargerAP.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Skype Technologies S.A.) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\Titanium\TiMiniService.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\Titanium\TiResumeSrv.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [VizorHtmlDialog.exe] - C:\Program Files\Trend Micro\Titanium\UIFramework\VizorHtmlDialog.exe [1654992 2011-10-26] (Trend Micro Inc.)
HKLM\...\Run: [Trend Micro Client Framework] - C:\Program Files\Trend Micro\UniClient\UiFrmwrk\uiWatchDog.exe [213824 2011-10-03] (Trend Micro Inc.)
HKLM\...\Run: [Trend Micro Titanium] - C:\Program Files\Trend Micro\Titanium\VizorShortCut.exe [416992 2011-08-02] (Trend Micro Inc.)
HKLM\...\Run: [HotKeysCmds] - C:\windows\system32\hkcmd.exe [ ] ()
HKLM\...\Run: [MSC] - C:\Program Files\Microsoft Security Client\msseces.exe [1356240 2013-08-12] (Microsoft Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [HideSCAHealth] 1
HKCU\...\Run: [Pando Media Booster] - C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe [3093624 2013-01-08] ()
HKLM-x32\...\Run: [uSB3MON] - C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-01-04] (Intel Corporation)
HKLM-x32\...\Run: [RunAIShell] - C:\Program Files (x86)\ASUS\AI Manager\AsShellApplication.exe [232064 2009-12-23] (ASUSTeK Computer Inc.)
HKLM-x32\...\Run: [ASUS Easy Update] - C:\Program Files (x86)\ASUS\ASUS Easy Update\ALU.exe [195200 2012-01-13] (ASUSTeK Computer Inc.)
HKLM-x32\...\Run: [ASUS Ai Charger] - C:\Program Files (x86)\ASUS\ASUS Ai Charger\AiChargerAP.exe [465536 2011-09-27] (ASUSTek Computer Inc.)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [] - [x]
AppInit_DLLs-x32: c:\progra~2\browse~1\sprote~1.dll [ ] ()

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://asus.msn.com/
SearchScopes: HKLM - DefaultScope {B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B} URL =
SearchScopes: HKCU - {F9D912DA-7196-46A2-979F-1D5648A69517} URL = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=994519&p={searchTerms}
BHO: TmIEPlugInBHO Class - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\module\20004\2.0.1313\6.8.1072\TmIEPlg.dll (Trend Micro Inc.)
BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: TmBpIeBHO Class - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\module\20002\7.0.1081\7.0.1081\TmBpIe64.dll (Trend Micro Inc.)
BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: TmIEPlugInBHO Class - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\module\20004\2.0.1313\6.8.1072\TmIEPlg32.dll (Trend Micro Inc.)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: TmBpIeBHO Class - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\module\20002\7.0.1081\7.0.1081\TmBpIe32.dll (Trend Micro Inc.)
BHO-x32: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.2.241.0\BingExt.dll (Microsoft Corporation.)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.2.241.0\BingExt.dll (Microsoft Corporation.)
DPF: HKLM {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
Handler: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\module\20002\7.0.1081\7.0.1081\TmBpIe64.dll (Trend Micro Inc.)
Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\module\20004\2.0.1313\6.8.1072\TmIEPlg.dll (Trend Micro Inc.)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Handler-x32: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\module\20002\7.0.1081\7.0.1081\TmBpIe32.dll (Trend Micro Inc.)
Handler-x32: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\module\20004\2.0.1313\6.8.1072\TmIEPlg32.dll (Trend Micro Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Quang Hong\AppData\Roaming\Mozilla\Firefox\Profiles\80h62b6c.default
FF SearchEngineOrder.user_pref("browser.search.order.1", "");: user_pref("browser.search.order.1", "");
FF SearchEngineOrder.user_pref("browser.search.order.1,S", "");: user_pref("browser.search.order.1,S", "");
FF Homepage: https://www.google.com
FF Plugin: @adobe.com/FlashPlayer - C:\windows\system32\Macromed\Flash\NPSWF64_11_9_900_117.dll ()
FF Plugin: @java.com/DTPlugin,version=10.13.2 - C:\windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.13.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nexon.net/NxGame - C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\Quang Hong\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin HKCU: pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\safeguard-secure-search.xml
FF Extension: toolbar_OVO2V7 - C:\Users\Quang Hong\AppData\Roaming\Mozilla\Firefox\Profiles\80h62b6c.default\Extensions\toolbar_OVO2V7@apn.ask.com.xpi
FF Extension: No Name - C:\Users\Quang Hong\AppData\Roaming\Mozilla\Firefox\Profiles\80h62b6c.default\Extensions\{badea1ae-72ed-4f6a-8c37-4db9a4ac7bc9}.xpi
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF HKLM-x32\...\Firefox\Extensions: [{38783831-6098-4faa-A9C9-1EE1E343F4D2}] - C:\Program Files\Trend Micro\AMSP\Module\20002\7.0.1081\7.0.1081\firefoxextension
FF Extension: Trend Micro BEP Firefox Extension - C:\Program Files\Trend Micro\AMSP\Module\20002\7.0.1081\7.0.1081\firefoxextension
FF HKLM-x32\...\Firefox\Extensions: [{22C7F6C6-8D67-4534-92B5-529A0EC09405}] - C:\Program Files\Trend Micro\AMSP\module\20004\FxExt\firefoxextension\
FF Extension: Trend Micro NSC Firefox Extension - C:\Program Files\Trend Micro\AMSP\module\20004\FxExt\firefoxextension\

Chrome:
=======


CHR Extension: (Searcchh-NaEwTaab) - C:\Users\QUANGH~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\llgmcilhdoehggnbpkoligokkepibbgk\1
CHR Extension: (Broywsee2save) - C:\Users\QUANGH~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ooljjlhbdgmannpklhpimgpnofnddmgk\1
CHR HKLM-x32\...\Chrome\Extension: [hbcennhacfaagdopikcegfcobcadeocj] - C:\Program Files (x86)\Common Files\Spigot\GC\saebay_1.0.crx
CHR HKLM-x32\...\Chrome\Extension: [icdlfehblmklkikfigmjhbmmpmkmpooj] - C:\Program Files (x86)\Common Files\Spigot\GC\errorassistant_1.1.crx
CHR HKLM-x32\...\Chrome\Extension: [mhkaekfpcppmmioggniknbnbdbcigpkk] - C:\Program Files (x86)\Common Files\Spigot\GC\coupons_2.4.crx
CHR HKLM-x32\...\Chrome\Extension: [pfndaklgolladniicklehhancnlgocpp] - C:\Program Files (x86)\Common Files\Spigot\GC\saamazon_1.0.crx

==================== Services (Whitelisted) =================

R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.00.18\atkexComSvc.exe [918448 2011-10-28] ()
R2 asHmComSvc; C:\Program Files (x86)\ASUS\AAHM\1.00.18\aaHMSvc.exe [950912 2011-12-29] (ASUSTeK Computer Inc.)
R2 AsSysCtrlService; C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe [586880 2010-10-21] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [161560 2012-02-07] (Intel Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2013-08-12] (Microsoft Corporation)
R2 MSSQL$SQLEXPRESS; C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [57617752 2009-03-30] (Microsoft Corporation)
R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [366600 2013-08-12] (Microsoft Corporation)
S3 npggsvc; C:\windows\SysWow64\GameMon.des [4986712 2013-03-06] (INCA Internet Co., Ltd.)
S4 SQLAgent$SQLEXPRESS; C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [427880 2009-03-30] (Microsoft Corporation)
R3 TiMiniService; C:\Program Files\Trend Micro\Titanium\TiMiniService.exe [247072 2011-08-02] (Trend Micro Inc.)
S3 Amsp; "C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe" coreFrameworkHost.exe -m=rb -dt=60000 -ad [x]

==================== Drivers (Whitelisted) ====================

R3 AiCharger; C:\Windows\SysWow64\drivers\AiCharger.sys [14592 2010-10-20] (ASUSTek Computer Inc.)
R2 ASInsHelp; C:\Windows\SysWow64\drivers\AsInsHelp64.sys [11832 2008-01-04] ()
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [13440 2010-08-24] ()
R1 AsUpIO; C:\Windows\SysWow64\drivers\AsUpIO.sys [14464 2010-08-02] ()
R1 avgtp; C:\windows\system32\drivers\avgtpx64.sys [46368 2013-10-01] (AVG Technologies)
R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [247216 2013-06-18] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [139616 2013-06-18] (Microsoft Corporation)
S0 sptd; C:\Windows\System32\Drivers\sptd.sys [867064 2013-01-09] (Duplex Secure Ltd.)
R1 tmactmon; C:\Windows\System32\DRIVERS\tmactmon.sys [91920 2011-08-11] (Trend Micro Inc.)
R1 tmcomm; C:\Windows\System32\DRIVERS\tmcomm.sys [167696 2011-08-11] (Trend Micro Inc.)
R1 tmevtmgr; C:\Windows\System32\DRIVERS\tmevtmgr.sys [70928 2011-08-11] (Trend Micro Inc.)
R1 tmtdi; C:\Windows\System32\DRIVERS\tmtdi.sys [105744 2011-09-29] (Trend Micro Inc.)
S3 EagleX64; \??\C:\windows\system32\drivers\EagleX64.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-11-01 21:14 - 2013-11-01 21:14 - 00000000 ____D C:\FRST
2013-11-01 21:13 - 2013-11-01 21:13 - 01957098 _____ (Farbar) C:\Users\Quang Hong\Desktop\FRST64.exe
2013-11-01 20:43 - 2013-11-01 20:58 - 00000000 ____D C:\AdwCleaner
2013-11-01 20:42 - 2013-11-01 20:42 - 01060070 _____ C:\Users\Quang Hong\Desktop\AdwCleaner.exe
2013-11-01 20:41 - 2013-11-01 20:41 - 00002033 _____ C:\Users\Quang Hong\Desktop\RKreport[0]_D_11012013_204133.txt
2013-11-01 20:12 - 2013-11-01 20:12 - 00001979 _____ C:\Users\Quang Hong\Desktop\RKreport[0]_S_11012013_201221.txt
2013-11-01 19:46 - 2013-11-01 19:46 - 00001946 _____ C:\Users\Quang Hong\Desktop\RKreport[0]_S_11012013_194602.txt
2013-11-01 19:44 - 2013-11-01 20:41 - 00000000 ____D C:\Users\Quang Hong\Desktop\RK_Quarantine
2013-11-01 19:41 - 2013-11-01 19:41 - 04012032 _____ C:\Users\Quang Hong\Desktop\RogueKillerX64.exe
2013-11-01 19:28 - 2013-11-01 19:28 - 00013040 _____ C:\Users\Quang Hong\Desktop\attach.txt
2013-11-01 19:28 - 2013-11-01 19:27 - 00026255 _____ C:\Users\Quang Hong\Desktop\dds.txt
2013-11-01 19:22 - 2013-11-01 19:22 - 00688992 ____R (Swearware) C:\Users\Quang Hong\Desktop\dds.com
2013-11-01 19:22 - 2013-11-01 19:22 - 00688992 _____ (Swearware) C:\Users\Quang Hong\Desktop\dds.scr
2013-11-01 17:39 - 2013-11-01 21:11 - 00004294 _____ C:\windows\PFRO.log
2013-11-01 17:05 - 2013-11-01 21:11 - 00000280 _____ C:\windows\setupact.log
2013-11-01 17:05 - 2013-11-01 17:05 - 00000000 _____ C:\windows\setuperr.log
2013-11-01 00:34 - 2013-11-01 00:34 - 00000000 ____D C:\Users\Quang Hong\Documents\My Spore Creations
2013-11-01 00:34 - 2013-11-01 00:34 - 00000000 ____D C:\Users\Quang Hong\AppData\Roaming\SPORE
2013-10-29 16:17 - 2013-11-01 17:32 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-10-24 22:06 - 2013-10-24 22:06 - 00000000 ____D C:\Users\Quang Hong\AppData\Local\VividMS
2013-10-22 16:00 - 2013-11-01 15:44 - 00000000 ____D C:\Users\Quang Hong\Downloads\Downloaded
2013-10-14 03:34 - 2013-10-14 03:34 - 00000000 ____D C:\ProgramData\Nexon
2013-10-14 03:21 - 2013-10-14 03:21 - 00000000 ____D C:\ProgramData\NexonUS
2013-10-13 12:22 - 2013-11-01 21:15 - 00389174 _____ C:\windows\WindowsUpdate.log
2013-10-09 03:11 - 2013-09-22 16:28 - 01767936 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2013-10-09 03:11 - 2013-09-22 16:28 - 01141248 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2013-10-09 03:11 - 2013-09-22 16:27 - 14335488 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2013-10-09 03:11 - 2013-09-22 16:27 - 13761024 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2013-10-09 03:11 - 2013-09-22 16:27 - 02876928 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2013-10-09 03:11 - 2013-09-22 16:27 - 02048512 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2013-10-09 03:11 - 2013-09-22 16:27 - 00690688 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll
2013-10-09 03:11 - 2013-09-22 16:27 - 00493056 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2013-10-09 03:11 - 2013-09-22 16:27 - 00391168 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2013-10-09 03:11 - 2013-09-22 16:27 - 00109056 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesysprep.dll
2013-10-09 03:11 - 2013-09-22 16:27 - 00061440 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2013-10-09 03:11 - 2013-09-22 16:27 - 00039424 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2013-10-09 03:11 - 2013-09-22 16:27 - 00033280 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2013-10-09 03:11 - 2013-09-22 15:55 - 02241024 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2013-10-09 03:11 - 2013-09-22 15:55 - 01365504 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2013-10-09 03:11 - 2013-09-22 15:55 - 00051712 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2013-10-09 03:11 - 2013-09-22 15:54 - 19252224 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2013-10-09 03:11 - 2013-09-22 15:54 - 15404544 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2013-10-09 03:11 - 2013-09-22 15:54 - 03959296 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2013-10-09 03:11 - 2013-09-22 15:54 - 02647552 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2013-10-09 03:11 - 2013-09-22 15:54 - 00855552 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2013-10-09 03:11 - 2013-09-22 15:54 - 00603136 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2013-10-09 03:11 - 2013-09-22 15:54 - 00526336 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2013-10-09 03:11 - 2013-09-22 15:54 - 00136704 _____ (Microsoft Corporation) C:\windows\system32\iesysprep.dll
2013-10-09 03:11 - 2013-09-22 15:54 - 00067072 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2013-10-09 03:11 - 2013-09-22 15:54 - 00053248 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2013-10-09 03:11 - 2013-09-22 15:54 - 00039936 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2013-10-09 03:11 - 2013-09-20 20:38 - 02706432 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2013-10-09 03:11 - 2013-09-20 20:30 - 02706432 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2013-10-09 03:11 - 2013-09-20 19:48 - 00089600 _____ (Microsoft Corporation) C:\windows\system32\RegisterIEPKEYs.exe
2013-10-09 03:11 - 2013-09-20 19:39 - 00071680 _____ (Microsoft Corporation) C:\windows\SysWOW64\RegisterIEPKEYs.exe
2013-10-09 01:11 - 2013-10-09 01:11 - 00000000 ____D C:\Users\Quang Hong\AppData\Local\TERA
2013-10-09 00:01 - 2013-09-13 18:10 - 00497152 _____ (Microsoft Corporation) C:\windows\system32\Drivers\afd.sys
2013-10-09 00:01 - 2013-09-07 19:30 - 01903552 _____ (Microsoft Corporation) C:\windows\system32\Drivers\tcpip.sys
2013-10-09 00:01 - 2013-09-07 19:27 - 00327168 _____ (Microsoft Corporation) C:\windows\system32\mswsock.dll
2013-10-09 00:01 - 2013-09-07 19:03 - 00231424 _____ (Microsoft Corporation) C:\windows\SysWOW64\mswsock.dll
2013-10-09 00:01 - 2013-09-04 05:12 - 00343040 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbhub.sys
2013-10-09 00:01 - 2013-09-04 05:11 - 00325120 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbport.sys
2013-10-09 00:01 - 2013-09-04 05:11 - 00099840 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbccgp.sys
2013-10-09 00:01 - 2013-09-04 05:11 - 00052736 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbehci.sys
2013-10-09 00:01 - 2013-09-04 05:11 - 00030720 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbuhci.sys
2013-10-09 00:01 - 2013-09-04 05:11 - 00025600 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbohci.sys
2013-10-09 00:01 - 2013-09-04 05:11 - 00007808 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbd.sys
2013-10-09 00:01 - 2013-08-28 19:17 - 05549504 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe
2013-10-09 00:01 - 2013-08-28 19:16 - 01732032 _____ (Microsoft Corporation) C:\windows\system32\ntdll.dll
2013-10-09 00:01 - 2013-08-28 19:16 - 00859648 _____ (Microsoft Corporation) C:\windows\system32\tdh.dll
2013-10-09 00:01 - 2013-08-28 19:16 - 00243712 _____ (Microsoft Corporation) C:\windows\system32\wow64.dll
2013-10-09 00:01 - 2013-08-28 19:13 - 00878080 _____ (Microsoft Corporation) C:\windows\system32\advapi32.dll
2013-10-09 00:01 - 2013-08-28 18:51 - 03969472 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntkrnlpa.exe
2013-10-09 00:01 - 2013-08-28 18:51 - 03914176 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntoskrnl.exe
2013-10-09 00:01 - 2013-08-28 18:50 - 01292192 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntdll.dll
2013-10-09 00:01 - 2013-08-28 18:50 - 00619520 _____ (Microsoft Corporation) C:\windows\SysWOW64\tdh.dll
2013-10-09 00:01 - 2013-08-28 18:50 - 00005120 _____ (Microsoft Corporation) C:\windows\SysWOW64\wow32.dll
2013-10-09 00:01 - 2013-08-28 18:48 - 00640512 _____ (Microsoft Corporation) C:\windows\SysWOW64\advapi32.dll
2013-10-09 00:01 - 2013-08-28 17:49 - 00025600 _____ (Microsoft Corporation) C:\windows\SysWOW64\setup16.exe
2013-10-09 00:01 - 2013-08-28 17:49 - 00014336 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntvdm64.dll
2013-10-09 00:01 - 2013-08-28 17:49 - 00007680 _____ (Microsoft Corporation) C:\windows\SysWOW64\instnm.exe
2013-10-09 00:01 - 2013-08-28 17:49 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\user.exe
2013-10-09 00:01 - 2013-08-27 18:21 - 03155968 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2013-10-09 00:01 - 2013-08-27 18:12 - 00461312 _____ (Microsoft Corporation) C:\windows\system32\scavengeui.dll
2013-10-09 00:01 - 2013-08-01 05:09 - 00983488 _____ (Microsoft Corporation) C:\windows\system32\Drivers\dxgkrnl.sys
2013-10-09 00:01 - 2013-07-20 03:33 - 00124112 _____ (Microsoft Corporation) C:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2013-10-09 00:01 - 2013-07-20 03:33 - 00102608 _____ (Microsoft Corporation) C:\windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2013-10-09 00:01 - 2013-07-12 03:41 - 00185344 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbvideo.sys
2013-10-09 00:01 - 2013-07-12 03:41 - 00100864 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbcir.sys
2013-10-09 00:01 - 2013-07-12 03:40 - 00109824 _____ (Microsoft Corporation) C:\windows\system32\Drivers\USBAUDIO.sys
2013-10-09 00:01 - 2013-07-04 05:57 - 00259584 _____ (Microsoft Corporation) C:\windows\system32\WebClnt.dll
2013-10-09 00:01 - 2013-07-04 05:50 - 00633856 _____ (Microsoft Corporation) C:\windows\system32\comctl32.dll
2013-10-09 00:01 - 2013-07-04 05:50 - 00102400 _____ (Microsoft Corporation) C:\windows\system32\davclnt.dll
2013-10-09 00:01 - 2013-07-04 04:57 - 00205824 _____ (Microsoft Corporation) C:\windows\SysWOW64\WebClnt.dll
2013-10-09 00:01 - 2013-07-04 04:51 - 00081920 _____ (Microsoft Corporation) C:\windows\SysWOW64\davclnt.dll
2013-10-09 00:01 - 2013-07-04 04:50 - 00530432 _____ (Microsoft Corporation) C:\windows\SysWOW64\comctl32.dll
2013-10-09 00:01 - 2013-07-04 03:11 - 00140800 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxdav.sys
2013-10-09 00:01 - 2013-07-02 21:05 - 00076800 _____ (Microsoft Corporation) C:\windows\system32\Drivers\hidclass.sys
2013-10-09 00:01 - 2013-07-02 21:05 - 00032896 _____ (Microsoft Corporation) C:\windows\system32\Drivers\hidparse.sys
2013-10-09 00:01 - 2013-06-25 15:55 - 00785624 _____ (Microsoft Corporation) C:\windows\system32\Drivers\Wdf01000.sys
2013-10-09 00:01 - 2013-06-05 22:50 - 00041472 _____ (Microsoft Corporation) C:\windows\system32\lpk.dll
2013-10-09 00:01 - 2013-06-05 22:49 - 00100864 _____ (Microsoft Corporation) C:\windows\system32\fontsub.dll
2013-10-09 00:01 - 2013-06-05 22:49 - 00014336 _____ (Microsoft Corporation) C:\windows\system32\dciman32.dll
2013-10-09 00:01 - 2013-06-05 22:47 - 00046080 _____ (Adobe Systems) C:\windows\system32\atmlib.dll
2013-10-09 00:01 - 2013-06-05 21:57 - 00025600 _____ (Microsoft Corporation) C:\windows\SysWOW64\lpk.dll
2013-10-09 00:01 - 2013-06-05 21:51 - 00070656 _____ (Microsoft Corporation) C:\windows\SysWOW64\fontsub.dll
2013-10-09 00:01 - 2013-06-05 21:50 - 00010240 _____ (Microsoft Corporation) C:\windows\SysWOW64\dciman32.dll
2013-10-09 00:01 - 2013-06-05 20:30 - 00368128 _____ (Adobe Systems Incorporated) C:\windows\system32\atmfd.dll
2013-10-09 00:01 - 2013-06-05 20:01 - 00295424 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\atmfd.dll
2013-10-09 00:01 - 2013-06-05 20:01 - 00034304 _____ (Adobe Systems) C:\windows\SysWOW64\atmlib.dll
2013-10-04 17:50 - 2013-06-06 13:41 - 00489392 _____ (Ask Partner Network) C:\Users\Quang Hong\Documents\APNSetup.exe
2013-10-03 02:34 - 2013-10-31 22:08 - 00000000 ____D C:\Users\Quang Hong\AppData\Local\Warframe
2013-10-03 02:34 - 2013-10-03 02:34 - 00000000 ____D C:\Users\Quang Hong\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Warframe

==================== One Month Modified Files and Folders =======

2013-11-01 21:15 - 2013-10-13 12:22 - 00389174 _____ C:\windows\WindowsUpdate.log
2013-11-01 21:15 - 2013-01-08 22:45 - 00000000 ____D C:\Users\Quang Hong\AppData\Local\PMB Files
2013-11-01 21:14 - 2013-11-01 21:14 - 00000000 ____D C:\FRST
2013-11-01 21:13 - 2013-11-01 21:13 - 01957098 _____ (Farbar) C:\Users\Quang Hong\Desktop\FRST64.exe
2013-11-01 21:11 - 2013-11-01 17:39 - 00004294 _____ C:\windows\PFRO.log
2013-11-01 21:11 - 2013-11-01 17:05 - 00000280 _____ C:\windows\setupact.log
2013-11-01 21:11 - 2009-07-13 22:08 - 00000006 ____H C:\windows\Tasks\SA.DAT
2013-11-01 21:07 - 2009-07-13 21:45 - 00016976 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-11-01 21:07 - 2009-07-13 21:45 - 00016976 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-11-01 20:58 - 2013-11-01 20:43 - 00000000 ____D C:\AdwCleaner
2013-11-01 20:42 - 2013-11-01 20:42 - 01060070 _____ C:\Users\Quang Hong\Desktop\AdwCleaner.exe
2013-11-01 20:41 - 2013-11-01 20:41 - 00002033 _____ C:\Users\Quang Hong\Desktop\RKreport[0]_D_11012013_204133.txt
2013-11-01 20:41 - 2013-11-01 19:44 - 00000000 ____D C:\Users\Quang Hong\Desktop\RK_Quarantine
2013-11-01 20:12 - 2013-11-01 20:12 - 00001979 _____ C:\Users\Quang Hong\Desktop\RKreport[0]_S_11012013_201221.txt
2013-11-01 19:46 - 2013-11-01 19:46 - 00001946 _____ C:\Users\Quang Hong\Desktop\RKreport[0]_S_11012013_194602.txt
2013-11-01 19:41 - 2013-11-01 19:41 - 04012032 _____ C:\Users\Quang Hong\Desktop\RogueKillerX64.exe
2013-11-01 19:35 - 2013-08-23 13:58 - 00000000 ____D C:\Users\Quang Hong\AppData\Roaming\Skype
2013-11-01 19:28 - 2013-11-01 19:28 - 00013040 _____ C:\Users\Quang Hong\Desktop\attach.txt
2013-11-01 19:27 - 2013-11-01 19:28 - 00026255 _____ C:\Users\Quang Hong\Desktop\dds.txt
2013-11-01 19:22 - 2013-11-01 19:22 - 00688992 ____R (Swearware) C:\Users\Quang Hong\Desktop\dds.com
2013-11-01 19:22 - 2013-11-01 19:22 - 00688992 _____ (Swearware) C:\Users\Quang Hong\Desktop\dds.scr
2013-11-01 17:32 - 2013-10-29 16:17 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-11-01 17:05 - 2013-11-01 17:05 - 00000000 _____ C:\windows\setuperr.log
2013-11-01 17:05 - 2009-07-13 22:08 - 00032614 _____ C:\windows\Tasks\SCHEDLGU.TXT
2013-11-01 15:44 - 2013-10-22 16:00 - 00000000 ____D C:\Users\Quang Hong\Downloads\Downloaded
2013-11-01 14:56 - 2013-01-08 22:28 - 00000000 ____D C:\Users\Quang Hong\AppData\Roaming\Azureus
2013-11-01 00:34 - 2013-11-01 00:34 - 00000000 ____D C:\Users\Quang Hong\Documents\My Spore Creations
2013-11-01 00:34 - 2013-11-01 00:34 - 00000000 ____D C:\Users\Quang Hong\AppData\Roaming\SPORE
2013-11-01 00:29 - 2013-08-21 23:57 - 00000000 ____D C:\Program Files (x86)\Electronic Arts
2013-11-01 00:29 - 2012-02-21 19:27 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2013-10-31 22:08 - 2013-10-03 02:34 - 00000000 ____D C:\Users\Quang Hong\AppData\Local\Warframe
2013-10-30 17:16 - 2013-01-08 22:15 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-10-25 14:17 - 2013-03-16 11:52 - 00000000 ____D C:\windows\Minidump
2013-10-24 22:14 - 2013-01-08 22:45 - 00000000 ____D C:\ProgramData\PMB Files
2013-10-24 22:06 - 2013-10-24 22:06 - 00000000 ____D C:\Users\Quang Hong\AppData\Local\VividMS
2013-10-16 03:00 - 2013-01-08 22:23 - 00002155 _____ C:\windows\epplauncher.mif
2013-10-16 03:00 - 2013-01-08 22:23 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
2013-10-16 03:00 - 2013-01-08 22:22 - 00000000 ____D C:\Program Files\Microsoft Security Client
2013-10-15 11:55 - 2013-08-23 13:58 - 00000000 ___RD C:\Program Files (x86)\Skype
2013-10-15 01:52 - 2013-03-18 11:22 - 00000000 ____D C:\ProgramData\HappyCloud
2013-10-14 03:34 - 2013-10-14 03:34 - 00000000 ____D C:\ProgramData\Nexon
2013-10-14 03:21 - 2013-10-14 03:21 - 00000000 ____D C:\ProgramData\NexonUS
2013-10-12 11:38 - 2013-01-08 22:39 - 00692616 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2013-10-12 11:38 - 2012-02-21 19:27 - 00071048 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-10-09 19:49 - 2011-12-27 17:49 - 00000000 ____D C:\windows\Panther
2013-10-09 10:54 - 2009-07-13 22:13 - 00902112 _____ C:\windows\system32\PerfStringBackup.INI
2013-10-09 10:48 - 2013-03-14 02:16 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-10-09 10:48 - 2013-03-14 02:16 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2013-10-09 10:48 - 2009-07-13 21:45 - 00275712 _____ C:\windows\system32\FNTCACHE.DAT
2013-10-09 03:09 - 2013-01-09 02:25 - 00895836 _____ C:\windows\SysWOW64\PerfStringBackup.INI
2013-10-09 03:06 - 2013-08-15 02:18 - 00000000 ____D C:\windows\system32\MRT
2013-10-09 03:04 - 2013-01-10 22:38 - 80541720 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2013-10-09 01:11 - 2013-10-09 01:11 - 00000000 ____D C:\Users\Quang Hong\AppData\Local\TERA
2013-10-05 10:40 - 2012-02-21 19:38 - 00001695 _____ C:\windows\system32\AutoRunFilter.ini
2013-10-05 10:40 - 2012-02-21 19:38 - 00001498 _____ C:\windows\system32\ServiceFilter.ini
2013-10-04 17:50 - 2013-01-29 22:10 - 00000000 ____D C:\Program Files (x86)\ooVoo
2013-10-03 11:32 - 2009-07-13 20:20 - 00000000 ____D C:\windows\rescache
2013-10-03 02:34 - 2013-10-03 02:34 - 00000000 ____D C:\Users\Quang Hong\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Warframe
2013-10-02 10:13 - 2013-01-09 02:27 - 00000000 ____D C:\Users\Quang Hong\AppData\Local\Turbine

Some content of TEMP:
====================
C:\Users\Quang Hong\AppData\Local\Temp\libcurl-4.dll
C:\Users\Quang Hong\AppData\Local\Temp\libeay32.dll
C:\Users\Quang Hong\AppData\Local\Temp\libidn-11.dll
C:\Users\Quang Hong\AppData\Local\Temp\librtmp.dll
C:\Users\Quang Hong\AppData\Local\Temp\libssh2.dll
C:\Users\Quang Hong\AppData\Local\Temp\ntdll_dump.dll
C:\Users\Quang Hong\AppData\Local\Temp\Quarantine.exe
C:\Users\Quang Hong\AppData\Local\Temp\ssleay32.dll
C:\Users\Quang Hong\AppData\Local\Temp\zlib1.dll


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-10-03 11:24

==================== End Of Log ============================

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 31-10-2013
Ran by Quang Hong at 2013-11-01 21:15:28
Running from C:\Users\Quang Hong\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Microsoft Security Essentials (Enabled - Up to date) {B140BF4E-23BB-4198-90AB-A51A4C60A69C}
AV: Trend Micro Titanium Internet Security 2012 (Disabled - Up to date) {7193B549-236F-55EE-9AEC-F65279E59A92}
AS: Microsoft Security Essentials (Enabled - Up to date) {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}
AS: Trend Micro Titanium Internet Security 2012 (Disabled - Up to date) {CAF254AD-0555-5A60-A05C-CD200262D02F}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

64 Bit HP CIO Components Installer (Version: 1.2.0)
7-Zip 9.20 (x32)
Adobe Flash Player 11 ActiveX (x32 Version: 11.5.502.146)
Adobe Flash Player 11 Plugin (x32 Version: 11.9.900.117)
Adobe Reader XI (11.0.05) (x32 Version: 11.0.05)
Audacity 2.0.3 (x32 Version: 2.0.3)
AVG SafeGuard toolbar (x32 Version: 17.0.1.12)
Bing Bar (x32 Version: 7.2.241.0)
CCleaner (Version: 3.26)
Cheat Engine 6.3 (x32)
Construct 2 r119 (Version: 1.0.119.0)
Crystal Reports for Visual Studio (x32 Version: 12.51.0.240)
Dotfuscator Software Services - Community Edition (x32 Version: 5.0.2300.0)
Fallout 3 - NMC's Texture Pack (x32)
Fallout 3 - Wasteland Edition (x32)
Fast Boot (Version: 2.0.0)
Intel® Trusted Connect Service Client (Version: 1.23.605.1)
Java 7 Update 13 (64-bit) (Version: 7.0.130)
Java SE Development Kit 7 Update 13 (64-bit) (Version: 1.7.0.130)
Malwarebytes Anti-Malware version 1.75.0.1300 (x32 Version: 1.75.0.1300)
MapleStory (x32)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft .NET Framework 4 Multi-Targeting Pack (x32 Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft ASP.NET MVC 2 - Visual Studio 2010 Tools (x32 Version: 2.0.50217.0)
Microsoft ASP.NET MVC 2 (x32 Version: 2.0.50217.0)
Microsoft Games for Windows - LIVE Redistributable (x32 Version: 3.5.88.0)
Microsoft Help Viewer 1.0 (Version: 1.0.30319)
Microsoft Office 2010 (x32 Version: 14.0.4763.1000)
Microsoft Office Click-to-Run 2010 (Version: 14.0.4763.1000)
Microsoft Office Click-to-Run 2010 (x32 Version: 14.0.4763.1000)
Microsoft Office Starter 2010 - English (x32 Version: 14.0.4763.1000)
Microsoft PowerPoint Viewer (x32 Version: 14.0.7015.1000)
Microsoft Security Client (Version: 4.3.0219.0)
Microsoft Security Essentials (Version: 4.3.219.0)
Microsoft Silverlight (Version: 5.1.20913.0)
Microsoft Silverlight 3 SDK (x32 Version: 3.0.40818.0)
Microsoft SQL Server 2008 (64-bit)
Microsoft SQL Server 2008 Browser (x32 Version: 10.1.2531.0)
Microsoft SQL Server 2008 Common Files (Version: 10.0.1600.22)
Microsoft SQL Server 2008 Common Files (Version: 10.1.2531.0)
Microsoft SQL Server 2008 Database Engine Services (Version: 10.1.2531.0)
Microsoft SQL Server 2008 Database Engine Shared (Version: 10.1.2531.0)
Microsoft SQL Server 2008 Native Client (Version: 10.1.2531.0)
Microsoft SQL Server 2008 R2 Data-Tier Application Framework (x32 Version: 10.50.1447.4)
Microsoft SQL Server 2008 R2 Data-Tier Application Project (x32 Version: 10.50.1447.4)
Microsoft SQL Server 2008 R2 Management Objects (x32 Version: 10.50.1447.4)
Microsoft SQL Server 2008 R2 Management Objects (x64) (Version: 10.50.1447.4)
Microsoft SQL Server 2008 R2 Transact-SQL Language Service (x32 Version: 10.50.1447.4)
Microsoft SQL Server 2008 RsFx Driver (Version: 10.1.2531.0)
Microsoft SQL Server 2008 Setup Support Files  (Version: 10.1.2731.0)
Microsoft SQL Server Compact 3.5 SP2 ENU (x32 Version: 3.5.8080.0)
Microsoft SQL Server Compact 3.5 SP2 x64 ENU (Version: 3.5.8080.0)
Microsoft SQL Server Database Publishing Wizard 1.4 (x32 Version: 10.1.2512.8)
Microsoft SQL Server System CLR Types (x32 Version: 10.50.1447.4)
Microsoft SQL Server System CLR Types (x64) (Version: 10.50.1447.4)
Microsoft SQL Server VSS Writer (Version: 10.1.2531.0)
Microsoft Sync Framework Runtime v1.0 SP1 (x64) (Version: 1.0.3010.0)
Microsoft Sync Framework SDK v1.0 SP1 (x32 Version: 1.0.3010.0)
Microsoft Sync Framework Services v1.0 SP1 (x64) (Version: 1.0.3010.0)
Microsoft Sync Services for ADO.NET v2.0 SP1 (x64) (Version: 2.0.3010.0)
Microsoft Team Foundation Server 2010 Object Model - ENU (Version: 10.0.30319)
Microsoft Visual C++ 2005 Redistributable (x32)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.59192)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974 (x32 Version: 9.0.30729.4974)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x64 Designtime - 10.0.30319 (Version: 10.0.30319)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual C++ 2010  x64 Runtime - 10.0.30319 (Version: 10.0.30319)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219)
Microsoft Visual C++ 2010  x86 Runtime - 10.0.30319 (x32 Version: 10.0.30319)
Microsoft Visual F# 2.0 Runtime (x32 Version: 10.0.30319)
Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools (x32 Version: 10.0.30319)
Microsoft Visual Studio 2010 Office Developer Tools (x64) (Version: 10.0.30319)
Microsoft Visual Studio 2010 Professional - ENU (x32 Version: 10.0.30319)
Microsoft Visual Studio 2010 SharePoint Developer Tools (x32 Version: 10.0.30319)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (Version: 10.0.40303)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (Version: 10.0.40308)
Microsoft Visual Studio Macro Tools (x32 Version: 9.0.30729)
Microsoft WSE 3.0 Runtime (x32)
MorphVOX Pro (x32 Version: 4.3.13)
Mozilla Firefox 25.0 (x86 en-US) (x32 Version: 25.0)
Mozilla Maintenance Service (x32 Version: 25.0)
NBA 2K11 (x32 Version: 1.0.0)
NetBeans IDE 7.2.1 (Version: 7.2.1)
Nexon Game Manager (x32)
ooVoo (x32 Version: 3.5.9060)
Oovoo Toolbar (x32 Version: 12.6.0.1643)
PowerISO (x32 Version: 5.5)
Saints Row IV (x32 Version: 1)
Service Pack 1 for SQL Server 2008 (KB968369) (64-bit) (Version: 10.1.2531.0)
Skype Click to Call (x32 Version: 6.13.13771)
Skype™ 6.7 (x32 Version: 6.7.102)
SPORE™ (x32 Version: 1.05.0000)
SPORE™ Creepy & Cute Parts Pack (x32 Version: 1.00.0000)
SPORE™ Galactic Adventures (x32 Version: 1.01.0000)
Sql Server Customer Experience Improvement Program (Version: 10.1.2531.0)
The Movies (x32 Version: 1.0)
The Movies 1.1 Patch (x32 Version: 1.0)
The Movies Stunts & Effects (x32 Version: 1.0)
The Movies Stunts & Effects (x32 Version: 1.2)
Trend Micro Titanium (Version: 5.00)
Trend Micro Titanium Internet Security 2012 (Version: 5.0)
Unity Web Player (HKCU Version: )
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (x32 Version: 3)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2836939v3) (x32 Version: 3)
Visual Studio 2010 Prerequisites - English (Version: 10.0.30319)
Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU (x32 Version: 4.0.8080.0)
Vuze (Version: 5.0.0.0)
Vuze Remote Toolbar v7.6 (x32 Version: 7.6)
Warframe (x32 Version: 1.0.0)
Web Deployment Tool (Version: 1.1.0618)
Windows Live Family Safety (Version: 15.4.3538.0513)
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0)
Windows Live Language Selector (Version: 15.4.3538.0513)
Windows Live MIME IFilter (Version: 15.4.3502.0922)
Windows Live Remote Client (Version: 15.4.5722.2)
Windows Live Remote Client Resources (Version: 15.4.5722.2)
Windows Live Remote Service (Version: 15.4.5722.2)
Windows Live Remote Service Resources (Version: 15.4.5722.2)

==================== Restore Points  =========================

23-10-2013 19:14:54 Windows Update
26-10-2013 01:18:49 Installed DirectX
27-10-2013 18:42:12 Windows Update
29-10-2013 10:00:11 Windows Update
01-11-2013 07:14:56 Installed SPORE™
01-11-2013 07:24:33 Installed SPORE™
01-11-2013 07:26:20 Installed SPORE™ Creepy & Cute Parts Pack
01-11-2013 07:29:13 Installed SPORE™ Galactic Adventures
01-11-2013 07:30:36 Installed SPORE™ Galactic Adventures
01-11-2013 22:06:07 Windows Update

==================== Hosts content: ==========================

2009-07-13 19:34 - 2009-06-10 14:00 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {1C7A24F6-FDB5-4329-8F5F-E7199F33A40B} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2012-12-19] (Piriform Ltd)
Task: {2A8BA87F-07FB-4551-ABE5-D0402A0986CF} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {742795C9-E2E6-4EE9-922E-050DE9B4F7AE} - System32\Tasks\ASUS\Asus HybridSleep Helper => C:\Program Files (x86)\ASUS\ASUS Instant On\AsInstantOn.exe [2011-12-28] (ASUSTeK Computer Inc.)
Task: {7526B1FF-E735-4707-ACA9-0664265EBF77} - System32\Tasks\ASUS\ASUS AI Suite II Execute => C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe [2010-11-26] (ASUSTeK Computer Inc.)
Task: {F7A41BCA-28D6-4657-9F6C-849ECAE90385} - System32\Tasks\ASUS\AsBackupWizard_Run => C:\Program Files (x86)\ASUS\\AsBackupWizard\\AsRunBkWizardHelper.exe [2010-04-23] (ASUSTeK Computer Inc.)

==================== Loaded Modules (whitelisted) =============

2012-02-21 18:51 - 2011-12-14 23:34 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2012-02-21 19:34 - 2013-11-01 21:11 - 00025600 _____ () C:\Program Files (x86)\ASUS\AXSP\1.00.18\PEbiosinterface32.dll
2012-02-21 19:34 - 2010-06-28 19:58 - 00104448 _____ () C:\Program Files (x86)\ASUS\AXSP\1.00.18\ATKEX.dll
2012-02-21 19:39 - 2010-04-23 04:23 - 00011264 _____ () C:\Program Files (x86)\ASUS\ASUS Instant On\Images\AsMultiLang.dll
2012-02-21 19:39 - 2011-06-13 10:53 - 00061440 _____ () C:\Program Files (x86)\ASUS\ASUS Instant On\MSPowerLib.dll
2013-10-29 16:17 - 2013-10-29 16:17 - 03368048 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2012-02-21 19:33 - 2012-02-07 18:39 - 01198872 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================


==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (11/01/2013 09:13:27 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/01/2013 09:01:28 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/01/2013 07:01:22 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/01/2013 06:26:27 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/01/2013 05:41:12 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/01/2013 05:08:41 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/01/2013 04:46:25 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/01/2013 03:50:33 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/01/2013 03:41:56 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/01/2013 02:56:04 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============
Error: (11/01/2013 09:12:09 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
sptd

Error: (11/01/2013 09:11:28 PM) (Source: sptd) (User: )
Description: Driver detected an internal error in its data structures for .

Error: (11/01/2013 09:00:16 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
sptd

Error: (11/01/2013 08:59:30 PM) (Source: sptd) (User: )
Description: Driver detected an internal error in its data structures for .

Error: (11/01/2013 07:00:00 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
sptd

Error: (11/01/2013 06:59:24 PM) (Source: sptd) (User: )
Description: Driver detected an internal error in its data structures for .

Error: (11/01/2013 06:25:06 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (11/01/2013 06:25:06 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (11/01/2013 06:25:04 PM) (Source: Service Control Manager) (User: )
Description: The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error:
%%1068

Error: (11/01/2013 06:25:04 PM) (Source: DCOM) (User: )
Description: 1084WSearch{9E175B6D-F52A-11D8-B9A5-505054503030}


Microsoft Office Sessions:
=========================
Error: (11/01/2013 09:13:27 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/01/2013 09:01:28 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/01/2013 07:01:22 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/01/2013 06:26:27 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/01/2013 05:41:12 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/01/2013 05:08:41 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/01/2013 04:46:25 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/01/2013 03:50:33 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/01/2013 03:41:56 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/01/2013 02:56:04 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


==================== Memory info ===========================

Percentage of memory in use: 16%
Total physical RAM: 16271.6 MB
Available physical RAM: 13590.43 MB
Total Pagefile: 32541.38 MB
Available Pagefile: 29643.07 MB
Total Virtual: 8192 MB
Available Virtual: 8191.8 MB

==================== Drives ================================

Drive c: (WIN7) (Fixed) (Total:745.21 GB) (Free:649.62 GB) NTFS ==>[system with boot components (obtained from reading drive)]
Drive d: (DATA) (Fixed) (Total:1099.13 GB) (Free:1009.64 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: 4500EEC2)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=19 GB) - (Type=1B)
Partition 3: (Not Active) - (Size=745 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=-1018838824448) - (Type=07 NTFS)

==================== End Of Log ============================

Link to post
Share on other sites

Good......

Download the attached fixlist.txt to the same folder as FRST.

Run FRST and click Fix only once and wait

The tool will create a log (Fixlog.txt) in the folder, please post it to your reply.

Then......

Lets check your computers security before you go and we have a little cleanup to do also:

Download Security Check by screen317 from HERE or HERE.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • If you get Unsupported operating system. Aborting now, just reboot and try again.
  • A Notepad document should open automatically called checkup.txt.
  • Please Post the contents of that document.
  • Do Not Attach It!!!
MrC
Link to post
Share on other sites

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 31-10-2013
Ran by Quang Hong at 2013-11-02 13:52:02 Run:1
Running from C:\Users\Quang Hong\Desktop\pc fix
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
AppInit_DLLs-x32: c:\progra~2\browse~1\sprote~1.dll [ ] ()
C:\Users\Quang Hong\AppData\Local\Temp\libcurl-4.dll
C:\Users\Quang Hong\AppData\Local\Temp\libeay32.dll
C:\Users\Quang Hong\AppData\Local\Temp\libidn-11.dll
C:\Users\Quang Hong\AppData\Local\Temp\librtmp.dll
C:\Users\Quang Hong\AppData\Local\Temp\libssh2.dll
C:\Users\Quang Hong\AppData\Local\Temp\ntdll_dump.dll
C:\Users\Quang Hong\AppData\Local\Temp\Quarantine.exe
C:\Users\Quang Hong\AppData\Local\Temp\ssleay32.dll
C:\Users\Quang Hong\AppData\Local\Temp\zlib1.dll
*****************

HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs => Value was restored successfully.
C:\Users\Quang Hong\AppData\Local\Temp\libcurl-4.dll => Moved successfully.
C:\Users\Quang Hong\AppData\Local\Temp\libeay32.dll => Moved successfully.
C:\Users\Quang Hong\AppData\Local\Temp\libidn-11.dll => Moved successfully.
C:\Users\Quang Hong\AppData\Local\Temp\librtmp.dll => Moved successfully.
C:\Users\Quang Hong\AppData\Local\Temp\libssh2.dll => Moved successfully.
C:\Users\Quang Hong\AppData\Local\Temp\ntdll_dump.dll => Moved successfully.
C:\Users\Quang Hong\AppData\Local\Temp\Quarantine.exe => Moved successfully.
C:\Users\Quang Hong\AppData\Local\Temp\ssleay32.dll => Moved successfully.
C:\Users\Quang Hong\AppData\Local\Temp\zlib1.dll => Moved successfully.

==== End of Fixlog ====

Link to post
Share on other sites

 Results of screen317's Security Check version 0.99.76  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 10  
``````````````Antivirus/Firewall Check:``````````````
 Windows Security Center service is not running! This report may not be accurate!
 Windows Firewall Enabled!  
Microsoft Security Essentials                 
Trend Micro Titanium Internet Security 2012   
 Antivirus up to date!  (On Access scanning disabled!)
`````````Anti-malware/Other Utilities Check:`````````
 Malwarebytes Anti-Malware version 1.75.0.1300  
 Adobe Flash Player 11.9.900.117  
 Adobe Reader XI  
 Mozilla Firefox (25.0)
````````Process Check: objlist.exe by Laurent````````  
 Microsoft Security Essentials MSMpEng.exe
 Microsoft Security Essentials msseces.exe
 Malwarebytes Anti-Malware mbamservice.exe  
 Malwarebytes Anti-Malware mbamgui.exe  
 Malwarebytes' Anti-Malware mbamscheduler.exe   
 Trend Micro Titanium TiMiniService.exe  
 Trend Micro Titanium TiResumeSrv.exe  
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 11% Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log``````````````````````
 

Link to post
Share on other sites

Looks OK thumbsup.gif

A little clean up to do....

Please Uninstall ComboFix: (if you used it)

Press the Windows logo key + R to bring up the "run box"

Copy and paste next command in the field:

ComboFix /uninstall

Make sure there's a space between Combofix and /

cf2.jpg

Then hit enter.

This will uninstall Combofix, delete its related folders and files, hide file extensions, hide the system/hidden files and clears System Restore cache and create new Restore point

(If that doesn't work.....you can simply rename ComboFix.exe to Uninstall.exe and double click it to complete the uninstall or download and run the uninstaller)

---------------------------------

Please download OTC to your desktop.

http://oldtimer.geekstogo.com/OTC.exe

Double-click OTC to run it. (Vista and up users, please right click on OTC and select "Run as an Administrator")

Click on the CleanUp! button and follow the prompts.

(If you get a warning from your firewall or other security programs regarding OTC attempting to contact the Internet, please allow the connection.)

You will be asked to reboot the machine to finish the Cleanup process, choose Yes.

After the reboot all the tools we used should be gone.

Note: Some more recently created tools may not yet be removed by OTC. Feel free to manually delete any tools it leaves behind.

Any other programs or logs you can manually delete.

IE: RogueKiller.exe, RKreport.txt, RK_Quarantine folder, C:\FRST, MBAR, etc....AdwCleaner > just run the program and click uninstall.

Note:

If you used FRST and can't delete the quarantine folder:

Download the fixlist.txt to the same folder as FRST.

Run FRST and click Fix only once and wait

That will delete the quarantine folder created by FRST.

The rest you can manually delete.

-------------------------------

Any questions...please post back.

If you think I've helped you, please leave a comment > click on my avatar picture > click Profile Feed.

Take a look at My Preventive Maintenance to avoid being infected again. (also HERE)

Good Luck and Thanks for using the forum, MrC

Link to post
Share on other sites
  • Root Admin

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.