Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

I can't connect Internet after using coombofix


  • This topic is locked This topic is locked
28 replies to this topic

#1 papypupo

papypupo

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:03:45 AM

Posted 25 September 2012 - 02:22 AM

After using combofix, i log off computer, it's till ok.But when i shut down, later i turn on it can't connect to the Internet by cable.
I try to repair, and it say :
" The 'Network Bridge' adpater is experiencing problem.
Windows Help and Support can provide more information about rosoving driver or hardware issues"
Click Next, It say
"Plug an Ethernet cable into Computer...."
Of course, i do it. Clearly, when i plug cable into other computer, it's ok. But my computer, it's not.
Eeven i use System Restore . I choose "Combofix create restore point". But it''s not change...
And here is Device Manager
Posted Image

Thanks in advance
Regard,
papypupo

Edited by papypupo, 25 September 2012 - 03:21 AM.


BC AdBot (Login to Remove)

 


#2 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,768 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:10:45 AM

Posted 25 September 2012 - 04:19 AM

Hi papuyo,

have you run any other tools besidse ComboFix? Could we see the ComboFix log please?

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#3 papypupo

papypupo
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:03:45 AM

Posted 25 September 2012 - 07:16 AM

Hi myrti,
Yes, but The internet disappear after i only use combofix.

Combofix

ComboFix 12-09-22.02 - Hoang 09/22/2012 22:22:57.2.2 - x86
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.2047.1153 [GMT 7:00]
Running from: c:\users\Hoang\Desktop\ComboFix.exe
Command switches used :: c:\users\Hoang\Desktop\CFScript.txt
AV: Kaspersky Internet Security *Disabled/Updated* {C3113FBF-4BCB-4461-D78D-6EDFEC9593E5}
FW: Kaspersky Internet Security *Disabled* {FB2ABE9A-01A4-4539-FCD2-C7EA1246D49E}
SP: Kaspersky Internet Security *Disabled/Updated* {7870DE5B-6DF1-4BEF-ED3D-55AD9712D958}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Hoang\AppData\Roaming\Microsoft\Windows\Templates\temp.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-08-22 to 2012-09-22 )))))))))))))))))))))))))))))))
.
.
2012-09-22 15:30 . 2012-09-22 15:32 -------- d-----w- c:\users\Hoang\AppData\Local\temp
2012-09-20 06:03 . 2012-09-22 15:14 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{E73F0363-E37F-4AA3-870A-6E047C8F046D}\offreg.dll
2012-09-20 05:06 . 2012-09-20 05:06 -------- d-----w- c:\users\Hoang\AppData\Roaming\Malwarebytes
2012-09-20 05:06 . 2012-09-20 05:06 -------- d-----w- c:\programdata\Malwarebytes
2012-09-20 05:05 . 2012-09-07 10:04 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-09-20 05:05 . 2012-09-20 05:06 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-09-17 01:59 . 2012-09-17 01:59 -------- d-----w- c:\users\Hoang\AppData\Local\Octoshape
2012-09-17 01:23 . 2012-09-19 07:03 -------- d-----w- c:\users\Hoang\AppData\Roaming\SimpleTV V03
2012-09-17 00:46 . 2012-09-17 00:46 -------- d-----w- c:\program files\Kevin Soft
2012-09-12 15:35 . 2012-09-12 15:35 -------- d-----w- c:\users\Hoang\AppData\Roaming\Yahoo!
2012-09-12 14:32 . 2012-09-12 14:32 -------- d-----w- c:\windows\ELAMBKUP
2012-09-12 14:32 . 2012-09-12 14:32 -------- d-----w- c:\program files\Kaspersky Lab
2012-09-12 14:31 . 2012-08-13 11:24 75096 ----a-w- c:\windows\system32\drivers\klflt.sys
2012-09-12 13:23 . 2012-09-12 13:23 -------- d-----w- c:\users\Hoang\AppData\Roaming\SuperAdBlocker.com
2012-09-12 13:20 . 2012-09-22 10:45 -------- d-----w- c:\program files\blekkotb_031
2012-09-12 13:20 . 2012-09-12 13:33 -------- d-----w- c:\users\Hoang\AppData\Local\blekkotb_031
2012-09-12 13:20 . 2012-09-12 13:20 -------- d-----w- c:\programdata\Anti-phishing Domain Advisor
2012-09-12 11:57 . 2012-09-12 11:57 -------- d-----w- c:\program files\cFosSpeed
2012-09-12 11:57 . 2012-08-09 08:42 1244072 ----a-w- c:\windows\system32\drivers\cfosspeed6.sys
2012-09-12 11:23 . 2012-09-12 11:23 -------- d-----w- c:\users\Hoang\AppData\Local\cFos
2012-09-12 11:22 . 2012-09-12 11:22 -------- d-----w- c:\programdata\cFos
2012-09-11 18:41 . 2012-09-11 18:45 -------- d-----w- c:\users\Hoang\AppData\Roaming\Winamp
2012-09-11 18:40 . 2012-09-11 18:52 -------- d-----w- c:\users\Hoang\AppData\Local\Pokki
2012-09-11 18:25 . 2012-09-11 18:25 -------- d-----w- c:\program files\Google
2012-09-11 18:23 . 2012-09-11 18:26 -------- d-----w- c:\program files\K-Lite Codec Pack
2012-09-11 16:03 . 2012-09-11 16:03 -------- d-----w- c:\program files\Common Files\Java
2012-09-11 16:02 . 2012-09-11 16:02 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2012-09-05 12:35 . 2012-08-02 00:23 97632 ----a-w- c:\windows\system32\drivers\idmwfp.sys
2012-08-29 23:41 . 2012-07-23 08:59 22400 ----a-w- c:\windows\system32\RegistryDefragBootTime.exe
2012-08-29 16:32 . 2012-08-29 16:39 -------- d-----w- c:\programdata\IObit
2012-08-27 20:27 . 2012-08-19 18:53 7023536 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{E73F0363-E37F-4AA3-870A-6E047C8F046D}\mpengine.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-09-21 16:58 . 2012-05-05 06:04 696240 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-09-21 16:58 . 2011-06-23 18:31 73136 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-09-18 06:20 . 2012-07-25 07:53 25944 ----a-w- c:\windows\system32\drivers\klmouflt.sys
2012-09-18 06:20 . 2012-05-25 12:38 25944 ----a-w- c:\windows\system32\drivers\klkbdflt.sys
2012-09-11 16:02 . 2012-07-08 20:25 821736 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-09-11 16:02 . 2011-12-21 16:41 746984 ----a-w- c:\windows\system32\deployJava1.dll
2012-08-13 09:49 . 2012-08-13 09:49 144344 ----a-w- c:\windows\system32\drivers\kneps.sys
2012-08-02 08:09 . 2012-08-02 08:09 24408 ----a-w- c:\windows\system32\drivers\klim6.sys
2012-07-11 10:09 . 2012-07-11 10:09 58712 ----a-w- c:\windows\system32\klfphc.dll
2012-06-27 02:14 . 2012-06-27 02:14 4472832 ----a-w- c:\windows\system32\GPhotos.scr
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2011-02-21 . 7BD7F45FF37FA0669CD32CA0EF46E22C . 811520 . . [6.1.7600.16385] . . c:\windows\System32\user32.dll
[7] 2009-07-14 . 34B7E222E81FAFA885F0C5F2CFA56861 . 811520 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IDM Shell Extension]
@="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"
[HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]
2012-02-08 00:49 22376 ----a-w- c:\program files\Internet Download Manager\IDMShellExt.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UniKey"="d:\unikey32\UniKeyNT.exe" [2009-08-31 261632]
"Simple Sticky Notes"="d:\simple sticky notes\ssn.exe" [2011-07-29 1689488]
"DU Meter"="d:\du meter\DUMeter.exe" [2010-07-19 2749984]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2004-04-17 196608]
"FreeCT"="d:\freecountdowntimer\FreeCountdownTimer.exe" [2011-11-17 1995088]
"IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [2012-09-05 3524032]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ETDWare"="c:\program files\Elantech\ETDCtrl.exe" [2009-07-30 497024]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-07-01 13789728]
"ATKMEDIA"="c:\program files\ASUS\ATK Media\DMedia.exe" [2009-08-19 170624]
"HControlUser"="c:\program files\ASUS\ATK Hotkey\HControlUser.exe" [2009-06-19 105016]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2010-09-03 9726568]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"cFosSpeed"="c:\program files\cFosSpeed\cFosSpeed.exe" [2012-08-09 1465256]
"Anti-phishing Domain Advisor"="c:\programdata\Anti-phishing Domain Advisor\visicom_antiphishing.exe" [2012-05-03 217256]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe" [2012-08-17 218880]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKLM\~\startupfolder\C:^Users^Hoang^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^21018101.exe]
backup=c:\windows\pss\21018101.exe.Startup
backupExtension=.Startup
.
[HKLM\~\startupfolder\C:^Users^Hoang^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS4ServiceManager]
2008-08-14 00:58 611712 ----a-w- c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2012-02-20 14:28 59240 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Pro Agent]
2011-08-17 07:29 4527424 ----a-w- d:\daemon tools pro\DTAgent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DU Meter]
2010-07-19 04:39 2749984 ----a-w- d:\du meter\DUMeter.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2010-08-11 10:13 136176 ----atw- c:\users\Hoang\AppData\Local\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2008-10-25 04:44 31072 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]
2012-02-22 13:49 6591800 ----a-w- c:\progra~1\Yahoo!\MESSEN~1\YahooMessenger.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Mobifone Imola ModemListener]
2011-06-20 02:00 102400 ----a-w- d:\3g fast connect\BackgroundService\ModemListener.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mtd2002Svr]
2002-10-05 06:05 544768 ----a-w- e:\@@job\english\mtd2002\mtdserver.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2012-04-18 13:56 421888 ----a-w- d:\quicktime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2010-04-14 11:07 185896 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
2012-06-20 16:13 74752 ----a-w- d:\winamp\winampa.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WordWeb]
2009-11-08 16:18 65216 ------w- d:\wordweb\wweb32.exe
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ISUSPM Startup"=c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
"Google Update"="c:\users\Hoang\AppData\Local\Google\Update\GoogleUpdate.exe" /c
"DU Meter"=d:\du meter\DUMeter.exe
"TypingSatellite"="e:\game\TypingMaster\KBOOST.EXE"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"ISUSScheduler"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\issch.exe" -start
"QuickTime Task"="d:\quicktime\QTTask.exe" -atboottime
"UIExec"="d:\3g\D-com 3G\UIExec.exe"
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiSpyWareDisableNotify"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
R1 SABKUTIL;SABKUTIL;d:\super_ad_blocker\SABKUTIL.sys [x]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]
R3 connctfy;Connectify Service;c:\windows\system32\DRIVERS\connctfy.sys [x]
R3 connctfyMP;connctfyMP;c:\windows\system32\DRIVERS\connctfy.sys [x]
R3 dump_wmimmc;dump_wmimmc; [x]
R3 EagleXNt;EagleXNt; [x]
R3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [x]
R3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [x]
R3 GarenaPEngine;GarenaPEngine; [x]
R3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\DRIVERS\ewusbdev.sys [x]
R3 jrdusbser;Modem Interface Device for Legacy Serial Communication;c:\windows\system32\DRIVERS\jrdusbser.sys [x]
R3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [x]
R3 mvusbews;USB EWS Device;c:\windows\system32\Drivers\mvusbews.sys [x]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [x]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 XDva349;XDva349; [x]
R3 ZTEusbvoice;ZTE VoUSB Port;c:\windows\system32\DRIVERS\ZTEusbvoice.sys [x]
S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys [x]
S1 kltdi;kltdi;c:\windows\system32\DRIVERS\kltdi.sys [x]
S1 kneps;kneps;c:\windows\system32\DRIVERS\kneps.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 DUMeterSvc;DU Meter Service;d:\du meter\DUMeterSvc.exe [x]
S2 HPSIService;HP SI Service;c:\windows\system32\HPSIsvc.exe [x]
S2 HssWd;Hotspot Shield Monitoring Service;d:\hotspot shield\bin\hsswd.exe [x]
S2 IDMWFP;IDMWFP;c:\windows\system32\DRIVERS\idmwfp.sys [x]
S2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [x]
S2 Mobifone Imola Modem Device Helper;Mobifone Imola Modem Device Helper;d:\3g fast connect\BackgroundService\ServiceManager.exe [x]
S2 NitroDriverReadSpool2;NitroPDFDriverCreatorReadSpool2;c:\program files\Nitro PDF\Professional 7\NitroPDFDriverService2.exe [x]
S2 nlsX86cc;Nalpeiron Licensing Service;c:\windows\system32\NLSSRV32.EXE [x]
S2 UI Assistant Service;UI Assistant Service;d:\3g\D-com 3G\AssistantServices.exe [x]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [x]
S3 klkbdflt;Kaspersky Lab KLKBDFLT;c:\windows\system32\DRIVERS\klkbdflt.sys [x]
S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-09-22 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-05 16:58]
.
2012-09-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3412283495-859865559-2459308584-1000Core.job
- c:\users\Hoang\AppData\Local\Google\Update\GoogleUpdate.exe [2010-08-11 10:13]
.
2012-09-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3412283495-859865559-2459308584-1000UA.job
- c:\users\Hoang\AppData\Local\Google\Update\GoogleUpdate.exe [2010-08-11 10:13]
.
.
------- Supplementary Scan -------
.
uLocal Page = hxxp://www.google.com/
uStart Page = hxxp://blekko.com/ws/?source={SourceID}&toolbarid=TOOLBARNAMESPACE&u=USERGUID&tbp=homepage
uDefault_Search_URL = hxxp://www.google.com/ie
mStart Page = hxxp://www.google.com/
mLocal Page = hxxp://www.google.com/
uInternet Settings,ProxyServer = http=;ftp=;https=;
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Download all links with IDM - c:\program files\Internet Download Manager\IEGetAll.htm
IE: Download with IDM - c:\program files\Internet Download Manager\IEExt.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{22481E8A-EF79-4FC2-8E67-2FFBE82F2285}\36166656023716C6C697: NameServer = 8.8.8.8,8.8.4.4
TCP: Interfaces\{7783D14F-06E7-46F3-A604-DC4E2FE0BE08}: NameServer = 8.8.8.8,8.8.4.4
DPF: {7FB87A62-C850-4FA8-A82F-A12468FEBC1F} - hxxp://ongame.vn/activeX/OnGameDownLoader.cab
FF - ProfilePath - c:\users\Hoang\AppData\Roaming\Mozilla\Firefox\Profiles\z6xxy90m.default\
FF - prefs.js: browser.startup.homepage - about:home
FF - prefs.js: network.proxy.http - 201.160.1.75
FF - prefs.js: network.proxy.http_port - 80
FF - prefs.js: network.proxy.type - 0
FF - user.js: yahoo.homepage.dontask - true
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\DUMeterSvc]
"ImagePath"="d:\du meter\DUMeterSvc.exe /startedbyscm:E1F6D4BE-40E33354-DUMeterService"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-3412283495-859865559-2459308584-1000_Classes\CLSID\{0fcccc65-6be5-4f25-981e-1458afe75c28}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"Model"=dword:00000085
"Therad"=dword:0000001d
"MData"=hex(0):73,d5,cf,b8,a4,07,89,80,31,e4,35,6b,2a,ca,fe,43,b6,1f,81,1f,5a,
1b,4d,36,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,\
.
[HKEY_USERS\S-1-5-21-3412283495-859865559-2459308584-1000_Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"scansk"=hex(0):a2,88,aa,5c,02,17,a7,53,a9,5b,21,c9,21,67,f1,d1,f1,77,12,cb,4f,
a3,70,b5,5a,0c,17,aa,29,93,e3,f7,09,bd,d6,40,be,d1,12,df,00,00,00,00,00,00,\
.
[HKEY_USERS\S-1-5-21-3412283495-859865559-2459308584-1000_Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"scansk"=hex(0):dc,3a,9a,98,a8,9d,68,42,9d,90,95,a9,e6,ce,d6,db,10,f0,8f,11,05,
e2,6a,2c,b5,d7,c7,71,de,dc,a0,26,19,68,3c,3e,9a,74,7a,3b,00,00,00,00,00,00,\
.
[HKEY_USERS\S-1-5-21-3412283495-859865559-2459308584-1000_Classes\CLSID\{fd675be6-a8aa-41f4-b79d-255f2b1b27f5}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"Model"=dword:000000be
"Therad"=dword:00000029
"MData"=hex(0):2b,8f,78,29,5a,0c,ce,ec,48,d4,68,e5,9f,6a,96,3e,ab,de,c5,81,26,
38,95,44,75,07,18,dd,fb,11,42,94,27,b7,99,0d,2a,ba,05,1a,a2,02,c9,3e,9b,f9,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\windows\system32\AUDIODG.EXE
c:\windows\system32\nvvsvc.exe
c:\program files\ASUS\ATK Hotkey\ASLDRSrv.exe
c:\program files\ATKGFNEX\GFNEXSrv.exe
c:\windows\SYSTEM32\astsrv.exe
c:\program files\cFosSpeed\spd.exe
c:\windows\system32\taskhost.exe
d:\hotspot shield\bin\openvpnas.exe
c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe
c:\program files\ASUS\ATK Hotkey\HControl.exe
c:\program files\ASUS\ATK Hotkey\ATKOSD.exe
c:\program files\Common Files\Nero\Nero BackItUp 4\NBService.exe
c:\windows\system32\UAService7.exe
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\program files\ASUS\ATK Hotkey\WDC.exe
c:\windows\system32\conhost.exe
d:\daemon tools pro\DTShellHlp.exe
.
**************************************************************************
.
Completion time: 2012-09-22 22:37:09 - machine was rebooted
ComboFix-quarantined-files.txt 2012-09-22 15:37
ComboFix2.txt 2012-09-22 10:48
.
Pre-Run: 21,159,374,848 bytes free
Post-Run: 20,728,045,568 bytes free
.
- - End Of File - - E31C6B7D98D19E1AE851088CA2F1EF66


FSS

Farbar Service Scanner Version: 19-09-2012
Ran by Hoang (administrator) on 23-09-2012 at 12:45:43
Running from "C:\Users\Hoang\Desktop\moi cau"
Microsoft Windows 7 Ultimate (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
There is no connection to network.
Google IP is accessible.
Attempt to access Google.com returned error: Other errors
Yahoo IP is accessible.
Attempt to access Yahoo.com returned error: Other errors


Windows Firewall:
=============

Firewall Disabled Policy:
==================
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall"=DWORD:0


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============

Other Services:
==============


File Check:
========
C:\Windows\system32\nsisvc.dll => MD5 is legit
C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\Windows\system32\dhcpcore.dll => MD5 is legit
C:\Windows\system32\Drivers\afd.sys => MD5 is legit
C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
C:\Windows\system32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\system32\dnsrslvr.dll => MD5 is legit
C:\Windows\system32\mpssvc.dll
[2009-07-14 06:53] - [2009-07-14 08:15] - 0565760 ____A (Microsoft Corporation) 5CD996CECF45CBC3E8D109C86B82D69E

C:\Windows\system32\bfe.dll
[2009-07-14 06:54] - [2009-07-14 08:14] - 0493568 ____A (Microsoft Corporation) 85AC71C045CEB054ED48A7841AAE0C11

C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
C:\Windows\system32\SDRSVC.dll
[2009-07-14 06:23] - [2009-07-14 08:16] - 0125952 ____A (Microsoft Corporation) 5FD90ABDBFAEE85986802622CBB03446

C:\Windows\system32\vssvc.exe
[2009-07-14 06:24] - [2009-07-14 08:14] - 1025536 ____A (Microsoft Corporation) 7EA2BCD94D9CFAF4C556F5CC94532A6C

C:\Windows\system32\wscsvc.dll => MD5 is legit
C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\system32\wuaueng.dll => MD5 is legit
C:\Windows\system32\qmgr.dll
[2009-07-14 06:30] - [2009-07-14 08:16] - 0589312 ____A (Microsoft Corporation) 53F476476F55A27F580661BDE09C4EC4

C:\Windows\system32\es.dll => MD5 is legit
C:\Windows\system32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit


**** End of log ****


OTL

OTL logfile created on: 9/23/2012 3:40:11 PM - Run 2
OTL by OldTimer - Version 3.2.65.1 Folder = C:\Users\Hoang\Desktop\New folder (2)
Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.20 Gb Available Physical Memory | 59.85% Memory free
4.00 Gb Paging File | 2.82 Gb Available in Paging File | 70.60% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 65.13 Gb Total Space | 18.87 Gb Free Space | 28.97% Space Free | Partition Type: NTFS
Drive D: | 34.28 Gb Total Space | 9.18 Gb Free Space | 26.77% Space Free | Partition Type: NTFS
Drive E: | 198.68 Gb Total Space | 34.55 Gb Free Space | 17.39% Space Free | Partition Type: NTFS

Computer Name: HOANG-PC | User Name: Hoang | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/09/22 21:58:26 | 000,600,576 | ---- | M] (OldTimer Tools) -- C:\Users\Hoang\Desktop\New folder (2)\OTL.exe
PRC - [2012/09/05 21:31:41 | 003,524,032 | ---- | M] (Tonec Inc.) -- C:\Program Files\Internet Download Manager\IDMan.exe
PRC - [2012/08/17 21:43:06 | 000,218,880 | ---- | M] (Kaspersky Lab ZAO) -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe
PRC - [2012/08/09 15:42:18 | 000,442,280 | R--- | M] (cFos Software GmbH) -- C:\Program Files\cFosSpeed\spd.exe
PRC - [2012/08/09 15:42:16 | 001,465,256 | R--- | M] (cFos Software GmbH) -- C:\Program Files\cFosSpeed\cfosspeed.exe
PRC - [2012/05/04 01:07:40 | 000,217,256 | ---- | M] (Visicom Media Inc. (Powered by Panda Security)) -- C:\ProgramData\Anti-phishing Domain Advisor\visicom_antiphishing.exe
PRC - [2012/04/02 00:20:52 | 000,069,640 | ---- | M] (Nalpeiron Ltd.) -- C:\Windows\System32\NLSSRV32.EXE
PRC - [2012/04/02 00:20:44 | 000,175,624 | ---- | M] (Nitro PDF Software) -- C:\Program Files\Nitro PDF\Professional 7\NitroPDFDriverService2.exe
PRC - [2011/11/17 21:48:22 | 001,995,088 | ---- | M] (Comfort Software Group) -- D:\FreeCountdownTimer\FreeCountdownTimer.exe
PRC - [2011/08/17 14:28:14 | 003,120,448 | ---- | M] (DT Soft Ltd) -- D:\DAEMON Tools Pro\DTShellHlp.exe
PRC - [2011/07/29 12:39:56 | 001,689,488 | ---- | M] (Simnet Ltd) -- D:\Simple Sticky Notes\ssn.exe
PRC - [2011/06/20 09:00:24 | 000,049,752 | ---- | M] () -- D:\3G FAST CONNECT\BackgroundService\ServiceManager.exe
PRC - [2010/07/27 07:00:06 | 000,247,808 | ---- | M] () -- D:\Hotspot Shield\bin\openvpnas.exe
PRC - [2010/07/27 05:41:12 | 000,107,568 | ---- | M] () -- D:\Hotspot Shield\bin\openvpntray.exe
PRC - [2010/07/19 11:39:41 | 002,749,984 | ---- | M] (Hagel Technologies Ltd.) -- D:\DU Meter\DUMeter.exe
PRC - [2010/06/23 09:48:08 | 000,322,608 | ---- | M] () -- D:\Hotspot Shield\bin\hsswd.exe
PRC - [2010/03/16 19:39:54 | 000,126,976 | ---- | M] () -- C:\Windows\System32\UAService7.exe
PRC - [2010/02/10 17:34:50 | 000,247,296 | ---- | M] () -- D:\3G\D-com 3G\AssistantServices.exe
PRC - [2009/11/10 01:57:54 | 000,099,896 | ---- | M] (HP) -- C:\Windows\System32\HPSIsvc.exe
PRC - [2009/10/31 12:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/09/23 13:38:18 | 000,935,208 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
PRC - [2009/09/04 16:22:56 | 001,391,136 | ---- | M] (Hagel Technologies Ltd.) -- D:\DU Meter\DUMeterSvc.exe
PRC - [2009/09/01 02:13:42 | 000,261,632 | ---- | M] () -- D:\unikey32\UniKeyNT.exe
PRC - [2009/08/19 20:31:48 | 000,170,624 | ---- | M] (ASUS) -- C:\Program Files\ASUS\ATK Media\DMedia.exe
PRC - [2009/08/12 14:20:46 | 000,178,816 | ---- | M] (ASUS) -- C:\Program Files\ASUS\ATK Hotkey\HControl.exe
PRC - [2009/07/30 18:44:10 | 000,497,024 | ---- | M] (ELAN Microelectronic Corp.) -- C:\Program Files\Elantech\ETDCtrl.exe
PRC - [2009/07/14 08:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2009/07/14 08:14:12 | 000,100,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\audiodg.exe
PRC - [2009/06/19 10:29:42 | 000,105,016 | ---- | M] (ASUS) -- C:\Program Files\ASUS\ATK Hotkey\HControlUser.exe
PRC - [2009/06/19 10:29:26 | 002,488,888 | ---- | M] (ASUS) -- C:\Program Files\ASUS\ATK Hotkey\ATKOSD.exe
PRC - [2009/06/15 17:30:42 | 000,084,536 | ---- | M] (ASUS) -- C:\Program Files\ASUS\ATK Hotkey\AsLdrSrv.exe
PRC - [2008/12/22 17:15:34 | 000,174,648 | ---- | M] (ASUS) -- C:\Program Files\ASUS\ATK Hotkey\WDC.exe
PRC - [2008/11/10 03:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/05/07 17:48:12 | 000,057,344 | ---- | M] (Nalpeiron Ltd.) -- C:\Windows\System32\ASTSRV.EXE
PRC - [2007/08/08 00:08:40 | 000,094,208 | ---- | M] () -- C:\Program Files\ATKGFNEX\GFNEXSrv.exe


========== Modules (No Company Name) ==========

MOD - [2012/08/17 21:38:56 | 000,479,160 | ---- | M] () -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\dblite.dll
MOD - [2010/07/27 05:41:12 | 000,107,568 | ---- | M] () -- D:\Hotspot Shield\bin\openvpntray.exe
MOD - [2010/07/27 05:40:40 | 000,003,072 | ---- | M] () -- D:\Hotspot Shield\bin\lang\gui-eng.dll
MOD - [2009/10/23 11:18:58 | 000,274,432 | ---- | M] () -- C:\Windows\System32\spool\drivers\w32x86\3\hp1100sd.dll
MOD - [2009/10/23 11:18:50 | 002,256,896 | ---- | M] () -- C:\Windows\System32\spool\drivers\w32x86\3\hp1100su.dll
MOD - [2009/10/23 11:18:14 | 000,794,624 | ---- | M] () -- C:\Windows\System32\spool\drivers\w32x86\3\HP1100GC.DLL
MOD - [2009/09/01 02:13:42 | 000,261,632 | ---- | M] () -- D:\unikey32\UniKeyNT.exe
MOD - [2009/09/01 02:13:38 | 000,244,736 | ---- | M] () -- D:\unikey32\UKHook40.dll
MOD - [2009/02/14 05:04:38 | 000,756,040 | ---- | M] () -- C:\Program Files\Common Files\microsoft shared\OFFICE12\MSPTLS.DLL


========== Services (SafeList) ==========

SRV - [2012/09/21 23:58:48 | 000,250,288 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/08/17 21:43:06 | 000,218,880 | ---- | M] (Kaspersky Lab ZAO) [Auto | Running] -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe -- (AVP)
SRV - [2012/08/09 15:42:18 | 000,442,280 | R--- | M] (cFos Software GmbH) [Auto | Running] -- C:\Program Files\cFosSpeed\spd.exe -- (cFosSpeedS)
SRV - [2012/04/02 00:20:52 | 000,069,640 | ---- | M] (Nalpeiron Ltd.) [Auto | Running] -- C:\Windows\System32\NLSSRV32.EXE -- (nlsX86cc)
SRV - [2012/04/02 00:20:44 | 000,175,624 | ---- | M] (Nitro PDF Software) [Auto | Running] -- C:\Program Files\Nitro PDF\Professional 7\NitroPDFDriverService2.exe -- (NitroDriverReadSpool2)
SRV - [2011/06/20 09:00:24 | 000,049,752 | ---- | M] () [Auto | Running] -- D:\3G FAST CONNECT\BackgroundService\ServiceManager.exe -- (Mobifone Imola Modem Device Helper)
SRV - [2010/07/27 07:00:06 | 000,247,808 | ---- | M] () [Auto | Running] -- D:\Hotspot Shield\bin\openvpnas.exe -- (HotspotShieldService)
SRV - [2010/07/27 05:41:20 | 000,057,640 | ---- | M] () [On_Demand | Stopped] -- D:\Hotspot Shield\bin\HssTrayService.exe -- (HssTrayService)
SRV - [2010/06/23 09:48:08 | 000,322,608 | ---- | M] () [Auto | Running] -- D:\Hotspot Shield\bin\hsswd.exe -- (HssWd)
SRV - [2010/05/05 23:32:10 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/03/16 19:39:54 | 000,126,976 | ---- | M] () [Auto | Running] -- C:\Windows\System32\UAService7.exe -- (UserAccess7)
SRV - [2010/03/04 17:25:51 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2010/02/25 03:01:00 | 003,432,444 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\System32\GameMon.des -- (npggsvc)
SRV - [2010/02/10 17:34:50 | 000,247,296 | ---- | M] () [Auto | Running] -- D:\3G\D-com 3G\AssistantServices.exe -- (UI Assistant Service)
SRV - [2009/11/10 01:57:54 | 000,099,896 | ---- | M] (HP) [Auto | Running] -- C:\Windows\System32\HPSIsvc.exe -- (HPSIService)
SRV - [2009/09/23 13:38:18 | 000,935,208 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)
SRV - [2009/09/04 16:22:56 | 001,391,136 | ---- | M] (Hagel Technologies Ltd.) [Auto | Running] -- D:\DU Meter\DUMeterSvc.exe -- (DUMeterSvc)
SRV - [2009/07/14 08:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/14 08:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/14 08:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009/06/15 17:30:42 | 000,084,536 | ---- | M] (ASUS) [Auto | Running] -- C:\Program Files\ASUS\ATK Hotkey\AsLdrSrv.exe -- (ASLDRService)
SRV - [2008/11/10 03:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/05/07 17:48:12 | 000,057,344 | ---- | M] (Nalpeiron Ltd.) [Auto | Running] -- C:\Windows\System32\ASTSRV.EXE -- (astcc)
SRV - [2007/08/08 00:08:40 | 000,094,208 | ---- | M] () [Auto | Running] -- C:\Program Files\ATKGFNEX\GFNEXSrv.exe -- (ATKGFNEXSrv)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (XDva349)
DRV - File not found [Kernel | On_Demand | Stopped] -- D:\Super_Ad_Blocker\SABProcEnum.sys -- (SABProcEnum)
DRV - File not found [Kernel | System | Stopped] -- D:\Super_Ad_Blocker\SABKUTIL.sys -- (SABKUTIL)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (GarenaPEngine)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (EagleXNt)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (dump_wmimmc)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\connctfy.sys -- (connctfyMP)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\connctfy.sys -- (connctfy)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\Hoang\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - File not found [Kernel | On_Demand | Unknown] -- -- (aym0ego1)
DRV - [2012/09/18 13:20:26 | 000,025,944 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\klmouflt.sys -- (klmouflt)
DRV - [2012/09/18 13:20:26 | 000,025,944 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\klkbdflt.sys -- (klkbdflt)
DRV - [2012/09/18 13:20:25 | 000,587,096 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\Windows\System32\drivers\klif.sys -- (KLIF)
DRV - [2012/08/13 16:49:44 | 000,144,344 | ---- | M] (Kaspersky Lab) [Kernel | System | Running] -- C:\Windows\System32\drivers\kneps.sys -- (kneps)
DRV - [2012/08/09 15:42:22 | 001,244,072 | ---- | M] (cFos Software GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\cfosspeed6.sys -- (cFosSpeed)
DRV - [2012/08/02 15:09:30 | 000,024,408 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\System32\drivers\klim6.sys -- (KLIM6)
DRV - [2012/08/02 07:23:14 | 000,097,632 | ---- | M] (Tonec Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\idmwfp.sys -- (IDMWFP)
DRV - [2012/06/19 17:28:12 | 000,136,024 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\kl1.sys -- (kl1)
DRV - [2012/06/08 11:38:12 | 000,043,608 | ---- | M] (Kaspersky Lab) [Kernel | System | Running] -- C:\Windows\System32\drivers\kltdi.sys -- (kltdi)
DRV - [2011/11/08 21:43:02 | 000,443,448 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sptd.sys -- (sptd)
DRV - [2011/06/20 09:00:46 | 000,106,112 | ---- | M] (TCT International Mobile Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\jrdusbser.sys -- (jrdusbser)
DRV - [2010/06/23 09:47:58 | 000,032,768 | ---- | M] (AnchorFree Inc) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\taphss.sys -- (taphss)
DRV - [2010/05/11 16:29:50 | 000,014,216 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\epmntdrv.sys -- (epmntdrv)
DRV - [2010/05/11 16:29:50 | 000,008,456 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\EuGdiDrv.sys -- (EuGdiDrv)
DRV - [2010/02/10 17:31:22 | 000,105,088 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbvoice.sys -- (ZTEusbvoice)
DRV - [2010/02/10 17:31:22 | 000,105,088 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbser6k.sys -- (ZTEusbser6k)
DRV - [2010/02/10 17:31:22 | 000,105,088 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbnmea.sys -- (ZTEusbnmea)
DRV - [2010/02/10 17:31:22 | 000,105,088 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbmdm6k.sys -- (ZTEusbmdm6k)
DRV - [2010/02/10 17:31:22 | 000,009,216 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\massfilter.sys -- (massfilter)
DRV - [2009/12/07 19:53:18 | 000,103,168 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2009/10/26 14:01:40 | 000,017,408 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mvusbews.sys -- (mvusbews)
DRV - [2009/10/12 15:22:56 | 000,101,120 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbdev.sys -- (hwusbdev)
DRV - [2009/10/05 16:31:50 | 001,221,632 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2009/07/14 08:19:10 | 000,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2009/07/14 08:19:10 | 000,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2009/07/14 08:19:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2009/07/14 06:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2009/07/14 06:28:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2009/07/14 06:28:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2009/07/02 00:59:00 | 009,786,752 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2009/05/13 09:06:48 | 000,014,392 | ---- | M] (ASUS) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ATKACPI.sys -- (MTsensor)
DRV - [2007/07/24 11:09:04 | 000,013,880 | ---- | M] () [Kernel | Auto | Running] -- C:\Program Files\ATKGFNEX\ASMMAP.sys -- (ASMMAP)
DRV - [2005/01/03 04:43:08 | 000,004,682 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\npptNT2.sys -- (NPPTNT2)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = http://www.google.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://blekko.com/ws...ID&tbp=homepage
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = D0 E3 91 B1 5A 03 CC 01 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}: "URL" = ${ChromeSearchURLIE}
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...h?q={searcerms}
IE - HKCU\..\SearchScopes\{DB260BBA-D3D8-4372-A2A4-D59C08FEE66C}: "URL" = http://www.google.co...ie=utf8&oe=utf8
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=;ftp=;https=;

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.startup.homepage: "about:home"
FF - prefs.js..extensions.enabledAddons: firefox-extension@shareaholic.com:3.0.1
FF - prefs.js..extensions.enabledAddons: thanhhoangxuan@vccorp.vn:0.9.61
FF - prefs.js..extensions.enabledAddons: wcapturex@deskperience.com:5.0.4405
FF - prefs.js..extensions.enabledAddons: feedly@devhd:10.2
FF - prefs.js..extensions.enabledAddons: {b442f4c0-c292-4998-aabe-48608a73ba75}:1.1
FF - prefs.js..extensions.enabledAddons: {64161300-e22b-11db-8314-0800200c9a66}:0.9.6.8
FF - prefs.js..extensions.enabledAddons: mozilla_cc@internetdownloadmanager.com:7.3.26
FF - prefs.js..extensions.enabledAddons: url_advisor@kaspersky.com:13.0.1.4190
FF - prefs.js..extensions.enabledAddons: anti_banner@kaspersky.com:13.0.1.4190
FF - prefs.js..extensions.enabledItems: mozilla_cc@internetdownloadmanager.com:6.9.8
FF - prefs.js..extensions.enabledItems:
FF - prefs.js..extensions.enabledItems: linkfilter@kaspersky.ru:9.0.0.716
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1.1
FF - prefs.js..extensions.enabledItems:
FF - prefs.js..extensions.enabledItems:
FF - prefs.js..extensions.enabledItems:
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-1208198ce6fd}:1.6.17
FF - prefs.js..network.proxy.http: "201.160.1.75"
FF - prefs.js..network.proxy.http_port: 80
FF - prefs.js..network.proxy.socks_version: 4
FF - prefs.js..network.proxy.type: 0


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_265.dll ()
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: D:\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@pages.tvunetworks.com/WebPlayer: File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.11.3088: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.2.3146: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.11.3006: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@Zing.vn/ZingChat,version=2.0.0: C:\Program Files\VinaGame\Zing Chat\Bin\npZCFFP.dll ( )
FF - HKLM\Software\MozillaPlugins\@zing.vn/ZingPlay-WebControl-1,version=1.0.1: C:\Program Files\VinaGame\ZingPlay\npWebActivater.dll (VNG Corp.)
FF - HKCU\Software\MozillaPlugins\@octoshape.com/Octoshape Streaming Services,version=1.0: C:\Users\Hoang\AppData\Roaming\Octoshape\Octoshape Streaming Services\sua-1103234-0-npoctoshape.dll (Octoshape ApS)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Hoang\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Hoang\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\url_advisor@kaspersky.com: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\url_advisor@kaspersky.com [2012/09/12 21:33:01 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\virtual_keyboard@kaspersky.com: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\virtual_keyboard@kaspersky.com [2012/09/12 21:33:04 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\content_blocker@kaspersky.com: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\content_blocker@kaspersky.com [2012/09/12 21:32:23 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\anti_banner@kaspersky.com: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\anti_banner@kaspersky.com [2012/09/12 21:32:20 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\online_banking@kaspersky.com: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\online_banking@kaspersky.com [2012/09/12 21:32:36 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: D:\Firefox 3.5\components [2012/07/28 09:11:29 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: D:\Firefox 3.5\plugins [2012/07/10 23:41:41 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\wcapturex@deskperience.com: D:\WordWeb\WCaptureMoz [2012/04/01 11:01:47 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\mozilla_cc@internetdownloadmanager.com: C:\Users\Hoang\AppData\Roaming\IDM\idmmzcc5 [2012/09/11 22:47:00 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: D:\Firefox 3.5\components [2012/07/28 09:11:29 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: D:\Firefox 3.5\plugins [2012/07/10 23:41:41 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\SeaMonkey\Extensions\\mozilla_cc@internetdownloadmanager.com: C:\Users\Hoang\AppData\Roaming\IDM\idmmzcc5 [2012/09/11 22:47:00 | 000,000,000 | ---D | M]

[2010/02/05 22:18:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Hoang\AppData\Roaming\Mozilla\Extensions
[2012/09/18 23:34:08 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Hoang\AppData\Roaming\Mozilla\Firefox\Profiles\z6xxy90m.default\extensions
[2012/01/07 20:17:01 | 000,000,000 | ---D | M] (IE Tab 2 (FF 3.6+)) -- C:\Users\Hoang\AppData\Roaming\Mozilla\Firefox\Profiles\z6xxy90m.default\extensions\{1BC9BA34-1EED-42ca-A505-6D2F1A935BBB}
[2012/05/31 12:02:20 | 000,000,000 | ---D | M] (Bloody Red) -- C:\Users\Hoang\AppData\Roaming\Mozilla\Firefox\Profiles\z6xxy90m.default\extensions\{2458abc0-f443-11dd-87af-0800200c9a66}
[2012/05/19 09:42:55 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Hoang\AppData\Roaming\Mozilla\Firefox\Profiles\z6xxy90m.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2012/08/28 12:08:53 | 000,000,000 | ---D | M] (FT DeepDark) -- C:\Users\Hoang\AppData\Roaming\Mozilla\Firefox\Profiles\z6xxy90m.default\extensions\{77d2ed30-4cd2-11e0-b8af-0800200c9a66}
[2012/09/12 20:20:16 | 000,000,000 | ---D | M] (blekko search bar) -- C:\Users\Hoang\AppData\Roaming\Mozilla\Firefox\Profiles\z6xxy90m.default\extensions\{8769adce-dba5-48e9-afb5-67b12cdf2e61}
[2010/08/17 13:06:04 | 000,000,000 | ---D | M] (BlockSite) -- C:\Users\Hoang\AppData\Roaming\Mozilla\Firefox\Profiles\z6xxy90m.default\extensions\{dd3d7613-0246-469d-bc65-2a3cc1668adc}
[2012/05/31 12:02:55 | 000,000,000 | ---D | M] (Afterglow) -- C:\Users\Hoang\AppData\Roaming\Mozilla\Firefox\Profiles\z6xxy90m.default\extensions\afterglow@www.theme-oasis.org
[2012/08/12 22:24:40 | 000,000,000 | ---D | M] (Foxdie) -- C:\Users\Hoang\AppData\Roaming\Mozilla\Firefox\Profiles\z6xxy90m.default\extensions\Foxdie@tanjihay.com
[2012/09/18 23:34:08 | 000,000,000 | ---D | M] (IDM CC) -- C:\Users\Hoang\AppData\Roaming\Mozilla\Firefox\Profiles\z6xxy90m.default\extensions\mozilla_cc@internetdownloadmanager.com
[2012/04/05 16:16:18 | 000,000,000 | ---D | M] (Soha Tra tu Plugin) -- C:\Users\Hoang\AppData\Roaming\Mozilla\Firefox\Profiles\z6xxy90m.default\extensions\thanhhoangxuan@vccorp.vn
[2012/05/31 12:02:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Hoang\AppData\Roaming\Mozilla\Firefox\Profiles\z6xxy90m.default\extensions\afterglow@www.theme-oasis.org\chrome\afterglow\mozapps\extensions
[2012/06/06 22:33:30 | 000,183,536 | ---- | M] () (No name found) -- C:\Users\Hoang\AppData\Roaming\Mozilla\Firefox\Profiles\z6xxy90m.default\extensions\afterglow_options@www.theme-oasis.org.xpi
[2012/03/31 21:46:50 | 003,250,933 | ---- | M] () (No name found) -- C:\Users\Hoang\AppData\Roaming\Mozilla\Firefox\Profiles\z6xxy90m.default\extensions\AustralisRedesigned@pes.addons.mozilla.org.xpi
[2012/06/27 11:51:28 | 000,637,327 | ---- | M] () (No name found) -- C:\Users\Hoang\AppData\Roaming\Mozilla\Firefox\Profiles\z6xxy90m.default\extensions\feedly@devhd.xpi
[2011/11/23 11:45:52 | 000,161,864 | ---- | M] () (No name found) -- C:\Users\Hoang\AppData\Roaming\Mozilla\Firefox\Profiles\z6xxy90m.default\extensions\firefox-extension@shareaholic.com.xpi
[2012/05/12 12:40:24 | 001,487,960 | ---- | M] () (No name found) -- C:\Users\Hoang\AppData\Roaming\Mozilla\Firefox\Profiles\z6xxy90m.default\extensions\{0471d3b0-a403-11df-981c-0800200c9a66}.xpi
[2012/06/16 14:19:47 | 000,615,298 | ---- | M] () (No name found) -- C:\Users\Hoang\AppData\Roaming\Mozilla\Firefox\Profiles\z6xxy90m.default\extensions\{624bab10-c637-11dd-ad8b-0800200c9a66}.xpi
[2012/07/28 08:41:34 | 000,276,167 | ---- | M] () (No name found) -- C:\Users\Hoang\AppData\Roaming\Mozilla\Firefox\Profiles\z6xxy90m.default\extensions\{64161300-e22b-11db-8314-0800200c9a66}.xpi
[2011/06/20 13:24:58 | 000,167,626 | ---- | M] () (No name found) -- C:\Users\Hoang\AppData\Roaming\Mozilla\Firefox\Profiles\z6xxy90m.default\extensions\{a6ca9b3b-5e52-4f47-85d8-cca35bb57596}.xpi
[2012/07/11 13:36:09 | 000,032,829 | ---- | M] () (No name found) -- C:\Users\Hoang\AppData\Roaming\Mozilla\Firefox\Profiles\z6xxy90m.default\extensions\{b442f4c0-c292-4998-aabe-48608a73ba75}.xpi
[2012/07/28 08:41:35 | 000,741,958 | ---- | M] () (No name found) -- C:\Users\Hoang\AppData\Roaming\Mozilla\Firefox\Profiles\z6xxy90m.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2011/12/27 00:08:00 | 000,210,366 | ---- | M] () (No name found) -- C:\Users\Hoang\AppData\Roaming\Mozilla\Firefox\Profiles\z6xxy90m.default\extensions\{d62e0de0-401b-11dd-ae16-0800200c9a66}.xpi
[2010/01/01 02:00:00 | 000,001,884 | ---- | M] () (No name found) -- C:\Users\Hoang\AppData\Roaming\Mozilla\Firefox\Profiles\z6xxy90m.default\extensions\afterglow@www.theme-oasis.org\chrome\afterglow\mozapps\xpinstall\xpinstallConfirm.css
[2010/01/01 02:00:00 | 000,001,302 | ---- | M] () (No name found) -- C:\Users\Hoang\AppData\Roaming\Mozilla\Firefox\Profiles\z6xxy90m.default\extensions\afterglow@www.theme-oasis.org\chrome\afterglow\mozapps\xpinstall\xpinstallItemGeneric.png
[2012/09/12 21:32:20 | 000,000,000 | ---D | M] (Anti-Banner) -- C:\PROGRAM FILES\KASPERSKY LAB\KASPERSKY INTERNET SECURITY 2013\FFEXT\ANTI_BANNER@KASPERSKY.COM
[2012/09/12 21:33:01 | 000,000,000 | ---D | M] (Kaspersky URL Advisor) -- C:\PROGRAM FILES\KASPERSKY LAB\KASPERSKY INTERNET SECURITY 2013\FFEXT\URL_ADVISOR@KASPERSKY.COM
[2012/04/01 11:01:47 | 000,000,000 | ---D | M] (WordWeb one-click lookup) -- D:\WORDWEB\WCAPTUREMOZ

========== Chrome ==========

CHR - homepage:
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage:
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Hoang\AppData\Local\Google\Chrome\Application\21.0.1180.89\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Hoang\AppData\Local\Google\Chrome\Application\21.0.1180.89\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Hoang\AppData\Local\Google\Chrome\Application\21.0.1180.89\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Hoang\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Cooliris (Enabled) = C:\Users\Hoang\AppData\Local\Google\Chrome\User Data\Default\Extensions\noocneohefmdhonidldnlhaainpiomkp\1.12.3.48771_0\lib/cooliris.dll
CHR - plugin: Java Deployment Toolkit 6.0.300.12 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U30 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = D:\Firefox 3.5\plugins\np-mswmp.dll
CHR - plugin: Foxit Reader Plugin for Mozilla (Enabled) = D:\Firefox 3.5\plugins\npFoxitReaderPlugin.dll
CHR - plugin: Microsoft Office 2003 (Enabled) = D:\Firefox 3.5\plugins\NPOFFICE.DLL
CHR - plugin: PDF-XChange Viewer (Enabled) = D:\Firefox 3.5\plugins\npPDFXCviewNPPlugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = D:\Firefox 3.5\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = D:\Firefox 3.5\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = D:\Firefox 3.5\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = D:\Firefox 3.5\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = D:\Firefox 3.5\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = D:\Firefox 3.5\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = D:\Firefox 3.5\plugins\npqtplugin7.dll
CHR - plugin: Winamp Application Detector (Enabled) = D:\Firefox 3.5\plugins\npwachk.dll
CHR - plugin: RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll
CHR - plugin: Firefox Plugin for Zing Chat (Enabled) = C:\Program Files\VinaGame\Zing Chat\Bin\npZCFFP.dll
CHR - plugin: ZingPlay WebActivater (Enabled) = C:\Program Files\VinaGame\ZingPlay\npWebActivater.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Hoang\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - Extension: BIODIGITAL HUMAN = C:\Users\Hoang\AppData\Local\Google\Chrome\User Data\Default\Extensions\agoenciogemlojlhccbcpcfflicgnaak\0.9.5_0\
CHR - Extension: YouTube = C:\Users\Hoang\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Kaspersky URL Advisor = C:\Users\Hoang\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\13.0.1.4190_0\
CHR - Extension: Zoho Show = C:\Users\Hoang\AppData\Local\Google\Chrome\User Data\Default\Extensions\fiicmodaknllfjlmeempmdcnoljgbpmi\1.2_0\
CHR - Extension: AdBlock = C:\Users\Hoang\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.45_0\
CHR - Extension: Cut the Rope = C:\Users\Hoang\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkddaofiamhgfjmaccfcfpfolpgbeomj\13_0\
CHR - Extension: Safe Money = C:\Users\Hoang\AppData\Local\Google\Chrome\User Data\Default\Extensions\hakdifolhalapjijoafobooafbilfakh\13.0.1.4190_0\
CHR - Extension: Feedly News Reader App = C:\Users\Hoang\AppData\Local\Google\Chrome\User Data\Default\Extensions\hipbfijinpcgfogaopmgehiegacbhmob\10.10.453_0\
CHR - Extension: Virtual Keyboard = C:\Users\Hoang\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\13.0.1.4190_0\
CHR - Extension: Speed Dial 2 = C:\Users\Hoang\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpfpebmajhhopeonhlcgidhclcccjcik\1.6.1_0\
CHR - Extension: SparkChess = C:\Users\Hoang\AppData\Local\Google\Chrome\User Data\Default\Extensions\khgabmflimjjbclkmljlpmgaleanedem\5.2.0.1_0\
CHR - Extension: Downloaders = C:\Users\Hoang\AppData\Local\Google\Chrome\User Data\Default\Extensions\lfjamigppmepikjlacjdpgjaiojdjhoj\1.4.4.4_0\
CHR - Extension: Quick Note = C:\Users\Hoang\AppData\Local\Google\Chrome\User Data\Default\Extensions\mijlebbfndhelmdpmllgcfadlkankhok\1.4.1_0\
CHR - Extension: Better Pop Up Blocker = C:\Users\Hoang\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmpeeekfhbmikbdhlpjbfmnpgcbeggic\2.1.6_0\
CHR - Extension: Better History = C:\Users\Hoang\AppData\Local\Google\Chrome\User Data\Default\Extensions\obciceimmggglbmelaidpjlmodcebijb\1.8.2_0\
CHR - Extension: Google Reader = C:\Users\Hoang\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjjhlfkghdhmijklfnahfkpgmhcmfgcm\4.3_0\
CHR - Extension: Gmail = C:\Users\Hoang\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
CHR - Extension: Anti-Banner = C:\Users\Hoang\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman\13.0.1.4190_0\

O1 HOSTS File: ([2012/09/22 22:32:30 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (IDM integration (IDMIEHlprObj Class)) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll (Internet Download Manager, Tonec Inc.)
O2 - BHO: (Content Blocker Plugin) - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
O2 - BHO: (Virtual Keyboard Plugin) - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Safe Money Plugin) - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
O2 - BHO: (QUICKfind BHO Object) - {C08DF07A-3E49-4E25-9AB0-D3882835F153} - E:\@@Job\english\QUICKfind\PlugIns\IEHelp.dll (IDM)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (URL Advisor Plugin) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
O4 - HKLM..\Run: [Anti-phishing Domain Advisor] C:\ProgramData\Anti-phishing Domain Advisor\visicom_antiphishing.exe (Visicom Media Inc. (Powered by Panda Security))
O4 - HKLM..\Run: [ATKMEDIA] C:\Program Files\ASUS\ATK Media\DMedia.exe (ASUS)
O4 - HKLM..\Run: [AVP] C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe (Kaspersky Lab ZAO)
O4 - HKLM..\Run: [cFosSpeed] C:\Program Files\cFosSpeed\cfosspeed.exe (cFos Software GmbH)
O4 - HKLM..\Run: [ETDWare] C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronic Corp.)
O4 - HKLM..\Run: [HControlUser] C:\Program Files\ASUS\ATK Hotkey\HControlUser.exe (ASUS)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKCU..\Run: [DU Meter] D:\DU Meter\DUMeter.exe (Hagel Technologies Ltd.)
O4 - HKCU..\Run: [FreeCT] D:\FreeCountdownTimer\FreeCountdownTimer.exe (Comfort Software Group)
O4 - HKCU..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe (Tonec Inc.)
O4 - HKCU..\Run: [Simple Sticky Notes] D:\Simple Sticky Notes\ssn.exe (Simnet Ltd)
O4 - HKCU..\Run: [UniKey] D:\unikey32\UniKeyNT.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Toolbars present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLogoff = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLogoff = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\ie_banner_deny.htm ()
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm ()
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm ()
O9 - Extra Button: Virtual Keyboard - {0C4CC089-D306-440D-9772-464E226F6539} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
O9 - Extra Button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - Reg Error: Value error. File not found
O9 - Extra Button: URLs check - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
O16 - DPF: {7FB87A62-C850-4FA8-A82F-A12468FEBC1F} http://ongame.vn/act...eDownLoader.cab (OnGameDownloader Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.7.2)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{22481E8A-EF79-4FC2-8E67-2FFBE82F2285}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7783D14F-06E7-46F3-A604-DC4E2FE0BE08}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7783D14F-06E7-46F3-A604-DC4E2FE0BE08}: NameServer = 8.8.8.8,8.8.4.4
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{795F7E3D-A0C9-4E84-9527-49A871CA2550}: DhcpNameServer = 10.25.8.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9BA9D2B2-2679-4BF0-A001-F2CD48D5604A}: DhcpNameServer = 192.168.1.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/11 04:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/09/23 12:32:05 | 000,000,000 | ---D | C] -- C:\Users\Hoang\Desktop\moi cau
[2012/09/23 09:51:08 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/09/22 23:15:56 | 000,000,000 | ---D | C] -- C:\Users\Hoang\Desktop\New folder (2)
[2012/09/22 22:32:35 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2012/09/22 22:30:53 | 000,000,000 | ---D | C] -- C:\Users\Hoang\AppData\Local\temp
[2012/09/22 17:34:36 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/09/22 17:34:36 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/09/22 17:34:36 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/09/22 17:34:18 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/09/22 17:33:07 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012/09/22 17:29:48 | 004,754,913 | R--- | C] (Swearware) -- C:\Users\Hoang\Desktop\ComboFix.exe
[2012/09/20 12:06:17 | 000,000,000 | ---D | C] -- C:\Users\Hoang\AppData\Roaming\Malwarebytes
[2012/09/20 12:06:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/09/19 22:08:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Vocaboly
[2012/09/19 18:36:40 | 000,000,000 | ---D | C] -- C:\Users\Hoang\Desktop\TAICHINH
[2012/09/19 18:35:17 | 000,000,000 | ---D | C] -- C:\Users\Hoang\Desktop\DODUNGCLASS
[2012/09/17 08:59:29 | 000,000,000 | ---D | C] -- C:\Users\Hoang\AppData\Local\Octoshape
[2012/09/17 08:59:27 | 000,000,000 | ---D | C] -- C:\Users\Hoang\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Octoshape Streaming Services
[2012/09/17 08:23:49 | 000,000,000 | ---D | C] -- C:\Users\Hoang\AppData\Roaming\SimpleTV V03
[2012/09/17 08:23:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SimpleTV
[2012/09/17 07:46:55 | 000,000,000 | ---D | C] -- C:\Program Files\Kevin Soft
[2012/09/16 11:30:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PES.VN Patch 2012
[2012/09/12 22:35:03 | 000,000,000 | ---D | C] -- C:\Users\Hoang\AppData\Roaming\Yahoo!
[2012/09/12 21:34:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Internet Security 2013
[2012/09/12 21:32:33 | 000,000,000 | ---D | C] -- C:\Windows\ELAMBKUP
[2012/09/12 21:32:16 | 000,000,000 | ---D | C] -- C:\Program Files\Kaspersky Lab
[2012/09/12 21:31:42 | 000,587,096 | ---- | C] (Kaspersky Lab) -- C:\Windows\System32\drivers\klif.sys
[2012/09/12 21:31:42 | 000,075,096 | ---- | C] (Kaspersky Lab) -- C:\Windows\System32\drivers\klflt.sys
[2012/09/12 20:23:40 | 000,000,000 | ---D | C] -- C:\Users\Hoang\AppData\Roaming\SuperAdBlocker.com
[2012/09/12 20:20:07 | 000,000,000 | ---D | C] -- C:\Program Files\blekkotb_031
[2012/09/12 20:20:06 | 000,000,000 | ---D | C] -- C:\Users\Hoang\AppData\Local\blekkotb_031
[2012/09/12 20:20:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Anti-phishing Domain Advisor
[2012/09/12 18:57:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\cFosSpeed Traffic Shaping
[2012/09/12 18:57:00 | 001,244,072 | ---- | C] (cFos Software GmbH) -- C:\Windows\System32\drivers\cfosspeed6.sys
[2012/09/12 18:57:00 | 000,000,000 | ---D | C] -- C:\Program Files\cFosSpeed
[2012/09/12 18:23:45 | 000,000,000 | ---D | C] -- C:\Users\Hoang\AppData\Local\cFos
[2012/09/12 18:22:01 | 000,000,000 | ---D | C] -- C:\ProgramData\cFos
[2012/09/12 01:42:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Winamp
[2012/09/12 01:41:06 | 000,000,000 | ---D | C] -- C:\Users\Hoang\AppData\Roaming\Winamp
[2012/09/12 01:40:05 | 000,000,000 | ---D | C] -- C:\Users\Hoang\AppData\Local\Pokki
[2012/09/12 01:25:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Picasa 3
[2012/09/12 01:25:26 | 000,000,000 | ---D | C] -- C:\Program Files\Google
[2012/09/12 01:23:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack
[2012/09/12 01:23:23 | 000,000,000 | ---D | C] -- C:\Program Files\K-Lite Codec Pack
[2012/09/11 23:03:54 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2012/09/11 23:03:29 | 000,246,760 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaws.exe
[2012/09/11 23:02:47 | 000,174,056 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2012/09/11 23:02:47 | 000,174,056 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2012/09/11 23:02:47 | 000,093,672 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll
[2012/09/11 22:41:54 | 000,000,000 | ---D | C] -- C:\Users\Hoang\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
[2012/09/11 22:41:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
[2012/09/11 22:41:49 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR
[2012/09/05 19:35:02 | 000,097,632 | ---- | C] (Tonec Inc.) -- C:\Windows\System32\drivers\idmwfp.sys
[2012/08/30 06:41:31 | 000,022,400 | ---- | C] (IObit) -- C:\Windows\System32\RegistryDefragBootTime.exe

========== Files - Modified Within 30 Days ==========

[2012/09/23 15:40:05 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3412283495-859865559-2459308584-1000UA.job
[2012/09/23 15:39:44 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/09/23 12:38:56 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/09/23 12:38:45 | 1610,035,200 | -HS- | M] () -- C:\hiberfil.sys
[2012/09/23 10:00:01 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3412283495-859865559-2459308584-1000Core.job
[2012/09/22 22:32:30 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2012/09/22 18:41:45 | 000,014,816 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/09/22 18:41:45 | 000,014,816 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/09/22 17:29:49 | 004,754,913 | R--- | M] (Swearware) -- C:\Users\Hoang\Desktop\ComboFix.exe
[2012/09/22 00:55:27 | 000,618,264 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/09/22 00:55:27 | 000,104,546 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/09/21 23:58:41 | 000,696,240 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012/09/21 23:58:41 | 000,073,136 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012/09/20 12:37:53 | 000,003,304 | ---- | M] () -- C:\bootsqm.dat
[2012/09/20 11:51:41 | 003,268,080 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/09/18 13:20:26 | 000,025,944 | ---- | M] (Kaspersky Lab) -- C:\Windows\System32\drivers\klmouflt.sys
[2012/09/18 13:20:26 | 000,025,944 | ---- | M] (Kaspersky Lab) -- C:\Windows\System32\drivers\klkbdflt.sys
[2012/09/18 13:20:25 | 000,587,096 | ---- | M] (Kaspersky Lab) -- C:\Windows\System32\drivers\klif.sys
[2012/09/17 07:46:56 | 000,001,857 | ---- | M] () -- C:\Users\Hoang\Application Data\Microsoft\Internet Explorer\Quick Launch\Kevin TVOnline.lnk
[2012/09/17 07:46:56 | 000,001,833 | ---- | M] () -- C:\Users\Hoang\Desktop\Kevin TVOnline.lnk
[2012/09/17 00:09:08 | 000,000,953 | ---- | M] () -- C:\Users\Hoang\Desktop\pes2012.exe - Shortcut.lnk
[2012/09/11 23:02:10 | 000,821,736 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\npDeployJava1.dll
[2012/09/11 23:02:10 | 000,746,984 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\deployJava1.dll
[2012/09/11 23:02:10 | 000,246,760 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaws.exe
[2012/09/11 23:02:10 | 000,174,056 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2012/09/11 23:02:10 | 000,174,056 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2012/09/11 23:02:10 | 000,093,672 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll

========== Files Created - No Company Name ==========

[2012/09/22 17:34:36 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/09/22 17:34:36 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/09/22 17:34:36 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/09/22 17:34:36 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/09/22 17:34:36 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/09/20 12:37:53 | 000,003,304 | ---- | C] () -- C:\bootsqm.dat
[2012/09/17 07:46:56 | 000,001,857 | ---- | C] () -- C:\Users\Hoang\Application Data\Microsoft\Internet Explorer\Quick Launch\Kevin TVOnline.lnk
[2012/09/17 07:46:56 | 000,001,833 | ---- | C] () -- C:\Users\Hoang\Desktop\Kevin TVOnline.lnk
[2012/09/17 00:09:08 | 000,000,953 | ---- | C] () -- C:\Users\Hoang\Desktop\pes2012.exe - Shortcut.lnk
[2012/07/24 09:45:24 | 000,001,024 | ---- | C] () -- C:\Windows\System32\clauth2.dll
[2012/07/24 09:45:24 | 000,001,024 | ---- | C] () -- C:\Windows\System32\clauth1.dll
[2012/07/24 09:41:24 | 000,001,025 | ---- | C] () -- C:\Windows\System32\sysprs7.dll
[2012/07/18 08:49:24 | 000,000,045 | RH-- | C] () -- C:\Windows\pjd_user.dat
[2012/04/01 11:01:50 | 002,213,120 | ---- | C] () -- C:\Windows\wweb32.dll
[2011/11/08 23:16:42 | 000,004,107 | ---- | C] () -- C:\ProgramData\ihfeumzb.qzk
[2011/04/27 13:52:15 | 000,098,304 | ---- | C] ( ) -- C:\Windows\XPva03.dll
[2011/04/10 00:46:23 | 000,209,040 | ---- | C] () -- C:\Windows\System32\IVIresizeW7.dll
[2011/04/10 00:46:23 | 000,192,656 | ---- | C] () -- C:\Windows\System32\IVIresizePX.dll
[2011/04/10 00:46:22 | 000,204,944 | ---- | C] () -- C:\Windows\System32\IVIresizeA6.dll
[2011/04/10 00:46:22 | 000,196,752 | ---- | C] () -- C:\Windows\System32\IVIresizeP6.dll
[2011/04/10 00:46:22 | 000,196,752 | ---- | C] () -- C:\Windows\System32\IVIresizeM6.dll
[2011/04/10 00:46:22 | 000,024,720 | ---- | C] () -- C:\Windows\System32\IVIresize.dll
[2010/10/16 14:46:41 | 000,794,906 | ---- | C] () -- C:\Windows\unins000.exe
[2010/10/16 14:46:41 | 000,004,151 | ---- | C] () -- C:\Windows\unins000.dat
[2010/10/04 11:30:26 | 000,034,308 | ---- | C] () -- C:\Windows\System32\BASSMOD.dll
[2010/02/06 12:57:10 | 000,000,162 | ---- | C] () -- C:\Users\Hoang\AppData\Roaming\default.rss
[2010/02/06 12:21:49 | 000,078,848 | ---- | C] () -- C:\Users\Hoang\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== ZeroAccess Check ==========

[2011/04/24 10:04:44 | 000,000,000 | ---D | M] -- C:\Users\Hoang\Desktop\Hoc TDG\Ky6\New folder\Danh\Stata 11\Stata11\ado\base\l
[2011/04/24 10:05:09 | 000,000,000 | ---D | M] -- C:\Users\Hoang\Desktop\Hoc TDG\Ky6\New folder\Danh\Stata 11\Stata11\ado\base\n
[2011/04/24 10:05:43 | 000,000,000 | ---D | M] -- C:\Users\Hoang\Desktop\Hoc TDG\Ky6\New folder\Danh\Stata 11\Stata11\ado\base\u
[2011/04/24 10:06:00 | 000,000,000 | ---D | M] -- C:\Users\Hoang\Desktop\Hoc TDG\Ky6\New folder\Danh\Stata 11\Stata11\ado\updates\l
[2011/04/24 10:06:01 | 000,000,000 | ---D | M] -- C:\Users\Hoang\Desktop\Hoc TDG\Ky6\New folder\Danh\Stata 11\Stata11\ado\updates\n
[2011/04/24 10:06:03 | 000,000,000 | ---D | M] -- C:\Users\Hoang\Desktop\Hoc TDG\Ky6\New folder\Danh\Stata 11\Stata11\ado\updates\u
[2010/06/14 21:06:20 | 006,092,032 | ---- | M] () -- C:\Users\Hoang\Desktop\Hoc TDG\Ky6\New folder\Danh\Stata 11\Stata11\utilities\u.pdf
[2009/07/14 11:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

========== Files - Unicode (All) ==========
[2011/11/01 14:04:26 | 000,200,704 | ---- | M] ()(C:\Users\Hoang\Documents\KE HOACH DIEU TRA DON TO CÁO C?A NGUYEN TH? C?NH.doc) -- C:\Users\Hoang\Documents\KE HOACH DIEU TRA DON TO CÁO CỦA NGUYEN THỊ CẢNH.doc
[2011/10/31 17:26:49 | 000,200,704 | ---- | C] ()(C:\Users\Hoang\Documents\KE HOACH DIEU TRA DON TO CÁO C?A NGUYEN TH? C?NH.doc) -- C:\Users\Hoang\Documents\KE HOACH DIEU TRA DON TO CÁO CỦA NGUYEN THỊ CẢNH.doc

< End of report >


Regard,
papypupo

Edited by papypupo, 25 September 2012 - 07:26 AM.


#4 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,768 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:10:45 AM

Posted 25 September 2012 - 08:01 AM

Hi,

Ok, so let's try this: Please do a restore of the backup CF made:

Please go to

C:\WINDOWS\ERDNT\Hiv-backup\erdnt.exe

Right click on it and select Run as Admin. Then click ok ,this should restore back up registry hives.

Restart the PC and see if you're able to connect now.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#5 papypupo

papypupo
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:03:45 AM

Posted 25 September 2012 - 08:46 AM

Hello myrt,
It has many errors when i run it :huh: (File attatch)
Eror SOFTWARE, SYSTEM,... :(
I click continue many times, and then I restar, the result i still can't connect . :mellow:

Regard,
papypupo.

Attached Files



#6 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,768 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:10:45 AM

Posted 25 September 2012 - 09:38 AM

Hi,

could you please right-click and select "Run as Administrator" instead?

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#7 papypupo

papypupo
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:03:45 AM

Posted 25 September 2012 - 10:14 AM

hi,
yes of course...
Could i try again?
Regard.

Edited by papypupo, 25 September 2012 - 10:14 AM.


#8 papypupo

papypupo
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:03:45 AM

Posted 25 September 2012 - 11:27 AM

Hi myrti.
oh sorry, maybe i do'nt do like you said.
It's OK. I can access to the Internet, but I have been infected by partner37.mydomainadvisor.com . a lot of pages fail to load, load oddly, or present with a partner37.mydomainadviser.com page. i'm using Chrome.
Cuold you help me?
Very thanks.
Regard,
papypupo

Edited by papypupo, 25 September 2012 - 11:31 AM.


#9 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,768 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:10:45 AM

Posted 25 September 2012 - 03:27 PM

Hi papyopu,

has the internet always worked or is now working after you ran ERDNT successfully?

Please download AdwCleaner by Xplode onto your desktop.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Search.
  • A logfile will automatically open after the scan has finished.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[R1].txt as well.
regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#10 papypupo

papypupo
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:03:45 AM

Posted 25 September 2012 - 08:03 PM

Hi myrti,
As I said, I forgot to right-click and select "Run as Administrator". :D
I try again and now i can access to the Internet after reboot.

Here is the log file

# AdwCleaner v2.003 - Logfile created 09/26/2012 at 08:03:15
# Updated 23/09/2012 by Xplode
# Operating system : Windows 7 Ultimate (32 bits)
# User : Hoang - HOANG-PC
# Boot Mode : Normal
# Running from : C:\Users\Hoang\Desktop\adwcleaner.exe
# Option [Search]


***** [Services] *****


***** [Files / Folders] *****

Folder Found : C:\Program Files\Ask.com
Folder Found : C:\Program Files\Conduit
Folder Found : C:\ProgramData\Anti-phishing Domain Advisor
Folder Found : C:\ProgramData\Trymedia
Folder Found : C:\Users\Hoang\AppData\Roaming\Mozilla\Firefox\Profiles\z6xxy90m.default\Conduit

***** [Registry] *****

Key Found : HKCU\Software\AppDataLow\Software\Conduit
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0D7562AE-8EF6-416D-A838-AB665251703A}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{64182481-4F71-486B-A045-B233BD0DA8FC}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{DB4E9724-F518-4DFD-9C7C-78B52103CAB9}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{64182481-4F71-486B-A045-B233BD0DA8FC}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DB4E9724-F518-4DFD-9C7C-78B52103CAB9}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Key Found : HKCU\Software\Softonic
Key Found : HKLM\SOFTWARE\Classes\AppID\{5B1881D1-D9C7-46DF-B041-1E593282C7D0}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Key Found : HKLM\SOFTWARE\Classes\Interface\{A9379648-F6EB-4F65-A624-1C10411A15D0}
Key Found : HKLM\SOFTWARE\Classes\Interface\{F16AB1DB-15C0-4456-A29E-4DF24FB9E3D2}
Key Found : HKLM\Software\Conduit
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Anti-phishing Domain Advisor
Key Found : HKU\S-1-5-21-3412283495-859865559-2459308584-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0D7562AE-8EF6-416D-A838-AB665251703A}
Key Found : HKU\S-1-5-21-3412283495-859865559-2459308584-1000\Software\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Value Found : HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel [Homepage]
Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [Anti-phishing Domain Advisor]

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.7600.16385

[HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://blekko.com/ws/?source={SourceID}&toolbarid=TOOLBARNAMESPACE&u=USERGUID&tbp=homepage
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Search - SearchAssistant] = hxxp://start.facemoods.com/?a=ddrnw&s={searchTerms}&f=4

-\\ Mozilla Firefox v4.0.1 (en-US)

Profile name : default
File : C:\Users\Hoang\AppData\Roaming\Mozilla\Firefox\Profiles\z6xxy90m.default\prefs.js

[OK] File is clean.

-\\ Google Chrome v21.0.1180.89

File : C:\Users\Hoang\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

-\\ Opera v [Unable to get version]

File : C:\Users\Hoang\AppData\Roaming\Opera\Opera\operaprefs.ini

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [3875 octets] - [26/09/2012 08:03:15]

########## EOF - C:\AdwCleaner[R1].txt - [3935 octets] ##########

Regard,
papypupo

Edited by papypupo, 25 September 2012 - 08:04 PM.


#11 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,768 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:10:45 AM

Posted 26 September 2012 - 08:01 AM

Hi,

  • Close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with Ok.
  • You will be prompted to restart your computer. A text file will open after the restart.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.


Could you please also upload the following files:
C:\Windows\System32\config\system.BAK
C:\WINDOWS\ERDNT\Hiv-backup\System

They may help us in understanding what went wrong.

As those are rather large files, you won't be able to attach them here. Please zip them and click the following link and submit the files through the interface: http://www.bleepingcomputer.com/submit-malware.php?channel=100&lm=1


regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#12 papypupo

papypupo
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:03:45 AM

Posted 26 September 2012 - 09:13 AM

Hi myrti,
1. I upload the following files:
C:\Windows\System32\config\system.BAK
C:\WINDOWS\ERDNT\Hiv-backup\System
to : http://www.bleepingcomputer.com/submit-malware.php?channel=100&lm=1
and it says "Your file was successfully submitted. Please let the user helping you know that you have submitted the file."
I don't know direct link these file i uploaded ? Where i can get them? Can you see them?
I wonder I can install game Pes2013 during fixing this issue :d?

AdwCleaner

# AdwCleaner v2.003 - Logfile created 09/26/2012 at 20:43:24
# Updated 23/09/2012 by Xplode
# Operating system : Windows 7 Ultimate (32 bits)
# User : Hoang - HOANG-PC
# Boot Mode : Normal
# Running from : C:\Users\Hoang\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Deleted on reboot : C:\ProgramData\Anti-phishing Domain Advisor
Folder Deleted : C:\Program Files\Ask.com
Folder Deleted : C:\Program Files\Conduit
Folder Deleted : C:\ProgramData\Trymedia
Folder Deleted : C:\Users\Hoang\AppData\Roaming\Mozilla\Firefox\Profiles\z6xxy90m.default\Conduit

***** [Registry] *****

Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0D7562AE-8EF6-416D-A838-AB665251703A}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{64182481-4F71-486B-A045-B233BD0DA8FC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{DB4E9724-F518-4DFD-9C7C-78B52103CAB9}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{64182481-4F71-486B-A045-B233BD0DA8FC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DB4E9724-F518-4DFD-9C7C-78B52103CAB9}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{5B1881D1-D9C7-46DF-B041-1E593282C7D0}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A9379648-F6EB-4F65-A624-1C10411A15D0}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F16AB1DB-15C0-4456-A29E-4DF24FB9E3D2}
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Anti-phishing Domain Advisor
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Value Deleted : HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel [Homepage]
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [Anti-phishing Domain Advisor]

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.7600.16385

Restored : [HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://blekko.com/ws/?source={SourceID}&toolbarid=TOOLBARNAMESPACE&u=USERGUID&tbp=homepage --> hxxp://www.google.com
Replaced : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Search - SearchAssistant] = hxxp://start.facemoods.com/?a=ddrnw&s={searchTerms}&f=4 --> hxxp://www.google.com

-\\ Mozilla Firefox v4.0.1 (en-US)

Profile name : default
File : C:\Users\Hoang\AppData\Roaming\Mozilla\Firefox\Profiles\z6xxy90m.default\prefs.js

C:\Users\Hoang\AppData\Roaming\Mozilla\Firefox\Profiles\z6xxy90m.default\user.js ... Deleted !

[OK] File is clean.

-\\ Google Chrome v21.0.1180.89

File : C:\Users\Hoang\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

-\\ Opera v [Unable to get version]

File : C:\Users\Hoang\AppData\Roaming\Opera\Opera\operaprefs.ini

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [4004 octets] - [26/09/2012 08:03:15]
AdwCleaner[S1].txt - [4136 octets] - [26/09/2012 20:43:24]

########## EOF - C:\AdwCleaner[S1].txt - [4196 octets] ##########


Regard,
papypupo

#13 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,768 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:10:45 AM

Posted 26 September 2012 - 09:25 AM

Hi papypupo,

how is your PC doing now? If it is still having problems I would prefer you don't install new programs unless absolutely necessary as it will complicate the cleaning.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#14 papypupo

papypupo
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:03:45 AM

Posted 26 September 2012 - 09:42 AM

Hi myrti,
I open pages by Chrome and address partner37... is not presented anymore. Now it's Ok, right?
Thank you very much.
Regard,
papypupo

#15 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,768 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:10:45 AM

Posted 26 September 2012 - 10:04 AM

Hi,

please run DDS to see what is left on the PC:
We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

Would you be willing to run ComboFix once more, so we can see if ComboFix caused the internet problem or not? If it happens again, you will be able to restore it the same way as before.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users