Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Userinit.exe Trojan


  • This topic is locked This topic is locked
19 replies to this topic

#1 phongvu99

phongvu99

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:12:29 AM

Posted 16 August 2014 - 03:58 AM

Combofix Log:ComboFix 14-08-15.01 - phuong 08/16/2014  15:17:29.2.2 - x86

Microsoft Windows XP Professional  5.1.2600.2.1252.1.1033.18.1014.467 [GMT 7:00]
Running from: c:\documents and settings\phuong\My Documents\EGDownloads\ComboFix.exe
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users.WINDOWS\Application Data\USBSecurity\svighost.dll
c:\program files\Internet Explorer\dmlconf.dat
c:\windows\Explorermgr.exe
c:\windows\system32\roboot.exe
.
.
(((((((((((((((((((((((((   Files Created from 2014-07-16 to 2014-08-16  )))))))))))))))))))))))))))))))
.
.
2014-08-15 15:11 . 2014-07-02 03:35 98736 ----a-w- c:\windows\system32\drivers\eagleGet.sys
2014-08-15 15:11 . 2014-08-15 15:11 -------- d-----w- c:\documents and settings\phuong\Application Data\EagleGet
2014-08-15 15:11 . 2014-08-15 15:11 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\EagleGet
2014-08-15 09:08 . 2014-08-15 09:08 -------- d-----w- c:\documents and settings\phuong\Application Data\ioloGovernor
2014-08-15 09:05 . 2014-08-15 09:05 -------- d-----w- c:\documents and settings\LocalService.NT AUTHORITY\Application Data\iolo
2014-08-15 08:50 . 2014-08-15 08:50 86016 ----a-w- c:\windows\system32\taskmgrmgr.exe
2014-08-15 08:50 . 2014-08-15 08:50 -------- d-----w- c:\documents and settings\NetworkService.NT AUTHORITY\Application Data\iolo
2014-08-15 08:30 . 2014-08-15 14:56 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\iolo
2014-08-15 08:30 . 2014-08-15 09:31 74703 ----a-w- c:\windows\system32\mfc45.dat
2014-08-15 08:15 . 2014-08-15 08:15 -------- d-----w- c:\documents and settings\phuong\Application Data\DownloadNinja
2014-08-15 08:08 . 2014-08-15 08:08 -------- d-----w- c:\program files\Microsoft.NET
2014-08-15 07:49 . 2013-07-06 14:07 152848 ----a-w- c:\windows\system32\COMDLG32.OCX
2014-08-15 07:37 . 2014-08-15 09:46 -------- d-----w- c:\program files\WeFi
2014-08-15 07:16 . 2014-08-15 07:16 -------- d-----w- c:\windows\system32\wbem\Repository
2014-08-12 08:58 . 2014-08-12 08:58 -------- d-----w- c:\documents and settings\LocalService.NT AUTHORITY\Local Settings\Application Data\AOL
2014-08-12 08:58 . 2014-08-13 08:21 -------- d-----w- c:\documents and settings\phuong\Application Data\AOL
2014-08-12 08:56 . 2014-07-02 09:23 58696 ----a-w- c:\windows\system32\AOLParconLink.exe
2014-08-12 08:54 . 2014-08-12 08:54 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\AOL OCP
2014-08-12 08:54 . 2014-08-13 08:24 -------- d-----w- c:\documents and settings\phuong\Local Settings\Application Data\AOL
2014-08-12 08:53 . 2014-08-13 08:22 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\AOL
2014-08-12 08:42 . 2014-08-12 08:42 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\AOL Downloads
2014-08-12 06:14 . 2014-08-12 06:17 -------- d-----w- c:\windows\$regcmp$
2014-08-12 05:11 . 2014-08-12 05:11 -------- d-----w- c:\program files\Registry Clean Expert
2014-08-10 11:07 . 2014-08-10 11:07 -------- d-----w- c:\documents and settings\phuong\Application Data\Softplicity
2014-08-03 11:23 . 2014-08-13 09:51 -------- d-----w- c:\documents and settings\phuong\Application Data\webnavi
2014-08-03 11:23 . 2014-08-04 09:05 -------- d-----w- c:\documents and settings\phuong\Application Data\NhacCuaTui
2014-08-03 09:58 . 2014-08-03 09:58 -------- d-----w- c:\documents and settings\phuong\Local Settings\Application Data\Opera Software
2014-08-03 09:58 . 2014-08-03 09:58 -------- d-----w- c:\documents and settings\phuong\Application Data\Opera Software
2014-08-03 06:28 . 2014-08-03 06:28 -------- d-----w- c:\program files\qorucngp
2014-08-03 06:02 . 2014-08-15 07:15 -------- d-----w- c:\program files\Your Uninstaller! 7
2014-08-03 06:02 . 2014-08-03 06:02 -------- d-----w- c:\documents and settings\phuong\Application Data\URSoft
2014-08-03 05:59 . 2014-08-03 05:59 -------- d-----w- c:\documents and settings\phuong\Local Settings\Application Data\Babylon
2014-08-03 05:58 . 2014-08-03 05:58 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Babylon
2014-08-03 05:58 . 2014-08-03 05:58 -------- d-----w- c:\documents and settings\phuong\Application Data\Babylon
2014-07-25 07:10 . 2014-07-25 07:10 9888840 ----a-w- c:\windows\system32\RsCRIcon.dll
2014-07-25 07:10 . 2014-07-25 07:10 214232 ----a-w- c:\windows\system32\drivers\RtsUStor.sys
2014-07-24 14:17 . 2014-07-24 14:17 -------- d-----w- c:\documents and settings\phuong\Application Data\dll-files.com
2014-07-24 14:17 . 2014-07-24 14:19 -------- d-----w- c:\program files\Dll-Files.com Fixer
2014-07-22 11:05 . 2014-07-22 11:05 -------- d-----w- c:\documents and settings\phuong\LocalLow
2014-07-22 08:42 . 2014-07-22 08:42 -------- d-----w- c:\documents and settings\phuong\AppData
2014-07-22 08:39 . 2013-11-19 09:52 31008 ----a-w- c:\windows\system32\SmartDefragBootTime.exe
2014-07-22 08:39 . 2014-03-10 11:17 109856 ----a-w- c:\windows\system32\IObitSmartDefragExtension.dll20140722153939.dll
2014-07-22 08:33 . 2014-02-17 06:41 23872 ----a-w- c:\windows\system32\RegistryDefragBootTime.exe
2014-07-22 07:55 . 2014-07-22 07:55 -------- d-----w- c:\documents and settings\phuong\Application Data\ProductData
2014-07-22 07:54 . 2014-08-09 12:43 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\ProductData
2014-07-22 07:54 . 2014-07-22 07:54 -------- d-----w- c:\documents and settings\Administrator.HOME-52318F0178\Application Data\Apple Computer
2014-07-22 07:54 . 2014-07-22 07:54 -------- d-----w- c:\documents and settings\Administrator.HOME-52318F0178\AppData
2014-07-22 07:53 . 2014-07-22 07:53 -------- d-----w- c:\documents and settings\Administrator.HOME-52318F0178\Application Data\EagleGet
2014-07-22 07:53 . 2014-07-22 07:53 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\{3C5CBD7B-3D1D-411E-96C2-513FFCA84D2D}
2014-07-22 07:53 . 2014-07-24 14:28 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\IObit
2014-07-22 07:53 . 2014-08-16 07:27 -------- d-----w- c:\program files\IObit
2014-07-22 07:52 . 2014-07-22 07:54 -------- d-----w- c:\documents and settings\Administrator.HOME-52318F0178\Application Data\IObit
2014-07-22 07:52 . 2014-07-22 07:52 -------- d-sh--w- c:\documents and settings\Administrator.HOME-52318F0178\IETldCache
2014-07-22 07:51 . 2014-07-24 14:28 -------- d-----w- c:\documents and settings\phuong\Application Data\IObit
2014-07-22 05:06 . 2014-07-22 05:06 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\GreenBay App
2014-07-22 05:05 . 2014-07-22 05:06 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\InstallMate
2014-07-22 04:28 . 2014-07-22 04:28 -------- d-----w- c:\documents and settings\phuong\Local Settings\Application Data\Avg2014
2014-07-19 11:12 . 2014-07-19 11:12 -------- d-----w- c:\documents and settings\phuong\Application Data\Zbshareware Lab
2014-07-19 11:12 . 2014-07-19 11:12 -------- d-----w- c:\documents and settings\phuong\Local Settings\Application Data\Google
2014-07-19 11:12 . 2014-07-19 11:12 -------- d-----w- c:\program files\USB Disk Security
2014-07-19 10:58 . 2014-07-19 11:00 -------- d-----w- c:\documents and settings\phuong\Application Data\Systweak
2014-07-19 08:14 . 2014-07-19 08:14 -------- d-----w- c:\documents and settings\All Users.WINDOWS\handyCafe
2014-07-19 08:13 . 2014-07-19 08:13 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Turbo Internet
2014-07-19 06:11 . 2014-07-19 06:12 -------- d-----w- c:\documents and settings\phuong\Application Data\BitTorrent
2014-07-19 04:23 . 2014-07-19 04:23 -------- d-sh--w- c:\documents and settings\phuong\PrivacIE
2014-07-19 04:23 . 2014-07-19 04:23 -------- d-sh--w- c:\documents and settings\phuong\IECompatCache
2014-07-19 04:00 . 2014-07-19 04:00 -------- d-sh--w- c:\documents and settings\LocalService.NT AUTHORITY\IETldCache
2014-07-19 04:00 . 2014-07-19 04:00 -------- d-sh--w- c:\documents and settings\phuong\IETldCache
2014-07-19 03:54 . 2014-07-19 03:56 -------- dc-h--w- c:\windows\ie8
2014-07-19 03:50 . 2008-02-26 11:59 294912 -c----w- c:\windows\system32\dllcache\msctf.dll
2014-07-18 15:00 . 2014-07-20 14:59 19178160 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe
2014-07-18 11:20 . 2014-07-19 06:08 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\PassMark
2014-07-18 10:49 . 2008-11-07 11:55 16928 ------w- c:\windows\system32\spmsgXP_2k3.dll
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-07-25 07:05 . 2013-09-29 07:11 891976 ----a-w- c:\windows\system32\RTSndMgr.CPL
2014-07-25 07:05 . 2013-09-29 07:11 84584 ----a-w- c:\windows\SOUNDMAN.EXE
2014-07-25 07:05 . 2013-09-29 07:11 359016 ----a-w- c:\windows\vncutil.exe
2014-07-25 07:05 . 2013-09-29 07:11 9721960 ----a-w- c:\windows\RTLCPL.EXE
2014-07-25 07:05 . 2013-09-29 07:11 1523416 ----a-w- c:\windows\RtlUpd.exe
2014-07-25 07:05 . 2013-09-29 07:11 5630168 ----a-w- c:\windows\system32\drivers\RtkHDAud.sys
2014-07-25 07:05 . 2013-09-29 07:11 87256 ----a-w- c:\windows\system32\RtkCoInstIIXP.dll
2014-07-25 07:05 . 2013-09-29 07:11 129640 ----a-w- c:\windows\RtkAudioService.exe
2014-07-25 07:05 . 2013-09-29 07:11 20145368 ----a-w- c:\windows\RTHDCPL.EXE
2014-07-25 07:05 . 2013-09-29 07:11 2180712 ----a-w- c:\windows\MicCal.exe
2014-07-25 07:05 . 2013-09-29 07:11 1395800 ----a-w- c:\windows\system32\drivers\Monfilt.sys
2014-07-25 07:05 . 2013-09-29 07:11 285288 ----a-w- c:\windows\system32\ALSNDMGR.CPL
2014-07-25 07:05 . 2013-09-29 07:11 1691480 ----a-w- c:\windows\system32\drivers\Ambfilt.sys
2014-07-25 07:05 . 2013-09-29 07:11 64104 ----a-w- c:\windows\ALCMTR.EXE
2014-07-25 07:05 . 2013-09-29 07:11 2815592 ----a-w- c:\windows\ALCWZRD.EXE
2014-07-22 13:37 . 2013-10-08 13:27 71344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-07-22 13:37 . 2013-10-08 13:27 699056 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-07-02 09:17 . 2014-07-02 09:17 499712 ----a-w- c:\windows\system32\msvcp71.dll
2014-07-01 09:15 . 2014-07-01 09:15 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2014-07-01 09:15 . 2014-07-01 09:15 144896 ----a-w- c:\windows\system32\javacpl.cpl
2014-07-01 09:15 . 2014-07-01 09:15 866720 ----a-w- c:\windows\system32\npDeployJava1.dll
2014-07-01 09:15 . 2014-07-01 09:15 788896 ----a-w- c:\windows\system32\deployJava1.dll
2014-07-01 08:56 . 2014-07-01 08:56 35152 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2014-06-30 14:45 . 2013-09-29 05:33 359040 ----a-w- c:\windows\system32\drivers\tcpip.sys
2014-06-30 03:41 . 2014-06-30 03:41 1060864 ----a-w- c:\windows\system32\mfc71.dll
2014-06-30 03:41 . 2014-06-30 03:41 348160 ----a-w- c:\windows\system32\msvcr71.dll
2014-06-30 03:41 . 2014-06-30 03:41 1700352 ----a-w- c:\windows\system32\gdiplus.dll
2014-06-26 09:08 . 2014-06-26 09:08 320120 ----a-w- c:\windows\system32\drivers\sptd.sys
2014-06-26 03:57 . 2014-06-26 03:57 212064 ----a-w- c:\windows\system32\drivers\89238141.sys
2014-06-09 08:40 . 2014-06-18 08:47 121440 ----a-w- c:\windows\system32\drivers\idmtdi.sys
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2014-06-30 . 7399D854596BFEFEED6B60879F28CE07 . 359040 . . [5.1.2600.2180] . . c:\windows\system32\drivers\tcpip.sys
[-] 2014-06-30 . 7399D854596BFEFEED6B60879F28CE07 . 359040 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\tcpip.sys
.
[-] 2008-06-18 . 9F960FAC5166F8626B9CDE4DD9A0EB84 . 1580544 . . [5.1.2600.2180] . . c:\windows\system32\sfcfiles.dll
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{10921475-03CE-4E04-90CE-E2E7EF20C814}]
2014-07-22 07:54 752960 ------w- c:\program files\IObit\IObit Uninstaller\UninstallExplorer32.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{10921475-03CE-4E04-90CE-E2E7EF20C814}"= "c:\program files\IObit\IObit Uninstaller\UninstallExplorer32.dll" [2014-07-22 752960]
.
[HKEY_CLASSES_ROOT\clsid\{10921475-03ce-4e04-90ce-e2e7ef20c814}]
[HKEY_CLASSES_ROOT\UninstallExplorer32.ExplorerBtn]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IDM Shell Extension]
@="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"
[HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]
2014-04-21 10:02 23008 ------w- f:\program files\Internet Download Manager\IDMShellExt.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"EagleGet"="f:\program files\EagleGet\Eagleget.exe" [2014-08-11 1785344]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-12-14 137752]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-12-14 354840]
"PersistenceThread"="c:\windows\system32\PersistenceThread.exe" [2009-12-14 96792]
"RTHDCPL"="RTHDCPL.EXE" [2014-07-25 20145368]
"UnlockerAssistant"="f:\program files\Unlocker\UnlockerAssistant.exe" [2010-07-04 106400]
.
c:\documents and settings\phuong\Favorites\Start Menu\Programs\Startup\
yujhmqpg.exe [2014-8-15 86016]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="c:\windows\system32\userinit.exe,,c:\program files\qorucngp\yujhmqpg.exe"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\igdlogin]
2009-12-02 23:31 65536 ----a-r- c:\windows\system32\igdlogin.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOL Fast Start
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IDMan]
2014-06-25 13:25 3837520 ------w- f:\program files\Internet Download Manager\IDMan.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2004-08-03 18:06 1667584 ------w- c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\USB Security]
2013-05-29 04:35 670920 ----a-w- c:\program files\USB Disk Security\USBGuard.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VirtualCloneDrive]
2013-03-10 17:08 88984 ----a-w- c:\program files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"RDReminder"=c:\program files\Dll-Files.com Fixer\DLLFixer.exe -rem
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Documents and Settings\\phuong\\Application Data\\uTorrent\\uTorrent.exe"=
.
R0 EMSC;COMPAL Embedded System Control;c:\windows\system32\drivers\EMSC.sys [9/29/2013 2:30 PM 14248]
R0 sptd;sptd;\SystemRoot\\SystemRoot\System32\Drivers\sptd.sys --> \SystemRoot\\SystemRoot\System32\Drivers\sptd.sys [?]
R1 eagleGet;eagleGet;c:\windows\system32\drivers\eagleGet.sys [8/15/2014 10:11 PM 98736]
R1 IDMTDI;IDMTDI;c:\windows\system32\drivers\idmtdi.sys [6/18/2014 3:47 PM 121440]
R2 AdvancedSystemCareService7;Advanced SystemCare Service 7;c:\program files\IObit\Advanced SystemCare 7\ASCService.exe [7/22/2014 2:53 PM 881952]
R2 egGetSvc;egGetSvc;f:\program files\EagleGet\EGMonitor.exe [8/15/2014 10:11 PM 228352]
R2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [3/1/2013 8:48 AM 36600]
R3 igd;igd;c:\windows\system32\drivers\igxpmp32.sys [9/29/2013 2:59 PM 583360]
R3 OA004Ufd;Creative Camera OA004 Upper Filter Driver;c:\windows\system32\drivers\OA004Ufd.sys [6/24/2014 10:50 PM 144672]
R3 OA004Vid;Creative Camera OA004 Function Driver;c:\windows\system32\drivers\OA004Vid.sys [6/24/2014 10:50 PM 269760]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RtsUStor.sys [7/25/2014 2:10 PM 214232]
S2 LiveUpdateSvc;LiveUpdate; [x]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [9/29/2013 2:11 PM 1691480]
S3 MBAMSwissArmy;MBAMSwissArmy; [x]
S3 OA004Afx;Provides a software interface to control audio effects of OA004 camera.;c:\windows\system32\drivers\OA004Afx.sys [6/24/2014 10:50 PM 148056]
S3 WefiEngSvc;WeFi Engine Service;c:\program files\WeFi\WefiEngSvc.exe [11/3/2010 4:21 PM 120152]
.
Contents of the 'Scheduled Tasks' folder
.
2014-08-15 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-10-08 13:37]
.
2014-08-13 c:\windows\Tasks\DLL-Files.Com Fixer_MONTHLY.job
- c:\program files\Dll-Files.com Fixer\DLLFixer.exe [2014-07-24 05:27]
.
2014-08-09 c:\windows\Tasks\DLL-Files.Com Fixer_Updates.job
- c:\program files\Dll-Files.com Fixer\DLLFixer.exe [2014-07-24 05:27]
.
2014-08-16 c:\windows\Tasks\Driver Booster Update.job
- c:\program files\IObit\Driver Booster\AutoUpdate.exe [2014-07-24 07:40]
.
2014-08-16 c:\windows\Tasks\Opera scheduled Autoupdate 1407059878.job
- f:\program files\Opera\launcher.exe [2014-08-03 14:43]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://google.com/ncr
mStart Page = hxxp://www.microsoft.com
mWindow Title = Microsoft Internet Explorer
uInternet Settings,ProxyOverride = local
IE: Download all links with EagleGet - f:\program files\EagleGet\IEGraberBHO.dll/202
IE: Download all links with IDM - f:\program files\Internet Download Manager\IEGetAll.htm
IE: Download with EagleGet - f:\program files\EagleGet\IEGraberBHO.dll/201
IE: Download with IDM - f:\program files\Internet Download Manager\IEExt.htm
IE: Turbo Internet: Bookmark this page
IE: Turbo Internet: Download this link
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{1EAEE60C-31FD-4053-BF5F-7C5E00C381E1}: NameServer = 208.67.222.222,208.67.220.220
TCP: Interfaces\{83EE534A-004E-4974-A8A4-F09D6DC31477}: NameServer = 208.67.222.222,208.67.220.220,192.168.10.1
FF - ProfilePath - c:\documents and settings\phuong\Application Data\Mozilla\Firefox\Profiles\ml943y2c.default\
FF - user.js: browser.cache.memory.capacity - 16000
FF - user.js: browser.chrome.favicons - false
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.urlbar.autofill - true
FF - user.js: content.max.tokenizing.time - 3000000
FF - user.js: content.maxtextrun - 4095
FF - user.js: content.notify.backoffcount - 5
FF - user.js: content.notify.interval - 1000000
FF - user.js: content.notify.ontimer - true
FF - user.js: content.switch.threshold - 1000000
FF - user.js: dom.disable_window_status_change - true
FF - user.js: network.http.max-connections - 48
FF - user.js: network.http.max-connections-per-server - 16
FF - user.js: network.http.max-persistent-connections-per-proxy - 16
FF - user.js: network.http.max-persistent-connections-per-server - 8
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: nglayout.initialpaint.delay - 1000
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
.
- - - - ORPHANS REMOVED - - - -
.
SafeBoot-56081081.sys
MSConfigStartUp-FileHippo - (no file)
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2014-08-16 15:31
Windows 5.1.2600 Service Pack 2 NTFS
.
scanning hidden processes ...  
.
scanning hidden autostart entries ... 
.
scanning hidden files ...  
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_14_0_0_145_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_14_0_0_145_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1444)
c:\windows\System32\BCMLogon.dll
.
Completion time: 2014-08-16  15:35:29
ComboFix-quarantined-files.txt  2014-08-16 08:35
ComboFix2.txt  2014-06-25 11:05
.
Pre-Run: 3,920,379,904 bytes free
Post-Run: 4,205,350,912 bytes free
.
- - End Of File - - 21C1F641850E5C9FBDD0E5CBD917522A
8F558EB6672622401DA993E1E865C861
What This Virus Do:
Slow The Explorer.exe startup speed,it took about 1 min after windows boot for the explorer to appear
My Documents Folder Automatic Open
I have tried using combofix but no luck.
I check regedit and at Userinit regestry key i found out that i the value has been changed to:
C:\WINDOWS\system32\userinit.exe,C:\Program Files\qorucngp\yujhmqpg.exe
I tried change back to default but no work,deleted the yujhmqpg.exe file but it came back.
Please help!

Edited by hamluis, 16 August 2014 - 07:38 AM.
Moved from Am I Infected to Malware Removal Logs - Hamluis.


BC AdBot (Login to Remove)

 


m

#2 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,502 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:11:29 AM

Posted 16 August 2014 - 10:27 AM

Hello

phongvu99

,

  • Welcome to Bleeping Computer.
  • My name is fireman4it and I will be helping you with your Malware problem.

    Please take note of some guidelines for this fix:
  • Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools.
      
  • If you do not understand any step(s) provided, please do not hesitate to ask before continuing.
      
  • Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean".
  • In the upper right hand corner of the topic you will see a button called Follow This Topic.I suggest you click it and select Immediate E-Mail notification and click on Follow This Topic. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

      
  • Finally, please reply using the Post  button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply, unless they do not fit into the post.
  •   I will be analyzing your log. I will get back to you with instructions.

 

 

 

1.

Please download AdwCleaner by Xplode and save to your Desktop.

  • Double click on AdwCleaner.exe to run the tool .
  • Click on the Scan button.
  • AdwCleaner will begin to scan your computer.
  • After the scan has finished...
  • Click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[S#].txt) will open automatically (where the largest value of # represents the most recent report).
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.

 

 

2.

Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will produce a log called FRST.txt in the same directory the tool is run from.
  • Please copy and paste log back here.
  • The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#3 phongvu99

phongvu99
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:12:29 AM

Posted 17 August 2014 - 02:53 AM

Thanks For Answer,here is the adwcleaner report that you request:

# AdwCleaner v3.306 - Report created 17/08/2014 at 14:49:11
# Updated 15/08/2014 by Xplode
# Operating System : Microsoft Windows XP Service Pack 2 (32 bits)
# Username : phuong - HOME-52318F0178
# Running from : C:\Documents and Settings\phuong\My Documents\EGDownloads\AdwCleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\Documents and Settings\All Users.WINDOWS\Application Data\Babylon
Folder Deleted : C:\Documents and Settings\All Users\Application Data\ParetoLogic
Folder Deleted : C:\Documents and Settings\All Users.WINDOWS\Uniblue
Folder Deleted : C:\Documents and Settings\phuong\Local Settings\Application Data\Babylon
Folder Deleted : C:\Documents and Settings\phuong\Application Data\Babylon
Folder Deleted : C:\Documents and Settings\phuong\Application Data\kuaiyong
Folder Deleted : C:\Documents and Settings\phuong\Application Data\Systweak
Folder Deleted : C:\Documents and Settings\phuong\Application Data\WebNavi
Folder Deleted : C:\Documents and Settings\Vu Tuan Phuong\Application Data\Babylon
Folder Deleted : C:\Documents and Settings\Vu Tuan Phuong\Application Data\kuaiyong
File Deleted : C:\Documents and Settings\Vu Tuan Phuong\Application Data\Mozilla\Firefox\Profiles\g82937k7.default\bprotector_extensions.sqlite
File Deleted : C:\Documents and Settings\Vu Tuan Phuong\Application Data\Mozilla\Firefox\Profiles\g82937k7.default\bprotector_prefs.js
File Deleted : C:\Documents and Settings\Vu Tuan Phuong\Application Data\Mozilla\Firefox\Profiles\g82937k7.default\invalidprefs.js
File Deleted : C:\Documents and Settings\Vu Tuan Phuong\Application Data\Mozilla\Firefox\Profiles\g82937k7.default\searchplugins\speedbit.xml
File Deleted : C:\Documents and Settings\phuong\Application Data\Mozilla\Firefox\Profiles\ml943y2c.default\user.js
File Deleted : C:\Documents and Settings\Vu Tuan Phuong\Application Data\Mozilla\Firefox\Profiles\g82937k7.default\user.js
 
***** [ Scheduled Tasks ] *****
 
Task Deleted : Driver Booster Update
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Deleted : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6D4506CE-F855-4657-AA38-DB6B1F733982}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3408AC0D-510E-4808-8F7B-6B70B1F88534}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{03771AEF-400D-4A13-B712-25878EC4A3F5}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{000123B4-9B42-4900-B3F7-F4B073EFC214}
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKLM\SOFTWARE\systweak
Key Deleted : HKLM\SOFTWARE\Viewpoint
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v8.0.6001.18702
 
 
-\\ Mozilla Firefox v30.0 (en-US)
 
[ File : C:\Documents and Settings\phuong\Application Data\Mozilla\Firefox\Profiles\ml943y2c.default\prefs.js ]
 
 
[ File : C:\Documents and Settings\Vu Tuan Phuong\Application Data\Mozilla\Firefox\Profiles\g82937k7.default\prefs.js ]
 
Line Deleted : user_pref("browser.search.defaulturl", "hxxp://home.speedbit.com/search.aspx?aff=115&q=");
Line Deleted : user_pref("browser.startup.homepage_override_url", "hxxp://home.speedbit.com/?aff=115");
Line Deleted : user_pref("extensions.delta.admin", false);
Line Deleted : user_pref("extensions.delta.aflt", "babsst");
Line Deleted : user_pref("extensions.delta.appId", "{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}");
Line Deleted : user_pref("extensions.delta.autoRvrt", "false");
Line Deleted : user_pref("extensions.delta.dfltLng", "en");
Line Deleted : user_pref("extensions.delta.excTlbr", false);
Line Deleted : user_pref("extensions.delta.ffxUnstlRst", true);
Line Deleted : user_pref("extensions.delta.id", "d838880d0000000000000021638cf1a2");
Line Deleted : user_pref("extensions.delta.instlDay", "15958");
Line Deleted : user_pref("extensions.delta.instlRef", "sst");
Line Deleted : user_pref("extensions.delta.newTab", false);
Line Deleted : user_pref("extensions.delta.prdct", "delta");
Line Deleted : user_pref("extensions.delta.prtnrId", "delta");
Line Deleted : user_pref("extensions.delta.rvrt", "false");
Line Deleted : user_pref("extensions.delta.smplGrp", "none");
Line Deleted : user_pref("extensions.delta.tlbrId", "base");
Line Deleted : user_pref("extensions.delta.tlbrSrchUrl", "");
Line Deleted : user_pref("extensions.delta.vrsn", "1.8.24.6");
Line Deleted : user_pref("extensions.delta.vrsnTs", "1.8.24.613:10:58");
Line Deleted : user_pref("extensions.delta.vrsni", "1.8.24.6");
Line Deleted : user_pref("extensions.delta_i.babExt", "");
Line Deleted : user_pref("extensions.delta_i.babTrack", "affID=119357&tt=080913_nch&tsp=5001");
Line Deleted : user_pref("extensions.delta_i.srcExt", "ss");
 
-\\ Google Chrome v
 
*************************
 
AdwCleaner[R2].txt - [5148 octets] - [17/08/2014 14:45:54]
AdwCleaner[S2].txt - [5091 octets] - [17/08/2014 14:49:11]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [5151 octets] ##########


#4 phongvu99

phongvu99
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:12:29 AM

Posted 17 August 2014 - 03:09 AM

FRST Report:

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:16-08-2014 03
Ran by Administrator (administrator) on HOME-52318F0178 on 17-08-2014 14:55:00
Running from C:\Documents and Settings\phuong\My Documents\EGDownloads
Platform: Microsoft Windows XP Professional Service Pack 2 (X86) OS Language: English (United States)
Internet Explorer Version 8
Boot Mode: Normal
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(IObit) C:\Program Files\IObit\Advanced SystemCare 7\ASCService.exe
() C:\WINDOWS\system32\WLTRYSVC.EXE
(Broadcom Corporation) C:\WINDOWS\system32\BCMWLTRY.EXE
() F:\Program Files\EagleGet\EGMonitor.exe
(Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe
(Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
(Adobe Systems Incorporated) C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Winlogon: [Userinit] C:\WINDOWS\system32\userinit.exe,C:\Program Files\qorucngp\yujhmqpg.exe
Winlogon\Notify\igdlogin: C:\WINDOWS\system32\igdlogin.dll ()
HKU\S-1-5-21-1229272821-507921405-1801674531-1003\...\Run: [EagleGet] => F:\Program Files\EagleGet\Eagleget.exe [1785344 2014-08-11] (EagleGet.com)
HKU\S-1-5-21-1229272821-507921405-1801674531-500\...\Run: [Advanced SystemCare 7] => C:\Program Files\IObit\Advanced SystemCare 7\ASCTray.exe [2295584 2014-04-21] (IObit)
HKU\S-1-5-21-1229272821-507921405-1801674531-500\...\RunOnce: [Report] => C:\AdwCleaner\AdwCleaner[S1].txt
ShellIconOverlayIdentifiers: IDM Shell Extension -> {CDC95B92-E27C-4745-A8C5-64A52A78855D} => F:\Program Files\Internet Download Manager\IDMShellExt.dll (Tonec Inc.)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com
URLSearchHook: ATTENTION ==> Default URLSearchHook is missing.
BHO: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> F:\Program Files\Internet Download Manager\IDMIECC.dll (Internet Download Manager, Tonec Inc.)
BHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> C:\Program Files\IObit\IObit Uninstaller\UninstallExplorer32.dll (IObit)
BHO: EGet Class -> {1E871FF8-029C-4732-8AA7-39E3D3872057} -> F:\Program Files\EagleGet\eagleSniffer.dll (EagleGet.com)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - ExplorerWnd Helper - {10921475-03CE-4E04-90CE-E2E7EF20C814} - C:\Program Files\IObit\IObit Uninstaller\UninstallExplorer32.dll (IObit)
Toolbar: HKCU - &Address - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
Toolbar: HKCU - &Links - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{1EAEE60C-31FD-4053-BF5F-7C5E00C381E1}: [NameServer]208.67.222.222,208.67.220.220
Tcpip\..\Interfaces\{83EE534A-004E-4974-A8A4-F09D6DC31477}: [NameServer]208.67.222.222,208.67.220.220,192.168.10.1
 
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin: @java.com/DTPlugin,version=10.21.2 -> C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.21.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
 
Chrome: 
=======
CHR HKLM\...\Chrome\Extension: [jeaohhlajejodfjadcponpnjgkiikocn] - F:\Program Files\Internet Download Manager\IDMGCExt.crx [2014-06-18]
CHR HKLM\...\Chrome\Extension: [lkemddiljapcmhicklfpcbpfffahfbja] - C:\Documents and Settings\phuong\Local Settings\Application Data\Google\Chrome\User Data\Default\extensions\WebNavigation.crx [2014-07-19]
 
========================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AdvancedSystemCareService7; C:\Program Files\IObit\Advanced SystemCare 7\ASCService.exe [881952 2014-01-14] (IObit)
R2 egGetSvc; F:\Program Files\EagleGet\EGMonitor.exe [228352 2014-08-11] () [File not signed]
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [164276 2004-10-22] (Macrovision Corporation) [File not signed]
R2 JavaQuickStarterService; C:\Program Files\Java\jre7\bin\jqs.exe [181664 2014-07-01] (Oracle Corporation)
S3 WefiEngSvc; C:\Program Files\WeFi\WefiEngSvc.exe [120152 2010-11-03] (WeFi)
R2 wltrysvc; C:\WINDOWS\System32\bcmwltry.exe [1609728 2008-08-22] (Broadcom Corporation) [File not signed]
S3 AOL ACS; No ImagePath
S2 LiveUpdateSvc; No ImagePath
S3 rpcapd; "%ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini" [X]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 Ambfilt; C:\WINDOWS\System32\drivers\Ambfilt.sys [1691480 2014-07-25] (Creative)
R3 BCM43XX; C:\WINDOWS\System32\DRIVERS\bcmwl5.sys [1287552 2008-08-22] (Broadcom Corporation)
S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2004-08-04] (Microsoft Corporation)
R1 eagleGet; C:\WINDOWS\System32\Drivers\eagleGet.sys [98736 2014-07-02] (eagleGet)
R1 ElbyCDIO; C:\WINDOWS\System32\Drivers\ElbyCDIO.sys [30616 2013-03-04] (Elaborate Bytes AG)
R0 EMSC; C:\WINDOWS\System32\DRIVERS\EMSC.SYS [14248 2008-11-04] (Windows ® Codename Longhorn DDK provider)
R1 IDMTDI; C:\WINDOWS\System32\DRIVERS\idmtdi.sys [121440 2014-06-09] (Tonec Inc.)
R3 igd; C:\WINDOWS\System32\DRIVERS\igxpmp32.sys [583360 2009-12-03] (Intel Corporation)
S3 Monfilt; C:\WINDOWS\System32\drivers\Monfilt.sys [1395800 2014-07-25] (Creative Technology Ltd.)
S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2004-08-04] (Microsoft Corporation)
R2 NPF; C:\WINDOWS\System32\drivers\npf.sys [36600 2013-03-01] (Riverbed Technology, Inc.)
S3 OA004Afx; C:\WINDOWS\system32\Drivers\OA004Afx.sys [148056 2007-06-08] (Creative Technology Ltd.)
R3 OA004Ufd; C:\WINDOWS\System32\DRIVERS\OA004Ufd.sys [144672 2008-06-03] (Creative Technology Ltd.)
R3 OA004Vid; C:\WINDOWS\System32\DRIVERS\OA004Vid.sys [269760 2008-07-18] (Creative Technology Ltd.)
S3 Secdrv; C:\WINDOWS\System32\DRIVERS\secdrv.sys [27440 2004-08-04] ()
R0 sptd; C:\WINDOWS\System32\Drivers\sptd.sys [320120 2014-06-26] (Duplex Secure Ltd.)
R1 Tcpip; C:\WINDOWS\System32\DRIVERS\tcpip.sys [359040 2014-06-30] (Microsoft Corporation) [File not signed]
R3 VClone; C:\WINDOWS\System32\DRIVERS\VClone.sys [30208 2013-03-11] (Elaborate Bytes AG) [File not signed]
S3 catchme; \??\C:\DOCUME~1\phuong\LOCALS~1\Temp\catchme.sys [X]
S4 IntelIde; No ImagePath
S3 MBAMSwissArmy; No ImagePath
S3 USBAAPL; System32\Drivers\usbaapl.sys [X]
S3 wanatw; system32\DRIVERS\wanatw4.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-08-17 14:54 - 2014-08-17 14:55 - 00000000 ____D () C:\FRST
2014-08-17 14:48 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\WINDOWS\system32\sqlite3.dll
2014-08-16 18:36 - 2014-05-24 04:07 - 01102945 _____ () C:\Documents and Settings\phuong\Desktop\SkaiaCraft_Launcher.jar
2014-08-16 17:56 - 2014-08-16 20:37 - 00000000 ____D () C:\WINDOWS\UXBackup
2014-08-16 17:55 - 2014-08-16 20:36 - 00000000 ____D () C:\Program Files\UX Pack
2014-08-16 17:55 - 2007-02-17 06:03 - 00039936 _____ (Microsoft Corporation) C:\WINDOWS\system32\icacls.exe
2014-08-16 17:55 - 2006-12-03 17:15 - 00069632 _____ () C:\WINDOWS\system32\moveex.exe
2014-08-16 17:55 - 2003-03-25 01:47 - 00058880 _____ (Microsoft Corporation) C:\WINDOWS\system32\takeown.exe
2014-08-16 17:49 - 2014-08-16 17:49 - 00086016 _____ (Macromedia, Inc.) C:\WINDOWS\Explorermgr.exe
2014-08-16 17:45 - 2004-08-04 08:07 - 00218624 _____ (Microsoft Corporation) C:\WINDOWS\system32\uxtheme.dll.backup
2014-08-16 17:25 - 2014-08-16 17:24 - 00010459 _____ () C:\ijjnsipjr9poarfl1jdg
2014-08-16 17:24 - 2014-08-16 17:31 - 00000000 ____D () C:\Documents and Settings\phuong\Application Data\8683
2014-08-16 17:15 - 2014-08-16 18:56 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Animated Wallpaper
2014-08-16 17:15 - 2014-08-16 18:56 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Animated Wallpaper
2014-08-16 17:15 - 2014-08-16 17:15 - 00000996 _____ () C:\Documents and Settings\All Users.WINDOWS\Desktop\Desktop Flag 3D.lnk
2014-08-16 17:15 - 2014-08-16 17:15 - 00000964 _____ () C:\Documents and Settings\All Users.WINDOWS\Desktop\Desktop Flag 3D .lnk
2014-08-16 17:15 - 2011-09-18 18:12 - 00045816 _____ () C:\WINDOWS\DESKFLAG.SCR
2014-08-16 15:35 - 2014-08-17 14:59 - 00000000 ____D () C:\Documents and Settings\phuong\Local Settings\temp
2014-08-16 15:35 - 2014-08-17 14:56 - 00000000 ____D () C:\Documents and Settings\Administrator.HOME-52318F0178\Local Settings\temp
2014-08-16 15:35 - 2014-08-16 15:35 - 00022186 _____ () C:\ComboFix.txt
2014-08-16 15:35 - 2014-08-16 15:35 - 00000000 ____D () C:\Documents and Settings\Vu Tuan Phuong\Local Settings\temp
2014-08-16 15:35 - 2014-08-16 15:35 - 00000000 ____D () C:\Documents and Settings\NetworkService.NT AUTHORITY\Local Settings\temp
2014-08-16 15:35 - 2014-08-16 15:35 - 00000000 ____D () C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\temp
2014-08-16 15:35 - 2014-08-16 15:35 - 00000000 ____D () C:\Documents and Settings\Administrator\Local Settings\temp
2014-08-15 22:11 - 2014-08-15 22:11 - 00045184 _____ () C:\Documents and Settings\phuong\My Documents\eagleget_cext@eagleget.com.crx
2014-08-15 22:11 - 2014-08-15 22:11 - 00000576 _____ () C:\Documents and Settings\All Users.WINDOWS\Desktop\EagleGet.lnk
2014-08-15 22:11 - 2014-08-15 22:11 - 00000000 ____D () C:\Documents and Settings\phuong\Application Data\EagleGet
2014-08-15 22:11 - 2014-08-15 22:11 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\EagleGet
2014-08-15 22:11 - 2014-08-15 22:11 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\EagleGet
2014-08-15 22:11 - 2014-08-15 22:11 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Application Data\EagleGet
2014-08-15 22:11 - 2014-08-15 22:11 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Application Data\EagleGet
2014-08-15 22:11 - 2014-07-02 10:35 - 00098736 _____ (eagleGet) C:\WINDOWS\system32\Drivers\eagleGet.sys
2014-08-15 16:09 - 2014-08-15 16:09 - 00000406 _____ () C:\WINDOWS\system32\ioloBootDefrag.cfg
2014-08-15 16:09 - 2014-08-15 16:09 - 00000000 ____D () C:\WINDOWS\system32\config\Original
2014-08-15 16:08 - 2014-08-15 16:08 - 00000000 ____D () C:\Documents and Settings\phuong\Application Data\ioloGovernor
2014-08-15 16:05 - 2014-08-15 16:05 - 00000000 ____D () C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\iolo
2014-08-15 16:01 - 2014-08-15 16:08 - 00000408 _____ () C:\WINDOWS\system32\iolo.ini
2014-08-15 16:01 - 2014-08-15 16:08 - 00000392 _____ () C:\WINDOWS\system32\iolo.ini.txt
2014-08-15 15:50 - 2014-08-15 15:50 - 00086016 _____ (Macromedia, Inc.) C:\WINDOWS\system32\taskmgrmgr.exe
2014-08-15 15:50 - 2014-08-15 15:50 - 00000000 ____D () C:\Documents and Settings\NetworkService.NT AUTHORITY\Application Data\iolo
2014-08-15 15:30 - 2014-08-15 21:56 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Application Data\iolo
2014-08-15 15:30 - 2014-08-15 21:56 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Application Data\iolo
2014-08-15 15:30 - 2014-08-15 17:20 - 00065536 _____ () C:\WINDOWS\system32\config\iolo App.evt
2014-08-15 15:30 - 2014-08-15 16:31 - 00074703 _____ () C:\WINDOWS\system32\mfc45.dat
2014-08-15 15:15 - 2014-08-15 15:15 - 00000000 ____D () C:\Documents and Settings\phuong\Application Data\DownloadNinja
2014-08-15 15:11 - 2014-08-15 16:51 - 00003776 _____ () C:\WINDOWS\setupapi.log
2014-08-15 15:08 - 2014-08-15 15:08 - 00000000 ____D () C:\Program Files\Microsoft.NET
2014-08-15 14:49 - 2014-08-17 14:49 - 00000274 _____ () C:\WINDOWS\wiadebug.log
2014-08-15 14:49 - 2014-08-17 14:49 - 00000049 _____ () C:\WINDOWS\wiaservc.log
2014-08-15 14:49 - 2014-08-15 14:49 - 00000000 ____N () C:\WINDOWS\Sti_Trace.log
2014-08-15 14:49 - 2013-07-06 21:07 - 00152848 _____ (Microsoft Corporation) C:\WINDOWS\system32\COMDLG32.OCX
2014-08-15 14:38 - 2014-08-15 14:39 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\WeFi
2014-08-15 14:38 - 2014-08-15 14:39 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\WeFi
2014-08-15 14:38 - 2014-08-15 14:38 - 00000457 _____ () C:\Documents and Settings\All Users.WINDOWS\Desktop\WeFi.lnk
2014-08-15 14:37 - 2014-08-15 16:46 - 00000000 ____D () C:\Program Files\WeFi
2014-08-13 20:50 - 2014-08-15 16:40 - 00016173 _____ () C:\Documents and Settings\phuong\My Documents\Paidverts autofiller script.user.js
2014-08-13 17:01 - 2014-08-13 17:01 - 02537695 _____ () C:\Documents and Settings\phuong\My Documents\crazyflasher3.swf
2014-08-13 16:54 - 2014-08-13 16:54 - 03506226 _____ () C:\Documents and Settings\phuong\My Documents\crazyflasher4.swf
2014-08-13 16:49 - 2014-08-13 16:50 - 05499736 _____ () C:\Documents and Settings\phuong\My Documents\andylaw.swf
2014-08-13 15:21 - 2014-08-13 15:21 - 00000002 _____ () C:\WINDOWS\msoffice.ini
2014-08-13 15:21 - 2014-08-13 15:21 - 00000000 ____D () C:\Documents and Settings\phuong\Desktop\AOL Saved PFC
2014-08-12 16:11 - 2014-08-14 16:05 - 00000515 _____ () C:\Documents and Settings\phuong\Desktop\TEST.txt
2014-08-12 15:58 - 2014-08-13 15:21 - 00000000 ____D () C:\Documents and Settings\phuong\Application Data\AOL
2014-08-12 15:58 - 2014-08-12 15:58 - 00000000 ____D () C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Application Data\AOL
2014-08-12 15:57 - 2014-08-13 15:21 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\AOL
2014-08-12 15:57 - 2014-08-13 15:21 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\AOL
2014-08-12 15:57 - 2014-08-12 15:57 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Application Data\Macromedia
2014-08-12 15:57 - 2014-08-12 15:57 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Application Data\Macromedia
2014-08-12 15:56 - 2014-07-02 16:23 - 00058696 _____ (AOL Inc.) C:\WINDOWS\system32\AOLParconLink.exe
2014-08-12 15:54 - 2014-08-13 15:24 - 00000000 ____D () C:\Documents and Settings\phuong\Local Settings\Application Data\AOL
2014-08-12 15:54 - 2014-08-12 15:54 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Application Data\AOL OCP
2014-08-12 15:54 - 2014-08-12 15:54 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Application Data\AOL OCP
2014-08-12 15:53 - 2014-08-13 15:22 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Application Data\AOL
2014-08-12 15:53 - 2014-08-13 15:22 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Application Data\AOL
2014-08-12 15:51 - 2014-08-12 15:58 - 00030862 _____ () C:\install.log
2014-08-12 15:42 - 2014-08-12 15:57 - 00002680 ____H () C:\IPH.PH
2014-08-12 15:42 - 2014-08-12 15:42 - 00000335 _____ () C:\WINDOWS\nsreg.dat
2014-08-12 13:14 - 2014-08-12 13:17 - 00000000 ____D () C:\WINDOWS\$regcmp$
2014-08-12 12:11 - 2014-08-12 12:11 - 00000695 _____ () C:\Documents and Settings\phuong\Desktop\Free Registry Defrag.lnk
2014-08-12 12:11 - 2014-08-12 12:11 - 00000000 ____D () C:\Program Files\Registry Clean Expert
2014-08-12 12:11 - 2014-08-12 12:11 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Registry Clean Expert
2014-08-12 12:11 - 2014-08-12 12:11 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Registry Clean Expert
2014-08-10 18:07 - 2014-08-10 18:07 - 00000000 ____D () C:\Documents and Settings\phuong\Application Data\Softplicity
2014-08-10 18:06 - 2014-08-10 18:06 - 00000649 _____ () C:\Documents and Settings\phuong\Desktop\Total Audio Converter.lnk
2014-08-10 18:06 - 2014-08-10 18:06 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Total Audio Converter
2014-08-10 18:06 - 2014-08-10 18:06 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Total Audio Converter
2014-08-10 17:51 - 2014-08-10 17:51 - 00004879 _____ () C:\Documents and Settings\phuong\My Documents\3C62C9E0594609540B5DBE2CF8FD006F3222AEF0.torrent
2014-08-09 19:49 - 2014-08-09 19:49 - 00000008 _____ () C:\Documents and Settings\phuong\My Documents\Wifi.txt
2014-08-04 16:26 - 2014-08-10 20:33 - 00000180 _____ () C:\Documents and Settings\phuong\Desktop\UTA.ini
2014-08-04 16:26 - 2006-10-06 14:36 - 00834048 ____N () C:\Documents and Settings\phuong\Desktop\UTA.exe
2014-08-03 18:23 - 2014-08-04 16:05 - 00000000 ____D () C:\Documents and Settings\phuong\Application Data\NhacCuaTui
2014-08-03 18:22 - 2014-08-03 18:22 - 00001606 _____ () C:\Documents and Settings\All Users.WINDOWS\Desktop\NhacCuaTui.lnk
2014-08-03 18:22 - 2014-08-03 18:22 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\NhacCuaTui
2014-08-03 18:22 - 2014-08-03 18:22 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\NhacCuaTui
2014-08-03 16:58 - 2014-08-17 14:51 - 00000408 _____ () C:\WINDOWS\Tasks\Opera scheduled Autoupdate 1407059878.job
2014-08-03 16:58 - 2014-08-03 16:58 - 00000557 _____ () C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Opera.lnk
2014-08-03 16:58 - 2014-08-03 16:58 - 00000557 _____ () C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Opera.lnk
2014-08-03 16:58 - 2014-08-03 16:58 - 00000557 _____ () C:\Documents and Settings\All Users.WINDOWS\Desktop\Opera.lnk
2014-08-03 16:58 - 2014-08-03 16:58 - 00000000 ____D () C:\Documents and Settings\phuong\Local Settings\Application Data\Opera Software
2014-08-03 16:58 - 2014-08-03 16:58 - 00000000 ____D () C:\Documents and Settings\phuong\Application Data\Opera Software
2014-08-03 13:28 - 2014-08-16 15:43 - 00000000 ____D () C:\Program Files\qorucngp
2014-08-03 13:03 - 2014-08-16 18:14 - 00000222 _____ () C:\Documents and Settings\phuong\Desktop\YUKEY.txt
2014-08-03 13:03 - 2014-08-03 13:03 - 00000747 _____ () C:\Documents and Settings\phuong\Desktop\Your Uninstaller!.lnk
2014-08-03 13:03 - 2014-08-03 13:03 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Your Uninstaller! 7
2014-08-03 13:03 - 2014-08-03 13:03 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Your Uninstaller! 7
2014-08-03 13:02 - 2014-08-15 14:15 - 00000000 ____D () C:\Program Files\Your Uninstaller! 7
2014-08-03 13:02 - 2014-08-03 13:02 - 00000000 ____D () C:\Documents and Settings\phuong\Application Data\URSoft
2014-07-25 14:10 - 2014-07-25 14:10 - 09888840 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RsCRIcon.dll
2014-07-25 14:10 - 2014-07-25 14:10 - 00214232 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\Drivers\RtsUStor.sys
2014-07-24 21:28 - 2014-07-24 21:28 - 00000823 _____ () C:\Documents and Settings\All Users.WINDOWS\Desktop\Driver Booster.lnk
2014-07-24 21:28 - 2014-07-24 21:28 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Driver Booster
2014-07-24 21:28 - 2014-07-24 21:28 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Driver Booster
2014-07-24 21:20 - 2014-08-16 21:20 - 00000282 _____ () C:\WINDOWS\Tasks\DLL-Files.Com Fixer_Updates.job
2014-07-24 21:20 - 2014-08-13 21:23 - 00000266 _____ () C:\WINDOWS\Tasks\DLL-Files.Com Fixer_MONTHLY.job
2014-07-24 21:17 - 2014-07-24 21:19 - 00000000 ____D () C:\Program Files\Dll-Files.com Fixer
2014-07-24 21:17 - 2014-07-24 21:17 - 00000763 _____ () C:\Documents and Settings\All Users.WINDOWS\Desktop\Dll-Files Fixer.lnk
2014-07-24 21:17 - 2014-07-24 21:17 - 00000000 ____D () C:\Documents and Settings\phuong\Application Data\dll-files.com
2014-07-24 21:17 - 2014-07-24 21:17 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Dll-Files Fixer
2014-07-24 21:17 - 2014-07-24 21:17 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Dll-Files Fixer
2014-07-22 21:11 - 2014-08-12 11:49 - 17436672 _____ () C:\WINDOWS\system32\config\software.iodefrag.bak
2014-07-22 21:11 - 2014-08-12 11:49 - 00258048 _____ () C:\WINDOWS\system32\config\default.iodefrag.bak
2014-07-22 21:11 - 2014-08-12 11:49 - 00045056 _____ () C:\WINDOWS\system32\config\SECURITY.iodefrag.bak
2014-07-22 21:11 - 2014-08-12 11:49 - 00024576 _____ () C:\WINDOWS\system32\config\SAM.iodefrag.bak
2014-07-22 20:10 - 2011-11-02 18:22 - 05793440 _____ (Adobe Systems, Inc.) C:\Documents and Settings\phuong\Desktop\FlashPlayer 10 Standalone.exe
2014-07-22 15:39 - 2014-08-17 14:49 - 00030738 _____ () C:\WINDOWS\SchedLgU.Txt
2014-07-22 15:39 - 2014-03-10 18:17 - 00109856 _____ (IObit) C:\WINDOWS\system32\IObitSmartDefragExtension.dll20140722153939.dll
2014-07-22 15:39 - 2013-11-19 16:52 - 00031008 _____ (IObit) C:\WINDOWS\system32\SmartDefragBootTime.exe
2014-07-22 15:38 - 2014-07-22 15:38 - 00000000 ____D () C:\WINDOWS\Tasks\TaskDisabled
2014-07-22 15:33 - 2014-02-17 13:41 - 00023872 _____ (IObit) C:\WINDOWS\system32\RegistryDefragBootTime.exe
2014-07-22 15:08 - 2014-08-15 16:07 - 15958016 _____ () C:\WINDOWS\system32\config\software.iobit
2014-07-22 15:08 - 2014-08-15 16:07 - 00258048 _____ () C:\WINDOWS\system32\config\default.iobit
2014-07-22 15:08 - 2014-08-15 16:07 - 00045056 _____ () C:\WINDOWS\system32\config\SECURITY.iobit
2014-07-22 15:08 - 2014-08-15 16:07 - 00024576 _____ () C:\WINDOWS\system32\config\SAM.iobit
2014-07-22 14:55 - 2014-07-22 14:55 - 00000000 ____D () C:\Documents and Settings\phuong\Application Data\ProductData
2014-07-22 14:54 - 2014-08-16 20:39 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Application Data\ProductData
2014-07-22 14:54 - 2014-08-16 20:39 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Application Data\ProductData
2014-07-22 14:54 - 2014-07-22 14:54 - 00000881 _____ () C:\Documents and Settings\All Users.WINDOWS\Desktop\IObit Uninstaller.lnk
2014-07-22 14:54 - 2014-07-22 14:54 - 00000000 ____D () C:\Documents and Settings\Administrator.HOME-52318F0178\Application Data\Apple Computer
2014-07-22 14:53 - 2014-08-16 14:27 - 00000000 ____D () C:\Program Files\IObit
2014-07-22 14:53 - 2014-08-15 13:46 - 00001846 _____ () C:\Documents and Settings\All Users.WINDOWS\Desktop\Advanced SystemCare 7.lnk
2014-07-22 14:53 - 2014-08-03 12:43 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Advanced SystemCare 7
2014-07-22 14:53 - 2014-08-03 12:43 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Advanced SystemCare 7
2014-07-22 14:53 - 2014-07-24 21:28 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Application Data\IObit
2014-07-22 14:53 - 2014-07-24 21:28 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Application Data\IObit
2014-07-22 14:53 - 2014-07-22 14:53 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Application Data\{3C5CBD7B-3D1D-411E-96C2-513FFCA84D2D}
2014-07-22 14:53 - 2014-07-22 14:53 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Application Data\{3C5CBD7B-3D1D-411E-96C2-513FFCA84D2D}
2014-07-22 14:53 - 2014-07-22 14:53 - 00000000 ____D () C:\Documents and Settings\Administrator.HOME-52318F0178\Application Data\EagleGet
2014-07-22 14:52 - 2014-07-22 14:54 - 00000000 ____D () C:\Documents and Settings\Administrator.HOME-52318F0178\Application Data\IObit
2014-07-22 14:52 - 2014-07-22 14:52 - 00000000 __SHD () C:\Documents and Settings\Administrator.HOME-52318F0178\IETldCache
2014-07-22 14:51 - 2014-07-24 21:28 - 00000000 ____D () C:\Documents and Settings\phuong\Application Data\IObit
2014-07-22 12:06 - 2014-07-22 12:06 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Application Data\GreenBay App
2014-07-22 12:06 - 2014-07-22 12:06 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Application Data\GreenBay App
2014-07-22 12:05 - 2014-07-22 12:06 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Application Data\InstallMate
2014-07-22 12:05 - 2014-07-22 12:06 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Application Data\InstallMate
2014-07-22 11:28 - 2014-07-22 11:28 - 00000000 ____D () C:\Documents and Settings\phuong\Local Settings\Application Data\Avg2014
2014-07-19 23:07 - 2014-07-19 23:07 - 00000020 _____ () C:\Documents and Settings\phuong\My Documents\Result.txt
2014-07-19 19:18 - 2014-07-19 19:18 - 00000000 ____H () C:\WINDOWS\system32\config\system.sav.LOG
2014-07-19 19:18 - 2014-07-19 19:18 - 00000000 ____H () C:\WINDOWS\system32\config\software.sav.LOG
2014-07-19 19:17 - 2014-07-19 19:17 - 00000000 ____H () C:\WINDOWS\system32\config\SECURITY.sav.LOG
2014-07-19 19:17 - 2014-07-19 19:17 - 00000000 ____H () C:\WINDOWS\system32\config\SAM.sav.LOG
2014-07-19 18:12 - 2014-07-19 18:12 - 00000745 _____ () C:\Documents and Settings\All Users.WINDOWS\Desktop\USB Disk Security.lnk
2014-07-19 18:12 - 2014-07-19 18:12 - 00000000 ____D () C:\Program Files\USB Disk Security
2014-07-19 18:12 - 2014-07-19 18:12 - 00000000 ____D () C:\Documents and Settings\phuong\Local Settings\Application Data\Google
2014-07-19 18:12 - 2014-07-19 18:12 - 00000000 ____D () C:\Documents and Settings\phuong\Application Data\Zbshareware Lab
2014-07-19 18:12 - 2014-07-19 18:12 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\USB Disk Security
2014-07-19 18:12 - 2014-07-19 18:12 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\USB Disk Security
2014-07-19 15:14 - 2014-07-19 15:14 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\handyCafe
2014-07-19 15:13 - 2014-07-19 15:13 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Turbo Internet
2014-07-19 13:11 - 2014-07-19 13:12 - 00000000 ____D () C:\Documents and Settings\phuong\Application Data\BitTorrent
2014-07-19 11:23 - 2014-07-19 11:23 - 00000000 __SHD () C:\Documents and Settings\phuong\PrivacIE
2014-07-19 11:23 - 2014-07-19 11:23 - 00000000 __SHD () C:\Documents and Settings\phuong\IECompatCache
2014-07-19 11:00 - 2014-07-19 11:00 - 00000000 __SHD () C:\Documents and Settings\phuong\IETldCache
2014-07-19 11:00 - 2014-07-19 11:00 - 00000000 __SHD () C:\Documents and Settings\LocalService.NT AUTHORITY\IETldCache
2014-07-19 10:57 - 2014-07-19 10:59 - 00065536 _____ () C:\WINDOWS\system32\config\Internet.evt
2014-07-19 10:54 - 2014-07-19 10:56 - 00000000 __HDC () C:\WINDOWS\ie8
2014-07-19 10:50 - 2014-07-19 10:50 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB932823-v3$
2014-07-19 10:50 - 2008-02-26 18:59 - 00294912 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\msctf.dll
2014-07-18 22:00 - 2014-07-20 21:59 - 19178160 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerInstaller.exe
2014-07-18 18:20 - 2014-07-19 13:08 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Application Data\PassMark
2014-07-18 18:20 - 2014-07-19 13:08 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Application Data\PassMark
2014-07-18 17:49 - 2014-07-18 17:49 - 00000000 ____H () C:\WINDOWS\system32\Drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf
2014-07-18 17:49 - 2008-11-07 18:55 - 00016928 ____N (Microsoft Corporation) C:\WINDOWS\system32\spmsgXP_2k3.dll
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-08-17 14:59 - 2014-08-16 15:35 - 00000000 ____D () C:\Documents and Settings\phuong\Local Settings\temp
2014-08-17 14:56 - 2014-08-16 15:35 - 00000000 ____D () C:\Documents and Settings\Administrator.HOME-52318F0178\Local Settings\temp
2014-08-17 14:56 - 2013-09-29 12:57 - 00444492 _____ () C:\WINDOWS\WindowsUpdate.log
2014-08-17 14:55 - 2014-08-17 14:54 - 00000000 ____D () C:\FRST
2014-08-17 14:55 - 2014-06-27 21:54 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-08-17 14:51 - 2014-08-03 16:58 - 00000408 _____ () C:\WINDOWS\Tasks\Opera scheduled Autoupdate 1407059878.job
2014-08-17 14:50 - 2013-09-29 13:06 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-08-17 14:49 - 2014-08-15 14:49 - 00000274 _____ () C:\WINDOWS\wiadebug.log
2014-08-17 14:49 - 2014-08-15 14:49 - 00000049 _____ () C:\WINDOWS\wiaservc.log
2014-08-17 14:49 - 2014-07-22 15:39 - 00030738 _____ () C:\WINDOWS\SchedLgU.Txt
2014-08-17 14:49 - 2013-09-30 17:21 - 00000000 ____D () C:\AdwCleaner
2014-08-17 14:49 - 2013-09-29 19:43 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS
2014-08-17 14:49 - 2013-09-29 13:07 - 00000178 ___SH () C:\Documents and Settings\phuong\ntuser.ini
2014-08-16 22:29 - 2013-10-03 21:15 - 00000000 ____D () C:\Documents and Settings\phuong\Application Data\uTorrent
2014-08-16 21:20 - 2014-07-24 21:20 - 00000282 _____ () C:\WINDOWS\Tasks\DLL-Files.Com Fixer_Updates.job
2014-08-16 20:39 - 2014-07-22 14:54 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Application Data\ProductData
2014-08-16 20:39 - 2014-07-22 14:54 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Application Data\ProductData
2014-08-16 20:37 - 2014-08-16 17:56 - 00000000 ____D () C:\WINDOWS\UXBackup
2014-08-16 20:37 - 2013-09-06 16:18 - 00000000 ____D () C:\WINDOWS\system32\Restore
2014-08-16 20:37 - 2013-09-06 16:18 - 00000000 ____D () C:\Program Files\Outlook Express
2014-08-16 20:36 - 2014-08-16 17:55 - 00000000 ____D () C:\Program Files\UX Pack
2014-08-16 20:35 - 2013-09-06 20:44 - 00000000 ____D () C:\WINDOWS\Media
2014-08-16 19:21 - 2013-09-06 17:45 - 00000000 ____D () C:\WINDOWS\Microsoft.NET
2014-08-16 18:56 - 2014-08-16 17:15 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Animated Wallpaper
2014-08-16 18:56 - 2014-08-16 17:15 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Animated Wallpaper
2014-08-16 18:45 - 2014-07-01 16:16 - 00000000 ____D () C:\Documents and Settings\phuong\Application Data\.minecraft
2014-08-16 18:35 - 2014-06-26 10:34 - 00000000 ____D () C:\Documents and Settings\phuong\Application Data\Media Player Classic
2014-08-16 18:14 - 2014-08-03 13:03 - 00000222 _____ () C:\Documents and Settings\phuong\Desktop\YUKEY.txt
2014-08-16 18:11 - 2013-09-29 13:41 - 00069360 _____ () C:\Documents and Settings\phuong\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2014-08-16 18:09 - 2013-09-29 19:43 - 00236760 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2014-08-16 17:55 - 2013-09-06 20:44 - 00000000 ____D () C:\WINDOWS\Cursors
2014-08-16 17:49 - 2014-08-16 17:49 - 00086016 _____ (Macromedia, Inc.) C:\WINDOWS\Explorermgr.exe
2014-08-16 17:45 - 2013-09-29 12:33 - 00218624 _____ (Microsoft Corporation) C:\WINDOWS\system32\uxtheme.dll
2014-08-16 17:36 - 2014-06-25 20:34 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP
2014-08-16 17:36 - 2014-06-25 20:34 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP
2014-08-16 17:31 - 2014-08-16 17:24 - 00000000 ____D () C:\Documents and Settings\phuong\Application Data\8683
2014-08-16 17:24 - 2014-08-16 17:25 - 00010459 _____ () C:\ijjnsipjr9poarfl1jdg
2014-08-16 17:15 - 2014-08-16 17:15 - 00000996 _____ () C:\Documents and Settings\All Users.WINDOWS\Desktop\Desktop Flag 3D.lnk
2014-08-16 17:15 - 2014-08-16 17:15 - 00000964 _____ () C:\Documents and Settings\All Users.WINDOWS\Desktop\Desktop Flag 3D .lnk
2014-08-16 15:43 - 2014-08-03 13:28 - 00000000 ____D () C:\Program Files\qorucngp
2014-08-16 15:35 - 2014-08-16 15:35 - 00022186 _____ () C:\ComboFix.txt
2014-08-16 15:35 - 2014-08-16 15:35 - 00000000 ____D () C:\Documents and Settings\Vu Tuan Phuong\Local Settings\temp
2014-08-16 15:35 - 2014-08-16 15:35 - 00000000 ____D () C:\Documents and Settings\NetworkService.NT AUTHORITY\Local Settings\temp
2014-08-16 15:35 - 2014-08-16 15:35 - 00000000 ____D () C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\temp
2014-08-16 15:35 - 2014-08-16 15:35 - 00000000 ____D () C:\Documents and Settings\Administrator\Local Settings\temp
2014-08-16 15:35 - 2013-09-30 17:54 - 00000000 ____D () C:\Qoobox
2014-08-16 15:32 - 2013-09-29 12:33 - 00000227 _____ () C:\WINDOWS\system.ini
2014-08-16 15:30 - 2013-10-11 15:36 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Application Data\USBSecurity
2014-08-16 15:30 - 2013-10-11 15:36 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Application Data\USBSecurity
2014-08-16 14:35 - 2014-06-24 22:19 - 00000000 ____D () C:\Documents and Settings\phuong\Application Data\DMCache
2014-08-16 14:27 - 2014-07-22 14:53 - 00000000 ____D () C:\Program Files\IObit
2014-08-15 22:11 - 2014-08-15 22:11 - 00045184 _____ () C:\Documents and Settings\phuong\My Documents\eagleget_cext@eagleget.com.crx
2014-08-15 22:11 - 2014-08-15 22:11 - 00000576 _____ () C:\Documents and Settings\All Users.WINDOWS\Desktop\EagleGet.lnk
2014-08-15 22:11 - 2014-08-15 22:11 - 00000000 ____D () C:\Documents and Settings\phuong\Application Data\EagleGet
2014-08-15 22:11 - 2014-08-15 22:11 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\EagleGet
2014-08-15 22:11 - 2014-08-15 22:11 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\EagleGet
2014-08-15 22:11 - 2014-08-15 22:11 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Application Data\EagleGet
2014-08-15 22:11 - 2014-08-15 22:11 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Application Data\EagleGet
2014-08-15 22:11 - 2014-07-07 14:21 - 00000000 ____D () C:\Program Files\Common Files\EagleGet
2014-08-15 21:56 - 2014-08-15 15:30 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Application Data\iolo
2014-08-15 21:56 - 2014-08-15 15:30 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Application Data\iolo
2014-08-15 17:20 - 2014-08-15 15:30 - 00065536 _____ () C:\WINDOWS\system32\config\iolo App.evt
2014-08-15 16:51 - 2014-08-15 15:11 - 00003776 _____ () C:\WINDOWS\setupapi.log
2014-08-15 16:46 - 2014-08-15 14:37 - 00000000 ____D () C:\Program Files\WeFi
2014-08-15 16:40 - 2014-08-13 20:50 - 00016173 _____ () C:\Documents and Settings\phuong\My Documents\Paidverts autofiller script.user.js
2014-08-15 16:31 - 2014-08-15 15:30 - 00074703 _____ () C:\WINDOWS\system32\mfc45.dat
2014-08-15 16:09 - 2014-08-15 16:09 - 00000406 _____ () C:\WINDOWS\system32\ioloBootDefrag.cfg
2014-08-15 16:09 - 2014-08-15 16:09 - 00000000 ____D () C:\WINDOWS\system32\config\Original
2014-08-15 16:09 - 2013-09-06 17:26 - 00000000 ____D () C:\Program Files\7-Zip
2014-08-15 16:08 - 2014-08-15 16:08 - 00000000 ____D () C:\Documents and Settings\phuong\Application Data\ioloGovernor
2014-08-15 16:08 - 2014-08-15 16:01 - 00000408 _____ () C:\WINDOWS\system32\iolo.ini
2014-08-15 16:08 - 2014-08-15 16:01 - 00000392 _____ () C:\WINDOWS\system32\iolo.ini.txt
2014-08-15 16:07 - 2014-07-22 15:08 - 15958016 _____ () C:\WINDOWS\system32\config\software.iobit
2014-08-15 16:07 - 2014-07-22 15:08 - 00258048 _____ () C:\WINDOWS\system32\config\default.iobit
2014-08-15 16:07 - 2014-07-22 15:08 - 00045056 _____ () C:\WINDOWS\system32\config\SECURITY.iobit
2014-08-15 16:07 - 2014-07-22 15:08 - 00024576 _____ () C:\WINDOWS\system32\config\SAM.iobit
2014-08-15 16:07 - 2013-09-29 13:07 - 00000000 ____D () C:\Documents and Settings\phuong
2014-08-15 16:07 - 2013-09-29 13:06 - 00000000 __SHD () C:\Documents and Settings\LocalService.NT AUTHORITY
2014-08-15 16:07 - 2013-09-29 13:05 - 00000000 __SHD () C:\Documents and Settings\NetworkService.NT AUTHORITY
2014-08-15 16:05 - 2014-08-15 16:05 - 00000000 ____D () C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\iolo
2014-08-15 15:50 - 2014-08-15 15:50 - 00086016 _____ (Macromedia, Inc.) C:\WINDOWS\system32\taskmgrmgr.exe
2014-08-15 15:50 - 2014-08-15 15:50 - 00000000 ____D () C:\Documents and Settings\NetworkService.NT AUTHORITY\Application Data\iolo
2014-08-15 15:20 - 2014-06-24 22:19 - 00000000 ____D () C:\Documents and Settings\phuong\Application Data\IDM
2014-08-15 15:15 - 2014-08-15 15:15 - 00000000 ____D () C:\Documents and Settings\phuong\Application Data\DownloadNinja
2014-08-15 15:10 - 2013-09-29 19:45 - 00511728 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-08-15 15:08 - 2014-08-15 15:08 - 00000000 ____D () C:\Program Files\Microsoft.NET
2014-08-15 14:49 - 2014-08-15 14:49 - 00000000 ____N () C:\WINDOWS\Sti_Trace.log
2014-08-15 14:39 - 2014-08-15 14:38 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\WeFi
2014-08-15 14:39 - 2014-08-15 14:38 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\WeFi
2014-08-15 14:38 - 2014-08-15 14:38 - 00000457 _____ () C:\Documents and Settings\All Users.WINDOWS\Desktop\WeFi.lnk
2014-08-15 14:18 - 2013-09-29 12:33 - 00002206 _____ () C:\WINDOWS\system32\wpa.dbl
2014-08-15 14:16 - 2014-06-25 16:56 - 00000000 ____D () C:\Documents and Settings\Administrator.HOME-52318F0178
2014-08-15 14:16 - 2013-09-06 16:16 - 00000000 ____D () C:\WINDOWS\Registration
2014-08-15 14:15 - 2014-08-03 13:02 - 00000000 ____D () C:\Program Files\Your Uninstaller! 7
2014-08-15 14:06 - 2013-09-29 13:06 - 00000178 ___SH () C:\Documents and Settings\NetworkService.NT AUTHORITY\ntuser.ini
2014-08-15 13:46 - 2014-07-22 14:53 - 00001846 _____ () C:\Documents and Settings\All Users.WINDOWS\Desktop\Advanced SystemCare 7.lnk
2014-08-14 16:05 - 2014-08-12 16:11 - 00000515 _____ () C:\Documents and Settings\phuong\Desktop\TEST.txt
2014-08-13 21:23 - 2014-07-24 21:20 - 00000266 _____ () C:\WINDOWS\Tasks\DLL-Files.Com Fixer_MONTHLY.job
2014-08-13 17:01 - 2014-08-13 17:01 - 02537695 _____ () C:\Documents and Settings\phuong\My Documents\crazyflasher3.swf
2014-08-13 16:54 - 2014-08-13 16:54 - 03506226 _____ () C:\Documents and Settings\phuong\My Documents\crazyflasher4.swf
2014-08-13 16:50 - 2014-08-13 16:49 - 05499736 _____ () C:\Documents and Settings\phuong\My Documents\andylaw.swf
2014-08-13 15:24 - 2014-08-12 15:54 - 00000000 ____D () C:\Documents and Settings\phuong\Local Settings\Application Data\AOL
2014-08-13 15:22 - 2014-08-12 15:53 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Application Data\AOL
2014-08-13 15:22 - 2014-08-12 15:53 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Application Data\AOL
2014-08-13 15:21 - 2014-08-13 15:21 - 00000002 _____ () C:\WINDOWS\msoffice.ini
2014-08-13 15:21 - 2014-08-13 15:21 - 00000000 ____D () C:\Documents and Settings\phuong\Desktop\AOL Saved PFC
2014-08-13 15:21 - 2014-08-12 15:58 - 00000000 ____D () C:\Documents and Settings\phuong\Application Data\AOL
2014-08-13 15:21 - 2014-08-12 15:57 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\AOL
2014-08-13 15:21 - 2014-08-12 15:57 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\AOL
2014-08-12 15:58 - 2014-08-12 15:58 - 00000000 ____D () C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Application Data\AOL
2014-08-12 15:58 - 2014-08-12 15:51 - 00030862 _____ () C:\install.log
2014-08-12 15:57 - 2014-08-12 15:57 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Application Data\Macromedia
2014-08-12 15:57 - 2014-08-12 15:57 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Application Data\Macromedia
2014-08-12 15:57 - 2014-08-12 15:42 - 00002680 ____H () C:\IPH.PH
2014-08-12 15:57 - 2013-09-29 13:00 - 00316640 _____ () C:\WINDOWS\WMSysPr9.prx
2014-08-12 15:54 - 2014-08-12 15:54 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Application Data\AOL OCP
2014-08-12 15:54 - 2014-08-12 15:54 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Application Data\AOL OCP
2014-08-12 15:42 - 2014-08-12 15:42 - 00000335 _____ () C:\WINDOWS\nsreg.dat
2014-08-12 15:42 - 2014-06-23 22:11 - 00000000 ____D () C:\Documents and Settings\phuong\Application Data\Mozilla
2014-08-12 13:17 - 2014-08-12 13:14 - 00000000 ____D () C:\WINDOWS\$regcmp$
2014-08-12 12:11 - 2014-08-12 12:11 - 00000695 _____ () C:\Documents and Settings\phuong\Desktop\Free Registry Defrag.lnk
2014-08-12 12:11 - 2014-08-12 12:11 - 00000000 ____D () C:\Program Files\Registry Clean Expert
2014-08-12 12:11 - 2014-08-12 12:11 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Registry Clean Expert
2014-08-12 12:11 - 2014-08-12 12:11 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Registry Clean Expert
2014-08-12 11:49 - 2014-07-22 21:11 - 17436672 _____ () C:\WINDOWS\system32\config\software.iodefrag.bak
2014-08-12 11:49 - 2014-07-22 21:11 - 00258048 _____ () C:\WINDOWS\system32\config\default.iodefrag.bak
2014-08-12 11:49 - 2014-07-22 21:11 - 00045056 _____ () C:\WINDOWS\system32\config\SECURITY.iodefrag.bak
2014-08-12 11:49 - 2014-07-22 21:11 - 00024576 _____ () C:\WINDOWS\system32\config\SAM.iodefrag.bak
2014-08-12 11:29 - 2013-09-13 20:43 - 00000000 ____D () C:\WINDOWS\Minidump
2014-08-10 20:33 - 2014-08-04 16:26 - 00000180 _____ () C:\Documents and Settings\phuong\Desktop\UTA.ini
2014-08-10 18:07 - 2014-08-10 18:07 - 00000000 ____D () C:\Documents and Settings\phuong\Application Data\Softplicity
2014-08-10 18:06 - 2014-08-10 18:06 - 00000649 _____ () C:\Documents and Settings\phuong\Desktop\Total Audio Converter.lnk
2014-08-10 18:06 - 2014-08-10 18:06 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Total Audio Converter
2014-08-10 18:06 - 2014-08-10 18:06 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Total Audio Converter
2014-08-10 17:51 - 2014-08-10 17:51 - 00004879 _____ () C:\Documents and Settings\phuong\My Documents\3C62C9E0594609540B5DBE2CF8FD006F3222AEF0.torrent
2014-08-09 19:49 - 2014-08-09 19:49 - 00000008 _____ () C:\Documents and Settings\phuong\My Documents\Wifi.txt
2014-08-04 16:05 - 2014-08-03 18:23 - 00000000 ____D () C:\Documents and Settings\phuong\Application Data\NhacCuaTui
2014-08-03 18:22 - 2014-08-03 18:22 - 00001606 _____ () C:\Documents and Settings\All Users.WINDOWS\Desktop\NhacCuaTui.lnk
2014-08-03 18:22 - 2014-08-03 18:22 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\NhacCuaTui
2014-08-03 18:22 - 2014-08-03 18:22 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\NhacCuaTui
2014-08-03 16:58 - 2014-08-03 16:58 - 00000557 _____ () C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Opera.lnk
2014-08-03 16:58 - 2014-08-03 16:58 - 00000557 _____ () C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Opera.lnk
2014-08-03 16:58 - 2014-08-03 16:58 - 00000557 _____ () C:\Documents and Settings\All Users.WINDOWS\Desktop\Opera.lnk
2014-08-03 16:58 - 2014-08-03 16:58 - 00000000 ____D () C:\Documents and Settings\phuong\Local Settings\Application Data\Opera Software
2014-08-03 16:58 - 2014-08-03 16:58 - 00000000 ____D () C:\Documents and Settings\phuong\Application Data\Opera Software
2014-08-03 13:03 - 2014-08-03 13:03 - 00000747 _____ () C:\Documents and Settings\phuong\Desktop\Your Uninstaller!.lnk
2014-08-03 13:03 - 2014-08-03 13:03 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Your Uninstaller! 7
2014-08-03 13:03 - 2014-08-03 13:03 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Your Uninstaller! 7
2014-08-03 13:02 - 2014-08-03 13:02 - 00000000 ____D () C:\Documents and Settings\phuong\Application Data\URSoft
2014-08-03 12:43 - 2014-07-22 14:53 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Advanced SystemCare 7
2014-08-03 12:43 - 2014-07-22 14:53 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Advanced SystemCare 7
2014-08-03 10:27 - 2013-09-29 13:06 - 00000178 ___SH () C:\Documents and Settings\LocalService.NT AUTHORITY\ntuser.ini
2014-07-25 14:10 - 2014-07-25 14:10 - 09888840 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RsCRIcon.dll
2014-07-25 14:10 - 2014-07-25 14:10 - 00214232 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\Drivers\RtsUStor.sys
2014-07-25 14:06 - 2013-09-06 21:16 - 00000000 ____D () C:\WINDOWS\system32\RTCOM
2014-07-25 14:05 - 2013-09-29 14:11 - 20145368 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\RTHDCPL.EXE
2014-07-25 14:05 - 2013-09-29 14:11 - 09721960 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\RTLCPL.EXE
2014-07-25 14:05 - 2013-09-29 14:11 - 05630168 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\Drivers\RtkHDAud.sys
2014-07-25 14:05 - 2013-09-29 14:11 - 02815592 _____ (RealTek Semicoductor Corp.) C:\WINDOWS\ALCWZRD.EXE
2014-07-25 14:05 - 2013-09-29 14:11 - 02180712 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\MicCal.exe
2014-07-25 14:05 - 2013-09-29 14:11 - 01691480 _____ (Creative) C:\WINDOWS\system32\Drivers\Ambfilt.sys
2014-07-25 14:05 - 2013-09-29 14:11 - 01523416 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\RtlUpd.exe
2014-07-25 14:05 - 2013-09-29 14:11 - 01395800 _____ (Creative Technology Ltd.) C:\WINDOWS\system32\Drivers\Monfilt.sys
2014-07-25 14:05 - 2013-09-29 14:11 - 00891976 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RTSndMgr.CPL
2014-07-25 14:05 - 2013-09-29 14:11 - 00359016 _____ (Realtek Semiconductor Crop.) C:\WINDOWS\vncutil.exe
2014-07-25 14:05 - 2013-09-29 14:11 - 00285288 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\ALSNDMGR.CPL
2014-07-25 14:05 - 2013-09-29 14:11 - 00129640 _____ (Realtek Semiconductor) C:\WINDOWS\RtkAudioService.exe
2014-07-25 14:05 - 2013-09-29 14:11 - 00087256 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtkCoInstIIXP.dll
2014-07-25 14:05 - 2013-09-29 14:11 - 00084584 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\SOUNDMAN.EXE
2014-07-25 14:05 - 2013-09-29 14:11 - 00064104 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\ALCMTR.EXE
2014-07-25 14:05 - 2013-09-29 14:11 - 00026084 _____ () C:\WINDOWS\system32\Drivers\RTAIODAT.DAT
2014-07-24 21:28 - 2014-07-24 21:28 - 00000823 _____ () C:\Documents and Settings\All Users.WINDOWS\Desktop\Driver Booster.lnk
2014-07-24 21:28 - 2014-07-24 21:28 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Driver Booster
2014-07-24 21:28 - 2014-07-24 21:28 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Driver Booster
2014-07-24 21:28 - 2014-07-22 14:53 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Application Data\IObit
2014-07-24 21:28 - 2014-07-22 14:53 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Application Data\IObit
2014-07-24 21:28 - 2014-07-22 14:51 - 00000000 ____D () C:\Documents and Settings\phuong\Application Data\IObit
2014-07-24 21:23 - 2013-10-01 18:58 - 00000000 ____D () C:\Documents and Settings\phuong\Application Data\Orbit
2014-07-24 21:23 - 2013-09-06 23:14 - 00000000 ____D () C:\Documents and Settings\Vu Tuan Phuong\Application Data\Orbit
2014-07-24 21:19 - 2014-07-24 21:17 - 00000000 ____D () C:\Program Files\Dll-Files.com Fixer
2014-07-24 21:17 - 2014-07-24 21:17 - 00000763 _____ () C:\Documents and Settings\All Users.WINDOWS\Desktop\Dll-Files Fixer.lnk
2014-07-24 21:17 - 2014-07-24 21:17 - 00000000 ____D () C:\Documents and Settings\phuong\Application Data\dll-files.com
2014-07-24 21:17 - 2014-07-24 21:17 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Dll-Files Fixer
2014-07-24 21:17 - 2014-07-24 21:17 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Dll-Files Fixer
2014-07-24 21:06 - 2013-09-06 23:17 - 00000000 ____D () C:\Program Files\Common Files\Apple
2014-07-24 21:01 - 2013-09-30 23:25 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Application Data\Apple
2014-07-24 21:01 - 2013-09-30 23:25 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Application Data\Apple
2014-07-24 21:00 - 2013-09-30 23:29 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Application Data\Apple Computer
2014-07-24 21:00 - 2013-09-30 23:29 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Application Data\Apple Computer
2014-07-24 21:00 - 2013-09-30 23:29 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Application Data\188F1432-103A-4ffb-80F1-36B633C5C9E1
2014-07-24 21:00 - 2013-09-30 23:29 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Application Data\188F1432-103A-4ffb-80F1-36B633C5C9E1
2014-07-24 20:58 - 2013-09-06 23:20 - 00000000 ____D () C:\Program Files\iPod
2014-07-24 20:48 - 2013-09-30 23:31 - 00000000 ____D () C:\Documents and Settings\phuong\Application Data\Apple Computer
2014-07-22 21:11 - 2013-10-01 19:05 - 00065536 _____ () C:\WINDOWS\system32\config\TuneUp.evt
2014-07-22 21:05 - 2014-06-25 16:57 - 00000178 ___SH () C:\Documents and Settings\Administrator.HOME-52318F0178\ntuser.ini
2014-07-22 20:37 - 2013-10-08 20:27 - 00699056 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2014-07-22 20:37 - 2013-10-08 20:27 - 00071344 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2014-07-22 16:21 - 2013-09-15 20:08 - 00000000 ____D () C:\Documents and Settings\Vu Tuan Phuong\Start Menu\Programs\RadioSure
2014-07-22 15:38 - 2014-07-22 15:38 - 00000000 ____D () C:\WINDOWS\Tasks\TaskDisabled
2014-07-22 14:55 - 2014-07-22 14:55 - 00000000 ____D () C:\Documents and Settings\phuong\Application Data\ProductData
2014-07-22 14:54 - 2014-07-22 14:54 - 00000881 _____ () C:\Documents and Settings\All Users.WINDOWS\Desktop\IObit Uninstaller.lnk
2014-07-22 14:54 - 2014-07-22 14:54 - 00000000 ____D () C:\Documents and Settings\Administrator.HOME-52318F0178\Application Data\Apple Computer
2014-07-22 14:54 - 2014-07-22 14:52 - 00000000 ____D () C:\Documents and Settings\Administrator.HOME-52318F0178\Application Data\IObit
2014-07-22 14:53 - 2014-07-22 14:53 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Application Data\{3C5CBD7B-3D1D-411E-96C2-513FFCA84D2D}
2014-07-22 14:53 - 2014-07-22 14:53 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Application Data\{3C5CBD7B-3D1D-411E-96C2-513FFCA84D2D}
2014-07-22 14:53 - 2014-07-22 14:53 - 00000000 ____D () C:\Documents and Settings\Administrator.HOME-52318F0178\Application Data\EagleGet
2014-07-22 14:52 - 2014-07-22 14:52 - 00000000 __SHD () C:\Documents and Settings\Administrator.HOME-52318F0178\IETldCache
2014-07-22 12:06 - 2014-07-22 12:06 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Application Data\GreenBay App
2014-07-22 12:06 - 2014-07-22 12:06 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Application Data\GreenBay App
2014-07-22 12:06 - 2014-07-22 12:05 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Application Data\InstallMate
2014-07-22 12:06 - 2014-07-22 12:05 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Application Data\InstallMate
2014-07-22 11:39 - 2013-10-01 19:04 - 00000000 ____D () C:\Documents and Settings\phuong\Application Data\TuneUp Software
2014-07-22 11:39 - 2013-10-01 19:00 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Application Data\TuneUp Software
2014-07-22 11:39 - 2013-10-01 19:00 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Application Data\TuneUp Software
2014-07-22 11:28 - 2014-07-22 11:28 - 00000000 ____D () C:\Documents and Settings\phuong\Local Settings\Application Data\Avg2014
2014-07-20 21:59 - 2014-07-18 22:00 - 19178160 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerInstaller.exe
2014-07-19 23:07 - 2014-07-19 23:07 - 00000020 _____ () C:\Documents and Settings\phuong\My Documents\Result.txt
2014-07-19 21:30 - 2013-09-30 17:55 - 00000000 ____D () C:\Documents and Settings\phuong\My Documents\AVCOLLECTION
2014-07-19 19:19 - 2014-07-02 19:16 - 00002512 _____ () C:\WINDOWS\system32\ASOROSet.bin
2014-07-19 19:19 - 2013-09-29 19:43 - 00262144 _____ () C:\WINDOWS\system32\config\SECURITY.bak
2014-07-19 19:19 - 2013-09-29 19:42 - 17301504 _____ () C:\WINDOWS\system32\config\software.bak
2014-07-19 19:19 - 2013-09-29 19:42 - 09699328 _____ () C:\WINDOWS\system32\config\system.bak
2014-07-19 19:18 - 2014-07-19 19:18 - 00000000 ____H () C:\WINDOWS\system32\config\system.sav.LOG
2014-07-19 19:18 - 2014-07-19 19:18 - 00000000 ____H () C:\WINDOWS\system32\config\software.sav.LOG
2014-07-19 19:17 - 2014-07-19 19:17 - 00000000 ____H () C:\WINDOWS\system32\config\SECURITY.sav.LOG
2014-07-19 19:17 - 2014-07-19 19:17 - 00000000 ____H () C:\WINDOWS\system32\config\SAM.sav.LOG
2014-07-19 19:16 - 2013-09-29 19:43 - 00262144 _____ () C:\WINDOWS\system32\config\SAM.bak
2014-07-19 18:57 - 2013-09-29 13:24 - 00000000 ____D () C:\Documents and Settings\phuong\Application Data\Maxthon3
2014-07-19 18:12 - 2014-07-19 18:12 - 00000745 _____ () C:\Documents and Settings\All Users.WINDOWS\Desktop\USB Disk Security.lnk
2014-07-19 18:12 - 2014-07-19 18:12 - 00000000 ____D () C:\Program Files\USB Disk Security
2014-07-19 18:12 - 2014-07-19 18:12 - 00000000 ____D () C:\Documents and Settings\phuong\Local Settings\Application Data\Google
2014-07-19 18:12 - 2014-07-19 18:12 - 00000000 ____D () C:\Documents and Settings\phuong\Application Data\Zbshareware Lab
2014-07-19 18:12 - 2014-07-19 18:12 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\USB Disk Security
2014-07-19 18:12 - 2014-07-19 18:12 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\USB Disk Security
2014-07-19 15:14 - 2014-07-19 15:14 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\handyCafe
2014-07-19 15:13 - 2014-07-19 15:13 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Turbo Internet
2014-07-19 13:16 - 2014-06-24 22:04 - 00000000 ____D () C:\Documents and Settings\phuong\Local Settings\Application Data\Deployment
2014-07-19 13:12 - 2014-07-19 13:11 - 00000000 ____D () C:\Documents and Settings\phuong\Application Data\BitTorrent
2014-07-19 13:08 - 2014-07-18 18:20 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Application Data\PassMark
2014-07-19 13:08 - 2014-07-18 18:20 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Application Data\PassMark
2014-07-19 11:23 - 2014-07-19 11:23 - 00000000 __SHD () C:\Documents and Settings\phuong\PrivacIE
2014-07-19 11:23 - 2014-07-19 11:23 - 00000000 __SHD () C:\Documents and Settings\phuong\IECompatCache
2014-07-19 11:00 - 2014-07-19 11:00 - 00000000 __SHD () C:\Documents and Settings\phuong\IETldCache
2014-07-19 11:00 - 2014-07-19 11:00 - 00000000 __SHD () C:\Documents and Settings\LocalService.NT AUTHORITY\IETldCache
2014-07-19 11:00 - 2013-09-06 20:44 - 00000000 ____D () C:\WINDOWS\Help
2014-07-19 10:59 - 2014-07-19 10:57 - 00065536 _____ () C:\WINDOWS\system32\config\Internet.evt
2014-07-19 10:56 - 2014-07-19 10:54 - 00000000 __HDC () C:\WINDOWS\ie8
2014-07-19 10:50 - 2014-07-19 10:50 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB932823-v3$
2014-07-19 10:50 - 2013-09-06 17:50 - 00000000 ___HD () C:\WINDOWS\$hf_mig$
2014-07-18 17:49 - 2014-07-18 17:49 - 00000000 ____H () C:\WINDOWS\system32\Drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf
2014-07-18 17:49 - 2013-09-25 16:56 - 00000000 __HDC () C:\WINDOWS\$NtUninstallWdf01009$
2014-07-18 17:16 - 2014-07-01 13:08 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Application Data\Blueberry
2014-07-18 17:16 - 2014-07-01 13:08 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Application Data\Blueberry
 
Some content of TEMP:
====================
C:\Documents and Settings\phuong\Local Settings\temp\6_Offer_5.exe
C:\Documents and Settings\phuong\Local Settings\temp\ins.exe
C:\Documents and Settings\phuong\Local Settings\temp\Quarantine.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
==================== End Of Log ============================


#5 phongvu99

phongvu99
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:12:29 AM

Posted 17 August 2014 - 03:10 AM

Addition.txt Report:

Additional scan result of Farbar Recovery Scan Tool (x86) Version:16-08-2014 03
Ran by Administrator at 2014-08-17 15:00:56
Running from C:\Documents and Settings\phuong\My Documents\EGDownloads
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Adobe Flash Player 14 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Flash Player 14 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Advanced SystemCare 7 (HKLM\...\Advanced SystemCare 7_is1) (Version: 7.3.0 - IObit)
Animated Wallpaper - Desktop Flag 3D (HKLM\...\Desktop Flag 3D_is1) (Version: 1.46 - PUSH Entertainment)
AOL Uninstaller (Choose which Products to Remove) (HKLM\...\AOL Uninstaller) (Version:  - AOL Inc.)
BitLord 2.3 (HKLM\...\BitLord) (Version: 2.3.2-255 - House of Life)
Broadcom Wireless Utility (HKLM\...\Broadcom 802.11b Network Adapter) (Version: 4.170.77.3 - Broadcom Corporation)
Dll-Files Fixer (HKLM\...\Dll-Files Fixer_is1) (Version: 3.1.81 - Dll-Files.com)
Driver Booster (HKLM\...\Driver Booster_is1) (Version: 1.4 - IObit)
EagleGet version 2.0.1.1 (HKLM\...\{F6D8142A-B30B-454B-9EE0-08A7B997DFE4}_is1) (Version: 2.0.1.1 - EagleGet)
EMSC (Version: 0.0.0.19C - Compal Electronics, Inc.) Hidden
FileASSASSIN (HKLM\...\FileASSASSIN) (Version: 1.06 - Malwarebytes)
Free Registry Defrag (HKLM\...\Free Registry Defrag_is1) (Version:  - iExpert Software)
High Definition Audio Driver Package - KB888111 (HKLM\...\KB888111WXPSP2) (Version: 20040219.000000 - Microsoft Corporation)
Integrated Webcam Driver (1.00.03.0720)   (HKLM\...\Creative OA004) (Version:  - )
Intel® Graphics Media Accelerator 500 (HKLM\...\LPCO) (Version:  - )
Internet Download Manager (HKLM\...\Internet Download Manager) (Version:  - Tonec Inc.)
IObit Uninstaller (HKLM\...\IObitUninstall) (Version: 3.2.10.2466 - IObit)
Java 7 Update 21 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217021FF}) (Version: 7.0.210 - Oracle)
Java Auto Updater (Version: 2.1.9.5 - Sun Microsystems, Inc.) Hidden
K-Lite Mega Codec Pack 10.0.0 (HKLM\...\KLiteCodecPack_is1) (Version: 10.0.0 - )
Maxthon Cloud Browser (HKLM\...\Maxthon3) (Version: 4.4.1.2000 - Maxthon International Limited)
Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7 (Version:  - Microsoft Corporation) Hidden
Microsoft Kernel-Mode Driver Framework Feature Pack 1.9 (Version:  - Microsoft Corporation) Hidden
Microsoft VC9 runtime libraries (Version: 1.0.0 - AOL Inc.) Hidden
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Mozilla Firefox 30.0 (x86 en-US) (HKLM\...\Mozilla Firefox 30.0 (x86 en-US)) (Version: 30.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 30.0 - Mozilla)
NhacCuaTui (HKLM\...\{6C777D26-005B-41CE-9020-E84B85D5126E}) (Version: 1.1.0.0 - NCT Corporation)
Opera Stable 23.0.1522.75 (HKLM\...\Opera 23.0.1522.75) (Version: 23.0.1522.75 - Opera Software ASA)
REALTEK GbE & FE Ethernet PCI-E NIC Driver (HKLM\...\{C9BED750-1211-4480-B1A5-718A3BE15525}) (Version: 1.35.0000 - Realtek)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 5.10.0.7111 - Realtek Semiconductor Corp.)
System Requirements Lab Detection (HKLM\...\{A407FC22-36BF-4C82-A516-59D94BC505A9}) (Version: 1.0.5.0 - Husdawg, LLC)
TeraCopy 2.3 beta 2 (HKLM\...\TeraCopy_is1) (Version:  - Code Sector)
TotalAudioConverter (HKLM\...\Total Audio Converter_is1) (Version: 5.1 - Softplicity, Inc.)
Unlocker 1.9.2 (HKLM\...\Unlocker) (Version: 1.9.2 - Cedrick Collomb)
Update for Windows XP (KB932823-v3) (HKLM\...\KB932823-v3) (Version: 3 - Microsoft Corporation)
USB Disk Security (HKLM\...\USB Disk Security_is1) (Version:  - Zbshareware Lab)
VirtualCloneDrive (HKLM\...\VirtualCloneDrive) (Version:  - Elaborate Bytes)
WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden
WeFi 4.0.1.0 (HKLM\...\WeFi) (Version: 4.0.1.0 - WeFi Inc.)
Windows Imaging Component (HKLM\...\WIC) (Version: 3.0.0.0 - Microsoft Corporation)
Windows Installer 3.1 (KB893803) (HKLM\...\KB893803v2) (Version: 3.1 - Microsoft Corporation)
Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation)
WinPcap 4.1.3 (HKLM\...\WinPcapInst) (Version: 4.1.0.2980 - Riverbed Technology, Inc.)
Your Uninstaller! 7 (HKLM\...\YU2010_is1) (Version: 7.5.2013.2 - URSoft, Inc.)
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
CustomCLSID: HKU\S-1-5-21-1229272821-507921405-1801674531-1003_Classes\CLSID\{99D4B3B8-8C89-4C95-86D6-1D4C9CB4FC21}\localserver32 -> F:\Program Files\NhacCuaTui\1.1.0.0\NhacCuaTuiUpdater.exe (NCT Corporation)
CustomCLSID: HKU\S-1-5-21-1229272821-507921405-1801674531-1003_Classes\CLSID\{9E48AA01-91CF-45AD-A905-84E5BC497277}\localserver32 -> F:\Program Files\NhacCuaTui\1.1.0.0\NhacCuaTuiUpdater.exe (NCT Corporation)
CustomCLSID: HKU\S-1-5-21-1229272821-507921405-1801674531-1003_Classes\CLSID\{f187eee3-04f9-50db-80d7-ee84e932d7d3}\InprocServer32 -> F:\Program Files\EagleGet\npEagleget.dll (www.eagleget.com)
 
==================== Restore Points  =========================
 
12-08-2014 08:57:32 Installed Windows Media Format 9 Series Runtime Setup
13-08-2014 08:15:10 Before uninstalling bacdau
13-08-2014 08:16:57 Before uninstalling FileHippo.com Update Checker
13-08-2014 08:18:56 Before uninstalling AOL Uninstaller (Choose which Products to Remove)
15-08-2014 07:12:49 Restore Operation
15-08-2014 07:13:20 Restore Operation
16-08-2014 10:26:50 Before uninstalling Bulk Rename Utility 2.7.1.2
16-08-2014 10:31:26 Before uninstalling Software Version Updater
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2013-09-29 12:30 - 2014-08-16 15:31 - 00000027 ____A C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1       localhost
 
==================== Scheduled Tasks (whitelisted) =============
 
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\DLL-Files.Com Fixer_MONTHLY.job => C:\Program Files\Dll-Files.com Fixer\DLLFixer.exe
Task: C:\WINDOWS\Tasks\DLL-Files.Com Fixer_Updates.job => C:\Program Files\Dll-Files.com Fixer\DLLFixer.exe
Task: C:\WINDOWS\Tasks\Opera scheduled Autoupdate 1407059878.job => F:\Program Files\Opera\launcher.exe
 
==================== Loaded Modules (whitelisted) =============
 
2014-07-22 14:53 - 2013-10-25 12:08 - 00517408 ____N () C:\Program Files\IObit\Advanced SystemCare 7\sqlite3.dll
2013-09-29 13:18 - 2008-08-22 20:04 - 00024064 _____ () C:\WINDOWS\System32\WLTRYSVC.EXE
2013-09-29 13:18 - 2008-08-22 20:04 - 00753664 _____ () C:\WINDOWS\System32\bcm1xsup.dll
2014-08-15 22:11 - 2014-08-11 15:37 - 00228352 ____N () F:\Program Files\EagleGet\EGMonitor.exe
2014-08-15 22:11 - 2014-08-11 15:37 - 00906752 ____N () F:\Program Files\EagleGet\util.dll
2014-08-15 22:11 - 2014-07-17 15:13 - 00397312 ____N () F:\Program Files\EagleGet\sqlite3.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
AlternateDataStreams: C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:1CE11B51
AlternateDataStreams: C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:BC359956
AlternateDataStreams: C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:1CE11B51
AlternateDataStreams: C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:BC359956
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\UnsignedThemes => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\uxpatch => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\UnsignedThemes => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\uxpatch => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"
 
==================== EXE Association (whitelisted) =============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\startupreg: IDMan => f:\program files\internet download manager\idman.exe /onboot
MSCONFIG\startupreg: MSMSGS => "c:\program files\messenger\msmsgs.exe" /background
MSCONFIG\startupreg: USB Security => c:\program files\usb disk security\usbguard.exe
MSCONFIG\startupreg: VirtualCloneDrive => "c:\program files\elaborate bytes\virtualclonedrive\vcddaemon.exe" /s
 
==================== Faulty Device Manager Devices =============
 
Name: Samsung USB Keyboard
Description: Samsung USB Keyboard
Class Guid: {4D36E96B-E325-11CE-BFC1-08002BE10318}
Manufacturer: Samsung
Service: kbdhid
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
 
Name: PS/2 Compatible Mouse
Description: PS/2 Compatible Mouse
Class Guid: {4D36E96F-E325-11CE-BFC1-08002BE10318}
Manufacturer: Microsoft
Service: i8042prt
Problem: : A driver (service) for this device has been disabled. An alternate driver may be providing this functionality (Code 32)
Resolution: The start type for this driver is set to disabled in the registry.
Uninstall the driver from Device Manager, and then scan for new hardware to install the driver again. If this does not work, you might have to change the device start type parameter in the registry.
 
Name: WAN Miniport (ATW)
Description: WAN Miniport (ATW)
Class Guid: {4D36E972-E325-11CE-BFC1-08002BE10318}
Manufacturer: America Online, Inc.
Service: wanatw
Problem: : Windows cannot load the device driver for this hardware. The driver may be corrupted or missing. (Code 39)
Resolution: Reasons for this error include a driver that is not present; a binary file that is corrupt; a file I/O problem, or a driver that references an entry point in another binary file that could not be loaded.
Uninstall the driver, and then click "Scan for hardware changes" to reinstall or upgrade the driver.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (08/17/2014 02:53:14 PM) (Source: SecurityCenter) (EventID: 1802) (User: )
Description: The Windows Security Center Service was unable to establish event queries with WMI to monitor third party AntiVirus and Firewall.
 
Error: (08/16/2014 05:55:16 PM) (Source: MsiInstaller) (EventID: 10005) (User: HOME-52318F0178)
Description: Product: UxStyle Core Beta -- Your theme subsystem (e.g. uxtheme.dll, themeui.dll) has been tampered with. UxStyle requires these files be restored before you can continue. Check the forums if you need help.
 
Error: (08/16/2014 05:53:13 PM) (Source: MsiInstaller) (EventID: 10005) (User: HOME-52318F0178)
Description: Product: UxStyle Core Beta -- Your theme subsystem (e.g. uxtheme.dll, themeui.dll) has been tampered with. UxStyle requires these files be restored before you can continue. Check the forums if you need help.
 
 
System errors:
=============
Error: (08/17/2014 02:53:14 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server {8BC3F05E-D86B-11D0-A075-00C04FB68820} did not register with DCOM within the required timeout.
 
Error: (08/17/2014 02:52:06 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Timeout (30000 milliseconds) waiting for a transaction response from the egGetSvc service.
 
Error: (08/17/2014 02:52:06 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The LiveUpdate service failed to start due to the following error: 
%%3
 
Error: (08/17/2014 02:51:15 PM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: DCOM got error "%%1058" attempting to start the service SENS with arguments ""
in order to run the server:
{D3938AB0-5B9D-11D1-8DD2-00AA004ABD5E}
 
Error: (08/17/2014 02:51:15 PM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: DCOM got error "%%1058" attempting to start the service SENS with arguments ""
in order to run the server:
{D3938AB0-5B9D-11D1-8DD2-00AA004ABD5E}
 
Error: (08/17/2014 02:51:15 PM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: DCOM got error "%%1058" attempting to start the service SENS with arguments ""
in order to run the server:
{D3938AB0-5B9D-11D1-8DD2-00AA004ABD5E}
 
Error: (08/17/2014 02:51:15 PM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: DCOM got error "%%1058" attempting to start the service SENS with arguments ""
in order to run the server:
{D3938AB0-5B9D-11D1-8DD2-00AA004ABD5E}
 
Error: (08/17/2014 02:51:15 PM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: DCOM got error "%%1058" attempting to start the service SENS with arguments ""
in order to run the server:
{D3938AB0-5B9D-11D1-8DD2-00AA004ABD5E}
 
Error: (08/17/2014 02:51:14 PM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: DCOM got error "%%1058" attempting to start the service SENS with arguments ""
in order to run the server:
{D3938AB0-5B9D-11D1-8DD2-00AA004ABD5E}
 
Error: (08/17/2014 02:51:14 PM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: DCOM got error "%%1058" attempting to start the service SENS with arguments ""
in order to run the server:
{D3938AB0-5B9D-11D1-8DD2-00AA004ABD5E}
 
 
Microsoft Office Sessions:
=========================
Error: (08/17/2014 02:53:14 PM) (Source: SecurityCenter) (EventID: 1802) (User: )
Description: 
 
Error: (08/16/2014 05:55:16 PM) (Source: MsiInstaller) (EventID: 10005) (User: HOME-52318F0178)
Description: Product: UxStyle Core Beta -- Your theme subsystem (e.g. uxtheme.dll, themeui.dll) has been tampered with. UxStyle requires these files be restored before you can continue. Check the forums if you need help.(NULL)(NULL)(NULL)
 
Error: (08/16/2014 05:53:13 PM) (Source: MsiInstaller) (EventID: 10005) (User: HOME-52318F0178)
Description: Product: UxStyle Core Beta -- Your theme subsystem (e.g. uxtheme.dll, themeui.dll) has been tampered with. UxStyle requires these files be restored before you can continue. Check the forums if you need help.(NULL)(NULL)(NULL)
 
 
==================== Memory info =========================== 
 
Processor:  Intel® Atom™ CPU Z520 @ 1.33GHz
Percentage of memory in use: 79%
Total physical RAM: 1014.2 MB
Available physical RAM: 203.82 MB
Total Pagefile: 2440.23 MB
Available Pagefile: 1563.13 MB
Total Virtual: 2047.88 MB
Available Virtual: 1956.95 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:19.53 GB) (Free:3.43 GB) NTFS ==>[Drive with boot components (Windows XP)]
Drive f: () (Fixed) (Total:36.37 GB) (Free:18.39 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 55.9 GB) (Disk ID: FC7EFC7E)
Partition 1: (Active) - (Size=19.5 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=36.4 GB) - (Type=OF Extended)
 
==================== End Of Log ============================


#6 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,502 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:11:29 AM

Posted 17 August 2014 - 04:40 PM

Download attached fixlist.txt file and save it to the Desktop.

NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST/FRST64 and press the Fix button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

 

 

Attached File  fixlist.txt   1.73KB   4 downloads

 

How is the machine running now?

 

 


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#7 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,502 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:11:29 AM

Posted 20 August 2014 - 04:30 PM

Hello.

Are you still there?

If you are please follow the instructions in my previous post.

If you still need help, follow the instructions I have given in my response. If you have since had your problem solved, we would appreciate you letting us know so we can close the topic.

Please reply back telling us so. If you don't reply within 3-5 days the topic will need to be closed.

Thanks for understanding :)

With Regards,
fireman4it


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#8 phongvu99

phongvu99
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:12:29 AM

Posted 23 August 2014 - 09:11 AM

Yes,im still here.



#9 phongvu99

phongvu99
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:12:29 AM

Posted 23 August 2014 - 09:16 AM

Here is the fixlog.txt report:

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version:23-08-2014
Ran by phuong at 2014-08-23 21:11:20 Run:1
Running from C:\Documents and Settings\phuong\My Documents\EGDownloads
Boot Mode: Normal
 
==============================================
 
Content of fixlist:
*****************
HKLM\...\Winlogon: [Userinit] C:\WINDOWS\system32\userinit.exe,C:\Program Files\qorucngp\yujhmqpg.exe
HKU\S-1-5-21-1229272821-507921405-1801674531-500\...\Run: [Advanced SystemCare 7] => C:\Program Files\IObit\Advanced SystemCare 7\ASCTray.exe [2295584 2014-04-21] (IObit)
ShellIconOverlayIdentifiers: IDM Shell Extension -> {CDC95B92-E27C-4745-A8C5-64A52A78855D} => F:\Program Files\Internet Download Manager\IDMShellExt.dll (Tonec Inc.)
URLSearchHook: ATTENTION ==> Default URLSearchHook is missing.
BHO: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> F:\Program Files\Internet Download Manager\IDMIECC.dll (Internet Download Manager, Tonec Inc.)
S3 AOL ACS; No ImagePath
S2 LiveUpdateSvc; No ImagePath
S3 rpcapd; "%ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini" [X]
S3 catchme; \??\C:\DOCUME~1\phuong\LOCALS~1\Temp\catchme.sys [X]
S4 IntelIde; No ImagePath
S3 MBAMSwissArmy; No ImagePath
S3 USBAAPL; System32\Drivers\usbaapl.sys [X]
S3 wanatw; system32\DRIVERS\wanatw4.sys [X]
2014-08-16 17:25 - 2014-08-16 17:24 - 00010459 _____ () C:\ijjnsipjr9poarfl1jdg
C:\Documents and Settings\phuong\Local Settings\temp\6_Offer_5.exe
C:\Documents and Settings\phuong\Local Settings\temp\ins.exe
C:\Documents and Settings\phuong\Local Settings\temp\Quarantine.exe
C:\Program Files\qorucngp\yujhmqpg.exe
AlternateDataStreams: C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:1CE11B51
AlternateDataStreams: C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:BC359956
AlternateDataStreams: C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:1CE11B51
AlternateDataStreams: C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:BC359956
*****************
 
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Userinit => Value was restored successfully.
HKU\S-1-5-21-1229272821-507921405-1801674531-500\Software\Microsoft\Windows\CurrentVersion\Run\\Advanced SystemCare 7 => Value not found.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\IDM Shell Extension" => Key deleted successfully.
"HKCR\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}" => Key deleted successfully.
Default URLSearchHook was restored successfully .
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0055C089-8582-441B-A0BF-17B458C2A3A8}" => Key deleted successfully.
"HKCR\CLSID\{0055C089-8582-441B-A0BF-17B458C2A3A8}" => Key deleted successfully.
AOL ACS => Service deleted successfully.
LiveUpdateSvc => Service deleted successfully.
rpcapd => Service deleted successfully.
catchme => Service deleted successfully.
IntelIde => Service deleted successfully.
MBAMSwissArmy => Service deleted successfully.
USBAAPL => Service deleted successfully.
wanatw => Service deleted successfully.
C:\ijjnsipjr9poarfl1jdg => Moved successfully.
"C:\Documents and Settings\phuong\Local Settings\temp\6_Offer_5.exe" => File/Directory not found.
"C:\Documents and Settings\phuong\Local Settings\temp\ins.exe" => File/Directory not found.
"C:\Documents and Settings\phuong\Local Settings\temp\Quarantine.exe" => File/Directory not found.
Could not move "C:\Program Files\qorucngp\yujhmqpg.exe" => Scheduled to move on reboot.
C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP => ":1CE11B51" ADS removed successfully.
C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP => ":BC359956" ADS removed successfully.
"C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP" => ":1CE11B51" ADS not found.
"C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP" => ":BC359956" ADS not found.
 
=> Result of Scheduled Files to move (Boot Mode: Normal) (Date&Time: 2014-08-23 21:13:14)<=
 
C:\Program Files\qorucngp\yujhmqpg.exe => Is moved successfully.
 
==== End of Fixlog ====


#10 phongvu99

phongvu99
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:12:29 AM

Posted 23 August 2014 - 09:26 AM

ffae2W9.jpg

olgKMWl.jpg

Look Like Everything Else Is Fixed,BUT THE VIRUS HASN'T DISSAPEAR!



#11 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,502 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:11:29 AM

Posted 23 August 2014 - 04:33 PM

 

Look Like Everything Else Is Fixed,BUT THE VIRUS HASN'T DISSAPEAR!

What do you mean hasn't dippapear?

 

  • Right click FRST to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will produce a log called FRST.txt in the same directory the tool is run from.
  • Please copy and paste log back here.
  • Please paste the FRST.txt into your reply.


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#12 phongvu99

phongvu99
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:12:29 AM

Posted 23 August 2014 - 10:40 PM

As you can see,the virus has restore it self after booting.The registry automaticaly changed it self after i change it to original.



#13 phongvu99

phongvu99
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:12:29 AM

Posted 23 August 2014 - 10:46 PM

FRST Report:

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:24-08-2014
Ran by Administrator (administrator) on HOME-52318F0178 on 24-08-2014 10:39:23
Running from C:\Documents and Settings\phuong\My Documents\EGDownloads
Platform: Microsoft Windows XP Professional Service Pack 2 (X86) OS Language: English (United States)
Internet Explorer Version 8
Boot Mode: Normal
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
() C:\WINDOWS\system32\WLTRYSVC.EXE
(Broadcom Corporation) C:\WINDOWS\system32\BCMWLTRY.EXE
(mst software GmbH, Germany) F:\Program Files\Ashampoo\Ashampoo WinOptimizer 11\DfSdkS.exe
() F:\Program Files\EagleGet\EGMonitor.exe
(Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe
() F:\Program Files\Ashampoo\Ashampoo WinOptimizer 11\LiveTunerService.exe
() F:\Program Files\EagleGet\EGMonitor.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [PersistenceThread] => C:\WINDOWS\system32\PersistenceThread.exe [96792 2009-12-14] (Intel Corporation)
HKLM\...\Run: [RTHDCPL] => C:\WINDOWS\RTHDCPL.EXE [20145368 2014-07-25] (Realtek Semiconductor Corp.)
HKLM\...\Run: [UnlockerAssistant] => F:\Program Files\Unlocker\UnlockerAssistant.exe [106400 2010-07-05] ()
HKLM\...\Run: [DrvIcon] => C:\PROGRA~1\UXPACK~1\VISTAD~1\DrvIcon.exe
HKLM\...\Run: [Ashampoo WinOptimizer Live-Tuner2] => F:\Program Files\Ashampoo\Ashampoo WinOptimizer 11\LiveTuner2.exe [3516808 2014-06-16] (Ashampoo Development GmbH & Co. KG)
HKLM\...\Winlogon: [Userinit] C:\WINDOWS\system32\userinit.exe,C:\Program Files\qorucngp\yujhmqpg.exe
Winlogon\Notify\igdlogin: C:\WINDOWS\system32\igdlogin.dll ()
HKU\S-1-5-21-1229272821-507921405-1801674531-1003\...\Run: [EagleGet] => F:\Program Files\EagleGet\Eagleget.exe [1874402 2014-08-11] (EagleGet.com)
HKU\S-1-5-21-1229272821-507921405-1801674531-1003\...\Policies\Explorer: [NoCDBurning] 0
HKU\S-1-5-21-1229272821-507921405-1801674531-500\...\Run: [Advanced SystemCare 7] => "C:\Program Files\IObit\Advanced SystemCare 7\ASCTray.exe" /Auto
HKU\S-1-5-21-1229272821-507921405-1801674531-500\...\RunOnce: [Report] => C:\AdwCleaner\AdwCleaner[S1].txt
Startup: C:\Documents and Settings\Administrator.HOME-52318F0178\Start Menu\Programs\StartUp\yujhmqpg.exe ()
Startup: C:\Documents and Settings\Administrator.HOME-52318F0178\Start Menu\Programs\Startup\yujhmqpg.exe ()
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com
URLSearchHook: ATTENTION ==> Default URLSearchHook is missing.
BHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> C:\Program Files\IObit\IObit Uninstaller\UninstallExplorer32.dll (IObit)
BHO: EGet Class -> {1E871FF8-029C-4732-8AA7-39E3D3872057} -> F:\Program Files\EagleGet\eagleSniffer.dll (EagleGet.com)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - ExplorerWnd Helper - {10921475-03CE-4E04-90CE-E2E7EF20C814} - C:\Program Files\IObit\IObit Uninstaller\UninstallExplorer32.dll (IObit)
Toolbar: HKCU - &Address - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
Toolbar: HKCU - &Links - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{1EAEE60C-31FD-4053-BF5F-7C5E00C381E1}: [NameServer] 208.67.222.222,208.67.220.220
Tcpip\..\Interfaces\{83EE534A-004E-4974-A8A4-F09D6DC31477}: [NameServer] 208.67.222.222,208.67.220.220,192.168.10.1
 
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin: @java.com/DTPlugin,version=10.21.2 -> C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.21.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
 
Chrome: 
=======
CHR HKLM\...\Chrome\Extension: [jeaohhlajejodfjadcponpnjgkiikocn] - F:\Program Files\Internet Download Manager\IDMGCExt.crx [2014-06-18]
CHR HKLM\...\Chrome\Extension: [lkemddiljapcmhicklfpcbpfffahfbja] - C:\Documents and Settings\phuong\Local Settings\Application Data\Google\Chrome\User Data\Default\extensions\WebNavigation.crx [2014-07-19]
 
========================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 DfSdkS; F:\Program Files\Ashampoo\Ashampoo WinOptimizer 11\DfsdkS.exe [406016 2009-08-24] (mst software GmbH, Germany) [File not signed]
R2 egGetSvc; F:\Program Files\EagleGet\EGMonitor.exe [228352 2014-08-11] () [File not signed]
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [164276 2004-10-22] (Macrovision Corporation) [File not signed]
R2 JavaQuickStarterService; C:\Program Files\Java\jre7\bin\jqs.exe [181664 2014-07-01] (Oracle Corporation)
S3 WefiEngSvc; C:\Program Files\WeFi\WefiEngSvc.exe [120152 2010-11-03] (WeFi)
R2 wltrysvc; C:\WINDOWS\System32\bcmwltry.exe [1609728 2008-08-22] (Broadcom Corporation) [File not signed]
R2 WO_LiveService2; F:\Program Files\Ashampoo\Ashampoo WinOptimizer 11\LiveTunerService.exe [223624 2014-06-16] ()
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 Ambfilt; C:\WINDOWS\System32\drivers\Ambfilt.sys [1691480 2014-07-25] (Creative)
R3 BCM43XX; C:\WINDOWS\System32\DRIVERS\bcmwl5.sys [1287552 2008-08-22] (Broadcom Corporation)
S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2004-08-04] (Microsoft Corporation)
R1 eagleGet; C:\WINDOWS\System32\Drivers\eagleGet.sys [98736 2014-07-02] (eagleGet)
R1 ElbyCDIO; C:\WINDOWS\System32\Drivers\ElbyCDIO.sys [30616 2013-03-04] (Elaborate Bytes AG)
R0 EMSC; C:\WINDOWS\System32\DRIVERS\EMSC.SYS [14248 2008-11-04] (Windows ® Codename Longhorn DDK provider)
R1 IDMTDI; C:\WINDOWS\System32\DRIVERS\idmtdi.sys [121440 2014-06-09] (Tonec Inc.)
R3 igd; C:\WINDOWS\System32\DRIVERS\igxpmp32.sys [583360 2009-12-03] (Intel Corporation)
R2 LiveTuner2PM; F:\Program Files\Ashampoo\Ashampoo WinOptimizer 11\LiveTuner32.sys [14088 2014-03-20] ()
S3 Monfilt; C:\WINDOWS\System32\drivers\Monfilt.sys [1395800 2014-07-25] (Creative Technology Ltd.)
S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2004-08-04] (Microsoft Corporation)
R2 NPF; C:\WINDOWS\System32\drivers\npf.sys [36600 2013-03-01] (Riverbed Technology, Inc.)
S3 OA004Afx; C:\WINDOWS\system32\Drivers\OA004Afx.sys [148056 2007-06-08] (Creative Technology Ltd.)
R3 OA004Ufd; C:\WINDOWS\System32\DRIVERS\OA004Ufd.sys [144672 2008-06-03] (Creative Technology Ltd.)
R3 OA004Vid; C:\WINDOWS\System32\DRIVERS\OA004Vid.sys [269760 2008-07-18] (Creative Technology Ltd.)
S3 Secdrv; C:\WINDOWS\System32\DRIVERS\secdrv.sys [27440 2004-08-04] ()
R0 sptd; C:\WINDOWS\System32\Drivers\sptd.sys [320120 2014-06-26] (Duplex Secure Ltd.)
R1 Tcpip; C:\WINDOWS\System32\DRIVERS\tcpip.sys [359040 2014-06-30] (Microsoft Corporation) [File not signed]
R3 VClone; C:\WINDOWS\System32\DRIVERS\VClone.sys [30208 2013-03-11] (Elaborate Bytes AG) [File not signed]
 
==================== NetSvcs (Whitelisted) ===================
 
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-08-23 23:11 - 2014-08-23 23:11 - 00014664 _____ () C:\Documents and Settings\phuong\My Documents\[kickass.to]the.strain.s01e06.hdtv.x264.2hd.eztv.torrent
2014-08-23 23:11 - 2014-08-23 23:11 - 00012147 _____ () C:\Documents and Settings\phuong\My Documents\[kickass.to]under.the.dome.s02e08.hdtv.x264.lol.eztv.torrent
2014-08-23 23:10 - 2014-08-23 23:10 - 00014458 _____ () C:\Documents and Settings\phuong\My Documents\[kickass.to]masterchef.us.s05e13.hdtv.x264.lol.eztv.torrent
2014-08-23 21:08 - 2014-08-23 21:09 - 00000000 ____D () C:\Documents and Settings\phuong\Local Settings\Application Data\Adobe
2014-08-17 21:13 - 2012-11-02 10:03 - 08874424 _____ (Adobe Systems, Inc.) C:\Documents and Settings\phuong\Desktop\FlasPlayer 11 Standalone.exe
2014-08-17 16:28 - 2014-08-17 16:29 - 00002265 _____ () C:\Documents and Settings\All Users.WINDOWS\Desktop\Skype.lnk
2014-08-17 16:28 - 2014-08-17 16:28 - 00000000 ___RD () C:\Program Files\Skype
2014-08-17 16:28 - 2014-08-17 16:28 - 00000000 ____D () C:\Program Files\Common Files\Skype
2014-08-17 16:28 - 2014-08-17 16:28 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Skype
2014-08-17 16:28 - 2014-08-17 16:28 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Skype
2014-08-17 16:28 - 2014-08-17 16:28 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Application Data\Skype
2014-08-17 16:28 - 2014-08-17 16:28 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Application Data\Skype
2014-08-17 16:17 - 2014-08-17 16:17 - 00000034 _____ () C:\WINDOWS\system32\oeminfo.ini
2014-08-17 15:55 - 2014-08-17 15:55 - 00000949 _____ () C:\Documents and Settings\All Users.WINDOWS\Desktop\One-Click-Optimizer (WO11).lnk
2014-08-17 15:55 - 2014-08-17 15:55 - 00000731 _____ () C:\Documents and Settings\All Users.WINDOWS\Desktop\Ashampoo WinOptimizer 11.lnk
2014-08-17 15:55 - 2014-08-17 15:55 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Ashampoo
2014-08-17 15:55 - 2014-08-17 15:55 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Ashampoo
2014-08-17 15:55 - 2014-08-17 15:55 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Application Data\Ashampoo
2014-08-17 15:55 - 2014-08-17 15:55 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Application Data\Ashampoo
2014-08-17 15:55 - 2009-08-24 22:08 - 00028160 _____ (mst software GmbH, Germany) C:\WINDOWS\system32\DfSdkBt.exe
2014-08-17 15:53 - 2014-08-17 15:53 - 00000000 ____D () C:\WINDOWS\Tasks\ImCleanDisabled
2014-08-17 14:54 - 2014-08-24 10:39 - 00000000 ____D () C:\FRST
2014-08-17 14:48 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\WINDOWS\system32\sqlite3.dll
2014-08-16 18:36 - 2014-05-24 04:07 - 01102945 _____ () C:\Documents and Settings\phuong\Desktop\SkaiaCraft_Launcher.jar
2014-08-16 17:56 - 2014-08-16 20:37 - 00000000 ____D () C:\WINDOWS\UXBackup
2014-08-16 17:55 - 2014-08-16 20:36 - 00000000 ____D () C:\Program Files\UX Pack
2014-08-16 17:55 - 2007-02-17 06:03 - 00039936 _____ (Microsoft Corporation) C:\WINDOWS\system32\icacls.exe
2014-08-16 17:55 - 2006-12-03 17:15 - 00069632 _____ () C:\WINDOWS\system32\moveex.exe
2014-08-16 17:55 - 2003-03-25 01:47 - 00058880 _____ (Microsoft Corporation) C:\WINDOWS\system32\takeown.exe
2014-08-16 17:49 - 2014-08-16 17:49 - 00086016 _____ (Macromedia, Inc.) C:\WINDOWS\Explorermgr.exe
2014-08-16 17:45 - 2004-08-04 08:07 - 00218624 _____ (Microsoft Corporation) C:\WINDOWS\system32\uxtheme.dll.backup
2014-08-16 17:24 - 2014-08-16 17:31 - 00000000 ____D () C:\Documents and Settings\phuong\Application Data\8683
2014-08-16 17:15 - 2014-08-16 18:56 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Animated Wallpaper
2014-08-16 17:15 - 2014-08-16 18:56 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Animated Wallpaper
2014-08-16 17:15 - 2014-08-16 17:15 - 00000996 _____ () C:\Documents and Settings\All Users.WINDOWS\Desktop\Desktop Flag 3D.lnk
2014-08-16 17:15 - 2014-08-16 17:15 - 00000964 _____ () C:\Documents and Settings\All Users.WINDOWS\Desktop\Desktop Flag 3D .lnk
2014-08-16 17:15 - 2011-09-18 18:12 - 00045816 _____ () C:\WINDOWS\DESKFLAG.SCR
2014-08-16 15:35 - 2014-08-24 10:40 - 00000000 ____D () C:\Documents and Settings\Administrator.HOME-52318F0178\Local Settings\temp
2014-08-16 15:35 - 2014-08-24 10:36 - 00000000 ____D () C:\Documents and Settings\phuong\Local Settings\temp
2014-08-16 15:35 - 2014-08-16 15:35 - 00022186 _____ () C:\ComboFix.txt
2014-08-16 15:35 - 2014-08-16 15:35 - 00000000 ____D () C:\Documents and Settings\Vu Tuan Phuong\Local Settings\temp
2014-08-16 15:35 - 2014-08-16 15:35 - 00000000 ____D () C:\Documents and Settings\NetworkService.NT AUTHORITY\Local Settings\temp
2014-08-16 15:35 - 2014-08-16 15:35 - 00000000 ____D () C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\temp
2014-08-16 15:35 - 2014-08-16 15:35 - 00000000 ____D () C:\Documents and Settings\Administrator\Local Settings\temp
2014-08-15 22:11 - 2014-08-15 22:11 - 00045184 _____ () C:\Documents and Settings\phuong\My Documents\eagleget_cext@eagleget.com.crx
2014-08-15 22:11 - 2014-08-15 22:11 - 00000576 _____ () C:\Documents and Settings\All Users.WINDOWS\Desktop\EagleGet.lnk
2014-08-15 22:11 - 2014-08-15 22:11 - 00000000 ____D () C:\Documents and Settings\phuong\Application Data\EagleGet
2014-08-15 22:11 - 2014-08-15 22:11 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\EagleGet
2014-08-15 22:11 - 2014-08-15 22:11 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\EagleGet
2014-08-15 22:11 - 2014-08-15 22:11 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Application Data\EagleGet
2014-08-15 22:11 - 2014-08-15 22:11 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Application Data\EagleGet
2014-08-15 22:11 - 2014-07-02 10:35 - 00098736 _____ (eagleGet) C:\WINDOWS\system32\Drivers\eagleGet.sys
2014-08-15 16:09 - 2014-08-15 16:09 - 00000406 _____ () C:\WINDOWS\system32\ioloBootDefrag.cfg
2014-08-15 16:09 - 2014-08-15 16:09 - 00000000 ____D () C:\WINDOWS\system32\config\Original
2014-08-15 16:08 - 2014-08-15 16:08 - 00000000 ____D () C:\Documents and Settings\phuong\Application Data\ioloGovernor
2014-08-15 16:05 - 2014-08-15 16:05 - 00000000 ____D () C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\iolo
2014-08-15 16:01 - 2014-08-15 16:08 - 00000408 _____ () C:\WINDOWS\system32\iolo.ini
2014-08-15 16:01 - 2014-08-15 16:08 - 00000392 _____ () C:\WINDOWS\system32\iolo.ini.txt
2014-08-15 15:50 - 2014-08-15 15:50 - 00086016 _____ (Macromedia, Inc.) C:\WINDOWS\system32\taskmgrmgr.exe
2014-08-15 15:50 - 2014-08-15 15:50 - 00000000 ____D () C:\Documents and Settings\NetworkService.NT AUTHORITY\Application Data\iolo
2014-08-15 15:30 - 2014-08-15 21:56 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Application Data\iolo
2014-08-15 15:30 - 2014-08-15 21:56 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Application Data\iolo
2014-08-15 15:30 - 2014-08-15 17:20 - 00065536 _____ () C:\WINDOWS\system32\config\iolo App.evt
2014-08-15 15:30 - 2014-08-15 16:31 - 00074703 _____ () C:\WINDOWS\system32\mfc45.dat
2014-08-15 15:15 - 2014-08-15 15:15 - 00000000 ____D () C:\Documents and Settings\phuong\Application Data\DownloadNinja
2014-08-15 15:08 - 2014-08-15 15:08 - 00000000 ____D () C:\Program Files\Microsoft.NET
2014-08-15 14:49 - 2014-08-24 10:38 - 00000159 _____ () C:\WINDOWS\wiadebug.log
2014-08-15 14:49 - 2014-08-24 10:38 - 00000049 _____ () C:\WINDOWS\wiaservc.log
2014-08-15 14:49 - 2014-08-15 14:49 - 00000000 ____N () C:\WINDOWS\Sti_Trace.log
2014-08-15 14:49 - 2013-07-06 21:07 - 00152848 _____ (Microsoft Corporation) C:\WINDOWS\system32\COMDLG32.OCX
2014-08-15 14:38 - 2014-08-15 14:39 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\WeFi
2014-08-15 14:38 - 2014-08-15 14:39 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\WeFi
2014-08-15 14:38 - 2014-08-15 14:38 - 00000457 _____ () C:\Documents and Settings\All Users.WINDOWS\Desktop\WeFi.lnk
2014-08-15 14:37 - 2014-08-15 16:46 - 00000000 ____D () C:\Program Files\WeFi
2014-08-13 20:50 - 2014-08-15 16:40 - 00016173 _____ () C:\Documents and Settings\phuong\My Documents\Paidverts autofiller script.user.js
2014-08-13 17:01 - 2014-08-13 17:01 - 02537695 _____ () C:\Documents and Settings\phuong\My Documents\crazyflasher3.swf
2014-08-13 16:54 - 2014-08-13 16:54 - 03506226 _____ () C:\Documents and Settings\phuong\My Documents\crazyflasher4.swf
2014-08-13 16:49 - 2014-08-13 16:50 - 05499736 _____ () C:\Documents and Settings\phuong\My Documents\andylaw.swf
2014-08-13 15:21 - 2014-08-13 15:21 - 00000002 _____ () C:\WINDOWS\msoffice.ini
2014-08-13 15:21 - 2014-08-13 15:21 - 00000000 ____D () C:\Documents and Settings\phuong\Desktop\AOL Saved PFC
2014-08-12 16:11 - 2014-08-17 18:27 - 00000547 _____ () C:\Documents and Settings\phuong\Desktop\TEST.txt
2014-08-12 15:58 - 2014-08-13 15:21 - 00000000 ____D () C:\Documents and Settings\phuong\Application Data\AOL
2014-08-12 15:58 - 2014-08-12 15:58 - 00000000 ____D () C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Application Data\AOL
2014-08-12 15:57 - 2014-08-13 15:21 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\AOL
2014-08-12 15:57 - 2014-08-13 15:21 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\AOL
2014-08-12 15:57 - 2014-08-12 15:57 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Application Data\Macromedia
2014-08-12 15:57 - 2014-08-12 15:57 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Application Data\Macromedia
2014-08-12 15:56 - 2014-07-02 16:23 - 00058696 _____ (AOL Inc.) C:\WINDOWS\system32\AOLParconLink.exe
2014-08-12 15:54 - 2014-08-13 15:24 - 00000000 ____D () C:\Documents and Settings\phuong\Local Settings\Application Data\AOL
2014-08-12 15:54 - 2014-08-12 15:54 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Application Data\AOL OCP
2014-08-12 15:54 - 2014-08-12 15:54 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Application Data\AOL OCP
2014-08-12 15:53 - 2014-08-13 15:22 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Application Data\AOL
2014-08-12 15:53 - 2014-08-13 15:22 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Application Data\AOL
2014-08-12 15:51 - 2014-08-12 15:58 - 00030862 _____ () C:\install.log
2014-08-12 15:42 - 2014-08-12 15:57 - 00002680 ____H () C:\IPH.PH
2014-08-12 15:42 - 2014-08-12 15:42 - 00000335 _____ () C:\WINDOWS\nsreg.dat
2014-08-12 13:14 - 2014-08-12 13:17 - 00000000 ____D () C:\WINDOWS\$regcmp$
2014-08-12 12:11 - 2014-08-12 12:11 - 00000695 _____ () C:\Documents and Settings\phuong\Desktop\Free Registry Defrag.lnk
2014-08-12 12:11 - 2014-08-12 12:11 - 00000000 ____D () C:\Program Files\Registry Clean Expert
2014-08-12 12:11 - 2014-08-12 12:11 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Registry Clean Expert
2014-08-12 12:11 - 2014-08-12 12:11 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Registry Clean Expert
2014-08-10 18:07 - 2014-08-10 18:07 - 00000000 ____D () C:\Documents and Settings\phuong\Application Data\Softplicity
2014-08-10 18:06 - 2014-08-10 18:06 - 00000649 _____ () C:\Documents and Settings\phuong\Desktop\Total Audio Converter.lnk
2014-08-10 18:06 - 2014-08-10 18:06 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Total Audio Converter
2014-08-10 18:06 - 2014-08-10 18:06 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Total Audio Converter
2014-08-10 17:51 - 2014-08-10 17:51 - 00004879 _____ () C:\Documents and Settings\phuong\My Documents\3C62C9E0594609540B5DBE2CF8FD006F3222AEF0.torrent
2014-08-09 19:49 - 2014-08-09 19:49 - 00000008 _____ () C:\Documents and Settings\phuong\My Documents\Wifi.txt
2014-08-04 16:26 - 2014-08-10 20:33 - 00000180 _____ () C:\Documents and Settings\phuong\Desktop\UTA.ini
2014-08-04 16:26 - 2006-10-06 14:36 - 00834048 ____N () C:\Documents and Settings\phuong\Desktop\UTA.exe
2014-08-03 18:23 - 2014-08-23 21:48 - 00000000 ____D () C:\Documents and Settings\phuong\Application Data\NhacCuaTui
2014-08-03 18:22 - 2014-08-03 18:22 - 00001606 _____ () C:\Documents and Settings\All Users.WINDOWS\Desktop\NhacCuaTui.lnk
2014-08-03 18:22 - 2014-08-03 18:22 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\NhacCuaTui
2014-08-03 18:22 - 2014-08-03 18:22 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\NhacCuaTui
2014-08-03 16:58 - 2014-08-24 10:31 - 00000408 _____ () C:\WINDOWS\Tasks\Opera scheduled Autoupdate 1407059878.job
2014-08-03 16:58 - 2014-08-03 16:58 - 00000557 _____ () C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Opera.lnk
2014-08-03 16:58 - 2014-08-03 16:58 - 00000557 _____ () C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Opera.lnk
2014-08-03 16:58 - 2014-08-03 16:58 - 00000557 _____ () C:\Documents and Settings\All Users.WINDOWS\Desktop\Opera.lnk
2014-08-03 16:58 - 2014-08-03 16:58 - 00000000 ____D () C:\Documents and Settings\phuong\Local Settings\Application Data\Opera Software
2014-08-03 16:58 - 2014-08-03 16:58 - 00000000 ____D () C:\Documents and Settings\phuong\Application Data\Opera Software
2014-08-03 13:28 - 2014-08-23 21:13 - 00000000 ____D () C:\Program Files\qorucngp
2014-08-03 13:03 - 2014-08-16 18:14 - 00000222 _____ () C:\Documents and Settings\phuong\Desktop\YUKEY.txt
2014-08-03 13:03 - 2014-08-03 13:03 - 00000747 _____ () C:\Documents and Settings\phuong\Desktop\Your Uninstaller!.lnk
2014-08-03 13:03 - 2014-08-03 13:03 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Your Uninstaller! 7
2014-08-03 13:03 - 2014-08-03 13:03 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Your Uninstaller! 7
2014-08-03 13:02 - 2014-08-15 14:15 - 00000000 ____D () C:\Program Files\Your Uninstaller! 7
2014-08-03 13:02 - 2014-08-03 13:02 - 00000000 ____D () C:\Documents and Settings\phuong\Application Data\URSoft
2014-07-25 14:10 - 2014-07-25 14:10 - 09888840 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RsCRIcon.dll
2014-07-25 14:10 - 2014-07-25 14:10 - 00214232 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\Drivers\RtsUStor.sys
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-08-24 10:41 - 2013-10-03 21:15 - 00000000 ____D () C:\Documents and Settings\phuong\Application Data\uTorrent
2014-08-24 10:40 - 2014-08-16 15:35 - 00000000 ____D () C:\Documents and Settings\Administrator.HOME-52318F0178\Local Settings\temp
2014-08-24 10:39 - 2014-08-17 14:54 - 00000000 ____D () C:\FRST
2014-08-24 10:38 - 2014-08-15 14:49 - 00000159 _____ () C:\WINDOWS\wiadebug.log
2014-08-24 10:38 - 2014-08-15 14:49 - 00000049 _____ () C:\WINDOWS\wiaservc.log
2014-08-24 10:37 - 2013-09-29 12:57 - 00454562 _____ () C:\WINDOWS\WindowsUpdate.log
2014-08-24 10:36 - 2014-08-16 15:35 - 00000000 ____D () C:\Documents and Settings\phuong\Local Settings\temp
2014-08-24 10:31 - 2014-08-03 16:58 - 00000408 _____ () C:\WINDOWS\Tasks\Opera scheduled Autoupdate 1407059878.job
2014-08-24 10:31 - 2013-09-29 13:06 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-08-23 23:46 - 2014-07-22 15:39 - 00032526 _____ () C:\WINDOWS\SchedLgU.Txt
2014-08-23 23:45 - 2013-09-29 13:07 - 00000178 ___SH () C:\Documents and Settings\phuong\ntuser.ini
2014-08-23 23:11 - 2014-08-23 23:11 - 00014664 _____ () C:\Documents and Settings\phuong\My Documents\[kickass.to]the.strain.s01e06.hdtv.x264.2hd.eztv.torrent
2014-08-23 23:11 - 2014-08-23 23:11 - 00012147 _____ () C:\Documents and Settings\phuong\My Documents\[kickass.to]under.the.dome.s02e08.hdtv.x264.lol.eztv.torrent
2014-08-23 23:10 - 2014-08-23 23:10 - 00014458 _____ () C:\Documents and Settings\phuong\My Documents\[kickass.to]masterchef.us.s05e13.hdtv.x264.lol.eztv.torrent
2014-08-23 22:55 - 2014-06-27 21:54 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-08-23 21:48 - 2014-08-03 18:23 - 00000000 ____D () C:\Documents and Settings\phuong\Application Data\NhacCuaTui
2014-08-23 21:21 - 2014-07-24 21:20 - 00000282 _____ () C:\WINDOWS\Tasks\DLL-Files.Com Fixer_Updates.job
2014-08-23 21:13 - 2014-08-03 13:28 - 00000000 ____D () C:\Program Files\qorucngp
2014-08-23 21:09 - 2014-08-23 21:08 - 00000000 ____D () C:\Documents and Settings\phuong\Local Settings\Application Data\Adobe
2014-08-23 21:04 - 2013-09-29 12:33 - 00002206 _____ () C:\WINDOWS\system32\wpa.dbl
2014-08-17 18:27 - 2014-08-12 16:11 - 00000547 _____ () C:\Documents and Settings\phuong\Desktop\TEST.txt
2014-08-17 16:29 - 2014-08-17 16:28 - 00002265 _____ () C:\Documents and Settings\All Users.WINDOWS\Desktop\Skype.lnk
2014-08-17 16:28 - 2014-08-17 16:28 - 00000000 ___RD () C:\Program Files\Skype
2014-08-17 16:28 - 2014-08-17 16:28 - 00000000 ____D () C:\Program Files\Common Files\Skype
2014-08-17 16:28 - 2014-08-17 16:28 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Skype
2014-08-17 16:28 - 2014-08-17 16:28 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Skype
2014-08-17 16:28 - 2014-08-17 16:28 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Application Data\Skype
2014-08-17 16:28 - 2014-08-17 16:28 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Application Data\Skype
2014-08-17 16:17 - 2014-08-17 16:17 - 00000034 _____ () C:\WINDOWS\system32\oeminfo.ini
2014-08-17 15:55 - 2014-08-17 15:55 - 00000949 _____ () C:\Documents and Settings\All Users.WINDOWS\Desktop\One-Click-Optimizer (WO11).lnk
2014-08-17 15:55 - 2014-08-17 15:55 - 00000731 _____ () C:\Documents and Settings\All Users.WINDOWS\Desktop\Ashampoo WinOptimizer 11.lnk
2014-08-17 15:55 - 2014-08-17 15:55 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Ashampoo
2014-08-17 15:55 - 2014-08-17 15:55 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Ashampoo
2014-08-17 15:55 - 2014-08-17 15:55 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Application Data\Ashampoo
2014-08-17 15:55 - 2014-08-17 15:55 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Application Data\Ashampoo
2014-08-17 15:53 - 2014-08-17 15:53 - 00000000 ____D () C:\WINDOWS\Tasks\ImCleanDisabled
2014-08-17 15:08 - 2014-06-25 16:57 - 00000178 ___SH () C:\Documents and Settings\Administrator.HOME-52318F0178\ntuser.ini
2014-08-17 14:49 - 2013-09-30 17:21 - 00000000 ____D () C:\AdwCleaner
2014-08-17 14:49 - 2013-09-29 19:43 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS
2014-08-16 20:39 - 2014-07-22 14:54 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Application Data\ProductData
2014-08-16 20:39 - 2014-07-22 14:54 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Application Data\ProductData
2014-08-16 20:37 - 2014-08-16 17:56 - 00000000 ____D () C:\WINDOWS\UXBackup
2014-08-16 20:37 - 2013-09-06 16:18 - 00000000 ____D () C:\WINDOWS\system32\Restore
2014-08-16 20:37 - 2013-09-06 16:18 - 00000000 ____D () C:\Program Files\Outlook Express
2014-08-16 20:36 - 2014-08-16 17:55 - 00000000 ____D () C:\Program Files\UX Pack
2014-08-16 20:35 - 2013-09-06 20:44 - 00000000 ____D () C:\WINDOWS\Media
2014-08-16 19:21 - 2013-09-06 17:45 - 00000000 ____D () C:\WINDOWS\Microsoft.NET
2014-08-16 18:56 - 2014-08-16 17:15 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Animated Wallpaper
2014-08-16 18:56 - 2014-08-16 17:15 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Animated Wallpaper
2014-08-16 18:45 - 2014-07-01 16:16 - 00000000 ____D () C:\Documents and Settings\phuong\Application Data\.minecraft
2014-08-16 18:35 - 2014-06-26 10:34 - 00000000 ____D () C:\Documents and Settings\phuong\Application Data\Media Player Classic
2014-08-16 18:14 - 2014-08-03 13:03 - 00000222 _____ () C:\Documents and Settings\phuong\Desktop\YUKEY.txt
2014-08-16 18:11 - 2013-09-29 13:41 - 00069360 _____ () C:\Documents and Settings\phuong\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2014-08-16 18:09 - 2013-09-29 19:43 - 00236760 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2014-08-16 17:55 - 2013-09-06 20:44 - 00000000 ____D () C:\WINDOWS\Cursors
2014-08-16 17:49 - 2014-08-16 17:49 - 00086016 _____ (Macromedia, Inc.) C:\WINDOWS\Explorermgr.exe
2014-08-16 17:45 - 2013-09-29 12:33 - 00218624 _____ (Microsoft Corporation) C:\WINDOWS\system32\uxtheme.dll
2014-08-16 17:36 - 2014-06-25 20:34 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP
2014-08-16 17:36 - 2014-06-25 20:34 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP
2014-08-16 17:31 - 2014-08-16 17:24 - 00000000 ____D () C:\Documents and Settings\phuong\Application Data\8683
2014-08-16 17:15 - 2014-08-16 17:15 - 00000996 _____ () C:\Documents and Settings\All Users.WINDOWS\Desktop\Desktop Flag 3D.lnk
2014-08-16 17:15 - 2014-08-16 17:15 - 00000964 _____ () C:\Documents and Settings\All Users.WINDOWS\Desktop\Desktop Flag 3D .lnk
2014-08-16 15:35 - 2014-08-16 15:35 - 00022186 _____ () C:\ComboFix.txt
2014-08-16 15:35 - 2014-08-16 15:35 - 00000000 ____D () C:\Documents and Settings\Vu Tuan Phuong\Local Settings\temp
2014-08-16 15:35 - 2014-08-16 15:35 - 00000000 ____D () C:\Documents and Settings\NetworkService.NT AUTHORITY\Local Settings\temp
2014-08-16 15:35 - 2014-08-16 15:35 - 00000000 ____D () C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\temp
2014-08-16 15:35 - 2014-08-16 15:35 - 00000000 ____D () C:\Documents and Settings\Administrator\Local Settings\temp
2014-08-16 15:35 - 2013-09-30 17:54 - 00000000 ____D () C:\Qoobox
2014-08-16 15:32 - 2013-09-29 12:33 - 00000227 _____ () C:\WINDOWS\system.ini
2014-08-16 15:30 - 2013-10-11 15:36 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Application Data\USBSecurity
2014-08-16 15:30 - 2013-10-11 15:36 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Application Data\USBSecurity
2014-08-16 14:35 - 2014-06-24 22:19 - 00000000 ____D () C:\Documents and Settings\phuong\Application Data\DMCache
2014-08-16 14:27 - 2014-07-22 14:53 - 00000000 ____D () C:\Program Files\IObit
2014-08-15 22:11 - 2014-08-15 22:11 - 00045184 _____ () C:\Documents and Settings\phuong\My Documents\eagleget_cext@eagleget.com.crx
2014-08-15 22:11 - 2014-08-15 22:11 - 00000576 _____ () C:\Documents and Settings\All Users.WINDOWS\Desktop\EagleGet.lnk
2014-08-15 22:11 - 2014-08-15 22:11 - 00000000 ____D () C:\Documents and Settings\phuong\Application Data\EagleGet
2014-08-15 22:11 - 2014-08-15 22:11 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\EagleGet
2014-08-15 22:11 - 2014-08-15 22:11 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\EagleGet
2014-08-15 22:11 - 2014-08-15 22:11 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Application Data\EagleGet
2014-08-15 22:11 - 2014-08-15 22:11 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Application Data\EagleGet
2014-08-15 22:11 - 2014-07-07 14:21 - 00000000 ____D () C:\Program Files\Common Files\EagleGet
2014-08-15 21:56 - 2014-08-15 15:30 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Application Data\iolo
2014-08-15 21:56 - 2014-08-15 15:30 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Application Data\iolo
2014-08-15 17:20 - 2014-08-15 15:30 - 00065536 _____ () C:\WINDOWS\system32\config\iolo App.evt
2014-08-15 16:46 - 2014-08-15 14:37 - 00000000 ____D () C:\Program Files\WeFi
2014-08-15 16:40 - 2014-08-13 20:50 - 00016173 _____ () C:\Documents and Settings\phuong\My Documents\Paidverts autofiller script.user.js
2014-08-15 16:31 - 2014-08-15 15:30 - 00074703 _____ () C:\WINDOWS\system32\mfc45.dat
2014-08-15 16:09 - 2014-08-15 16:09 - 00000406 _____ () C:\WINDOWS\system32\ioloBootDefrag.cfg
2014-08-15 16:09 - 2014-08-15 16:09 - 00000000 ____D () C:\WINDOWS\system32\config\Original
2014-08-15 16:09 - 2013-09-06 17:26 - 00000000 ____D () C:\Program Files\7-Zip
2014-08-15 16:08 - 2014-08-15 16:08 - 00000000 ____D () C:\Documents and Settings\phuong\Application Data\ioloGovernor
2014-08-15 16:08 - 2014-08-15 16:01 - 00000408 _____ () C:\WINDOWS\system32\iolo.ini
2014-08-15 16:08 - 2014-08-15 16:01 - 00000392 _____ () C:\WINDOWS\system32\iolo.ini.txt
2014-08-15 16:07 - 2014-07-22 15:08 - 15958016 _____ () C:\WINDOWS\system32\config\software.iobit
2014-08-15 16:07 - 2014-07-22 15:08 - 00258048 _____ () C:\WINDOWS\system32\config\default.iobit
2014-08-15 16:07 - 2014-07-22 15:08 - 00045056 _____ () C:\WINDOWS\system32\config\SECURITY.iobit
2014-08-15 16:07 - 2014-07-22 15:08 - 00024576 _____ () C:\WINDOWS\system32\config\SAM.iobit
2014-08-15 16:07 - 2013-09-29 13:07 - 00000000 ____D () C:\Documents and Settings\phuong
2014-08-15 16:07 - 2013-09-29 13:06 - 00000000 __SHD () C:\Documents and Settings\LocalService.NT AUTHORITY
2014-08-15 16:07 - 2013-09-29 13:05 - 00000000 __SHD () C:\Documents and Settings\NetworkService.NT AUTHORITY
2014-08-15 16:05 - 2014-08-15 16:05 - 00000000 ____D () C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\iolo
2014-08-15 15:50 - 2014-08-15 15:50 - 00086016 _____ (Macromedia, Inc.) C:\WINDOWS\system32\taskmgrmgr.exe
2014-08-15 15:50 - 2014-08-15 15:50 - 00000000 ____D () C:\Documents and Settings\NetworkService.NT AUTHORITY\Application Data\iolo
2014-08-15 15:20 - 2014-06-24 22:19 - 00000000 ____D () C:\Documents and Settings\phuong\Application Data\IDM
2014-08-15 15:15 - 2014-08-15 15:15 - 00000000 ____D () C:\Documents and Settings\phuong\Application Data\DownloadNinja
2014-08-15 15:10 - 2013-09-29 19:45 - 00511728 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-08-15 15:08 - 2014-08-15 15:08 - 00000000 ____D () C:\Program Files\Microsoft.NET
2014-08-15 14:49 - 2014-08-15 14:49 - 00000000 ____N () C:\WINDOWS\Sti_Trace.log
2014-08-15 14:39 - 2014-08-15 14:38 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\WeFi
2014-08-15 14:39 - 2014-08-15 14:38 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\WeFi
2014-08-15 14:38 - 2014-08-15 14:38 - 00000457 _____ () C:\Documents and Settings\All Users.WINDOWS\Desktop\WeFi.lnk
2014-08-15 14:16 - 2014-06-25 16:56 - 00000000 ____D () C:\Documents and Settings\Administrator.HOME-52318F0178
2014-08-15 14:16 - 2013-09-06 16:16 - 00000000 ____D () C:\WINDOWS\Registration
2014-08-15 14:15 - 2014-08-03 13:02 - 00000000 ____D () C:\Program Files\Your Uninstaller! 7
2014-08-15 14:06 - 2013-09-29 13:06 - 00000178 ___SH () C:\Documents and Settings\NetworkService.NT AUTHORITY\ntuser.ini
2014-08-13 21:23 - 2014-07-24 21:20 - 00000266 _____ () C:\WINDOWS\Tasks\DLL-Files.Com Fixer_MONTHLY.job
2014-08-13 17:01 - 2014-08-13 17:01 - 02537695 _____ () C:\Documents and Settings\phuong\My Documents\crazyflasher3.swf
2014-08-13 16:54 - 2014-08-13 16:54 - 03506226 _____ () C:\Documents and Settings\phuong\My Documents\crazyflasher4.swf
2014-08-13 16:50 - 2014-08-13 16:49 - 05499736 _____ () C:\Documents and Settings\phuong\My Documents\andylaw.swf
2014-08-13 15:24 - 2014-08-12 15:54 - 00000000 ____D () C:\Documents and Settings\phuong\Local Settings\Application Data\AOL
2014-08-13 15:22 - 2014-08-12 15:53 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Application Data\AOL
2014-08-13 15:22 - 2014-08-12 15:53 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Application Data\AOL
2014-08-13 15:21 - 2014-08-13 15:21 - 00000002 _____ () C:\WINDOWS\msoffice.ini
2014-08-13 15:21 - 2014-08-13 15:21 - 00000000 ____D () C:\Documents and Settings\phuong\Desktop\AOL Saved PFC
2014-08-13 15:21 - 2014-08-12 15:58 - 00000000 ____D () C:\Documents and Settings\phuong\Application Data\AOL
2014-08-13 15:21 - 2014-08-12 15:57 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\AOL
2014-08-13 15:21 - 2014-08-12 15:57 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\AOL
2014-08-12 15:58 - 2014-08-12 15:58 - 00000000 ____D () C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Application Data\AOL
2014-08-12 15:58 - 2014-08-12 15:51 - 00030862 _____ () C:\install.log
2014-08-12 15:57 - 2014-08-12 15:57 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Application Data\Macromedia
2014-08-12 15:57 - 2014-08-12 15:57 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Application Data\Macromedia
2014-08-12 15:57 - 2014-08-12 15:42 - 00002680 ____H () C:\IPH.PH
2014-08-12 15:57 - 2013-09-29 13:00 - 00316640 _____ () C:\WINDOWS\WMSysPr9.prx
2014-08-12 15:54 - 2014-08-12 15:54 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Application Data\AOL OCP
2014-08-12 15:54 - 2014-08-12 15:54 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Application Data\AOL OCP
2014-08-12 15:42 - 2014-08-12 15:42 - 00000335 _____ () C:\WINDOWS\nsreg.dat
2014-08-12 15:42 - 2014-06-23 22:11 - 00000000 ____D () C:\Documents and Settings\phuong\Application Data\Mozilla
2014-08-12 13:17 - 2014-08-12 13:14 - 00000000 ____D () C:\WINDOWS\$regcmp$
2014-08-12 12:11 - 2014-08-12 12:11 - 00000695 _____ () C:\Documents and Settings\phuong\Desktop\Free Registry Defrag.lnk
2014-08-12 12:11 - 2014-08-12 12:11 - 00000000 ____D () C:\Program Files\Registry Clean Expert
2014-08-12 12:11 - 2014-08-12 12:11 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Registry Clean Expert
2014-08-12 12:11 - 2014-08-12 12:11 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Registry Clean Expert
2014-08-12 11:49 - 2014-07-22 21:11 - 17436672 _____ () C:\WINDOWS\system32\config\software.iodefrag.bak
2014-08-12 11:49 - 2014-07-22 21:11 - 00258048 _____ () C:\WINDOWS\system32\config\default.iodefrag.bak
2014-08-12 11:49 - 2014-07-22 21:11 - 00045056 _____ () C:\WINDOWS\system32\config\SECURITY.iodefrag.bak
2014-08-12 11:49 - 2014-07-22 21:11 - 00024576 _____ () C:\WINDOWS\system32\config\SAM.iodefrag.bak
2014-08-12 11:29 - 2013-09-13 20:43 - 00000000 ____D () C:\WINDOWS\Minidump
2014-08-10 20:33 - 2014-08-04 16:26 - 00000180 _____ () C:\Documents and Settings\phuong\Desktop\UTA.ini
2014-08-10 18:07 - 2014-08-10 18:07 - 00000000 ____D () C:\Documents and Settings\phuong\Application Data\Softplicity
2014-08-10 18:06 - 2014-08-10 18:06 - 00000649 _____ () C:\Documents and Settings\phuong\Desktop\Total Audio Converter.lnk
2014-08-10 18:06 - 2014-08-10 18:06 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Total Audio Converter
2014-08-10 18:06 - 2014-08-10 18:06 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Total Audio Converter
2014-08-10 17:51 - 2014-08-10 17:51 - 00004879 _____ () C:\Documents and Settings\phuong\My Documents\3C62C9E0594609540B5DBE2CF8FD006F3222AEF0.torrent
2014-08-09 19:49 - 2014-08-09 19:49 - 00000008 _____ () C:\Documents and Settings\phuong\My Documents\Wifi.txt
2014-08-03 18:22 - 2014-08-03 18:22 - 00001606 _____ () C:\Documents and Settings\All Users.WINDOWS\Desktop\NhacCuaTui.lnk
2014-08-03 18:22 - 2014-08-03 18:22 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\NhacCuaTui
2014-08-03 18:22 - 2014-08-03 18:22 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\NhacCuaTui
2014-08-03 16:58 - 2014-08-03 16:58 - 00000557 _____ () C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Opera.lnk
2014-08-03 16:58 - 2014-08-03 16:58 - 00000557 _____ () C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Opera.lnk
2014-08-03 16:58 - 2014-08-03 16:58 - 00000557 _____ () C:\Documents and Settings\All Users.WINDOWS\Desktop\Opera.lnk
2014-08-03 16:58 - 2014-08-03 16:58 - 00000000 ____D () C:\Documents and Settings\phuong\Local Settings\Application Data\Opera Software
2014-08-03 16:58 - 2014-08-03 16:58 - 00000000 ____D () C:\Documents and Settings\phuong\Application Data\Opera Software
2014-08-03 13:03 - 2014-08-03 13:03 - 00000747 _____ () C:\Documents and Settings\phuong\Desktop\Your Uninstaller!.lnk
2014-08-03 13:03 - 2014-08-03 13:03 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Your Uninstaller! 7
2014-08-03 13:03 - 2014-08-03 13:03 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Your Uninstaller! 7
2014-08-03 13:02 - 2014-08-03 13:02 - 00000000 ____D () C:\Documents and Settings\phuong\Application Data\URSoft
2014-08-03 10:27 - 2013-09-29 13:06 - 00000178 ___SH () C:\Documents and Settings\LocalService.NT AUTHORITY\ntuser.ini
2014-07-25 14:10 - 2014-07-25 14:10 - 09888840 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RsCRIcon.dll
2014-07-25 14:10 - 2014-07-25 14:10 - 00214232 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\Drivers\RtsUStor.sys
2014-07-25 14:06 - 2013-09-06 21:16 - 00000000 ____D () C:\WINDOWS\system32\RTCOM
2014-07-25 14:05 - 2013-09-29 14:11 - 20145368 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\RTHDCPL.EXE
2014-07-25 14:05 - 2013-09-29 14:11 - 09721960 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\RTLCPL.EXE
2014-07-25 14:05 - 2013-09-29 14:11 - 05630168 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\Drivers\RtkHDAud.sys
2014-07-25 14:05 - 2013-09-29 14:11 - 02815592 _____ (RealTek Semicoductor Corp.) C:\WINDOWS\ALCWZRD.EXE
2014-07-25 14:05 - 2013-09-29 14:11 - 02180712 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\MicCal.exe
2014-07-25 14:05 - 2013-09-29 14:11 - 01691480 _____ (Creative) C:\WINDOWS\system32\Drivers\Ambfilt.sys
2014-07-25 14:05 - 2013-09-29 14:11 - 01523416 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\RtlUpd.exe
2014-07-25 14:05 - 2013-09-29 14:11 - 01395800 _____ (Creative Technology Ltd.) C:\WINDOWS\system32\Drivers\Monfilt.sys
2014-07-25 14:05 - 2013-09-29 14:11 - 00891976 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RTSndMgr.CPL
2014-07-25 14:05 - 2013-09-29 14:11 - 00359016 _____ (Realtek Semiconductor Crop.) C:\WINDOWS\vncutil.exe
2014-07-25 14:05 - 2013-09-29 14:11 - 00285288 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\ALSNDMGR.CPL
2014-07-25 14:05 - 2013-09-29 14:11 - 00129640 _____ (Realtek Semiconductor) C:\WINDOWS\RtkAudioService.exe
2014-07-25 14:05 - 2013-09-29 14:11 - 00087256 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtkCoInstIIXP.dll
2014-07-25 14:05 - 2013-09-29 14:11 - 00084584 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\SOUNDMAN.EXE
2014-07-25 14:05 - 2013-09-29 14:11 - 00064104 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\ALCMTR.EXE
2014-07-25 14:05 - 2013-09-29 14:11 - 00026084 _____ () C:\WINDOWS\system32\Drivers\RTAIODAT.DAT
 
Some content of TEMP:
====================
C:\Documents and Settings\phuong\Local Settings\temp\install_flashplayer14x32au_chrd_dn_aaa_aih.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
==================== End Of Log ============================


#14 phongvu99

phongvu99
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:12:29 AM

Posted 24 August 2014 - 08:57 AM

Well,after a long time with all your instruction i decide to go on my own with Avast Free Antivirus and it worked.So far the problem is fixed but i haven't restart the laptop yet so i don't know if it will come back.

nhZDELi.png



#15 phongvu99

phongvu99
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:12:29 AM

Posted 24 August 2014 - 09:00 AM

Update 24/8:My Computer Is Badly Infected With Win32:RmnDrp Virus,Win32:MalObj-U [CRYP],Win32:Dropper,VBS:Agent but the whole computer is mostly with Win32:RmnDrp






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users