BullGuard
 HomeLog InRegisterCommunity CalendarSearch the ForumView The Member ListHelp
Malware hiding C: drive
   
BullGuard Antivirus Forum > Virus Removal > Removal Help > Malware hiding C: drive  
Forum Quick Jump
 
New Topic Locked Topic Printable version of : Malware hiding C: drive
[ << Previous Thread | Next Thread >> ]

neo2000x
New Member


Date Joined Jan 2014
Total Posts : 4
 
   Posted 1/3/2014 7:14 AM (GMT +3)    Quote: Malware hiding C: driveAlert an admin about: Malware hiding C: drive
Hi everyone, I could use some help fixing my brother's computer.  It's running Windows 64 bit Vista with SP2.  He clicked on an email link, and now explorer is crashing and hiding his C: drive.  I've already downloaded Malwarebytes but that didn't fix the issue.  I recently used ComboFix and the log is below.  Any help is appreciated.
 
ComboFix 14-01-01.01 - Thanh 01/02/2014  22:32:15.1.4 - x64 NETWORK
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.1.1033.18.8189.7026 [GMT -5:00]
Running from: C:\ComboFix.exe
AV: Trend Micro Client/Server Security Agent Antivirus *Enabled/Updated* {48929DFC-7A52-A34F-8351-C4DBEDBD9C50}
SP: Trend Micro Client/Server Security Agent Anti-spyware *Enabled/Updated* {F3F37C18-5C68-ACC1-B9E1-FFA9963AD6ED}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Created a new restore point
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\9d55a160db8e34f23f7116c9c272cb2475fc7482
c:\users\Thanh\AppData\Roaming\9d55a160db8e34f23f7116c9c272cb2475fc7482
c:\users\Thanh\AppData\Roaming\Microsoft\~DFK335d8a90.tmp
c:\users\Thanh\AppData\Roaming\Microsoft\1eaadjc.dll
c:\users\Thanh\AppData\Roaming\Microsoft\AdjMmsVista.dll
c:\users\Thanh\AppData\Roaming\Microsoft\bass.dll
c:\users\Thanh\AppData\Roaming\Microsoft\kfgresk.dll
c:\users\Thanh\AppData\Roaming\Microsoft\mjcriu.dll
c:\users\Thanh\AppData\Roaming\Microsoft\peaadje.dll
c:\users\Thanh\AppData\Roaming\Microsoft\qwadjb.dll
c:\users\Thanh\AppData\Roaming\Microsoft\rsaadjd.dll
c:\windows\iun6002.exe
c:\windows\SysWow64\Packet.dll
c:\windows\SysWow64\pthreadVC.dll
c:\windows\SysWow64\wpcap.dll
.
.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_NPF
-------\Service_NPF
.
.
(((((((((((((((((((((((((   Files Created from 2013-12-03 to 2014-01-03  )))))))))))))))))))))))))))))))
.
.
2014-01-03 03:49 . 2014-01-03 04:01 -------- d-----w- c:\users\Thanh\AppData\Local\temp
2013-12-30 18:42 . 2013-12-30 18:42 -------- d-----w- C:\found.000
2013-12-27 06:42 . 2013-12-04 03:28 10315576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{8ECAE5C0-F355-4422-8208-0C83271200AE}\mpengine.dll
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-12-10 19:44 . 2013-01-14 20:48 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-12-10 19:44 . 2011-11-29 22:28 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-11-19 08:33 . 2009-10-17 03:33 267936 ------w- c:\windows\system32\MpSigStub.exe
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 130736 ----a-w- c:\users\Thanh\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 130736 ----a-w- c:\users\Thanh\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 130736 ----a-w- c:\users\Thanh\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1555968]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 138240]
"SoniqueQuickStart"="c:\program files\Sonique\sqstart.exe" [2011-06-10 44832]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2013-11-14 20584608]
"Viber"="c:\users\Thanh\AppData\Local\Viber\Viber.exe" [2013-07-07 912904]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2008-05-23 128296]
"AdobeCS4ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2012-01-04 40376]
"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2012-01-03 640440]
"WinampAgent"="c:\program files (x86)\Winamp\winampa.exe" [2010-01-13 37888]
"OfficeScanNT Monitor"="c:\program files (x86)\Trend Micro\Client Server Security Agent\pccntmon.exe" [2010-03-02 1505072]
"OE"="c:\program files (x86)\Trend Micro\Client Server Security Agent\TMAS_OE\TMAS_OEMon.exe" [2010-01-05 842504]
"AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-09-27 59240]
"AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-07-23 402432]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-22 59720]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
"AdobeCS5.5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" [2011-01-12 1523360]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-01-04 37296]
"Samsung PanelMgr"="c:\windows\Samsung\PanelMgr\ssmmgr.exe" [2010-01-06 618496]
"IJNetworkScannerSelectorEX"="c:\program files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe" [2010-09-09 452016]
"VMM Mode Selection"="c:\program files\HTC\ModeSelection\VMMModeSelection.exe" [2011-02-14 43520]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2013-05-01 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2013-11-02 152392]
.
c:\users\Thanh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Thanh\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2013-5-24 27776968]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files (x86)\McAfee Security Scan\2.1.121\SSScheduler.exe [2010-9-3 255536]
NETGEAR WNA3100 Genie.lnk - c:\program files (x86)\NETGEAR\WNA3100\WNA3100.exe [2012-9-12 8364288]
Smart Wizard Wireless Settings.lnk - c:\program files (x86)\NETGEAR\WG111 Configuration Utility\WG111CFG.exe [2012-1-6 1056864]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe /firstrun [2009-2-6 1312096]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
R2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [x]
R3 Adobe Version Cue CS4;Adobe Version Cue CS4;c:\program files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe;c:\program files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - ECACHE
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ    getPlusHelper
.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
Themes
.
Contents of the 'Scheduled Tasks' folder
.
2013-12-30 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-01-14 19:44]
.
2014-01-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-02-20 21:29]
.
2014-01-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-02-20 21:29]
.
2013-12-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1315876244-2709806311-3956440418-1000Core.job
- c:\users\Thanh\AppData\Local\Google\Update\GoogleUpdate.exe [2011-06-27 18:29]
.
2013-12-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1315876244-2709806311-3956440418-1000UA.job
- c:\users\Thanh\AppData\Local\Google\Update\GoogleUpdate.exe [2011-06-27 18:29]
.
2013-12-29 c:\windows\Tasks\Norton Security Scan for Thanh.job
- c:\progra~2\NORTON~2\Engine\403~1.27\Nss.exe [2013-11-15 07:10]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 164016 ----a-w- c:\users\Thanh\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 164016 ----a-w- c:\users\Thanh\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 164016 ----a-w- c:\users\Thanh\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 164016 ----a-w- c:\users\Thanh\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-01-13 6848544]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-01-13 151064]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-01-13 208920]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-01-13 176152]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2009-01-19 4119552]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-03-15 499608]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = https://www.google.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Append Link Target to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert link target to existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
Trusted Zone: samsungsetup.com\www
TCP: DhcpNameServer = 192.168.10.1
FF - ProfilePath - c:\users\Thanh\AppData\Roaming\Mozilla\Firefox\Profiles\fxflq1vf.default\
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
FF - Ext: Skype Click to Call: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} - c:\program files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF - Ext: DivX Plus Web Player HTML5 &lt;video&gt;: {23fcfd51-4958-4f00-80a3-ae97e717ed8b} - c:\program files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF - Ext: FireFTP: {a7c6cf7f-112c-4500-a7ea-39801a327e5f} - %profile%\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}
FF - Ext: Web Developer: {c45c406e-ab73-11d8-be73-000a95be3b12} - %profile%\extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}
FF - Ext: Firebug: firebug@software.joehewitt.com - %profile%\extensions\firebug@software.joehewitt.com
FF - Ext: Samucaya Dynamic Search Engine: {f152489f-b189-4550-81fd-7d996d242be7} - %profile%\extensions\{f152489f-b189-4550-81fd-7d996d242be7}
FF - Ext: MeasureIt: {75CEEE46-9B64-46f8-94BF-54012DE155F0} - %profile%\extensions\{75CEEE46-9B64-46f8-94BF-54012DE155F0}
FF - Ext: ColorZilla: {6AC85730-7D0F-4de0-B3FA-21142DD85326} - %profile%\extensions\{6AC85730-7D0F-4de0-B3FA-21142DD85326}
FF - Ext: ShowIP: {3e9bb2a7-62ca-4efa-a4e6-f6f6168a652d} - %profile%\extensions\{3e9bb2a7-62ca-4efa-a4e6-f6f6168a652d}
FF - Ext: CodeBurner for Firebug: firebug@tools.sitepoint.com - %profile%\extensions\firebug@tools.sitepoint.com
FF - Ext: Pixel Perfect: pixelperfectplugin@openhouseconcepts.com - %profile%\extensions\pixelperfectplugin@openhouseconcepts.com
FF - Ext: Abduction!: {b0e1b4a6-2c6f-4e99-94f2-8e625d7ae255} - %profile%\extensions\{b0e1b4a6-2c6f-4e99-94f2-8e625d7ae255}
FF - Ext: Domain Details: {152455DE-7B40-4bcf-B5B4-C68A1BE85A91} - %profile%\extensions\{152455DE-7B40-4bcf-B5B4-C68A1BE85A91}
FF - Ext: Dummy Lipsum: dummylipsum@sogame.cat - %profile%\extensions\dummylipsum@sogame.cat
FF - Ext: GridFox: {D9CFDC5F-081E-420c-A108-A628AC2E556B} - %profile%\extensions\{D9CFDC5F-081E-420c-A108-A628AC2E556B}
FF - Ext: Palette Grabber: {6334b320-bd37-11da-a94d-0800200c9a66} - %profile%\extensions\{6334b320-bd37-11da-a94d-0800200c9a66}
FF - Ext: KGen: kgen@elitwork.com - %profile%\extensions\kgen@elitwork.com
FF - Ext: Forecastfox: {0538E3E3-7E9B-4d49-8831-A227C80A7AD3} - %profile%\extensions\{0538E3E3-7E9B-4d49-8831-A227C80A7AD3}
FF - Ext: DownloadHelper: {b9db16a4-6edc-47ec-a1f4-b86292ed211d} - %profile%\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
FF - Ext: Screen Capture Elite: screencaptureelite@plugin - %profile%\extensions\screencaptureelite@plugin
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKCU-Run-AdobeBridge - (no file)
Wow6432Node-HKCU-Run-MobileDocuments - c:\program files (x86)\Common Files\Apple\Internet Services\ubd.exe
Wow6432Node-HKCU-Run-WMPNSCFG - c:\program files (x86)\Windows Media Player\WMPNSCFG.exe
Wow6432Node-HKLM-Run-CheckPoint Cleanup - c:\users\Thanh\AppData\Local\Temp\cpes_clean_launcher.exe
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
HKLM-Run-Skytel - c:\program files\Realtek\Audio\HDA\Skytel.exe
HKLM-Run-LogMeIn GUI - c:\program files (x86)\LogMeIn\x64\LogMeInSystray.exe
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
AddRemove-AndreaMosaic - c:\windows\iun6002.exe
AddRemove-Dell Photo Printer 720 - c:\program files (x86) (x86)\Dell Photo Printer 720\Install\x64\Uninst.exe
AddRemove-{7B63B2922B174135AFC0E1377DD81EC2} - c:\program files (x86)\DivX\DivXCodecUninstall.exe
AddRemove-{8ADFC4160D694100B5B8A22DE9DCABD9} - c:\program files (x86)\DivX\DivXPlayerUninstall.exe
AddRemove-{C8C8387B-A98B-44E8-807A-1A9B7F51FFDA} - c:\users\Thanh\AppData\Local\{784E3329-1B2A-421E-9427-596088B766F6}\setup_blazemp.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_170_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_170_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_170_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_170_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@="Shockwave Flash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@=""
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@="FlashBroker"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
   00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
Completion time: 2014-01-02  23:06:58 - machine was rebooted
ComboFix-quarantined-files.txt  2014-01-03 04:06
.
Pre-Run: 347,645,919,232 bytes free
Post-Run: 425,100,009,472 bytes free
.
- - End Of File - - D843A2DE07060D63B3405381AA3DEC03
CDB4DE4BBD714F152979DA2DCBEF57EB
Back to Top
 

Touch
Forum Moderator




Date Joined Jun 2004
Total Posts : 12975
 
   Posted 1/3/2014 8:52 AM (GMT +3)    Quote: Malware hiding C: driveAlert an admin about: Malware hiding C: drive
Hi and welcome smile




Download OTL by OldTimer, saving it to your desktop:
oldtimer.geekstogo.com/OTL.exe
Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
Select All Users

Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.

Post both logs[url]


Please read:  Forum Rules
Click here:   Before-posting-a-log
 
Do not PM me with logfiles. They will be deleted. 

 

Post Edited (Touch) : 1/3/2014 5:55:44 AM GMT

Back to Top
 

neo2000x
New Member


Date Joined Jan 2014
Total Posts : 4
 
   Posted 1/3/2014 7:15 PM (GMT +3)    Quote: Malware hiding C: driveAlert an admin about: Malware hiding C: drive
Thanks for the help!  Here are the OTL logs:
 
OTL.txt
OTL logfile created on: 1/3/2014 11:05:49 AM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19170)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
8.00 Gb Total Physical Memory | 6.67 Gb Available Physical Memory | 83.36% Memory free
16.17 Gb Paging File | 15.12 Gb Available in Paging File | 93.49% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 683.95 Gb Total Space | 395.97 Gb Free Space | 57.89% Space Free | Partition Type: NTFS
Drive D: | 14.65 Gb Total Space | 7.41 Gb Free Space | 50.61% Space Free | Partition Type: NTFS
 
Computer Name: THANH-PC | User Name: Thanh | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
[color=#E56717]========== Processes (SafeList) ==========[/color]
 
PRC - [2014/01/03 11:05:02 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\OTL.exe
 
 
[color=#E56717]========== Modules (No Company Name) ==========[/color]
 
 
[color=#E56717]========== Services (SafeList) ==========[/color]
 
SRV:[b]64bit:[/b] - [2009/10/26 09:36:27 | 001,038,088 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FLEXnet Licensing Service 64)
SRV:[b]64bit:[/b] - [2009/01/19 05:20:10 | 000,032,768 | ---- | M] () [Auto | Stopped] -- C:\Windows\SysNative\WLTRYSVC.EXE -- (wltrysvc)
SRV:[b]64bit:[/b] - [2009/01/13 05:33:06 | 000,088,576 | ---- | M] (Andrea Electronics Corporation) [Auto | Stopped] -- C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe -- (AERTFilters)
SRV:[b]64bit:[/b] - [2008/12/18 13:05:28 | 000,155,648 | ---- | M] (Stardock Corporation) [Auto | Stopped] -- C:\Program Files\Dell\DellDock\DockLogin.exe -- (DockLoginService)
SRV:[b]64bit:[/b] - [2008/01/20 21:47:32 | 000,383,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2013/12/10 14:44:26 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/09/05 09:34:30 | 000,171,680 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/10/23 04:47:48 | 002,848,168 | ---- | M] (TeamViewer GmbH) [Auto | Stopped] -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7)
SRV - [2012/10/08 17:04:18 | 000,166,912 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe -- (PassThru Service)
SRV - [2012/07/16 16:49:10 | 000,087,368 | ---- | M] (Nero AG) [Auto | Stopped] -- C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe -- (HTCMonitorService)
SRV - [2011/12/07 17:31:00 | 000,303,360 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\NETGEAR\WNA3100\WifiSvc.exe -- (WSWNA3100)
SRV - [2010/09/03 01:45:02 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\McAfee Security Scan\2.1.121\McCHSvc.exe -- (McComponentHostService)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/18 02:29:34 | 002,048,784 | ---- | M] (Trend Micro Inc.) [Auto | Stopped] -- C:\Program Files (x86)\Trend Micro\Client Server Security Agent\TmListen.exe -- (tmlisten)
SRV - [2010/02/26 00:04:02 | 001,816,368 | ---- | M] (Trend Micro Inc.) [Auto | Stopped] -- C:\Program Files (x86)\Trend Micro\Client Server Security Agent\Ntrtscan.exe -- (ntrtscan)
SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009/10/26 09:32:44 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/07/15 16:36:48 | 000,917,768 | ---- | M] (Trend Micro Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Trend Micro\Client Server Security Agent\TmProxy.exe -- (TmProxy)
SRV - [2009/07/06 13:16:50 | 000,570,632 | ---- | M] (Trend Micro Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Trend Micro\BM\TMBMSRV.exe -- (TMBMServer)
SRV - [2009/03/29 23:42:14 | 000,066,368 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/08/15 04:46:20 | 000,284,016 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe -- (Adobe Version Cue CS4)
 
 
[color=#E56717]========== Driver Services (SafeList) ==========[/color]
 
DRV:[b]64bit:[/b] - [2012/12/13 13:50:36 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\usbaapl64.sys -- (USBAAPL64)
DRV:[b]64bit:[/b] - [2012/10/23 22:57:13 | 000,231,376 | ---- | M] (TrueCrypt Foundation) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\truecrypt.sys -- (truecrypt)
DRV:[b]64bit:[/b] - [2012/10/08 17:04:18 | 000,036,928 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\htcnprot.sys -- (htcnprot)
DRV:[b]64bit:[/b] - [2012/08/21 12:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\gearaspiwdm.sys -- (GEARAspiWDM)
DRV:[b]64bit:[/b] - [2011/12/12 16:37:00 | 001,229,568 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\bcmwlhigh664.sys -- (BCMH43XX)
DRV:[b]64bit:[/b] - [2011/11/28 21:28:28 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:[b]64bit:[/b] - [2010/02/10 12:46:22 | 000,035,840 | R--- | M] (Avanquest Software) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BVRPMPR5a64.SYS -- (BVRPMPR5a64)
DRV:[b]64bit:[/b] - [2009/11/16 03:13:26 | 000,271,360 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys -- (RTL8169)
DRV:[b]64bit:[/b] - [2009/09/30 19:51:42 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)
DRV:[b]64bit:[/b] - [2009/07/15 16:37:36 | 000,107,536 | ---- | M] (Trend Micro Inc.) [Kernel | System | Stopped] -- C:\Windows\SysNative\DRIVERS\tmtdi.sys -- (tmtdi)
DRV:[b]64bit:[/b] - [2009/06/10 02:46:00 | 000,031,744 | ---- | M] (HTC, Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\ANDROIDUSB.sys -- (HTCAND64)
DRV:[b]64bit:[/b] - [2009/01/19 05:19:26 | 000,022,520 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BCM42RLY.sys -- (BCM42RLY)
DRV:[b]64bit:[/b] - [2009/01/19 05:18:36 | 001,526,776 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\bcmwl664.sys -- (BCM43XX)
DRV:[b]64bit:[/b] - [2009/01/13 06:41:32 | 000,406,040 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\iastor.sys -- (iaStor)
DRV:[b]64bit:[/b] - [2009/01/13 02:54:08 | 007,876,736 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\igdkmd64.sys -- (igfx)
DRV:[b]64bit:[/b] - [2008/06/27 06:51:10 | 000,088,632 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\adfs.sys -- (adfs)
DRV:[b]64bit:[/b] - [2008/05/06 15:06:00 | 000,014,464 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wdcsam64.sys -- (WDC_SAM)
DRV:[b]64bit:[/b] - [2008/01/20 21:51:07 | 000,016,384 | ---- | M] (Microsoft Corporation) [Recognizer | System | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:[b]64bit:[/b] - [2008/01/20 21:46:55 | 000,317,952 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\e1e6032e.sys -- (e1express)
DRV:[b]64bit:[/b] - [2007/11/15 18:47:04 | 000,087,384 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\Windows\SysNative\LMIRfsClientNP.dll -- (LMIRfsClientNP)
DRV:[b]64bit:[/b] - [2007/08/03 15:09:32 | 000,069,408 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Stopped] -- C:\Windows\SysNative\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)
DRV:[b]64bit:[/b] - [2007/08/03 15:04:50 | 000,011,552 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\lmimirr.sys -- (lmimirr)
DRV:[b]64bit:[/b] - [2007/01/19 17:24:24 | 000,025,312 | R--- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\scmndisp.sys -- (SCMNdisP)
DRV:[b]64bit:[/b] - [2006/11/02 02:48:50 | 002,488,320 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\atikmdag.sys -- (R300)
DRV - [2013/08/14 14:28:44 | 000,344,864 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Stopped] -- C:\Program Files (x86)\Trend Micro\Client Server Security Agent\tmxpflt.sys -- (TmFilter)
DRV - [2013/08/14 14:28:08 | 000,042,272 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Stopped] -- C:\Program Files (x86)\Trend Micro\Client Server Security Agent\tmpreflt.sys -- (TmPreFilter)
DRV - [2013/08/14 14:17:34 | 002,260,768 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Stopped] -- C:\Program Files (x86)\Trend Micro\Client Server Security Agent\VsapiNT.sys -- (VSApiNt)
DRV - [2009/07/28 19:55:42 | 000,011,576 | ---- | M] (Samsung Electronics) [Kernel | Auto | Stopped] -- C:\Windows\SysWOW64\drivers\SSPORT.SYS -- (SSPORT)
DRV - [2008/08/14 06:57:42 | 000,074,720 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Stopped] -- C:\Windows\SysWow64\drivers\adfs.sys -- (adfs)
DRV - [2007/02/06 14:05:14 | 000,016,512 | ---- | M] (Adaptec) [Kernel | System | Stopped] -- C:\Windows\SysWow64\drivers\aspi32.sys -- (ASPI32)
DRV - [2007/02/06 14:05:14 | 000,016,512 | ---- | M] (Adaptec) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\aspi32.sys -- (ASPI)
DRV - [2006/11/14 21:26:48 | 000,015,664 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
 
 
[color=#E56717]========== Standard Registry (SafeList) ==========[/color]
 
 
[color=#E56717]========== Internet Explorer ==========[/color]
 
IE:[b]64bit:[/b] - HKLM\..\SearchScopes,DefaultScope =
IE:[b]64bit:[/b] - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =
 
IE - HKU\S-1-5-21-1315876244-2709806311-3956440418-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/
IE - HKU\S-1-5-21-1315876244-2709806311-3956440418-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-1315876244-2709806311-3956440418-1000\..\SearchScopes,DefaultScope = {6B96028B-FF75-4B7B-B9D8-08960900E0A6}
IE - HKU\S-1-5-21-1315876244-2709806311-3956440418-1000\..\SearchScopes\{180780f0-b348-4b44-8210-94a8f3ee15b2}: "URL" = http://search.comcast.net/search/?cat=Web&con=toolbar&q={searchTerms}
IE - HKU\S-1-5-21-1315876244-2709806311-3956440418-1000\..\SearchScopes\{6B96028B-FF75-4B7B-B9D8-08960900E0A6}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3300196&CUI=UN10264570271957221&UM=2
IE - HKU\S-1-5-21-1315876244-2709806311-3956440418-1000\..\SearchScopes\{B1BDA88C-572F-447A-8CE1-7CA81F229114}: "URL" = http://www.gisly.com/search/?q={searchTerms}&ie=utf-8&oe=utf-8&aq=t&rls=XThhMHcJ
IE - HKU\S-1-5-21-1315876244-2709806311-3956440418-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1315876244-2709806311-3956440418-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
[color=#E56717]========== FireFox ==========[/color]
 
FF - prefs.js..extensions.enabledItems: {b0e1b4a6-2c6f-4e99-94f2-8e625d7ae255}:3.5.0
FF - prefs.js..extensions.enabledItems: firebug@tools.sitepoint.com:1.6
FF - prefs.js..extensions.enabledItems: {6AC85730-7D0F-4de0-B3FA-21142DD85326}:2.8
FF - prefs.js..extensions.enabledItems: {152455DE-7B40-4bcf-B5B4-C68A1BE85A91}:2.7
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.9.21
FF - prefs.js..extensions.enabledItems: dummylipsum@sogame.cat:3.0.0
FF - prefs.js..extensions.enabledItems: firebug@software.joehewitt.com:1.7.3
FF - prefs.js..extensions.enabledItems: {a7c6cf7f-112c-4500-a7ea-39801a327e5f}:1.0.10
FF - prefs.js..extensions.enabledItems: {0538E3E3-7E9B-4d49-8831-A227C80A7AD3}:2.2.2
FF - prefs.js..extensions.enabledItems: {D9CFDC5F-081E-420c-A108-A628AC2E556B}:2.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..extensions.enabledItems: kgen@elitwork.com:0.8.1
FF - prefs.js..extensions.enabledItems: {75CEEE46-9B64-46f8-94BF-54012DE155F0}:0.4.12
FF - prefs.js..extensions.enabledItems: {6334b320-bd37-11da-a94d-0800200c9a66}:0.4.1
FF - prefs.js..extensions.enabledItems: pixelperfectplugin@openhouseconcepts.com:1.8.0
FF - prefs.js..extensions.enabledItems: {f152489f-b189-4550-81fd-7d996d242be7}:5.0.2
FF - prefs.js..extensions.enabledItems: screencaptureelite@plugin:2.0.0.23
FF - prefs.js..extensions.enabledItems: {3e9bb2a7-62ca-4efa-a4e6-f6f6168a652d}:0.8.19
FF - prefs.js..extensions.enabledItems: {c45c406e-ab73-11d8-be73-000a95be3b12}:1.2.5
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}:6.0.29
FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.2.145
FF - prefs.js..extensions.enabledItems: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}:6.9.0.12585
FF - user.js - File not found
 
FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll File not found
FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Player\npDivxPlayerPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8051.1204: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@citrixonline.com/appdetectorplugin: C:\Users\Thanh\AppData\Local\Citrix\Plugins\97\npappdetector.dll (Citrix Online)
FF - HKCU\Software\MozillaPlugins\@fuzebox.com/Fuze Meeting NPAPI Plugin,version=1.0.0.1: C:\Users\Thanh\AppData\Local\Fuze Box\Fuze Meeting\npfuzeshare.dll ( )
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Thanh\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O1DPlugin: C:\Users\Thanh\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Thanh\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Thanh\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Thanh\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Thanh\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{22C7F6C6-8D67-4534-92B5-529A0EC09405}: C:\Program Files (x86)\Trend Micro\Client Server Security Agent\bho\1007\FirefoxExtension [2013/06/24 02:13:24 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012/01/11 11:41:50 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.25\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/06/24 03:12:33 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.25\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/08/12 09:04:20 | 000,000,000 | ---D | M]
 
[2009/10/19 09:21:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Thanh\AppData\Roaming\mozilla\Extensions
[2013/09/24 00:15:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Thanh\AppData\Roaming\mozilla\Firefox\Profiles\fxflq1vf.default\extensions
[2009/11/18 08:00:21 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Thanh\AppData\Roaming\mozilla\Firefox\Profiles\fxflq1vf.default\extensions\{02450954-cdd9-410f-b1da-db804e18c671}
[2013/09/24 00:14:26 | 000,000,000 | ---D | M] (Forecastfox) -- C:\Users\Thanh\AppData\Roaming\mozilla\Firefox\Profiles\fxflq1vf.default\extensions\{0538E3E3-7E9B-4d49-8831-A227C80A7AD3}
[2013/09/24 00:14:31 | 000,000,000 | ---D | M] (Domain Details) -- C:\Users\Thanh\AppData\Roaming\mozilla\Firefox\Profiles\fxflq1vf.default\extensions\{152455DE-7B40-4bcf-B5B4-C68A1BE85A91}
[2010/04/30 08:13:06 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Thanh\AppData\Roaming\mozilla\Firefox\Profiles\fxflq1vf.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/12/15 10:10:14 | 000,000,000 | ---D | M] (ShowIP) -- C:\Users\Thanh\AppData\Roaming\mozilla\Firefox\Profiles\fxflq1vf.default\extensions\{3e9bb2a7-62ca-4efa-a4e6-f6f6168a652d}
[2009/11/18 08:12:00 | 000,000,000 | ---D | M] ("Palette Grabber") -- C:\Users\Thanh\AppData\Roaming\mozilla\Firefox\Profiles\fxflq1vf.default\extensions\{6334b320-bd37-11da-a94d-0800200c9a66}
[2013/09/24 00:14:33 | 000,000,000 | ---D | M] (ColorZilla) -- C:\Users\Thanh\AppData\Roaming\mozilla\Firefox\Profiles\fxflq1vf.default\extensions\{6AC85730-7D0F-4de0-B3FA-21142DD85326}
[2013/09/24 00:14:34 | 000,000,000 | ---D | M] (MeasureIt) -- C:\Users\Thanh\AppData\Roaming\mozilla\Firefox\Profiles\fxflq1vf.default\extensions\{75CEEE46-9B64-46f8-94BF-54012DE155F0}
[2009/11/18 08:12:00 | 000,000,000 | ---D | M] (IE Tab) -- C:\Users\Thanh\AppData\Roaming\mozilla\Firefox\Profiles\fxflq1vf.default\extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9}
[2013/09/24 00:14:56 | 000,000,000 | ---D | M] (FireFTP) -- C:\Users\Thanh\AppData\Roaming\mozilla\Firefox\Profiles\fxflq1vf.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}
[2013/09/24 00:14:20 | 000,000,000 | ---D | M] (Abduction!) -- C:\Users\Thanh\AppData\Roaming\mozilla\Firefox\Profiles\fxflq1vf.default\extensions\{b0e1b4a6-2c6f-4e99-94f2-8e625d7ae255}
[2013/09/24 00:14:26 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Thanh\AppData\Roaming\mozilla\Firefox\Profiles\fxflq1vf.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2009/11/18 08:12:02 | 000,000,000 | ---D | M] (Window Resizer) -- C:\Users\Thanh\AppData\Roaming\mozilla\Firefox\Profiles\fxflq1vf.default\extensions\{C1273352-9340-4d54-A6D7-17DC157EC0B9}
[2013/09/24 00:14:54 | 000,000,000 | ---D | M] (Web Developer) -- C:\Users\Thanh\AppData\Roaming\mozilla\Firefox\Profiles\fxflq1vf.default\extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}
[2010/04/30 08:13:06 | 000,000,000 | ---D | M] (GridFox) -- C:\Users\Thanh\AppData\Roaming\mozilla\Firefox\Profiles\fxflq1vf.default\extensions\{D9CFDC5F-081E-420c-A108-A628AC2E556B}
[2009/11/18 08:12:03 | 000,000,000 | ---D | M] ("Samucaya Dynamic Search Engine") -- C:\Users\Thanh\AppData\Roaming\mozilla\Firefox\Profiles\fxflq1vf.default\extensions\{f152489f-b189-4550-81fd-7d996d242be7}
[2009/12/22 17:09:09 | 000,000,000 | ---D | M] (Dummy Lipsum) -- C:\Users\Thanh\AppData\Roaming\mozilla\Firefox\Profiles\fxflq1vf.default\extensions\dummylipsum@sogame.cat
[2013/09/24 00:14:49 | 000,000,000 | ---D | M] (Firebug) -- C:\Users\Thanh\AppData\Roaming\mozilla\Firefox\Profiles\fxflq1vf.default\extensions\firebug@software.joehewitt.com
[2013/09/24 00:14:21 | 000,000,000 | ---D | M] (CodeBurner for Firebug) -- C:\Users\Thanh\AppData\Roaming\mozilla\Firefox\Profiles\fxflq1vf.default\extensions\firebug@tools.sitepoint.com
[2013/09/24 00:14:27 | 000,000,000 | ---D | M] ("KGen") -- C:\Users\Thanh\AppData\Roaming\mozilla\Firefox\Profiles\fxflq1vf.default\extensions\kgen@elitwork.com
[2013/09/24 00:14:32 | 000,000,000 | ---D | M] (Pixel Perfect) -- C:\Users\Thanh\AppData\Roaming\mozilla\Firefox\Profiles\fxflq1vf.default\extensions\pixelperfectplugin@openhouseconcepts.com
[2013/09/24 00:14:25 | 000,000,000 | ---D | M] (Screen Capture Elite) -- C:\Users\Thanh\AppData\Roaming\mozilla\Firefox\Profiles\fxflq1vf.default\extensions\screencaptureelite@plugin
[2011/03/04 17:43:55 | 000,002,197 | ---- | M] () -- C:\Users\Thanh\AppData\Roaming\mozilla\firefox\profiles\fxflq1vf.default\searchplugins\google-search.xml
[2012/03/07 15:24:25 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2013/06/12 09:16:53 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2010/10/18 08:45:18 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011/01/03 09:14:23 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011/03/04 14:07:58 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011/07/29 16:16:32 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2011/10/24 08:14:44 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
[2009/10/27 11:49:15 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{f1ac39e3-5cd4-4b04-902f-e1add0245a11}
[2013/06/12 09:16:53 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2013/06/12 09:16:56 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012/01/11 11:41:50 | 000,000,000 | ---D | M] (DivX Plus Web Player HTML5 &lt;video&gt;) -- C:\PROGRAM FILES (X86)\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\DIVXHTML5
[2010/01/13 17:46:00 | 000,063,488 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll
[2012/02/28 15:04:46 | 000,020,569 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\xfinity.xml
 
[color=#E56717]========== Chrome  ==========[/color]
 
CHR - default_search_provider: Conduit (Enabled)
CHR - default_search_provider: search_url = http://search.conduit.com/Results.aspx?q={searchTerms}&SearchSource=49&CUI=UN88772357139682570&ctid=CT3300196&UM=2
CHR - default_search_provider: suggest_url = http://suggest.search.conduit.com/CSuggestJson.ashx?prefix={searchTerms}&CUI=UN88772357139682570&UM=2,
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Thanh\AppData\Local\Google\Chrome\Application\31.0.1650.63\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Thanh\AppData\Local\Google\Chrome\Application\31.0.1650.63\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Thanh\AppData\Local\Google\Chrome\Application\31.0.1650.63\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: DivX Player Netscape Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npDivxPlayerPlugin.dll
CHR - plugin: QuickTime Plug-in 7.7.4 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.4 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.4 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.4 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.4 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: Winamp Application Detector (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll
CHR - plugin: ActiveTouch General Plugin Container (Enabled) = C:\Users\Thanh\AppData\Local\Google\Chrome\Application\plugins\npatgpc.dll
CHR - plugin: Google Talk Plugin (Enabled) = C:\Users\Thanh\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Users\Thanh\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
CHR - plugin: Google Talk Plugin Video Renderer (Enabled) = C:\Users\Thanh\AppData\Roaming\Mozilla\plugins\npo1d.dll
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: DivX Plus Web Player (Enabled) = C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll
CHR - plugin: Java(TM) Platform SE 7 U21 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Unity Player (Enabled) = C:\Users\Thanh\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
CHR - plugin: Citrix Online Web Deployment Plugin 1.0.0.97 (Enabled) = C:\Users\Thanh\AppData\Local\Citrix\Plugins\97\npappdetector.dll
CHR - plugin: FUZEShare (Enabled) = C:\Users\Thanh\AppData\Local\Fuze Box\Fuze Meeting\npfuzeshare.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: Skype Click to Call = C:\Users\Thanh\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.9.0.12585_0\
CHR - Extension: Google Wallet = C:\Users\Thanh\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_0\
CHR - Extension: DivX Plus Web Player HTML5 \u003Cvideo\u003E = C:\Users\Thanh\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\
 
O1 HOSTS File: ([2014/01/02 23:00:44 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1       localhost
O2:[b]64bit:[/b] - BHO: (TmIEPlugInBHO Class) - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files (x86)\Trend Micro\Client Server Security Agent\bho\1007\TmIEPlg.dll (Trend Micro Inc.)
O2 - BHO: (ContributeBHO Class) - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files (x86)\Adobe\/Adobe Contribute CS4/contributeieplugin.dll ()
O2 - BHO: (TmIEPlugInBHO Class) - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files (x86)\Trend Micro\Client Server Security Agent\bho\1007\TmIEPlg32.dll (Trend Micro Inc.)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\/Adobe Contribute CS4/contributeieplugin.dll ()
O3 - HKU\S-1-5-21-1315876244-2709806311-3956440418-1000\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4:[b]64bit:[/b] - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:[b]64bit:[/b] - HKLM..\Run: [Broadcom Wireless Manager UI] C:\Windows\SysNative\WLTRAY.exe (Dell Inc.)
O4:[b]64bit:[/b] - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:[b]64bit:[/b] - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:[b]64bit:[/b] - HKLM..\Run: [LogMeIn GUI] "C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe" File not found
O4:[b]64bit:[/b] - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:[b]64bit:[/b] - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:[b]64bit:[/b] - HKLM..\Run: [Skytel] C:\Program Files\Realtek\Audio\HDA\Skytel.exe File not found
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe_ID0ENQBO] C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4Tray.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin File not found
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [IJNetworkScannerSelectorEX] C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe (CANON INC.)
O4 - HKLM..\Run: [OE] C:\Program Files (x86)\Trend Micro\Client Server Security Agent\TMAS_OE\TMAS_OEMon.exe (Trend Micro Inc.)
O4 - HKLM..\Run: [OfficeScanNT Monitor] C:\Program Files (x86)\Trend Micro\Client Server Security Agent\pccntmon.exe (Trend Micro Inc.)
O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [Samsung PanelMgr] C:\Windows\Samsung\PanelMgr\ssmmgr.exe ()
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [VMM Mode Selection] C:\Program Files\HTC\ModeSelection\VMMModeSelection.exe ()
O4 - HKLM..\Run: [WinampAgent] C:\Program Files (x86)\Winamp\winampa.exe (Nullsoft, Inc.)
O4 - HKU\S-1-5-21-1315876244-2709806311-3956440418-1000..\Run: [SoniqueQuickStart] C:\Program Files\Sonique\sqstart.exe ()
O4 - HKU\S-1-5-21-1315876244-2709806311-3956440418-1000..\Run: [Viber] C:\Users\Thanh\AppData\Local\Viber\Viber.exe ()
O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk =  File not found
O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk =  File not found
O4 - Startup: C:\Users\Thanh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Thanh\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1315876244-2709806311-3956440418-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1315876244-2709806311-3956440418-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:[b]64bit:[/b] - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:[b]64bit:[/b] - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:[b]64bit:[/b] - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:[b]64bit:[/b] - Extra context menu item: Convert link target to existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:[b]64bit:[/b] - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O9:[b]64bit:[/b] - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - Reg Error: Key error. File not found
O9 - Extra Button: Flash Decompiler SWF Capture tool - {86B4FC19-8FA4-4FD3-B243-9AEDB42FA2D5} - C:\Program Files (x86)\Eltima Software\Flash Decompiler Trillix\saveflash\iebt.dll (Eltima)
O9 - Extra 'Tools' menuitem : Flash Decompiler SWF Capture tool menu - {86B4FC19-8FA4-4FD3-B243-9AEDB42FA2D5} - C:\Program Files (x86)\Eltima Software\Flash Decompiler Trillix\saveflash\iebt.dll (Eltima)
O10:[b]64bit:[/b] - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-1315876244-2709806311-3956440418-1000\..Trusted Domains: samsungsetup.com ([www] http in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 10.21.2)
O16 - DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} http://support.dell.com/systemprofiler/DellSystemLite.CAB (DellSystemLite.Scanner)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 10.21.2)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://akamaicdn.webex.com/client/WBXclient-T27L10NSP31-13320/webex/ieatgpc1.cab (GpcContainer Class)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.10.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6709B711-CB8C-496F-A3DE-09EAC548A166}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A55662D9-8674-4D0B-83BD-31A8F9D221BA}: DhcpNameServer = 192.168.10.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E2D9855A-A095-4729-8132-488013609BF8}: DhcpNameServer = 192.168.1.1
O18:[b]64bit:[/b] - Protocol\Handler\livecall - No CLSID value found
O18:[b]64bit:[/b] - Protocol\Handler\ms-help - No CLSID value found
O18:[b]64bit:[/b] - Protocol\Handler\ms-itss - No CLSID value found
O18:[b]64bit:[/b] - Protocol\Handler\msnim - No CLSID value found
O18:[b]64bit:[/b] - Protocol\Handler\skype4com - No CLSID value found
O18:[b]64bit:[/b] - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O18:[b]64bit:[/b] - Protocol\Handler\tmpx {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files (x86)\Trend Micro\Client Server Security Agent\bho\1007\TmIEPlg.dll (Trend Micro Inc.)
O18:[b]64bit:[/b] - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\tmpx {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files (x86)\Trend Micro\Client Server Security Agent\bho\1007\TmIEPlg32.dll (Trend Micro Inc.)
O20:[b]64bit:[/b] - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:[b]64bit:[/b] - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:[b]64bit:[/b] - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Users\Thanh\Desktop\Cream_1400x1050.jpg
O24 - Desktop BackupWallPaper: C:\Users\Thanh\Desktop\Cream_1400x1050.jpg
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:[b]64bit:[/b] - HKLM\..comfile [open] -- "%1" %*
O35:[b]64bit:[/b] - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:[b]64bit:[/b] - HKLM\...com [@ = ComFile] -- "%1" %*
O37:[b]64bit:[/b] - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]
 
[2014/01/03 11:04:58 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\OTL.exe
[2014/01/02 23:07:00 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2014/01/02 23:07:00 | 000,000,000 | ---D | C] -- C:\Users\Thanh\AppData\Local\temp
[2014/01/02 23:00:54 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2014/01/02 22:30:27 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2014/01/02 22:30:27 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2014/01/02 22:30:27 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2014/01/02 22:28:18 | 000,000,000 | ---D | C] -- C:\Qoobox
[2014/01/02 22:27:49 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2014/01/02 22:27:35 | 005,160,282 | R--- | C] (Swearware) -- C:\ComboFix.exe
[2013/12/30 13:42:58 | 000,000,000 | ---D | C] -- C:\found.000
[2013/12/12 16:21:17 | 000,000,000 | ---D | C] -- C:\Users\Thanh\Desktop\OnProcess
[1 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ]
 
[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]
 
[2014/01/03 11:05:02 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\OTL.exe
[2014/01/02 23:12:06 | 000,009,268 | ---- | M] () -- C:\Users\Thanh\AppData\Local\d3d9caps.dat
[2014/01/02 23:00:44 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2014/01/02 22:56:06 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/01/02 22:51:12 | 000,000,031 | ---- | M] () -- C:\tmuninst.ini
[2014/01/02 22:50:26 | 000,003,616 | ---- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2014/01/02 22:50:26 | 000,003,616 | ---- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2014/01/02 22:27:39 | 005,160,282 | R--- | M] (Swearware) -- C:\ComboFix.exe
[2014/01/02 22:18:57 | 000,722,404 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014/01/02 22:18:57 | 000,618,162 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014/01/02 22:18:57 | 000,108,290 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014/01/02 22:15:38 | 237,374,940 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2014/01/02 21:37:48 | 000,002,188 | ---- | M] () -- C:\Users\Thanh\AppData\Local\d3d9caps64.dat
[2014/01/01 23:07:49 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/01/01 22:52:04 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/01/01 21:01:35 | 000,000,950 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/12/30 16:44:15 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/12/30 16:43:00 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1315876244-2709806311-3956440418-1000UA.job
[2013/12/30 13:20:23 | 002,653,000 | ---- | M] () -- C:\Users\Thanh\Desktop\Tony_Card_Higher Res.psd
[2013/12/30 12:33:59 | 000,395,729 | ---- | M] () -- C:\Users\Thanh\Desktop\Tony_Card_Higher Res.PNG
[2013/12/29 21:43:00 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1315876244-2709806311-3956440418-1000Core.job
[2013/12/29 13:15:07 | 000,000,452 | ---- | M] () -- C:\Windows\tasks\Norton Security Scan for Thanh.job
[2013/12/18 02:10:03 | 000,229,759 | ---- | M] () -- C:\Users\Thanh\Desktop\znz.eps
[2013/12/18 01:53:41 | 001,006,200 | ---- | M] () -- C:\Users\Thanh\Desktop\Starburst.ai
[2013/12/11 16:46:39 | 001,646,459 | ---- | M] () -- C:\Users\Thanh\Desktop\Man Mai W9-1.pdf
[2013/12/07 18:18:09 | 002,052,137 | ---- | M] () -- C:\Users\Thanh\Desktop\FINAL ART(1).jpg
[2013/12/05 14:47:38 | 000,002,046 | ---- | M] () -- C:\Users\Thanh\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[1 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ]
 
[color=#E56717]========== Files Created - No Company Name ==========[/color]
 
[2014/01/02 22:30:27 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2014/01/02 22:30:27 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2014/01/02 22:30:27 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2014/01/02 22:30:27 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2014/01/02 22:30:27 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2014/01/02 22:15:38 | 237,374,940 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2014/01/01 21:01:35 | 000,000,950 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/12/30 13:17:11 | 002,653,000 | ---- | C] () -- C:\Users\Thanh\Desktop\Tony_Card_Higher Res.psd
[2013/12/30 12:33:59 | 000,395,729 | ---- | C] () -- C:\Users\Thanh\Desktop\Tony_Card_Higher Res.PNG
[2013/12/07 18:18:09 | 002,052,137 | ---- | C] () -- C:\Users\Thanh\Desktop\FINAL ART(1).jpg
[2013/05/13 18:15:52 | 000,000,032 | RHS- | C] () -- C:\Users\Thanh\AppData\Local\t65s2tb.dat
[2012/10/19 12:38:03 | 003,596,288 | ---- | C] () -- C:\Windows\SysWow64\qt-dx331.dll
[2012/09/28 10:02:48 | 000,482,408 | ---- | C] () -- C:\Windows\ssndii.exe
[2012/04/15 22:05:13 | 000,413,696 | ---- | C] ( ) -- C:\Windows\SysWow64\dlbcinpa.dll
[2012/04/15 22:05:13 | 000,323,584 | ---- | C] ( ) -- C:\Windows\SysWow64\DLBChcp.dll
[2012/04/15 22:05:13 | 000,274,432 | ---- | C] () -- C:\Windows\SysWow64\DLBCinst.dll
[2012/04/15 22:05:11 | 000,483,328 | ---- | C] ( ) -- C:\Windows\SysWow64\dlbcjswr.dll
[2012/04/15 22:05:11 | 000,397,312 | ---- | C] ( ) -- C:\Windows\SysWow64\dlbciesc.dll
[2012/04/15 22:05:11 | 000,090,112 | ---- | C] () -- C:\Windows\SysWow64\dlbccur.dll
[2012/04/15 22:05:10 | 001,224,704 | ---- | C] ( ) -- C:\Windows\SysWow64\dlbcserv.dll
[2012/04/15 22:05:10 | 000,991,232 | ---- | C] ( ) -- C:\Windows\SysWow64\dlbcusb1.dll
[2012/04/15 22:05:10 | 000,643,072 | ---- | C] ( ) -- C:\Windows\SysWow64\dlbcpmui.dll
[2012/04/15 22:05:10 | 000,585,728 | ---- | C] ( ) -- C:\Windows\SysWow64\dlbclmpm.dll
[2012/04/15 22:05:10 | 000,413,696 | ---- | C] () -- C:\Windows\SysWow64\dlbcutil.dll
[2012/04/15 22:05:10 | 000,181,744 | ---- | C] ( ) -- C:\Windows\SysWow64\dlbcppls.exe
[2012/04/15 22:05:10 | 000,163,840 | ---- | C] ( ) -- C:\Windows\SysWow64\dlbcprox.dll
[2012/04/15 22:05:10 | 000,155,648 | ---- | C] () -- C:\Windows\SysWow64\dlbcinsb.dll
[2012/04/15 22:05:10 | 000,094,208 | ---- | C] ( ) -- C:\Windows\SysWow64\dlbcpplc.dll
[2012/04/15 22:05:10 | 000,073,728 | ---- | C] ( ) -- C:\Windows\SysWow64\dlbccu.dll
[2012/04/15 22:05:09 | 000,696,320 | ---- | C] ( ) -- C:\Windows\SysWow64\dlbchbn3.dll
[2012/04/15 22:05:09 | 000,684,032 | ---- | C] ( ) -- C:\Windows\SysWow64\dlbccomc.dll
[2012/04/15 22:05:09 | 000,538,096 | ---- | C] ( ) -- C:\Windows\SysWow64\dlbccoms.exe
[2012/04/15 22:05:09 | 000,421,888 | ---- | C] ( ) -- C:\Windows\SysWow64\dlbccomm.dll
[2012/04/15 22:05:09 | 000,386,544 | ---- | C] ( ) -- C:\Windows\SysWow64\dlbcih.exe
[2012/04/15 22:05:09 | 000,382,448 | ---- | C] ( ) -- C:\Windows\SysWow64\dlbccfg.exe
[2012/02/17 14:17:29 | 000,060,304 | ---- | C] () -- C:\Users\Thanh\g2mdlhlpx.exe
[2011/12/08 17:41:17 | 000,000,600 | ---- | C] () -- C:\Users\Thanh\AppData\Local\PUTTY.RND
[2011/08/08 10:39:18 | 000,001,456 | ---- | C] () -- C:\Users\Thanh\AppData\Local\Adobe Save for Web 12.0 Prefs
[2010/07/09 19:57:28 | 000,000,077 | ---- | C] () -- C:\Users\Thanh\Show desktop.scf
[2010/05/24 13:11:36 | 000,000,000 | ---- | C] () -- C:\Users\Thanh\AppData\Local\prvlcl.dat
[2010/03/12 09:03:30 | 000,000,102 | ---- | C] () -- C:\Users\Thanh\AppData\Roaming\wklnhst.dat
[2010/03/11 18:15:57 | 000,038,440 | ---- | C] () -- C:\Users\Thanh\AppData\Roaming\Comma Separated Values (DOS).ADR
[2010/02/01 16:13:20 | 000,009,268 | ---- | C] () -- C:\Users\Thanh\AppData\Local\d3d9caps.dat
[2010/02/01 16:12:52 | 000,002,188 | ---- | C] () -- C:\Users\Thanh\AppData\Local\d3d9caps64.dat
[2009/11/20 10:41:53 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2009/10/26 12:49:23 | 000,135,168 | ---- | C] () -- C:\Users\Thanh\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
 
[color=#E56717]========== ZeroAccess Check ==========[/color]
 
[2006/11/02 10:30:40 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2011/01/21 11:50:13 | 012,899,840 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2011/01/21 11:35:22 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/04/11 02:11:14 | 000,891,392 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\SysWow64\wbem\fastprox.dll -- [2009/04/11 01:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2008/01/20 21:50:58 | 000,513,024 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\SysWow64\wbem\wbemess.dll
 
[color=#E56717]========== LOP Check ==========[/color]
 
[2009/10/27 14:21:15 | 000,000,000 | ---D | M] -- C:\Users\Thanh\AppData\Roaming\acccore
[2013/05/08 12:46:45 | 000,000,000 | ---D | M] -- C:\Users\Thanh\AppData\Roaming\Aunsoft
[2013/08/09 05:01:04 | 000,000,000 | ---D | M] -- C:\Users\Thanh\AppData\Roaming\AviDvdBurner
[2013/08/09 07:41:29 | 000,000,000 | ---D | M] -- C:\Users\Thanh\AppData\Roaming\AvitoDvd
[2013/05/13 18:15:43 | 000,000,000 | ---D | M] -- C:\Users\Thanh\AppData\Roaming\Axure
[2013/09/13 18:04:15 | 000,000,000 | ---D | M] -- C:\Users\Thanh\AppData\Roaming\BitTorrent
[2012/12/01 04:30:50 | 000,000,000 | ---D | M] -- C:\Users\Thanh\AppData\Roaming\Broad Intelligence
[2011/05/11 16:37:13 | 000,000,000 | ---D | M] -- C:\Users\Thanh\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2012/02/08 18:58:46 | 000,000,000 | ---D | M] -- C:\Users\Thanh\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
[2014/01/01 19:38:36 | 000,000,000 | ---D | M] -- C:\Users\Thanh\AppData\Roaming\Dropbox
[2013/03/25 16:32:17 | 000,000,000 | ---D | M] -- C:\Users\Thanh\AppData\Roaming\FileZilla
[2011/03/24 12:31:36 | 000,000,000 | ---D | M] -- C:\Users\Thanh\AppData\Roaming\GetRightToGo
[2013/05/08 14:00:40 | 000,000,000 | ---D | M] -- C:\Users\Thanh\AppData\Roaming\GoforFiles
[2012/11/25 18:20:20 | 000,000,000 | ---D | M] -- C:\Users\Thanh\AppData\Roaming\Helios
[2013/02/06 23:16:48 | 000,000,000 | ---D | M] -- C:\Users\Thanh\AppData\Roaming\HTC
[2013/02/06 23:16:41 | 000,000,000 | ---D | M] -- C:\Users\Thanh\AppData\Roaming\HTC Sync
[2009/10/21 11:00:14 | 000,000,000 | ---D | M] -- C:\Users\Thanh\AppData\Roaming\ImgBurn
[2010/05/19 20:13:45 | 000,000,000 | ---D | M] -- C:\Users\Thanh\AppData\Roaming\iSpring Solutions
[2011/03/24 12:32:05 | 000,000,000 | ---D | M] -- C:\Users\Thanh\AppData\Roaming\Moyea
[2009/10/21 13:19:01 | 000,000,000 | ---D | M] -- C:\Users\Thanh\AppData\Roaming\OPHE
[2009/10/23 10:02:26 | 000,000,000 | ---D | M] -- C:\Users\Thanh\AppData\Roaming\Quark
[2009/10/21 12:55:10 | 000,000,000 | ---D | M] -- C:\Users\Thanh\AppData\Roaming\SorensonMedia
[2011/01/25 13:45:40 | 000,000,000 | ---D | M] -- C:\Users\Thanh\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2012/11/27 19:59:00 | 000,000,000 | ---D | M] -- C:\Users\Thanh\AppData\Roaming\TeamViewer
[2010/03/12 09:03:34 | 000,000,000 | ---D | M] -- C:\Users\Thanh\AppData\Roaming\Template
[2012/10/23 22:58:29 | 000,000,000 | ---D | M] -- C:\Users\Thanh\AppData\Roaming\TrueCrypt
[2014/01/01 19:38:27 | 000,000,000 | ---D | M] -- C:\Users\Thanh\AppData\Roaming\ViberPC
[2013/10/01 15:31:14 | 000,000,000 | ---D | M] -- C:\Users\Thanh\AppData\Roaming\webex
[2013/08/09 04:40:19 | 000,000,000 | ---D | M] -- C:\Users\Thanh\AppData\Roaming\Xilisoft
[2011/07/29 13:36:13 | 000,000,000 | ---D | M] -- C:\Users\Thanh\AppData\Roaming\YouSendIt
 
[color=#E56717]========== Purity Check ==========[/color]
 
 
 
[color=#E56717]========== Alternate Data Streams ==========[/color]
 
@Alternate Data Stream - 60 bytes -> C:\Users\Thanh\Desktop\PixelationEffectAS3.zip:AFP_AFPINFO
@Alternate Data Stream - 288 bytes -> C:\ProgramData:iSpring Pro 5
@Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:98781370
< End of report >
 
Extras.txt
OTL Extras logfile created on: 1/3/2014 11:05:49 AM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19170)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
8.00 Gb Total Physical Memory | 6.67 Gb Available Physical Memory | 83.36% Memory free
16.17 Gb Paging File | 15.12 Gb Available in Paging File | 93.49% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 683.95 Gb Total Space | 395.97 Gb Free Space | 57.89% Space Free | Partition Type: NTFS
Drive D: | 14.65 Gb Total Space | 7.41 Gb Free Space | 50.61% Space Free | Partition Type: NTFS
 
Computer Name: THANH-PC | User Name: Thanh | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
[color=#E56717]========== Extra Registry (SafeList) ==========[/color]
 
 
[color=#E56717]========== File Associations ==========[/color]
 
[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
 
[color=#E56717]========== Shell Spawning ==========[/color]
 
[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Add to playlist] -- "C:\Program Files\Sonique\Sonique.exe" -appendonly "%1" (Terra Lycos)
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5.1\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Add to playlist] -- "C:\Program Files\Sonique\Sonique.exe" -appendonly "%1" (Terra Lycos)
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5.1\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[color=#E56717]========== Security Center Settings ==========[/color]
 
[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = 9F 9E 16 8C DC 5B C8 01  [binary data]
"VistaSp2" = 44 72 CE 15 98 7D CA 01  [binary data]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"UpdatesDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify]
 
[color=#E56717]========== System Restore Settings ==========[/color]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
[color=#E56717]========== Firewall Settings ==========[/color]
 
[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[color=#E56717]========== Authorized Applications List ==========[/color]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
[color=#E56717]========== Vista Active Open Ports Exception List ==========[/color]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{23395B87-FA3C-4A9B-BB9A-9F1AB9EE4031}" = lport=5353 | protocol=6 | dir=in | name=adobe csi cs4 |
"{36E8B97B-0176-4094-AE84-D94CB1619CB8}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe |
"{47F171A2-C182-43B5-8EE3-67642CC2F399}" = lport=51001 | protocol=6 | dir=in | name=adobe version cue cs4 server |
"{5836A3AE-2F98-4E6E-BF77-D223F91F9407}" = lport=24927 | protocol=6 | dir=in | name=trend micro client/server security agent listener |
"{8D7523E4-5460-423A-A0E1-B29D204B2D36}" = lport=2869 | protocol=6 | dir=in | app=system |
"{A7905B3F-2A5B-487C-8ACC-EB3D56400896}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{C36F3C69-E6C5-4010-8209-42D3D8A7E4E2}" = lport=51000 | protocol=6 | dir=in | name=adobe version cue cs4 server |
"{D2901A03-0949-4237-94B7-E42AB3F1A306}" = lport=24927 | protocol=6 | dir=in | name=trend micro client/server security agent listener |
 
[color=#E56717]========== Vista Active Application Exception List ==========[/color]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0561E15E-1F0C-4601-B113-07F9ED3E2280}" = dir=in | app=c:\users\thanh\appdata\local\viber\viber.exe |
"{0E2217C1-A10F-43BF-BEAA-1D2B5F57463C}" = dir=in | app=c:\program files\cyberlink\powerdvd dx\powerdvd.exe |
"{21116A93-70C3-4FAD-92AD-7508740C7D88}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{2796170C-816C-4523-9C14-64091352B0F8}" = protocol=6 | dir=in | app=c:\users\thanh\appdata\local\google\google talk plugin\googletalkplugin.exe |
"{28818154-CAED-4A03-AFA7-7012365F1F2F}" = dir=in | app=c:\program files\cyberlink\powerdvd dx\pdvddxsrv.exe |
"{2FEEEE2E-72E5-4A6E-8756-48D7E4EE854D}" = protocol=6 | dir=in | app=c:\users\thanh\appdata\local\temp\~os49fb.tmp\rlvknlg.exe |
"{375BF8A1-E7CC-4EF6-8931-613B05BD75A9}" = dir=in | app=c:\program files (x86)\htc\htc sync manager\htcsyncmanager.exe |
"{3E2545E2-219A-4B2C-A41E-C0CAA58B302B}" = protocol=17 | dir=in | app=c:\users\thanh\appdata\roaming\dropbox\bin\dropbox.exe |
"{43B2163E-8F75-48F5-964E-B1DEE29033D9}" = protocol=17 | dir=in | app=c:\program files (x86)\goforfiles\goforfilesdl.exe |
"{4C84A6B5-E8A7-4CE0-BFCC-D2EC7A95620B}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\adobe\cs4servicemanager\cs4servicemanager.exe |
"{5943A2FF-0524-4149-8F76-B2BD72880A6D}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{5C75BAAB-6B9F-4572-A08B-3E0623A53C04}" = protocol=17 | dir=in | app=c:\windows\syswow64\zonelabs\vsmon.exe |
"{5E2EC9F3-2DBD-498E-AA4F-08651B152181}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\adobe\adobe version cue cs4\server\bin\versioncuecs4.exe |
"{6A96A356-3AA7-4118-8D9B-57D2DBAF54B7}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{6AE3BC7F-2D61-4062-B534-76337ED04AFB}" = protocol=17 | dir=in | app=c:\program files (x86)\goforfiles\goforfiles.exe |
"{6E2C9A82-C31D-4074-B897-3A639D6E6201}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{74FDECEC-340D-4640-929E-BC8A56499406}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{7A1ABCB7-34A6-4A98-80A2-816FFC00ED34}" = dir=in | app=c:\program files (x86)\windows live\messenger\wlcsdk.exe |
"{7B606F76-FFCB-48B0-A5B4-DBC9160992FE}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{7D872822-792D-4979-926D-AE8C3C0737E4}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer.exe |
"{9BB48259-DAFE-4F26-B293-9F2720453CF1}" = protocol=6 | dir=in | app=c:\program files (x86)\goforfiles\goforfiles.exe |
"{9D1D1136-AD2A-4EEE-8489-120BE328CF3D}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{AA6AE49B-3A2D-401D-9A69-08907F6AF607}" = protocol=6 | dir=in | app=c:\users\thanh\appdata\roaming\dropbox\bin\dropbox.exe |
"{AFFA8A5E-9B85-42F2-9C42-7BEB0DF9E052}" = protocol=17 | dir=in | app=c:\users\thanh\appdata\local\google\google talk plugin\googletalkplugin.exe |
"{C1D31005-6C65-4FAE-983F-BC1E6939367B}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer_service.exe |
"{C48EEE3E-E8EE-4D70-AD3B-585FD305152F}" = protocol=6 | dir=in | app=c:\windows\syswow64\dlbccoms.exe |
"{C8D752A3-71A2-48F8-93EF-492861961671}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer_service.exe |
"{CA29D229-12EE-4185-806D-B7A51BFF1653}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\adobe\adobe version cue cs4\server\bin\versioncuecs4.exe |
"{CADB03E0-5DB5-4099-82E0-5489222DA923}" = protocol=6 | dir=in | app=c:\windows\syswow64\zonelabs\vsmon.exe |
"{D2CBC347-DC0E-418B-ACBE-4A63106BC4C9}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{D8B18AE8-A360-4E3D-A405-488F2F401CCE}" = protocol=17 | dir=in | app=c:\program files (x86)\aim\aim.exe |
"{DA3CBF10-08BB-4720-9DF5-A34850FD60DF}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |
"{DBBA5A53-619B-4642-9760-35EC591CD518}" = protocol=17 | dir=in | app=c:\windows\syswow64\dlbccoms.exe |
"{E25F0C8C-2BCE-4FE7-BEDA-EF131BE9343A}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{E2BB6CEE-3498-425F-AF98-E3275C4DE268}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{E866B528-D3BB-4A0A-8DB3-B61F1F278870}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\adobe\cs4servicemanager\cs4servicemanager.exe |
"{EE19AE58-2A47-4FDA-BFA6-84177C93FF40}" = protocol=6 | dir=in | app=c:\program files (x86)\goforfiles\goforfilesdl.exe |
"{F9A9C571-22DC-4FAC-BF3D-C516FE0B03E4}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer.exe |
"{FA5DC251-7ADF-4282-90FB-4D08A5E24AC6}" = protocol=6 | dir=in | app=c:\program files (x86)\aim\aim.exe |
"TCP Query User{083110BF-3C7F-4864-BA2F-0F9625C9E238}C:\users\thanh\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\thanh\appdata\roaming\dropbox\bin\dropbox.exe |
"TCP Query User{0AC869D1-8AEE-4752-B4AA-537C33AFFC71}C:\program files (x86)\bittorrent\bittorrent.exe" = protocol=6 | dir=in | app=c:\program files (x86)\bittorrent\bittorrent.exe |
"TCP Query User{233B1A9D-C95A-468C-AFA3-10253B2283F9}C:\program files (x86)\adobe\adobe dreamweaver cs5\dreamweaver.exe" = protocol=6 | dir=in | app=c:\program files (x86)\adobe\adobe dreamweaver cs5\dreamweaver.exe |
"TCP Query User{3AC41784-C3FB-4B86-86F7-14AA6137CB4A}C:\program files (x86)\adobe\adobe dreamweaver cs4\dreamweaver.exe" = protocol=6 | dir=in | app=c:\program files (x86)\adobe\adobe dreamweaver cs4\dreamweaver.exe |
"TCP Query User{6567FF96-E467-48AB-A613-C1E515690DB4}C:\users\thanh\desktop\bittorrent.exe" = protocol=6 | dir=in | app=c:\users\thanh\desktop\bittorrent.exe |
"TCP Query User{78A080DD-D6CC-4534-93E5-321066CE3A1D}E:\e-studio\setup.exe" = protocol=6 | dir=in | app=e:\e-studio\setup.exe |
"TCP Query User{7E7A9EA6-3847-46CA-9148-61E0E83FFD8D}C:\program files (x86)\muse\muse.exe" = protocol=6 | dir=in | app=c:\program files (x86)\muse\muse.exe |
"TCP Query User{9B874F18-DA7C-4DF3-A4F6-D9420203FA9A}C:\users\thanh\appdata\local\fuze box\fuze meeting\fuze_meeting.exe" = protocol=6 | dir=in | app=c:\users\thanh\appdata\local\fuze box\fuze meeting\fuze_meeting.exe |
"TCP Query User{B60691D7-062C-43C5-81E3-4E8B8A86ED68}C:\program files (x86)\sorenson media\sorenson squeeze\squeeze.exe" = protocol=6 | dir=in | app=c:\program files (x86)\sorenson media\sorenson squeeze\squeeze.exe |
"TCP Query User{DBFE14F7-38EE-4046-BA4A-D8A5AA5C6CB7}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"TCP Query User{E8C705BE-BF55-432A-A17E-4671EE7C5ED1}C:\program files (x86)\ws_ftp\ws_ftp95.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ws_ftp\ws_ftp95.exe |
"TCP Query User{F7B89759-F929-40E0-B752-D27A16254C47}C:\program files (x86)\ipswitch\ws_ftp pro\wsftpgui.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ipswitch\ws_ftp pro\wsftpgui.exe |
"UDP Query User{0671349D-AED4-4807-985A-A2F43E15C98A}C:\program files (x86)\ipswitch\ws_ftp pro\wsftpgui.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ipswitch\ws_ftp pro\wsftpgui.exe |
"UDP Query User{06BC22B9-B74B-4165-BE88-4ADB4C076BBA}C:\users\thanh\desktop\bittorrent.exe" = protocol=17 | dir=in | app=c:\users\thanh\desktop\bittorrent.exe |
"UDP Query User{3E4719BE-2F79-4CE9-AD25-DA73BB6E352D}C:\users\thanh\appdata\local\fuze box\fuze meeting\fuze_meeting.exe" = protocol=17 | dir=in | app=c:\users\thanh\appdata\local\fuze box\fuze meeting\fuze_meeting.exe |
"UDP Query User{6D7E033C-1772-466C-900D-B0555AF18DC5}E:\e-studio\setup.exe" = protocol=17 | dir=in | app=e:\e-studio\setup.exe |
"UDP Query User{91591930-FFBE-4C01-B51A-F74E951FDD45}C:\program files (x86)\sorenson media\sorenson squeeze\squeeze.exe" = protocol=17 | dir=in | app=c:\program files (x86)\sorenson media\sorenson squeeze\squeeze.exe |
"UDP Query User{A8F5CE24-5F43-408D-99B2-BDD95E083308}C:\program files (x86)\adobe\adobe dreamweaver cs5\dreamweaver.exe" = protocol=17 | dir=in | app=c:\program files (x86)\adobe\adobe dreamweaver cs5\dreamweaver.exe |
"UDP Query User{BBB2E389-7A9D-45FD-9751-257A49E6310B}C:\program files (x86)\bittorrent\bittorrent.exe" = protocol=17 | dir=in | app=c:\program files (x86)\bittorrent\bittorrent.exe |
"UDP Query User{D1BD80A2-49AE-43D9-A067-285421F1DA6C}C:\program files (x86)\adobe\adobe dreamweaver cs4\dreamweaver.exe" = protocol=17 | dir=in | app=c:\program files (x86)\adobe\adobe dreamweaver cs4\dreamweaver.exe |
"UDP Query User{D4038655-312B-44A6-93C7-F6BD3B3E9653}C:\program files (x86)\ws_ftp\ws_ftp95.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ws_ftp\ws_ftp95.exe |
"UDP Query User{DB35498B-8FE4-4DDE-B30A-495AE28643C5}C:\program files (x86)\muse\muse.exe" = protocol=17 | dir=in | app=c:\program files (x86)\muse\muse.exe |
"UDP Query User{DFE9DEF0-FBE0-4D8B-91AB-481314480B8F}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"UDP Query User{E2F3EB83-B47F-4941-B38A-4B5FA728C73A}C:\users\thanh\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\thanh\appdata\roaming\dropbox\bin\dropbox.exe |
 
[color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX410_series" = Canon MX410 series MP Drivers
"{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64
"{295CFB7C-A57E-4313-93E7-68E7CE1D0332}" = Adobe WinSoft Linguistics Plugin x64
"{2D74E972-5A85-44DC-9193-8A302BA8C181}" = Photoshop Camera Raw_x64
"{2EF5D87E-B7BD-458F-8428-E4D0B8B4E65C}" = Apple Mobile Device Support
"{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6631325A-9B1B-4EE7-8E64-8CC4A6F10643}" = Adobe Fonts All x64
"{6DD01FF3-63CE-436B-96DB-61363EAA4EB8}" = MobileMe Control Panel
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{704C0303-D20C-45AF-BD2B-556EAF31BE09}" = iCloud
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64
"{8875A1C0-6308-4790-8CF6-D34E89880052}" = Adobe Linguistics CS4 x64
"{887797BF-37A5-4199-B0C9-0D38D6196E9A}" = Adobe Anchor Service x64 CS4
"{8C8D673B-20FB-43E6-BCB7-9B3F78F2E762}" = Adobe Type Support x64 CS4
"{8DAA31EB-6830-4006-A99F-4DF8AB24714F}" = Adobe CSI CS4 x64
"{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}" = Dell Edoc Viewer
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{90BA8112-80B3-4617-A3C1-BD2771B60F74}" = Adobe CMaps x64 CS4
"{925D058B-564A-443A-B4B2-7E90C6432E55}" = Microsoft_VC80_ATL_x86_x64
"{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A3454894-144A-4D80-B605-C128FE0D7329}" = Adobe Drive CS4 x64
"{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B37A99DD-88E2-4ED0-80B4-1E054AB354BF}" = Adobe InDesign CS4 Icon Handler x64
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D40172D6-CE2D-4B72-BF5F-26A04A900B7B}" = Adobe Photoshop CS4 (64 Bit)
"{D601CEAD-2E4F-4BBB-85CC-C29A4CE6A3C0}" = iTunes
"{DFFABE78-8173-4E97-9C5C-22FB26192FC5}" = Adobe PDF Library Files x64 CS4
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F6CB42B9-F033-4152-8813-FF11DA8E6A78}" = Dell Dock
"Broadcom 802.11 Application" = Dell Wireless WLAN Card Utility
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"NVIDIA Drivers" = NVIDIA Drivers
"WinRAR archiver" = WinRAR archiver
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{020D8396-D6D9-4B53-A9A1-83C47E2E27AA}" = Windows Live Call
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{083E277B-7976-4C5A-894E-C84A0966F14A}" = Adobe Setup
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Creator Data
"{09760D42-E223-42AD-8C3E-55B47D0DDAC3}" = Roxio Creator DE
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{098A2A49-7CF3-4F08-A38D-FB879117152A}" = Adobe Color NA Extra Settings CS4
"{0AAA9C97-74D4-47CE-B089-0B147EF3553C}" = Windows Live Messenger
"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
"{0DC0E85F-36E4-463B-B3EA-4CD8ED2222A1}" = Adobe Color EU Recommended Settings CS4
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{1111706F-666A-4037-7777-210328764D10}" = JavaFX 2.1.0
"{1140FB42-0B3E-44D9-B086-9FF5F3F2ABB5}" = iSpring Pro 5
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{14DC0059-00F1-4F62-BD1A-AB23CD51A95E}" = Adobe AIR
"{14F70205-1940-4000-88C7-BE799A6B2CAD}" = Adobe Soundbooth CS4
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{15BF7AAF-846C-4A6D-80E1-5D1FC7FB461B}" = Adobe SGM CS4
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{16E16F01-2E2D-4248-A42F-76261C147B6C}" = Adobe Drive CS4
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{1B7C06E1-4888-47A6-992A-0990B9683486}" = Adobe Version Cue CS4 Server
"{1DCA3EAA-6EB5-4563-A970-EA14D75037BA}" = Adobe InDesign CS4
"{1E04CB54-AF4E-4AC3-B4B7-C0A160BE57F1}" = Adobe InDesign CS4 Icon Handler
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Creator Tools
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{2168245A-B5AD-40D8-A641-48E3E070B5B6}" = Adobe Flash CS4 STI-en
"{21B9CC18-8AB7-402F-B343-CD2127FC3CFC}" = NETGEAR WG111 Software
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 29
"{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 21
"{27CC6AB1-E72B-4179-AF1A-EAE507EBAF51}_is1" = ConvertHelper 2.2
"{297190A1-4B0D-4CD6-8B9F-3907F15C3FD8}" = Adobe CS4 American English Speech Analysis Models
"{2A83AD05-56E6-3FBD-8752-B4143162EF59}" = Google Talk Plugin
"{2B4C7E1E-E446-4740-ADB5-9842E742EE8A}" = Windows Live Toolbar
"{2BAF2B96-7560-48B4-87D4-10178DDBE217}" = Adobe InDesign CS4 Application Feature Set Files (Roman)
"{2FDBBCEA-62DB-45F4-B6E5-0E1FB2A1F29D}" = Visual C++ 8.0 Runtime Setup Package (x64)
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{30C8AA56-4088-426F-91D1-0EDFD3A25678}" = Adobe Dreamweaver CS4
"{33F9F10F-3239-4F1A-ADD7-0E613967569A}_is1" = Aunsoft MTS Converter Ver 2.0.0.4206
"{3521BDBD-D453-5D9F-AA55-44B75D214629}" = Adobe Community Help
"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}" = Adobe Color - Photoshop Specific CS4
"{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{415B2719-AD3A-4944-B404-C472DB6085B3}" = Cisco EAP-FAST Module
"{42442BC6-5A92-4BC2-9E0C-3D359D548A21}_is1" = Pazera Free MP4 to AVI Converter 1.7
"{428FDF9F-E010-4C4C-A8BB-156960AFCA1C}" = Adobe Fireworks CS4
"{43509E18-076E-40FE-AF38-CA5ED400A5A9}" = Pixel Bender Toolkit
"{44E240EC-2224-4078-A88B-2CEE0D3016EF}" = Adobe After Effects CS4 Presets
"{45EC816C-0771-4C14-AE6D-72D1B578F4C8}" = Adobe After Effects CS4
"{46F044A5-CE8B-4196-984E-5BD6525E361D}" = Apple Application Support
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A52555C-032A-4083-BDD9-6A85ABFB39A8}" = Adobe SING CS4
"{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}" = Google Earth Plug-in
"{4AB8B41B-3AF1-46BE-99B0-0ACD3B300C0A}" = Junk Mail filter update
"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack
"{4CEEE5D0-F905-4688-B9F9-ECC710507796}" = HTC Driver Installer
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.11
"{52232EF4-CC12-4C21-ABCF-ADB79618302D}" = Adobe Soundbooth CS4 Codecs
"{561968FD-56A1-49FD-9ED0-F55482C7C5BC}" = Adobe Media Encoder CS4 Exporter
"{5EAD5443-7194-46CC-A055-428E6ABB1BAF}" = Adobe Encore CS4
"{60DB5894-B5A1-4B62-B0F3-669A22C0EE5D}" = Adobe Dynamiclink Support
"{61D6891E-E822-4448-9F9A-0AAAAEB6AF6C}" = Adobe Creative Suite 4 Master Collection
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{63C1109E-D977-49ED-BCE3-D00D0BF187D6}" = Windows Live Mail
"{63C24A08-70F3-4C8E-B9FB-9F21A903801D}" = Adobe Color Video Profiles CS CS4
"{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}" = Adobe Photoshop CS4 Support
"{64DAD0A0-6380-99E6-B43E-F26F54AB92BC}" = CustomEffects Installer
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{669C7BD8-DAA2-49B6-966C-F1E2AAE6B17E}" = Cisco PEAP Module
"{67635FB6-2F63-4FFB-830B-D4C01597EBA4}" = Microsoft Office Suite Activation Assistant
"{67A9747A-E1F5-4E9A-81CC-12B5D5B81B6E}" = Adobe After Effects CS4 Third Party Content
"{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK
"{6965F2F4-1CD2-4F42-A8EF-9EF433F9AA72}" = IPTInstaller
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6A143FF0-BB9A-4A9C-A318-1688BA366BAE}" = Sorenson Squeeze 5.1
"{6A92E5C5-0578-443D-91F3-92ECE5F2CAE2}" = Windows Live Writer
"{706EA4A8-97B5-4C29-A0F3-0B38C666F0C4}" = QuarkXPress
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Creator Audio
"{7406DF60-016D-476B-A2C7-55D997592047}" = Adobe OnLocation CS4
"{7477F26F-CC6A-4F68-8C9D-496DBFF45E05}" = HTC Sync Manager
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{793D1D88-6141-43DE-BE58-59BCE31B4090}" = Adobe Flash CS4 Extension - Flash Lite STI en
"{799CB584-2DCE-48BB-924B-14B8778906B2}" = Fuze Meeting
"{7B63B2922B174135AFC0E1377DD81EC2}" =
"{7CC7BDD5-6F10-4724-96A1-EAC7D9F2831C}" = Adobe InDesign CS4 Common Base Files
"{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide
"{8186FF34-D389-4B7E-9A2F-C197585BCFBD}" = Adobe Media Encoder CS4 Importer
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{83770D14-21B9-44B3-8689-F7B523F94560}" = Cisco LEAP Module
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{87532CAB-7932-4F84-8937-823337622807}" = Adobe Illustrator CS4
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8C8224B7-AA9B-4807-97CD-55899BAC83FE}" = YouSendIt Express
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{90120000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2007
"{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}_PROPLUS_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}_PROPLUS_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROPLUS_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0000-1000-0000000FF1CE}_PROPLUS_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0409-1000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0409-1000-0000000FF1CE}_PROPLUS_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}_PROPLUS_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}_PROPLUS_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0116-0409-1000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0116-0409-1000-0000000FF1CE}_PROPLUS_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{9422C8EA-B0C6-4197-B8FC-DC797658CA00}" = Windows Live Sign-in Assistant
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95140000-0081-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{969E11AA-8F3A-F162-1A5A-0965E216B6CE}" = Adobe Download Assistant
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A1BC7068-C1BA-410F-8B9A-DB807C803DE2}" = Adobe Creative Suite 5 Design Premium
"{A657DCB7-18E8-2012-9FB0-23F29A908CF5}" = Axure RP Pro 6.5
"{A6EC82A0-1414-475D-8AFD-469089F3080D}" = Adobe Contribute CS4
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AAF4238F-7C29-451D-9925-C753271A5728}" = Microsoft Visual C++ Run Time  Lib Setup
"{AC76BA86-1033-F400-7760-000000000004}" = Adobe Acrobat 9 Pro - English, Français, Deutsch
"{AC76BA86-1033-F400-7760-000000000004}_950" = Adobe Acrobat 9.5.0 - CPSID_83708
"{AC76BA86-7AD7-1033-7B44-A95000000001}" = Adobe Reader 9.5.0
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{AD88355B-A4E0-4DA1-BAC3-EA4FEA930691}" = Ipswitch WS_FTP Pro
"{B05DE7B7-0B40-4411-BD4B-222CAE2D8F15}" = Adobe MotionPicture Color Files CS4
"{B095B0A4-50A5-46D7-9988-D038FEB040C0}" = Adobe Encore CS4 Library
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B15381DD-FF97-4FCD-A881-ED4DB0975500}" = Adobe Color Video Profiles AE CS4
"{B169BC97-B8AA-4ACA-9CF2-9D0FF5BABDF7}" = Adobe Premiere Pro CS4 Functional Content
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}" = Adobe Photoshop CS4
"{B67BAFBA-4C9F-48FA-9496-933E3B255044}" = QuickTime
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Creator Copy
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B6D38690-755E-4F40-A35A-23F8BC2B86AC}" = Microsoft_VC90_MFCLOC_x86
"{B6EC7388-E277-4A5B-8C8F-71067A41BA64}" = TextPad 5
"{B935C985-A17F-484B-8470-09E4FC27DC26}" = Dell-eBay
"{B9F4561A-924D-4510-A85A-BB0960C338CB}" = Adobe Asset Services CS4
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{BE9C28A5-2098-466E-9F52-1AE9DA155E4F}" = Adobe After Effects CS5.5 Third Party Content
"{BE9CEAAA-F069-4331-BF2F-8D350F6504F4}" = Adobe Media Encoder CS4 Additional Exporter
"{C2425F91-1F7B-4037-9A05-9F290184798D}" = NETGEAR WNA3100 wireless USB 2.0 adapter
"{C28DD992-5B7B-D195-6841-4EC57DF512BD}" = Adobe Story
"{C4124E95-5061-4776-8D5D-E3D931C778E1}" = Microsoft VC9 runtime libraries
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{C779648B-410E-4BBA-B75B-5815BCEFE71D}" = Safari
"{C938BE91-3BB5-4B84-9EF6-88F0505D0038}" = Adobe Premiere Pro CS4 Third Party Content
"{CB04D8E1-7B9C-4F35-B2E2-E87CBE520805}" = Adobe After Effects CS5.5
"{CBE6AF35-F2DD-419A-AD45-97AA74CDF2AC}" = C5100n GDI Driver for Windows Vista 64 BIT
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D499F8DE-3F31-4900-9157-61061613704B}" = Adobe Premiere Pro CS4
"{D642E38E-0D24-486C-9A2D-E316DD696F4B}" = Microsoft XML Parser
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{D9D754A1-EAC5-406C-A28B-C49B1E846711}" = Windows Live Essentials
"{DEB90B8E-0DCB-48CE-B90E-8842A2BD643E}" = Adobe Media Encoder CS4
"{E8EE9410-8AC4-4F43-A626-DDECA75C79F3}" = Adobe Setup
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Creator DE
"{EDFA6B29-7667-4FD2-86F3-9835AFCE837A}_is1" = Pazera Free MKV to AVI Converter 1.1
"{EE353798-E875-42E0-B58D-7E6696182EA8}" = Adobe Media Encoder CS4 Dolby
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F1B6AE0B-E56F-4515-B540-3BD854FE5D64}" = Centrafuse
"{F47C37A4-7189-430A-B81D-739FF8A7A554}" = Consumer In-Home Service Agreement
"{F600CCF3-9C88-4A22-B0B4-DDA82E997118}" = Adobe After Effects CS4 Template Projects & Footage
"{F69E83CF-B440-43F8-89E6-6EA80712109B}" = Windows Live Communications Platform
"{F6E99614-F042-4459-82B7-8B38B2601356}" = Adobe Flash CS4
"{F73A5B18-EB75-4B2C-B32D-9457576E2417}" = Windows Live Photo Gallery
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{FB2A5FCC-B81B-48C2-A009-7804694D83E9}" = Adobe Encore CS4 Codecs
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"{FDD810CA-D5E3-40E9-AB7B-36440B0D41EF}" = Windows Live Sync
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"ActiveTouchMeetingClient" = WebEx
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Adobe_5445c5ddd9a5c69582d3c1e2bba18f7" = Adobe Creative Suite 4 Master Collection
"Adobe_9f42804f89f9a287eff5269cd426478" = Adobe Soundbooth CS4 Codecs
"AIM_7" = AIM 7
"AndreaMosaic" = AndreaMosaic 3.33.0
"Avi to Dvd Free Converter_is1" = Avi to Dvd Free Converter v6.4.0.52
"Axure RP Pro 6.5" = Axure RP Pro 6.5
"BitTorrent" = BitTorrent
"Canon RAW Codec" = Canon RAW Codec
"Canon_IJ_Network_Scanner_Selector_EX" = Canon IJ Network Scanner Selector EX
"Canon_IJ_Network_UTILITY" = Canon IJ Network Tool
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"com.adobe.AdobeStory.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Story
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"com.adobe.downloadassistant.AdobeDownloadAssistant" = Adobe Download Assistant
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"com.polygonstudio.customeffects.ceInstaller.17434B19500DCEA15121D78F39122290E9D66C71.1" = CustomEffects Installer
"CrossFont" = CrossFont
"Dell Photo Printer 720" = Dell Photo Printer 720
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DivX Setup" = DivX Setup
"DROPCLOCK_is1" = DROPCLOCK 1.0.1
"ffdshow_is1" = ffdshow [rev 2033] [2008-07-05]
"FileZilla Client" = FileZilla Client 3.5.2
"Flash Decompiler Trillix_is1" = Flash Decompiler Trillix
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"HTC_WModemDriver" = WModem Driver Installer
"ImgBurn" = ImgBurn
"InstallShield_{8C8224B7-AA9B-4807-97CD-55899BAC83FE}" = YouSendIt Express
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"McAfee Security Scan" = McAfee Security Scan Plus
"MFZ0CODEC" = MFZ0 codec (Remove Only)
"Mozilla Firefox (3.6.25)" = Mozilla Firefox (3.6.25)
"MVApplication1" = Memorex exPressit Label Design Studio
"NirSoft SysExporter" = NirSoft SysExporter
"NSS" = Norton Security Scan
"OfficeScanNT" = Trend Micro Client/Server Security Agent
"PROPLUS" = Microsoft Office Professional Plus 2007
"Registry Fix_is1" = RegistryFix v7.1
"Samsung ML-1660 Series" = Maintenance Samsung ML-1660 Series
"Sonique15" = Sonique
"TeamViewer 7" = TeamViewer 7
"TrueCrypt" = TrueCrypt
"Winamp" = Winamp
"WinLiveSuite_Wave3" = Windows Live Essentials
"Wondershare DVD Ripper Platinum_is1" = Wondershare DVD Ripper Platinum(Build 3.1.10)
"Wondershare Video Converter Ultimate_is1" = Wondershare Video Converter Ultimate(Build 5.6.1.1)
"Xilisoft AVI to DVD Converter" = Xilisoft AVI to DVD Converter
 
[color=#E56717]========== HKEY_USERS Uninstall List ==========[/color]
 
[HKEY_USERS\S-1-5-21-1315876244-2709806311-3956440418-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"Google Chrome" = Google Chrome
"GoToMeeting" = GoToMeeting 5.7.0.1172
"UnityWebPlayer" = Unity Web Player
"Viber" = Viber
"Winamp Detect" = Winamp Detector Plug-in
 
[color=#E56717]========== Last 20 Event Log Errors ==========[/color]
 
[ Application Events ]
Error - 10/15/2011 12:00:07 AM | Computer Name = Thanh-PC | Source = Microsoft-Windows-CAPI2 | ID = 131585
Description =
 
Error - 10/15/2011 12:25:20 AM | Computer Name = Thanh-PC | Source = WinMgmt | ID = 10
Description =
 
Error - 10/15/2011 9:42:05 AM | Computer Name = Thanh-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
 
Error - 10/16/2011 12:00:07 AM | Computer Name = Thanh-PC | Source = Microsoft-Windows-CAPI2 | ID = 131585
Description =
 
Error - 10/16/2011 9:42:03 AM | Computer Name = Thanh-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
 
Error - 10/17/2011 12:00:07 AM | Computer Name = Thanh-PC | Source = Microsoft-Windows-CAPI2 | ID = 131585
Description =
 
Error - 10/17/2011 12:27:06 AM | Computer Name = Thanh-PC | Source = Microsoft-Windows-CAPI2 | ID = 131585
Description =
 
Error - 10/17/2011 12:35:05 AM | Computer Name = Thanh-PC | Source = WinMgmt | ID = 10
Description =
 
Error - 10/17/2011 9:41:59 AM | Computer Name = Thanh-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
 
Error - 10/18/2011 12:00:09 AM | Computer Name = Thanh-PC | Source = Microsoft-Windows-CAPI2 | ID = 131585
Description =
 
[ Broadcom Wireless LAN Events ]
Error - 8/18/2013 9:13:42 PM | Computer Name = Thanh-PC | Source = WLAN-Tray | ID = 0
Description = 21:13:42, Sun, Aug 18, 13 Error - Unable to gain access to user store
 
Error - 8/18/2013 9:28:16 PM | Computer Name = Thanh-PC | Source = WLAN-Tray | ID = 0
Description = 21:28:15, Sun, Aug 18, 13 Error - Unable to gain access to user store
 
Error - 12/30/2013 1:07:50 PM | Computer Name = Thanh-PC | Source = WLAN-Tray | ID = 0
Description = 12:07:18, Mon, Dec 30, 13 Error - Unable to gain access to user store
 
Error - 1/2/2014 11:52:17 PM | Computer Name = Thanh-PC | Source = WLAN-Tray | ID = 0
Description = 22:52:16, Thu, Jan 02, 14 Error - Unable to gain access to user store
 
[ OSession Events ]
Error - 1/16/2013 12:10:03 PM | Computer Name = Thanh-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 85270
 seconds with 180 seconds of active time.  This session ended with a crash.
 
Error - 2/4/2013 10:51:37 PM | Computer Name = Thanh-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
 12.0.6565.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 20939
 seconds with 420 seconds of active time.  This session ended with a crash.
 
Error - 2/28/2013 10:22:25 PM | Computer Name = Thanh-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
 12.0.6565.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 24645
 seconds with 480 seconds of active time.  This session ended with a crash.
 
Error - 7/18/2013 12:17:51 PM | Computer Name = Thanh-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
 12.0.6565.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 37927
 seconds with 60 seconds of active time.  This session ended with a crash.
 
Error - 7/24/2013 11:20:38 AM | Computer Name = Thanh-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 8, Application Name: Microsoft Office Publisher, Application Version:
 12.0.6652.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 77119
 seconds with 120 seconds of active time.  This session ended with a crash.
 
Error - 7/24/2013 11:23:18 AM | Computer Name = Thanh-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 8, Application Name: Microsoft Office Publisher, Application Version:
 12.0.6652.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 36
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 7/24/2013 11:23:53 AM | Computer Name = Thanh-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 8, Application Name: Microsoft Office Publisher, Application Version:
 12.0.6652.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 23
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 7/24/2013 11:24:16 AM | Computer Name = Thanh-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 8, Application Name: Microsoft Office Publisher, Application Version:
 12.0.6652.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 15
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 7/24/2013 11:25:45 AM | Computer Name = Thanh-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 8, Application Name: Microsoft Office Publisher, Application Version:
 12.0.6652.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 25
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 7/24/2013 11:25:45 AM | Computer Name = Thanh-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 8, Application Name: Microsoft Office Publisher, Application Version:
 12.0.6652.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 82
 seconds with 0 seconds of active time.  This session ended with a crash.
 
[ System Events ]
Error - 1/3/2014 1:07:05 AM | Computer Name = Thanh-PC | Source = disk | ID = 262151
Description = The device, \Device\Harddisk0\DR0, has a bad block.
 
Error - 1/3/2014 1:07:07 AM | Computer Name = Thanh-PC | Source = disk | ID = 262151
Description = The device, \Device\Harddisk0\DR0, has a bad block.
 
Error - 1/3/2014 1:07:10 AM | Computer Name = Thanh-PC | Source = disk | ID = 262151
Description = The device, \Device\Harddisk0\DR0, has a bad block.
 
Error - 1/3/2014 1:07:13 AM | Computer Name = Thanh-PC | Source = disk | ID = 262151
Description = The device, \Device\Harddisk0\DR0, has a bad block.
 
Error - 1/3/2014 1:07:16 AM | Computer Name = Thanh-PC | Source = disk | ID = 262151
Description = The device, \Device\Harddisk0\DR0, has a bad block.
 
Error - 1/3/2014 1:07:18 AM | Computer Name = Thanh-PC | Source = disk | ID = 262151
Description = The device, \Device\Harddisk0\DR0, has a bad block.
 
Error - 1/3/2014 1:07:21 AM | Computer Name = Thanh-PC | Source = disk | ID = 262151
Description = The device, \Device\Harddisk0\DR0, has a bad block.
 
Error - 1/3/2014 1:07:24 AM | Computer Name = Thanh-PC | Source = disk | ID = 262151
Description = The device, \Device\Harddisk0\DR0, has a bad block.
 
Error - 1/3/2014 1:07:27 AM | Computer Name = Thanh-PC | Source = disk | ID = 262151
Description = The device, \Device\Harddisk0\DR0, has a bad block.
 
Error - 1/3/2014 1:33:25 AM | Computer Name = Thanh-PC | Source = disk | ID = 262151
Description = The device, \Device\Harddisk0\DR0, has a bad block.
 
 
< End of report >
Back to Top
 

Touch
Forum Moderator




Date Joined Jun 2004
Total Posts : 12975
 
   Posted 1/4/2014 8:24 AM (GMT +3)    Quote: Malware hiding C: driveAlert an admin about: Malware hiding C: drive
We need to run an OTL Fix

• Please reopen OTL on your desktop.
• Copy and Paste the following text in into the Custom Scan textbox.



:Services 

:OTL 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-1315876244-2709806311-3956440418-1000\..\SearchScopes,DefaultScope = {6B96028B-FF75-4B7B-B9D8-08960900E0A6}
IE - HKU\S-1-5-21-1315876244-2709806311-3956440418-1000\..\SearchScopes\{180780f0-b348-4b44-8210-94a8f3ee15b2}: "URL" = http://search.comcast.net/search/?cat=Web&con=toolbar&q={searchTerms}
IE - HKU\S-1-5-21-1315876244-2709806311-3956440418-1000\..\SearchScopes\{6B96028B-FF75-4B7B-B9D8-08960900E0A6}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3300196&CUI=UN10264570271957221&UM=2
IE - HKU\S-1-5-21-1315876244-2709806311-3956440418-1000\..\SearchScopes\{B1BDA88C-572F-447A-8CE1-7CA81F229114}: "URL" = http://www.gisly.com/search/?q={searchTerms}&ie=utf-8&oe=utf-8&aq=t&rls=XThhMHcJ
CHR - default_search_provider: Conduit (Enabled)
CHR - default_search_provider: search_url = http://search.conduit.com/Results.aspx?q={searchTerms}&SearchSource=49&CUI=UN88772357139682570&ctid=CT3300196&UM=2
CHR - default_search_provider: suggest_url = http://suggest.search.conduit.com/CSuggestJson.ashx?prefix={searchTerms}&CUI=UN88772357139682570&UM=2,
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe_ID0ENQBO] C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4Tray.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin File not found
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
[1 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ]

@Alternate Data Stream - 60 bytes -> C:\Users\Thanh\Desktop\PixelationEffectAS3.zip:AFP_AFPINFO
@Alternate Data Stream - 288 bytes -> C:\ProgramData:iSpring Pro 5
@Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:98781370 :Reg 
:Files 
ipconfig /flushdns /c 
:Commands 
[purity] 
[resethosts] 
[CreateRestorePoint] 
[emptytemp] 
[EMPTYFLASH]




• Push Run Fix Button
• OTL may ask to reboot the machine. Please do so if asked.
• Click OK.
• A report will open. Copy and Paste that report in your next reply.

• If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date of the tool run.




Please download Adwcleaner ->

http://general-changelog-team.fr/fr/downloads/finish/20-outils-de-xplode/2-adwcleaner


• Double click on AdwCleaner.exe to run the tool.
***Note: Windows Vista and Windows 7 users:
Right click in the adwCleaner.exe and select – Run as admin
• Click Delete.
• Everything that was found will be deleted.
• Save any open files and approve the reboot. A text file will open after the restart.



Next -
Junkware Removal Tool by thisisu

Download: www.bleepingcomputer.com/download/junkware-removal-tool/


Disable your Antivirus program if required
For vista and windows 7 right click on the tool and select run as administrator

After the scan is completed, post the generated log here.


Please read:  Forum Rules
Click here:   Before-posting-a-log
 
Do not PM me with logfiles. They will be deleted. 

 

Back to Top
 

neo2000x
New Member


Date Joined Jan 2014
Total Posts : 4
 
   Posted 1/4/2014 10:06 PM (GMT +3)    Quote: Malware hiding C: driveAlert an admin about: Malware hiding C: drive
Here are the logs.  I have everything except the Adwcleaner log.  I ran it in safe mode and then when I came back the PC appeared to be in normal windows mode.  There were notepad logs on the screen but as soon as I clicked on them they closed.  Not sure what happened, but looked like they were temporary files that got removed?  I'll run Adwcleaner again and post later.
 
 
OTL Log
All processes killed
========== SERVICES/DRIVERS ==========
========== OTL ==========
HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
HKEY_USERS\S-1-5-21-1315876244-2709806311-3956440418-1000\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_USERS\S-1-5-21-1315876244-2709806311-3956440418-1000\Software\Microsoft\Internet Explorer\SearchScopes\{180780f0-b348-4b44-8210-94a8f3ee15b2}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{180780f0-b348-4b44-8210-94a8f3ee15b2}\ not found.
Registry key HKEY_USERS\S-1-5-21-1315876244-2709806311-3956440418-1000\Software\Microsoft\Internet Explorer\SearchScopes\{6B96028B-FF75-4B7B-B9D8-08960900E0A6}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6B96028B-FF75-4B7B-B9D8-08960900E0A6}\ not found.
Registry key HKEY_USERS\S-1-5-21-1315876244-2709806311-3956440418-1000\Software\Microsoft\Internet Explorer\SearchScopes\{B1BDA88C-572F-447A-8CE1-7CA81F229114}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B1BDA88C-572F-447A-8CE1-7CA81F229114}\ not found.
Use Chrome's Settings page to remove the default_search_provider items.
Use Chrome's Settings page to remove the default_search_provider items.
Use Chrome's Settings page to remove the default_search_provider items.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Acrobat Assistant 8.0 deleted successfully.
C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Adobe Acrobat Speed Launcher deleted successfully.
C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrobat_sl.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Adobe_ID0ENQBO deleted successfully.
C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4Tray.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\AdobeCS4ServiceManager deleted successfully.
C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\AdobeCS5.5ServiceManager deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\AdobeCS5ServiceManager deleted successfully.
C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\APSDaemon deleted successfully.
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\DivXUpdate deleted successfully.
C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe moved successfully.
C:\Windows\SysNative\drivers\~GLH0020.TMP deleted successfully.
ADS C:\Users\Thanh\Desktop\PixelationEffectAS3.zip:AFP_AFPINFO deleted successfully.
ADS C:\ProgramData:iSpring Pro 5 deleted successfully.
Unable to delete ADS C:\ProgramData\TEMP:98781370 :Reg .
========== FILES ==========
[color=#A23BEC]< ipconfig /flushdns /c  >[/color]
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\cmd.bat deleted successfully.
C:\cmd.txt deleted successfully.
========== COMMANDS ==========
File move failed. C:\Windows\System32\drivers\etc\Hosts scheduled to be moved on reboot.
HOSTS file reset successfully
Unable to start System Restore Service. Error code 1084
 
[EMPTYTEMP]
 
User: All Users
 
User: AppData
->Temp folder emptied: 0 bytes
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 56504 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Public
->Temp folder emptied: 0 bytes
 
User: Thanh
->Temp folder emptied: 31832 bytes
->Temporary Internet Files folder emptied: 1782669971 bytes
->Java cache emptied: 18708958 bytes
->FireFox cache emptied: 139892259 bytes
->Google Chrome cache emptied: 7779320 bytes
->Apple Safari cache emptied: 1759232 bytes
->Flash cache emptied: 3233736 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 9202250 bytes
%systemroot%\system32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 753 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 87022693 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 1,955.00 mb
 
 
[EMPTYFLASH]
 
User: All Users
 
User: AppData
 
User: Default
->Flash cache emptied: 0 bytes
 
User: Default User
->Flash cache emptied: 0 bytes
 
User: Public
 
User: Thanh
->Flash cache emptied: 0 bytes
 
Total Flash Files Cleaned = 0.00 mb
 
 
OTL by OldTimer - Version 3.2.69.0 log created on 01042014_023816
Files\Folders moved on Reboot...
File move failed. C:\Windows\System32\drivers\etc\Hosts scheduled to be moved on reboot.
PendingFileRenameOperations files...
Registry entries deleted on Reboot...
 
 
Junk Removal Tool Log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.9 (01.01.2014:1)
OS: Windows (TM) Vista Home Premium x64
Ran by Thanh on Sat 01/04/2014 at 13:00:30.37
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

~~~ Services
 
~~~ Registry Values
 
~~~ Registry Keys
 
~~~ Files
 
~~~ Folders
Successfully deleted: [Folder] "C:\Users\Thanh\AppData\Roaming\getrighttogo"
Successfully deleted: [Folder] "C:\Users\Thanh\appdata\local\cre"
 
~~~ FireFox
Emptied folder: C:\Users\Thanh\AppData\Roaming\mozilla\firefox\profiles\fxflq1vf.default\minidumps [1 files]
 
~~~ Event Viewer Logs were cleared
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sat 01/04/2014 at 13:03:55.41
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Back to Top
 

neo2000x
New Member


Date Joined Jan 2014
Total Posts : 4
 
   Posted 1/4/2014 11:43 PM (GMT +3)    Quote: Malware hiding C: driveAlert an admin about: Malware hiding C: drive
Adwcleaner Log:
 
# AdwCleaner v3.016 - Report created 04/01/2014 at 14:14:31
# Updated 23/12/2013 by Xplode
# Operating System : Windows (TM) Vista Home Premium Service Pack 2 (64 bits)
# Username : Thanh - THANH-PC
# Running from : C:\adwcleaner.exe
# Option : Clean
***** [ Services ] *****

***** [ Files / Folders ] *****

***** [ Shortcuts ] *****

***** [ Registry ] *****

***** [ Browsers ] *****
-\\ Internet Explorer v8.0.6001.19170

-\\ Mozilla Firefox v3.6.25 (en-US)
[ File : C:\Users\Thanh\AppData\Roaming\Mozilla\Firefox\Profiles\fxflq1vf.default\prefs.js ]

-\\ Google Chrome v
[ File : C:\Users\Thanh\AppData\Local\Google\Chrome\User Data\Default\preferences ]

*************************
AdwCleaner[R0].txt - [2980 octets] - [04/01/2014 02:50:07]
AdwCleaner[R1].txt - [993 octets] - [04/01/2014 11:18:49]
AdwCleaner[R2].txt - [1113 octets] - [04/01/2014 14:07:32]
AdwCleaner[S0].txt - [2905 octets] - [04/01/2014 02:52:58]
AdwCleaner[S1].txt - [1053 octets] - [04/01/2014 11:51:00]
AdwCleaner[S2].txt - [1035 octets] - [04/01/2014 14:14:31]
########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [1095 octets] ##########
Back to Top
 

Touch
Forum Moderator




Date Joined Jun 2004
Total Posts : 12975
 
   Posted 1/5/2014 11:32 AM (GMT +3)    Quote: Malware hiding C: driveAlert an admin about: Malware hiding C: drive
Please run combofix - (allow it to update, if asked)



Post new combofix log, and tell how things are running ?


Please read:  Forum Rules
Click here:   Before-posting-a-log
 
Do not PM me with logfiles. They will be deleted. 

 

Back to Top
 
New Topic Locked Topic Printable version of : Malware hiding C: drive
 
Forum Information
Currently it is Tuesday, September 30, 2014 8:57 PM (GMT +3)
There are a total of 60,627 posts in 13,326 threads.
In the last 3 days there were 0 new threads and 1 reply posts. View Active Threads
Who's Online
This forum has 36440 registered members. Please welcome our newest member, tedlevin14.
4 Guest(s), 0 Registered Member(s) are currently online.  Details
5 Latest Threads
Syswow64 (13)9/30/2014 1:41:48 PM (yoko90)