Malware hiding C: drive

Posted 1/3/2014 4:14 AM
#96374
User avatar

neo2000x Member

Date Joined Nov 2016
Total Posts: 4
Hi everyone, I could use some help fixing my brother's computer. It's running Windows 64 bit Vista with SP2. He clicked on an email link, and now explorer is crashing and hiding his C: drive. I've already downloaded Malwarebytes but that didn't fix the issue. I recently used ComboFix and the log is below. Any help is appreciated. <br/> <br/> <br/> <br/>ComboFix 14-01-01.01 - Thanh 01/02/2014 22:32:15.1.4 - x64 NETWORK <br/>Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.8189.7026 [GMT -5:00] <br/>Running from: C:\ComboFix.exe <br/>AV: Trend Micro Client/Server Security Agent Antivirus *Enabled/Updated* {48929DFC-7A52-A34F-8351-C4DBEDBD9C50} <br/>SP: Trend Micro Client/Server Security Agent Anti-spyware *Enabled/Updated* {F3F37C18-5C68-ACC1-B9E1-FFA9963AD6ED} <br/>SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} <br/> * Created a new restore point <br/>. <br/>. <br/>((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) <br/>. <br/>. <br/>c:\programdata\9d55a160db8e34f23f7116c9c272cb2475fc7482 <br/>c:\users\Thanh\AppData\Roaming\9d55a160db8e34f23f7116c9c272cb2475fc7482 <br/>c:\users\Thanh\AppData\Roaming\Microsoft\~DFK335d8a90.tmp <br/>c:\users\Thanh\AppData\Roaming\Microsoft\1eaadjc.dll <br/>c:\users\Thanh\AppData\Roaming\Microsoft\AdjMmsVista.dll <br/>c:\users\Thanh\AppData\Roaming\Microsoft\bass.dll <br/>c:\users\Thanh\AppData\Roaming\Microsoft\kfgresk.dll <br/>c:\users\Thanh\AppData\Roaming\Microsoft\mjcriu.dll <br/>c:\users\Thanh\AppData\Roaming\Microsoft\peaadje.dll <br/>c:\users\Thanh\AppData\Roaming\Microsoft\qwadjb.dll <br/>c:\users\Thanh\AppData\Roaming\Microsoft\rsaadjd.dll <br/>c:\windows\iun6002.exe <br/>c:\windows\SysWow64\Packet.dll <br/>c:\windows\SysWow64\pthreadVC.dll <br/>c:\windows\SysWow64\wpcap.dll <br/>. <br/>. <br/>((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) <br/>. <br/>. <br/>-------\Legacy_NPF <br/>-------\Service_NPF <br/>. <br/>. <br/>((((((((((((((((((((((((( Files Created from 2013-12-03 to 2014-01-03 ))))))))))))))))))))))))))))))) <br/>. <br/>. <br/>2014-01-03 03:49 . 2014-01-03 04:01 -------- d-----w- c:\users\Thanh\AppData\Local\temp <br/>2013-12-30 18:42 . 2013-12-30 18:42 -------- d-----w- C:\found.000 <br/>2013-12-27 06:42 . 2013-12-04 03:28 10315576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{8ECAE5C0-F355-4422-8208-0C83271200AE}\mpengine.dll <br/>. <br/>. <br/>. <br/>(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) <br/>. <br/>2013-12-10 19:44 . 2013-01-14 20:48 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe <br/>2013-12-10 19:44 . 2011-11-29 22:28 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl <br/>2013-11-19 08:33 . 2009-10-17 03:33 267936 ------w- c:\windows\system32\MpSigStub.exe <br/>. <br/>. <br/>((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) <br/>. <br/>. <br/>*Note* empty entries & legit default entries are not shown <br/>REGEDIT4 <br/>. <br/>[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] <br/>@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" <br/>[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] <br/>2013-05-25 00:36 130736 ----a-w- c:\users\Thanh\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll <br/>. <br/>[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] <br/>@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" <br/>[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] <br/>2013-05-25 00:36 130736 ----a-w- c:\users\Thanh\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll <br/>. <br/>[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] <br/>@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" <br/>[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] <br/>2013-05-25 00:36 130736 ----a-w- c:\users\Thanh\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll <br/>. <br/>[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] <br/>"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1555968] <br/>"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 138240] <br/>"SoniqueQuickStart"="c:\program files\Sonique\sqstart.exe" [2011-06-10 44832] <br/>"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2013-11-14 20584608] <br/>"Viber"="c:\users\Thanh\AppData\Local\Viber\Viber.exe" [2013-07-07 912904] <br/>. <br/>[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] <br/>"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2008-05-23 128296] <br/>"AdobeCS4ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712] <br/>"Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2012-01-04 40376] <br/>"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2012-01-03 640440] <br/>"WinampAgent"="c:\program files (x86)\Winamp\winampa.exe" [2010-01-13 37888] <br/>"OfficeScanNT Monitor"="c:\program files (x86)\Trend Micro\Client Server Security Agent\pccntmon.exe" [2010-03-02 1505072] <br/>"OE"="c:\program files (x86)\Trend Micro\Client Server Security Agent\TMAS_OE\TMAS_OEMon.exe" [2010-01-05 842504] <br/>"AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-09-27 59240] <br/>"AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-07-23 402432] <br/>"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096] <br/>"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712] <br/>"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-22 59720] <br/>"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376] <br/>"AdobeCS5.5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" [2011-01-12 1523360] <br/>"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-01-04 37296] <br/>"Samsung PanelMgr"="c:\windows\Samsung\PanelMgr\ssmmgr.exe" [2010-01-06 618496] <br/>"IJNetworkScannerSelectorEX"="c:\program files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe" [2010-09-09 452016] <br/>"VMM Mode Selection"="c:\program files\HTC\ModeSelection\VMMModeSelection.exe" [2011-02-14 43520] <br/>"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816] <br/>"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2013-05-01 421888] <br/>"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2013-11-02 152392] <br/>. <br/>c:\users\Thanh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ <br/>Dropbox.lnk - c:\users\Thanh\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2013-5-24 27776968] <br/>. <br/>c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ <br/>McAfee Security Scan Plus.lnk - c:\program files (x86)\McAfee Security Scan\2.1.121\SSScheduler.exe [2010-9-3 255536] <br/>NETGEAR WNA3100 Genie.lnk - c:\program files (x86)\NETGEAR\WNA3100\WNA3100.exe [2012-9-12 8364288] <br/>Smart Wizard Wireless Settings.lnk - c:\program files (x86)\NETGEAR\WG111 Configuration Utility\WG111CFG.exe [2012-1-6 1056864] <br/>. <br/>c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ <br/>Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe /firstrun [2009-2-6 1312096] <br/>. <br/>[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] <br/>"EnableUIADesktopToggle"= 0 (0x0) <br/>. <br/>[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32] <br/>"aux"=wdmaud.drv <br/>. <br/>R2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [x] <br/>R3 Adobe Version Cue CS4;Adobe Version Cue CS4;c:\program files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe;c:\program files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [x] <br/>. <br/>. <br/>--- Other Services/Drivers In Memory --- <br/>. <br/>*NewlyCreated* - ECACHE <br/>. <br/>[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost] <br/>getPlusHelper REG_MULTI_SZ getPlusHelper <br/>. <br/>HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs <br/>Themes <br/>. <br/>Contents of the 'Scheduled Tasks' folder <br/>. <br/>2013-12-30 c:\windows\Tasks\Adobe Flash Player Updater.job <br/>- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-01-14 19:44] <br/>. <br/>2014-01-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job <br/>- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-02-20 21:29] <br/>. <br/>2014-01-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job <br/>- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-02-20 21:29] <br/>. <br/>2013-12-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1315876244-2709806311-3956440418-1000Core.job <br/>- c:\users\Thanh\AppData\Local\Google\Update\GoogleUpdate.exe [2011-06-27 18:29] <br/>. <br/>2013-12-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1315876244-2709806311-3956440418-1000UA.job <br/>- c:\users\Thanh\AppData\Local\Google\Update\GoogleUpdate.exe [2011-06-27 18:29] <br/>. <br/>2013-12-29 c:\windows\Tasks\Norton Security Scan for Thanh.job <br/>- c:\progra~2\NORTON~2\Engine\403~1.27\Nss.exe [2013-11-15 07:10] <br/>. <br/>. <br/>--------- X64 Entries ----------- <br/>. <br/>. <br/>[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] <br/>@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" <br/>[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] <br/>2013-05-25 00:36 164016 ----a-w- c:\users\Thanh\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll <br/>. <br/>[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] <br/>@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" <br/>[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] <br/>2013-05-25 00:36 164016 ----a-w- c:\users\Thanh\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll <br/>. <br/>[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] <br/>@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" <br/>[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] <br/>2013-05-25 00:36 164016 ----a-w- c:\users\Thanh\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll <br/>. <br/>[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4] <br/>@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}" <br/>[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}] <br/>2013-05-25 00:36 164016 ----a-w- c:\users\Thanh\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll <br/>. <br/>[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] <br/>"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-01-13 6848544] <br/>"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-01-13 151064] <br/>"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-01-13 208920] <br/>"Persistence"="c:\windows\system32\igfxpers.exe" [2009-01-13 176152] <br/>"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2009-01-19 4119552] <br/>"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-03-15 499608] <br/>. <br/>------- Supplementary Scan ------- <br/>. <br/>uLocal Page = c:\windows\system32\blank.htm <br/>uStart Page = [url=firebug@software.joehewitt.com]firebug@software.joehewitt.com[/url] - %profile%\extensions\firebug@software.joehewitt.com <br/>FF - Ext: Samucaya Dynamic Search Engine: {f152489f-b189-4550-81fd-7d996d242be7} - %profile%\extensions\{f152489f-b189-4550-81fd-7d996d242be7} <br/>FF - Ext: MeasureIt: {75CEEE46-9B64-46f8-94BF-54012DE155F0} - %profile%\extensions\{75CEEE46-9B64-46f8-94BF-54012DE155F0} <br/>FF - Ext: ColorZilla: {6AC85730-7D0F-4de0-B3FA-21142DD85326} - %profile%\extensions\{6AC85730-7D0F-4de0-B3FA-21142DD85326} <br/>FF - Ext: ShowIP: {3e9bb2a7-62ca-4efa-a4e6-f6f6168a652d} - %profile%\extensions\{3e9bb2a7-62ca-4efa-a4e6-f6f6168a652d} <br/>FF - Ext: CodeBurner for Firebug: [url=firebug@tools.sitepoint.com]firebug@tools.sitepoint.com[/url] - %profile%\extensions\firebug@tools.sitepoint.com <br/>FF - Ext: Pixel Perfect: [url=pixelperfectplugin@openhouseconcepts.com]pixelperfectplugin@openhouseconcepts.com[/url] - %profile%\extensions\pixelperfectplugin@openhouseconcepts.com <br/>FF - Ext: Abduction!: {b0e1b4a6-2c6f-4e99-94f2-8e625d7ae255} - %profile%\extensions\{b0e1b4a6-2c6f-4e99-94f2-8e625d7ae255} <br/>FF - Ext: Domain Details: {152455DE-7B40-4bcf-B5B4-C68A1BE85A91} - %profile%\extensions\{152455DE-7B40-4bcf-B5B4-C68A1BE85A91} <br/>FF - Ext: Dummy Lipsum: [url=dummylipsum@sogame.cat]dummylipsum@sogame.cat[/url] - %profile%\extensions\dummylipsum@sogame.cat <br/>FF - Ext: GridFox: {D9CFDC5F-081E-420c-A108-A628AC2E556B} - %profile%\extensions\{D9CFDC5F-081E-420c-A108-A628AC2E556B} <br/>FF - Ext: Palette Grabber: {6334b320-bd37-11da-a94d-0800200c9a66} - %profile%\extensions\{6334b320-bd37-11da-a94d-0800200c9a66} <br/>FF - Ext: KGen: [url=kgen@elitwork.com]kgen@elitwork.com[/url] - %profile%\extensions\kgen@elitwork.com <br/>FF - Ext: Forecastfox: {0538E3E3-7E9B-4d49-8831-A227C80A7AD3} - %profile%\extensions\{0538E3E3-7E9B-4d49-8831-A227C80A7AD3} <br/>FF - Ext: DownloadHelper: {b9db16a4-6edc-47ec-a1f4-b86292ed211d} - %profile%\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} <br/>FF - Ext: Screen Capture Elite: [url=screencaptureelite@plugin]screencaptureelite@plugin[/url] - %profile%\extensions\screencaptureelite@plugin <br/>. <br/>- - - - ORPHANS REMOVED - - - - <br/>. <br/>Wow6432Node-HKCU-Run-AdobeBridge - (no file) <br/>Wow6432Node-HKCU-Run-MobileDocuments - c:\program files (x86)\Common Files\Apple\Internet Services\ubd.exe <br/>Wow6432Node-HKCU-Run-WMPNSCFG - c:\program files (x86)\Windows Media Player\WMPNSCFG.exe <br/>Wow6432Node-HKLM-Run-CheckPoint Cleanup - c:\users\Thanh\AppData\Local\Temp\cpes_clean_launcher.exe <br/>Wow6432Node-HKLM-Run-<NO NAME> - (no file) <br/>HKLM-Run-Skytel - c:\program files\Realtek\Audio\HDA\Skytel.exe <br/>HKLM-Run-LogMeIn GUI - c:\program files (x86)\LogMeIn\x64\LogMeInSystray.exe <br/>AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe <br/>AddRemove-AndreaMosaic - c:\windows\iun6002.exe <br/>AddRemove-Dell Photo Printer 720 - c:\program files (x86) (x86)\Dell Photo Printer 720\Install\x64\Uninst.exe <br/>AddRemove-{7B63B2922B174135AFC0E1377DD81EC2} - c:\program files (x86)\DivX\DivXCodecUninstall.exe <br/>AddRemove-{8ADFC4160D694100B5B8A22DE9DCABD9} - c:\program files (x86)\DivX\DivXPlayerUninstall.exe <br/>AddRemove-{C8C8387B-A98B-44E8-807A-1A9B7F51FFDA} - c:\users\Thanh\AppData\Local\{784E3329-1B2A-421E-9427-596088B766F6}\setup_blazemp.exe <br/>. <br/>. <br/>. <br/>--------------------- LOCKED REGISTRY KEYS --------------------- <br/>. <br/>[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] <br/>@Denied: (A 2) (Everyone) <br/>@="FlashBroker" <br/>"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_170_ActiveX.exe,-101" <br/>. <br/>[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] <br/>"Enabled"=dword:00000001 <br/>. <br/>[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] <br/>@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_170_ActiveX.exe" <br/>. <br/>[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] <br/>@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" <br/>. <br/>[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] <br/>@Denied: (A 2) (Everyone) <br/>@="IFlashBroker5" <br/>. <br/>[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] <br/>@="{00020424-0000-0000-C000-000000000046}" <br/>. <br/>[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] <br/>@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" <br/>"Version"="1.0" <br/>. <br/>[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] <br/>@Denied: (A 2) (Everyone) <br/>@="FlashBroker" <br/>"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_170_ActiveX.exe,-101" <br/>. <br/>[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] <br/>"Enabled"=dword:00000001 <br/>. <br/>[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] <br/>@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_170_ActiveX.exe" <br/>. <br/>[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] <br/>@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" <br/>. <br/>[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] <br/>@Denied: (A 2) (Everyone) <br/>@="Shockwave Flash Object" <br/>. <br/>[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] <br/>@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx" <br/>"ThreadingModel"="Apartment" <br/>. <br/>[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] <br/>@="0" <br/>. <br/>[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] <br/>@="ShockwaveFlash.ShockwaveFlash.11" <br/>. <br/>[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] <br/>@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx, 1" <br/>. <br/>[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] <br/>@="{D27CDB6B-AE6D-11cf-96B8-444553540000}" <br/>. <br/>[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] <br/>@="1.0" <br/>. <br/>[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] <br/>@="ShockwaveFlash.ShockwaveFlash" <br/>. <br/>[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] <br/>@Denied: (A 2) (Everyone) <br/>@="Macromedia Flash Factory Object" <br/>. <br/>[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] <br/>@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx" <br/>"ThreadingModel"="Apartment" <br/>. <br/>[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] <br/>@="FlashFactory.FlashFactory.1" <br/>. <br/>[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] <br/>@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx, 1" <br/>. <br/>[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] <br/>@="{D27CDB6B-AE6D-11cf-96B8-444553540000}" <br/>. <br/>[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] <br/>@="1.0" <br/>. <br/>[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] <br/>@="FlashFactory.FlashFactory" <br/>. <br/>[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] <br/>@Denied: (A 2) (Everyone) <br/>@="IFlashBroker5" <br/>. <br/>[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] <br/>@="{00020424-0000-0000-C000-000000000046}" <br/>. <br/>[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] <br/>@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" <br/>"Version"="1.0" <br/>. <br/>[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}] <br/>@Denied: (A 2) (Everyone) <br/>. <br/>[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0] <br/>@="Shockwave Flash" <br/>. <br/>[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}] <br/>@Denied: (A 2) (Everyone) <br/>@="" <br/>. <br/>[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0] <br/>@="FlashBroker" <br/>. <br/>[HKEY_LOCAL_MACHINE\software\Wow6432Node\Classes] <br/>"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59, <br/> 00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\ <br/>. <br/>Completion time: 2014-01-02 23:06:58 - machine was rebooted <br/>ComboFix-quarantined-files.txt 2014-01-03 04:06 <br/>. <br/>Pre-Run: 347,645,919,232 bytes free <br/>Post-Run: 425,100,009,472 bytes free <br/>. <br/>- - End Of File - - D843A2DE07060D63B3405381AA3DEC03 <br/>CDB4DE4BBD714F152979DA2DCBEF57EB
Posted 1/3/2014 5:52 AM
#96378
User avatar

Touch Advanced member

Date Joined Nov 2016
Total Posts: 12976
Hi and welcome :smile: <br/> <br/> <br/> <br/> <br/>Download OTL by OldTimer, saving it to your desktop: <br/>http://oldtimer.geekstogo.com/OTL.exe <br/>Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted. <br/>Select All Users <br/>• <br/>Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long. <br/>When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL. <br/> <br/>Post both logs[url]

[color=black face="Courier New" sab="311">[2]Click here: Before-posting-a-log[/2][/url]

<?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" />
[/color]
Do not PM me with logfiles. They will be deleted.


Posted 1/3/2014 4:15 PM
#96381
User avatar

neo2000x Member

Date Joined Nov 2016
Total Posts: 4
Thanks for the help! Here are the OTL logs: <br/> <br/> <br/>OTL.txt <br/> <br/>OTL logfile created on: 1/3/2014 11:05:49 AM - Run 1 <br/>OTL by OldTimer - Version 3.2.69.0 Folder = C:\ <br/>64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation <br/>Internet Explorer (Version = 8.0.6001.19170) <br/>Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy <br/> <br/>8.00 Gb Total Physical Memory | 6.67 Gb Available Physical Memory | 83.36% Memory free <br/>16.17 Gb Paging File | 15.12 Gb Available in Paging File | 93.49% Paging File free <br/>Paging file location(s): ?:\pagefile.sys [binary data] <br/> <br/>%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) <br/>Drive C: | 683.95 Gb Total Space | 395.97 Gb Free Space | 57.89% Space Free | Partition Type: NTFS <br/>Drive D: | 14.65 Gb Total Space | 7.41 Gb Free Space | 50.61% Space Free | Partition Type: NTFS <br/> <br/>Computer Name: THANH-PC | User Name: Thanh | Logged in as Administrator. <br/>Boot Mode: SafeMode with Networking | Scan Mode: All users | Quick Scan | Include 64bit Scans <br/>Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days <br/> <br/>[color=#E56717]========== Processes (SafeList) ==========[/color] <br/> <br/>PRC - [2014/01/03 11:05:02 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\OTL.exe <br/> <br/> <br/>[color=#E56717]========== Modules (No Company Name) ==========[/color] <br/> <br/> <br/>[color=#E56717]========== Services (SafeList) ==========[/color] <br/> <br/>SRV:64bit: - [2009/10/26 09:36:27 | 001,038,088 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FLEXnet Licensing Service 64) <br/>SRV:64bit: - [2009/01/19 05:20:10 | 000,032,768 | ---- | M] () [Auto | Stopped] -- C:\Windows\SysNative\WLTRYSVC.EXE -- (wltrysvc) <br/>SRV:64bit: - [2009/01/13 05:33:06 | 000,088,576 | ---- | M] (Andrea Electronics Corporation) [Auto | Stopped] -- C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe -- (AERTFilters) <br/>SRV:64bit: - [2008/12/18 13:05:28 | 000,155,648 | ---- | M] (Stardock Corporation) [Auto | Stopped] -- C:\Program Files\Dell\DellDock\DockLogin.exe -- (DockLoginService) <br/>SRV:64bit: - [2008/01/20 21:47:32 | 000,383,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) <br/>SRV - [2013/12/10 14:44:26 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) <br/>SRV - [2013/09/05 09:34:30 | 000,171,680 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) <br/>SRV - [2012/10/23 04:47:48 | 002,848,168 | ---- | M] (TeamViewer GmbH) [Auto | Stopped] -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7) <br/>SRV - [2012/10/08 17:04:18 | 000,166,912 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe -- (PassThru Service) <br/>SRV - [2012/07/16 16:49:10 | 000,087,368 | ---- | M] (Nero AG) [Auto | Stopped] -- C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe -- (HTCMonitorService) <br/>SRV - [2011/12/07 17:31:00 | 000,303,360 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\NETGEAR\WNA3100\WifiSvc.exe -- (WSWNA3100) <br/>SRV - [2010/09/03 01:45:02 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\McAfee Security Scan\2.1.121\McCHSvc.exe -- (McComponentHostService) <br/>SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) <br/>SRV - [2010/03/18 02:29:34 | 002,048,784 | ---- | M] (Trend Micro Inc.) [Auto | Stopped] -- C:\Program Files (x86)\Trend Micro\Client Server Security Agent\TmListen.exe -- (tmlisten) <br/>SRV - [2010/02/26 00:04:02 | 001,816,368 | ---- | M] (Trend Micro Inc.) [Auto | Stopped] -- C:\Program Files (x86)\Trend Micro\Client Server Security Agent\Ntrtscan.exe -- (ntrtscan) <br/>SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard) <br/>SRV - [2009/10/26 09:32:44 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service) <br/>SRV - [2009/07/15 16:36:48 | 000,917,768 | ---- | M] (Trend Micro Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Trend Micro\Client Server Security Agent\TmProxy.exe -- (TmProxy) <br/>SRV - [2009/07/06 13:16:50 | 000,570,632 | ---- | M] (Trend Micro Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Trend Micro\BM\TMBMSRV.exe -- (TMBMServer) <br/>SRV - [2009/03/29 23:42:14 | 000,066,368 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) <br/>SRV - [2008/08/15 04:46:20 | 000,284,016 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe -- (Adobe Version Cue CS4) <br/> <br/> <br/>[color=#E56717]========== Driver Services (SafeList) ==========[/color] <br/> <br/>DRV:64bit: - [2012/12/13 13:50:36 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\usbaapl64.sys -- (USBAAPL64) <br/>DRV:64bit: - [2012/10/23 22:57:13 | 000,231,376 | ---- | M] (TrueCrypt Foundation) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\truecrypt.sys -- (truecrypt) <br/>DRV:64bit: - [2012/10/08 17:04:18 | 000,036,928 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\htcnprot.sys -- (htcnprot) <br/>DRV:64bit: - [2012/08/21 12:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\gearaspiwdm.sys -- (GEARAspiWDM) <br/>DRV:64bit: - [2011/12/12 16:37:00 | 001,229,568 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\bcmwlhigh664.sys -- (BCMH43XX) <br/>DRV:64bit: - [2011/11/28 21:28:28 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\PxHlpa64.sys -- (PxHlpa64) <br/>DRV:64bit: - [2010/02/10 12:46:22 | 000,035,840 | R--- | M] (Avanquest Software) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BVRPMPR5a64.SYS -- (BVRPMPR5a64) <br/>DRV:64bit: - [2009/11/16 03:13:26 | 000,271,360 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys -- (RTL8169) <br/>DRV:64bit: - [2009/09/30 19:51:42 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb) <br/>DRV:64bit: - [2009/07/15 16:37:36 | 000,107,536 | ---- | M] (Trend Micro Inc.) [Kernel | System | Stopped] -- C:\Windows\SysNative\DRIVERS\tmtdi.sys -- (tmtdi) <br/>DRV:64bit: - [2009/06/10 02:46:00 | 000,031,744 | ---- | M] (HTC, Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\ANDROIDUSB.sys -- (HTCAND64) <br/>DRV:64bit: - [2009/01/19 05:19:26 | 000,022,520 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BCM42RLY.sys -- (BCM42RLY) <br/>DRV:64bit: - [2009/01/19 05:18:36 | 001,526,776 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\bcmwl664.sys -- (BCM43XX) <br/>DRV:64bit: - [2009/01/13 06:41:32 | 000,406,040 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\iastor.sys -- (iaStor) <br/>DRV:64bit: - [2009/01/13 02:54:08 | 007,876,736 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\igdkmd64.sys -- (igfx) <br/>DRV:64bit: - [2008/06/27 06:51:10 | 000,088,632 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\adfs.sys -- (adfs) <br/>DRV:64bit: - [2008/05/06 15:06:00 | 000,014,464 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wdcsam64.sys -- (WDC_SAM) <br/>DRV:64bit: - [2008/01/20 21:51:07 | 000,016,384 | ---- | M] (Microsoft Corporation) [Recognizer | System | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) <br/>DRV:64bit: - [2008/01/20 21:46:55 | 000,317,952 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\e1e6032e.sys -- (e1express) <br/>DRV:64bit: - [2007/11/15 18:47:04 | 000,087,384 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\Windows\SysNative\LMIRfsClientNP.dll -- (LMIRfsClientNP) <br/>DRV:64bit: - [2007/08/03 15:09:32 | 000,069,408 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Stopped] -- C:\Windows\SysNative\drivers\LMIRfsDriver.sys -- (LMIRfsDriver) <br/>DRV:64bit: - [2007/08/03 15:04:50 | 000,011,552 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\lmimirr.sys -- (lmimirr) <br/>DRV:64bit: - [2007/01/19 17:24:24 | 000,025,312 | R--- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\scmndisp.sys -- (SCMNdisP) <br/>DRV:64bit: - [2006/11/02 02:48:50 | 002,488,320 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\atikmdag.sys -- (R300) <br/>DRV - [2013/08/14 14:28:44 | 000,344,864 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Stopped] -- C:\Program Files (x86)\Trend Micro\Client Server Security Agent\tmxpflt.sys -- (TmFilter) <br/>DRV - [2013/08/14 14:28:08 | 000,042,272 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Stopped] -- C:\Program Files (x86)\Trend Micro\Client Server Security Agent\tmpreflt.sys -- (TmPreFilter) <br/>DRV - [2013/08/14 14:17:34 | 002,260,768 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Stopped] -- C:\Program Files (x86)\Trend Micro\Client Server Security Agent\VsapiNT.sys -- (VSApiNt) <br/>DRV - [2009/07/28 19:55:42 | 000,011,576 | ---- | M] (Samsung Electronics) [Kernel | Auto | Stopped] -- C:\Windows\SysWOW64\drivers\SSPORT.SYS -- (SSPORT) <br/>DRV - [2008/08/14 06:57:42 | 000,074,720 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Stopped] -- C:\Windows\SysWow64\drivers\adfs.sys -- (adfs) <br/>DRV - [2007/02/06 14:05:14 | 000,016,512 | ---- | M] (Adaptec) [Kernel | System | Stopped] -- C:\Windows\SysWow64\drivers\aspi32.sys -- (ASPI32) <br/>DRV - [2007/02/06 14:05:14 | 000,016,512 | ---- | M] (Adaptec) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\aspi32.sys -- (ASPI) <br/>DRV - [2006/11/14 21:26:48 | 000,015,664 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\GEARAspiWDM.sys -- (GEARAspiWDM) <br/> <br/> <br/>[color=#E56717]========== Standard Registry (SafeList) ==========[/color] <br/> <br/> <br/>[color=#E56717]========== Internet Explorer ==========[/color] <br/> <br/>IE:64bit: - HKLM\..\SearchScopes,DefaultScope = <br/>IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = [url=firebug@tools.sitepoint.com:1.6]firebug@tools.sitepoint.com:1.6[/url] <br/>FF - prefs.js..extensions.enabledItems: {6AC85730-7D0F-4de0-B3FA-21142DD85326}:2.8 <br/>FF - prefs.js..extensions.enabledItems: {152455DE-7B40-4bcf-B5B4-C68A1BE85A91}:2.7 <br/>FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.9.21 <br/>FF - prefs.js..extensions.enabledItems: [url=dummylipsum@sogame.cat:3.0.0]dummylipsum@sogame.cat:3.0.0[/url] <br/>FF - prefs.js..extensions.enabledItems: [url=firebug@software.joehewitt.com:1.7.3]firebug@software.joehewitt.com:1.7.3[/url] <br/>FF - prefs.js..extensions.enabledItems: {a7c6cf7f-112c-4500-a7ea-39801a327e5f}:1.0.10 <br/>FF - prefs.js..extensions.enabledItems: {0538E3E3-7E9B-4d49-8831-A227C80A7AD3}:2.2.2 <br/>FF - prefs.js..extensions.enabledItems: {D9CFDC5F-081E-420c-A108-A628AC2E556B}:2.0 <br/>FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 <br/>FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 <br/>FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 <br/>FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26 <br/>FF - prefs.js..extensions.enabledItems: [url=kgen@elitwork.com:0.8.1]kgen@elitwork.com:0.8.1[/url] <br/>FF - prefs.js..extensions.enabledItems: {75CEEE46-9B64-46f8-94BF-54012DE155F0}:0.4.12 <br/>FF - prefs.js..extensions.enabledItems: {6334b320-bd37-11da-a94d-0800200c9a66}:0.4.1 <br/>FF - prefs.js..extensions.enabledItems: [url=pixelperfectplugin@openhouseconcepts.com:1.8.0]pixelperfectplugin@openhouseconcepts.com:1.8.0[/url] <br/>FF - prefs.js..extensions.enabledItems: {f152489f-b189-4550-81fd-7d996d242be7}:5.0.2 <br/>FF - prefs.js..extensions.enabledItems: [url=screencaptureelite@plugin:2.0.0.23]screencaptureelite@plugin:2.0.0.23[/url] <br/>FF - prefs.js..extensions.enabledItems: {3e9bb2a7-62ca-4efa-a4e6-f6f6168a652d}:0.8.19 <br/>FF - prefs.js..extensions.enabledItems: {c45c406e-ab73-11d8-be73-000a95be3b12}:1.2.5 <br/>FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}:6.0.29 <br/>FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.2.145 <br/>FF - prefs.js..extensions.enabledItems: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}:6.9.0.12585 <br/>FF - user.js - File not found <br/> <br/>FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll File not found <br/>FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) <br/>FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll () <br/>FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) <br/>FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found <br/>FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () <br/>FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) <br/>FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Player\npDivxPlayerPlugin.dll File not found <br/>FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) <br/>FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) <br/>FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) <br/>FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) <br/>FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8051.1204: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) <br/>FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) <br/>FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.) <br/>FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.) <br/>FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.) <br/>FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) <br/>FF - HKCU\Software\MozillaPlugins\@citrixonline.com/appdetectorplugin: C:\Users\Thanh\AppData\Local\Citrix\Plugins\97\npappdetector.dll (Citrix Online) <br/>FF - HKCU\Software\MozillaPlugins\@fuzebox.com/Fuze Meeting NPAPI Plugin,version=1.0.0.1: C:\Users\Thanh\AppData\Local\Fuze Box\Fuze Meeting\npfuzeshare.dll ( ) <br/>FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Thanh\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google) <br/>FF - HKCU\Software\MozillaPlugins\@talk.google.com/O1DPlugin: C:\Users\Thanh\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google) <br/>FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Thanh\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll () <br/>FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Thanh\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.) <br/>FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Thanh\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.) <br/>FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Thanh\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) <br/> <br/>FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{22C7F6C6-8D67-4534-92B5-529A0EC09405}: C:\Program Files (x86)\Trend Micro\Client Server Security Agent\bho\1007\FirefoxExtension [2013/06/24 02:13:24 | 000,000,000 | ---D | M] <br/>FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012/01/11 11:41:50 | 000,000,000 | ---D | M] <br/>FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.25\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/06/24 03:12:33 | 000,000,000 | ---D | M] <br/>FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.25\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/08/12 09:04:20 | 000,000,000 | ---D | M] <br/> <br/>[2009/10/19 09:21:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Thanh\AppData\Roaming\mozilla\Extensions <br/>[2013/09/24 00:15:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Thanh\AppData\Roaming\mozilla\Firefox\Profiles\fxflq1vf.default\extensions <br/>[2009/11/18 08:00:21 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Thanh\AppData\Roaming\mozilla\Firefox\Profiles\fxflq1vf.default\extensions\{02450954-cdd9-410f-b1da-db804e18c671} <br/>[2013/09/24 00:14:26 | 000,000,000 | ---D | M] (Forecastfox) -- C:\Users\Thanh\AppData\Roaming\mozilla\Firefox\Profiles\fxflq1vf.default\extensions\{0538E3E3-7E9B-4d49-8831-A227C80A7AD3} <br/>[2013/09/24 00:14:31 | 000,000,000 | ---D | M] (Domain Details) -- C:\Users\Thanh\AppData\Roaming\mozilla\Firefox\Profiles\fxflq1vf.default\extensions\{152455DE-7B40-4bcf-B5B4-C68A1BE85A91} <br/>[2010/04/30 08:13:06 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Thanh\AppData\Roaming\mozilla\Firefox\Profiles\fxflq1vf.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} <br/>[2009/12/15 10:10:14 | 000,000,000 | ---D | M] (ShowIP) -- C:\Users\Thanh\AppData\Roaming\mozilla\Firefox\Profiles\fxflq1vf.default\extensions\{3e9bb2a7-62ca-4efa-a4e6-f6f6168a652d} <br/>[2009/11/18 08:12:00 | 000,000,000 | ---D | M] ("Palette Grabber") -- C:\Users\Thanh\AppData\Roaming\mozilla\Firefox\Profiles\fxflq1vf.default\extensions\{6334b320-bd37-11da-a94d-0800200c9a66} <br/>[2013/09/24 00:14:33 | 000,000,000 | ---D | M] (ColorZilla) -- C:\Users\Thanh\AppData\Roaming\mozilla\Firefox\Profiles\fxflq1vf.default\extensions\{6AC85730-7D0F-4de0-B3FA-21142DD85326} <br/>[2013/09/24 00:14:34 | 000,000,000 | ---D | M] (MeasureIt) -- C:\Users\Thanh\AppData\Roaming\mozilla\Firefox\Profiles\fxflq1vf.default\extensions\{75CEEE46-9B64-46f8-94BF-54012DE155F0} <br/>[2009/11/18 08:12:00 | 000,000,000 | ---D | M] (IE Tab) -- C:\Users\Thanh\AppData\Roaming\mozilla\Firefox\Profiles\fxflq1vf.default\extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9} <br/>[2013/09/24 00:14:56 | 000,000,000 | ---D | M] (FireFTP) -- C:\Users\Thanh\AppData\Roaming\mozilla\Firefox\Profiles\fxflq1vf.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f} <br/>[2013/09/24 00:14:20 | 000,000,000 | ---D | M] (Abduction!) -- C:\Users\Thanh\AppData\Roaming\mozilla\Firefox\Profiles\fxflq1vf.default\extensions\{b0e1b4a6-2c6f-4e99-94f2-8e625d7ae255} <br/>[2013/09/24 00:14:26 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Thanh\AppData\Roaming\mozilla\Firefox\Profiles\fxflq1vf.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} <br/>[2009/11/18 08:12:02 | 000,000,000 | ---D | M] (Window Resizer) -- C:\Users\Thanh\AppData\Roaming\mozilla\Firefox\Profiles\fxflq1vf.default\extensions\{C1273352-9340-4d54-A6D7-17DC157EC0B9} <br/>[2013/09/24 00:14:54 | 000,000,000 | ---D | M] (Web Developer) -- C:\Users\Thanh\AppData\Roaming\mozilla\Firefox\Profiles\fxflq1vf.default\extensions\{c45c406e-ab73-11d8-be73-000a95be3b12} <br/>[2010/04/30 08:13:06 | 000,000,000 | ---D | M] (GridFox) -- C:\Users\Thanh\AppData\Roaming\mozilla\Firefox\Profiles\fxflq1vf.default\extensions\{D9CFDC5F-081E-420c-A108-A628AC2E556B} <br/>[2009/11/18 08:12:03 | 000,000,000 | ---D | M] ("Samucaya Dynamic Search Engine") -- C:\Users\Thanh\AppData\Roaming\mozilla\Firefox\Profiles\fxflq1vf.default\extensions\{f152489f-b189-4550-81fd-7d996d242be7} <br/>[2009/12/22 17:09:09 | 000,000,000 | ---D | M] (Dummy Lipsum) -- C:\Users\Thanh\AppData\Roaming\mozilla\Firefox\Profiles\fxflq1vf.default\extensions\dummylipsum@sogame.cat <br/>[2013/09/24 00:14:49 | 000,000,000 | ---D | M] (Firebug) -- C:\Users\Thanh\AppData\Roaming\mozilla\Firefox\Profiles\fxflq1vf.default\extensions\firebug@software.joehewitt.com <br/>[2013/09/24 00:14:21 | 000,000,000 | ---D | M] (CodeBurner for Firebug) -- C:\Users\Thanh\AppData\Roaming\mozilla\Firefox\Profiles\fxflq1vf.default\extensions\firebug@tools.sitepoint.com <br/>[2013/09/24 00:14:27 | 000,000,000 | ---D | M] ("KGen") -- C:\Users\Thanh\AppData\Roaming\mozilla\Firefox\Profiles\fxflq1vf.default\extensions\kgen@elitwork.com <br/>[2013/09/24 00:14:32 | 000,000,000 | ---D | M] (Pixel Perfect) -- C:\Users\Thanh\AppData\Roaming\mozilla\Firefox\Profiles\fxflq1vf.default\extensions\pixelperfectplugin@openhouseconcepts.com <br/>[2013/09/24 00:14:25 | 000,000,000 | ---D | M] (Screen Capture Elite) -- C:\Users\Thanh\AppData\Roaming\mozilla\Firefox\Profiles\fxflq1vf.default\extensions\screencaptureelite@plugin <br/>[2011/03/04 17:43:55 | 000,002,197 | ---- | M] () -- C:\Users\Thanh\AppData\Roaming\mozilla\firefox\profiles\fxflq1vf.default\searchplugins\google-search.xml <br/>[2012/03/07 15:24:25 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions <br/>[2013/06/12 09:16:53 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} <br/>[2010/10/18 08:45:18 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} <br/>[2011/01/03 09:14:23 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} <br/>[2011/03/04 14:07:58 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} <br/>[2011/07/29 16:16:32 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} <br/>[2011/10/24 08:14:44 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} <br/>[2009/10/27 11:49:15 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{f1ac39e3-5cd4-4b04-902f-e1add0245a11} <br/>[2013/06/12 09:16:53 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions <br/>[2013/06/12 09:16:56 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} <br/>[2012/01/11 11:41:50 | 000,000,000 | ---D | M] (DivX Plus Web Player HTML5 &lt;video&gt;) -- C:\PROGRAM FILES (X86)\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\DIVXHTML5 <br/>[2010/01/13 17:46:00 | 000,063,488 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll <br/>[2012/02/28 15:04:46 | 000,020,569 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\xfinity.xml <br/> <br/>[color=#E56717]========== Chrome ==========[/color] <br/> <br/>CHR - default_search_provider: Conduit (Enabled) <br/>CHR - default_search_provider: search_url = [url=http://search.conduit.com/Results.aspx?q={searchTerms}&SearchSource=49&CUI=UN88772357139682570&ctid=CT3300196&UM=2]http://search.conduit.com/Results.aspx?q={searchTerms}&SearchSource=49&CUI=UN88772357139682570&ctid=CT3300196&UM=2[/url] <br/>CHR - default_search_provider: suggest_url = [url=http://suggest.search.conduit.com/CSuggestJson.ashx?prefix={searchTerms}&CUI=UN88772357139682570&UM=2]http://suggest.search.conduit.com/CSuggestJson.ashx?prefix={searchTerms}&CUI=UN88772357139682570&UM=2[/url], <br/>CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Thanh\AppData\Local\Google\Chrome\Application\31.0.1650.63\PepperFlash\pepflashplayer.dll <br/>CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer <br/>CHR - plugin: Native Client (Enabled) = C:\Users\Thanh\AppData\Local\Google\Chrome\Application\31.0.1650.63\ppGoogleNaClPluginChrome.dll <br/>CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Thanh\AppData\Local\Google\Chrome\Application\31.0.1650.63\pdf.dll <br/>CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll <br/>CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll <br/>CHR - plugin: DivX Player Netscape Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npDivxPlayerPlugin.dll <br/>CHR - plugin: QuickTime Plug-in 7.7.4 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll <br/>CHR - plugin: QuickTime Plug-in 7.7.4 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll <br/>CHR - plugin: QuickTime Plug-in 7.7.4 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll <br/>CHR - plugin: QuickTime Plug-in 7.7.4 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll <br/>CHR - plugin: QuickTime Plug-in 7.7.4 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll <br/>CHR - plugin: Winamp Application Detector (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll <br/>CHR - plugin: ActiveTouch General Plugin Container (Enabled) = C:\Users\Thanh\AppData\Local\Google\Chrome\Application\plugins\npatgpc.dll <br/>CHR - plugin: Google Talk Plugin (Enabled) = C:\Users\Thanh\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll <br/>CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Users\Thanh\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll <br/>CHR - plugin: Google Talk Plugin Video Renderer (Enabled) = C:\Users\Thanh\AppData\Roaming\Mozilla\plugins\npo1d.dll <br/>CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll <br/>CHR - plugin: DivX Plus Web Player (Enabled) = C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll <br/>CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll <br/>CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll <br/>CHR - plugin: Java(TM) Platform SE 7 U21 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll <br/>CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll <br/>CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll <br/>CHR - plugin: Unity Player (Enabled) = C:\Users\Thanh\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll <br/>CHR - plugin: Citrix Online Web Deployment Plugin 1.0.0.97 (Enabled) = C:\Users\Thanh\AppData\Local\Citrix\Plugins\97\npappdetector.dll <br/>CHR - plugin: FUZEShare (Enabled) = C:\Users\Thanh\AppData\Local\Fuze Box\Fuze Meeting\npfuzeshare.dll <br/>CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll <br/>CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll <br/>CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll <br/>CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll <br/>CHR - Extension: Skype Click to Call = C:\Users\Thanh\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.9.0.12585_0\ <br/>CHR - Extension: Google Wallet = C:\Users\Thanh\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_0\ <br/>CHR - Extension: DivX Plus Web Player HTML5 \u003Cvideo\u003E = C:\Users\Thanh\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\ <br/> <br/>O1 HOSTS File: ([2014/01/02 23:00:44 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts <br/>O1 - Hosts: 127.0.0.1 localhost <br/>O2:64bit: - BHO: (TmIEPlugInBHO Class) - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files (x86)\Trend Micro\Client Server Security Agent\bho\1007\TmIEPlg.dll (Trend Micro Inc.) <br/>O2 - BHO: (ContributeBHO Class) - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files (x86)\Adobe\/Adobe Contribute CS4/contributeieplugin.dll () <br/>O2 - BHO: (TmIEPlugInBHO Class) - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files (x86)\Trend Micro\Client Server Security Agent\bho\1007\TmIEPlg32.dll (Trend Micro Inc.) <br/>O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC) <br/>O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. <br/>O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) <br/>O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) <br/>O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) <br/>O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) <br/>O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) <br/>O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\/Adobe Contribute CS4/contributeieplugin.dll () <br/>O3 - HKU\S-1-5-21-1315876244-2709806311-3956440418-1000\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) <br/>O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated) <br/>O4:64bit: - HKLM..\Run: [Broadcom Wireless Manager UI] C:\Windows\SysNative\WLTRAY.exe (Dell Inc.) <br/>O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) <br/>O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation) <br/>O4:64bit: - HKLM..\Run: [LogMeIn GUI] "C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe" File not found <br/>O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) <br/>O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) <br/>O4:64bit: - HKLM..\Run: [Skytel] C:\Program Files\Realtek\Audio\HDA\Skytel.exe File not found <br/>O4 - HKLM..\Run: [] File not found <br/>O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe (Adobe Systems Inc.) <br/>O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated) <br/>O4 - HKLM..\Run: [Adobe_ID0ENQBO] C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4Tray.exe (Adobe Systems Incorporated) <br/>O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated) <br/>O4 - HKLM..\Run: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin File not found <br/>O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated) <br/>O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) <br/>O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe () <br/>O4 - HKLM..\Run: [IJNetworkScannerSelectorEX] C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe (CANON INC.) <br/>O4 - HKLM..\Run: [OE] C:\Program Files (x86)\Trend Micro\Client Server Security Agent\TMAS_OE\TMAS_OEMon.exe (Trend Micro Inc.) <br/>O4 - HKLM..\Run: [OfficeScanNT Monitor] C:\Program Files (x86)\Trend Micro\Client Server Security Agent\pccntmon.exe (Trend Micro Inc.) <br/>O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.) <br/>O4 - HKLM..\Run: [Samsung PanelMgr] C:\Windows\Samsung\PanelMgr\ssmmgr.exe () <br/>O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated) <br/>O4 - HKLM..\Run: [VMM Mode Selection] C:\Program Files\HTC\ModeSelection\VMMModeSelection.exe () <br/>O4 - HKLM..\Run: [WinampAgent] C:\Program Files (x86)\Winamp\winampa.exe (Nullsoft, Inc.) <br/>O4 - HKU\S-1-5-21-1315876244-2709806311-3956440418-1000..\Run: [SoniqueQuickStart] C:\Program Files\Sonique\sqstart.exe () <br/>O4 - HKU\S-1-5-21-1315876244-2709806311-3956440418-1000..\Run: [Viber] C:\Users\Thanh\AppData\Local\Viber\Viber.exe () <br/>O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = File not found <br/>O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = File not found <br/>O4 - Startup: C:\Users\Thanh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Thanh\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) <br/>O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present <br/>O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 <br/>O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present <br/>O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present <br/>O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present <br/>O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present <br/>O7 - HKU\S-1-5-21-1315876244-2709806311-3956440418-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present <br/>O7 - HKU\S-1-5-21-1315876244-2709806311-3956440418-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 <br/>O8:64bit: - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) <br/>O8:64bit: - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) <br/>O8:64bit: - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) <br/>O8:64bit: - Extra context menu item: Convert link target to existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) <br/>O8:64bit: - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) <br/>O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) <br/>O8 - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) <br/>O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) <br/>O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) <br/>O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) <br/>O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - Reg Error: Key error. File not found <br/>O9 - Extra Button: Flash Decompiler SWF Capture tool - {86B4FC19-8FA4-4FD3-B243-9AEDB42FA2D5} - C:\Program Files (x86)\Eltima Software\Flash Decompiler Trillix\saveflash\iebt.dll (Eltima) <br/>O9 - Extra 'Tools' menuitem : Flash Decompiler SWF Capture tool menu - {86B4FC19-8FA4-4FD3-B243-9AEDB42FA2D5} - C:\Program Files (x86)\Eltima Software\Flash Decompiler Trillix\saveflash\iebt.dll (Eltima) <br/>O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) <br/>O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) <br/>O13 - gopher Prefix: missing <br/>O15 - HKU\S-1-5-21-1315876244-2709806311-3956440418-1000\..Trusted Domains: samsungsetup.com ([www] http in Trusted sites) <br/>O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 10.21.2) <br/>O16 - DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} http://support.dell.com/systemprofiler/DellSystemLite.CAB (DellSystemLite.Scanner) <br/>O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) <br/>O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 10.21.2) <br/>O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://akamaicdn.webex.com/client/WBXclient-T27L10NSP31-13320/webex/ieatgpc1.cab (GpcContainer Class) <br/>O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) <br/>O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.10.1 <br/>O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6709B711-CB8C-496F-A3DE-09EAC548A166}: DhcpNameServer = 192.168.1.1 <br/>O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A55662D9-8674-4D0B-83BD-31A8F9D221BA}: DhcpNameServer = 192.168.10.1 <br/>O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E2D9855A-A095-4729-8132-488013609BF8}: DhcpNameServer = 192.168.1.1 <br/>O18:64bit: - Protocol\Handler\livecall - No CLSID value found <br/>O18:64bit: - Protocol\Handler\ms-help - No CLSID value found <br/>O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found <br/>O18:64bit: - Protocol\Handler\msnim - No CLSID value found <br/>O18:64bit: - Protocol\Handler\skype4com - No CLSID value found <br/>O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.) <br/>O18:64bit: - Protocol\Handler\tmpx {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files (x86)\Trend Micro\Client Server Security Agent\bho\1007\TmIEPlg.dll (Trend Micro Inc.) <br/>O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found <br/>O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) <br/>O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) <br/>O18 - Protocol\Handler\tmpx {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files (x86)\Trend Micro\Client Server Security Agent\bho\1007\TmIEPlg32.dll (Trend Micro Inc.) <br/>O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) <br/>O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) <br/>O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) <br/>O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) <br/>O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation) <br/>O24 - Desktop WallPaper: C:\Users\Thanh\Desktop\Cream_1400x1050.jpg <br/>O24 - Desktop BackupWallPaper: C:\Users\Thanh\Desktop\Cream_1400x1050.jpg <br/>O32 - HKLM CDRom: AutoRun - 1 <br/>O34 - HKLM BootExecute: (autocheck autochk *) <br/>O35:64bit: - HKLM\..comfile [open] -- "%1" %* <br/>O35:64bit: - HKLM\..exefile [open] -- "%1" %* <br/>O35 - HKLM\..comfile [open] -- "%1" %* <br/>O35 - HKLM\..exefile [open] -- "%1" %* <br/>O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %* <br/>O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* <br/>O37 - HKLM\...com [@ = ComFile] -- "%1" %* <br/>O37 - HKLM\...exe [@ = exefile] -- "%1" %* <br/>O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) <br/>O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) <br/> <br/>[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color] <br/> <br/>[2014/01/03 11:04:58 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\OTL.exe <br/>[2014/01/02 23:07:00 | 000,000,000 | ---D | C] -- C:\Windows\temp <br/>[2014/01/02 23:07:00 | 000,000,000 | ---D | C] -- C:\Users\Thanh\AppData\Local\temp <br/>[2014/01/02 23:00:54 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN <br/>[2014/01/02 22:30:27 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe <br/>[2014/01/02 22:30:27 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe <br/>[2014/01/02 22:30:27 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe <br/>[2014/01/02 22:28:18 | 000,000,000 | ---D | C] -- C:\Qoobox <br/>[2014/01/02 22:27:49 | 000,000,000 | ---D | C] -- C:\Windows\erdnt <br/>[2014/01/02 22:27:35 | 005,160,282 | R--- | C] (Swearware) -- C:\ComboFix.exe <br/>[2013/12/30 13:42:58 | 000,000,000 | ---D | C] -- C:\found.000 <br/>[2013/12/12 16:21:17 | 000,000,000 | ---D | C] -- C:\Users\Thanh\Desktop\OnProcess <br/>[1 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ] <br/> <br/>[color=#E56717]========== Files - Modified Within 30 Days ==========[/color] <br/> <br/>[2014/01/03 11:05:02 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\OTL.exe <br/>[2014/01/02 23:12:06 | 000,009,268 | ---- | M] () -- C:\Users\Thanh\AppData\Local\d3d9caps.dat <br/>[2014/01/02 23:00:44 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts <br/>[2014/01/02 22:56:06 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat <br/>[2014/01/02 22:51:12 | 000,000,031 | ---- | M] () -- C:\tmuninst.ini <br/>[2014/01/02 22:50:26 | 000,003,616 | ---- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 <br/>[2014/01/02 22:50:26 | 000,003,616 | ---- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 <br/>[2014/01/02 22:27:39 | 005,160,282 | R--- | M] (Swearware) -- C:\ComboFix.exe <br/>[2014/01/02 22:18:57 | 000,722,404 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI <br/>[2014/01/02 22:18:57 | 000,618,162 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat <br/>[2014/01/02 22:18:57 | 000,108,290 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat <br/>[2014/01/02 22:15:38 | 237,374,940 | ---- | M] () -- C:\Windows\MEMORY.DMP <br/>[2014/01/02 21:37:48 | 000,002,188 | ---- | M] () -- C:\Users\Thanh\AppData\Local\d3d9caps64.dat <br/>[2014/01/01 23:07:49 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job <br/>[2014/01/01 22:52:04 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job <br/>[2014/01/01 21:01:35 | 000,000,950 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk <br/>[2013/12/30 16:44:15 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job <br/>[2013/12/30 16:43:00 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1315876244-2709806311-3956440418-1000UA.job <br/>[2013/12/30 13:20:23 | 002,653,000 | ---- | M] () -- C:\Users\Thanh\Desktop\Tony_Card_Higher Res.psd <br/>[2013/12/30 12:33:59 | 000,395,729 | ---- | M] () -- C:\Users\Thanh\Desktop\Tony_Card_Higher Res.PNG <br/>[2013/12/29 21:43:00 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1315876244-2709806311-3956440418-1000Core.job <br/>[2013/12/29 13:15:07 | 000,000,452 | ---- | M] () -- C:\Windows\tasks\Norton Security Scan for Thanh.job <br/>[2013/12/18 02:10:03 | 000,229,759 | ---- | M] () -- C:\Users\Thanh\Desktop\znz.eps <br/>[2013/12/18 01:53:41 | 001,006,200 | ---- | M] () -- C:\Users\Thanh\Desktop\Starburst.ai <br/>[2013/12/11 16:46:39 | 001,646,459 | ---- | M] () -- C:\Users\Thanh\Desktop\Man Mai W9-1.pdf <br/>[2013/12/07 18:18:09 | 002,052,137 | ---- | M] () -- C:\Users\Thanh\Desktop\FINAL ART(1).jpg <br/>[2013/12/05 14:47:38 | 000,002,046 | ---- | M] () -- C:\Users\Thanh\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk <br/>[1 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ] <br/> <br/>[color=#E56717]========== Files Created - No Company Name ==========[/color] <br/> <br/>[2014/01/02 22:30:27 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe <br/>[2014/01/02 22:30:27 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe <br/>[2014/01/02 22:30:27 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe <br/>[2014/01/02 22:30:27 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe <br/>[2014/01/02 22:30:27 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe <br/>[2014/01/02 22:15:38 | 237,374,940 | ---- | C] () -- C:\Windows\MEMORY.DMP <br/>[2014/01/01 21:01:35 | 000,000,950 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk <br/>[2013/12/30 13:17:11 | 002,653,000 | ---- | C] () -- C:\Users\Thanh\Desktop\Tony_Card_Higher Res.psd <br/>[2013/12/30 12:33:59 | 000,395,729 | ---- | C] () -- C:\Users\Thanh\Desktop\Tony_Card_Higher Res.PNG <br/>[2013/12/07 18:18:09 | 002,052,137 | ---- | C] () -- C:\Users\Thanh\Desktop\FINAL ART(1).jpg <br/>[2013/05/13 18:15:52 | 000,000,032 | RHS- | C] () -- C:\Users\Thanh\AppData\Local\t65s2tb.dat <br/>[2012/10/19 12:38:03 | 003,596,288 | ---- | C] () -- C:\Windows\SysWow64\qt-dx331.dll <br/>[2012/09/28 10:02:48 | 000,482,408 | ---- | C] () -- C:\Windows\ssndii.exe <br/>[2012/04/15 22:05:13 | 000,413,696 | ---- | C] ( ) -- C:\Windows\SysWow64\dlbcinpa.dll <br/>[2012/04/15 22:05:13 | 000,323,584 | ---- | C] ( ) -- C:\Windows\SysWow64\DLBChcp.dll <br/>[2012/04/15 22:05:13 | 000,274,432 | ---- | C] () -- C:\Windows\SysWow64\DLBCinst.dll <br/>[2012/04/15 22:05:11 | 000,483,328 | ---- | C] ( ) -- C:\Windows\SysWow64\dlbcjswr.dll <br/>[2012/04/15 22:05:11 | 000,397,312 | ---- | C] ( ) -- C:\Windows\SysWow64\dlbciesc.dll <br/>[2012/04/15 22:05:11 | 000,090,112 | ---- | C] () -- C:\Windows\SysWow64\dlbccur.dll <br/>[2012/04/15 22:05:10 | 001,224,704 | ---- | C] ( ) -- C:\Windows\SysWow64\dlbcserv.dll <br/>[2012/04/15 22:05:10 | 000,991,232 | ---- | C] ( ) -- C:\Windows\SysWow64\dlbcusb1.dll <br/>[2012/04/15 22:05:10 | 000,643,072 | ---- | C] ( ) -- C:\Windows\SysWow64\dlbcpmui.dll <br/>[2012/04/15 22:05:10 | 000,585,728 | ---- | C] ( ) -- C:\Windows\SysWow64\dlbclmpm.dll <br/>[2012/04/15 22:05:10 | 000,413,696 | ---- | C] () -- C:\Windows\SysWow64\dlbcutil.dll <br/>[2012/04/15 22:05:10 | 000,181,744 | ---- | C] ( ) -- C:\Windows\SysWow64\dlbcppls.exe <br/>[2012/04/15 22:05:10 | 000,163,840 | ---- | C] ( ) -- C:\Windows\SysWow64\dlbcprox.dll <br/>[2012/04/15 22:05:10 | 000,155,648 | ---- | C] () -- C:\Windows\SysWow64\dlbcinsb.dll <br/>[2012/04/15 22:05:10 | 000,094,208 | ---- | C] ( ) -- C:\Windows\SysWow64\dlbcpplc.dll <br/>[2012/04/15 22:05:10 | 000,073,728 | ---- | C] ( ) -- C:\Windows\SysWow64\dlbccu.dll <br/>[2012/04/15 22:05:09 | 000,696,320 | ---- | C] ( ) -- C:\Windows\SysWow64\dlbchbn3.dll <br/>[2012/04/15 22:05:09 | 000,684,032 | ---- | C] ( ) -- C:\Windows\SysWow64\dlbccomc.dll <br/>[2012/04/15 22:05:09 | 000,538,096 | ---- | C] ( ) -- C:\Windows\SysWow64\dlbccoms.exe <br/>[2012/04/15 22:05:09 | 000,421,888 | ---- | C] ( ) -- C:\Windows\SysWow64\dlbccomm.dll <br/>[2012/04/15 22:05:09 | 000,386,544 | ---- | C] ( ) -- C:\Windows\SysWow64\dlbcih.exe <br/>[2012/04/15 22:05:09 | 000,382,448 | ---- | C] ( ) -- C:\Windows\SysWow64\dlbccfg.exe <br/>[2012/02/17 14:17:29 | 000,060,304 | ---- | C] () -- C:\Users\Thanh\g2mdlhlpx.exe <br/>[2011/12/08 17:41:17 | 000,000,600 | ---- | C] () -- C:\Users\Thanh\AppData\Local\PUTTY.RND <br/>[2011/08/08 10:39:18 | 000,001,456 | ---- | C] () -- C:\Users\Thanh\AppData\Local\Adobe Save for Web 12.0 Prefs <br/>[2010/07/09 19:57:28 | 000,000,077 | ---- | C] () -- C:\Users\Thanh\Show desktop.scf <br/>[2010/05/24 13:11:36 | 000,000,000 | ---- | C] () -- C:\Users\Thanh\AppData\Local\prvlcl.dat <br/>[2010/03/12 09:03:30 | 000,000,102 | ---- | C] () -- C:\Users\Thanh\AppData\Roaming\wklnhst.dat <br/>[2010/03/11 18:15:57 | 000,038,440 | ---- | C] () -- C:\Users\Thanh\AppData\Roaming\Comma Separated Values (DOS).ADR <br/>[2010/02/01 16:13:20 | 000,009,268 | ---- | C] () -- C:\Users\Thanh\AppData\Local\d3d9caps.dat <br/>[2010/02/01 16:12:52 | 000,002,188 | ---- | C] () -- C:\Users\Thanh\AppData\Local\d3d9caps64.dat <br/>[2009/11/20 10:41:53 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol <br/>[2009/10/26 12:49:23 | 000,135,168 | ---- | C] () -- C:\Users\Thanh\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini <br/> <br/>[color=#E56717]========== ZeroAccess Check ==========[/color] <br/> <br/>[2006/11/02 10:30:40 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini <br/> <br/>[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 <br/> <br/>[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] <br/> <br/>[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 <br/> <br/>[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] <br/> <br/>[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 <br/>"" = C:\Windows\SysNative\shell32.dll -- [2011/01/21 11:50:13 | 012,899,840 | ---- | M] (Microsoft Corporation) <br/>"ThreadingModel" = Apartment <br/> <br/>[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] <br/>"" = %SystemRoot%\system32\shell32.dll -- [2011/01/21 11:35:22 | 011,586,048 | ---- | M] (Microsoft Corporation) <br/>"ThreadingModel" = Apartment <br/> <br/>[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 <br/>"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/04/11 02:11:14 | 000,891,392 | ---- | M] (Microsoft Corporation) <br/>"ThreadingModel" = Free <br/> <br/>[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] <br/>"" = %systemroot%\SysWow64\wbem\fastprox.dll -- [2009/04/11 01:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation) <br/>"ThreadingModel" = Free <br/> <br/>[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 <br/>"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2008/01/20 21:50:58 | 000,513,024 | ---- | M] (Microsoft Corporation) <br/>"ThreadingModel" = Both <br/> <br/>[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] <br/>"" = %systemroot%\SysWow64\wbem\wbemess.dll <br/> <br/>[color=#E56717]========== LOP Check ==========[/color] <br/> <br/>[2009/10/27 14:21:15 | 000,000,000 | ---D | M] -- C:\Users\Thanh\AppData\Roaming\acccore <br/>[2013/05/08 12:46:45 | 000,000,000 | ---D | M] -- C:\Users\Thanh\AppData\Roaming\Aunsoft <br/>[2013/08/09 05:01:04 | 000,000,000 | ---D | M] -- C:\Users\Thanh\AppData\Roaming\AviDvdBurner <br/>[2013/08/09 07:41:29 | 000,000,000 | ---D | M] -- C:\Users\Thanh\AppData\Roaming\AvitoDvd <br/>[2013/05/13 18:15:43 | 000,000,000 | ---D | M] -- C:\Users\Thanh\AppData\Roaming\Axure <br/>[2013/09/13 18:04:15 | 000,000,000 | ---D | M] -- C:\Users\Thanh\AppData\Roaming\BitTorrent <br/>[2012/12/01 04:30:50 | 000,000,000 | ---D | M] -- C:\Users\Thanh\AppData\Roaming\Broad Intelligence <br/>[2011/05/11 16:37:13 | 000,000,000 | ---D | M] -- C:\Users\Thanh\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1 <br/>[2012/02/08 18:58:46 | 000,000,000 | ---D | M] -- C:\Users\Thanh\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant <br/>[2014/01/01 19:38:36 | 000,000,000 | ---D | M] -- C:\Users\Thanh\AppData\Roaming\Dropbox <br/>[2013/03/25 16:32:17 | 000,000,000 | ---D | M] -- C:\Users\Thanh\AppData\Roaming\FileZilla <br/>[2011/03/24 12:31:36 | 000,000,000 | ---D | M] -- C:\Users\Thanh\AppData\Roaming\GetRightToGo <br/>[2013/05/08 14:00:40 | 000,000,000 | ---D | M] -- C:\Users\Thanh\AppData\Roaming\GoforFiles <br/>[2012/11/25 18:20:20 | 000,000,000 | ---D | M] -- C:\Users\Thanh\AppData\Roaming\Helios <br/>[2013/02/06 23:16:48 | 000,000,000 | ---D | M] -- C:\Users\Thanh\AppData\Roaming\HTC <br/>[2013/02/06 23:16:41 | 000,000,000 | ---D | M] -- C:\Users\Thanh\AppData\Roaming\HTC Sync <br/>[2009/10/21 11:00:14 | 000,000,000 | ---D | M] -- C:\Users\Thanh\AppData\Roaming\ImgBurn <br/>[2010/05/19 20:13:45 | 000,000,000 | ---D | M] -- C:\Users\Thanh\AppData\Roaming\iSpring Solutions <br/>[2011/03/24 12:32:05 | 000,000,000 | ---D | M] -- C:\Users\Thanh\AppData\Roaming\Moyea <br/>[2009/10/21 13:19:01 | 000,000,000 | ---D | M] -- C:\Users\Thanh\AppData\Roaming\OPHE <br/>[2009/10/23 10:02:26 | 000,000,000 | ---D | M] -- C:\Users\Thanh\AppData\Roaming\Quark <br/>[2009/10/21 12:55:10 | 000,000,000 | ---D | M] -- C:\Users\Thanh\AppData\Roaming\SorensonMedia <br/>[2011/01/25 13:45:40 | 000,000,000 | ---D | M] -- C:\Users\Thanh\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1 <br/>[2012/11/27 19:59:00 | 000,000,000 | ---D | M] -- C:\Users\Thanh\AppData\Roaming\TeamViewer <br/>[2010/03/12 09:03:34 | 000,000,000 | ---D | M] -- C:\Users\Thanh\AppData\Roaming\Template <br/>[2012/10/23 22:58:29 | 000,000,000 | ---D | M] -- C:\Users\Thanh\AppData\Roaming\TrueCrypt <br/>[2014/01/01 19:38:27 | 000,000,000 | ---D | M] -- C:\Users\Thanh\AppData\Roaming\ViberPC <br/>[2013/10/01 15:31:14 | 000,000,000 | ---D | M] -- C:\Users\Thanh\AppData\Roaming\webex <br/>[2013/08/09 04:40:19 | 000,000,000 | ---D | M] -- C:\Users\Thanh\AppData\Roaming\Xilisoft <br/>[2011/07/29 13:36:13 | 000,000,000 | ---D | M] -- C:\Users\Thanh\AppData\Roaming\YouSendIt <br/> <br/>[color=#E56717]========== Purity Check ==========[/color] <br/> <br/> <br/> <br/>[color=#E56717]========== Alternate Data Streams ==========[/color] <br/> <br/>@Alternate Data Stream - 60 bytes -> C:\Users\Thanh\Desktop\PixelationEffectAS3.zip:AFP_AFPINFO <br/>@Alternate Data Stream - 288 bytes -> C:\ProgramData:iSpring Pro 5 <br/>@Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:98781370 <br/> <br/>< End of report > <br/> <br/> <br/> <br/> <br/>Extras.txt <br/> <br/>OTL Extras logfile created on: 1/3/2014 11:05:49 AM - Run 1 <br/>OTL by OldTimer - Version 3.2.69.0 Folder = C:\ <br/>64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation <br/>Internet Explorer (Version = 8.0.6001.19170) <br/>Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy <br/> <br/>8.00 Gb Total Physical Memory | 6.67 Gb Available Physical Memory | 83.36% Memory free <br/>16.17 Gb Paging File | 15.12 Gb Available in Paging File | 93.49% Paging File free <br/>Paging file location(s): ?:\pagefile.sys [binary data] <br/> <br/>%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) <br/>Drive C: | 683.95 Gb Total Space | 395.97 Gb Free Space | 57.89% Space Free | Partition Type: NTFS <br/>Drive D: | 14.65 Gb Total Space | 7.41 Gb Free Space | 50.61% Space Free | Partition Type: NTFS <br/> <br/>Computer Name: THANH-PC | User Name: Thanh | Logged in as Administrator. <br/>Boot Mode: SafeMode with Networking | Scan Mode: All users | Quick Scan | Include 64bit Scans <br/>Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days <br/> <br/>[color=#E56717]========== Extra Registry (SafeList) ==========[/color] <br/> <br/> <br/>[color=#E56717]========== File Associations ==========[/color] <br/> <br/>64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] <br/>.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* <br/>.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) <br/>.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) <br/> <br/>[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] <br/>.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* <br/>.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) <br/> <br/>[color=#E56717]========== Shell Spawning ==========[/color] <br/> <br/>64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] <br/>batfile [open] -- "%1" %* <br/>cmdfile [open] -- "%1" %* <br/>comfile [open] -- "%1" %* <br/>cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* <br/>exefile [open] -- "%1" %* <br/>helpfile [open] -- Reg Error: Key error. <br/>htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) <br/>htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) <br/>htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation) <br/>http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) <br/>inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) <br/>InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) <br/>InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) <br/>piffile [open] -- "%1" %* <br/>regfile [merge] -- Reg Error: Key error. <br/>scrfile [config] -- "%1" <br/>scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l <br/>scrfile [open] -- "%1" /S <br/>txtfile [edit] -- Reg Error: Key error. <br/>Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 <br/>Directory [Add to playlist] -- "C:\Program Files\Sonique\Sonique.exe" -appendonly "%1" (Terra Lycos) <br/>Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5.1\Bridge.exe "%L" (Adobe Systems, Inc.) <br/>Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) <br/>Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) <br/>Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.) <br/>Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.) <br/>Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.) <br/>Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation) <br/>Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation) <br/>Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) <br/> <br/>[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] <br/>batfile [open] -- "%1" %* <br/>cmdfile [open] -- "%1" %* <br/>comfile [open] -- "%1" %* <br/>cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* <br/>exefile [open] -- "%1" %* <br/>helpfile [open] -- Reg Error: Key error. <br/>htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) <br/>htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) <br/>http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) <br/>inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) <br/>piffile [open] -- "%1" %* <br/>regfile [merge] -- Reg Error: Key error. <br/>scrfile [config] -- "%1" <br/>scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l <br/>scrfile [open] -- "%1" /S <br/>txtfile [edit] -- Reg Error: Key error. <br/>Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 <br/>Directory [Add to playlist] -- "C:\Program Files\Sonique\Sonique.exe" -appendonly "%1" (Terra Lycos) <br/>Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5.1\Bridge.exe "%L" (Adobe Systems, Inc.) <br/>Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) <br/>Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) <br/>Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.) <br/>Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.) <br/>Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.) <br/>Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation) <br/>Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation) <br/>Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) <br/> <br/>[color=#E56717]========== Security Center Settings ==========[/color] <br/> <br/>64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] <br/>"cval" = 1 <br/>"FirewallDisableNotify" = 0 <br/>"AntiVirusDisableNotify" = 0 <br/>"UpdatesDisableNotify" = 0 <br/> <br/>64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] <br/> <br/>64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] <br/>"AntiVirusOverride" = 0 <br/>"AntiSpywareOverride" = 0 <br/>"FirewallOverride" = 0 <br/>"VistaSp1" = 9F 9E 16 8C DC 5B C8 01 [binary data] <br/>"VistaSp2" = 44 72 CE 15 98 7D CA 01 [binary data] <br/> <br/>[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] <br/>"UpdatesDisableNotify" = 0 <br/> <br/>[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] <br/>"oobe_av" = 1 <br/> <br/>[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify] <br/> <br/>[color=#E56717]========== System Restore Settings ==========[/color] <br/> <br/>[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] <br/>"DisableSR" = 0 <br/> <br/>[color=#E56717]========== Firewall Settings ==========[/color] <br/> <br/>64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall] <br/> <br/>64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile] <br/> <br/>64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile] <br/> <br/>[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall] <br/> <br/>[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile] <br/> <br/>[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile] <br/> <br/>[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] <br/>"EnableFirewall" = 1 <br/>"DisableNotifications" = 0 <br/> <br/>[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] <br/>"EnableFirewall" = 1 <br/>"DisableNotifications" = 0 <br/> <br/>[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] <br/> <br/>[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] <br/>"EnableFirewall" = 1 <br/>"DisableNotifications" = 0 <br/> <br/>[color=#E56717]========== Authorized Applications List ==========[/color] <br/> <br/>[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] <br/> <br/>[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] <br/> <br/> <br/>[color=#E56717]========== Vista Active Open Ports Exception List ==========[/color] <br/> <br/>[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] <br/>"{23395B87-FA3C-4A9B-BB9A-9F1AB9EE4031}" = lport=5353 | protocol=6 | dir=in | name=adobe csi cs4 | <br/>"{36E8B97B-0176-4094-AE84-D94CB1619CB8}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe | <br/>"{47F171A2-C182-43B5-8EE3-67642CC2F399}" = lport=51001 | protocol=6 | dir=in | name=adobe version cue cs4 server | <br/>"{5836A3AE-2F98-4E6E-BF77-D223F91F9407}" = lport=24927 | protocol=6 | dir=in | name=trend micro client/server security agent listener | <br/>"{8D7523E4-5460-423A-A0E1-B29D204B2D36}" = lport=2869 | protocol=6 | dir=in | app=system | <br/>"{A7905B3F-2A5B-487C-8ACC-EB3D56400896}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | <br/>"{C36F3C69-E6C5-4010-8209-42D3D8A7E4E2}" = lport=51000 | protocol=6 | dir=in | name=adobe version cue cs4 server | <br/>"{D2901A03-0949-4237-94B7-E42AB3F1A306}" = lport=24927 | protocol=6 | dir=in | name=trend micro client/server security agent listener | <br/> <br/>[color=#E56717]========== Vista Active Application Exception List ==========[/color] <br/> <br/>[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] <br/>"{0561E15E-1F0C-4601-B113-07F9ED3E2280}" = dir=in | app=c:\users\thanh\appdata\local\viber\viber.exe | <br/>"{0E2217C1-A10F-43BF-BEAA-1D2B5F57463C}" = dir=in | app=c:\program files\cyberlink\powerdvd dx\powerdvd.exe | <br/>"{21116A93-70C3-4FAD-92AD-7508740C7D88}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | <br/>"{2796170C-816C-4523-9C14-64091352B0F8}" = protocol=6 | dir=in | app=c:\users\thanh\appdata\local\google\google talk plugin\googletalkplugin.exe | <br/>"{28818154-CAED-4A03-AFA7-7012365F1F2F}" = dir=in | app=c:\program files\cyberlink\powerdvd dx\pdvddxsrv.exe | <br/>"{2FEEEE2E-72E5-4A6E-8756-48D7E4EE854D}" = protocol=6 | dir=in | app=c:\users\thanh\appdata\local\temp\~os49fb.tmp\rlvknlg.exe | <br/>"{375BF8A1-E7CC-4EF6-8931-613B05BD75A9}" = dir=in | app=c:\program files (x86)\htc\htc sync manager\htcsyncmanager.exe | <br/>"{3E2545E2-219A-4B2C-A41E-C0CAA58B302B}" = protocol=17 | dir=in | app=c:\users\thanh\appdata\roaming\dropbox\bin\dropbox.exe | <br/>"{43B2163E-8F75-48F5-964E-B1DEE29033D9}" = protocol=17 | dir=in | app=c:\program files (x86)\goforfiles\goforfilesdl.exe | <br/>"{4C84A6B5-E8A7-4CE0-BFCC-D2EC7A95620B}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\adobe\cs4servicemanager\cs4servicemanager.exe | <br/>"{5943A2FF-0524-4149-8F76-B2BD72880A6D}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | <br/>"{5C75BAAB-6B9F-4572-A08B-3E0623A53C04}" = protocol=17 | dir=in | app=c:\windows\syswow64\zonelabs\vsmon.exe | <br/>"{5E2EC9F3-2DBD-498E-AA4F-08651B152181}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\adobe\adobe version cue cs4\server\bin\versioncuecs4.exe | <br/>"{6A96A356-3AA7-4118-8D9B-57D2DBAF54B7}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | <br/>"{6AE3BC7F-2D61-4062-B534-76337ED04AFB}" = protocol=17 | dir=in | app=c:\program files (x86)\goforfiles\goforfiles.exe | <br/>"{6E2C9A82-C31D-4074-B897-3A639D6E6201}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | <br/>"{74FDECEC-340D-4640-929E-BC8A56499406}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | <br/>"{7A1ABCB7-34A6-4A98-80A2-816FFC00ED34}" = dir=in | app=c:\program files (x86)\windows live\messenger\wlcsdk.exe | <br/>"{7B606F76-FFCB-48B0-A5B4-DBC9160992FE}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | <br/>"{7D872822-792D-4979-926D-AE8C3C0737E4}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer.exe | <br/>"{9BB48259-DAFE-4F26-B293-9F2720453CF1}" = protocol=6 | dir=in | app=c:\program files (x86)\goforfiles\goforfiles.exe | <br/>"{9D1D1136-AD2A-4EEE-8489-120BE328CF3D}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | <br/>"{AA6AE49B-3A2D-401D-9A69-08907F6AF607}" = protocol=6 | dir=in | app=c:\users\thanh\appdata\roaming\dropbox\bin\dropbox.exe | <br/>"{AFFA8A5E-9B85-42F2-9C42-7BEB0DF9E052}" = protocol=17 | dir=in | app=c:\users\thanh\appdata\local\google\google talk plugin\googletalkplugin.exe | <br/>"{C1D31005-6C65-4FAE-983F-BC1E6939367B}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer_service.exe | <br/>"{C48EEE3E-E8EE-4D70-AD3B-585FD305152F}" = protocol=6 | dir=in | app=c:\windows\syswow64\dlbccoms.exe | <br/>"{C8D752A3-71A2-48F8-93EF-492861961671}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer_service.exe | <br/>"{CA29D229-12EE-4185-806D-B7A51BFF1653}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\adobe\adobe version cue cs4\server\bin\versioncuecs4.exe | <br/>"{CADB03E0-5DB5-4099-82E0-5489222DA923}" = protocol=6 | dir=in | app=c:\windows\syswow64\zonelabs\vsmon.exe | <br/>"{D2CBC347-DC0E-418B-ACBE-4A63106BC4C9}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | <br/>"{D8B18AE8-A360-4E3D-A405-488F2F401CCE}" = protocol=17 | dir=in | app=c:\program files (x86)\aim\aim.exe | <br/>"{DA3CBF10-08BB-4720-9DF5-A34850FD60DF}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe | <br/>"{DBBA5A53-619B-4642-9760-35EC591CD518}" = protocol=17 | dir=in | app=c:\windows\syswow64\dlbccoms.exe | <br/>"{E25F0C8C-2BCE-4FE7-BEDA-EF131BE9343A}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | <br/>"{E2BB6CEE-3498-425F-AF98-E3275C4DE268}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe | <br/>"{E866B528-D3BB-4A0A-8DB3-B61F1F278870}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\adobe\cs4servicemanager\cs4servicemanager.exe | <br/>"{EE19AE58-2A47-4FDA-BFA6-84177C93FF40}" = protocol=6 | dir=in | app=c:\program files (x86)\goforfiles\goforfilesdl.exe | <br/>"{F9A9C571-22DC-4FAC-BF3D-C516FE0B03E4}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer.exe | <br/>"{FA5DC251-7ADF-4282-90FB-4D08A5E24AC6}" = protocol=6 | dir=in | app=c:\program files (x86)\aim\aim.exe | <br/>"TCP Query User{083110BF-3C7F-4864-BA2F-0F9625C9E238}C:\users\thanh\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\thanh\appdata\roaming\dropbox\bin\dropbox.exe | <br/>"TCP Query User{0AC869D1-8AEE-4752-B4AA-537C33AFFC71}C:\program files (x86)\bittorrent\bittorrent.exe" = protocol=6 | dir=in | app=c:\program files (x86)\bittorrent\bittorrent.exe | <br/>"TCP Query User{233B1A9D-C95A-468C-AFA3-10253B2283F9}C:\program files (x86)\adobe\adobe dreamweaver cs5\dreamweaver.exe" = protocol=6 | dir=in | app=c:\program files (x86)\adobe\adobe dreamweaver cs5\dreamweaver.exe | <br/>"TCP Query User{3AC41784-C3FB-4B86-86F7-14AA6137CB4A}C:\program files (x86)\adobe\adobe dreamweaver cs4\dreamweaver.exe" = protocol=6 | dir=in | app=c:\program files (x86)\adobe\adobe dreamweaver cs4\dreamweaver.exe | <br/>"TCP Query User{6567FF96-E467-48AB-A613-C1E515690DB4}C:\users\thanh\desktop\bittorrent.exe" = protocol=6 | dir=in | app=c:\users\thanh\desktop\bittorrent.exe | <br/>"TCP Query User{78A080DD-D6CC-4534-93E5-321066CE3A1D}E:\e-studio\setup.exe" = protocol=6 | dir=in | app=e:\e-studio\setup.exe | <br/>"TCP Query User{7E7A9EA6-3847-46CA-9148-61E0E83FFD8D}C:\program files (x86)\muse\muse.exe" = protocol=6 | dir=in | app=c:\program files (x86)\muse\muse.exe | <br/>"TCP Query User{9B874F18-DA7C-4DF3-A4F6-D9420203FA9A}C:\users\thanh\appdata\local\fuze box\fuze meeting\fuze_meeting.exe" = protocol=6 | dir=in | app=c:\users\thanh\appdata\local\fuze box\fuze meeting\fuze_meeting.exe | <br/>"TCP Query User{B60691D7-062C-43C5-81E3-4E8B8A86ED68}C:\program files (x86)\sorenson media\sorenson squeeze\squeeze.exe" = protocol=6 | dir=in | app=c:\program files (x86)\sorenson media\sorenson squeeze\squeeze.exe | <br/>"TCP Query User{DBFE14F7-38EE-4046-BA4A-D8A5AA5C6CB7}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe | <br/>"TCP Query User{E8C705BE-BF55-432A-A17E-4671EE7C5ED1}C:\program files (x86)\ws_ftp\ws_ftp95.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ws_ftp\ws_ftp95.exe | <br/>"TCP Query User{F7B89759-F929-40E0-B752-D27A16254C47}C:\program files (x86)\ipswitch\ws_ftp pro\wsftpgui.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ipswitch\ws_ftp pro\wsftpgui.exe | <br/>"UDP Query User{0671349D-AED4-4807-985A-A2F43E15C98A}C:\program files (x86)\ipswitch\ws_ftp pro\wsftpgui.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ipswitch\ws_ftp pro\wsftpgui.exe | <br/>"UDP Query User{06BC22B9-B74B-4165-BE88-4ADB4C076BBA}C:\users\thanh\desktop\bittorrent.exe" = protocol=17 | dir=in | app=c:\users\thanh\desktop\bittorrent.exe | <br/>"UDP Query User{3E4719BE-2F79-4CE9-AD25-DA73BB6E352D}C:\users\thanh\appdata\local\fuze box\fuze meeting\fuze_meeting.exe" = protocol=17 | dir=in | app=c:\users\thanh\appdata\local\fuze box\fuze meeting\fuze_meeting.exe | <br/>"UDP Query User{6D7E033C-1772-466C-900D-B0555AF18DC5}E:\e-studio\setup.exe" = protocol=17 | dir=in | app=e:\e-studio\setup.exe | <br/>"UDP Query User{91591930-FFBE-4C01-B51A-F74E951FDD45}C:\program files (x86)\sorenson media\sorenson squeeze\squeeze.exe" = protocol=17 | dir=in | app=c:\program files (x86)\sorenson media\sorenson squeeze\squeeze.exe | <br/>"UDP Query User{A8F5CE24-5F43-408D-99B2-BDD95E083308}C:\program files (x86)\adobe\adobe dreamweaver cs5\dreamweaver.exe" = protocol=17 | dir=in | app=c:\program files (x86)\adobe\adobe dreamweaver cs5\dreamweaver.exe | <br/>"UDP Query User{BBB2E389-7A9D-45FD-9751-257A49E6310B}C:\program files (x86)\bittorrent\bittorrent.exe" = protocol=17 | dir=in | app=c:\program files (x86)\bittorrent\bittorrent.exe | <br/>"UDP Query User{D1BD80A2-49AE-43D9-A067-285421F1DA6C}C:\program files (x86)\adobe\adobe dreamweaver cs4\dreamweaver.exe" = protocol=17 | dir=in | app=c:\program files (x86)\adobe\adobe dreamweaver cs4\dreamweaver.exe | <br/>"UDP Query User{D4038655-312B-44A6-93C7-F6BD3B3E9653}C:\program files (x86)\ws_ftp\ws_ftp95.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ws_ftp\ws_ftp95.exe | <br/>"UDP Query User{DB35498B-8FE4-4DDE-B30A-495AE28643C5}C:\program files (x86)\muse\muse.exe" = protocol=17 | dir=in | app=c:\program files (x86)\muse\muse.exe | <br/>"UDP Query User{DFE9DEF0-FBE0-4D8B-91AB-481314480B8F}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe | <br/>"UDP Query User{E2F3EB83-B47F-4941-B38A-4B5FA728C73A}C:\users\thanh\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\thanh\appdata\roaming\dropbox\bin\dropbox.exe | <br/> <br/>[color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color] <br/> <br/>64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] <br/>"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64) <br/>"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX410_series" = Canon MX410 series MP Drivers <br/>"{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64 <br/>"{295CFB7C-A57E-4313-93E7-68E7CE1D0332}" = Adobe WinSoft Linguistics Plugin x64 <br/>"{2D74E972-5A85-44DC-9193-8A302BA8C181}" = Photoshop Camera Raw_x64 <br/>"{2EF5D87E-B7BD-458F-8428-E4D0B8B4E65C}" = Apple Mobile Device Support <br/>"{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64 <br/>"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 <br/>"{6631325A-9B1B-4EE7-8E64-8CC4A6F10643}" = Adobe Fonts All x64 <br/>"{6DD01FF3-63CE-436B-96DB-61363EAA4EB8}" = MobileMe Control Panel <br/>"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour <br/>"{704C0303-D20C-45AF-BD2B-556EAF31BE09}" = iCloud <br/>"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 <br/>"{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64 <br/>"{8875A1C0-6308-4790-8CF6-D34E89880052}" = Adobe Linguistics CS4 x64 <br/>"{887797BF-37A5-4199-B0C9-0D38D6196E9A}" = Adobe Anchor Service x64 CS4 <br/>"{8C8D673B-20FB-43E6-BCB7-9B3F78F2E762}" = Adobe Type Support x64 CS4 <br/>"{8DAA31EB-6830-4006-A99F-4DF8AB24714F}" = Adobe CSI CS4 x64 <br/>"{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}" = Dell Edoc Viewer <br/>"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007 <br/>"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007 <br/>"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 <br/>"{90BA8112-80B3-4617-A3C1-BD2771B60F74}" = Adobe CMaps x64 CS4 <br/>"{925D058B-564A-443A-B4B2-7E90C6432E55}" = Microsoft_VC80_ATL_x86_x64 <br/>"{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64 <br/>"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting <br/>"{A3454894-144A-4D80-B605-C128FE0D7329}" = Adobe Drive CS4 x64 <br/>"{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64 <br/>"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64) <br/>"{B37A99DD-88E2-4ED0-80B4-1E054AB354BF}" = Adobe InDesign CS4 Icon Handler x64 <br/>"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 <br/>"{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64 <br/>"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 <br/>"{D40172D6-CE2D-4B72-BF5F-26A04A900B7B}" = Adobe Photoshop CS4 (64 Bit) <br/>"{D601CEAD-2E4F-4BBB-85CC-C29A4CE6A3C0}" = iTunes <br/>"{DFFABE78-8173-4E97-9C5C-22FB26192FC5}" = Adobe PDF Library Files x64 CS4 <br/>"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 <br/>"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile <br/>"{F6CB42B9-F033-4152-8813-FF11DA8E6A78}" = Dell Dock <br/>"Broadcom 802.11 Application" = Dell Wireless WLAN Card Utility <br/>"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 <br/>"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile <br/>"NVIDIA Drivers" = NVIDIA Drivers <br/>"WinRAR archiver" = WinRAR archiver <br/> <br/>[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] <br/>"{020D8396-D6D9-4B53-A9A1-83C47E2E27AA}" = Windows Live Call <br/>"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86 <br/>"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4 <br/>"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4 <br/>"{083E277B-7976-4C5A-894E-C84A0966F14A}" = Adobe Setup <br/>"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86 <br/>"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Creator Data <br/>"{09760D42-E223-42AD-8C3E-55B47D0DDAC3}" = Roxio Creator DE <br/>"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler <br/>"{098A2A49-7CF3-4F08-A38D-FB879117152A}" = Adobe Color NA Extra Settings CS4 <br/>"{0AAA9C97-74D4-47CE-B089-0B147EF3553C}" = Windows Live Messenger <br/>"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4 <br/>"{0DC0E85F-36E4-463B-B3EA-4CD8ED2222A1}" = Adobe Color EU Recommended Settings CS4 <br/>"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86 <br/>"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4 <br/>"{1111706F-666A-4037-7777-210328764D10}" = JavaFX 2.1.0 <br/>"{1140FB42-0B3E-44D9-B086-9FF5F3F2ABB5}" = iSpring Pro 5 <br/>"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter <br/>"{14DC0059-00F1-4F62-BD1A-AB23CD51A95E}" = Adobe AIR <br/>"{14F70205-1940-4000-88C7-BE799A6B2CAD}" = Adobe Soundbooth CS4 <br/>"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works <br/>"{15BF7AAF-846C-4A6D-80E1-5D1FC7FB461B}" = Adobe SGM CS4 <br/>"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4 <br/>"{16E16F01-2E2D-4248-A42F-76261C147B6C}" = Adobe Drive CS4 <br/>"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB <br/>"{1B7C06E1-4888-47A6-992A-0990B9683486}" = Adobe Version Cue CS4 Server <br/>"{1DCA3EAA-6EB5-4563-A970-EA14D75037BA}" = Adobe InDesign CS4 <br/>"{1E04CB54-AF4E-4AC3-B4B7-C0A160BE57F1}" = Adobe InDesign CS4 Icon Handler <br/>"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 <br/>"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Creator Tools <br/>"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool <br/>"{2168245A-B5AD-40D8-A641-48E3E070B5B6}" = Adobe Flash CS4 STI-en <br/>"{21B9CC18-8AB7-402F-B343-CD2127FC3CFC}" = NETGEAR WG111 Software <br/>"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT <br/>"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 29 <br/>"{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 21 <br/>"{27CC6AB1-E72B-4179-AF1A-EAE507EBAF51}_is1" = ConvertHelper 2.2 <br/>"{297190A1-4B0D-4CD6-8B9F-3907F15C3FD8}" = Adobe CS4 American English Speech Analysis Models <br/>"{2A83AD05-56E6-3FBD-8752-B4143162EF59}" = Google Talk Plugin <br/>"{2B4C7E1E-E446-4740-ADB5-9842E742EE8A}" = Windows Live Toolbar <br/>"{2BAF2B96-7560-48B4-87D4-10178DDBE217}" = Adobe InDesign CS4 Application Feature Set Files (Roman) <br/>"{2FDBBCEA-62DB-45F4-B6E5-0E1FB2A1F29D}" = Visual C++ 8.0 Runtime Setup Package (x64) <br/>"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager <br/>"{30C8AA56-4088-426F-91D1-0EDFD3A25678}" = Adobe Dreamweaver CS4 <br/>"{33F9F10F-3239-4F1A-ADD7-0E613967569A}_is1" = Aunsoft MTS Converter Ver 2.0.0.4206 <br/>"{3521BDBD-D453-5D9F-AA55-44B75D214629}" = Adobe Community Help <br/>"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4 <br/>"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player <br/>"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4 <br/>"{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}" = Adobe Color - Photoshop Specific CS4 <br/>"{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin <br/>"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker <br/>"{415B2719-AD3A-4944-B404-C472DB6085B3}" = Cisco EAP-FAST Module <br/>"{42442BC6-5A92-4BC2-9E0C-3D359D548A21}_is1" = Pazera Free MP4 to AVI Converter 1.7 <br/>"{428FDF9F-E010-4C4C-A8BB-156960AFCA1C}" = Adobe Fireworks CS4 <br/>"{43509E18-076E-40FE-AF38-CA5ED400A5A9}" = Pixel Bender Toolkit <br/>"{44E240EC-2224-4078-A88B-2CEE0D3016EF}" = Adobe After Effects CS4 Presets <br/>"{45EC816C-0771-4C14-AE6D-72D1B578F4C8}" = Adobe After Effects CS4 <br/>"{46F044A5-CE8B-4196-984E-5BD6525E361D}" = Apple Application Support <br/>"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension <br/>"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater <br/>"{4A52555C-032A-4083-BDD9-6A85ABFB39A8}" = Adobe SING CS4 <br/>"{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}" = Google Earth Plug-in <br/>"{4AB8B41B-3AF1-46BE-99B0-0ACD3B300C0A}" = Junk Mail filter update <br/>"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack <br/>"{4CEEE5D0-F905-4688-B9F9-ECC710507796}" = HTC Driver Installer <br/>"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.11 <br/>"{52232EF4-CC12-4C21-ABCF-ADB79618302D}" = Adobe Soundbooth CS4 Codecs <br/>"{561968FD-56A1-49FD-9ED0-F55482C7C5BC}" = Adobe Media Encoder CS4 Exporter <br/>"{5EAD5443-7194-46CC-A055-428E6ABB1BAF}" = Adobe Encore CS4 <br/>"{60DB5894-B5A1-4B62-B0F3-669A22C0EE5D}" = Adobe Dynamiclink Support <br/>"{61D6891E-E822-4448-9F9A-0AAAAEB6AF6C}" = Adobe Creative Suite 4 Master Collection <br/>"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86 <br/>"{63C1109E-D977-49ED-BCE3-D00D0BF187D6}" = Windows Live Mail <br/>"{63C24A08-70F3-4C8E-B9FB-9F21A903801D}" = Adobe Color Video Profiles CS CS4 <br/>"{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}" = Adobe Photoshop CS4 Support <br/>"{64DAD0A0-6380-99E6-B43E-F26F54AB92BC}" = CustomEffects Installer <br/>"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3 <br/>"{669C7BD8-DAA2-49B6-966C-F1E2AAE6B17E}" = Cisco PEAP Module <br/>"{67635FB6-2F63-4FFB-830B-D4C01597EBA4}" = Microsoft Office Suite Activation Assistant <br/>"{67A9747A-E1F5-4E9A-81CC-12B5D5B81B6E}" = Adobe After Effects CS4 Third Party Content <br/>"{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4 <br/>"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD <br/>"{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK <br/>"{6965F2F4-1CD2-4F42-A8EF-9EF433F9AA72}" = IPTInstaller <br/>"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin <br/>"{6A143FF0-BB9A-4A9C-A318-1688BA366BAE}" = Sorenson Squeeze 5.1 <br/>"{6A92E5C5-0578-443D-91F3-92ECE5F2CAE2}" = Windows Live Writer <br/>"{706EA4A8-97B5-4C29-A0F3-0B38C666F0C4}" = QuarkXPress <br/>"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable <br/>"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Creator Audio <br/>"{7406DF60-016D-476B-A2C7-55D997592047}" = Adobe OnLocation CS4 <br/>"{7477F26F-CC6A-4F68-8C9D-496DBFF45E05}" = HTC Sync Manager <br/>"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com <br/>"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update <br/>"{793D1D88-6141-43DE-BE58-59BCE31B4090}" = Adobe Flash CS4 Extension - Flash Lite STI en <br/>"{799CB584-2DCE-48BB-924B-14B8778906B2}" = Fuze Meeting <br/>"{7B63B2922B174135AFC0E1377DD81EC2}" = <br/>"{7CC7BDD5-6F10-4724-96A1-EAC7D9F2831C}" = Adobe InDesign CS4 Common Base Files <br/>"{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide <br/>"{8186FF34-D389-4B7E-9A2F-C197585BCFBD}" = Adobe Media Encoder CS4 Importer <br/>"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4 <br/>"{83770D14-21B9-44B3-8689-F7B523F94560}" = Cisco LEAP Module <br/>"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable <br/>"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4 <br/>"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4 <br/>"{87532CAB-7932-4F84-8937-823337622807}" = Adobe Illustrator CS4 <br/>"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight <br/>"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86) <br/>"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player <br/>"{8C8224B7-AA9B-4807-97CD-55899BAC83FE}" = YouSendIt Express <br/>"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard <br/>"{90120000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2007 <br/>"{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2) <br/>"{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581) <br/>"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007 <br/>"{90120000-0015-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) <br/>"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007 <br/>"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) <br/>"{90120000-0016-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) <br/>"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007 <br/>"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) <br/>"{90120000-0018-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) <br/>"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007 <br/>"{90120000-0019-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) <br/>"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007 <br/>"{90120000-001A-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) <br/>"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007 <br/>"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) <br/>"{90120000-001B-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) <br/>"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 <br/>"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) <br/>"{90120000-001F-0409-0000-0000000FF1CE}_PROPLUS_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) <br/>"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 <br/>"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) <br/>"{90120000-001F-040C-0000-0000000FF1CE}_PROPLUS_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) <br/>"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007 <br/>"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) <br/>"{90120000-001F-0C0A-0000-0000000FF1CE}_PROPLUS_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) <br/>"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system <br/>"{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2) <br/>"{90120000-002A-0000-1000-0000000FF1CE}_PROPLUS_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2) <br/>"{90120000-002A-0409-1000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2) <br/>"{90120000-002A-0409-1000-0000000FF1CE}_PROPLUS_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2) <br/>"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007 <br/>"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007 <br/>"{90120000-0044-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) <br/>"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007 <br/>"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2) <br/>"{90120000-006E-0409-0000-0000000FF1CE}_PROPLUS_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2) <br/>"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007 <br/>"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) <br/>"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007 <br/>"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2) <br/>"{90120000-0115-0409-0000-0000000FF1CE}_PROPLUS_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2) <br/>"{90120000-0116-0409-1000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2) <br/>"{90120000-0116-0409-1000-0000000FF1CE}_PROPLUS_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2) <br/>"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007 <br/>"{90120000-0117-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) <br/>"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007 <br/>"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2) <br/>"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581) <br/>"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86 <br/>"{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4 <br/>"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195 <br/>"{9422C8EA-B0C6-4197-B8FC-DC797658CA00}" = Windows Live Sign-in Assistant <br/>"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4 <br/>"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English) <br/>"{95140000-0081-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector <br/>"{969E11AA-8F3A-F162-1A5A-0965E216B6CE}" = Adobe Download Assistant <br/>"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 <br/>"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 <br/>"{A1BC7068-C1BA-410F-8B9A-DB807C803DE2}" = Adobe Creative Suite 5 Design Premium <br/>"{A657DCB7-18E8-2012-9FB0-23F29A908CF5}" = Axure RP Pro 6.5 <br/>"{A6EC82A0-1414-475D-8AFD-469089F3080D}" = Adobe Contribute CS4 <br/>"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5 <br/>"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper <br/>"{AAF4238F-7C29-451D-9925-C753271A5728}" = Microsoft Visual C++ Run Time Lib Setup <br/>"{AC76BA86-1033-F400-7760-000000000004}" = Adobe Acrobat 9 Pro - English, Français, Deutsch <br/>"{AC76BA86-1033-F400-7760-000000000004}_950" = Adobe Acrobat 9.5.0 - CPSID_83708 <br/>"{AC76BA86-7AD7-1033-7B44-A95000000001}" = Adobe Reader 9.5.0 <br/>"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9 <br/>"{AD88355B-A4E0-4DA1-BAC3-EA4FEA930691}" = Ipswitch WS_FTP Pro <br/>"{B05DE7B7-0B40-4411-BD4B-222CAE2D8F15}" = Adobe MotionPicture Color Files CS4 <br/>"{B095B0A4-50A5-46D7-9988-D038FEB040C0}" = Adobe Encore CS4 Library <br/>"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter <br/>"{B15381DD-FF97-4FCD-A881-ED4DB0975500}" = Adobe Color Video Profiles AE CS4 <br/>"{B169BC97-B8AA-4ACA-9CF2-9D0FF5BABDF7}" = Adobe Premiere Pro CS4 Functional Content <br/>"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect <br/>"{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}" = Adobe Photoshop CS4 <br/>"{B67BAFBA-4C9F-48FA-9496-933E3B255044}" = QuickTime <br/>"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Creator Copy <br/>"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call <br/>"{B6D38690-755E-4F40-A35A-23F8BC2B86AC}" = Microsoft_VC90_MFCLOC_x86 <br/>"{B6EC7388-E277-4A5B-8C8F-71067A41BA64}" = TextPad 5 <br/>"{B935C985-A17F-484B-8470-09E4FC27DC26}" = Dell-eBay <br/>"{B9F4561A-924D-4510-A85A-BB0960C338CB}" = Adobe Asset Services CS4 <br/>"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module <br/>"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86) <br/>"{BE9C28A5-2098-466E-9F52-1AE9DA155E4F}" = Adobe After Effects CS5.5 Third Party Content <br/>"{BE9CEAAA-F069-4331-BF2F-8D350F6504F4}" = Adobe Media Encoder CS4 Additional Exporter <br/>"{C2425F91-1F7B-4037-9A05-9F290184798D}" = NETGEAR WNA3100 wireless USB 2.0 adapter <br/>"{C28DD992-5B7B-D195-6841-4EC57DF512BD}" = Adobe Story <br/>"{C4124E95-5061-4776-8D5D-E3D931C778E1}" = Microsoft VC9 runtime libraries <br/>"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4 <br/>"{C779648B-410E-4BBA-B75B-5815BCEFE71D}" = Safari <br/>"{C938BE91-3BB5-4B84-9EF6-88F0505D0038}" = Adobe Premiere Pro CS4 Third Party Content <br/>"{CB04D8E1-7B9C-4F35-B2E2-E87CBE520805}" = Adobe After Effects CS5.5 <br/>"{CBE6AF35-F2DD-419A-AD45-97AA74CDF2AC}" = C5100n GDI Driver for Windows Vista 64 BIT <br/>"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw <br/>"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86 <br/>"{D499F8DE-3F31-4900-9157-61061613704B}" = Adobe Premiere Pro CS4 <br/>"{D642E38E-0D24-486C-9A2D-E316DD696F4B}" = Microsoft XML Parser <br/>"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86 <br/>"{D9D754A1-EAC5-406C-A28B-C49B1E846711}" = Windows Live Essentials <br/>"{DEB90B8E-0DCB-48CE-B90E-8842A2BD643E}" = Adobe Media Encoder CS4 <br/>"{E8EE9410-8AC4-4F43-A626-DDECA75C79F3}" = Adobe Setup <br/>"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Creator DE <br/>"{EDFA6B29-7667-4FD2-86F3-9835AFCE837A}_is1" = Pazera Free MKV to AVI Converter 1.1 <br/>"{EE353798-E875-42E0-B58D-7E6696182EA8}" = Adobe Media Encoder CS4 Dolby <br/>"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] <br/>"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help <br/>"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver <br/>"{F1B6AE0B-E56F-4515-B540-3BD854FE5D64}" = Centrafuse <br/>"{F47C37A4-7189-430A-B81D-739FF8A7A554}" = Consumer In-Home Service Agreement <br/>"{F600CCF3-9C88-4A22-B0B4-DDA82E997118}" = Adobe After Effects CS4 Template Projects & Footage <br/>"{F69E83CF-B440-43F8-89E6-6EA80712109B}" = Windows Live Communications Platform <br/>"{F6E99614-F042-4459-82B7-8B38B2601356}" = Adobe Flash CS4 <br/>"{F73A5B18-EB75-4B2C-B32D-9457576E2417}" = Windows Live Photo Gallery <br/>"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4 <br/>"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4 <br/>"{FB2A5FCC-B81B-48C2-A009-7804694D83E9}" = Adobe Encore CS4 Codecs <br/>"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All <br/>"{FDD810CA-D5E3-40E9-AB7B-36440B0D41EF}" = Windows Live Sync <br/>"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 <br/>"ActiveTouchMeetingClient" = WebEx <br/>"Adobe AIR" = Adobe AIR <br/>"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX <br/>"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin <br/>"Adobe Shockwave Player" = Adobe Shockwave Player 11.5 <br/>"Adobe_5445c5ddd9a5c69582d3c1e2bba18f7" = Adobe Creative Suite 4 Master Collection <br/>"Adobe_9f42804f89f9a287eff5269cd426478" = Adobe Soundbooth CS4 Codecs <br/>"AIM_7" = AIM 7 <br/>"AndreaMosaic" = AndreaMosaic 3.33.0 <br/>"Avi to Dvd Free Converter_is1" = Avi to Dvd Free Converter v6.4.0.52 <br/>"Axure RP Pro 6.5" = Axure RP Pro 6.5 <br/>"BitTorrent" = BitTorrent <br/>"Canon RAW Codec" = Canon RAW Codec <br/>"Canon_IJ_Network_Scanner_Selector_EX" = Canon IJ Network Scanner Selector EX <br/>"Canon_IJ_Network_UTILITY" = Canon IJ Network Tool <br/>"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help <br/>"com.adobe.AdobeStory.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Story <br/>"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player <br/>"com.adobe.downloadassistant.AdobeDownloadAssistant" = Adobe Download Assistant <br/>"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com <br/>"com.polygonstudio.customeffects.ceInstaller.17434B19500DCEA15121D78F39122290E9D66C71.1" = CustomEffects Installer <br/>"CrossFont" = CrossFont <br/>"Dell Photo Printer 720" = Dell Photo Printer 720 <br/>"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters <br/>"DivX Setup" = DivX Setup <br/>"DROPCLOCK_is1" = DROPCLOCK 1.0.1 <br/>"ffdshow_is1" = ffdshow [rev 2033] [2008-07-05] <br/>"FileZilla Client" = FileZilla Client 3.5.2 <br/>"Flash Decompiler Trillix_is1" = Flash Decompiler Trillix <br/>"HOMESTUDENTR" = Microsoft Office Home and Student 2007 <br/>"HTC_WModemDriver" = WModem Driver Installer <br/>"ImgBurn" = ImgBurn <br/>"InstallShield_{8C8224B7-AA9B-4807-97CD-55899BAC83FE}" = YouSendIt Express <br/>"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300 <br/>"McAfee Security Scan" = McAfee Security Scan Plus <br/>"MFZ0CODEC" = MFZ0 codec (Remove Only) <br/>"Mozilla Firefox (3.6.25)" = Mozilla Firefox (3.6.25) <br/>"MVApplication1" = Memorex exPressit Label Design Studio <br/>"NirSoft SysExporter" = NirSoft SysExporter <br/>"NSS" = Norton Security Scan <br/>"OfficeScanNT" = Trend Micro Client/Server Security Agent <br/>"PROPLUS" = Microsoft Office Professional Plus 2007 <br/>"Registry Fix_is1" = RegistryFix v7.1 <br/>"Samsung ML-1660 Series" = Maintenance Samsung ML-1660 Series <br/>"Sonique15" = Sonique <br/>"TeamViewer 7" = TeamViewer 7 <br/>"TrueCrypt" = TrueCrypt <br/>"Winamp" = Winamp <br/>"WinLiveSuite_Wave3" = Windows Live Essentials <br/>"Wondershare DVD Ripper Platinum_is1" = Wondershare DVD Ripper Platinum(Build 3.1.10) <br/>"Wondershare Video Converter Ultimate_is1" = Wondershare Video Converter Ultimate(Build 5.6.1.1) <br/>"Xilisoft AVI to DVD Converter" = Xilisoft AVI to DVD Converter <br/> <br/>[color=#E56717]========== HKEY_USERS Uninstall List ==========[/color] <br/> <br/>[HKEY_USERS\S-1-5-21-1315876244-2709806311-3956440418-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] <br/>"Dropbox" = Dropbox <br/>"Google Chrome" = Google Chrome <br/>"GoToMeeting" = GoToMeeting 5.7.0.1172 <br/>"UnityWebPlayer" = Unity Web Player <br/>"Viber" = Viber <br/>"Winamp Detect" = Winamp Detector Plug-in <br/> <br/>[color=#E56717]========== Last 20 Event Log Errors ==========[/color] <br/> <br/>[ Application Events ] <br/>Error - 10/15/2011 12:00:07 AM | Computer Name = Thanh-PC | Source = Microsoft-Windows-CAPI2 | ID = 131585 <br/>Description = <br/> <br/>Error - 10/15/2011 12:25:20 AM | Computer Name = Thanh-PC | Source = WinMgmt | ID = 10 <br/>Description = <br/> <br/>Error - 10/15/2011 9:42:05 AM | Computer Name = Thanh-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083 <br/>Description = <br/> <br/>Error - 10/16/2011 12:00:07 AM | Computer Name = Thanh-PC | Source = Microsoft-Windows-CAPI2 | ID = 131585 <br/>Description = <br/> <br/>Error - 10/16/2011 9:42:03 AM | Computer Name = Thanh-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083 <br/>Description = <br/> <br/>Error - 10/17/2011 12:00:07 AM | Computer Name = Thanh-PC | Source = Microsoft-Windows-CAPI2 | ID = 131585 <br/>Description = <br/> <br/>Error - 10/17/2011 12:27:06 AM | Computer Name = Thanh-PC | Source = Microsoft-Windows-CAPI2 | ID = 131585 <br/>Description = <br/> <br/>Error - 10/17/2011 12:35:05 AM | Computer Name = Thanh-PC | Source = WinMgmt | ID = 10 <br/>Description = <br/> <br/>Error - 10/17/2011 9:41:59 AM | Computer Name = Thanh-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083 <br/>Description = <br/> <br/>Error - 10/18/2011 12:00:09 AM | Computer Name = Thanh-PC | Source = Microsoft-Windows-CAPI2 | ID = 131585 <br/>Description = <br/> <br/>[ Broadcom Wireless LAN Events ] <br/>Error - 8/18/2013 9:13:42 PM | Computer Name = Thanh-PC | Source = WLAN-Tray | ID = 0 <br/>Description = 21:13:42, Sun, Aug 18, 13 Error - Unable to gain access to user store <br/> <br/> <br/>Error - 8/18/2013 9:28:16 PM | Computer Name = Thanh-PC | Source = WLAN-Tray | ID = 0 <br/>Description = 21:28:15, Sun, Aug 18, 13 Error - Unable to gain access to user store <br/> <br/> <br/>Error - 12/30/2013 1:07:50 PM | Computer Name = Thanh-PC | Source = WLAN-Tray | ID = 0 <br/>Description = 12:07:18, Mon, Dec 30, 13 Error - Unable to gain access to user store <br/> <br/> <br/>Error - 1/2/2014 11:52:17 PM | Computer Name = Thanh-PC | Source = WLAN-Tray | ID = 0 <br/>Description = 22:52:16, Thu, Jan 02, 14 Error - Unable to gain access to user store <br/> <br/> <br/>[ OSession Events ] <br/>Error - 1/16/2013 12:10:03 PM | Computer Name = Thanh-PC | Source = Microsoft Office 12 Sessions | ID = 7001 <br/>Description = ID: 0, Application Name: Microsoft Office Word, Application Version: <br/> 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 85270 <br/> seconds with 180 seconds of active time. This session ended with a crash. <br/> <br/>Error - 2/4/2013 10:51:37 PM | Computer Name = Thanh-PC | Source = Microsoft Office 12 Sessions | ID = 7001 <br/>Description = ID: 1, Application Name: Microsoft Office Excel, Application Version: <br/> 12.0.6565.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 20939 <br/> seconds with 420 seconds of active time. This session ended with a crash. <br/> <br/>Error - 2/28/2013 10:22:25 PM | Computer Name = Thanh-PC | Source = Microsoft Office 12 Sessions | ID = 7001 <br/>Description = ID: 1, Application Name: Microsoft Office Excel, Application Version: <br/> 12.0.6565.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 24645 <br/> seconds with 480 seconds of active time. This session ended with a crash. <br/> <br/>Error - 7/18/2013 12:17:51 PM | Computer Name = Thanh-PC | Source = Microsoft Office 12 Sessions | ID = 7001 <br/>Description = ID: 1, Application Name: Microsoft Office Excel, Application Version: <br/> 12.0.6565.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 37927 <br/> seconds with 60 seconds of active time. This session ended with a crash. <br/> <br/>Error - 7/24/2013 11:20:38 AM | Computer Name = Thanh-PC | Source = Microsoft Office 12 Sessions | ID = 7001 <br/>Description = ID: 8, Application Name: Microsoft Office Publisher, Application Version: <br/> 12.0.6652.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 77119 <br/> seconds with 120 seconds of active time. This session ended with a crash. <br/> <br/>Error - 7/24/2013 11:23:18 AM | Computer Name = Thanh-PC | Source = Microsoft Office 12 Sessions | ID = 7001 <br/>Description = ID: 8, Application Name: Microsoft Office Publisher, Application Version: <br/> 12.0.6652.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 36 <br/> seconds with 0 seconds of active time. This session ended with a crash. <br/> <br/>Error - 7/24/2013 11:23:53 AM | Computer Name = Thanh-PC | Source = Microsoft Office 12 Sessions | ID = 7001 <br/>Description = ID: 8, Application Name: Microsoft Office Publisher, Application Version: <br/> 12.0.6652.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 23 <br/> seconds with 0 seconds of active time. This session ended with a crash. <br/> <br/>Error - 7/24/2013 11:24:16 AM | Computer Name = Thanh-PC | Source = Microsoft Office 12 Sessions | ID = 7001 <br/>Description = ID: 8, Application Name: Microsoft Office Publisher, Application Version: <br/> 12.0.6652.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 15 <br/> seconds with 0 seconds of active time. This session ended with a crash. <br/> <br/>Error - 7/24/2013 11:25:45 AM | Computer Name = Thanh-PC | Source = Microsoft Office 12 Sessions | ID = 7001 <br/>Description = ID: 8, Application Name: Microsoft Office Publisher, Application Version: <br/> 12.0.6652.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 25 <br/> seconds with 0 seconds of active time. This session ended with a crash. <br/> <br/>Error - 7/24/2013 11:25:45 AM | Computer Name = Thanh-PC | Source = Microsoft Office 12 Sessions | ID = 7001 <br/>Description = ID: 8, Application Name: Microsoft Office Publisher, Application Version: <br/> 12.0.6652.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 82 <br/> seconds with 0 seconds of active time. This session ended with a crash. <br/> <br/>[ System Events ] <br/>Error - 1/3/2014 1:07:05 AM | Computer Name = Thanh-PC | Source = disk | ID = 262151 <br/>Description = The device, \Device\Harddisk0\DR0, has a bad block. <br/> <br/>Error - 1/3/2014 1:07:07 AM | Computer Name = Thanh-PC | Source = disk | ID = 262151 <br/>Description = The device, \Device\Harddisk0\DR0, has a bad block. <br/> <br/>Error - 1/3/2014 1:07:10 AM | Computer Name = Thanh-PC | Source = disk | ID = 262151 <br/>Description = The device, \Device\Harddisk0\DR0, has a bad block. <br/> <br/>Error - 1/3/2014 1:07:13 AM | Computer Name = Thanh-PC | Source = disk | ID = 262151 <br/>Description = The device, \Device\Harddisk0\DR0, has a bad block. <br/> <br/>Error - 1/3/2014 1:07:16 AM | Computer Name = Thanh-PC | Source = disk | ID = 262151 <br/>Description = The device, \Device\Harddisk0\DR0, has a bad block. <br/> <br/>Error - 1/3/2014 1:07:18 AM | Computer Name = Thanh-PC | Source = disk | ID = 262151 <br/>Description = The device, \Device\Harddisk0\DR0, has a bad block. <br/> <br/>Error - 1/3/2014 1:07:21 AM | Computer Name = Thanh-PC | Source = disk | ID = 262151 <br/>Description = The device, \Device\Harddisk0\DR0, has a bad block. <br/> <br/>Error - 1/3/2014 1:07:24 AM | Computer Name = Thanh-PC | Source = disk | ID = 262151 <br/>Description = The device, \Device\Harddisk0\DR0, has a bad block. <br/> <br/>Error - 1/3/2014 1:07:27 AM | Computer Name = Thanh-PC | Source = disk | ID = 262151 <br/>Description = The device, \Device\Harddisk0\DR0, has a bad block. <br/> <br/>Error - 1/3/2014 1:33:25 AM | Computer Name = Thanh-PC | Source = disk | ID = 262151 <br/>Description = The device, \Device\Harddisk0\DR0, has a bad block. <br/> <br/> <br/>< End of report >
Posted 1/4/2014 5:24 AM
#96390
User avatar

Touch Advanced member

Date Joined Nov 2016
Total Posts: 12976
We need to run an OTL Fix <br/> <br/>• Please reopen OTL on your desktop. <br/>• Copy and Paste the following text in into the Custom Scan textbox. <br/> <br/> <br/> <br/>:Services  <br/> <br/>:OTL  <br/>IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = <br/> IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = <br/>IE - HKU\S-1-5-21-1315876244-2709806311-3956440418-1000\..\SearchScopes,DefaultScope = {6B96028B-FF75-4B7B-B9D8-08960900E0A6} <br/>IE - HKU\S-1-5-21-1315876244-2709806311-3956440418-1000\..\SearchScopes\{180780f0-b348-4b44-8210-94a8f3ee15b2}: "URL" = http://search.comcast.net/search/?cat=Web&con=toolbar&q={searchTerms} <br/>IE - HKU\S-1-5-21-1315876244-2709806311-3956440418-1000\..\SearchScopes\{6B96028B-FF75-4B7B-B9D8-08960900E0A6}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3300196&CUI=UN10264570271957221&UM=2 <br/>IE - HKU\S-1-5-21-1315876244-2709806311-3956440418-1000\..\SearchScopes\{B1BDA88C-572F-447A-8CE1-7CA81F229114}: "URL" = http://www.gisly.com/search/?q={searchTerms}&ie=utf-8&oe=utf-8&aq=t&rls=XThhMHcJ <br/>CHR - default_search_provider: Conduit (Enabled) <br/>CHR - default_search_provider: search_url = http://search.conduit.com/Results.aspx?q={searchTerms}&SearchSource=49&CUI=UN88772357139682570&ctid=CT3300196&UM=2 <br/>CHR - default_search_provider: suggest_url = http://suggest.search.conduit.com/CSuggestJson.ashx?prefix={searchTerms}&CUI=UN88772357139682570&UM=2, <br/>O4 - HKLM..\Run: [] File not found <br/>O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe (Adobe Systems Inc.) <br/>O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated) <br/>O4 - HKLM..\Run: [Adobe_ID0ENQBO] C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4Tray.exe (Adobe Systems Incorporated) <br/>O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated) <br/>O4 - HKLM..\Run: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin File not found <br/>O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated) <br/>O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) <br/>O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe () <br/>[1 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ] <br/> <br/>@Alternate Data Stream - 60 bytes -> C:\Users\Thanh\Desktop\PixelationEffectAS3.zip:AFP_AFPINFO <br/>@Alternate Data Stream - 288 bytes -> C:\ProgramData:iSpring Pro 5 <br/>@Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:98781370 :Reg  <br/>:Files  <br/>ipconfig /flushdns /c  <br/>:Commands  <br/>[purity]  <br/>[resethosts]  <br/>[CreateRestorePoint]  <br/>[emptytemp]  <br/>[EMPTYFLASH] <br/> <br/> <br/> <br/>• Push Run Fix Button <br/>• OTL may ask to reboot the machine. Please do so if asked. <br/>• Click OK. <br/>• A report will open. Copy and Paste that report in your next reply. <br/> <br/>• If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date of the tool run. <br/> <br/> <br/> <br/> <br/>Please download Adwcleaner -> <br/> <br/>[url] http://general-changelog-team.fr/fr/downloads/finish/20-outils-de-xplode/2-adwcleaner [/url] <br/> <br/> <br/>• Double click on AdwCleaner.exe to run the tool. <br/>***Note: Windows Vista and Windows 7 users: <br/>Right click in the adwCleaner.exe and select – Run as admin <br/>• Click Delete. <br/>• Everything that was found will be deleted. <br/>• Save any open files and approve the reboot. A text file will open after the restart. <br/> <br/> <br/> <br/>Next - <br/>Junkware Removal Tool by thisisu <br/> <br/>Download: http://www.bleepingcomputer.com/download/junkware-removal-tool/ <br/> <br/> <br/>Disable your Antivirus program if required <br/>For vista and windows 7 right click on the tool and select run as administrator <br/> <br/>After the scan is completed, post the generated log here.

[color=black face="Courier New" sab="311">[2]Click here: Before-posting-a-log[/2][/url]

<?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" />
[/color]
Do not PM me with logfiles. They will be deleted.


Posted 1/4/2014 7:06 PM
#96396
User avatar

neo2000x Member

Date Joined Nov 2016
Total Posts: 4
Here are the logs. I have everything except the Adwcleaner log. I ran it in safe mode and then when I came back the PC appeared to be in normal windows mode. There were notepad logs on the screen but as soon as I clicked on them they closed. Not sure what happened, but looked like they were temporary files that got removed? I'll run Adwcleaner again and post later. <br/> <br/> <br/> <br/> <br/>OTL Log <br/> <br/>All processes killed <br/>========== SERVICES/DRIVERS ========== <br/>========== OTL ========== <br/>HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully! <br/>HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully! <br/>HKEY_USERS\S-1-5-21-1315876244-2709806311-3956440418-1000\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully! <br/>Registry key HKEY_USERS\S-1-5-21-1315876244-2709806311-3956440418-1000\Software\Microsoft\Internet Explorer\SearchScopes\{180780f0-b348-4b44-8210-94a8f3ee15b2}\ deleted successfully. <br/>Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{180780f0-b348-4b44-8210-94a8f3ee15b2}\ not found. <br/>Registry key HKEY_USERS\S-1-5-21-1315876244-2709806311-3956440418-1000\Software\Microsoft\Internet Explorer\SearchScopes\{6B96028B-FF75-4B7B-B9D8-08960900E0A6}\ deleted successfully. <br/>Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6B96028B-FF75-4B7B-B9D8-08960900E0A6}\ not found. <br/>Registry key HKEY_USERS\S-1-5-21-1315876244-2709806311-3956440418-1000\Software\Microsoft\Internet Explorer\SearchScopes\{B1BDA88C-572F-447A-8CE1-7CA81F229114}\ deleted successfully. <br/>Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B1BDA88C-572F-447A-8CE1-7CA81F229114}\ not found. <br/>Use Chrome's Settings page to remove the default_search_provider items. <br/>Use Chrome's Settings page to remove the default_search_provider items. <br/>Use Chrome's Settings page to remove the default_search_provider items. <br/>Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully. <br/>Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Acrobat Assistant 8.0 deleted successfully. <br/>C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe moved successfully. <br/>Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Adobe Acrobat Speed Launcher deleted successfully. <br/>C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrobat_sl.exe moved successfully. <br/>Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Adobe_ID0ENQBO deleted successfully. <br/>C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4Tray.exe moved successfully. <br/>Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\AdobeCS4ServiceManager deleted successfully. <br/>C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe moved successfully. <br/>Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\AdobeCS5.5ServiceManager deleted successfully. <br/>Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\AdobeCS5ServiceManager deleted successfully. <br/>C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe moved successfully. <br/>Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\APSDaemon deleted successfully. <br/>C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe moved successfully. <br/>Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\DivXUpdate deleted successfully. <br/>C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe moved successfully. <br/>C:\Windows\SysNative\drivers\~GLH0020.TMP deleted successfully. <br/>ADS C:\Users\Thanh\Desktop\PixelationEffectAS3.zip:AFP_AFPINFO deleted successfully. <br/>ADS C:\ProgramData:iSpring Pro 5 deleted successfully. <br/>Unable to delete ADS C:\ProgramData\TEMP:98781370 :Reg . <br/>========== FILES ========== <br/>[color=#A23BEC]< ipconfig /flushdns /c >[/color] <br/>Windows IP Configuration <br/>Successfully flushed the DNS Resolver Cache. <br/>C:\cmd.bat deleted successfully. <br/>C:\cmd.txt deleted successfully. <br/>========== COMMANDS ========== <br/>File move failed. C:\Windows\System32\drivers\etc\Hosts scheduled to be moved on reboot. <br/>HOSTS file reset successfully <br/>Unable to start System Restore Service. Error code 1084 <br/> <br/>[EMPTYTEMP] <br/> <br/>User: All Users <br/> <br/>User: AppData <br/>->Temp folder emptied: 0 bytes <br/> <br/>User: Default <br/>->Temp folder emptied: 0 bytes <br/>->Temporary Internet Files folder emptied: 67 bytes <br/>->Flash cache emptied: 56504 bytes <br/> <br/>User: Default User <br/>->Temp folder emptied: 0 bytes <br/>->Temporary Internet Files folder emptied: 0 bytes <br/>->Flash cache emptied: 0 bytes <br/> <br/>User: Public <br/>->Temp folder emptied: 0 bytes <br/> <br/>User: Thanh <br/>->Temp folder emptied: 31832 bytes <br/>->Temporary Internet Files folder emptied: 1782669971 bytes <br/>->Java cache emptied: 18708958 bytes <br/>->FireFox cache emptied: 139892259 bytes <br/>->Google Chrome cache emptied: 7779320 bytes <br/>->Apple Safari cache emptied: 1759232 bytes <br/>->Flash cache emptied: 3233736 bytes <br/> <br/>%systemdrive% .tmp files removed: 0 bytes <br/>%systemroot% .tmp files removed: 0 bytes <br/>%systemroot%\System32 .tmp files removed: 0 bytes <br/>%systemroot%\System32 (64bit) .tmp files removed: 0 bytes <br/>%systemroot%\System32\drivers .tmp files removed: 0 bytes <br/>Windows Temp folder emptied: 0 bytes <br/>%systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 9202250 bytes <br/>%systemroot%\system32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 753 bytes <br/>%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 87022693 bytes <br/>RecycleBin emptied: 0 bytes <br/> <br/>Total Files Cleaned = 1,955.00 mb <br/> <br/> <br/>[EMPTYFLASH] <br/> <br/>User: All Users <br/> <br/>User: AppData <br/> <br/>User: Default <br/>->Flash cache emptied: 0 bytes <br/> <br/>User: Default User <br/>->Flash cache emptied: 0 bytes <br/> <br/>User: Public <br/> <br/>User: Thanh <br/>->Flash cache emptied: 0 bytes <br/> <br/>Total Flash Files Cleaned = 0.00 mb <br/> <br/> <br/>OTL by OldTimer - Version 3.2.69.0 log created on 01042014_023816 <br/> <br/>Files\Folders moved on Reboot... <br/>File move failed. C:\Windows\System32\drivers\etc\Hosts scheduled to be moved on reboot. <br/> <br/>PendingFileRenameOperations files... <br/> <br/>Registry entries deleted on Reboot... <br/> <br/> <br/> <br/> <br/> <br/> <br/>Junk Removal Tool Log <br/> <br/>~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ <br/>Junkware Removal Tool (JRT) by Thisisu <br/>Version: 6.0.9 (01.01.2014:1) <br/>OS: Windows (TM) Vista Home Premium x64 <br/>Ran by Thanh on Sat 01/04/2014 at 13:00:30.37 <br/>~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ <br/> <br/> <br/> <br/> <br/>~~~ Services <br/> <br/> <br/> <br/>~~~ Registry Values <br/> <br/> <br/> <br/>~~~ Registry Keys <br/> <br/> <br/> <br/>~~~ Files <br/> <br/> <br/> <br/>~~~ Folders <br/> <br/>Successfully deleted: [Folder] "C:\Users\Thanh\AppData\Roaming\getrighttogo" <br/>Successfully deleted: [Folder] "C:\Users\Thanh\appdata\local\cre" <br/> <br/> <br/> <br/>~~~ FireFox <br/> <br/>Emptied folder: C:\Users\Thanh\AppData\Roaming\mozilla\firefox\profiles\fxflq1vf.default\minidumps [1 files] <br/> <br/> <br/> <br/>~~~ Event Viewer Logs were cleared <br/> <br/> <br/> <br/> <br/> <br/>~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ <br/>Scan was completed on Sat 01/04/2014 at 13:03:55.41 <br/>End of JRT log <br/>~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Posted 1/4/2014 8:43 PM
#96397
User avatar

neo2000x Member

Date Joined Nov 2016
Total Posts: 4
Adwcleaner Log: <br/> <br/> <br/># AdwCleaner v3.016 - Report created 04/01/2014 at 14:14:31 <br/># Updated 23/12/2013 by Xplode <br/># Operating System : Windows (TM) Vista Home Premium Service Pack 2 (64 bits) <br/># Username : Thanh - THANH-PC <br/># Running from : C:\adwcleaner.exe <br/># Option : Clean <br/> <br/>***** [ Services ] ***** <br/> <br/> <br/>***** [ Files / Folders ] ***** <br/> <br/> <br/>***** [ Shortcuts ] ***** <br/> <br/> <br/>***** [ Registry ] ***** <br/> <br/> <br/>***** [ Browsers ] ***** <br/> <br/>-\\ Internet Explorer v8.0.6001.19170 <br/> <br/> <br/>-\\ Mozilla Firefox v3.6.25 (en-US) <br/> <br/>[ File : C:\Users\Thanh\AppData\Roaming\Mozilla\Firefox\Profiles\fxflq1vf.default\prefs.js ] <br/> <br/> <br/>-\\ Google Chrome v <br/> <br/>[ File : C:\Users\Thanh\AppData\Local\Google\Chrome\User Data\Default\preferences ] <br/> <br/> <br/>************************* <br/> <br/>AdwCleaner[R0].txt - [2980 octets] - [04/01/2014 02:50:07] <br/>AdwCleaner[R1].txt - [993 octets] - [04/01/2014 11:18:49] <br/>AdwCleaner[R2].txt - [1113 octets] - [04/01/2014 14:07:32] <br/>AdwCleaner[S0].txt - [2905 octets] - [04/01/2014 02:52:58] <br/>AdwCleaner[S1].txt - [1053 octets] - [04/01/2014 11:51:00] <br/>AdwCleaner[S2].txt - [1035 octets] - [04/01/2014 14:14:31] <br/> <br/>########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [1095 octets] ##########
Posted 1/5/2014 8:32 AM
#96400
User avatar

Touch Advanced member

Date Joined Nov 2016
Total Posts: 12976
Please run combofix - (allow it to update, if asked) <br/> <br/> <br/> <br/>Post new combofix log, and tell how things are running ?

[color=black face="Courier New" sab="311">[2]Click here: Before-posting-a-log[/2][/url]

<?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" />
[/color]
Do not PM me with logfiles. They will be deleted.


  • Unread posts or replies
  • No unread posts or replies
  • Unread Posts (Read Only Forum)
  • No Unread Posts (Read Only Forum)

Forum Information

Currently it is Saturday, December 10, 2016, 7:44 PM (GMT +1)
There are a total of 61,164 posts in 13,450 threads.
In the last 3 days there were 1 new threads and 4 reply posts.

Who's online

This forum has 37,970 registered members. Please welcome our newest member, MJD.
There are currently no users on-line.