WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. Join 93100 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!

Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Please help - I believe I have a virus [Solved]

Started by tahaminey , Sep 20 2013 05:32 AM

This topic is locked

24 replies to this topic

#1 tahaminey

Authentic Member

Authentic Member
69 posts

Posted 20 September 2013 - 05:32 AM

Recently whenever I start my computer it loads and lets me log in but instead of taking me to my desktop, it just shows a black screen with my mouse which I can move around. When I hit the restart button, it then loads and lets me log on and most of the time it starts up normally and shows my desktop but today I am unable to do that. I am currently using safe mode.

I ran a scan using OTL. Below are the results of the OTL.Txt file and Extras.Txt file.

Here is the result of the OTL.Txt file:

OTL logfile created on: 9/20/2013 9:18:48 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\KIEU\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16686)
Locale: 00000409 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

11.99 Gb Total Physical Memory | 10.77 Gb Available Physical Memory | 89.79% Memory free
23.98 Gb Paging File | 22.78 Gb Available in Paging File | 95.01% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 574.97 Gb Total Space | 194.50 Gb Free Space | 33.83% Space Free | Partition Type: NTFS
Drive L: | 374.28 Gb Total Space | 41.81 Gb Free Space | 11.17% Space Free | Partition Type: NTFS
Drive M: | 151.19 Gb Total Space | 17.25 Gb Free Space | 11.41% Space Free | Partition Type: NTFS
Drive N: | 195.31 Gb Total Space | 62.48 Gb Free Space | 31.99% Space Free | Partition Type: NTFS
Drive O: | 58.59 Gb Total Space | 11.19 Gb Free Space | 19.10% Space Free | Partition Type: NTFS
Drive P: | 39.06 Gb Total Space | 6.83 Gb Free Space | 17.49% Space Free | Partition Type: NTFS

Computer Name: KIEU-PC | User Name: KIEU | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\KIEU\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Modules (No Company Name) ==========

MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ()

========== Services (SafeList) ==========

SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:64bit: - (NisSrv) -- C:\Program Files\Microsoft Security Client\NisSrv.exe (Microsoft Corporation)
SRV:64bit: - (MsMpSvc) -- C:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (WDDMService) -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe (WDC)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (Giraffic) -- C:\Program Files (x86)\Giraffic\Veoh_GirafficWatchdog.exe (Giraffic)
SRV - (SvcOnlineArmor) -- C:\Program Files (x86)\Online Armor\OAsrv.exe (Emsisoft GmbH)
SRV - (OAcat) -- C:\Program Files (x86)\Online Armor\oacat.exe (Emsisoft GmbH)
SRV - (nosGetPlusHelper) -- C:\Program Files (x86)\NOS\bin\getPlus_Helper_3004.dll (NOS Microsystems Ltd.)
SRV - (SeagateDashboardService) -- C:\Program Files (x86)\Seagate\Seagate Dashboard\SeagateDashboardService.exe (Memeo)
SRV - (MemeoBackgroundService) -- C:\Program Files (x86)\Memeo\AutoBackup\MemeoBackgroundService.exe (Memeo)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (Nero BackItUp Scheduler 4.0) -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG)
SRV - (WDSmartWareBackgroundService) -- C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe (Memeo)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (ServiceLayer) -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe (Nokia.)
SRV - (Maxtor Sync Service) -- C:\Program Files (x86)\Maxtor\Sync\SyncServices.exe (Seagate Technology LLC)
SRV - (Capture Device Service) -- C:\Program Files (x86)\Common Files\InterVideo\DeviceService\DevSvc.exe (InterVideo Inc.)
SRV - (PLFlash DeviceIoControl Service) -- C:\Windows\SysWOW64\IoctlSvc.exe (Prolific Technology Inc.)

========== Driver Services (SafeList) ==========

DRV:64bit: - (NisDrv) -- C:\Windows\SysNative\drivers\NisDrvWFP.sys (Microsoft Corporation)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (OAnet) -- C:\Windows\SysNative\drivers\OAnet.sys (Emsisoft)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (epmntdrv) -- C:\Windows\SysNative\epmntdrv.sys ()
DRV:64bit: - (EuGdiDrv) -- C:\Windows\SysNative\EuGdiDrv.sys ()
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek )
DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (AtiHDAudioService) -- C:\Windows\SysNative\drivers\AtihdW76.sys (ATI Technologies, Inc.)
DRV:64bit: - (cpuz134) -- C:\Windows\SysNative\drivers\cpuz134_x64.sys (Windows ® Win 7 DDK provider)
DRV:64bit: - (sssdmdm) -- C:\Windows\SysNative\drivers\sssdmdm.sys (MCCI Corporation)
DRV:64bit: - (sssdmgmt) -- C:\Windows\SysNative\drivers\sssdmgmt.sys (MCCI Corporation)
DRV:64bit: - (sssdobex) -- C:\Windows\SysNative\drivers\sssdobex.sys (MCCI Corporation)
DRV:64bit: - (sssdbus) -- C:\Windows\SysNative\drivers\sssdbus.sys (MCCI Corporation)
DRV:64bit: - (sssdmdfl) -- C:\Windows\SysNative\drivers\sssdmdfl.sys (MCCI Corporation)
DRV:64bit: - (e1kexpress) -- C:\Windows\SysNative\drivers\e1k62x64.sys (Intel Corporation)
DRV:64bit: - (HECIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (USB28xxBGA) -- C:\Windows\SysNative\drivers\emBDA64.sys (eMPIA Technology, Inc.)
DRV:64bit: - (USB28xxOEM) -- C:\Windows\SysNative\drivers\emOEM64.sys (eMPIA Technology, Inc.)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (WDC_SAM) -- C:\Windows\SysNative\drivers\wdcsam64.sys (Western Digital Technologies)
DRV:64bit: - (pccsmcfd) -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys (Nokia)
DRV - (OAmon) -- C:\Windows\SysWOW64\drivers\OAmon.sys (Emsisoft)
DRV - (OADevice) -- C:\Windows\SysWOW64\drivers\OADriver.sys ()
DRV - (oahlpXX) -- C:\Windows\SysWOW64\drivers\oahlp64.sys ()
DRV - (epmntdrv) -- C:\Windows\SysWOW64\epmntdrv.sys ()
DRV - (EuGdiDrv) -- C:\Windows\SysWOW64\EuGdiDrv.sys ()
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\URLSearchHook: {66f2e20d-0da8-4c11-a9c8-dd8477b88acd} - C:\Program Files (x86)\ZoneAlarm\tbZone.dll (Conduit Ltd.)
IE - HKLM\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuze.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.condui...;ctid=CT2611275

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com.au/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-au
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 5A 58 C4 3E 99 3B CB 01 [binary data]
IE - HKCU\..\URLSearchHook: {66f2e20d-0da8-4c11-a9c8-dd8477b88acd} - C:\Program Files (x86)\ZoneAlarm\tbZone.dll (Conduit Ltd.)
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{02EB73B6-1491-490D-BEA7-CB41F7BE4A0E}: "URL" = http://websearch.ask...AE-E796DD27F2F0
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...amp;FORM=IE10SR
IE - HKCU\..\SearchScopes\{0D7562AE-8EF6-416d-A838-AB665251703A}: "URL" = http://start.facemoo...s...hTerms}&f=4
IE - HKCU\..\SearchScopes\{36BBC5EA-56CD-46C2-B93C-1A26BF380F71}: "URL" = http://au.search.yah...p={searchTerms}
IE - HKCU\..\SearchScopes\{A3E02CAC-AF9D-446B-BF46-9937649ABCD5}: "URL" = http://search.avg.co...m...y=&ychte=us
IE - HKCU\..\SearchScopes\{AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8}: "URL" = http://www.daemon-se...q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Veoh Web Player Customized Web Search"
FF - prefs.js..browser.search.defaultthis.engineName: "Veoh Web Player Customized Web Search"
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=386496"
FF - prefs.js..browser.search.selectedEngine: "Veoh Web Player Customized Web Search"
FF - prefs.js..browser.startup.homepage: "google.com"
FF - prefs.js..extensions.enabledAddons: firefox%40mega.co.nz:1.0.3
FF - prefs.js..extensions.enabledAddons: %7B73a6fe31-595d-460b-a920-fcc0f8843232%7D:2.6.7.1
FF - prefs.js..extensions.enabledAddons: %7Ba0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7%7D:20130917
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:23.0.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {ba14329e-9550-4989-b3f2-9732e92d17cc}:2.7.2.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..keyword.URL: "chrome://browser-region/locale/region.properties"
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_168.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.0-git-20120207-0402: C:\Program Files\VideoLAN\VLC\npvlc.dll File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_168.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\npFFApi.dll File not found
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)

64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\PROGRAM FILES\CHECKPOINT\ZAFORCEFIELD\TRUSTCHECKER
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 23.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/08/17 18:31:19 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 23.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/08/17 18:31:19 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{5820539B-D2F8-11E1-8270-B8AC6F996F26}: C:\Users\KIEU\AppData\Local\{5820539B-D2F8-11E1-8270-B8AC6F996F26}\ [2012/07/21 15:53:10 | 000,000,000 | ---D | M]

[2010/09/16 22:23:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\KIEU\AppData\Roaming\Mozilla\Extensions
[2013/09/20 20:39:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\KIEU\AppData\Roaming\Mozilla\Firefox\Profiles\4z6f4a15.default\extensions
[2013/09/20 20:39:54 | 000,000,000 | ---D | M] (WOT) -- C:\Users\KIEU\AppData\Roaming\Mozilla\Firefox\Profiles\4z6f4a15.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2013/09/08 23:35:40 | 000,000,000 | ---D | M] (Vuze Remote Community Toolbar) -- C:\Users\KIEU\AppData\Roaming\Mozilla\Firefox\Profiles\4z6f4a15.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}
[2013/09/10 23:35:53 | 000,000,000 | ---D | M] (Veoh Web Player) -- C:\Users\KIEU\AppData\Roaming\Mozilla\Firefox\Profiles\4z6f4a15.default\extensions\{cd90bf73-20f6-44ef-993d-bb920303bd2e}
[2011/05/09 19:11:31 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\KIEU\AppData\Roaming\Mozilla\Firefox\Profiles\4z6f4a15.default\extensions\engine@conduit.com
[2013/08/26 23:35:43 | 000,000,000 | ---D | M] (FoxyProxy Standard) -- C:\Users\KIEU\AppData\Roaming\Mozilla\Firefox\Profiles\4z6f4a15.default\extensions\foxyproxy@eric.h.jung
[2013/07/03 23:19:24 | 000,191,061 | ---- | M] () (No name found) -- C:\Users\KIEU\AppData\Roaming\Mozilla\Firefox\Profiles\4z6f4a15.default\extensions\autoproxy@autoproxy.org.xpi
[2013/04/10 23:16:10 | 000,004,366 | ---- | M] () (No name found) -- C:\Users\KIEU\AppData\Roaming\Mozilla\Firefox\Profiles\4z6f4a15.default\extensions\firefox@mega.co.nz.xpi
[2013/08/16 18:45:05 | 000,534,203 | ---- | M] () (No name found) -- C:\Users\KIEU\AppData\Roaming\Mozilla\Firefox\Profiles\4z6f4a15.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
[2013/08/30 23:35:34 | 000,017,429 | ---- | M] () (No name found) -- C:\Users\KIEU\AppData\Roaming\Mozilla\Firefox\Profiles\4z6f4a15.default\extensions\{b9bfaf1c-a63f-47cd-8b9a-29526ced9060}.xpi
[2013/07/31 23:36:02 | 000,824,302 | ---- | M] () (No name found) -- C:\Users\KIEU\AppData\Roaming\Mozilla\Firefox\Profiles\4z6f4a15.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2011/05/17 13:12:44 | 000,002,333 | ---- | M] () -- C:\Users\KIEU\AppData\Roaming\Mozilla\Firefox\Profiles\4z6f4a15.default\searchplugins\askcom.xml
[2011/08/14 14:54:24 | 000,000,933 | ---- | M] () -- C:\Users\KIEU\AppData\Roaming\Mozilla\Firefox\Profiles\4z6f4a15.default\searchplugins\conduit.xml
[2011/03/05 22:06:25 | 000,002,055 | ---- | M] () -- C:\Users\KIEU\AppData\Roaming\Mozilla\Firefox\Profiles\4z6f4a15.default\searchplugins\daemon-search.xml
[2013/08/17 18:31:18 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2013/08/17 18:31:43 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2011/07/12 07:48:12 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll
[2011/03/05 23:15:08 | 000,002,046 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\fcmdSrchddr.xml

O1 HOSTS File: ([2013/07/03 19:23:38 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (ZoneAlarm Toolbar) - {66f2e20d-0da8-4c11-a9c8-dd8477b88acd} - C:\Program Files (x86)\ZoneAlarm\tbZone.dll (Conduit Ltd.)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (FDMIECookiesBHO Class) - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files (x86)\Free Download Manager\iefdm2.dll ()
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - No CLSID value found.
O3 - HKLM\..\Toolbar: (ZoneAlarm Toolbar) - {66f2e20d-0da8-4c11-a9c8-dd8477b88acd} - C:\Program Files (x86)\ZoneAlarm\tbZone.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (no name) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (ZoneAlarm Toolbar) - {66F2E20D-0DA8-4C11-A9C8-DD8477B88ACD} - C:\Program Files (x86)\ZoneAlarm\tbZone.dll (Conduit Ltd.)
O4:64bit: - HKLM..\Run: [@OnlineArmor GUI] C:\Program Files (x86)\Online Armor\oaui.exe (Emsisoft GmbH)
O4:64bit: - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ATICustomerCare] C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [Grid Service] C:\Program Files (x86)\GridService\peer.exe (FS2YOU)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files (x86)\QuickTime Alternative\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware (cleanup)] C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll (Malwarebytes Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (get_atlcom Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 198.142.0.51 211.29.132.12 198.142.235.14
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B049B388-EC3F-4F08-8105-A4F74514B980}: DhcpNameServer = 198.142.0.51 211.29.132.12 198.142.235.14
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32:64bit: VIDC.FFDS - ff_vfw.dll ()
Drivers32: msacm.ac3acm - C:\Windows\SysWow64\ac3acm.acm (fccHandler)
Drivers32: msacm.dvacm - C:\Program Files (x86)\Common Files\Ulead Systems\VIO\DVACM.acm (InterVideo Digital Technology Corporation)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.lameacm - C:\Windows\SysWow64\lameACM.acm (http://www.mp3dev.org/)
Drivers32: msacm.MPEGacm - C:\Program Files (x86)\Common Files\Ulead Systems\MPEG\MPEGACM.acm (Ulead Systems, Inc.)
Drivers32: msacm.ulmp3acm - C:\Program Files (x86)\Common Files\Ulead Systems\MPEG\ulmp3acm.acm (Ulead systems)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: VIDC.FFDS - C:\Program Files (x86)\Combined Community Codec Pack\Filters\FFDShow\ff_vfw.dll ()
Drivers32: VIDC.XVID - C:\Windows\SysWow64\xvidvfw.dll ()
Drivers32: VIDC.YV12 - C:\Windows\SysWow64\yv12vfw.dll (www.helixcommunity.org)

CREATERESTOREPOINT
Unable to start System Restore Service. Error code 1084

========== Files/Folders - Created Within 30 Days ==========

[2013/09/20 21:16:09 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\KIEU\Desktop\OTL.exe
[2013/09/12 00:49:24 | 000,526,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013/09/12 00:49:24 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013/09/12 00:49:23 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2013/09/12 00:49:23 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2013/09/12 00:49:23 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2013/09/12 00:49:23 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2013/09/12 00:49:22 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2013/09/12 00:49:22 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2013/09/12 00:49:22 | 000,089,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe
[2013/09/12 00:49:22 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
[2013/09/12 00:49:22 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2013/09/12 00:49:20 | 000,855,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013/09/12 00:49:20 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013/09/12 00:49:20 | 000,603,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013/09/12 00:49:19 | 003,959,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013/09/11 20:37:01 | 000,155,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ataport.sys
[2013/09/11 20:36:59 | 003,968,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2013/09/11 20:36:58 | 005,550,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2013/09/11 20:36:58 | 003,913,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2013/09/11 20:36:58 | 001,732,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntdll.dll
[2013/09/11 20:36:58 | 001,161,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll
[2013/09/11 20:36:58 | 000,424,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll
[2013/09/11 20:36:58 | 000,243,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll
[2013/09/11 20:36:58 | 000,112,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\smss.exe
[2013/09/11 20:36:57 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll
[2013/09/11 20:36:57 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\conhost.exe
[2013/09/11 20:36:57 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll
[2013/09/11 20:36:57 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\csrsrv.dll
[2013/09/11 20:36:57 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll
[2013/09/11 20:36:57 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
[2013/09/11 20:36:57 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll
[2013/09/11 20:36:57 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-security-base-l1-1-0.dll
[2013/09/11 20:36:57 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
[2013/09/11 20:36:57 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l1-1-0.dll
[2013/09/11 20:36:57 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
[2013/09/11 20:36:57 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll
[2013/09/11 20:36:57 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
[2013/09/11 20:36:57 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll
[2013/09/11 20:36:57 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
[2013/09/11 20:36:57 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll
[2013/09/11 20:36:57 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
[2013/09/11 20:36:57 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-synch-l1-1-0.dll
[2013/09/11 20:36:57 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
[2013/09/11 20:36:57 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
[2013/09/11 20:36:57 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll
[2013/09/11 20:36:57 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll
[2013/09/11 20:36:57 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
[2013/09/11 20:36:57 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll
[2013/09/11 20:36:57 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
[2013/09/11 20:36:57 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll
[2013/09/11 20:36:57 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-misc-l1-1-0.dll
[2013/09/11 20:36:57 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
[2013/09/11 20:36:57 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-memory-l1-1-0.dll
[2013/09/11 20:36:57 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
[2013/09/11 20:36:57 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll
[2013/09/11 20:36:57 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
[2013/09/11 20:36:57 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
[2013/09/11 20:36:57 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-heap-l1-1-0.dll
[2013/09/11 20:36:57 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll
[2013/09/11 20:36:57 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-util-l1-1-0.dll
[2013/09/11 20:36:57 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
[2013/09/11 20:36:57 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-string-l1-1-0.dll
[2013/09/11 20:36:57 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
[2013/09/11 20:36:57 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
[2013/09/11 20:36:57 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-profile-l1-1-0.dll
[2013/09/11 20:36:57 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
[2013/09/11 20:36:57 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-io-l1-1-0.dll
[2013/09/11 20:36:57 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll
[2013/09/11 20:36:57 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
[2013/09/11 20:36:57 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-handle-l1-1-0.dll
[2013/09/11 20:36:56 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
[2013/09/11 20:36:56 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
[2013/09/11 20:36:56 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\apisetschema.dll
[2013/09/11 20:36:56 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\apisetschema.dll
[2013/09/11 20:36:56 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
[2013/09/11 20:36:56 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
[2013/09/11 20:36:56 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
[2013/09/11 20:36:56 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localization-l1-1-0.dll
[2013/09/11 20:36:56 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
[2013/09/11 20:36:56 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
[2013/09/11 20:36:56 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
[2013/09/11 20:36:56 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll
[2013/09/11 20:36:56 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
[2013/09/11 20:36:56 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll
[2013/09/11 20:36:56 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
[2013/09/11 20:36:56 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll
[2013/09/11 20:36:56 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
[2013/09/11 20:36:56 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-debug-l1-1-0.dll
[2013/09/11 20:36:56 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
[2013/09/11 20:36:56 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll
[2013/09/11 20:36:56 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
[2013/09/11 20:36:56 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-console-l1-1-0.dll
[2013/09/11 20:36:56 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
[2013/09/11 20:36:32 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\shdocvw.dll
[1 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/09/20 21:16:12 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\KIEU\Desktop\OTL.exe
[2013/09/20 21:10:36 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/09/20 21:10:28 | 1066,803,198 | -HS- | M] () -- C:\hiberfil.sys
[2013/09/20 20:49:14 | 000,013,456 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/09/20 20:49:14 | 000,013,456 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/09/20 20:46:33 | 000,719,716 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/09/20 20:46:33 | 000,623,882 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/09/20 20:46:33 | 000,108,264 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/09/16 00:27:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/09/12 18:48:17 | 000,445,328 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/09/11 22:05:13 | 000,116,618 | ---- | M] () -- C:\Users\KIEU\Documents\002.jpg
[2013/09/11 20:27:39 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013/09/11 20:27:39 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013/09/11 20:27:07 | 009,430,408 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerInstaller.exe
[2013/08/28 00:17:03 | 000,001,815 | ---- | M] () -- C:\Users\Public\Desktop\Vuze.lnk
[2013/08/28 00:17:03 | 000,001,815 | ---- | M] () -- C:\Users\KIEU\Application Data\Microsoft\Internet Explorer\Quick Launch\Vuze.lnk
[2013/08/28 00:15:39 | 000,000,000 | ---- | M] () -- C:\END
[1 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/09/11 22:05:12 | 000,116,618 | ---- | C] () -- C:\Users\KIEU\Documents\002.jpg
[2013/03/13 20:41:05 | 000,000,042 | ---- | C] () -- C:\Users\KIEU\AppData\Roaming\mbam.context.scan
[2013/02/13 23:59:44 | 000,003,584 | ---- | C] () -- C:\Users\KIEU\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/09/27 17:24:35 | 000,062,016 | ---- | C] () -- C:\Windows\SysWow64\drivers\oahlp64.sys
[2012/09/27 17:24:35 | 000,061,632 | ---- | C] () -- C:\Windows\SysWow64\drivers\OADriver.sys
[2011/10/08 19:45:33 | 002,469,760 | ---- | C] () -- C:\Windows\SysWow64\BootMan.exe
[2011/10/08 19:45:33 | 000,086,408 | ---- | C] () -- C:\Windows\SysWow64\setupempdrv03.exe
[2011/10/08 19:45:33 | 000,019,840 | ---- | C] () -- C:\Windows\SysWow64\EuEpmGdi.dll
[2011/10/08 19:45:33 | 000,014,216 | ---- | C] () -- C:\Windows\SysWow64\epmntdrv.sys
[2011/10/08 19:45:33 | 000,008,456 | ---- | C] () -- C:\Windows\SysWow64\EuGdiDrv.sys
[2011/09/22 18:50:56 | 000,130,048 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall.exe
[2011/06/18 17:22:46 | 000,001,492 | ---- | C] () -- C:\ProgramData\ss.ini

========== ZeroAccess Check ==========

[2011/11/17 16:41:18 | 000,000,000 | -HSD | M] -- C:\Users\KIEU\AppData\Local\{8b625ada-0bb9-6eb8-4e4a-4e69d036dc8f}\L
[2012/09/25 22:14:01 | 000,000,000 | -HSD | M] -- C:\Users\KIEU\AppData\Local\{8b625ada-0bb9-6eb8-4e4a-4e69d036dc8f}\U
[2009/07/14 14:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"ThreadingModel" = Both
"" = C:\Windows\SysNative\shell32.dll -- [2013/07/26 12:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/07/26 12:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/26 11:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 11:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 22:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 11:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2012/03/01 00:26:01 | 000,000,000 | -H-D | M] -- C:\Users\KIEU\AppData\Roaming\8309D060
[2012/07/24 00:17:28 | 000,000,000 | ---D | M] -- C:\Users\KIEU\AppData\Roaming\Axiwoh
[2013/09/20 20:39:54 | 000,000,000 | ---D | M] -- C:\Users\KIEU\AppData\Roaming\Azureus
[2010/12/18 14:00:15 | 000,000,000 | ---D | M] -- C:\Users\KIEU\AppData\Roaming\CheckPoint
[2012/08/18 16:01:19 | 000,000,000 | ---D | M] -- C:\Users\KIEU\AppData\Roaming\DAEMON Tools Lite
[2012/09/28 17:15:57 | 000,000,000 | ---D | M] -- C:\Users\KIEU\AppData\Roaming\FFSJ
[2012/08/18 16:01:10 | 000,000,000 | ---D | M] -- C:\Users\KIEU\AppData\Roaming\Free Download Manager
[2012/07/21 15:52:13 | 000,000,000 | ---D | M] -- C:\Users\KIEU\AppData\Roaming\Ipxysy
[2010/09/05 15:03:25 | 000,000,000 | ---D | M] -- C:\Users\KIEU\AppData\Roaming\Leadertech
[2010/09/05 15:09:15 | 000,000,000 | ---D | M] -- C:\Users\KIEU\AppData\Roaming\Memeo
[2012/06/09 21:05:44 | 000,000,000 | ---D | M] -- C:\Users\KIEU\AppData\Roaming\MPEG Streamclip
[2012/08/10 19:47:37 | 000,000,000 | ---D | M] -- C:\Users\KIEU\AppData\Roaming\Okirax
[2012/09/27 17:25:56 | 000,000,000 | ---D | M] -- C:\Users\KIEU\AppData\Roaming\OnlineArmor
[2011/09/30 20:41:23 | 000,000,000 | ---D | M] -- C:\Users\KIEU\AppData\Roaming\PC Suite
[2012/07/24 20:44:40 | 000,000,000 | ---D | M] -- C:\Users\KIEU\AppData\Roaming\Rutipi
[2011/09/30 20:41:27 | 000,000,000 | ---D | M] -- C:\Users\KIEU\AppData\Roaming\Samsung
[2010/09/05 15:09:05 | 000,000,000 | ---D | M] -- C:\Users\KIEU\AppData\Roaming\Seagate
[2012/08/18 16:05:54 | 000,000,000 | ---D | M] -- C:\Users\KIEU\AppData\Roaming\Tuismy
[2010/09/29 22:47:48 | 000,000,000 | ---D | M] -- C:\Users\KIEU\AppData\Roaming\Ulead Systems
[2010/11/26 23:04:02 | 000,000,000 | ---D | M] -- C:\Users\KIEU\AppData\Roaming\Western Digital

========== Purity Check ==========

========== Custom Scans ==========

< %USERPROFILE%\..|smtmp;true;true;true /FP >

< %temp%\smtmp\*.* /s > >

< MD5 for: EXPLORER.ADML >
[2009/07/14 12:30:02 | 000,003,695 | ---- | M] () MD5=7A4C7F3CB156543113596988479CAFCE -- C:\Windows\winsxs\amd64_microsoft-windows-s..ouppolicy.resources_31bf3856ad364e35_6.1.7600.16385_en-us_7ef5713984067904\Explorer.adml

< MD5 for: EXPLORER.ADMX >
[2009/06/11 06:53:55 | 000,003,836 | ---- | M] () MD5=AD131A834808E6AFF4A3918DE05BFCF6 -- C:\Windows\winsxs\amd64_microsoft-windows-shell-grouppolicy_31bf3856ad364e35_6.1.7600.16385_none_71af9b5b0a86e6b7\Explorer.admx

< MD5 for: EXPLORER.EXE >
[2011/02/26 16:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe
[2011/02/26 15:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2009/07/14 11:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2011/02/26 15:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe
[2009/10/31 15:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
[2011/02/26 15:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe
[2011/02/25 16:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\ERDNT\cache86\explorer.exe
[2011/02/25 16:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
[2011/02/25 16:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011/02/26 16:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010/11/20 22:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2009/08/03 16:19:07 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[2011/02/25 15:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
[2011/02/25 15:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2009/10/31 16:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[2009/08/03 15:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
[2010/11/20 23:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
[2009/10/31 16:38:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[2009/08/03 15:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
[2009/07/14 11:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2009/10/31 16:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
[2011/02/26 16:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe
[2009/08/03 16:17:37 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe

< MD5 for: EXPLORER.EXE.MUI >
[2009/07/14 12:26:48 | 000,022,016 | ---- | M] (Microsoft Corporation) MD5=4B87EEFDC8E253F846A7DFB49A8E6C70 -- C:\Windows\en-US\explorer.exe.mui
[2009/07/14 12:26:48 | 000,022,016 | ---- | M] (Microsoft Corporation) MD5=4B87EEFDC8E253F846A7DFB49A8E6C70 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer.resources_31bf3856ad364e35_6.1.7600.16385_en-us_61e778c48d52d19b\explorer.exe.mui
[2009/07/14 12:06:56 | 000,022,016 | ---- | M] (Microsoft Corporation) MD5=B9F4B1CA23D60775736059D72BA48526 -- C:\Windows\SysWOW64\en-US\explorer.exe.mui
[2009/07/14 12:06:56 | 000,022,016 | ---- | M] (Microsoft Corporation) MD5=B9F4B1CA23D60775736059D72BA48526 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer.resources_31bf3856ad364e35_6.1.7600.16385_en-us_6c3c2316c1b39396\explorer.exe.mui

< MD5 for: EXPLORER.EXE-A80E4F97.PF >
[2013/09/20 20:51:01 | 000,032,656 | ---- | M] () MD5=6E7DB3402AA84C53400E2CF303CA95D7 -- C:\Windows\Prefetch\EXPLORER.EXE-A80E4F97.pf

< MD5 for: IEXPLORE.EXE >
[2013/01/09 11:53:45 | 000,763,424 | ---- | M] (Microsoft Corporation) MD5=0100BCF23941C83462E4A70F94C3392E -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.16464_none_0d2c5bc980874648\iexplore.exe
[2011/11/05 15:28:03 | 000,696,600 | ---- | M] (Microsoft Corporation) MD5=0377589BF14A6E5667B730D6D6DB59B4 -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.16912_none_0fae4f323e42a646\iexplore.exe
[2013/05/17 12:32:12 | 000,770,648 | ---- | M] (Microsoft Corporation) MD5=07DFD28E57879554D054464EE4A5662D -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.2.9200.16614_none_20d88bb252a3770f\iexplore.exe
[2012/02/28 15:42:27 | 000,673,048 | ---- | M] (Microsoft Corporation) MD5=09F6A10AB424E2DE445153065FA076BF -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.16968_none_19d2eba472c68c00\iexplore.exe
[2012/11/14 12:56:04 | 000,757,296 | ---- | M] (Microsoft Corporation) MD5=0D286C0FE561D1A7EB30E83A0FF305B2 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.16457_none_178ed6e5b4dd3857\iexplore.exe
[2013/07/26 16:23:39 | 000,775,256 | ---- | M] (Microsoft Corporation) MD5=133CEF30905806A35606652D409EEEBA -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.2.9200.16660_none_16893df21e3dcd43\iexplore.exe
[2010/09/08 14:36:39 | 000,673,040 | ---- | M] (Microsoft Corporation) MD5=14803EA3E5DD7CB37CB446C74CFDA38F -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.20795_none_1a39121b8bff3c23\iexplore.exe
[2012/06/27 17:05:59 | 000,696,408 | ---- | M] (Microsoft Corporation) MD5=156169FAD6DEACEEF4BAFFEE8A662C4F -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.17051_none_0f81e75a3e642ff5\iexplore.exe
[2013/08/10 16:31:28 | 000,775,256 | ---- | M] (Microsoft Corporation) MD5=1F3B062444AD6F667B5336E78D5A02B7 -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.2.9200.20794_none_ffb36d2837eafb72\iexplore.exe
[2012/09/27 17:35:10 | 000,748,680 | ---- | M] (Microsoft Corporation) MD5=22CC6CDBA678790046693654C3B212E4 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.16450_none_1787d4dfb4e386f6\iexplore.exe
[2013/02/22 17:04:50 | 000,763,520 | ---- | M] (Microsoft Corporation) MD5=25B53709A37C3FD814B68EA0A92D18F9 -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.16476_none_0d238c71808d94e7\iexplore.exe
[2012/04/20 15:08:37 | 000,672,856 | ---- | M] (Microsoft Corporation) MD5=27019747D97AB5CEFB97677DBB5CF577 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.17006_none_1a11a2ba7297e4ee\iexplore.exe
[2012/10/08 18:37:24 | 000,748,704 | ---- | M] (Microsoft Corporation) MD5=270A1342BD5AF95CA25A586B4C2F1522 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.16455_none_178cd651b4df05a9\iexplore.exe
[2011/04/23 06:15:52 | 000,696,592 | ---- | M] (Microsoft Corporation) MD5=281C23EC5BCB1853A5D571F1A6E52FB1 -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.20949_none_101e7c5957724e1d\iexplore.exe
[2013/06/12 14:41:27 | 000,770,648 | ---- | M] (Microsoft Corporation) MD5=2A5F565327BFD679EC5F790DC15BBF25 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.2.9200.20742_none_0a0343986c500b78\iexplore.exe
[2009/07/14 11:17:29 | 000,673,048 | ---- | M] (Microsoft Corporation) MD5=2C32E3E596CFE660353753EABEFB0540 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.16385_none_19ba3f8a72d988f3\iexplore.exe
[2012/09/27 17:35:08 | 000,754,824 | ---- | M] (Microsoft Corporation) MD5=2D53C5F71653EF94E7829846405D4ED2 -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.16450_none_0d332a8d8082c4fb\iexplore.exe
[2013/06/12 10:23:57 | 000,770,648 | ---- | M] (Microsoft Corporation) MD5=30E7CA4620500FE012EB464F0E1DE91E -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.2.9200.16635_none_20da757e52a1c35e\iexplore.exe
[2013/02/22 14:10:00 | 000,757,376 | ---- | M] (Microsoft Corporation) MD5=32732CEDE2A1106B736EF3D84054EE04 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.16476_none_177836c3b4ee56e2\iexplore.exe
[2013/08/10 16:10:22 | 000,775,256 | ---- | M] (Microsoft Corporation) MD5=351657C79B62B91E16A95AD23EA3710D -- C:\Program Files\Internet Explorer\iexplore.exe
[2013/08/10 16:10:22 | 000,775,256 | ---- | M] (Microsoft Corporation) MD5=351657C79B62B91E16A95AD23EA3710D -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.2.9200.16686_none_168ab5d61e3c99b7\iexplore.exe
[2013/08/10 14:18:11 | 000,770,648 | ---- | M] (Microsoft Corporation) MD5=37287D98A1BF5D56AA729CEB9B27C6B1 -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
[2013/08/10 14:18:11 | 000,770,648 | ---- | M] (Microsoft Corporation) MD5=37287D98A1BF5D56AA729CEB9B27C6B1 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.2.9200.16686_none_20df6028529d5bb2\iexplore.exe
[2011/12/16 18:03:08 | 000,673,048 | ---- | M] (Microsoft Corporation) MD5=38668C6CADABC9487C683FADD3D165D0 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.16930_none_19eb591872b56d75\iexplore.exe
[2013/05/17 11:57:28 | 000,770,648 | ---- | M] (Microsoft Corporation) MD5=3902E280F6117A468D5573343A7AA1F6 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.2.9200.20719_none_09ffa3426c5372da\iexplore.exe
[2013/04/05 08:47:49 | 000,757,360 | ---- | M] (Microsoft Corporation) MD5=3F00BE80B9CEA20B7FE7363D15EDDB94 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.16483_none_176a65f9b4f926ce\iexplore.exe
[2013/02/22 14:10:31 | 000,757,360 | ---- | M] (Microsoft Corporation) MD5=4145E2B5663F6FACC08EFDB17B658BB2 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.20586_none_17f703a2ce14129d\iexplore.exe
[2011/08/20 14:35:15 | 000,673,024 | ---- | M] (Microsoft Corporation) MD5=41FE5E37EFE0B587A688BA0E4FA41288 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.16869_none_19d3ea0872c5a830\iexplore.exe
[2011/11/05 15:34:31 | 000,696,600 | ---- | M] (Microsoft Corporation) MD5=441C397A9ECF07747920F7F5E40B419B -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.21085_none_0fef13a357968bc7\iexplore.exe
[2012/04/20 14:53:37 | 000,672,856 | ---- | M] (Microsoft Corporation) MD5=4866404D6657D6E50619CCAF56B17D27 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.21198_none_1a3bf0cd8bfcb2df\iexplore.exe
[2010/09/08 15:37:57 | 000,696,592 | ---- | M] (Microsoft Corporation) MD5=4879CB864E290BED38C5BDB641144B1B -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.20795_none_0fe467c9579e7a28\iexplore.exe
[2013/08/10 15:13:42 | 000,770,648 | ---- | M] (Microsoft Corporation) MD5=48A1306191216997F717C451B8D15139 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.2.9200.20794_none_0a08177a6c4bbd6d\iexplore.exe
[2012/10/08 22:29:46 | 000,754,848 | ---- | M] (Microsoft Corporation) MD5=49442BA6DCE4B4E3C1CB0AB193FE29AD -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.16455_none_0d382bff807e43ae\iexplore.exe
[2010/09/08 15:49:01 | 000,696,592 | ---- | M] (Microsoft Corporation) MD5=498035ABCCF1ED47AE6791D239187587 -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.16671_none_0f6c69ae3e743d20\iexplore.exe
[2012/08/25 03:15:32 | 000,672,872 | ---- | M] (Microsoft Corporation) MD5=4ADB84297505A1627DEEA18529BF4B16 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.17115_none_1a05d46a72a0e4af\iexplore.exe
[2012/06/27 17:06:52 | 000,696,408 | ---- | M] (Microsoft Corporation) MD5=5421E66F9F91F221B9B88AAE11B0CFE7 -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.21245_none_101a571f57761651\iexplore.exe
[2012/06/27 16:05:29 | 000,672,856 | ---- | M] (Microsoft Corporation) MD5=555D62228092C7F87B9930F85F833297 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.17051_none_19d691ac72c4f1f0\iexplore.exe
[2010/11/04 15:54:54 | 000,673,040 | ---- | M] (Microsoft Corporation) MD5=58CF468D3FF4CF830339FE5E45356355 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.16700_none_1a0bc510729d1f54\iexplore.exe
[2010/09/08 14:31:24 | 000,673,040 | ---- | M] (Microsoft Corporation) MD5=61EDBCE47ADF3E52AB0B9F49EE4AEBB8 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.16671_none_19c1140072d4ff1b\iexplore.exe
[2011/04/23 05:29:16 | 000,673,040 | ---- | M] (Microsoft Corporation) MD5=64EFAF916C4009F1B84153D0BB491FB0 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.16800_none_1a0bc6f6729d1c7b\iexplore.exe
[2012/02/28 16:38:39 | 000,696,600 | ---- | M] (Microsoft Corporation) MD5=69073D126F71A4F0FFF1DEE5082A0052 -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.16968_none_0f7e41523e65ca05\iexplore.exe
[2013/01/09 08:42:06 | 000,757,280 | ---- | M] (Microsoft Corporation) MD5=698EB1E5F8C66344D97C00B5699E871D -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.16464_none_1781061bb4e80843\iexplore.exe
[2010/11/04 15:54:59 | 000,673,040 | ---- | M] (Microsoft Corporation) MD5=6B2258FF6D2332073FE9E90122FA4168 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.20831_none_1a75f2618bd22c48\iexplore.exe
[2011/06/21 16:14:22 | 000,696,592 | ---- | M] (Microsoft Corporation) MD5=6B2383EDA3956983E3219A62D8408DAB -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.20992_none_0fe16ab757a12871\iexplore.exe
[2011/06/21 15:25:30 | 000,673,040 | ---- | M] (Microsoft Corporation) MD5=6BB506124872ACDFAC5BD912CA1334CE -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.20992_none_1a3615098c01ea6c\iexplore.exe
[2010/12/18 16:17:48 | 000,696,592 | ---- | M] (Microsoft Corporation) MD5=700B40EA39DFB25517A81032F03D6D20 -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.16722_none_0fa37b7a3e4ac7e9\iexplore.exe
[2013/07/26 13:49:06 | 000,770,648 | ---- | M] (Microsoft Corporation) MD5=7BA1862B8A5698DC5FCFDFF3BC359DE9 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.2.9200.16660_none_20dde844529e8f3e\iexplore.exe
[2013/02/02 18:09:12 | 000,763,424 | ---- | M] (Microsoft Corporation) MD5=7C2923004FFC497E54F38E835F108EE8 -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.20580_none_0d9c579499b8b898\iexplore.exe
[2012/08/25 04:10:19 | 000,696,424 | ---- | M] (Microsoft Corporation) MD5=85275D3D81C23C8A8D3C915888D11C66 -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.17115_none_0fb12a183e4022b4\iexplore.exe
[2010/11/20 23:28:25 | 000,695,056 | ---- | M] (Microsoft Corporation) MD5=86257731DDB311FBC283534CC0091634 -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7601.17514_none_1196a9003b674a92\iexplore.exe
[2012/02/28 15:44:39 | 000,673,048 | ---- | M] (Microsoft Corporation) MD5=8AFD61FB2D96C8229B7D8604F62FA692 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.21158_none_1a67307d8bdc431b\iexplore.exe
[2010/12/18 16:11:10 | 000,696,592 | ---- | M] (Microsoft Corporation) MD5=8C6C32E4AF8A3D7155656F5897C504E0 -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.20861_none_1000d84b5789be20\iexplore.exe
[2013/07/26 15:47:06 | 000,775,256 | ---- | M] (Microsoft Corporation) MD5=8D805B4EEEE0ECF6B604BE284978F135 -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.2.9200.20768_none_ffb0112a37ee15f1\iexplore.exe
[2011/11/05 14:38:00 | 000,673,048 | ---- | M] (Microsoft Corporation) MD5=8ED7C19AEFA3673AADB0D6864B03FBCE -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.16912_none_1a02f98472a36841\iexplore.exe
[2013/05/17 13:02:08 | 000,775,256 | ---- | M] (Microsoft Corporation) MD5=8F00471CA24ADF8D2AFAACF856EB70A4 -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.2.9200.20719_none_ffaaf8f037f2b0df\iexplore.exe
[2010/12/18 15:32:25 | 000,673,040 | ---- | M] (Microsoft Corporation) MD5=9321CF0D023528C71E3645F8433C86C8 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.20861_none_1a55829d8bea801b\iexplore.exe
[2013/06/12 12:28:00 | 000,775,256 | ---- | M] (Microsoft Corporation) MD5=98C6F2A9A981A54222602B87C6310BDE -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.2.9200.16635_none_1685cb2c1e410163\iexplore.exe
[2012/06/27 16:11:42 | 000,672,832 | ---- | M] (Microsoft Corporation) MD5=9B80D4B1CAD7C4160D9B2D65D468E336 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.21245_none_1a6f01718bd6d84c\iexplore.exe
[2013/04/05 11:55:57 | 000,763,504 | ---- | M] (Microsoft Corporation) MD5=A1B0DEC3BB845C6369F97BC1A3542A07 -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.16483_none_0d15bba7809864d3\iexplore.exe
[2013/02/02 14:19:03 | 000,757,280 | ---- | M] (Microsoft Corporation) MD5=A285E1965C115031DA02B777EE9D7689 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.20580_none_17f101e6ce197a93\iexplore.exe
[2011/06/21 15:37:00 | 000,673,040 | ---- | M] (Microsoft Corporation) MD5=A3AB0A260049BE22AB52E302D9220A92 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.16839_none_19f459cc72ad545d\iexplore.exe
[2011/12/16 18:45:57 | 000,696,600 | ---- | M] (Microsoft Corporation) MD5=A3F56CED7B94A30BE8954387F0E2B5D2 -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.16930_none_0f96aec63e54ab7a\iexplore.exe
[2011/11/05 14:39:45 | 000,673,048 | ---- | M] (Microsoft Corporation) MD5=A8A14CD0CB499B80412F75D53996AE29 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.21085_none_1a43bdf58bf74dc2\iexplore.exe
[2013/02/02 17:37:58 | 000,763,424 | ---- | M] (Microsoft Corporation) MD5=A8EBEBCD9F5C49475194099FCD276992 -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.16470_none_0d1d8ab58092fcdd\iexplore.exe
[2010/12/18 15:33:54 | 000,673,040 | ---- | M] (Microsoft Corporation) MD5=AA08B68EF4E35EFA170CF85A44B23B70 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.16722_none_19f825cc72ab89e4\iexplore.exe
[2013/06/05 01:38:26 | 000,770,608 | ---- | M] (Microsoft Corporation) MD5=AAD90795E84E710543C6C7C2F7048E30 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.2.9200.16576_none_20e92fca5296266a\iexplore.exe
[2011/02/24 15:45:11 | 000,673,040 | ---- | M] (Microsoft Corporation) MD5=AB2BB40A5FE49AD236791AC22BD08869 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.20908_none_1a9d66118bb386fd\iexplore.exe
[2011/08/20 15:46:07 | 000,696,576 | ---- | M] (Microsoft Corporation) MD5=AC1CC7CD5CBE60EFF105BB3C0DC199C5 -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.16869_none_0f7f3fb63e64e635\iexplore.exe
[2012/11/16 13:08:58 | 000,763,424 | ---- | M] (Microsoft Corporation) MD5=AC4957E154F750DF54F36ADC8E3E040D -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.20565_none_0db6f8de99a3ff69\iexplore.exe
[2013/02/22 17:17:45 | 000,763,520 | ---- | M] (Microsoft Corporation) MD5=B21A57AA4CB928059A0C0C58A9E77A02 -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.20586_none_0da2595099b350a2\iexplore.exe
[2011/06/21 16:21:24 | 000,696,592 | ---- | M] (Microsoft Corporation) MD5=B38DE184AC135A4B0AE7D286476FA33F -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.16839_none_0f9faf7a3e4c9262\iexplore.exe
[2011/02/24 16:29:19 | 000,696,592 | ---- | M] (Microsoft Corporation) MD5=B4881B8F6EDB48CABD44BCC9FB5475C4 -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.20908_none_1048bbbf5752c502\iexplore.exe
[2013/04/04 14:50:32 | 000,218,184 | ---- | M] () MD5=B4C6E3889BB310CA7E974A04EC6E46AC -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\iexplore.exe
[2013/04/05 07:55:02 | 000,757,360 | ---- | M] (Microsoft Corporation) MD5=C036AB1ED8BAC04FE4A349BA263077BB -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.20593_none_17e932d8ce1ee289\iexplore.exe
[2011/12/16 18:42:35 | 000,696,600 | ---- | M] (Microsoft Corporation) MD5=C152529FD67ABB61F0609EF5A299794C -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.21108_none_104895c75752f56b\iexplore.exe
[2013/04/05 10:40:37 | 000,763,504 | ---- | M] (Microsoft Corporation) MD5=C4A4F4AD91677DA1659A9ADE63746B8B -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.20593_none_0d94888699be208e\iexplore.exe
[2011/12/16 19:19:51 | 000,673,048 | ---- | M] (Microsoft Corporation) MD5=C53E41F92B19EC97D987F968403BEC49 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.21108_none_1a9d40198bb3b766\iexplore.exe
[2010/11/20 22:22:51 | 000,673,040 | ---- | M] (Microsoft Corporation) MD5=C613E69C3B191BB02C7A191741A1D024 -- C:\Windows\ERDNT\cache86\iexplore.exe
[2010/11/20 22:22:51 | 000,673,040 | ---- | M] (Microsoft Corporation) MD5=C613E69C3B191BB02C7A191741A1D024 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7601.17514_none_1beb53526fc80c8d\iexplore.exe
[2011/02/24 15:32:52 | 000,673,040 | ---- | M] (Microsoft Corporation) MD5=C6697A46554E36541E81182B258A19D6 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.16766_none_19d0e74472c85f04\iexplore.exe
[2011/08/20 15:42:38 | 000,696,576 | ---- | M] (Microsoft Corporation) MD5=C66C8BF791F9DB974022506265518EE0 -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.21033_none_102322ab576fcd64\iexplore.exe
[2012/08/25 03:10:38 | 000,672,872 | ---- | M] (Microsoft Corporation) MD5=C6E8F6DB0FD7B28924D1CBC8AE03ECEE -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.21313_none_1a8d72878bc04ef2\iexplore.exe
[2013/06/12 17:51:43 | 000,775,256 | ---- | M] (Microsoft Corporation) MD5=CA88A25280B1D85ED0BC26B042ABBCCF -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.2.9200.20742_none_ffae994637ef497d\iexplore.exe
[2013/06/05 01:38:24 | 000,775,232 | ---- | M] (Microsoft Corporation) MD5=CEA304830B4770BDA3572B87D0841848 -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.2.9200.16576_none_169485781e35646f\iexplore.exe
[2012/10/08 18:22:05 | 000,748,704 | ---- | M] (Microsoft Corporation) MD5=CECB15F834FC2B4B150449717ADE18DD -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.20562_none_1808a252ce07755f\iexplore.exe
[2011/04/23 06:16:25 | 000,696,592 | ---- | M] (Microsoft Corporation) MD5=D6F57A9ECB4606076FB9519D1698FCBA -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.16800_none_0fb71ca43e3c5a80\iexplore.exe
[2012/04/20 16:26:39 | 000,696,408 | ---- | M] (Microsoft Corporation) MD5=D889681C78E7BFE45587398AC42FC2D4 -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.17006_none_0fbcf8683e3722f3\iexplore.exe
[2010/11/04 16:37:41 | 000,696,592 | ---- | M] (Microsoft Corporation) MD5=D8E00EA671A1EFE95C69C7566C505AD4 -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.16700_none_0fb71abe3e3c5d59\iexplore.exe
[2013/02/02 14:19:04 | 000,757,296 | ---- | M] (Microsoft Corporation) MD5=DDE5A0DFAF7C6370FB36402D7A746ED3 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.16470_none_17723507b4f3bed8\iexplore.exe
[2011/02/24 16:32:09 | 000,696,592 | ---- | M] (Microsoft Corporation) MD5=E1BBDE0F187194D4B08335234A4B9FC7 -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.16766_none_0f7c3cf23e679d09\iexplore.exe
[2010/11/04 16:42:22 | 000,696,592 | ---- | M] (Microsoft Corporation) MD5=E220FB009F54AAF649C6A278A5156764 -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.20831_none_1021480f57716a4d\iexplore.exe
[2012/08/25 04:24:56 | 000,696,424 | ---- | M] (Microsoft Corporation) MD5=E3C361C85ADECFF3A485E4FE17859E0F -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.21313_none_1038c835575f8cf7\iexplore.exe
[2013/07/26 15:09:39 | 000,770,648 | ---- | M] (Microsoft Corporation) MD5=E70D60B3A350BD09D86CDAD9CF55F36B -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.2.9200.20768_none_0a04bb7c6c4ed7ec\iexplore.exe
[2013/05/17 13:30:45 | 000,775,256 | ---- | M] (Microsoft Corporation) MD5=EDC77CF787FA015205936C9A3228486E -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.2.9200.16614_none_1683e1601e42b514\iexplore.exe
[2013/01/09 10:51:57 | 000,763,424 | ---- | M] (Microsoft Corporation) MD5=EF1F6F41FB2C9BBB484B21017F380201 -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.20573_none_0daa285e99ade8ac\iexplore.exe
[2012/02/28 16:56:21 | 000,696,600 | ---- | M] (Microsoft Corporation) MD5=EFCA1150F17BCE44357F03BB61A29966 -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.21158_none_1012862b577b8120\iexplore.exe
[2013/01/09 07:32:42 | 000,757,280 | ---- | M] (Microsoft Corporation) MD5=F05982E56ABD835AA8DF260EEC873E5B -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.20573_none_17fed2b0ce0eaaa7\iexplore.exe
[2012/04/20 16:13:05 | 000,696,408 | ---- | M] (Microsoft Corporation) MD5=F293ACB373FD8F090E08F183C06E07ED -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.21198_none_0fe7467b579bf0e4\iexplore.exe
[2009/07/14 11:43:43 | 000,696,600 | ---- | M] (Microsoft Corporation) MD5=F2B0D41E1D08D0B2006DF5AA2E74C81E -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.16385_none_0f6595383e78c6f8\iexplore.exe
[2012/10/08 21:09:10 | 000,754,824 | ---- | M] (Microsoft Corporation) MD5=F61714ABCF9BF0CEF0A6249AD4FD490B -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.20562_none_0db3f80099a6b364\iexplore.exe
[2012/11/14 12:19:28 | 000,757,280 | ---- | M] (Microsoft Corporation) MD5=F691418EE9A6344AEB5C1B0518FBF8AE -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.20565_none_180ba330ce04c164\iexplore.exe
[2011/04/23 05:11:29 | 000,673,040 | ---- | M] (Microsoft Corporation) MD5=F94877A94996B3C12BB31AD722840457 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.20949_none_1a7326ab8bd31018\iexplore.exe
[2011/08/20 14:32:44 | 000,673,024 | ---- | M] (Microsoft Corporation) MD5=FA623BE79902A7B49FF4F21117B63C83 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.21033_none_1a77ccfd8bd08f5f\iexplore.exe
[2012/11/14 17:11:18 | 000,763,424 | ---- | M] (Microsoft Corporation) MD5=FD0D2E1FAEBAE5031BE2EB8000D973F1 -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.16457_none_0d3a2c93807c765c\iexplore.exe

< MD5 for: IEXPLORE.EXE.MUI >
[2012/09/27 17:35:08 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=17FAE936C452188D05852DE8D1082013 -- C:\Windows\winsxs\amd64_microsoft-windows-i..-optional.resources_31bf3856ad364e35_9.4.8112.16421_en-us_07013012b816cb66\iexplore.exe.mui
[2012/09/27 17:35:10 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=4C71CCB3C8817185E67210856778831F -- C:\Windows\winsxs\wow64_microsoft-windows-i..-optional.resources_31bf3856ad364e35_9.4.8112.16421_en-us_1155da64ec778d61\iexplore.exe.mui
[2013/06/05 01:38:26 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=8EDDC50FD07326E7DF9C4EEA422F0918 -- C:\Program Files (x86)\Internet Explorer\en-US\iexplore.exe.mui
[2013/06/05 01:38:24 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=8EDDC50FD07326E7DF9C4EEA422F0918 -- C:\Program Files\Internet Explorer\en-US\iexplore.exe.mui
[2013/06/05 01:38:24 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=8EDDC50FD07326E7DF9C4EEA422F0918 -- C:\Windows\winsxs\amd64_microsoft-windows-i..-optional.resources_31bf3856ad364e35_10.2.9200.16521_en-us_103c8b6555e6a67e\iexplore.exe.mui
[2013/06/05 01:38:26 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=8EDDC50FD07326E7DF9C4EEA422F0918 -- C:\Windows\winsxs\wow64_microsoft-windows-i..-optional.resources_31bf3856ad364e35_10.2.9200.16521_en-us_1a9135b78a476879\iexplore.exe.mui
[2009/07/14 12:29:20 | 000,005,120 | ---- | M] (Microsoft Corporation) MD5=C29BCFB504E33FEADDFA2D0183CEF62F -- C:\Windows\winsxs\amd64_microsoft-windows-i..-optional.resources_31bf3856ad364e35_8.0.7600.16385_en-us_09122aaf762607df\iexplore.exe.mui
[2009/07/14 12:29:20 | 000,005,120 | ---- | M] (Microsoft Corporation) MD5=C29BCFB504E33FEADDFA2D0183CEF62F -- C:\Windows\winsxs\amd64_microsoft-windows-i..-optional.resources_31bf3856ad364e35_8.0.7601.17514_en-us_0b433e7773148b79\iexplore.exe.mui
[2009/07/14 12:05:06 | 000,005,120 | ---- | M] (Microsoft Corporation) MD5=FBA4CD95930248053A2C3F43CA70B986 -- C:\Windows\winsxs\wow64_microsoft-windows-i..-optional.resources_31bf3856ad364e35_8.0.7600.16385_en-us_1366d501aa86c9da\iexplore.exe.mui
[2009/07/14 12:05:06 | 000,005,120 | ---- | M] (Microsoft Corporation) MD5=FBA4CD95930248053A2C3F43CA70B986 -- C:\Windows\winsxs\wow64_microsoft-windows-i..-optional.resources_31bf3856ad364e35_8.0.7601.17514_en-us_1597e8c9a7754d74\iexplore.exe.mui

< MD5 for: SERVICES >
[2009/06/11 07:00:26 | 000,017,463 | ---- | M] () MD5=D9E1A01B480D961B7CF0509D597A92D6 -- C:\Windows\winsxs\amd64_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.1.7600.16385_none_6079f415110c0210\services

< MD5 for: SERVICES.CNF >
[2010/08/23 19:33:32 | 000,000,003 | ---- | M] () MD5=864E46AD77EBE7A312EB11241A5114B6 -- C:\Users\KIEU\Documents\My Webs\_vti_pvt\services.cnf

< MD5 for: SERVICES.EXE >
[2009/07/14 11:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\ERDNT\cache64\services.exe
[2009/07/14 11:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\SysNative\services.exe
[2009/07/14 11:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe

< MD5 for: SERVICES.EXE.MUI >
[2009/07/14 12:25:40 | 000,017,408 | ---- | M] (Microsoft Corporation) MD5=6507BF0DC2D1F5F32493C288EAA59277 -- C:\Windows\SysNative\en-US\services.exe.mui
[2009/07/14 12:25:40 | 000,017,408 | ---- | M] (Microsoft Corporation) MD5=6507BF0DC2D1F5F32493C288EAA59277 -- C:\Windows\winsxs\amd64_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.1.7600.16385_en-us_c5f238be3fa63468\services.exe.mui

< MD5 for: SERVICES.LNK >
[2009/07/14 14:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 14:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk

< MD5 for: SERVICES.MOF >
[2009/06/11 06:44:06 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\SysNative\wbem\services.mof
[2009/06/11 06:44:06 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.mof

< MD5 for: SERVICES.MSC >
[2009/07/14 12:23:30 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysNative\en-US\services.msc
[2009/06/11 06:38:36 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysNative\services.msc
[2009/07/14 12:08:50 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysWOW64\en-US\services.msc
[2009/06/11 07:21:09 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysWOW64\services.msc
[2009/07/14 12:23:30 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\amd64_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_en-us_003408aa160fce5b\services.msc
[2009/06/11 06:38:36 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\amd64_microsoft-windows-servicessnapin_31bf3856ad364e35_6.1.7600.16385_none_2b58d44b5f6beb8a\services.msc
[2009/07/14 12:08:50 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_en-us_a4156d265db25d25\services.msc
[2009/06/11 07:21:09 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-servicessnapin_31bf3856ad364e35_6.1.7600.16385_none_cf3a38c7a70e7a54\services.msc

< MD5 for: SERVICES.PTXML >
[2009/07/14 06:16:17 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\Windows\SysNative\wdi\perftrack\Services.ptxml
[2009/07/14 06:16:17 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\Services.ptxml

< MD5 for: SERVICES.SBS >
[2010/04/20 01:25:26 | 000,033,457 | ---- | M] () MD5=3171D886B2782CE1B51E0210BCD4E50C -- C:\Program Files (x86)\Spybot - Search & Destroy\Includes\Services.sbs

< MD5 for: WINLOGON.ADML >
[2009/07/14 12:25:22 | 000,008,013 | ---- | M] () MD5=CED0EAD8D152B3D0F114698DE2316C5E -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon-adm.resources_31bf3856ad364e35_6.1.7600.16385_en-us_f0f9032ef6930070\WinLogon.adml

< MD5 for: WINLOGON.ADMX >
[2009/06/11 07:04:41 | 000,005,237 | ---- | M] () MD5=89D8F50E186A16C2CED3CF36DBBC0B2C -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon-adm_31bf3856ad364e35_6.1.7600.16385_none_d7024e6992f3424d\WinLogon.admx

< MD5 for: WINLOGON.EXE >
[2010/11/20 23:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\ERDNT\cache64\winlogon.exe
[2010/11/20 23:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010/11/20 23:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009/07/14 11:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2009/10/28 17:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2013/04/04 14:50:32 | 000,218,184 | ---- | M] () MD5=B4C6E3889BB310CA7E974A04EC6E46AC -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2009/10/28 16:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe

< MD5 for: WINLOGON.EXE.MUI >
[2010/11/20 23:00:25 | 000,023,040 | ---- | M] (Microsoft Corporation) MD5=34C7D2E30868EDAFB191341D963ABA5F -- C:\Windows\SysNative\en-US\winlogon.exe.mui
[2010/11/20 23:00:25 | 000,023,040 | ---- | M] (Microsoft Corporation) MD5=34C7D2E30868EDAFB191341D963ABA5F -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon.resources_31bf3856ad364e35_6.1.7601.17514_en-us_291e96fa1ab5fc7b\winlogon.exe.mui
[2009/07/14 12:29:52 | 000,022,528 | ---- | M] (Microsoft Corporation) MD5=56D03B64B8C483C1D12A8E4577B3B332 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon.resources_31bf3856ad364e35_6.1.7600.16385_en-us_26ed83321dc778e1\winlogon.exe.mui

< MD5 for: WINLOGON.MFL >
[2009/07/14 12:27:22 | 000,001,080 | ---- | M] () MD5=2783ED50691284F7EAE6BE9729337E1A -- C:\Windows\SysNative\wbem\en-US\winlogon.mfl
[2009/07/14 12:27:22 | 000,001,080 | ---- | M] () MD5=2783ED50691284F7EAE6BE9729337E1A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon-mof.resources_31bf3856ad364e35_6.1.7600.16385_en-us_84afd4fd38ffd276\winlogon.mfl

< MD5 for: WINLOGON.MOF >
[2009/07/14 06:30:01 | 000,003,192 | ---- | M] () MD5=DF722B96F32A61783BC310FACF10240B -- C:\Windows\SysNative\wbem\winlogon.mof
[2009/07/14 06:30:01 | 000,003,192 | ---- | M] () MD5=DF722B96F32A61783BC310FACF10240B -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon-mof_31bf3856ad364e35_6.1.7600.16385_none_dc2dbb778f98e40f\winlogon.mof

< %SYSTEMDRIVE%\*.* >
[2013/08/28 00:15:39 | 000,000,000 | ---- | M] () -- C:\END
[2013/09/20 21:10:28 | 1066,803,198 | -HS- | M] () -- C:\hiberfil.sys
[2013/09/20 21:10:31 | 4285,718,526 | -HS- | M] () -- C:\pagefile.sys

< %systemroot%\Fonts\*.com >
[2009/07/14 15:32:31 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2009/07/14 15:32:31 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2009/07/14 15:32:31 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2009/07/14 15:32:31 | 000,043,318 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2009/06/11 06:49:50 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >
[2009/07/14 14:54:24 | 000,000,174 | -HS- | M] () -- C:\Program Files (x86)\desktop.ini

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< dir "%systemdrive%\*" /S /A:L /C >
Volume in drive C is Windows
Volume Serial Number is 5C1F-CD37
Directory of C:\
14/07/2009 03:08 PM <JUNCTION> Documents and Settings [C:\Users]
0 File(s) 0 bytes
Directory of C:\ProgramData
14/07/2009 03:08 PM <JUNCTION> Application Data [C:\ProgramData]
14/07/2009 03:08 PM <JUNCTION> Desktop [C:\Users\Public\Desktop]
14/07/2009 03:08 PM <JUNCTION> Documents [C:\Users\Public\Documents]
14/07/2009 03:08 PM <JUNCTION> Favorites [C:\Users\Public\Favorites]
14/07/2009 03:08 PM <JUNCTION> Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
14/07/2009 03:08 PM <JUNCTION> Templates [C:\ProgramData\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users
14/07/2009 03:08 PM <SYMLINKD> All Users [C:\ProgramData]
14/07/2009 03:08 PM <JUNCTION> Default User [C:\Users\Default]
0 File(s) 0 bytes
Directory of C:\Users\All Users
14/07/2009 03:08 PM <JUNCTION> Application Data [C:\ProgramData]
14/07/2009 03:08 PM <JUNCTION> Desktop [C:\Users\Public\Desktop]
14/07/2009 03:08 PM <JUNCTION> Documents [C:\Users\Public\Documents]
14/07/2009 03:08 PM <JUNCTION> Favorites [C:\Users\Public\Favorites]
14/07/2009 03:08 PM <JUNCTION> Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
14/07/2009 03:08 PM <JUNCTION> Templates [C:\ProgramData\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\Default
14/07/2009 03:08 PM <JUNCTION> Application Data [C:\Users\Default\AppData\Roaming]
14/07/2009 03:08 PM <JUNCTION> Local Settings [C:\Users\Default\AppData\Local]
14/07/2009 03:08 PM <JUNCTION> My Documents [C:\Users\Default\Documents]
14/07/2009 03:08 PM <JUNCTION> NetHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
14/07/2009 03:08 PM <JUNCTION> PrintHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
14/07/2009 03:08 PM <JUNCTION> Recent [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Recent]
14/07/2009 03:08 PM <JUNCTION> SendTo [C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo]
14/07/2009 03:08 PM <JUNCTION> Start Menu [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu]
14/07/2009 03:08 PM <JUNCTION> Templates [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\Default\AppData\Local
14/07/2009 03:08 PM <JUNCTION> Application Data [C:\Users\Default\AppData\Local]
14/07/2009 03:08 PM <JUNCTION> History [C:\Users\Default\AppData\Local\Microsoft\Windows\History]
14/07/2009 03:08 PM <JUNCTION> Temporary Internet Files [C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Users\Default\Documents
14/07/2009 03:08 PM <JUNCTION> My Music [C:\Users\Default\Music]
14/07/2009 03:08 PM <JUNCTION> My Pictures [C:\Users\Default\Pictures]
14/07/2009 03:08 PM <JUNCTION> My Videos [C:\Users\Default\Videos]
0 File(s) 0 bytes
Directory of C:\Users\KIEU
14/08/2010 08:11 PM <JUNCTION> Application Data [C:\Users\KIEU\AppData\Roaming]
14/08/2010 08:11 PM <JUNCTION> Cookies [C:\Users\KIEU\AppData\Roaming\Microsoft\Windows\Cookies]
14/08/2010 08:11 PM <JUNCTION> Local Settings [C:\Users\KIEU\AppData\Local]
14/08/2010 08:11 PM <JUNCTION> My Documents [C:\Users\KIEU\Documents]
14/08/2010 08:11 PM <JUNCTION> NetHood [C:\Users\KIEU\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
14/08/2010 08:11 PM <JUNCTION> PrintHood [C:\Users\KIEU\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
14/08/2010 08:11 PM <JUNCTION> Recent [C:\Users\KIEU\AppData\Roaming\Microsoft\Windows\Recent]
14/08/2010 08:11 PM <JUNCTION> SendTo [C:\Users\KIEU\AppData\Roaming\Microsoft\Windows\SendTo]
14/08/2010 08:11 PM <JUNCTION> Start Menu [C:\Users\KIEU\AppData\Roaming\Microsoft\Windows\Start Menu]
14/08/2010 08:11 PM <JUNCTION> Templates [C:\Users\KIEU\AppData\Roaming\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\KIEU\AppData\Local
14/08/2010 08:11 PM <JUNCTION> Application Data [C:\Users\KIEU\AppData\Local]
14/08/2010 08:11 PM <JUNCTION> History [C:\Users\KIEU\AppData\Local\Microsoft\Windows\History]
14/08/2010 08:11 PM <JUNCTION> Temporary Internet Files [C:\Users\KIEU\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Users\KIEU\Documents
14/08/2010 08:11 PM <JUNCTION> My Music [C:\Users\KIEU\Music]
14/08/2010 08:11 PM <JUNCTION> My Pictures [C:\Users\KIEU\Pictures]
14/08/2010 08:11 PM <JUNCTION> My Videos [C:\Users\KIEU\Videos]
0 File(s) 0 bytes
Directory of C:\Users\Public\Documents
14/07/2009 03:08 PM <JUNCTION> My Music [C:\Users\Public\Music]
14/07/2009 03:08 PM <JUNCTION> My Pictures [C:\Users\Public\Pictures]
14/07/2009 03:08 PM <JUNCTION> My Videos [C:\Users\Public\Videos]
0 File(s) 0 bytes
Total Files Listed:
0 File(s) 0 bytes
49 Dir(s) 208,810,741,760 bytes free

< %systemroot%\System32\config\*.sav >

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >
[2008/03/12 14:30:32 | 000,774,144 | ---- | M] () -- C:\Windows\system32\NEROINSTAEC43759.DB

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2012/09/27 17:40:05 | 000,000,221 | -HS- | M] () -- C:\Users\KIEU\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini

< %USERPROFILE%\Desktop\*.exe >
[2012/03/05 00:11:30 | 002,322,184 | ---- | M] (ESET) -- C:\Users\KIEU\Desktop\esetsmartinstaller_enu.exe
[2013/09/20 21:16:12 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\KIEU\Desktop\OTL.exe
[2012/03/04 23:50:08 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Users\KIEU\Desktop\TFC.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >

========== Alternate Data Streams ==========

@Alternate Data Stream - 105 bytes -> C:\ProgramData\TEMP:5C321E34

< End of report >

Here is the result of the Extras.Txt file:

OTL Extras logfile created on: 9/20/2013 9:18:48 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\KIEU\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16686)
Locale: 00000409 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

11.99 Gb Total Physical Memory | 10.77 Gb Available Physical Memory | 89.79% Memory free
23.98 Gb Paging File | 22.78 Gb Available in Paging File | 95.01% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 574.97 Gb Total Space | 194.50 Gb Free Space | 33.83% Space Free | Partition Type: NTFS
Drive L: | 374.28 Gb Total Space | 41.81 Gb Free Space | 11.17% Space Free | Partition Type: NTFS
Drive M: | 151.19 Gb Total Space | 17.25 Gb Free Space | 11.41% Space Free | Partition Type: NTFS
Drive N: | 195.31 Gb Total Space | 62.48 Gb Free Space | 31.99% Space Free | Partition Type: NTFS
Drive O: | 58.59 Gb Total Space | 11.19 Gb Free Space | 19.10% Space Free | Partition Type: NTFS
Drive P: | 39.06 Gb Total Space | 6.83 Gb Free Space | 17.49% Space Free | Partition Type: NTFS

Computer Name: KIEU-PC | User Name: KIEU | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{113DD4D5-8927-4896-9C6A-45BAFFF85792}" = rport=137 | protocol=17 | dir=out | app=system |
"{181AA02C-B74F-430A-A968-6887B145653F}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{18C96F84-BDC3-48E2-A57E-BEC60DF28AB2}" = lport=2869 | protocol=6 | dir=in | app=system |
"{1BA60E50-F46B-48A8-8718-3BE1529D6FC8}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{35792395-0F3B-4389-90A5-04057BA8C3AC}" = lport=139 | protocol=6 | dir=in | app=system |
"{3E2E9E33-B190-42B4-8BD6-BFA0EE3F2041}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{4A5634DD-AAD3-4FA2-BDC4-BDE825089346}" = rport=139 | protocol=6 | dir=out | app=system |
"{566D7774-6466-46F6-B6CB-757DD6C61478}" = lport=445 | protocol=6 | dir=in | app=system |
"{5ADAFC0C-2ED9-4EDB-8737-E4310985D161}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{65FD7539-AE0C-41B3-95A2-F4C347DC3A15}" = rport=445 | protocol=6 | dir=out | app=system |
"{68C8C9A2-21EE-4EBA-BC58-9A03BB6BC71A}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{6D20009F-A65E-45F9-8C1A-7BF8D7B93FD7}" = lport=137 | protocol=17 | dir=in | app=system |
"{8DF8FD1D-F0E3-49E1-8F62-FE31ED4EDBB1}" = lport=138 | protocol=17 | dir=in | app=system |
"{9426FCC9-12F0-4125-AF42-467FA8E5B2CB}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{9D4FFF3C-3010-4D7D-A76E-FAC8FC6DA736}" = rport=138 | protocol=17 | dir=out | app=system |
"{B9F6A437-014C-4C65-BC2E-0068C9E948A5}" = lport=10243 | protocol=6 | dir=in | app=system |
"{C657A285-0603-4068-812C-45D1302DBDD7}" = rport=10243 | protocol=6 | dir=out | app=system |
"{CEA5B155-F473-43FA-A35A-72717D32E73D}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{DAF611EB-4725-45A9-8CA3-6C4A08513237}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{E440CB6E-8288-4771-938F-BADA612E8094}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{FAA85EC3-3B60-4E74-A0EB-D8D795E1BAB9}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{095590A1-035A-4EAE-95F6-72BD1E2EBC24}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{0A69EF47-7B97-496C-8507-7A890A843A12}" = protocol=6 | dir=in | app=c:\program files (x86)\vuze\azureus.exe |
"{0B0C6767-E923-4B50-BFDD-958BB9AA8F96}" = protocol=6 | dir=out | app=system |
"{1A8F33E1-D38B-4C85-9BCC-DAE76CFCE9E2}" = protocol=17 | dir=in | app=c:\program files (x86)\vuze\azureus.exe |
"{3064D66E-04FB-4EE7-8DBB-25BF458A5154}" = protocol=6 | dir=in | app=c:\program files (x86)\giraffic\veoh_girafficwatchdog.exe |
"{421171B6-0CF2-4748-BA14-E22E81F6C471}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{472A896E-B47D-4874-9857-7C4D5D2DF83C}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{4D3371A6-5909-4B90-A206-6E3B454660CF}" = protocol=17 | dir=in | app=c:\program files (x86)\giraffic\veoh_girafficwatchdog.exe |
"{4EEA8771-4B85-40E0-9384-02ACDDC3F8E0}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{4FA65F22-CBF6-49BE-AFFD-BF2A987193E4}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{56E6395B-0C63-40D7-9F8D-8011750DD4A9}" = protocol=6 | dir=in | app=c:\program files (x86)\giraffic\veoh_giraffic.exe |
"{65C8CB71-9EAF-4EC7-99F5-4472A1D166DF}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{6F527B75-1832-44AF-887E-ADB04E845011}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{7210AE84-8AE6-4ED2-9A9C-56E08476A190}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{8122DF35-CE7D-4AF0-B6D1-DDAB99FD3B45}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{85973FE0-3707-4DD3-B991-E499682A5D99}" = protocol=6 | dir=in | app=c:\program files (x86)\veoh networks\veohwebplayer\veohwebplayer.exe |
"{87CD1CBA-9AF2-4E66-89FB-C2CC25F2BDE8}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{A84FA275-9B0D-4EE5-8A95-FAE925B53848}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{AC8BF9FB-57AC-41A0-BFD6-5E49AB5135C4}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{AF48B19A-39F4-4CF6-8BD7-3255012A9105}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{BC097569-D81F-459D-9D1C-FA8D5746683F}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{BE38B2A3-8F36-4AA4-8ED4-1C5C81A37914}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{BED66DD6-3CE4-408A-A2F5-F8055CA768CE}" = protocol=17 | dir=in | app=c:\program files (x86)\veoh networks\veohwebplayer\veohwebplayer.exe |
"{C0C39B00-2479-47C1-A569-534D295A489D}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{C51A7667-D1C2-4A44-8C47-B0AD44A17BDB}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{CA22FA6B-1766-43C3-AA6A-2BEC3F3C24AC}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{D428F14D-5385-41DB-9C6B-B3654B8F21B4}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{E0F3AB83-4EFB-461D-8AF1-B37312EB1C66}" = protocol=17 | dir=in | app=c:\program files (x86)\giraffic\veoh_giraffic.exe |
"{EE7CD366-10CC-467A-A1D5-314A988F4FBB}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{F0514181-F700-466B-8F09-AD12759C23EB}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{F415EF71-6108-4D98-A096-07A8D18168D6}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{F7B75BD8-D2CA-4D12-95A6-688A175FF0A3}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{FFFD727C-11F3-49B1-95BF-62128DF9A39A}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"TCP Query User{4C3D6F06-BF5D-40A3-B18D-C40392F4B81F}C:\program files (x86)\winamp\winamp.exe" = protocol=6 | dir=in | app=c:\program files (x86)\winamp\winamp.exe |
"TCP Query User{525D8D35-EDFD-49E3-8A4C-09AA73F7065E}C:\program files (x86)\vuze\azureus.exe" = protocol=6 | dir=in | app=c:\program files (x86)\vuze\azureus.exe |
"TCP Query User{AA12984E-77A1-48F3-BEC5-614B51827FD6}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe |
"TCP Query User{BA9655E5-83A7-4D31-8BEE-C55095BC7A57}C:\program files (x86)\smartftp\smartftp.exe" = protocol=6 | dir=in | app=c:\program files (x86)\smartftp\smartftp.exe |
"TCP Query User{C5BA0805-8F04-4E65-99D5-7CA8C858A497}C:\program files (x86)\winamp\winamp.exe" = protocol=6 | dir=in | app=c:\program files (x86)\winamp\winamp.exe |
"TCP Query User{D4B5F905-3CA2-4CB1-9CD7-C1FA58510D2E}C:\program files (x86)\gridservice\peer.exe" = protocol=6 | dir=in | app=c:\program files (x86)\gridservice\peer.exe |
"TCP Query User{E8707F03-7FAE-47B9-A2B7-B27C90A892A2}C:\program files (x86)\gridservice\peer.exe" = protocol=6 | dir=in | app=c:\program files (x86)\gridservice\peer.exe |
"UDP Query User{651580B3-0DF8-48E4-8B66-5CDDD3462E5A}C:\program files (x86)\gridservice\peer.exe" = protocol=17 | dir=in | app=c:\program files (x86)\gridservice\peer.exe |
"UDP Query User{6C7B7C99-9DE0-4842-969E-F3280D3787C3}C:\program files (x86)\gridservice\peer.exe" = protocol=17 | dir=in | app=c:\program files (x86)\gridservice\peer.exe |
"UDP Query User{7C3DADD4-8C7A-4945-AA1D-3D3CAD7D5595}C:\program files (x86)\vuze\azureus.exe" = protocol=17 | dir=in | app=c:\program files (x86)\vuze\azureus.exe |
"UDP Query User{914CD0C7-9060-4C7C-BCB4-2C4F8F403FD7}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe |
"UDP Query User{A928129E-DD4C-43D2-982A-BCB4D5F163FD}C:\program files (x86)\winamp\winamp.exe" = protocol=17 | dir=in | app=c:\program files (x86)\winamp\winamp.exe |
"UDP Query User{CF7015F5-3267-4727-A9AC-ED1E5C0DF50E}C:\program files (x86)\winamp\winamp.exe" = protocol=17 | dir=in | app=c:\program files (x86)\winamp\winamp.exe |
"UDP Query User{F576D7D0-B0ED-4CD6-A4CF-480A7B0DD4BC}C:\program files (x86)\smartftp\smartftp.exe" = protocol=17 | dir=in | app=c:\program files (x86)\smartftp\smartftp.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{26A24AE4-039D-4CA4-87B4-2F86417007FF}" = Java 7 Update 7 (64-bit)
"{2F72F540-1F60-4266-9506-952B21D6640D}" = Apple Mobile Device Support
"{4449B83C-1257-4355-8F3E-71280E922B5F}" = Intel® Network Connections 14.7.31.0
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{68660049-8D48-427C-9FF7-139D8340CDC0}" = MSVC80_x64
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{76FF0F03-B707-4332-B5D1-A56C8303514E}" = iTunes
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{AB3FDAEC-7702-3A47-655B-4A34714CBEFA}" = ccc-utility64
"{B36AB323-9849-4486-AB8F-93E64A06E716}" = WD SmartWare
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D954C6C2-544B-4091-A47F-11E77162883E}" = Microsoft Security Client
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{DBB03C04-9E78-6758-94C9-5D128401CFF8}" = WMV9/VC-1 Video Playback
"{E974638C-9F47-48C4-672C-B9C65F2BAD62}" = AMD Drag and Drop Transcoding
"{F3FEB53B-0BD3-F481-A8F9-51BA46466A6A}" = ATI Catalyst Install Manager
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"CCleaner" = CCleaner
"CPUID CPU-Z_is1" = CPUID CPU-Z 1.56
"FCEC33AD40CEA5E0FC4CEE6E42041A0DA189652D" = Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0)
"KLiteCodecPack64_is1" = K-Lite Codec Pack (64-bit) v4.0.0
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft Security Client" = Microsoft Security Essentials
"PROSetDX" = Intel® Network Connections 14.7.31.0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0032D29F-7E8F-40E5-AD12-8857AAB0DBFF}" = Catalyst Control Center - Branding
"{02627ee5-eaca-4742-a9cc-e687631773e4}" = Nero ShowTime
"{034C3647-3240-B744-D10B-637197A1E5B1}" = Catalyst Control Center InstallProxy
"{11083C7A-D0D6-4DA4-8C3A-74B8389EC07B}" = ATI Catalyst Registration
"{11C762F9-95EA-486A-A8E7-683A50C231C1}" = SmartFTP
"{1c00c7c5-e615-4139-b817-7f4003de68c0}" = Nero PhotoSnap Help
"{20400dbd-e6db-45b8-9b6b-1dd7033818ec}" = Nero InfoTool Help
"{212748BB-0DA5-46DE-82A1-403736DC9F27}" = MSVC80_x86
"{2348b586-c9ae-46ce-936c-a68e9426e214}" = Nero StartSmart Help
"{26A24AE4-039D-4CA4-87B4-2F83217025FF}" = Java 7 Update 25
"{2C440596-FD75-9EA6-5472-B2EDBF5D222B}" = ccc-core-static
"{2FDBBCEA-62DB-45F4-B6E5-0E1FB2A1F29D}" = Visual C++ 8.0 Runtime Setup Package (x64)
"{33cf58f5-48d8-4575-83d6-96f574e4d83a}" = Nero DriveSpeed
"{34610DE0-3C13-42CA-8E32-01FFA38AB6E8}" = PC Connectivity Solution
"{359cfc0a-beb1-440d-95ba-cf63a86da34f}" = Nero Recode
"{3717C4F2-7412-4793-9BB8-D73D2817B3D6}" = USB TV Device Driver
"{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup
"{3D6A24EA-A543-6C84-351E-D7646E7AB86E}" = Catalyst Control Center InstallProxy
"{43e39830-1826-415d-8bae-86845787b54b}" = Nero Vision
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}" = SmartSound Quicktracks Plugin
"{4D43D635-6FDA-4fa5-AA9B-23CF73D058EA}" = Nero StartSmart OEM
"{501451DE-5808-4599-B544-8BD0915B6B24}_is1" = FreeRIP v3.6
"{521AAD14-5030-44BB-8B0E-5CE65FCE57E0}" = InterVideo DeviceService
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{595a3116-40bb-4e0f-a2e8-d7951da56270}" = NeroExpress
"{59f85eda-819e-446d-8ed8-e010be07ba65}" = Nero 9 Essentials
"{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}" = Apple Application Support
"{5d9be3c1-8ba4-4e7e-82fd-9f74fa6815d1}" = Nero Vision Help
"{60c731fb-c951-41ce-ad41-8e54c8594609}" = Nero Disc Copy Gadget Help
"{62ac81f6-bdd3-4110-9d36-3e9eaab40999}" = Nero CoverDesigner
"{6421F085-1FAA-DE13-D02A-CFB412C522A4}" = Acrobat.com
"{6446BBD0-CB83-40E1-BEA1-0C147065E2A6}" = Maxtor Manager
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7748ac8c-18e3-43bb-959b-088faea16fb2}" = Nero StartSmart
"{7829db6f-a066-4e40-8912-cb07887c20bb}" = Nero BurnRights
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7ACEE78A-537D-2857-1A64-72198BC4A67D}" = Catalyst Control Center Graphics Previews Vista
"{7CD82818-18F2-E4D5-A502-9D1F16C8DF9C}" = Catalyst Control Center Graphics Previews Common
"{7E84FAC8-C518-40F9-9807-7455301D6D25}" = SamsungConnectivityCableDriver
"{83202942-84b3-4c50-8622-b8c0aa2d2885}" = Nero Express Help
"{869200db-287a-4dc0-b02b-2b6787fbcd4c}" = Nero DiscSpeed
"{8A76CFCA-4BEC-C88E-3A7B-7CD18E3B86EA}" = CCC Help English
"{8ACC73AA-6511-7C55-B1A9-8E5D1DEAFAA3}" = The Lord of the Rings FREE Trial
"{8E666407-AC41-46a2-9692-6C7BFCBFDD37}" = Memeo Instant Backup
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90280409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional with FrontPage
"{98EFD8F0-08DE-48DB-B922-A2EBAB711033}" = Nero 7 Ultra Edition
"{996F79F5-2ABF-4B9D-A0C0-ACD046AA8008}" = ArcSoft ShowBiz DVD 2
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9e82b934-9a25-445b-b8df-8012808074ac}" = Nero PhotoSnap
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.1
"{ad6bc5cc-2ef0-49c4-b33d-cdc8b2c4dc80}" = Nero Recode Help
"{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime
"{b1adf008-e898-4fe2-8a1f-690d9a06acaf}" = DolbyFiles
"{b2ec4a38-b545-4a00-8214-13fe0e915e6d}" = Advertising Center
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{bd5ca0da-71ad-43da-b19e-6eee0c9adc9a}" = Nero ControlCenter
"{C3A11907-930D-41AC-A135-CC3B12F92011}" = Seagate Dashboard
"{cc019e3f-59d2-4486-8d4b-878105b62a71}" = Nero DiscSpeed Help
"{ce96f5a5-584d-4f8f-aa3e-9baed413db72}" = Nero CoverDesigner Help
"{d9dcf92e-72eb-412d-ac71-3b01276e5f8b}" = Nero ShowTime
"{dba84796-8503-4ff0-af57-1747dd9a166d}" = Nero Online Upgrade
"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
"{e5c7d048-f9b4-4219-b323-8bdb01a2563d}" = Nero DriveSpeed Help
"{e8a80433-302b-4ff1-815d-fcc8eac482ff}" = Nero Installer
"{EFB21DE7-8C19-4A88-BB28-A766E16493BC}" = Adobe Photoshop CS
"{f1861f30-3419-44db-b2a1-c274825698b3}" = Nero Disc Copy Gadget
"{f4041dce-3fe1-4e18-8a9e-9de65231ee36}" = Nero ControlCenter
"{f6bdd7c5-89ed-4569-9318-469aa9732572}" = Nero BurnRights Help
"{F99F9E24-EE2F-47FD-AEB0-FDB82859B5C9}" = VideoStudio
"{fbcdfd61-7dcf-4e71-9226-873ba0053139}" = Nero InfoTool
"{FFF14233-FE39-4671-A38E-76FD8F24A879}" = e-tax 2013
"8461-7759-5462-8226" = Vuze
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Combined Community Codec Pack_is1" = Combined Community Codec Pack 2011-11-11
"Debut" = Debut Video Capture Software
"EASEUS Partition Master Home Edition_is1" = EASEUS Partition Master 9.1.0 Home Edition
"ESET Online Scanner" = ESET Online Scanner v3
"FormatFactory" = FormatFactory 2.70
"Free Download Manager_is1" = Free Download Manager 3.0
"Free M4a to MP3 Converter_is1" = Free M4a to MP3 Converter 6.2
"Giraffic" = Veoh Giraffic Video Accelerator
"InstallShield_{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}" = SmartSound Quicktracks Plugin
"InstallShield_{6446BBD0-CB83-40E1-BEA1-0C147065E2A6}" = Maxtor Manager
"InstallShield_{F99F9E24-EE2F-47FD-AEB0-FDB82859B5C9}" = Ulead VideoStudio 11
"KLiteCodecPack_is1" = K-Lite Codec Pack 6.6.1 (Full)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"MKV Cutter_is1" = MKV Cutter 1.0
"Mozilla Firefox 23.0.1 (x86 en-GB)" = Mozilla Firefox 23.0.1 (x86 en-GB)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MPEG Cutter_is1" = MPEG Cutter 1.0
"OnlineArmor_is1" = Online Armor 5.5
"QuicktimeAlt_is1" = QuickTime Alternative 1.81
"RaySource" = RaySource 2.1.10.8366
"SpeedFan" = SpeedFan (remove only)
"SpywareBlaster_is1" = SpywareBlaster 4.6
"Veoh Web Player Beta" = Veoh Web Player
"VOB Cutter_is1" = VOB Cutter 1.0
"Vuze_Remote Toolbar" = Vuze Remote Toolbar
"Winamp" = Winamp
"WinRAR archiver" = WinRAR archiver

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Winamp Detect" = Winamp Detector Plug-in

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 2/14/2012 6:15:10 AM | Computer Name = KIEU-PC | Source = SideBySide | ID = 16842824
Description = Activation context generation failed for "c:\program files\microsoft
security client\MSESysprep.dll".Error in manifest or policy file "c:\program files\microsoft
security client\MSESysprep.dll" on line 10. The element imaging appears as a child
of element urn:schemas-microsoft-com:asm.v1^assembly which is not supported by
this version of Windows.

Error - 2/14/2012 6:16:11 AM | Computer Name = KIEU-PC | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\program files (x86)\spybot
- search & destroy\DelZip179.dll".Error in manifest or policy file "c:\program
files (x86)\spybot - search & destroy\DelZip179.dll" on line 8. The value "*" of
attribute "language" in element "assemblyIdentity" is invalid.

Error - 2/14/2012 6:16:18 AM | Computer Name = KIEU-PC | Source = SideBySide | ID = 16842832
Description = Activation context generation failed for "C:\Program Files (x86)\Nero\Nero
9\Nero PhotoSnap\PhotoSnapViewer.exe.Manifest".Error in manifest or policy file
"" on line . A component version required by the application conflicts with another
component version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error - 2/15/2012 3:34:56 AM | Computer Name = KIEU-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Program Files\Western
Digital\WD SmartWare\WD Drive Manager\MFC80U.DLL". Dependent Assembly Microsoft.VC80.MFCLOC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 2/15/2012 6:35:09 AM | Computer Name = KIEU-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Program Files\Western
Digital\WD SmartWare\WD Drive Manager\MFC80U.DLL". Dependent Assembly Microsoft.VC80.MFCLOC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 2/16/2012 3:42:41 AM | Computer Name = KIEU-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Program Files\Western
Digital\WD SmartWare\WD Drive Manager\MFC80U.DLL". Dependent Assembly Microsoft.VC80.MFCLOC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 2/16/2012 5:50:49 AM | Computer Name = KIEU-PC | Source = SideBySide | ID = 16842824
Description = Activation context generation failed for "c:\program files\microsoft
security client\MSESysprep.dll".Error in manifest or policy file "c:\program files\microsoft
security client\MSESysprep.dll" on line 10. The element imaging appears as a child
of element urn:schemas-microsoft-com:asm.v1^assembly which is not supported by
this version of Windows.

Error - 2/16/2012 5:51:52 AM | Computer Name = KIEU-PC | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\program files (x86)\spybot
- search & destroy\DelZip179.dll".Error in manifest or policy file "c:\program
files (x86)\spybot - search & destroy\DelZip179.dll" on line 8. The value "*" of
attribute "language" in element "assemblyIdentity" is invalid.

Error - 2/16/2012 5:52:05 AM | Computer Name = KIEU-PC | Source = SideBySide | ID = 16842832
Description = Activation context generation failed for "C:\Program Files (x86)\Nero\Nero
9\Nero PhotoSnap\PhotoSnapViewer.exe.Manifest".Error in manifest or policy file
"" on line . A component version required by the application conflicts with another
component version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error - 2/17/2012 3:48:36 AM | Computer Name = KIEU-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Program Files\Western
Digital\WD SmartWare\WD Drive Manager\MFC80U.DLL". Dependent Assembly Microsoft.VC80.MFCLOC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

[ System Events ]
Error - 9/20/2013 7:11:12 AM | Computer Name = KIEU-PC | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 9/20/2013 7:11:12 AM | Computer Name = KIEU-PC | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 9/20/2013 7:11:12 AM | Computer Name = KIEU-PC | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 9/20/2013 7:11:13 AM | Computer Name = KIEU-PC | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 9/20/2013 7:11:13 AM | Computer Name = KIEU-PC | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 9/20/2013 7:11:13 AM | Computer Name = KIEU-PC | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 9/20/2013 7:11:13 AM | Computer Name = KIEU-PC | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 9/20/2013 7:11:13 AM | Computer Name = KIEU-PC | Source = Service Control Manager | ID = 7001
Description = The HomeGroup Provider service depends on the Function Discovery Provider
Host service which failed to start because of the following error: %%1068

Error - 9/20/2013 7:11:14 AM | Computer Name = KIEU-PC | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 9/20/2013 7:11:14 AM | Computer Name = KIEU-PC | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

< End of report >

Advertisements

Register to Remove

#2 OCD

SuperHelper

Malware Team
5,574 posts

Posted 21 September 2013 - 02:34 PM

Hi tahaminey,

My name is OCD. I would be more than happy to take a look at your log and help you with solving any malware problems you might have. Logs can take a while to research, so please be patient and know that I am working hard to get you a clean and functional system back in your hands. I'd be grateful if you would note the following:

I will be working on your Malware issues, this may or may not, solve other issues you have with your machine.
The fixes are specific to your problem and should only be used for the issues on this machine.
Please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear.
It's often worth reading through these instructions and printing them for ease of reference.
If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
Please reply to this thread. Do not start a new topic.
Copy and Paste logs directly into the reply window. DO NOT attach the logs unless specifically instructed to do so.

IMPORTANT NOTE : Please do not delete, download or install anything unless instructed to do so.

DO NOT use any TOOLS such as Combofix or HijackThis fixes without supervision. Doing so could make your system inoperable and could require a full reinstall of your Operating System and losing all your programs and data.

Important Note for Vista and Windows 7 & 8 users:

These tools MUST be run from the executable.(.exe) every time you run them with Admin Rights (Right click, choose "Run as Administrator")

Please stay with this topic until I let you know that your system appears to be "All Clear"

=========================

Does the computer boot in Normal Mode? If so run these tools in Normal Mode, not Safe Mode.

=========================

aswMBR

Download aswMBR.exe and save it to your desktop.

- Windows XP : Double click on the icon to run it.
- Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
When asked if you want to download Avast's virus definitions please select Yes.
Click Scan
Upon completion of the scan, click Save log and save it to your desktop, and post that log in your next reply for review. Note - do NOT attempt any Fix yet.
You will also notice another file created on the desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) file. Attach that zipped file in your next reply as well.

=========================

AdwCleaner v3: Scan & Clean

- Windows XP : Double click on the icon to run it.
- Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
Click on the Scan button.
AdwCleaner will begin to scan your computer like it did before.
After the scan has finished...
This time, click on the Clean button.
Press OK when asked to close all programs and follow the onscreen prompts.
Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
After rebooting, a log file report (AdwCleaner[S0].txt) will open automatically.
Copy and paste the contents of that log file in your next reply.
A copy of that log file will also be saved in the C:\AdwCleaner folder.

=========================

Junkware Removal Tool

Download Junkware Removal Tool to your desktop.

- Windows XP : Double click on the icon to run it.
- Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
Shut down your protection software now to avoid potential conflicts.
The tool will open and start scanning your system.
Please be patient as this can take a while to complete depending on your system's specifications.
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
Post the contents of JRT.txt into your next message.

=========================

Re-run OTL (it should be located on your desktop).

- Windows XP : Double click on the icon to run it.
- Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
Make sure all other windows are closed and to let it run uninterrupted.
When the window appears, underneath Output at the top change it to Minimal Output.
Uncheck the boxes beside LOP Check and Purity Check.
Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

When the scan completes, it will open one notepad window. OTL.Txt. (No Extras.txt will be produced)
Note:The log can be located in the OTL. folder on you C:\ drive if they fail to open automatically.
Please copy (Edit->Select All, Edit->Copy) the contents of the file, and post it with your next reply.

=========================

In your next post please provide the following:
aswMBR.txt
attach MBR.zip
AdwCleaner.txt
JRT.txt
OTL.txt
How is the computer running at the moment?

OCD

Proud Graduate of WTT Classroom
Member of UNITE

Threads will be closed if no response after 5 days

If you are satisfied with the help you have received, please consider making a donation.

#3 tahaminey

Authentic Member

Authentic Member
69 posts

Posted 22 September 2013 - 01:05 AM

Hi OCD,

After completing all scans listed, I restarted my computer and this time my desktop did show up after I logged in. Before I would only get a black screen which I would then have to go to task Manger and run explorer.exe from there. I still don't know why this happened. Was ait a virus after all?

Here are the results of the scans.

aswMBR version 0.9.9.1771 Copyright© 2011 AVAST Software
Run date: 2013-09-22 15:28:30
-----------------------------
15:28:30.357 OS Version: Windows x64 6.1.7601 Service Pack 1
15:28:30.357 Number of processors: 8 586 0x1A05
15:28:30.358 ComputerName: KIEU-PC UserName: KIEU
15:28:36.569 Initialize success
15:41:59.272 AVAST engine defs: 13092101
15:44:41.310 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
15:44:41.310 Disk 0 Vendor: ST31500341AS CC1H Size: 1430799MB BusType: 3
15:44:41.403 Disk 0 MBR read successfully
15:44:41.403 Disk 0 MBR scan
15:44:41.434 Disk 0 Windows 7 default MBR code
15:44:41.450 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 2504 MB offset 2048
15:44:41.481 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 588764 MB offset 7680960
15:44:41.497 Disk 0 Partition - 00 0F Extended LBA 838283 MB offset 1213470720
15:44:41.528 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 383263 MB offset 1213470783
15:44:41.544 Disk 0 Partition - 00 05 Extended 154817 MB offset 1998410393
15:44:41.575 Disk 0 Partition 4 00 07 HPFS/NTFS NTFS 154817 MB offset 1998410456
15:44:41.590 Disk 0 Partition - 00 05 Extended 199999 MB offset 3100815962
15:44:41.606 Disk 0 Partition 5 00 07 HPFS/NTFS NTFS 199999 MB offset 2315876352
15:44:41.637 Disk 0 Partition - 00 05 Extended 59999 MB offset 3827881858
15:44:41.653 Disk 0 Partition 6 00 07 HPFS/NTFS NTFS 59999 MB offset 2725476352
15:44:41.684 Disk 0 Partition - 00 05 Extended 39999 MB offset 4360361858
15:44:41.700 Disk 0 Partition 7 00 07 HPFS/NTFS NTFS 39999 MB offset 2848356352
15:44:41.793 Disk 0 scanning C:\Windows\system32\drivers
15:44:54.367 Service scanning
15:45:23.555 Modules scanning
15:45:23.555 Disk 0 trace - called modules:
15:45:23.555 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys
15:45:23.570 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800b3b4790]
15:45:23.570 3 CLASSPNP.SYS[fffff8800148b43f] -> nt!IofCallDriver -> [0xfffffa800b186580]
15:45:23.570 5 ACPI.sys[fffff88000ee87a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa800b17d060]
15:45:27.408 AVAST engine scan C:\Windows
15:45:30.793 AVAST engine scan C:\Windows\system32
15:49:02.283 AVAST engine scan C:\Windows\system32\drivers
15:49:16.993 AVAST engine scan C:\Users\KIEU
15:58:37.908 AVAST engine scan C:\ProgramData
16:00:48.979 Scan finished successfully
16:02:38.476 Disk 0 MBR has been saved successfully to "C:\Users\KIEU\Desktop\MBR.dat"
16:02:38.507 The log file has been saved successfully to "C:\Users\KIEU\Desktop\aswMBR.txt"

# AdwCleaner v3.004 - Report created 22/09/2013 at 16:08:15
# Updated 15/09/2013 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : KIEU - KIEU-PC
# Running from : C:\Users\KIEU\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\FreeRIP
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FreeRIP3
Folder Deleted : C:\Program Files (x86)\Conduit
Folder Deleted : C:\Program Files (x86)\DAEMON Tools Toolbar
Folder Deleted : C:\Program Files (x86)\FreeRIP3
Folder Deleted : C:\Program Files (x86)\Vuze_Remote
Folder Deleted : C:\Program Files (x86)\ZoneAlarm
Folder Deleted : C:\Users\KIEU\AppData\Local\Conduit
Folder Deleted : C:\Users\KIEU\AppData\Local\Temp\CT2504091
Folder Deleted : C:\Users\KIEU\AppData\LocalLow\AVG Security Toolbar
Folder Deleted : C:\Users\KIEU\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\KIEU\AppData\LocalLow\facemoods.com
Folder Deleted : C:\Users\KIEU\AppData\LocalLow\Vuze_Remote
Folder Deleted : C:\Users\KIEU\AppData\LocalLow\ZoneAlarm
Folder Deleted : C:\Users\KIEU\AppData\Roaming\Mozilla\Firefox\Profiles\4z6f4a15.default\Conduit
Folder Deleted : C:\Users\KIEU\AppData\Roaming\Mozilla\Firefox\Profiles\4z6f4a15.default\ConduitCommon
Folder Deleted : C:\Users\KIEU\AppData\Roaming\Mozilla\Firefox\Profiles\4z6f4a15.default\ConduitEngine
Folder Deleted : C:\Users\KIEU\AppData\Roaming\Mozilla\Firefox\Profiles\4z6f4a15.default\CT2504091
Folder Deleted : C:\Users\KIEU\AppData\Roaming\Mozilla\Firefox\Profiles\4z6f4a15.default\CT2653012
Folder Deleted : C:\Users\KIEU\AppData\Roaming\Mozilla\Firefox\Profiles\4z6f4a15.default\Extensions\engine@conduit.com
Folder Deleted : C:\Users\KIEU\AppData\Roaming\Mozilla\Firefox\Profiles\4z6f4a15.default\Extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}
Folder Deleted : C:\Users\KIEU\AppData\Roaming\Mozilla\Firefox\Profiles\4z6f4a15.default\Extensions\{cd90bf73-20f6-44ef-993d-bb920303bd2e}
File Deleted : C:\END
File Deleted : C:\Users\KIEU\AppData\Roaming\Mozilla\Firefox\Profiles\4z6f4a15.default\searchplugins\Askcom.xml
File Deleted : C:\Users\KIEU\AppData\Roaming\Mozilla\Firefox\Profiles\4z6f4a15.default\searchplugins\Conduit.xml
File Deleted : C:\Users\KIEU\AppData\Roaming\Mozilla\Firefox\Profiles\4z6f4a15.default\searchplugins\daemon-search.xml

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\tracing\askpartnercobrandingtool_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AskSLib_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AskSLib_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_veoh_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_veoh_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstallerStub_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstallerStub_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\facemoodssrv_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\facemoodssrv_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASMANCS
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@checkpoint.com/FFApi
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2504091
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2611275
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader17558_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader17558_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_pc-wizard_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_pc-wizard_RASMANCS
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{5B1881D1-D9C7-46DF-B041-1E593282C7D0}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{BA14329E-9550-4989-B3F2-9732E92D17CC}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E30ED111-BD63-48C2-A6CB-AB3C9FFFB07C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{66F2E20D-0DA8-4C11-A9C8-DD8477B88ACD}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{28BC67A7-CEE9-4951-AEB3-D7251D534210}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A9379648-F6EB-4F65-A624-1C10411A15D0}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F16AB1DB-15C0-4456-A29E-4DF24FB9E3D2}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{66F2E20D-0DA8-4C11-A9C8-DD8477B88ACD}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{66F2E20D-0DA8-4C11-A9C8-DD8477B88ACD}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{BA14329E-9550-4989-B3F2-9732E92D17CC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{66F2E20D-0DA8-4C11-A9C8-DD8477B88ACD}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{E30ED111-BD63-48C2-A6CB-AB3C9FFFB07C}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{28BC67A7-CEE9-4951-AEB3-D7251D534210}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F0EC5EFF-0BE7-4378-8262-B33719C8FA58}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{DC9C002C-C89C-41D9-AB89-E1CDF31868FE}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0D7562AE-8EF6-416D-A838-AB665251703A}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AD22EBAF-0D18-4FC7-90CC-5EA0ABBE9EB8}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{66F2E20D-0DA8-4C11-A9C8-DD8477B88ACD}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{66F2E20D-0DA8-4C11-A9C8-DD8477B88ACD}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{66F2E20D-0DA8-4C11-A9C8-DD8477B88ACD}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{BA14329E-9550-4989-B3F2-9732E92D17CC}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{66F2E20D-0DA8-4C11-A9C8-DD8477B88ACD}]
Value Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{32099AAC-C132-4136-9E9A-4E364A424E17}]
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKCU\Software\AppDataLow\Toolbar
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKCU\Software\AppDataLow\Software\Vuze_Remote
Key Deleted : HKCU\Software\AppDataLow\Software\ZoneAlarm
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\Vuze_Remote
Key Deleted : HKLM\Software\ZoneAlarm
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Vuze_Remote Toolbar

***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.16686

-\\ Mozilla Firefox v23.0.1 (en-GB)

[ File : C:\Users\KIEU\AppData\Roaming\Mozilla\Firefox\Profiles\4z6f4a15.default\prefs.js ]

Line Deleted : user_pref("CT2504091.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Line Deleted : user_pref("CT2504091.CTID", "CT2504091");
Line Deleted : user_pref("CT2504091.CurrentServerDate", "7-2-2011");
Line Deleted : user_pref("CT2504091.DialogsAlignMode", "LTR");
Line Deleted : user_pref("CT2504091.DownloadReferralCookieData", "");
Line Deleted : user_pref("CT2504091.EMailNotifierPollDate", "Mon Feb 07 2011 18:45:15 GMT+1100 (AUS Eastern Daylight Time)");
Line Deleted : user_pref("CT2504091.FeedLastCount129079840422964131", 10);
Line Deleted : user_pref("CT2504091.FeedPollDate128891351169457140", "Tue Feb 08 2011 03:10:15 GMT+1100 (AUS Eastern Daylight Time)");
Line Deleted : user_pref("CT2504091.FeedPollDate129079840422964131", "Mon Feb 07 2011 18:10:15 GMT+1100 (AUS Eastern Daylight Time)");
Line Deleted : user_pref("CT2504091.FeedTTL128891351169457140", 40);
Line Deleted : user_pref("CT2504091.FirstServerDate", "7-2-2011");
Line Deleted : user_pref("CT2504091.FirstTime", true);
Line Deleted : user_pref("CT2504091.FirstTimeFF3", true);
Line Deleted : user_pref("CT2504091.FirstTimeSettingsDone", true);
Line Deleted : user_pref("CT2504091.FixPageNotFoundErrors", true);
Line Deleted : user_pref("CT2504091.GroupingServerCheckInterval", 1440);
Line Deleted : user_pref("CT2504091.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Line Deleted : user_pref("CT2504091.Initialize", true);
Line Deleted : user_pref("CT2504091.InitializeCommonPrefs", true);
Line Deleted : user_pref("CT2504091.InstallationAndCookieDataSentCount", 1);
Line Deleted : user_pref("CT2504091.InstallationType", "UnknownIntegration");
Line Deleted : user_pref("CT2504091.InstalledDate", "Mon Feb 07 2011 14:51:56 GMT+1100 (AUS Eastern Daylight Time)");
Line Deleted : user_pref("CT2504091.IsGrouping", false);
Line Deleted : user_pref("CT2504091.IsMulticommunity", false);
Line Deleted : user_pref("CT2504091.IsOpenThankYouPage", false);
Line Deleted : user_pref("CT2504091.IsOpenUninstallPage", false);
Line Deleted : user_pref("CT2504091.LanguagePackLastCheckTime", "Mon Feb 07 2011 14:51:58 GMT+1100 (AUS Eastern Daylight Time)");
Line Deleted : user_pref("CT2504091.LanguagePackReloadIntervalMM", 1440);
Line Deleted : user_pref("CT2504091.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx");
Line Deleted : user_pref("CT2504091.LastLogin_2.7.2.0", "Mon Feb 07 2011 14:51:57 GMT+1100 (AUS Eastern Daylight Time)");
Line Deleted : user_pref("CT2504091.LatestVersion", "2.7.2.0");
Line Deleted : user_pref("CT2504091.Locale", "en-us");
Line Deleted : user_pref("CT2504091.LoginCache", 4);
Line Deleted : user_pref("CT2504091.MCDetectTooltipHeight", "83");
Line Deleted : user_pref("CT2504091.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Line Deleted : user_pref("CT2504091.MCDetectTooltipWidth", "295");
Line Deleted : user_pref("CT2504091.SearchEngine", "Search||hxxp://search.conduit.com/Results.aspx?q=UCM_SEARCH_TERM&ctid=CT2504091&octid=EB_ORIGINAL_CTID&SearchSource=1");
Line Deleted : user_pref("CT2504091.SearchFromAddressBarIsInit", true);
Line Deleted : user_pref("CT2504091.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2504091&q=");
Line Deleted : user_pref("CT2504091.SearchInNewTabEnabled", true);
Line Deleted : user_pref("CT2504091.SearchInNewTabIntervalMM", 1440);
Line Deleted : user_pref("CT2504091.SearchInNewTabLastCheckTime", "Mon Feb 07 2011 14:51:57 GMT+1100 (AUS Eastern Daylight Time)");
Line Deleted : user_pref("CT2504091.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_TOOLBAR_ID");
Line Deleted : user_pref("CT2504091.SearchInNewTabUsageUrl", "hxxp://Usage.Hosting.conduit-services.com/UsageService.asmx/UsersRequests?ctid=EB_TOOLBAR_ID");
Line Deleted : user_pref("CT2504091.SearchInNewTabUserEnabled", false);
Line Deleted : user_pref("CT2504091.SearchProtectorToolbarDisabled", true);
Line Deleted : user_pref("CT2504091.SettingsCheckIntervalMin", 120);
Line Deleted : user_pref("CT2504091.SettingsLastCheckTime", "Mon Feb 07 2011 14:51:55 GMT+1100 (AUS Eastern Daylight Time)");
Line Deleted : user_pref("CT2504091.SettingsLastUpdate", "1295944923");
Line Deleted : user_pref("CT2504091.ThirdPartyComponentsInterval", 504);
Line Deleted : user_pref("CT2504091.ThirdPartyComponentsLastCheck", "Mon Feb 07 2011 14:51:53 GMT+1100 (AUS Eastern Daylight Time)");
Line Deleted : user_pref("CT2504091.ThirdPartyComponentsLastUpdate", "1246790578");
Line Deleted : user_pref("CT2504091.ToolbarDisabled", true);
Line Deleted : user_pref("CT2504091.TrusteLinkUrl", "hxxp://www.truste.org/pvr.php?page=validate&softwareProgramId=101&sealid=112");
Line Deleted : user_pref("CT2504091.UserID", "UN88265790862857789");
Line Deleted : user_pref("CT2504091.alertChannelId", "897164");
Line Deleted : user_pref("CT2504091.clientLogIsEnabled", false);
Line Deleted : user_pref("CT2504091.clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.asmx/ReportDiagnosticsEvent");
Line Deleted : user_pref("CT2504091.myStuffEnabled", true);
Line Deleted : user_pref("CT2504091.myStuffPublihserMinWidth", 400);
Line Deleted : user_pref("CT2504091.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOrigin=29&ctid=EB_TOOLBAR_ID&octid=EB_ORIGINAL_CTID");
Line Deleted : user_pref("CT2504091.myStuffServiceIntervalMM", 1440);
Line Deleted : user_pref("CT2504091.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?ComponentId=EB_MY_STUFF_INSTANCE_GUID&lut=EB_MY_STUFF_LUT");
Line Deleted : user_pref("CT2504091.uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/RegisterToolbarUninstallation");
Line Deleted : user_pref("CT2653012..clientLogIsEnabled", true);
Line Deleted : user_pref("CT2653012..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.asmx/ReportDiagnosticsEvent");
Line Deleted : user_pref("CT2653012..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/RegisterToolbarUninstallation");
Line Deleted : user_pref("CT2653012.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Line Deleted : user_pref("CT2653012.BrowserCompStateIsOpen_129514968327663878", true);
Line Deleted : user_pref("CT2653012.CTID", "ct2653012");
Line Deleted : user_pref("CT2653012.CurrentServerDate", "29-8-2011");
Line Deleted : user_pref("CT2653012.DialogsAlignMode", "LTR");
Line Deleted : user_pref("CT2653012.DialogsGetterLastCheckTime", "Mon Aug 29 2011 19:14:44 GMT+1000 (AUS Eastern Standard Time)");
Line Deleted : user_pref("CT2653012.DownloadReferralCookieData", "");
Line Deleted : user_pref("CT2653012.FirstServerDate", "29-8-2011");
Line Deleted : user_pref("CT2653012.FirstTime", true);
Line Deleted : user_pref("CT2653012.FirstTimeFF3", true);
Line Deleted : user_pref("CT2653012.FixPageNotFoundErrors", true);
Line Deleted : user_pref("CT2653012.GroupingServerCheckInterval", 1440);
Line Deleted : user_pref("CT2653012.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Line Deleted : user_pref("CT2653012.HasUserGlobalKeys", true);
Line Deleted : user_pref("CT2653012.HomePageProtectorEnabled", true);
Line Deleted : user_pref("CT2653012.Initialize", true);
Line Deleted : user_pref("CT2653012.InitializeCommonPrefs", true);
Line Deleted : user_pref("CT2653012.InstallationAndCookieDataSentCount", 2);
Line Deleted : user_pref("CT2653012.InstallationType", "ConduitIntegration");
Line Deleted : user_pref("CT2653012.InstalledDate", "Mon Aug 29 2011 19:14:41 GMT+1000 (AUS Eastern Standard Time)");
Line Deleted : user_pref("CT2653012.IsGrouping", false);
Line Deleted : user_pref("CT2653012.IsInitSetupIni", true);
Line Deleted : user_pref("CT2653012.IsMulticommunity", false);
Line Deleted : user_pref("CT2653012.IsOpenThankYouPage", false);
Line Deleted : user_pref("CT2653012.IsOpenUninstallPage", true);
Line Deleted : user_pref("CT2653012.IsProtectorsInit", true);
Line Deleted : user_pref("CT2653012.LanguagePackLastCheckTime", "Mon Aug 29 2011 19:14:43 GMT+1000 (AUS Eastern Standard Time)");
Line Deleted : user_pref("CT2653012.LanguagePackReloadIntervalMM", 1440);
Line Deleted : user_pref("CT2653012.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx");
Line Deleted : user_pref("CT2653012.LastLogin_3.6.0.10", "Mon Aug 29 2011 19:14:43 GMT+1000 (AUS Eastern Standard Time)");
Line Deleted : user_pref("CT2653012.LatestVersion", "3.6.0.10");
Line Deleted : user_pref("CT2653012.Locale", "en");
Line Deleted : user_pref("CT2653012.MCDetectTooltipHeight", "83");
Line Deleted : user_pref("CT2653012.MCDetectTooltipShow", false);
Line Deleted : user_pref("CT2653012.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Line Deleted : user_pref("CT2653012.MCDetectTooltipWidth", "295");
Line Deleted : user_pref("CT2653012.MyStuffEnabledAtInstallation", true);
Line Deleted : user_pref("CT2653012.OriginalFirstVersion", "3.6.0.10");
Line Deleted : user_pref("CT2653012.RadioIsPodcast", false);
Line Deleted : user_pref("CT2653012.RadioMediaID", "21806912");
Line Deleted : user_pref("CT2653012.RadioMediaType", "Media Player");
Line Deleted : user_pref("CT2653012.RadioMenuSelectedID", "EBRadioMenu_CT265301221806912");
Line Deleted : user_pref("CT2653012.RadioShrinkedFromSetup", false);
Line Deleted : user_pref("CT2653012.RadioStationName", "California%20Rock%20-%20Rock");
Line Deleted : user_pref("CT2653012.RadioStationURL", "hxxp://www.feedlive.net/california.asx");
Line Deleted : user_pref("CT2653012.SHRINK_TOOLBAR", 1);
Line Deleted : user_pref("CT2653012.SavedHomepage", "hxxp://www.google.com.au/");
Line Deleted : user_pref("CT2653012.SearchBoxWidth", 150);
Line Deleted : user_pref("CT2653012.SearchEngineBeforeUnload", "Veoh Web Player Customized Web Search");
Line Deleted : user_pref("CT2653012.SearchFromAddressBarIsInit", true);
Line Deleted : user_pref("CT2653012.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2653012&SearchSource=2&q=");
Line Deleted : user_pref("CT2653012.SearchInNewTabEnabled", true);
Line Deleted : user_pref("CT2653012.SearchInNewTabIntervalMM", 1440);
Line Deleted : user_pref("CT2653012.SearchInNewTabLastCheckTime", "Mon Aug 29 2011 19:14:42 GMT+1000 (AUS Eastern Standard Time)");
Line Deleted : user_pref("CT2653012.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_TOOLBAR_ID");
Line Deleted : user_pref("CT2653012.SearchInNewTabUsageUrl", "hxxp://Usage.Hosting.conduit-services.com/UsageService.asmx/UsersRequests?ctid=EB_TOOLBAR_ID");
Line Deleted : user_pref("CT2653012.SearchProtectorEnabled", true);
Line Deleted : user_pref("CT2653012.SearchProtectorToolbarDisabled", true);
Line Deleted : user_pref("CT2653012.ServiceMapLastCheckTime", "Mon Aug 29 2011 19:14:40 GMT+1000 (AUS Eastern Standard Time)");
Line Deleted : user_pref("CT2653012.SettingsLastCheckTime", "Mon Aug 29 2011 19:14:41 GMT+1000 (AUS Eastern Standard Time)");
Line Deleted : user_pref("CT2653012.SettingsLastUpdate", "1313942438");
Line Deleted : user_pref("CT2653012.ThirdPartyComponentsInterval", 504);
Line Deleted : user_pref("CT2653012.ThirdPartyComponentsLastCheck", "Mon Aug 29 2011 19:14:40 GMT+1000 (AUS Eastern Standard Time)");
Line Deleted : user_pref("CT2653012.ThirdPartyComponentsLastUpdate", "1312887586");
Line Deleted : user_pref("CT2653012.ToolbarDisabled", true);
Line Deleted : user_pref("CT2653012.ToolbarShrinkedFromSetup", false);
Line Deleted : user_pref("CT2653012.TrusteLinkUrl", "hxxp://trust.conduit.com/CT2653012");
Line Deleted : user_pref("CT2653012.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,client.conduit-storage.com,OurToolbar.com,CommunityToolbars.com,ForumToolbar.com,MyBlogToolbar.
com,MyCity[...]
Line Deleted : user_pref("CT2653012.UserID", "UN05689881284791576");
Line Deleted : user_pref("CT2653012.ValidationData_Toolbar", 2);
Line Deleted : user_pref("CT2653012.alertChannelId", "1045667");
Line Deleted : user_pref("CT2653012.approveUntrustedApps", false);
Line Deleted : user_pref("CT2653012.components.1000082", false);
Line Deleted : user_pref("CT2653012.components.129514973829994437", false);
Line Deleted : user_pref("CT2653012.ct2653012.DialogsAlignMode", "LTR");
Line Deleted : user_pref("CT2653012.ct2653012.InvalidateCache", false);
Line Deleted : user_pref("CT2653012.ct2653012.LanguagePackLastCheckTime", "Mon Aug 29 2011 19:14:44 GMT+1000 (AUS Eastern Standard Time)");
Line Deleted : user_pref("CT2653012.ct2653012.Locale", "en");
Line Deleted : user_pref("CT2653012.ct2653012.RadioLastCheckTime", "Mon Aug 29 2011 19:14:44 GMT+1000 (AUS Eastern Standard Time)");
Line Deleted : user_pref("CT2653012.ct2653012.RadioLastUpdateIPServer", "3");
Line Deleted : user_pref("CT2653012.ct2653012.RadioLastUpdateServer", "129438915777300000");
Line Deleted : user_pref("CT2653012.ct2653012.SearchInNewTabLastCheckTime", "Mon Aug 29 2011 19:14:43 GMT+1000 (AUS Eastern Standard Time)");
Line Deleted : user_pref("CT2653012.ct2653012.SettingsLastCheckTime", "Mon Aug 29 2011 19:14:41 GMT+1000 (AUS Eastern Standard Time)");
Line Deleted : user_pref("CT2653012.ct2653012.SettingsLastUpdate", "1313942438");
Line Deleted : user_pref("CT2653012.ct2653012.ThirdPartyComponentsLastCheck", "Mon Aug 29 2011 19:14:41 GMT+1000 (AUS Eastern Standard Time)");
Line Deleted : user_pref("CT2653012.ct2653012.ThirdPartyComponentsLastUpdate", "1312887586");
Line Deleted : user_pref("CT2653012.ct2653012.components.129221945086194357", false);
Line Deleted : user_pref("CT2653012.ct2653012.components.129234227786178949", false);
Line Deleted : user_pref("CT2653012.ct2653012.components.129514968327663878", false);
Line Deleted : user_pref("CT2653012.ct2653012.components.129518362214439676", false);
Line Deleted : user_pref("CT2653012.ct2653012.components.129523391987349046", false);
Line Deleted : user_pref("CT2653012.ct2653012.components.129523392088563401", false);
Line Deleted : user_pref("CT2653012.ct2653012.globalFirstTimeInfoLastCheckTime", "Mon Aug 29 2011 19:14:43 GMT+1000 (AUS Eastern Standard Time)");
Line Deleted : user_pref("CT2653012.ct2653012.toolbarAppMetaDataLastCheckTime", "Mon Aug 29 2011 19:14:43 GMT+1000 (AUS Eastern Standard Time)");
Line Deleted : user_pref("CT2653012.ct2653012.toolbarContextMenuLastCheckTime", "Mon Aug 29 2011 19:14:44 GMT+1000 (AUS Eastern Standard Time)");
Line Deleted : user_pref("CT2653012.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.conduit.com;apps.conduit.com;services.apps.conduit.com\",\"AppsDetectionUrlPattern\":\"hxxp://appdown[...]
Line Deleted : user_pref("CT2653012.globalFirstTimeInfoLastCheckTime", "Mon Aug 29 2011 19:14:42 GMT+1000 (AUS Eastern Standard Time)");
Line Deleted : user_pref("CT2653012.homepageProtectorEnableByLogin", true);
Line Deleted : user_pref("CT2653012.initDone", true);
Line Deleted : user_pref("CT2653012.isAppTrackingManagerOn", true);
Line Deleted : user_pref("CT2653012.isFirstRadioInstallation", false);
Line Deleted : user_pref("CT2653012.myStuffEnabled", true);
Line Deleted : user_pref("CT2653012.myStuffPublihserMinWidth", 400);
Line Deleted : user_pref("CT2653012.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOrigin=29&ctid=EB_TOOLBAR_ID&octid=EB_ORIGINAL_CTID");
Line Deleted : user_pref("CT2653012.myStuffServiceIntervalMM", 1440);
Line Deleted : user_pref("CT2653012.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?ComponentId=EB_MY_STUFF_INSTANCE_GUID&lut=EB_MY_STUFF_LUT");
Line Deleted : user_pref("CT2653012.searchProtectorDialogDelayInSec", 10);
Line Deleted : user_pref("CT2653012.searchProtectorEnableByLogin", true);
Line Deleted : user_pref("CT2653012.testingCtid", "");
Line Deleted : user_pref("CT2653012.toolbarAppMetaDataLastCheckTime", "Mon Aug 29 2011 19:14:42 GMT+1000 (AUS Eastern Standard Time)");
Line Deleted : user_pref("CT2653012.toolbarContextMenuLastCheckTime", "Mon Aug 29 2011 19:14:43 GMT+1000 (AUS Eastern Standard Time)");
Line Deleted : user_pref("CT2653012.usagesFlag", 2);
Line Deleted : user_pref("CommunityToolbar.ConduitHomepagesList", "hxxp://search.conduit.com/?ctid=CT2653012&SearchSource=13");
Line Deleted : user_pref("CommunityToolbar.ConduitSearchList", "Veoh Web Player Customized Web Search");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/909619/905414/AU", "\"0\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2653012", "\"1307023233\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=ct2653012", "\"1307023233\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&locale=en", "wVmmvqqOMqrv5xct1cJIHg==");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&locale=en", "0uSPYx+Kl2jpu8sJZMeHjw==");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&locale=en", "Dclc8oo4TTv7+mAkSlUSWg==");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&locale=en", "K4Vqu91uAzWURlxJRdXJOg==");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\"07879643d3acc1:0\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.engine.conduit-services.com/DLG.pkg?ver=3.3.3.2", "\"807dc126dd28cc1:0\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.6.0.10", "\"80ee9485875dcc1:0\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2653012", "\"634501322816130000\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=0", "634356118310000000");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=3/13/2011 11:17:11 AM", "634356118310000000");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.conduit-services.com/?ctid=CT2653012&octid=CT2653012", "\"1313942438\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.conduit-services.com/?ctid=ct2653012&octid=CT2653012", "\"1313942438\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Cornflower/equalizer_dead.gif", "\"0678fe477ac91:0\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Cornflower/minimize.gif", "\"046c7ab477ac91:0\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Cornflower/play.gif", "\"0484de117c4c91:0\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Cornflower/stop.gif", "\"0e7a152347ac91:0\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Cornflower/vol.gif", "\"087c778347ac91:0\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en", "\"634492029952000000\"");
Line Deleted : user_pref("CommunityToolbar.EngineOwner", "ConduitEngine");
Line Deleted : user_pref("CommunityToolbar.EngineOwnerGuid", "engine@conduit.com");
Line Deleted : user_pref("CommunityToolbar.EngineOwnerToolbarId", "conduitengine");
Line Deleted : user_pref("CommunityToolbar.IsEngineShown", true);
Line Deleted : user_pref("CommunityToolbar.IsMyStuffImportedToEngine", true);
Line Deleted : user_pref("CommunityToolbar.LatestLibsPath", "file:///C:\\Users\\KIEU\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\4z6f4a15.default\\conduitCommon\\modules\\3.6.0.10");
Line Deleted : user_pref("CommunityToolbar.LatestToolbarVersionInstalled", "3.6.0.10");
Line Deleted : user_pref("CommunityToolbar.OriginalEngineOwner", "ConduitEngine");
Line Deleted : user_pref("CommunityToolbar.OriginalEngineOwnerGuid", "engine@conduit.com");
Line Deleted : user_pref("CommunityToolbar.OriginalEngineOwnerToolbarId", "conduitengine");
Line Deleted : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "chrome://browser-region/locale/region.properties");
Line Deleted : user_pref("CommunityToolbar.ToolbarsList", "CT2504091,ConduitEngine,CT2653012");
Line Deleted : user_pref("CommunityToolbar.ToolbarsList2", "CT2504091,CT2653012");
Line Deleted : user_pref("CommunityToolbar.ToolbarsList4", "CT2653012");
Line Deleted : user_pref("CommunityToolbar.alert.alertDialogsGetterLastCheckTime", "Mon May 09 2011 19:11:41 GMT+1000 (AUS Eastern Standard Time)");
Line Deleted : user_pref("CommunityToolbar.alert.alertInfoInterval", 1440);
Line Deleted : user_pref("CommunityToolbar.alert.alertInfoLastCheckTime", "Fri Jun 24 2011 22:33:34 GMT+1000 (AUS Eastern Standard Time)");
Line Deleted : user_pref("CommunityToolbar.alert.clientsServerUrl", "hxxp://alert.client.conduit.com");
Line Deleted : user_pref("CommunityToolbar.alert.locale", "en");
Line Deleted : user_pref("CommunityToolbar.alert.loginIntervalMin", 1440);
Line Deleted : user_pref("CommunityToolbar.alert.loginLastCheckTime", "Fri Jun 24 2011 20:15:38 GMT+1000 (AUS Eastern Standard Time)");
Line Deleted : user_pref("CommunityToolbar.alert.loginLastUpdateTime", "1305622559");
Line Deleted : user_pref("CommunityToolbar.alert.messageShowTimeSec", 20);
Line Deleted : user_pref("CommunityToolbar.alert.servicesServerUrl", "hxxp://alert.services.conduit.com");
Line Deleted : user_pref("CommunityToolbar.alert.showTrayIcon", false);
Line Deleted : user_pref("CommunityToolbar.alert.userCloseIntervalMin", 300);
Line Deleted : user_pref("CommunityToolbar.alert.userId", "dc59582e-026a-4749-a5b7-314e9cec1e72");
Line Deleted : user_pref("CommunityToolbar.globalUserId", "a1a8a2c4-3cb8-4c9c-9fce-049e9aab6989");
Line Deleted : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);
Line Deleted : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);
Line Deleted : user_pref("CommunityToolbar.keywordURLSelectedCTID", "CT2653012");
Line Deleted : user_pref("CommunityToolbar.notifications.alertDialogsGetterLastCheckTime", "Mon Aug 29 2011 19:14:43 GMT+1000 (AUS Eastern Standard Time)");
Line Deleted : user_pref("CommunityToolbar.notifications.clientsServerUrl", "hxxp://alert.client.conduit.com");
Line Deleted : user_pref("CommunityToolbar.notifications.locale", "en");
Line Deleted : user_pref("CommunityToolbar.notifications.loginIntervalMin", 1440);
Line Deleted : user_pref("CommunityToolbar.notifications.loginLastCheckTime", "Mon Aug 29 2011 19:14:40 GMT+1000 (AUS Eastern Standard Time)");
Line Deleted : user_pref("CommunityToolbar.notifications.loginLastUpdateTime", "1313487611");
Line Deleted : user_pref("CommunityToolbar.notifications.messageShowTimeSec", 20);
Line Deleted : user_pref("CommunityToolbar.notifications.servicesServerUrl", "hxxp://alert.services.conduit.com");
Line Deleted : user_pref("CommunityToolbar.notifications.showTrayIcon", false);
Line Deleted : user_pref("CommunityToolbar.notifications.userCloseIntervalMin", 300);
Line Deleted : user_pref("CommunityToolbar.notifications.userId", "e3897a6b-e254-49a7-8cea-ab2b27e33512");
Line Deleted : user_pref("ConduitEngine.AppTrackingLastCheckTime", "Sat Jun 04 2011 17:42:39 GMT+1000 (AUS Eastern Standard Time)");
Line Deleted : user_pref("ConduitEngine.CTID", "ConduitEngine");
Line Deleted : user_pref("ConduitEngine.DialogsGetterLastCheckTime", "Thu Jun 23 2011 19:29:45 GMT+1000 (AUS Eastern Standard Time)");
Line Deleted : user_pref("ConduitEngine.FirstServerDate", "05/09/2011 12");
Line Deleted : user_pref("ConduitEngine.FirstTime", true);
Line Deleted : user_pref("ConduitEngine.FirstTimeFF3", true);
Line Deleted : user_pref("ConduitEngine.HasUserGlobalKeys", true);
Line Deleted : user_pref("ConduitEngine.Initialize", true);
Line Deleted : user_pref("ConduitEngine.InitializeCommonPrefs", true);
Line Deleted : user_pref("ConduitEngine.InstalledDate", "Mon May 09 2011 21:27:58 GMT+1000 (AUS Eastern Standard Time)");
Line Deleted : user_pref("ConduitEngine.IsMulticommunity", false);
Line Deleted : user_pref("ConduitEngine.IsOpenThankYouPage", false);
Line Deleted : user_pref("ConduitEngine.IsOpenUninstallPage", true);
Line Deleted : user_pref("ConduitEngine.LanguagePackLastCheckTime", "Sat Jun 25 2011 00:00:13 GMT+1000 (AUS Eastern Standard Time)");
Line Deleted : user_pref("ConduitEngine.LastLogin_3.3.3.2", "Fri Jun 24 2011 22:06:24 GMT+1000 (AUS Eastern Standard Time)");
Line Deleted : user_pref("ConduitEngine.SearchFromAddressBarIsInit", true);
Line Deleted : user_pref("ConduitEngine.SettingsLastCheckTime", "Fri Jun 24 2011 22:06:23 GMT+1000 (AUS Eastern Standard Time)");
Line Deleted : user_pref("ConduitEngine.UserID", "UN12740266571241843");
Line Deleted : user_pref("ConduitEngine.componentAlertEnabled", false);
Line Deleted : user_pref("ConduitEngine.engineLocale", "en-GB");
Line Deleted : user_pref("ConduitEngine.enngineContextMenuLastCheckTime", "Sat Jun 25 2011 00:00:13 GMT+1000 (AUS Eastern Standard Time)");
Line Deleted : user_pref("ConduitEngine.globalFirstTimeInfoLastCheckTime", "Fri Jun 24 2011 23:06:24 GMT+1000 (AUS Eastern Standard Time)");
Line Deleted : user_pref("ConduitEngine.initDone", true);
Line Deleted : user_pref("ConduitEngine.isAppTrackingManagerOn", true);
Line Deleted : user_pref("ConduitEngine.usagesFlag", 2);
Line Deleted : user_pref("browser.search.defaultenginename", "Veoh Web Player Customized Web Search");
Line Deleted : user_pref("browser.search.defaultthis.engineName", "Veoh Web Player Customized Web Search");
Line Deleted : user_pref("browser.search.selectedEngine", "Veoh Web Player Customized Web Search");
Line Deleted : user_pref("extensions.facemoods.aflt", "_#ddr");
Line Deleted : user_pref("extensions.facemoods.firstRun", false);
Line Deleted : user_pref("extensions.facemoods.lastActv", "6");

*************************

AdwCleaner[R0].txt - [34555 octets] - [22/09/2013 16:05:11]
AdwCleaner[S0].txt - [34388 octets] - [22/09/2013 16:08:15]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [34449 octets] ##########

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.1 (09.15.2013:1)
OS: Windows 7 Home Premium x64
Ran by KIEU on Sun 22/09/2013 at 16:18:28.56
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

~~~ Registry Values

~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\dt soft\daemon tools toolbar
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\AskInstallChecker-1_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\AskInstallChecker-1_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\AskInstallChecker-1_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\AskInstallChecker-1_RASMANCS
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{02EB73B6-1491-490D-BEA7-CB41F7BE4A0E}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{A3E02CAC-AF9D-446B-BF46-9937649ABCD5}

~~~ Files

Successfully deleted: [File] C:\Users\KIEU\appdata\local\{5820539B-D2F8-11E1-8270-B8AC6F996F26}\chrome\content\browser.xul [Trojan:JS/Medfos.A]

~~~ Folders

Successfully deleted: [Empty Folder] C:\Users\KIEU\appdata\local\{8b625ada-0bb9-6eb8-4e4a-4e69d036dc8f}
Successfully deleted: [Folder] C:\Users\KIEU\appdata\local\{5820539B-D2F8-11E1-8270-B8AC6F996F26} [Trojan:JS/Medfos.A]

~~~ FireFox

Failed to delete: [File] "C:\Program Files (x86)\Mozilla Firefox\searchplugins\avg_igeared.xml"
Successfully deleted: [File] "C:\Program Files (x86)\Mozilla Firefox\searchplugins\avg_igeared.xml"
Emptied folder: C:\Users\KIEU\AppData\Roaming\mozilla\firefox\profiles\4z6f4a15.default\minidumps [24 files]

~~~ Event Viewer Logs were cleared

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sun 22/09/2013 at 16:42:29.44
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

OTL logfile created on: 9/22/2013 4:43:48 PM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\KIEU\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16686)
Locale: 00000409 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

11.99 Gb Total Physical Memory | 9.98 Gb Available Physical Memory | 83.27% Memory free
23.98 Gb Paging File | 21.79 Gb Available in Paging File | 90.86% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 574.97 Gb Total Space | 192.75 Gb Free Space | 33.52% Space Free | Partition Type: NTFS
Drive L: | 374.28 Gb Total Space | 41.80 Gb Free Space | 11.17% Space Free | Partition Type: NTFS
Drive M: | 151.19 Gb Total Space | 17.25 Gb Free Space | 11.41% Space Free | Partition Type: NTFS
Drive N: | 195.31 Gb Total Space | 62.48 Gb Free Space | 31.99% Space Free | Partition Type: NTFS
Drive O: | 58.59 Gb Total Space | 11.21 Gb Free Space | 19.13% Space Free | Partition Type: NTFS
Drive P: | 39.06 Gb Total Space | 6.85 Gb Free Space | 17.55% Space Free | Partition Type: NTFS

Computer Name: KIEU-PC | User Name: KIEU | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\KIEU\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Giraffic\Veoh_GirafficWatchdog.exe (Giraffic)
PRC - C:\Program Files (x86)\Giraffic\Veoh_Giraffic.exe (Giraffic)
PRC - C:\Program Files (x86)\QuickTime Alternative\QTTask.exe (Apple Inc.)
PRC - C:\Program Files (x86)\Online Armor\oaui.exe (Emsisoft GmbH)
PRC - C:\Program Files (x86)\Online Armor\OAsrv.exe (Emsisoft GmbH)
PRC - C:\Program Files (x86)\Online Armor\oahlp.exe (Emsisoft GmbH)
PRC - C:\Program Files (x86)\Online Armor\oacat.exe (Emsisoft GmbH)
PRC - C:\Program Files (x86)\Seagate\Seagate Dashboard\SeagateDashboardService.exe (Memeo)
PRC - C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
PRC - C:\Program Files (x86)\GridService\peer.exe (FS2YOU)
PRC - C:\Program Files (x86)\Maxtor\Sync\SyncServices.exe (Seagate Technology LLC)
PRC - C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexStoreSvr.exe (Nero AG)
PRC - C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)
PRC - C:\Program Files (x86)\Common Files\InterVideo\DeviceService\DevSvc.exe (InterVideo Inc.)
PRC - C:\Windows\SysWOW64\IoctlSvc.exe (Prolific Technology Inc.)

========== Modules (No Company Name) ==========

MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll ()

========== Services (SafeList) ==========

SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:64bit: - (NisSrv) -- C:\Program Files\Microsoft Security Client\NisSrv.exe (Microsoft Corporation)
SRV:64bit: - (MsMpSvc) -- C:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (WDDMService) -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe (WDC)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (Giraffic) -- C:\Program Files (x86)\Giraffic\Veoh_GirafficWatchdog.exe (Giraffic)
SRV - (SvcOnlineArmor) -- C:\Program Files (x86)\Online Armor\OAsrv.exe (Emsisoft GmbH)
SRV - (OAcat) -- C:\Program Files (x86)\Online Armor\oacat.exe (Emsisoft GmbH)
SRV - (nosGetPlusHelper) -- C:\Program Files (x86)\NOS\bin\getPlus_Helper_3004.dll (NOS Microsystems Ltd.)
SRV - (SeagateDashboardService) -- C:\Program Files (x86)\Seagate\Seagate Dashboard\SeagateDashboardService.exe (Memeo)
SRV - (MemeoBackgroundService) -- C:\Program Files (x86)\Memeo\AutoBackup\MemeoBackgroundService.exe (Memeo)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (Nero BackItUp Scheduler 4.0) -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG)
SRV - (WDSmartWareBackgroundService) -- C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe (Memeo)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (ServiceLayer) -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe (Nokia.)
SRV - (Maxtor Sync Service) -- C:\Program Files (x86)\Maxtor\Sync\SyncServices.exe (Seagate Technology LLC)
SRV - (Capture Device Service) -- C:\Program Files (x86)\Common Files\InterVideo\DeviceService\DevSvc.exe (InterVideo Inc.)
SRV - (PLFlash DeviceIoControl Service) -- C:\Windows\SysWOW64\IoctlSvc.exe (Prolific Technology Inc.)

========== Driver Services (SafeList) ==========

DRV:64bit: - (NisDrv) -- C:\Windows\SysNative\drivers\NisDrvWFP.sys (Microsoft Corporation)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (OAnet) -- C:\Windows\SysNative\drivers\OAnet.sys (Emsisoft)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (epmntdrv) -- C:\Windows\SysNative\epmntdrv.sys ()
DRV:64bit: - (EuGdiDrv) -- C:\Windows\SysNative\EuGdiDrv.sys ()
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek )
DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (AtiHDAudioService) -- C:\Windows\SysNative\drivers\AtihdW76.sys (ATI Technologies, Inc.)
DRV:64bit: - (cpuz134) -- C:\Windows\SysNative\drivers\cpuz134_x64.sys (Windows ® Win 7 DDK provider)
DRV:64bit: - (sssdmdm) -- C:\Windows\SysNative\drivers\sssdmdm.sys (MCCI Corporation)
DRV:64bit: - (sssdmgmt) -- C:\Windows\SysNative\drivers\sssdmgmt.sys (MCCI Corporation)
DRV:64bit: - (sssdobex) -- C:\Windows\SysNative\drivers\sssdobex.sys (MCCI Corporation)
DRV:64bit: - (sssdbus) -- C:\Windows\SysNative\drivers\sssdbus.sys (MCCI Corporation)
DRV:64bit: - (sssdmdfl) -- C:\Windows\SysNative\drivers\sssdmdfl.sys (MCCI Corporation)
DRV:64bit: - (e1kexpress) -- C:\Windows\SysNative\drivers\e1k62x64.sys (Intel Corporation)
DRV:64bit: - (HECIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (USB28xxBGA) -- C:\Windows\SysNative\drivers\emBDA64.sys (eMPIA Technology, Inc.)
DRV:64bit: - (USB28xxOEM) -- C:\Windows\SysNative\drivers\emOEM64.sys (eMPIA Technology, Inc.)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (WDC_SAM) -- C:\Windows\SysNative\drivers\wdcsam64.sys (Western Digital Technologies)
DRV:64bit: - (pccsmcfd) -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys (Nokia)
DRV - (OAmon) -- C:\Windows\SysWOW64\drivers\OAmon.sys (Emsisoft)
DRV - (OADevice) -- C:\Windows\SysWOW64\drivers\OADriver.sys ()
DRV - (oahlpXX) -- C:\Windows\SysWOW64\drivers\oahlp64.sys ()
DRV - (epmntdrv) -- C:\Windows\SysWOW64\epmntdrv.sys ()
DRV - (EuGdiDrv) -- C:\Windows\SysWOW64\EuGdiDrv.sys ()
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com.au/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-au
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 5A 58 C4 3E 99 3B CB 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope =
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...amp;FORM=IE10SR
IE - HKCU\..\SearchScopes\{36BBC5EA-56CD-46C2-B93C-1A26BF380F71}: "URL" = http://au.search.yah...p={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=386496"
FF - prefs.js..browser.startup.homepage: "google.com"
FF - prefs.js..extensions.enabledAddons: firefox%40mega.co.nz:1.0.3
FF - prefs.js..extensions.enabledAddons: %7Ba0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7%7D:20130917
FF - prefs.js..extensions.enabledAddons: %7B73a6fe31-595d-460b-a920-fcc0f8843232%7D:2.6.8.1
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:23.0.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {ba14329e-9550-4989-b3f2-9732e92d17cc}:2.7.2.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..keyword.URL: "chrome://browser-region/locale/region.properties"
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_168.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.0-git-20120207-0402: C:\Program Files\VideoLAN\VLC\npvlc.dll File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_168.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)

64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\PROGRAM FILES\CHECKPOINT\ZAFORCEFIELD\TRUSTCHECKER
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 23.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/08/17 18:31:19 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 23.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/08/17 18:31:19 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{5820539B-D2F8-11E1-8270-B8AC6F996F26}: C:\Users\KIEU\AppData\Local\{5820539B-D2F8-11E1-8270-B8AC6F996F26}\

[2010/09/16 22:23:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\KIEU\AppData\Roaming\Mozilla\Extensions
[2013/09/22 16:08:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\KIEU\AppData\Roaming\Mozilla\Firefox\Profiles\4z6f4a15.default\extensions
[2013/09/20 20:39:54 | 000,000,000 | ---D | M] (WOT) -- C:\Users\KIEU\AppData\Roaming\Mozilla\Firefox\Profiles\4z6f4a15.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2013/08/26 23:35:43 | 000,000,000 | ---D | M] (FoxyProxy Standard) -- C:\Users\KIEU\AppData\Roaming\Mozilla\Firefox\Profiles\4z6f4a15.default\extensions\foxyproxy@eric.h.jung
[2013/07/03 23:19:24 | 000,191,061 | ---- | M] () (No name found) -- C:\Users\KIEU\AppData\Roaming\Mozilla\Firefox\Profiles\4z6f4a15.default\extensions\autoproxy@autoproxy.org.xpi
[2013/04/10 23:16:10 | 000,004,366 | ---- | M] () (No name found) -- C:\Users\KIEU\AppData\Roaming\Mozilla\Firefox\Profiles\4z6f4a15.default\extensions\firefox@mega.co.nz.xpi
[2013/09/22 15:25:25 | 000,534,729 | ---- | M] () (No name found) -- C:\Users\KIEU\AppData\Roaming\Mozilla\Firefox\Profiles\4z6f4a15.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
[2013/08/30 23:35:34 | 000,017,429 | ---- | M] () (No name found) -- C:\Users\KIEU\AppData\Roaming\Mozilla\Firefox\Profiles\4z6f4a15.default\extensions\{b9bfaf1c-a63f-47cd-8b9a-29526ced9060}.xpi
[2013/07/31 23:36:02 | 000,824,302 | ---- | M] () (No name found) -- C:\Users\KIEU\AppData\Roaming\Mozilla\Firefox\Profiles\4z6f4a15.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2013/08/17 18:31:18 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2013/08/17 18:31:43 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2011/07/12 07:48:12 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll
[2011/03/05 23:15:08 | 000,002,046 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\fcmdSrchddr.xml

O1 HOSTS File: ([2013/07/03 19:23:38 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (FDMIECookiesBHO Class) - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files (x86)\Free Download Manager\iefdm2.dll ()
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (no name) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No CLSID value found.
O4:64bit: - HKLM..\Run: [@OnlineArmor GUI] C:\Program Files (x86)\Online Armor\oaui.exe (Emsisoft GmbH)
O4:64bit: - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ATICustomerCare] C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [Grid Service] C:\Program Files (x86)\GridService\peer.exe (FS2YOU)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files (x86)\QuickTime Alternative\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (get_atlcom Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 198.142.0.51 211.29.132.12 198.142.235.14
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B049B388-EC3F-4F08-8105-A4F74514B980}: DhcpNameServer = 198.142.0.51 211.29.132.12 198.142.235.14
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/09/22 16:18:27 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013/09/22 16:14:57 | 001,029,675 | ---- | C] (Thisisu) -- C:\Users\KIEU\Desktop\JRT.exe
[2013/09/22 16:04:52 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2013/09/22 15:27:39 | 004,745,728 | ---- | C] (AVAST Software) -- C:\Users\KIEU\Desktop\aswMBR.exe
[2013/09/20 21:16:09 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\KIEU\Desktop\OTL.exe
[2013/09/12 00:49:24 | 000,526,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013/09/12 00:49:24 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013/09/12 00:49:23 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2013/09/12 00:49:23 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2013/09/12 00:49:23 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2013/09/12 00:49:23 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2013/09/12 00:49:22 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2013/09/12 00:49:22 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2013/09/12 00:49:22 | 000,089,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe
[2013/09/12 00:49:22 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
[2013/09/12 00:49:22 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2013/09/12 00:49:20 | 000,855,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013/09/12 00:49:20 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013/09/12 00:49:20 | 000,603,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013/09/12 00:49:19 | 003,959,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013/09/11 20:37:01 | 000,155,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ataport.sys
[2013/09/11 20:36:59 | 003,968,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2013/09/11 20:36:58 | 005,550,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2013/09/11 20:36:58 | 003,913,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2013/09/11 20:36:58 | 001,732,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntdll.dll
[2013/09/11 20:36:58 | 001,161,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll
[2013/09/11 20:36:58 | 000,424,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll
[2013/09/11 20:36:58 | 000,243,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll
[2013/09/11 20:36:58 | 000,112,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\smss.exe
[2013/09/11 20:36:57 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll
[2013/09/11 20:36:57 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\conhost.exe
[2013/09/11 20:36:57 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll
[2013/09/11 20:36:57 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\csrsrv.dll
[2013/09/11 20:36:57 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll
[2013/09/11 20:36:57 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
[2013/09/11 20:36:57 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll
[2013/09/11 20:36:57 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-security-base-l1-1-0.dll
[2013/09/11 20:36:57 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
[2013/09/11 20:36:57 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l1-1-0.dll
[2013/09/11 20:36:57 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
[2013/09/11 20:36:57 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll
[2013/09/11 20:36:57 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
[2013/09/11 20:36:57 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll
[2013/09/11 20:36:57 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
[2013/09/11 20:36:57 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll
[2013/09/11 20:36:57 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
[2013/09/11 20:36:57 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-synch-l1-1-0.dll
[2013/09/11 20:36:57 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
[2013/09/11 20:36:57 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
[2013/09/11 20:36:57 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll
[2013/09/11 20:36:57 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll
[2013/09/11 20:36:57 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
[2013/09/11 20:36:57 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll
[2013/09/11 20:36:57 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
[2013/09/11 20:36:57 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll
[2013/09/11 20:36:57 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-misc-l1-1-0.dll
[2013/09/11 20:36:57 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
[2013/09/11 20:36:57 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-memory-l1-1-0.dll
[2013/09/11 20:36:57 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
[2013/09/11 20:36:57 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll
[2013/09/11 20:36:57 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
[2013/09/11 20:36:57 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
[2013/09/11 20:36:57 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-heap-l1-1-0.dll
[2013/09/11 20:36:57 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll
[2013/09/11 20:36:57 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-util-l1-1-0.dll
[2013/09/11 20:36:57 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
[2013/09/11 20:36:57 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-string-l1-1-0.dll
[2013/09/11 20:36:57 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
[2013/09/11 20:36:57 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
[2013/09/11 20:36:57 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-profile-l1-1-0.dll
[2013/09/11 20:36:57 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
[2013/09/11 20:36:57 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-io-l1-1-0.dll
[2013/09/11 20:36:57 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll
[2013/09/11 20:36:57 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
[2013/09/11 20:36:57 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-handle-l1-1-0.dll
[2013/09/11 20:36:56 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
[2013/09/11 20:36:56 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
[2013/09/11 20:36:56 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\apisetschema.dll
[2013/09/11 20:36:56 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\apisetschema.dll
[2013/09/11 20:36:56 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
[2013/09/11 20:36:56 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
[2013/09/11 20:36:56 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
[2013/09/11 20:36:56 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localization-l1-1-0.dll
[2013/09/11 20:36:56 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
[2013/09/11 20:36:56 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
[2013/09/11 20:36:56 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
[2013/09/11 20:36:56 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll
[2013/09/11 20:36:56 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
[2013/09/11 20:36:56 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll
[2013/09/11 20:36:56 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
[2013/09/11 20:36:56 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll
[2013/09/11 20:36:56 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
[2013/09/11 20:36:56 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-debug-l1-1-0.dll
[2013/09/11 20:36:56 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
[2013/09/11 20:36:56 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll
[2013/09/11 20:36:56 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
[2013/09/11 20:36:56 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-console-l1-1-0.dll
[2013/09/11 20:36:56 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
[2013/09/11 20:36:32 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\shdocvw.dll
[1 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/09/22 16:27:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/09/22 16:21:15 | 000,013,456 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/09/22 16:21:15 | 000,013,456 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/09/22 16:15:04 | 001,029,675 | ---- | M] (Thisisu) -- C:\Users\KIEU\Desktop\JRT.exe
[2013/09/22 16:10:13 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/09/22 16:09:43 | 1066,803,198 | -HS- | M] () -- C:\hiberfil.sys
[2013/09/22 16:04:27 | 001,039,554 | ---- | M] () -- C:\Users\KIEU\Desktop\AdwCleaner.exe
[2013/09/22 16:03:13 | 000,000,572 | ---- | M] () -- C:\Users\KIEU\Desktop\MBR.zip
[2013/09/22 16:02:38 | 000,000,512 | ---- | M] () -- C:\Users\KIEU\Desktop\MBR.dat
[2013/09/22 15:28:07 | 004,745,728 | ---- | M] (AVAST Software) -- C:\Users\KIEU\Desktop\aswMBR.exe
[2013/09/20 21:16:12 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\KIEU\Desktop\OTL.exe
[2013/09/20 20:46:33 | 000,719,716 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/09/20 20:46:33 | 000,623,882 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/09/20 20:46:33 | 000,108,264 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/09/12 18:48:17 | 000,445,328 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/09/11 22:05:13 | 000,116,618 | ---- | M] () -- C:\Users\KIEU\Documents\002.jpg
[2013/09/11 20:27:39 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013/09/11 20:27:39 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013/09/11 20:27:07 | 009,430,408 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerInstaller.exe
[2013/08/28 00:17:03 | 000,001,815 | ---- | M] () -- C:\Users\Public\Desktop\Vuze.lnk
[2013/08/28 00:17:03 | 000,001,815 | ---- | M] () -- C:\Users\KIEU\Application Data\Microsoft\Internet Explorer\Quick Launch\Vuze.lnk
[1 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/09/22 16:04:06 | 001,039,554 | ---- | C] () -- C:\Users\KIEU\Desktop\AdwCleaner.exe
[2013/09/22 16:03:13 | 000,000,572 | ---- | C] () -- C:\Users\KIEU\Desktop\MBR.zip
[2013/09/22 16:02:38 | 000,000,512 | ---- | C] () -- C:\Users\KIEU\Desktop\MBR.dat
[2013/09/11 22:05:12 | 000,116,618 | ---- | C] () -- C:\Users\KIEU\Documents\002.jpg
[2013/03/13 20:41:05 | 000,000,042 | ---- | C] () -- C:\Users\KIEU\AppData\Roaming\mbam.context.scan
[2013/02/13 23:59:44 | 000,003,584 | ---- | C] () -- C:\Users\KIEU\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/09/27 17:24:35 | 000,062,016 | ---- | C] () -- C:\Windows\SysWow64\drivers\oahlp64.sys
[2012/09/27 17:24:35 | 000,061,632 | ---- | C] () -- C:\Windows\SysWow64\drivers\OADriver.sys
[2011/10/08 19:45:33 | 002,469,760 | ---- | C] () -- C:\Windows\SysWow64\BootMan.exe
[2011/10/08 19:45:33 | 000,086,408 | ---- | C] () -- C:\Windows\SysWow64\setupempdrv03.exe
[2011/10/08 19:45:33 | 000,019,840 | ---- | C] () -- C:\Windows\SysWow64\EuEpmGdi.dll
[2011/10/08 19:45:33 | 000,014,216 | ---- | C] () -- C:\Windows\SysWow64\epmntdrv.sys
[2011/10/08 19:45:33 | 000,008,456 | ---- | C] () -- C:\Windows\SysWow64\EuGdiDrv.sys
[2011/06/18 17:22:46 | 000,001,492 | ---- | C] () -- C:\ProgramData\ss.ini

========== ZeroAccess Check ==========

[2011/11/17 16:41:18 | 000,000,000 | -HSD | M] -- C:\Users\KIEU\AppData\Local\{8b625ada-0bb9-6eb8-4e4a-4e69d036dc8f}\L
[2012/09/25 22:14:01 | 000,000,000 | -HSD | M] -- C:\Users\KIEU\AppData\Local\{8b625ada-0bb9-6eb8-4e4a-4e69d036dc8f}\U
[2009/07/14 14:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"ThreadingModel" = Both
"" = C:\Windows\SysNative\shell32.dll -- [2013/07/26 12:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/07/26 12:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/26 11:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 11:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 22:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 11:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== Alternate Data Streams ==========

@Alternate Data Stream - 105 bytes -> C:\ProgramData\TEMP:5C321E34

< End of report >

Attached Files

MBR.zip 572bytes 231 downloads

#4 OCD

SuperHelper

Malware Team
5,574 posts

Posted 22 September 2013 - 01:49 AM

Hi tahaminey,

TDSSKiller

Please download TDSSKiller.zip - Extract it to your desktop

TDSSKiller.exe
- Windows XP : Double click on the icon to run it.
- Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
Press Start Scan
- Only if Malicious objects are found then ensure Cure is selected
- Then click Continue > Reboot now
Copy and paste the log in your next reply
- A copy of the log will be saved automatically to the root of the drive (typically C:\)

=========================

Run OTL.exe

- Windows XP : Double click on the icon to run it.
- Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"

Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL

:OTL
O3 - HKLM\..\Toolbar: (no name) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No CLSID value found.

Files:
C:\Users\KIEU\AppData\Local\{8b625ada-0bb9-6eb8-4e4a-4e69d036dc8f}

:Commands
[purity]
[createrestorepoint]
[emptyjava]
[emptylash]
[Reboot]

Then click the Run Fix button at the top
Let the program run unhindered, reboot when it is done
Then re-run OTL and post a new OTL log ( don't check the boxes beside LOP Check or Purity this time )

=========================

In your next post please provide the following:
TDSSKiller.txt
Fresh OTL.txt

OCD

Proud Graduate of WTT Classroom
Member of UNITE

Threads will be closed if no response after 5 days

If you are satisfied with the help you have received, please consider making a donation.

#5 tahaminey

Authentic Member

Authentic Member
69 posts

Posted 22 September 2013 - 04:09 AM

Hi OCD,

After running TDSSKiller.exe and rebooting, the black screen happened again. I had difficutly getting back in. Had to restart so many times but after logging in it kept showing a black screen instead of my desktop. I had to go to task manager and end explorer.exe processor and run it again but it only worked after several times. I was about to pull my hair out at one stage staring at the black screen. I'm afraid if I reboot again the same thing will happen. It doesn't load my desktop after login.

I also just noticed that on my deskop there is an icon that says desktop.ini which was never there before. The icon is kind of see-through unlike the other normal icons. I don't know how long it has been there for.

19:03:24.0565 1960 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
19:03:26.0079 1960 ============================================================
19:03:26.0079 1960 Current date / time: 2013/09/22 19:03:26.0079
19:03:26.0079 1960 SystemInfo:
19:03:26.0079 1960
19:03:26.0079 1960 OS Version: 6.1.7601 ServicePack: 1.0
19:03:26.0079 1960 Product type: Workstation
19:03:26.0079 1960 ComputerName: KIEU-PC
19:03:26.0079 1960 UserName: KIEU
19:03:26.0079 1960 Windows directory: C:\Windows
19:03:26.0079 1960 System windows directory: C:\Windows
19:03:26.0079 1960 Running under WOW64
19:03:26.0079 1960 Processor architecture: Intel x64
19:03:26.0079 1960 Number of processors: 8
19:03:26.0079 1960 Page size: 0x1000
19:03:26.0079 1960 Boot type: Normal boot
19:03:26.0079 1960 ============================================================
19:03:33.0386 1960 Drive \Device\Harddisk0\DR0 - Size: 0x15D50F66000 (1397.27 Gb), SectorSize: 0x200, Cylinders: 0x2F509, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000040
19:03:33.0412 1960 ============================================================
19:03:33.0412 1960 \Device\Harddisk0\DR0:
19:03:33.0412 1960 MBR partitions:
19:03:33.0412 1960 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x4E4000
19:03:33.0412 1960 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x7533C0, BlocksNum 0x47DEE440
19:03:33.0428 1960 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x4854183F, BlocksNum 0x2EC8FF51
19:03:33.0441 1960 \Device\Harddisk0\DR0\Partition4: MBR, Type 0x7, StartLBA 0x771D52D8, BlocksNum 0x12E60C68
19:03:33.0452 1960 \Device\Harddisk0\DR0\Partition5: MBR, Type 0x7, StartLBA 0x8A097800, BlocksNum 0x1869F800
19:03:33.0462 1960 \Device\Harddisk0\DR0\Partition6: MBR, Type 0x7, StartLBA 0xA2737800, BlocksNum 0x752F800
19:03:33.0468 1960 \Device\Harddisk0\DR0\Partition7: MBR, Type 0x7, StartLBA 0xA9C67800, BlocksNum 0x4E1F800
19:03:33.0468 1960 ============================================================
19:03:33.0513 1960 N: <-> \Device\Harddisk0\DR0\Partition5
19:03:33.0547 1960 O: <-> \Device\Harddisk0\DR0\Partition6
19:03:33.0616 1960 P: <-> \Device\Harddisk0\DR0\Partition7
19:03:33.0659 1960 M: <-> \Device\Harddisk0\DR0\Partition4
19:03:33.0702 1960 C: <-> \Device\Harddisk0\DR0\Partition2
19:03:33.0717 1960 L: <-> \Device\Harddisk0\DR0\Partition3
19:03:33.0717 1960 ============================================================
19:03:33.0718 1960 Initialize success
19:03:33.0718 1960 ============================================================
19:03:40.0150 5920 ============================================================
19:03:40.0150 5920 Scan started
19:03:40.0150 5920 Mode: Manual;
19:03:40.0150 5920 ============================================================
19:03:40.0671 5920 ================ Scan system memory ========================
19:03:40.0671 5920 System memory - ok
19:03:40.0671 5920 ================ Scan services =============================
19:03:40.0773 5920 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
19:03:40.0775 5920 1394ohci - ok
19:03:40.0814 5920 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
19:03:40.0815 5920 ACPI - ok
19:03:40.0840 5920 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
19:03:40.0842 5920 AcpiPmi - ok
19:03:40.0945 5920 [ 3109B16A0939BA11696EEB04F345D099 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
19:03:40.0946 5920 AdobeFlashPlayerUpdateSvc - ok
19:03:40.0989 5920 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
19:03:40.0994 5920 adp94xx - ok
19:03:41.0023 5920 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
19:03:41.0027 5920 adpahci - ok
19:03:41.0043 5920 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
19:03:41.0046 5920 adpu320 - ok
19:03:41.0063 5920 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
19:03:41.0068 5920 AeLookupSvc - ok
19:03:41.0092 5920 [ 6CCD1135320109D6B219F1A6E04AD9F6 ] Afc C:\Windows\syswow64\drivers\Afc.sys
19:03:41.0092 5920 Afc - ok
19:03:41.0136 5920 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
19:03:41.0138 5920 AFD - ok
19:03:41.0169 5920 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
19:03:41.0171 5920 agp440 - ok
19:03:41.0178 5920 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
19:03:41.0180 5920 ALG - ok
19:03:41.0200 5920 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
19:03:41.0207 5920 aliide - ok
19:03:41.0230 5920 [ A359974EAAC83A435497C52F62A2E590 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
19:03:41.0231 5920 AMD External Events Utility - ok
19:03:41.0248 5920 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
19:03:41.0255 5920 amdide - ok
19:03:41.0282 5920 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
19:03:41.0285 5920 AmdK8 - ok
19:03:41.0441 5920 [ 60216B0E704584DE6D5A9F59E9C34C47 ] amdkmdag C:\Windows\system32\DRIVERS\atikmdag.sys
19:03:41.0560 5920 amdkmdag - ok
19:03:41.0583 5920 [ 6B4E9261B613B047A9A145F328889968 ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys
19:03:41.0585 5920 amdkmdap - ok
19:03:41.0598 5920 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
19:03:41.0600 5920 AmdPPM - ok
19:03:41.0612 5920 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
19:03:41.0614 5920 amdsata - ok
19:03:41.0635 5920 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
19:03:41.0638 5920 amdsbs - ok
19:03:41.0646 5920 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
19:03:41.0646 5920 amdxata - ok
19:03:41.0677 5920 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
19:03:41.0679 5920 AppID - ok
19:03:41.0701 5920 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
19:03:41.0702 5920 AppIDSvc - ok
19:03:41.0738 5920 [ 9D2A2369AB4B08A4905FE72DB104498F ] Appinfo C:\Windows\System32\appinfo.dll
19:03:41.0740 5920 Appinfo - ok
19:03:41.0823 5920 [ 4FE5C6D40664AE07BE5105874357D2ED ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
19:03:41.0824 5920 Apple Mobile Device - ok
19:03:41.0851 5920 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
19:03:41.0853 5920 arc - ok
19:03:41.0863 5920 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
19:03:41.0865 5920 arcsas - ok
19:03:41.0868 5920 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
19:03:41.0869 5920 AsyncMac - ok
19:03:41.0889 5920 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
19:03:41.0889 5920 atapi - ok
19:03:41.0908 5920 [ E02B26650ACC2F4901342D4A66774AD7 ] AtiHDAudioService C:\Windows\system32\drivers\AtihdW76.sys
19:03:41.0909 5920 AtiHDAudioService - ok
19:03:42.0040 5920 [ 60216B0E704584DE6D5A9F59E9C34C47 ] atikmdag C:\Windows\system32\DRIVERS\atikmdag.sys
19:03:42.0078 5920 atikmdag - ok
19:03:42.0125 5920 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
19:03:42.0132 5920 AudioEndpointBuilder - ok
19:03:42.0140 5920 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
19:03:42.0143 5920 AudioSrv - ok
19:03:42.0186 5920 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
19:03:42.0189 5920 AxInstSV - ok
19:03:42.0208 5920 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
19:03:42.0213 5920 b06bdrv - ok
19:03:42.0234 5920 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
19:03:42.0238 5920 b57nd60a - ok
19:03:42.0252 5920 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
19:03:42.0254 5920 BDESVC - ok
19:03:42.0262 5920 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
19:03:42.0263 5920 Beep - ok
19:03:42.0309 5920 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
19:03:42.0316 5920 BFE - ok
19:03:42.0360 5920 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll
19:03:42.0369 5920 BITS - ok
19:03:42.0382 5920 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
19:03:42.0383 5920 blbdrive - ok
19:03:42.0431 5920 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
19:03:42.0433 5920 Bonjour Service - ok
19:03:42.0454 5920 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
19:03:42.0456 5920 bowser - ok
19:03:42.0479 5920 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
19:03:42.0481 5920 BrFiltLo - ok
19:03:42.0499 5920 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
19:03:42.0500 5920 BrFiltUp - ok
19:03:42.0509 5920 [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys
19:03:42.0511 5920 BridgeMP - ok
19:03:42.0544 5920 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
19:03:42.0546 5920 Browser - ok
19:03:42.0558 5920 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
19:03:42.0561 5920 Brserid - ok
19:03:42.0574 5920 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
19:03:42.0575 5920 BrSerWdm - ok
19:03:42.0585 5920 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
19:03:42.0586 5920 BrUsbMdm - ok
19:03:42.0598 5920 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
19:03:42.0599 5920 BrUsbSer - ok
19:03:42.0607 5920 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
19:03:42.0609 5920 BTHMODEM - ok
19:03:42.0622 5920 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
19:03:42.0625 5920 bthserv - ok
19:03:42.0674 5920 [ 1778EBA872274C1226D869CD9486847E ] Capture Device Service C:\Program Files (x86)\Common Files\InterVideo\DeviceService\DevSvc.exe
19:03:42.0675 5920 Capture Device Service - ok
19:03:42.0695 5920 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
19:03:42.0697 5920 cdfs - ok
19:03:42.0736 5920 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\drivers\cdrom.sys
19:03:42.0737 5920 cdrom - ok
19:03:42.0773 5920 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
19:03:42.0776 5920 CertPropSvc - ok
19:03:42.0788 5920 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
19:03:42.0790 5920 circlass - ok
19:03:42.0807 5920 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
19:03:42.0809 5920 CLFS - ok
19:03:42.0869 5920 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
19:03:42.0871 5920 clr_optimization_v2.0.50727_32 - ok
19:03:42.0908 5920 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
19:03:42.0910 5920 clr_optimization_v2.0.50727_64 - ok
19:03:43.0091 5920 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
19:03:43.0092 5920 clr_optimization_v4.0.30319_32 - ok
19:03:43.0185 5920 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
19:03:43.0186 5920 clr_optimization_v4.0.30319_64 - ok
19:03:43.0194 5920 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
19:03:43.0195 5920 CmBatt - ok
19:03:43.0216 5920 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
19:03:43.0230 5920 cmdide - ok
19:03:43.0262 5920 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
19:03:43.0264 5920 CNG - ok
19:03:43.0277 5920 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
19:03:43.0279 5920 Compbatt - ok
19:03:43.0291 5920 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
19:03:43.0292 5920 CompositeBus - ok
19:03:43.0295 5920 COMSysApp - ok
19:03:43.0320 5920 [ 17719A7F571D4CD08223F0B30F71B8B8 ] cpuz134 C:\Windows\system32\drivers\cpuz134_x64.sys
19:03:43.0321 5920 cpuz134 - ok
19:03:43.0346 5920 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
19:03:43.0347 5920 crcdisk - ok
19:03:43.0382 5920 [ 6B400F211BEE880A37A1ED0368776BF4 ] CryptSvc C:\Windows\system32\cryptsvc.dll
19:03:43.0402 5920 CryptSvc - ok
19:03:43.0437 5920 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
19:03:43.0443 5920 DcomLaunch - ok
19:03:43.0465 5920 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
19:03:43.0468 5920 defragsvc - ok
19:03:43.0485 5920 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
19:03:43.0486 5920 DfsC - ok
19:03:43.0509 5920 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
19:03:43.0513 5920 Dhcp - ok
19:03:43.0538 5920 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
19:03:43.0538 5920 discache - ok
19:03:43.0571 5920 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
19:03:43.0571 5920 Disk - ok
19:03:43.0602 5920 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
19:03:43.0604 5920 Dnscache - ok
19:03:43.0638 5920 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
19:03:43.0642 5920 dot3svc - ok
19:03:43.0675 5920 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
19:03:43.0678 5920 DPS - ok
19:03:43.0704 5920 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
19:03:43.0705 5920 drmkaud - ok
19:03:43.0753 5920 [ AF2E16242AA723F68F461B6EAE2EAD3D ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
19:03:43.0758 5920 DXGKrnl - ok
19:03:43.0789 5920 [ 52A482DC61F24B498C8268866B90BB44 ] e1kexpress C:\Windows\system32\DRIVERS\e1k62x64.sys
19:03:43.0793 5920 e1kexpress - ok
19:03:43.0820 5920 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
19:03:43.0823 5920 EapHost - ok
19:03:43.0872 5920 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
19:03:43.0915 5920 ebdrv - ok
19:03:43.0940 5920 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
19:03:43.0941 5920 EFS - ok
19:03:44.0008 5920 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
19:03:44.0015 5920 ehRecvr - ok
19:03:44.0036 5920 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
19:03:44.0038 5920 ehSched - ok
19:03:44.0085 5920 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
19:03:44.0091 5920 elxstor - ok
19:03:44.0128 5920 [ 9EAFB3B3B60B8AD958985152A9309ACA ] epmntdrv C:\Windows\system32\epmntdrv.sys
19:03:44.0138 5920 epmntdrv - ok
19:03:44.0169 5920 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
19:03:44.0170 5920 ErrDev - ok
19:03:44.0212 5920 [ FB949ED2C93C878A189039F3D7730942 ] EuGdiDrv C:\Windows\system32\EuGdiDrv.sys
19:03:44.0221 5920 EuGdiDrv - ok
19:03:44.0239 5920 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
19:03:44.0243 5920 EventSystem - ok
19:03:44.0252 5920 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
19:03:44.0254 5920 exfat - ok
19:03:44.0268 5920 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
19:03:44.0271 5920 fastfat - ok
19:03:44.0291 5920 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
19:03:44.0298 5920 Fax - ok
19:03:44.0306 5920 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
19:03:44.0309 5920 fdc - ok
19:03:44.0320 5920 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
19:03:44.0322 5920 fdPHost - ok
19:03:44.0336 5920 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
19:03:44.0338 5920 FDResPub - ok
19:03:44.0348 5920 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
19:03:44.0349 5920 FileInfo - ok
19:03:44.0359 5920 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
19:03:44.0361 5920 Filetrace - ok
19:03:44.0369 5920 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
19:03:44.0370 5920 flpydisk - ok
19:03:44.0381 5920 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
19:03:44.0382 5920 FltMgr - ok
19:03:44.0424 5920 [ C4C183E6551084039EC862DA1C945E3D ] FontCache C:\Windows\system32\FntCache.dll
19:03:44.0441 5920 FontCache - ok
19:03:44.0490 5920 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
19:03:44.0492 5920 FontCache3.0.0.0 - ok
19:03:44.0506 5920 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
19:03:44.0508 5920 FsDepends - ok
19:03:44.0541 5920 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
19:03:44.0541 5920 Fs_Rec - ok
19:03:44.0572 5920 [ 8F6322049018354F45F05A2FD2D4E5E0 ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
19:03:44.0573 5920 fvevol - ok
19:03:44.0597 5920 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
19:03:44.0600 5920 gagp30kx - ok
19:03:44.0647 5920 [ 8E98D21EE06192492A5671A6144D092F ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
19:03:44.0647 5920 GEARAspiWDM - ok
19:03:44.0705 5920 Giraffic - ok
19:03:44.0722 5920 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
19:03:44.0729 5920 gpsvc - ok
19:03:44.0740 5920 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
19:03:44.0742 5920 hcw85cir - ok
19:03:44.0770 5920 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
19:03:44.0774 5920 HdAudAddService - ok
19:03:44.0795 5920 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
19:03:44.0797 5920 HDAudBus - ok
19:03:44.0825 5920 [ B6AC71AAA2B10848F57FC49D55A651AF ] HECIx64 C:\Windows\system32\DRIVERS\HECIx64.sys
19:03:44.0827 5920 HECIx64 - ok
19:03:44.0834 5920 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
19:03:44.0835 5920 HidBatt - ok
19:03:44.0849 5920 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
19:03:44.0852 5920 HidBth - ok
19:03:44.0866 5920 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
19:03:44.0868 5920 HidIr - ok
19:03:44.0892 5920 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\System32\hidserv.dll
19:03:44.0893 5920 hidserv - ok
19:03:44.0924 5920 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\drivers\hidusb.sys
19:03:44.0925 5920 HidUsb - ok
19:03:44.0955 5920 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
19:03:44.0958 5920 hkmsvc - ok
19:03:44.0993 5920 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
19:03:44.0996 5920 HomeGroupListener - ok
19:03:45.0013 5920 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
19:03:45.0016 5920 HomeGroupProvider - ok
19:03:45.0067 5920 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
19:03:45.0071 5920 HpSAMD - ok
19:03:45.0102 5920 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
19:03:45.0109 5920 HTTP - ok
19:03:45.0139 5920 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
19:03:45.0140 5920 hwpolicy - ok
19:03:45.0153 5920 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
19:03:45.0156 5920 i8042prt - ok
19:03:45.0168 5920 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
19:03:45.0172 5920 iaStorV - ok
19:03:45.0199 5920 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
19:03:45.0209 5920 idsvc - ok
19:03:45.0220 5920 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
19:03:45.0222 5920 iirsp - ok
19:03:45.0243 5920 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
19:03:45.0252 5920 IKEEXT - ok
19:03:45.0257 5920 IntcAzAudAddService - ok
19:03:45.0287 5920 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
19:03:45.0316 5920 intelide - ok
19:03:45.0339 5920 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
19:03:45.0339 5920 intelppm - ok
19:03:45.0361 5920 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
19:03:45.0364 5920 IPBusEnum - ok
19:03:45.0372 5920 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
19:03:45.0374 5920 IpFilterDriver - ok
19:03:45.0407 5920 [ 08C2957BB30058E663720C5606885653 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
19:03:45.0413 5920 iphlpsvc - ok
19:03:45.0428 5920 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
19:03:45.0430 5920 IPMIDRV - ok
19:03:45.0440 5920 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
19:03:45.0442 5920 IPNAT - ok
19:03:45.0507 5920 [ 0FF335D687C85097725A53458160E81E ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
19:03:45.0510 5920 iPod Service - ok
19:03:45.0521 5920 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
19:03:45.0522 5920 IRENUM - ok
19:03:45.0534 5920 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
19:03:45.0536 5920 isapnp - ok
19:03:45.0553 5920 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
19:03:45.0556 5920 iScsiPrt - ok
19:03:45.0574 5920 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\drivers\kbdclass.sys
19:03:45.0574 5920 kbdclass - ok
19:03:45.0586 5920 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
19:03:45.0588 5920 kbdhid - ok
19:03:45.0598 5920 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
19:03:45.0599 5920 KeyIso - ok
19:03:45.0624 5920 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
19:03:45.0625 5920 KSecDD - ok
19:03:45.0650 5920 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
19:03:45.0651 5920 KSecPkg - ok
19:03:45.0660 5920 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
19:03:45.0662 5920 ksthunk - ok
19:03:45.0681 5920 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
19:03:45.0685 5920 KtmRm - ok
19:03:45.0703 5920 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\System32\srvsvc.dll
19:03:45.0706 5920 LanmanServer - ok
19:03:45.0717 5920 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
19:03:45.0721 5920 LanmanWorkstation - ok
19:03:45.0736 5920 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
19:03:45.0737 5920 lltdio - ok
19:03:45.0749 5920 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
19:03:45.0753 5920 lltdsvc - ok
19:03:45.0764 5920 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
19:03:45.0766 5920 lmhosts - ok
19:03:45.0786 5920 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
19:03:45.0789 5920 LSI_FC - ok
19:03:45.0814 5920 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
19:03:45.0816 5920 LSI_SAS - ok
19:03:45.0839 5920 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
19:03:45.0841 5920 LSI_SAS2 - ok
19:03:45.0850 5920 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
19:03:45.0852 5920 LSI_SCSI - ok
19:03:45.0862 5920 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
19:03:45.0863 5920 luafv - ok
19:03:45.0924 5920 [ F96CDD0EDB411C1193C5DD9925C306DB ] Maxtor Sync Service C:\Program Files (x86)\Maxtor\Sync\SyncServices.exe
19:03:45.0925 5920 Maxtor Sync Service - ok
19:03:45.0960 5920 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
19:03:45.0962 5920 Mcx2Svc - ok
19:03:45.0975 5920 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
19:03:45.0977 5920 megasas - ok
19:03:46.0000 5920 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
19:03:46.0003 5920 MegaSR - ok
19:03:46.0045 5920 [ 9547F37D0E899FD71B52B2AFD4437C79 ] MemeoBackgroundService C:\Program Files (x86)\Memeo\AutoBackup\MemeoBackgroundService.exe
19:03:46.0045 5920 MemeoBackgroundService - ok
19:03:46.0063 5920 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
19:03:46.0067 5920 MMCSS - ok
19:03:46.0082 5920 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
19:03:46.0084 5920 Modem - ok
19:03:46.0093 5920 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
19:03:46.0094 5920 monitor - ok
19:03:46.0121 5920 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\drivers\mouclass.sys
19:03:46.0121 5920 mouclass - ok
19:03:46.0145 5920 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
19:03:46.0147 5920 mouhid - ok
19:03:46.0174 5920 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
19:03:46.0175 5920 mountmgr - ok
19:03:46.0218 5920 [ A35576A433F4AEB0D48976A004657CB6 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
19:03:46.0288 5920 MozillaMaintenance - ok
19:03:46.0336 5920 [ F8A10560B35C66F9DE212F03DAD5BFA7 ] MpFilter C:\Windows\system32\DRIVERS\MpFilter.sys
19:03:46.0337 5920 MpFilter - ok
19:03:46.0361 5920 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
19:03:46.0363 5920 mpio - ok
19:03:46.0378 5920 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
19:03:46.0380 5920 mpsdrv - ok
19:03:46.0419 5920 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
19:03:46.0427 5920 MpsSvc - ok
19:03:46.0456 5920 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
19:03:46.0458 5920 MRxDAV - ok
19:03:46.0494 5920 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
19:03:46.0497 5920 mrxsmb - ok
19:03:46.0520 5920 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
19:03:46.0524 5920 mrxsmb10 - ok
19:03:46.0539 5920 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
19:03:46.0541 5920 mrxsmb20 - ok
19:03:46.0563 5920 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
19:03:46.0570 5920 msahci - ok
19:03:46.0581 5920 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
19:03:46.0583 5920 msdsm - ok
19:03:46.0594 5920 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
19:03:46.0597 5920 MSDTC - ok
19:03:46.0612 5920 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
19:03:46.0613 5920 Msfs - ok
19:03:46.0623 5920 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
19:03:46.0625 5920 mshidkmdf - ok
19:03:46.0657 5920 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
19:03:46.0658 5920 msisadrv - ok
19:03:46.0696 5920 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
19:03:46.0699 5920 MSiSCSI - ok
19:03:46.0702 5920 msiserver - ok
19:03:46.0715 5920 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
19:03:46.0716 5920 MSKSSRV - ok
19:03:46.0764 5920 [ E07DEC52FF801841BA9B6878A60304FB ] MsMpSvc C:\Program Files\Microsoft Security Client\MsMpEng.exe
19:03:46.0765 5920 MsMpSvc - ok
19:03:46.0774 5920 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
19:03:46.0775 5920 MSPCLOCK - ok
19:03:46.0785 5920 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
19:03:46.0787 5920 MSPQM - ok
19:03:46.0822 5920 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
19:03:46.0826 5920 MsRPC - ok
19:03:46.0836 5920 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
19:03:46.0836 5920 mssmbios - ok
19:03:46.0850 5920 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
19:03:46.0852 5920 MSTEE - ok
19:03:46.0861 5920 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
19:03:46.0863 5920 MTConfig - ok
19:03:46.0871 5920 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
19:03:46.0872 5920 Mup - ok
19:03:46.0908 5920 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
19:03:46.0913 5920 napagent - ok
19:03:46.0939 5920 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
19:03:46.0942 5920 NativeWifiP - ok
19:03:47.0029 5920 [ 3BAE2BFCB6D69E19C8373F635DD544DC ] NBService C:\Program Files (x86)\Nero\Nero 7\Nero BackItUp\NBService.exe
19:03:47.0037 5920 NBService - ok
19:03:47.0089 5920 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
19:03:47.0094 5920 NDIS - ok
19:03:47.0109 5920 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
19:03:47.0111 5920 NdisCap - ok
19:03:47.0126 5920 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
19:03:47.0127 5920 NdisTapi - ok
19:03:47.0155 5920 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
19:03:47.0157 5920 Ndisuio - ok
19:03:47.0186 5920 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
19:03:47.0188 5920 NdisWan - ok
19:03:47.0223 5920 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
19:03:47.0225 5920 NDProxy - ok
19:03:47.0282 5920 [ B90E093E7A7250906F1054418B5339C0 ] Nero BackItUp Scheduler 4.0 C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
19:03:47.0287 5920 Nero BackItUp Scheduler 4.0 - ok
19:03:47.0295 5920 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
19:03:47.0295 5920 NetBIOS - ok
19:03:47.0306 5920 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
19:03:47.0308 5920 NetBT - ok
19:03:47.0322 5920 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
19:03:47.0323 5920 Netlogon - ok
19:03:47.0355 5920 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
19:03:47.0359 5920 Netman - ok
19:03:47.0372 5920 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
19:03:47.0377 5920 netprofm - ok
19:03:47.0405 5920 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
19:03:47.0407 5920 NetTcpPortSharing - ok
19:03:47.0431 5920 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
19:03:47.0433 5920 nfrd960 - ok
19:03:47.0464 5920 [ 162100E0BC8377710F9D170631921C03 ] NisDrv C:\Windows\system32\DRIVERS\NisDrvWFP.sys
19:03:47.0465 5920 NisDrv - ok
19:03:47.0482 5920 [ C6E15F2F95F9C0A6098D43510B604E52 ] NisSrv C:\Program Files\Microsoft Security Client\NisSrv.exe
19:03:47.0486 5920 NisSrv - ok
19:03:47.0518 5920 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\Windows\System32\nlasvc.dll
19:03:47.0522 5920 NlaSvc - ok
19:03:47.0591 5920 [ 193FA51DDDD0BFFDED1C340F0434999A ] NMIndexingService C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe
19:03:47.0593 5920 NMIndexingService - ok
19:03:47.0633 5920 [ EB900C136E660A8DEB657BE134C3BCD9 ] nosGetPlusHelper C:\Program Files (x86)\NOS\bin\getPlus_Helper_3004.dll
19:03:47.0635 5920 nosGetPlusHelper - ok
19:03:47.0650 5920 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
19:03:47.0652 5920 Npfs - ok
19:03:47.0663 5920 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
19:03:47.0665 5920 nsi - ok
19:03:47.0675 5920 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
19:03:47.0675 5920 nsiproxy - ok
19:03:47.0726 5920 [ B98F8C6E31CD07B2E6F71F7F648E38C0 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
19:03:47.0751 5920 Ntfs - ok
19:03:47.0759 5920 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
19:03:47.0760 5920 Null - ok
19:03:47.0794 5920 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
19:03:47.0799 5920 nvraid - ok
19:03:47.0810 5920 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
19:03:47.0812 5920 nvstor - ok
19:03:47.0828 5920 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
19:03:47.0831 5920 nv_agp - ok
19:03:47.0874 5920 [ 1A008CBB313F7A6644B883AE1829393B ] OAcat C:\Program Files (x86)\Online Armor\OAcat.exe
19:03:48.0657 5920 OAcat - ok
19:03:48.0723 5920 [ 2C0A8F6920C65C81D9B7B0508D0428CC ] OADevice C:\Windows\SysWow64\Drivers\OADriver.sys
19:03:48.0737 5920 OADevice - ok
19:03:48.0762 5920 [ 677E8520C5F50F7067E44F4A4112A5D8 ] oahlpXX C:\Windows\syswow64\drivers\oahlp64.sys
19:03:48.0779 5920 oahlpXX - ok
19:03:48.0794 5920 [ 8E4A0034285BCAAB359B167C5390DAD6 ] OAmon C:\Windows\SysWOW64\Drivers\OAmon.sys
19:03:48.0804 5920 OAmon - ok
19:03:48.0830 5920 [ 4BFB280CEB67AFA806B7F8A606CCC06D ] OAnet C:\Windows\system32\DRIVERS\oanet.sys
19:03:48.0838 5920 OAnet - ok
19:03:48.0874 5920 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
19:03:48.0876 5920 ohci1394 - ok
19:03:48.0900 5920 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
19:03:48.0904 5920 p2pimsvc - ok
19:03:48.0921 5920 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
19:03:48.0926 5920 p2psvc - ok
19:03:48.0956 5920 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
19:03:48.0958 5920 Parport - ok
19:03:48.0983 5920 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
19:03:48.0984 5920 partmgr - ok
19:03:49.0001 5920 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
19:03:49.0004 5920 PcaSvc - ok
19:03:49.0051 5920 [ BC0018C2D29F655188A0ED3FA94FDB24 ] pccsmcfd C:\Windows\system32\DRIVERS\pccsmcfdx64.sys
19:03:49.0056 5920 pccsmcfd - ok
19:03:49.0074 5920 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
19:03:49.0076 5920 pci - ok
19:03:49.0100 5920 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
19:03:49.0117 5920 pciide - ok
19:03:49.0149 5920 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
19:03:49.0152 5920 pcmcia - ok
19:03:49.0178 5920 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
19:03:49.0179 5920 pcw - ok
19:03:49.0195 5920 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
19:03:49.0199 5920 PEAUTH - ok
19:03:49.0222 5920 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
19:03:49.0225 5920 PerfHost - ok
19:03:49.0280 5920 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
19:03:49.0305 5920 pla - ok
19:03:49.0332 5920 [ 875E4E0661F3A5994DF9E5E3A0A4F96B ] PLFlash DeviceIoControl Service C:\Windows\SysWOW64\IoctlSvc.exe
19:03:49.0333 5920 PLFlash DeviceIoControl Service - ok
19:03:49.0361 5920 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
19:03:49.0366 5920 PlugPlay - ok
19:03:49.0379 5920 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
19:03:49.0381 5920 PNRPAutoReg - ok
19:03:49.0400 5920 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
19:03:49.0402 5920 PNRPsvc - ok
19:03:49.0415 5920 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
19:03:49.0420 5920 PolicyAgent - ok
19:03:49.0453 5920 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
19:03:49.0457 5920 Power - ok
19:03:49.0498 5920 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
19:03:49.0500 5920 PptpMiniport - ok
19:03:49.0509 5920 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
19:03:49.0511 5920 Processor - ok
19:03:49.0550 5920 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
19:03:49.0553 5920 ProfSvc - ok
19:03:49.0563 5920 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
19:03:49.0563 5920 ProtectedStorage - ok
19:03:49.0597 5920 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
19:03:49.0597 5920 Psched - ok
19:03:49.0646 5920 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
19:03:49.0672 5920 ql2300 - ok
19:03:49.0695 5920 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
19:03:49.0697 5920 ql40xx - ok
19:03:49.0717 5920 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
19:03:49.0720 5920 QWAVE - ok
19:03:49.0741 5920 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
19:03:49.0742 5920 QWAVEdrv - ok
19:03:49.0750 5920 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
19:03:49.0751 5920 RasAcd - ok
19:03:49.0764 5920 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
19:03:49.0766 5920 RasAgileVpn - ok
19:03:49.0784 5920 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
19:03:49.0787 5920 RasAuto - ok
19:03:49.0805 5920 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
19:03:49.0807 5920 Rasl2tp - ok
19:03:49.0821 5920 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
19:03:49.0826 5920 RasMan - ok
19:03:49.0836 5920 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
19:03:49.0838 5920 RasPppoe - ok
19:03:49.0848 5920 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
19:03:49.0850 5920 RasSstp - ok
19:03:49.0861 5920 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
19:03:49.0863 5920 rdbss - ok
19:03:49.0874 5920 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
19:03:49.0876 5920 rdpbus - ok
19:03:49.0888 5920 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
19:03:49.0889 5920 RDPCDD - ok
19:03:49.0900 5920 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
19:03:49.0900 5920 RDPENCDD - ok
19:03:49.0911 5920 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
19:03:49.0912 5920 RDPREFMP - ok
19:03:49.0945 5920 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
19:03:49.0948 5920 RDPWD - ok
19:03:49.0982 5920 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
19:03:49.0983 5920 rdyboost - ok
19:03:50.0013 5920 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
19:03:50.0016 5920 RemoteAccess - ok
19:03:50.0029 5920 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
19:03:50.0032 5920 RemoteRegistry - ok
19:03:50.0063 5920 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
19:03:50.0067 5920 RpcEptMapper - ok
19:03:50.0082 5920 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
19:03:50.0085 5920 RpcLocator - ok
19:03:50.0126 5920 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\System32\rpcss.dll
19:03:50.0129 5920 RpcSs - ok
19:03:50.0143 5920 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
19:03:50.0144 5920 rspndr - ok
19:03:50.0176 5920 [ EE082E06A82FF630351D1E0EBBD3D8D0 ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys
19:03:50.0179 5920 RTL8167 - ok
19:03:50.0187 5920 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
19:03:50.0188 5920 SamSs - ok
19:03:50.0224 5920 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
19:03:50.0226 5920 sbp2port - ok
19:03:50.0281 5920 [ 794D4B48DFB6E999537C7C3947863463 ] SBSDWSCService C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
19:03:50.0286 5920 SBSDWSCService - ok
19:03:50.0299 5920 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
19:03:50.0303 5920 SCardSvr - ok
19:03:50.0329 5920 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
19:03:50.0330 5920 scfilter - ok
19:03:50.0375 5920 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
19:03:50.0392 5920 Schedule - ok
19:03:50.0428 5920 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
19:03:50.0428 5920 SCPolicySvc - ok
19:03:50.0462 5920 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
19:03:50.0465 5920 SDRSVC - ok
19:03:50.0509 5920 [ B29A858AAF869DA38E02278F91512C07 ] SeagateDashboardService C:\Program Files (x86)\Seagate\Seagate Dashboard\SeagateDashboardService.exe
19:03:50.0510 5920 SeagateDashboardService - ok
19:03:50.0528 5920 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
19:03:50.0530 5920 secdrv - ok
19:03:50.0562 5920 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
19:03:50.0564 5920 seclogon - ok
19:03:50.0577 5920 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\system32\sens.dll
19:03:50.0580 5920 SENS - ok
19:03:50.0599 5920 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
19:03:50.0601 5920 SensrSvc - ok
19:03:50.0635 5920 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
19:03:50.0637 5920 Serenum - ok
19:03:50.0649 5920 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
19:03:50.0651 5920 Serial - ok
19:03:50.0682 5920 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
19:03:50.0684 5920 sermouse - ok
19:03:50.0727 5920 [ 3EC8DE67B1C78C31E54C0F030E6BD7D5 ] ServiceLayer C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
19:03:50.0733 5920 ServiceLayer - ok
19:03:50.0778 5920 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
19:03:50.0782 5920 SessionEnv - ok
19:03:50.0812 5920 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
19:03:50.0813 5920 sffdisk - ok
19:03:50.0833 5920 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
19:03:50.0834 5920 sffp_mmc - ok
19:03:50.0847 5920 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
19:03:50.0848 5920 sffp_sd - ok
19:03:50.0863 5920 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
19:03:50.0864 5920 sfloppy - ok
19:03:50.0893 5920 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
19:03:50.0897 5920 SharedAccess - ok
19:03:50.0914 5920 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
19:03:50.0919 5920 ShellHWDetection - ok
19:03:50.0950 5920 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
19:03:50.0952 5920 SiSRaid2 - ok
19:03:50.0979 5920 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
19:03:50.0981 5920 SiSRaid4 - ok
19:03:50.0998 5920 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
19:03:51.0001 5920 Smb - ok
19:03:51.0022 5920 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
19:03:51.0025 5920 SNMPTRAP - ok
19:03:51.0074 5920 [ 5F9785E7535F8F602CB294A54962C9E7 ] speedfan C:\Windows\syswow64\speedfan.sys
19:03:51.0082 5920 speedfan - ok
19:03:51.0093 5920 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
19:03:51.0094 5920 spldr - ok
19:03:51.0124 5920 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
19:03:51.0128 5920 Spooler - ok
19:03:51.0204 5920 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
19:03:51.0220 5920 sppsvc - ok
19:03:51.0246 5920 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
19:03:51.0251 5920 sppuinotify - ok
19:03:51.0293 5920 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
19:03:51.0298 5920 srv - ok
19:03:51.0311 5920 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
19:03:51.0315 5920 srv2 - ok
19:03:51.0332 5920 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
19:03:51.0334 5920 srvnet - ok
19:03:51.0355 5920 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
19:03:51.0358 5920 SSDPSRV - ok
19:03:51.0387 5920 [ 97B88E0CE2D76A68A6EE4EEF12E9E910 ] sssdbus C:\Windows\system32\DRIVERS\sssdbus.sys
19:03:51.0390 5920 sssdbus - ok
19:03:51.0423 5920 [ DB3D0DD45D24F6D366EAE6E72CC62E79 ] sssdmdfl C:\Windows\system32\DRIVERS\sssdmdfl.sys
19:03:51.0424 5920 sssdmdfl - ok
19:03:51.0443 5920 [ 8012979C9C0D320CDF41488AE4300AAA ] sssdmdm C:\Windows\system32\DRIVERS\sssdmdm.sys
19:03:51.0446 5920 sssdmdm - ok
19:03:51.0456 5920 [ 88A005DABDBB639EF0D9A434BE11F600 ] sssdmgmt C:\Windows\system32\DRIVERS\sssdmgmt.sys
19:03:51.0457 5920 sssdmgmt - ok
19:03:51.0470 5920 [ 5E48522DE9672A36DCEFD4505AEBA010 ] sssdobex C:\Windows\system32\DRIVERS\sssdobex.sys
19:03:51.0472 5920 sssdobex - ok
19:03:51.0490 5920 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
19:03:51.0493 5920 SstpSvc - ok
19:03:51.0504 5920 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
19:03:51.0506 5920 stexstor - ok
19:03:51.0556 5920 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
19:03:51.0563 5920 stisvc - ok
19:03:51.0646 5920 [ A54B4FBC24C4EDE34BEB5F8D8974752A ] SvcOnlineArmor C:\Program Files (x86)\Online Armor\oasrv.exe
19:03:55.0373 5920 SvcOnlineArmor - ok
19:03:55.0400 5920 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
19:03:55.0400 5920 swenum - ok
19:03:55.0442 5920 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
19:03:55.0448 5920 swprv - ok
19:03:55.0501 5920 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
19:03:55.0527 5920 SysMain - ok
19:03:55.0556 5920 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
19:03:55.0559 5920 TabletInputService - ok
19:03:55.0592 5920 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
19:03:55.0597 5920 TapiSrv - ok
19:03:55.0610 5920 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
19:03:55.0613 5920 TBS - ok
19:03:55.0664 5920 [ DB74544B75566C974815E79A62433F29 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
19:03:55.0672 5920 Tcpip - ok
19:03:55.0714 5920 [ DB74544B75566C974815E79A62433F29 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
19:03:55.0722 5920 TCPIP6 - ok
19:03:55.0749 5920 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
19:03:55.0749 5920 tcpipreg - ok
19:03:55.0766 5920 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
19:03:55.0767 5920 TDPIPE - ok
19:03:55.0794 5920 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
19:03:55.0795 5920 TDTCP - ok
19:03:55.0839 5920 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
19:03:55.0840 5920 tdx - ok
19:03:55.0853 5920 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
19:03:55.0853 5920 TermDD - ok
19:03:55.0879 5920 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
19:03:55.0886 5920 TermService - ok
19:03:55.0901 5920 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
19:03:55.0904 5920 Themes - ok
19:03:55.0931 5920 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
19:03:55.0933 5920 THREADORDER - ok
19:03:55.0951 5920 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
19:03:55.0954 5920 TrkWks - ok
19:03:55.0985 5920 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
19:03:55.0988 5920 TrustedInstaller - ok
19:03:56.0024 5920 [ 4CE278FC9671BA81A138D70823FCAA09 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
19:03:56.0032 5920 tssecsrv - ok
19:03:56.0052 5920 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
19:03:56.0061 5920 TsUsbFlt - ok
19:03:56.0112 5920 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
19:03:56.0114 5920 tunnel - ok
19:03:56.0140 5920 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
19:03:56.0142 5920 uagp35 - ok
19:03:56.0158 5920 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
19:03:56.0162 5920 udfs - ok
19:03:56.0187 5920 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
19:03:56.0191 5920 UI0Detect - ok
19:03:56.0206 5920 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
19:03:56.0208 5920 uliagpkx - ok
19:03:56.0240 5920 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\drivers\umbus.sys
19:03:56.0242 5920 umbus - ok
19:03:56.0266 5920 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
19:03:56.0268 5920 UmPass - ok
19:03:56.0283 5920 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
19:03:56.0288 5920 upnphost - ok
19:03:56.0324 5920 [ 3CB4B7D5CB10A925BCBD5AB7046AB8AB ] USB28xxBGA C:\Windows\system32\DRIVERS\emBDA64.sys
19:03:56.0331 5920 USB28xxBGA - ok
19:03:56.0352 5920 [ 1124A9445C5835CB40C0099E6C3FA2C2 ] USB28xxOEM C:\Windows\system32\DRIVERS\emOEM64.sys
19:03:56.0359 5920 USB28xxOEM - ok
19:03:56.0402 5920 [ C9E9D59C0099A9FF51697E9306A44240 ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys
19:03:56.0404 5920 USBAAPL64 - ok
19:03:56.0414 5920 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
19:03:56.0416 5920 usbccgp - ok
19:03:56.0446 5920 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
19:03:56.0448 5920 usbcir - ok
19:03:56.0460 5920 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
19:03:56.0462 5920 usbehci - ok
19:03:56.0474 5920 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
19:03:56.0477 5920 usbhub - ok
19:03:56.0489 5920 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys
19:03:56.0491 5920 usbohci - ok
19:03:56.0514 5920 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
19:03:56.0516 5920 usbprint - ok
19:03:56.0527 5920 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
19:03:56.0537 5920 USBSTOR - ok
19:03:56.0549 5920 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
19:03:56.0550 5920 usbuhci - ok
19:03:56.0561 5920 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
19:03:56.0564 5920 UxSms - ok
19:03:56.0575 5920 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
19:03:56.0576 5920 VaultSvc - ok
19:03:56.0583 5920 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
19:03:56.0583 5920 vdrvroot - ok
19:03:56.0616 5920 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
19:03:56.0622 5920 vds - ok
19:03:56.0649 5920 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
19:03:56.0651 5920 vga - ok
19:03:56.0666 5920 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
19:03:56.0666 5920 VgaSave - ok
19:03:56.0680 5920 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
19:03:56.0683 5920 vhdmp - ok
19:03:56.0711 5920 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
19:03:56.0718 5920 viaide - ok
19:03:56.0751 5920 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
19:03:56.0752 5920 volmgr - ok
19:03:56.0793 5920 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
19:03:56.0795 5920 volmgrx - ok
19:03:56.0806 5920 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
19:03:56.0808 5920 volsnap - ok
19:03:56.0831 5920 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
19:03:56.0834 5920 vsmraid - ok
19:03:56.0866 5920 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
19:03:56.0892 5920 VSS - ok
19:03:56.0911 5920 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
19:03:56.0912 5920 vwifibus - ok
19:03:56.0937 5920 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
19:03:56.0942 5920 W32Time - ok
19:03:56.0976 5920 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
19:03:56.0978 5920 WacomPen - ok
19:03:56.0999 5920 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
19:03:57.0000 5920 WANARP - ok
19:03:57.0007 5920 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
19:03:57.0008 5920 Wanarpv6 - ok
19:03:57.0047 5920 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
19:03:57.0079 5920 WatAdminSvc - ok
19:03:57.0110 5920 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
19:03:57.0136 5920 wbengine - ok
19:03:57.0155 5920 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
19:03:57.0159 5920 WbioSrvc - ok
19:03:57.0181 5920 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
19:03:57.0186 5920 wcncsvc - ok
19:03:57.0203 5920 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
19:03:57.0206 5920 WcsPlugInService - ok
19:03:57.0218 5920 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
19:03:57.0220 5920 Wd - ok
19:03:57.0253 5920 [ A3D04EBF5227886029B4532F20D026F7 ] WDC_SAM C:\Windows\system32\DRIVERS\wdcsam64.sys
19:03:57.0255 5920 WDC_SAM - ok
19:03:57.0317 5920 [ FA24FBE15A8036387ECC013D06094F3D ] WDDMService C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
19:03:57.0326 5920 WDDMService - ok
19:03:57.0373 5920 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
19:03:57.0376 5920 Wdf01000 - ok
19:03:57.0393 5920 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
19:03:57.0396 5920 WdiServiceHost - ok
19:03:57.0402 5920 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
19:03:57.0404 5920 WdiSystemHost - ok
19:03:57.0440 5920 [ 138AB06ADBBF300AA804D7974A5AEC82 ] WDSmartWareBackgroundService C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe
19:03:57.0458 5920 WDSmartWareBackgroundService - ok
19:03:57.0480 5920 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
19:03:57.0484 5920 WebClient - ok
19:03:57.0509 5920 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
19:03:57.0513 5920 Wecsvc - ok
19:03:57.0528 5920 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
19:03:57.0531 5920 wercplsupport - ok
19:03:57.0545 5920 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
19:03:57.0548 5920 WerSvc - ok
19:03:57.0562 5920 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
19:03:57.0562 5920 WfpLwf - ok
19:03:57.0578 5920 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
19:03:57.0579 5920 WIMMount - ok
19:03:57.0599 5920 WinDefend - ok
19:03:57.0617 5920 WinHttpAutoProxySvc - ok
19:03:57.0673 5920 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
19:03:57.0676 5920 Winmgmt - ok
19:03:57.0732 5920 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
19:03:57.0766 5920 WinRM - ok
19:03:57.0817 5920 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
19:03:57.0819 5920 WinUsb - ok
19:03:57.0847 5920 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
19:03:57.0858 5920 Wlansvc - ok
19:03:57.0886 5920 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
19:03:57.0887 5920 WmiAcpi - ok
19:03:57.0921 5920 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
19:03:57.0924 5920 wmiApSrv - ok
19:03:57.0943 5920 WMPNetworkSvc - ok
19:03:57.0953 5920 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
19:03:57.0956 5920 WPCSvc - ok
19:03:57.0990 5920 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
19:03:57.0993 5920 WPDBusEnum - ok
19:03:58.0002 5920 WPRO_40_1340 - ok
19:03:58.0017 5920 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
19:03:58.0017 5920 ws2ifsl - ok
19:03:58.0045 5920 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\system32\wscsvc.dll
19:03:58.0049 5920 wscsvc - ok
19:03:58.0062 5920 WSearch - ok
19:03:58.0125 5920 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
19:03:58.0159 5920 wuauserv - ok
19:03:58.0197 5920 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
19:03:58.0199 5920 WudfPf - ok
19:03:58.0215 5920 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
19:03:58.0218 5920 WUDFRd - ok
19:03:58.0236 5920 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
19:03:58.0240 5920 wudfsvc - ok
19:03:58.0274 5920 [ FE90B750AB808FB9DD8FBB428B5FF83B ] WwanSvc C:\Windows\System32\wwansvc.dll
19:03:58.0278 5920 WwanSvc - ok
19:03:58.0298 5920 ================ Scan global ===============================
19:03:58.0307 5920 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
19:03:58.0330 5920 [ 88EDD0B34EED542745931E581AD21A32 ] C:\Windows\system32\winsrv.dll
19:03:58.0351 5920 [ 88EDD0B34EED542745931E581AD21A32 ] C:\Windows\system32\winsrv.dll
19:03:58.0371 5920 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
19:03:58.0395 5920 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
19:03:58.0398 5920 [Global] - ok
19:03:58.0398 5920 ================ Scan MBR ==================================
19:03:58.0403 5920 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
19:03:58.0550 5920 \Device\Harddisk0\DR0 - ok
19:03:58.0551 5920 ================ Scan VBR ==================================
19:03:58.0553 5920 [ 992965DDC1BC2145C9732B29CC6C81B1 ] \Device\Harddisk0\DR0\Partition1
19:03:58.0556 5920 \Device\Harddisk0\DR0\Partition1 - ok
19:03:58.0573 5920 [ B9D94AB3F60FFA649FD71AE9EDD2451E ] \Device\Harddisk0\DR0\Partition2
19:03:58.0575 5920 \Device\Harddisk0\DR0\Partition2 - ok
19:03:58.0595 5920 [ 4A1F87A3D5ED67CE61AC5D9F7C0F9C2B ] \Device\Harddisk0\DR0\Partition3
19:03:58.0597 5920 \Device\Harddisk0\DR0\Partition3 - ok
19:03:58.0617 5920 [ AE4418BB79F424250C3C7A7260A58C43 ] \Device\Harddisk0\DR0\Partition4
19:03:58.0619 5920 \Device\Harddisk0\DR0\Partition4 - ok
19:03:58.0636 5920 [ 9AD2D85A24000C31DF5E753E7D8F90DE ] \Device\Harddisk0\DR0\Partition5
19:03:58.0638 5920 \Device\Harddisk0\DR0\Partition5 - ok
19:03:58.0654 5920 [ 51297C7B05FE38BE15D77CAA63141B46 ] \Device\Harddisk0\DR0\Partition6
19:03:58.0656 5920 \Device\Harddisk0\DR0\Partition6 - ok
19:03:58.0669 5920 [ 2539B57E942EC1D3EC89729238EFE64C ] \Device\Harddisk0\DR0\Partition7
19:03:58.0671 5920 \Device\Harddisk0\DR0\Partition7 - ok
19:03:58.0671 5920 ============================================================
19:03:58.0671 5920 Scan finished
19:03:58.0671 5920 ============================================================
19:03:58.0677 3964 Detected object count: 0
19:03:58.0677 3964 Actual detected object count: 0
19:04:40.0534 3976 Deinitialize success

OTL logfile created on: 9/22/2013 7:54:44 PM - Run 3
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\KIEU\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16686)
Locale: 00000409 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

11.99 Gb Total Physical Memory | 10.12 Gb Available Physical Memory | 84.42% Memory free
23.98 Gb Paging File | 21.91 Gb Available in Paging File | 91.37% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 574.97 Gb Total Space | 192.18 Gb Free Space | 33.42% Space Free | Partition Type: NTFS
Drive I: | 2794.51 Gb Total Space | 586.86 Gb Free Space | 21.00% Space Free | Partition Type: NTFS
Drive J: | 644.12 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: UDF
Drive K: | 1396.61 Gb Total Space | 58.41 Gb Free Space | 4.18% Space Free | Partition Type: NTFS
Drive L: | 374.28 Gb Total Space | 41.87 Gb Free Space | 11.19% Space Free | Partition Type: NTFS
Drive M: | 151.19 Gb Total Space | 17.25 Gb Free Space | 11.41% Space Free | Partition Type: NTFS
Drive N: | 195.31 Gb Total Space | 62.48 Gb Free Space | 31.99% Space Free | Partition Type: NTFS
Drive O: | 58.59 Gb Total Space | 11.22 Gb Free Space | 19.14% Space Free | Partition Type: NTFS
Drive P: | 39.06 Gb Total Space | 6.77 Gb Free Space | 17.33% Space Free | Partition Type: NTFS

Computer Name: KIEU-PC | User Name: KIEU | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\KIEU\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Giraffic\Veoh_GirafficWatchdog.exe (Giraffic)
PRC - C:\Program Files (x86)\Giraffic\Veoh_Giraffic.exe (Giraffic)
PRC - C:\Program Files (x86)\QuickTime Alternative\QTTask.exe (Apple Inc.)
PRC - C:\Program Files (x86)\Online Armor\oaui.exe (Emsisoft GmbH)
PRC - C:\Program Files (x86)\Online Armor\OAsrv.exe (Emsisoft GmbH)
PRC - C:\Program Files (x86)\Online Armor\oahlp.exe (Emsisoft GmbH)
PRC - C:\Program Files (x86)\Online Armor\oacat.exe (Emsisoft GmbH)
PRC - C:\Program Files (x86)\Seagate\Seagate Dashboard\SeagateDashboardService.exe (Memeo)
PRC - C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
PRC - C:\Program Files (x86)\GridService\peer.exe (FS2YOU)
PRC - C:\Program Files (x86)\Maxtor\Sync\SyncServices.exe (Seagate Technology LLC)
PRC - C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexStoreSvr.exe (Nero AG)
PRC - C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)
PRC - C:\Program Files (x86)\Common Files\InterVideo\DeviceService\DevSvc.exe (InterVideo Inc.)
PRC - C:\Windows\SysWOW64\IoctlSvc.exe (Prolific Technology Inc.)

========== Modules (No Company Name) ==========

MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll ()

========== Services (SafeList) ==========

SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:64bit: - (NisSrv) -- C:\Program Files\Microsoft Security Client\NisSrv.exe (Microsoft Corporation)
SRV:64bit: - (MsMpSvc) -- C:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (WDDMService) -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe (WDC)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (Giraffic) -- C:\Program Files (x86)\Giraffic\Veoh_GirafficWatchdog.exe (Giraffic)
SRV - (SvcOnlineArmor) -- C:\Program Files (x86)\Online Armor\OAsrv.exe (Emsisoft GmbH)
SRV - (OAcat) -- C:\Program Files (x86)\Online Armor\oacat.exe (Emsisoft GmbH)
SRV - (nosGetPlusHelper) -- C:\Program Files (x86)\NOS\bin\getPlus_Helper_3004.dll (NOS Microsystems Ltd.)
SRV - (SeagateDashboardService) -- C:\Program Files (x86)\Seagate\Seagate Dashboard\SeagateDashboardService.exe (Memeo)
SRV - (MemeoBackgroundService) -- C:\Program Files (x86)\Memeo\AutoBackup\MemeoBackgroundService.exe (Memeo)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (Nero BackItUp Scheduler 4.0) -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG)
SRV - (WDSmartWareBackgroundService) -- C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe (Memeo)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (ServiceLayer) -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe (Nokia.)
SRV - (Maxtor Sync Service) -- C:\Program Files (x86)\Maxtor\Sync\SyncServices.exe (Seagate Technology LLC)
SRV - (Capture Device Service) -- C:\Program Files (x86)\Common Files\InterVideo\DeviceService\DevSvc.exe (InterVideo Inc.)
SRV - (PLFlash DeviceIoControl Service) -- C:\Windows\SysWOW64\IoctlSvc.exe (Prolific Technology Inc.)

========== Driver Services (SafeList) ==========

DRV:64bit: - (NisDrv) -- C:\Windows\SysNative\drivers\NisDrvWFP.sys (Microsoft Corporation)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (OAnet) -- C:\Windows\SysNative\drivers\OAnet.sys (Emsisoft)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (epmntdrv) -- C:\Windows\SysNative\epmntdrv.sys ()
DRV:64bit: - (EuGdiDrv) -- C:\Windows\SysNative\EuGdiDrv.sys ()
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek )
DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (AtiHDAudioService) -- C:\Windows\SysNative\drivers\AtihdW76.sys (ATI Technologies, Inc.)
DRV:64bit: - (cpuz134) -- C:\Windows\SysNative\drivers\cpuz134_x64.sys (Windows ® Win 7 DDK provider)
DRV:64bit: - (sssdmdm) -- C:\Windows\SysNative\drivers\sssdmdm.sys (MCCI Corporation)
DRV:64bit: - (sssdmgmt) -- C:\Windows\SysNative\drivers\sssdmgmt.sys (MCCI Corporation)
DRV:64bit: - (sssdobex) -- C:\Windows\SysNative\drivers\sssdobex.sys (MCCI Corporation)
DRV:64bit: - (sssdbus) -- C:\Windows\SysNative\drivers\sssdbus.sys (MCCI Corporation)
DRV:64bit: - (sssdmdfl) -- C:\Windows\SysNative\drivers\sssdmdfl.sys (MCCI Corporation)
DRV:64bit: - (e1kexpress) -- C:\Windows\SysNative\drivers\e1k62x64.sys (Intel Corporation)
DRV:64bit: - (HECIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (USB28xxBGA) -- C:\Windows\SysNative\drivers\emBDA64.sys (eMPIA Technology, Inc.)
DRV:64bit: - (USB28xxOEM) -- C:\Windows\SysNative\drivers\emOEM64.sys (eMPIA Technology, Inc.)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (WDC_SAM) -- C:\Windows\SysNative\drivers\wdcsam64.sys (Western Digital Technologies)
DRV:64bit: - (pccsmcfd) -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys (Nokia)
DRV - (OAmon) -- C:\Windows\SysWOW64\drivers\OAmon.sys (Emsisoft)
DRV - (OADevice) -- C:\Windows\SysWOW64\drivers\OADriver.sys ()
DRV - (oahlpXX) -- C:\Windows\SysWOW64\drivers\oahlp64.sys ()
DRV - (epmntdrv) -- C:\Windows\SysWOW64\epmntdrv.sys ()
DRV - (EuGdiDrv) -- C:\Windows\SysWOW64\EuGdiDrv.sys ()
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com.au/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-au
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 5A 58 C4 3E 99 3B CB 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope =
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...amp;FORM=IE10SR
IE - HKCU\..\SearchScopes\{36BBC5EA-56CD-46C2-B93C-1A26BF380F71}: "URL" = http://au.search.yah...p={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=386496"
FF - prefs.js..browser.startup.homepage: "google.com"
FF - prefs.js..extensions.enabledAddons: firefox%40mega.co.nz:1.0.3
FF - prefs.js..extensions.enabledAddons: %7Ba0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7%7D:20130917
FF - prefs.js..extensions.enabledAddons: %7B73a6fe31-595d-460b-a920-fcc0f8843232%7D:2.6.8.1
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:23.0.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {ba14329e-9550-4989-b3f2-9732e92d17cc}:2.7.2.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..keyword.URL: "chrome://browser-region/locale/region.properties"
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_168.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.0-git-20120207-0402: C:\Program Files\VideoLAN\VLC\npvlc.dll File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_168.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)

64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\PROGRAM FILES\CHECKPOINT\ZAFORCEFIELD\TRUSTCHECKER
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 23.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/08/17 18:31:19 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 23.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/08/17 18:31:19 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{5820539B-D2F8-11E1-8270-B8AC6F996F26}: C:\Users\KIEU\AppData\Local\{5820539B-D2F8-11E1-8270-B8AC6F996F26}\

[2010/09/16 22:23:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\KIEU\AppData\Roaming\Mozilla\Extensions
[2013/09/22 16:08:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\KIEU\AppData\Roaming\Mozilla\Firefox\Profiles\4z6f4a15.default\extensions
[2013/09/20 20:39:54 | 000,000,000 | ---D | M] (WOT) -- C:\Users\KIEU\AppData\Roaming\Mozilla\Firefox\Profiles\4z6f4a15.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2013/08/26 23:35:43 | 000,000,000 | ---D | M] (FoxyProxy Standard) -- C:\Users\KIEU\AppData\Roaming\Mozilla\Firefox\Profiles\4z6f4a15.default\extensions\foxyproxy@eric.h.jung
[2013/07/03 23:19:24 | 000,191,061 | ---- | M] () (No name found) -- C:\Users\KIEU\AppData\Roaming\Mozilla\Firefox\Profiles\4z6f4a15.default\extensions\autoproxy@autoproxy.org.xpi
[2013/04/10 23:16:10 | 000,004,366 | ---- | M] () (No name found) -- C:\Users\KIEU\AppData\Roaming\Mozilla\Firefox\Profiles\4z6f4a15.default\extensions\firefox@mega.co.nz.xpi
[2013/09/22 15:25:25 | 000,534,729 | ---- | M] () (No name found) -- C:\Users\KIEU\AppData\Roaming\Mozilla\Firefox\Profiles\4z6f4a15.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
[2013/08/30 23:35:34 | 000,017,429 | ---- | M] () (No name found) -- C:\Users\KIEU\AppData\Roaming\Mozilla\Firefox\Profiles\4z6f4a15.default\extensions\{b9bfaf1c-a63f-47cd-8b9a-29526ced9060}.xpi
[2013/07/31 23:36:02 | 000,824,302 | ---- | M] () (No name found) -- C:\Users\KIEU\AppData\Roaming\Mozilla\Firefox\Profiles\4z6f4a15.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2013/08/17 18:31:18 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2013/08/17 18:31:43 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2011/07/12 07:48:12 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll
[2011/03/05 23:15:08 | 000,002,046 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\fcmdSrchddr.xml

O1 HOSTS File: ([2013/07/03 19:23:38 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (FDMIECookiesBHO Class) - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files (x86)\Free Download Manager\iefdm2.dll ()
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4:64bit: - HKLM..\Run: [@OnlineArmor GUI] C:\Program Files (x86)\Online Armor\oaui.exe (Emsisoft GmbH)
O4:64bit: - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ATICustomerCare] C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [Grid Service] C:\Program Files (x86)\GridService\peer.exe (FS2YOU)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files (x86)\QuickTime Alternative\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (get_atlcom Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 198.142.0.51 211.29.132.12 198.142.235.14
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B049B388-EC3F-4F08-8105-A4F74514B980}: DhcpNameServer = 198.142.0.51 211.29.132.12 198.142.235.14
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2012/09/25 22:25:16 | 000,000,067 | ---- | M] () - I:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2009/06/19 07:12:18 | 000,000,088 | ---- | M] () - J:\autorun.inf -- [ UDF ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/09/22 19:46:03 | 000,000,000 | ---D | C] -- C:\_OTL
[2013/09/22 19:03:26 | 000,208,216 | ---- | C] (Kaspersky Lab, GERT) -- C:\Windows\SysNative\drivers\01242859.sys
[2013/09/22 19:02:48 | 000,000,000 | ---D | C] -- C:\Users\KIEU\Desktop\tdsskiller
[2013/09/22 16:18:27 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013/09/22 16:14:57 | 001,029,675 | ---- | C] (Thisisu) -- C:\Users\KIEU\Desktop\JRT.exe
[2013/09/22 16:04:52 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2013/09/22 15:27:39 | 004,745,728 | ---- | C] (AVAST Software) -- C:\Users\KIEU\Desktop\aswMBR.exe
[2013/09/20 21:16:09 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\KIEU\Desktop\OTL.exe
[2013/09/12 00:49:24 | 000,526,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013/09/12 00:49:24 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013/09/12 00:49:23 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2013/09/12 00:49:23 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2013/09/12 00:49:23 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2013/09/12 00:49:23 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2013/09/12 00:49:22 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2013/09/12 00:49:22 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2013/09/12 00:49:22 | 000,089,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe
[2013/09/12 00:49:22 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
[2013/09/12 00:49:22 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2013/09/12 00:49:20 | 000,855,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013/09/12 00:49:20 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013/09/12 00:49:20 | 000,603,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013/09/12 00:49:19 | 003,959,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013/09/11 20:37:01 | 000,155,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ataport.sys
[2013/09/11 20:36:59 | 003,968,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2013/09/11 20:36:58 | 005,550,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2013/09/11 20:36:58 | 003,913,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2013/09/11 20:36:58 | 001,732,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntdll.dll
[2013/09/11 20:36:58 | 001,161,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll
[2013/09/11 20:36:58 | 000,424,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll
[2013/09/11 20:36:58 | 000,243,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll
[2013/09/11 20:36:58 | 000,112,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\smss.exe
[2013/09/11 20:36:57 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll
[2013/09/11 20:36:57 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\conhost.exe
[2013/09/11 20:36:57 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll
[2013/09/11 20:36:57 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\csrsrv.dll
[2013/09/11 20:36:57 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll
[2013/09/11 20:36:57 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
[2013/09/11 20:36:57 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll
[2013/09/11 20:36:57 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-security-base-l1-1-0.dll
[2013/09/11 20:36:57 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
[2013/09/11 20:36:57 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l1-1-0.dll
[2013/09/11 20:36:57 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
[2013/09/11 20:36:57 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll
[2013/09/11 20:36:57 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
[2013/09/11 20:36:57 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll
[2013/09/11 20:36:57 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
[2013/09/11 20:36:57 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll
[2013/09/11 20:36:57 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
[2013/09/11 20:36:57 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-synch-l1-1-0.dll
[2013/09/11 20:36:57 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
[2013/09/11 20:36:57 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
[2013/09/11 20:36:57 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll
[2013/09/11 20:36:57 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll
[2013/09/11 20:36:57 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
[2013/09/11 20:36:57 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll
[2013/09/11 20:36:57 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
[2013/09/11 20:36:57 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll
[2013/09/11 20:36:57 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-misc-l1-1-0.dll
[2013/09/11 20:36:57 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
[2013/09/11 20:36:57 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-memory-l1-1-0.dll
[2013/09/11 20:36:57 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
[2013/09/11 20:36:57 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll
[2013/09/11 20:36:57 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
[2013/09/11 20:36:57 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
[2013/09/11 20:36:57 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-heap-l1-1-0.dll
[2013/09/11 20:36:57 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll
[2013/09/11 20:36:57 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-util-l1-1-0.dll
[2013/09/11 20:36:57 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
[2013/09/11 20:36:57 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-string-l1-1-0.dll
[2013/09/11 20:36:57 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
[2013/09/11 20:36:57 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
[2013/09/11 20:36:57 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-profile-l1-1-0.dll
[2013/09/11 20:36:57 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
[2013/09/11 20:36:57 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-io-l1-1-0.dll
[2013/09/11 20:36:57 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll
[2013/09/11 20:36:57 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
[2013/09/11 20:36:57 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-handle-l1-1-0.dll
[2013/09/11 20:36:56 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
[2013/09/11 20:36:56 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
[2013/09/11 20:36:56 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\apisetschema.dll
[2013/09/11 20:36:56 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\apisetschema.dll
[2013/09/11 20:36:56 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
[2013/09/11 20:36:56 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
[2013/09/11 20:36:56 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
[2013/09/11 20:36:56 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localization-l1-1-0.dll
[2013/09/11 20:36:56 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
[2013/09/11 20:36:56 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
[2013/09/11 20:36:56 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
[2013/09/11 20:36:56 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll
[2013/09/11 20:36:56 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
[2013/09/11 20:36:56 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll
[2013/09/11 20:36:56 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
[2013/09/11 20:36:56 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll
[2013/09/11 20:36:56 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
[2013/09/11 20:36:56 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-debug-l1-1-0.dll
[2013/09/11 20:36:56 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
[2013/09/11 20:36:56 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll
[2013/09/11 20:36:56 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
[2013/09/11 20:36:56 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-console-l1-1-0.dll
[2013/09/11 20:36:56 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
[2013/09/11 20:36:32 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\shdocvw.dll
[1 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/09/22 19:49:39 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/09/22 19:49:10 | 1066,803,198 | -HS- | M] () -- C:\hiberfil.sys
[2013/09/22 19:48:00 | 000,013,456 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/09/22 19:48:00 | 000,013,456 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/09/22 19:03:26 | 000,208,216 | ---- | M] (Kaspersky Lab, GERT) -- C:\Windows\SysNative\drivers\01242859.sys
[2013/09/22 19:01:23 | 002,218,636 | ---- | M] () -- C:\Users\KIEU\Desktop\tdsskiller.zip
[2013/09/22 18:27:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/09/22 16:15:04 | 001,029,675 | ---- | M] (Thisisu) -- C:\Users\KIEU\Desktop\JRT.exe
[2013/09/22 16:04:27 | 001,039,554 | ---- | M] () -- C:\Users\KIEU\Desktop\AdwCleaner.exe
[2013/09/22 16:03:13 | 000,000,572 | ---- | M] () -- C:\Users\KIEU\Desktop\MBR.zip
[2013/09/22 16:02:38 | 000,000,512 | ---- | M] () -- C:\Users\KIEU\Desktop\MBR.dat
[2013/09/22 15:28:07 | 004,745,728 | ---- | M] (AVAST Software) -- C:\Users\KIEU\Desktop\aswMBR.exe
[2013/09/20 21:16:12 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\KIEU\Desktop\OTL.exe
[2013/09/20 20:46:33 | 000,719,716 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/09/20 20:46:33 | 000,623,882 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/09/20 20:46:33 | 000,108,264 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/09/12 18:48:17 | 000,445,328 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/09/11 22:05:13 | 000,116,618 | ---- | M] () -- C:\Users\KIEU\Documents\002.jpg
[2013/09/11 20:27:39 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013/09/11 20:27:39 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013/09/11 20:27:07 | 009,430,408 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerInstaller.exe
[2013/08/28 00:17:03 | 000,001,815 | ---- | M] () -- C:\Users\Public\Desktop\Vuze.lnk
[2013/08/28 00:17:03 | 000,001,815 | ---- | M] () -- C:\Users\KIEU\Application Data\Microsoft\Internet Explorer\Quick Launch\Vuze.lnk
[1 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/09/22 19:01:06 | 002,218,636 | ---- | C] () -- C:\Users\KIEU\Desktop\tdsskiller.zip
[2013/09/22 16:04:06 | 001,039,554 | ---- | C] () -- C:\Users\KIEU\Desktop\AdwCleaner.exe
[2013/09/22 16:03:13 | 000,000,572 | ---- | C] () -- C:\Users\KIEU\Desktop\MBR.zip
[2013/09/22 16:02:38 | 000,000,512 | ---- | C] () -- C:\Users\KIEU\Desktop\MBR.dat
[2013/09/11 22:05:12 | 000,116,618 | ---- | C] () -- C:\Users\KIEU\Documents\002.jpg
[2013/03/13 20:41:05 | 000,000,042 | ---- | C] () -- C:\Users\KIEU\AppData\Roaming\mbam.context.scan
[2013/02/13 23:59:44 | 000,003,584 | ---- | C] () -- C:\Users\KIEU\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/09/27 17:24:35 | 000,062,016 | ---- | C] () -- C:\Windows\SysWow64\drivers\oahlp64.sys
[2012/09/27 17:24:35 | 000,061,632 | ---- | C] () -- C:\Windows\SysWow64\drivers\OADriver.sys
[2011/10/08 19:45:33 | 002,469,760 | ---- | C] () -- C:\Windows\SysWow64\BootMan.exe
[2011/10/08 19:45:33 | 000,086,408 | ---- | C] () -- C:\Windows\SysWow64\setupempdrv03.exe
[2011/10/08 19:45:33 | 000,019,840 | ---- | C] () -- C:\Windows\SysWow64\EuEpmGdi.dll
[2011/10/08 19:45:33 | 000,014,216 | ---- | C] () -- C:\Windows\SysWow64\epmntdrv.sys
[2011/10/08 19:45:33 | 000,008,456 | ---- | C] () -- C:\Windows\SysWow64\EuGdiDrv.sys
[2011/06/18 17:22:46 | 000,001,492 | ---- | C] () -- C:\ProgramData\ss.ini

========== ZeroAccess Check ==========

[2011/11/17 16:41:18 | 000,000,000 | -HSD | M] -- C:\Users\KIEU\AppData\Local\{8b625ada-0bb9-6eb8-4e4a-4e69d036dc8f}\L
[2012/09/25 22:14:01 | 000,000,000 | -HSD | M] -- C:\Users\KIEU\AppData\Local\{8b625ada-0bb9-6eb8-4e4a-4e69d036dc8f}\U
[2009/07/14 14:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"ThreadingModel" = Both
"" = C:\Windows\SysNative\shell32.dll -- [2013/07/26 12:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/07/26 12:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/26 11:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 11:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 22:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 11:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== Alternate Data Streams ==========

@Alternate Data Stream - 105 bytes -> C:\ProgramData\TEMP:5C321E34

< End of report >

#6 OCD

SuperHelper

Malware Team
5,574 posts

Posted 22 September 2013 - 11:07 AM

Hi tahaminey, Have you installed any new hardware, or updated any drivers recently? When did you start experiencing the black screen issues?

OCD

Proud Graduate of WTT Classroom
Member of UNITE

Threads will be closed if no response after 5 days

If you are satisfied with the help you have received, please consider making a donation.

#7 tahaminey

Authentic Member

Authentic Member
69 posts

Posted 23 September 2013 - 03:22 AM

Hi OCD, I had great difficulty getting in today. Took me half an hour of restrating, ending the explorer.exe processor but it just wouldn't work. I got so annoyed the last time I restarted and logged on, and when it gave me a black screen again, I just left it alone. After mabye 5 minutes or so, the desktop loaded. so here I am now. I have not installed any new hardware but Windows updates automatically when I log out. Early last week it was still working fine but a few days after that it gave me a black screen but after restarting once I was in again but it seems to be taking longer by the day.. I thought I had some kind of virus.

#8 OCD

SuperHelper

Malware Team
5,574 posts

Posted 23 September 2013 - 12:42 PM

Hi tahaminey,

Disconnect any external hard drives or USB drives connected to the computer. Now reboot the computer and see if the black screen issue is still present.

If so, then move onto this next step. If not report back the results.

=========================

Turn on your computer and tap the "F8" key to get "Windows Advanced Options"
( if boot menu appears, press "Esc" key and keep tapping on the F8 key) .
Select "Safe Mode"
Go to Control Panel -> Backup and Restore > Recover system settings or your computer > Open System Restore > follow the wizard to restore the system to the state before the issue occurred.

Update on status

OCD

Proud Graduate of WTT Classroom
Member of UNITE

Threads will be closed if no response after 5 days

If you are satisfied with the help you have received, please consider making a donation.

#9 tahaminey

Authentic Member

Authentic Member
69 posts

Posted 24 September 2013 - 03:19 AM

Hi OCD, I was still getting the black screen today. I disconnected the external drives and tried to log on but same issue. I did a system restore in safe mode to before when all this happened. and upon restart was able to login normally with desktop showing but when I shut down and tried it again the black screen came back. I restarted about 50 times and finally got to a screen where I chose Last Known Good Configuration. Surprising I was able to login and my desktop showed up. It was kind of slow to appear but at least it appeared. I don't know if that has fixed the problem so I will continue to test it and see if the black screen is still happenng after shutdown.

#10 OCD

SuperHelper

Malware Team
5,574 posts

Posted 24 September 2013 - 12:43 PM

Hi tahaminey, Keep me updated on the status. We'll move on from there.

OCD

Proud Graduate of WTT Classroom
Member of UNITE

Threads will be closed if no response after 5 days

If you are satisfied with the help you have received, please consider making a donation.

Advertisements

Register to Remove

#11 tahaminey

Authentic Member

Authentic Member
69 posts

Posted 25 September 2013 - 03:02 AM

Hi OCD, Black screen still happening. Tried to get on today but even after attempting to end explorer processor and runninng it again it still didn't work. Had to restart. While it was doing that I walked away for about 5 minutes and came back to my login screen. When I entered my password, surprisingly Imy desktop loaded. It seems very temperamental so I have no idea what the cause is. I'm too afraid to restart it right now to test again because I have work to do. I'll test again later.

#12 OCD

SuperHelper

Malware Team
5,574 posts

Posted 25 September 2013 - 08:28 AM

Hi tahaminey,

1. Tweaking.com - Windows Repair

Disable your Anti-Virus software BEFORE running this tool.
Tutorials: here.

=========================

Download Tweaking.com Windows Repair from here or here and save it to your desktop.

Windows XP : Double click on the icon to run it.
Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"

Once the program opens you will be at the Welcome tab.

=========================

Step 2: Check Disk (optional)

To run a Check Disk scan select the Do It button. (this action requires a system restart)
Otherwise choose Next or an appropriate tab to continue

=========================

Step 3: System File Checker (optional)

To run a System File Check scan select the Do It button. (this action recommends a system restart)
Otherwise choose Next or an appropriate tab to continue

=========================

Step 4: Create a System Restore Point & Create a Registry Back-up

Create a Restore Point:

Select the Create button to create a new restore point
Wait, confirmation will be displayed below the Restore button

=========================

Back-up the Registry:

Select the Back-up button,Tweaking.com Registry Back-up window will open and begin the back-up
It will close automatically. (that's normal)

=========================

Step 5: Start Repairs

Select the Start button to continue, the window below will open.

Repair Window settings

In the Repair Options window, place a check mark next to the following items: (not select all)

Reset Registry Permissions
Reset File Permissions
Register System Files
Repair WMI
Repair Windows Firewall
Repair Internet Explorer
Repair MDAC & MS Jet
Repair Hosts File
Remove Policies Set By Infections
Repair Missing Start Menu Icons Removed By Infections
Repair Icons
Repair Winsock & DNS Cache
Remove Temp Files
Repair Proxy Settings
Unhide Non System Files
Repair Windows Updates
Repair CD/DVD Missing/Not Working
Repair Volume Shadow Copy Service
Repair Windows Sidebar/Gadgets
Repair MSI (Windows Installer)
Repair Windows Snipping Tool
Repair File Associations
Repair Windows Safe Mode
Repair Print Spooler
Restore Important Windows Services
Set Windows Services To Default Startup

=========================
or Select All
=========================

Locate the Restart/Shutdown System when Finished, select the box, then choose Restart System
Click the Start button, a DOS window will/may appear during the repair process.
Acknowledge the System reboot when finished

=========================

Log files can be located by going to the Settings tab in the Windows Repair program and clicking the Open Log Folder button

The default location for the logs is : C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\Logs\

=========================

In your next post please provide the following:
Windows Repair Log (default location listed above)

OCD

Proud Graduate of WTT Classroom
Member of UNITE

Threads will be closed if no response after 5 days

If you are satisfied with the help you have received, please consider making a donation.

#13 tahaminey

Authentic Member

Authentic Member
69 posts

Posted 26 September 2013 - 03:01 AM

Hi OCD, When I turned on my computer today, I was able to get in without a problem. My desktop showed up fine after login. I was able to restart and login back in several times with no black screen showing up. I then ran the tweaking repair and when it finished and restarted, I came upon a black screen. I had to end explorer processor and was then able to get in again. I have not attempted to restart again but will do so later. Here is the Windows Repair Log: Starting Repairs... Start (26/09/2013 5:49:25 PM) 01 - Reset Registry Permissions 01/03 HKEY_CURRENT_USER & Sub Keys Start (26/09/2013 5:49:25 PM) Running Repair Under Current User Account Done (26/09/2013 5:49:47 PM) 01 - Reset Registry Permissions 02/03 HKEY_LOCAL_MACHINE & Sub Keys Start (26/09/2013 5:49:47 PM) Running Repair Under System Account Done (26/09/2013 5:51:45 PM) 01 - Reset Registry Permissions 03/03 HKEY_CLASSES_ROOT & Sub Keys Start (26/09/2013 5:51:45 PM) Running Repair Under System Account Done (26/09/2013 5:52:35 PM) 02 - Reset File Permissions 01/13 C:\AdwCleaner & Sub Folders Start (26/09/2013 5:52:41 PM) Running Repair Under System Account Done (26/09/2013 5:52:48 PM) 02 - Reset File Permissions 02/13 C:\ATI & Sub Folders Start (26/09/2013 5:52:48 PM) Running Repair Under System Account Done (26/09/2013 5:52:52 PM) 02 - Reset File Permissions 03/13 C:\Download & Sub Folders Start (26/09/2013 5:52:52 PM) Running Repair Under System Account Done (26/09/2013 5:52:55 PM) 02 - Reset File Permissions 04/13 C:\Downloads & Sub Folders Start (26/09/2013 5:52:55 PM) Running Repair Under System Account Done (26/09/2013 5:52:57 PM) 02 - Reset File Permissions 05/13 C:\Maxtor temp & Sub Folders Start (26/09/2013 5:52:57 PM) Running Repair Under System Account Done (26/09/2013 5:53:00 PM) 02 - Reset File Permissions 06/13 C:\PerfLogs & Sub Folders Start (26/09/2013 5:53:00 PM) Running Repair Under System Account Done (26/09/2013 5:53:02 PM) 02 - Reset File Permissions 07/13 C:\Program Files & Sub Folders Start (26/09/2013 5:53:02 PM) Running Repair Under System Account Done (26/09/2013 5:53:17 PM) 02 - Reset File Permissions 08/13 C:\Program Files (x86) & Sub Folders Start (26/09/2013 5:53:17 PM) Running Repair Under System Account Done (26/09/2013 5:54:28 PM) 02 - Reset File Permissions 09/13 C:\ProgramData & Sub Folders Start (26/09/2013 5:54:28 PM) Running Repair Under System Account Done (26/09/2013 5:55:05 PM) 02 - Reset File Permissions 10/13 C:\Recovery & Sub Folders Start (26/09/2013 5:55:05 PM) Running Repair Under System Account Done (26/09/2013 5:55:08 PM) 02 - Reset File Permissions 11/13 C:\RegBackup & Sub Folders Start (26/09/2013 5:55:08 PM) Running Repair Under System Account Done (26/09/2013 5:55:10 PM) 02 - Reset File Permissions 12/13 C:\Windows & Sub Folders Start (26/09/2013 5:55:10 PM) Running Repair Under System Account Done (26/09/2013 6:00:51 PM) 02 - Reset File Permissions 13/13 C:\_OTL & Sub Folders Start (26/09/2013 6:00:51 PM) Running Repair Under System Account Done (26/09/2013 6:00:53 PM) 02 - Reset File Permissions 01/05 L:\DBSK & Sub Folders Start (26/09/2013 6:01:14 PM) Running Repair Under System Account Done (26/09/2013 6:01:19 PM) 02 - Reset File Permissions 02/05 L:\Infinite & Sub Folders Start (26/09/2013 6:01:19 PM) Running Repair Under System Account Done (26/09/2013 6:01:27 PM) 02 - Reset File Permissions 03/05 L:\SHINee & Sub Folders Start (26/09/2013 6:01:27 PM) Running Repair Under System Account Done (26/09/2013 6:01:32 PM) 02 - Reset File Permissions 04/05 L:\Super Junior & Sub Folders Start (26/09/2013 6:01:32 PM) Running Repair Under System Account Done (26/09/2013 6:01:35 PM) 02 - Reset File Permissions 05/05 L:\U-kiss & Sub Folders Start (26/09/2013 6:01:35 PM) Running Repair Under System Account Done (26/09/2013 6:01:37 PM) 02 - Reset File Permissions 01/18 M:\100% & Sub Folders Start (26/09/2013 6:01:49 PM) Running Repair Under System Account Done (26/09/2013 6:01:51 PM) 02 - Reset File Permissions 02/18 M:\Anime & Sub Folders Start (26/09/2013 6:01:51 PM) Running Repair Under System Account Done (26/09/2013 6:02:02 PM) 02 - Reset File Permissions 03/18 M:\BEAST & Sub Folders Start (26/09/2013 6:02:02 PM) Running Repair Under System Account Done (26/09/2013 6:02:04 PM) 02 - Reset File Permissions 04/18 M:\Big Bang & Sub Folders Start (26/09/2013 6:02:04 PM) Running Repair Under System Account Done (26/09/2013 6:02:07 PM) 02 - Reset File Permissions 05/18 M:\BTOB & Sub Folders Start (26/09/2013 6:02:07 PM) Running Repair Under System Account Done (26/09/2013 6:02:10 PM) 02 - Reset File Permissions 06/18 M:\Chinese & Sub Folders Start (26/09/2013 6:02:10 PM) Running Repair Under System Account Done (26/09/2013 6:02:12 PM) 02 - Reset File Permissions 07/18 M:\Chinese BL Drama & Sub Folders Start (26/09/2013 6:02:12 PM) Running Repair Under System Account Done (26/09/2013 6:02:21 PM) 02 - Reset File Permissions 08/18 M:\Eurobeat & English & Sub Folders Start (26/09/2013 6:02:21 PM) Running Repair Under System Account Done (26/09/2013 6:02:23 PM) 02 - Reset File Permissions 09/18 M:\Game & Sub Folders Start (26/09/2013 6:02:23 PM) Running Repair Under System Account Done (26/09/2013 6:02:26 PM) 02 - Reset File Permissions 10/18 M:\Japanese Movie OST & Sub Folders Start (26/09/2013 6:02:26 PM) Running Repair Under System Account Done (26/09/2013 6:02:29 PM) 02 - Reset File Permissions 11/18 M:\JPOP & Sub Folders Start (26/09/2013 6:02:29 PM) Running Repair Under System Account Done (26/09/2013 6:02:43 PM) 02 - Reset File Permissions 12/18 M:\KPOP & Sub Folders Start (26/09/2013 6:02:43 PM) Running Repair Under System Account Done (26/09/2013 6:02:50 PM) 02 - Reset File Permissions 13/18 M:\Musical & Sub Folders Start (26/09/2013 6:02:50 PM) Running Repair Under System Account Done (26/09/2013 6:02:53 PM) 02 - Reset File Permissions 14/18 M:\Nico & Sub Folders Start (26/09/2013 6:02:53 PM) Running Repair Under System Account Done (26/09/2013 6:03:03 PM) 02 - Reset File Permissions 15/18 M:\Susumu Hirasawa Albums & Sub Folders Start (26/09/2013 6:03:03 PM) Running Repair Under System Account Done (26/09/2013 6:03:10 PM) 02 - Reset File Permissions 16/18 M:\Techno & Dance & Sub Folders Start (26/09/2013 6:03:10 PM) Running Repair Under System Account Done (26/09/2013 6:03:13 PM) 02 - Reset File Permissions 17/18 M:\Thai Dance & Sub Folders Start (26/09/2013 6:03:13 PM) Running Repair Under System Account Done (26/09/2013 6:03:15 PM) 02 - Reset File Permissions 18/18 M:\Weird Al Yankovich & Sub Folders Start (26/09/2013 6:03:15 PM) Running Repair Under System Account Done (26/09/2013 6:03:18 PM) 02 - Reset File Permissions 01/10 N:\Concerts & Sub Folders Start (26/09/2013 6:03:28 PM) Running Repair Under System Account Done (26/09/2013 6:03:30 PM) 02 - Reset File Permissions 02/10 N:\CPOP MV & Sub Folders Start (26/09/2013 6:03:30 PM) Running Repair Under System Account Done (26/09/2013 6:03:33 PM) 02 - Reset File Permissions 03/10 N:\Game Trailers & Sub Folders Start (26/09/2013 6:03:33 PM) Running Repair Under System Account Done (26/09/2013 6:03:35 PM) 02 - Reset File Permissions 04/10 N:\JPOP PV & Sub Folders Start (26/09/2013 6:03:35 PM) Running Repair Under System Account Done (26/09/2013 6:03:38 PM) 02 - Reset File Permissions 05/10 N:\Kat Tun Vids & Sub Folders Start (26/09/2013 6:03:38 PM) Running Repair Under System Account Done (26/09/2013 6:03:41 PM) 02 - Reset File Permissions 06/10 N:\KPOP MV & Sub Folders Start (26/09/2013 6:03:41 PM) Running Repair Under System Account Done (26/09/2013 6:03:43 PM) 02 - Reset File Permissions 07/10 N:\Musicals & Sub Folders Start (26/09/2013 6:03:43 PM) Running Repair Under System Account Done (26/09/2013 6:03:46 PM) 02 - Reset File Permissions 08/10 N:\My MVs & Sub Folders Start (26/09/2013 6:03:46 PM) Running Repair Under System Account Done (26/09/2013 6:03:48 PM) 02 - Reset File Permissions 09/10 N:\My Videos & Sub Folders Start (26/09/2013 6:03:48 PM) Running Repair Under System Account Done (26/09/2013 6:03:53 PM) 02 - Reset File Permissions 10/10 N:\V6 & Sub Folders Start (26/09/2013 6:03:53 PM) Running Repair Under System Account Done (26/09/2013 6:03:55 PM) 02 - Reset File Permissions 01/37 O:\$AVG & Sub Folders Start (26/09/2013 6:04:26 PM) Running Repair Under System Account Done (26/09/2013 6:04:29 PM) 02 - Reset File Permissions 02/37 O:\00 My Pictures & Sub Folders Start (26/09/2013 6:04:29 PM) Running Repair Under System Account Done (26/09/2013 6:04:46 PM) 02 - Reset File Permissions 03/37 O:\Anime Gallery & Sub Folders Start (26/09/2013 6:04:46 PM) Running Repair Under System Account Done (26/09/2013 6:04:57 PM) 02 - Reset File Permissions 04/37 O:\Boys Love & Sub Folders Start (26/09/2013 6:04:57 PM) Running Repair Under System Account Done (26/09/2013 6:04:59 PM) 02 - Reset File Permissions 05/37 O:\Brushes & Sub Folders Start (26/09/2013 6:04:59 PM) Running Repair Under System Account Done (26/09/2013 6:05:02 PM) 02 - Reset File Permissions 06/37 O:\Dollfie Gallery & Sub Folders Start (26/09/2013 6:05:02 PM) Running Repair Under System Account Done (26/09/2013 6:05:09 PM) 02 - Reset File Permissions 07/37 O:\Doujinshis & Sub Folders Start (26/09/2013 6:05:09 PM) Running Repair Under System Account Done (26/09/2013 6:05:38 PM) 02 - Reset File Permissions 08/37 O:\Ebay & Sub Folders Start (26/09/2013 6:05:38 PM) Running Repair Under System Account Done (26/09/2013 6:05:42 PM) 02 - Reset File Permissions 09/37 O:\Fanarts & Sub Folders Start (26/09/2013 6:05:43 PM) Running Repair Under System Account Done (26/09/2013 6:06:06 PM) 02 - Reset File Permissions 10/37 O:\Final Fantasy CG & Sub Folders Start (26/09/2013 6:06:06 PM) Running Repair Under System Account Done (26/09/2013 6:06:10 PM) 02 - Reset File Permissions 11/37 O:\Fly Daddy Fly & Sub Folders Start (26/09/2013 6:06:10 PM) Running Repair Under System Account Done (26/09/2013 6:06:13 PM) 02 - Reset File Permissions 12/37 O:\Fonts & Sub Folders Start (26/09/2013 6:06:13 PM) Running Repair Under System Account Done (26/09/2013 6:06:20 PM) 02 - Reset File Permissions 13/37 O:\IE bookmarks & Sub Folders Start (26/09/2013 6:06:20 PM) Running Repair Under System Account Done (26/09/2013 6:06:22 PM) 02 - Reset File Permissions 14/37 O:\JROCK Gallery & Sub Folders Start (26/09/2013 6:06:22 PM) Running Repair Under System Account Done (26/09/2013 6:06:25 PM) 02 - Reset File Permissions 15/37 O:\KAT-TUN Gallery & Sub Folders Start (26/09/2013 6:06:25 PM) Running Repair Under System Account Done (26/09/2013 6:06:27 PM) 02 - Reset File Permissions 16/37 O:\macros & Sub Folders Start (26/09/2013 6:06:27 PM) Running Repair Under System Account Done (26/09/2013 6:06:30 PM) 02 - Reset File Permissions 17/37 O:\Manhua & Sub Folders Start (26/09/2013 6:06:30 PM) Running Repair Under System Account Done (26/09/2013 6:06:32 PM) 02 - Reset File Permissions 18/37 O:\Merlin Gallery & Sub Folders Start (26/09/2013 6:06:32 PM) Running Repair Under System Account Done (26/09/2013 6:06:35 PM) 02 - Reset File Permissions 19/37 O:\Miêu Th? & Sub Folders Start (26/09/2013 6:06:35 PM) Running Repair Under System Account Done (26/09/2013 6:06:38 PM) 02 - Reset File Permissions 20/37 O:\MW-?? & Sub Folders Start (26/09/2013 6:06:38 PM) Running Repair Under System Account Done (26/09/2013 6:06:40 PM) 02 - Reset File Permissions 21/37 O:\My Software & Sub Folders Start (26/09/2013 6:06:40 PM) Running Repair Under System Account Done (26/09/2013 6:06:43 PM) 02 - Reset File Permissions 22/37 O:\Pili Puppet & Sub Folders Start (26/09/2013 6:06:43 PM) Running Repair Under System Account Done (26/09/2013 6:06:45 PM) 02 - Reset File Permissions 23/37 O:\Plugins & Sub Folders Start (26/09/2013 6:06:45 PM) Running Repair Under System Account Done (26/09/2013 6:06:48 PM) 02 - Reset File Permissions 24/37 O:\Profile & Sub Folders Start (26/09/2013 6:06:48 PM) Running Repair Under System Account Done (26/09/2013 6:06:50 PM) 02 - Reset File Permissions 25/37 O:\Scanlations & Sub Folders Start (26/09/2013 6:06:51 PM) Running Repair Under System Account Done (26/09/2013 6:11:29 PM) 02 - Reset File Permissions 26/37 O:\Screen Caps & Sub Folders Start (26/09/2013 6:11:29 PM) Running Repair Under System Account Done (26/09/2013 6:11:34 PM) 02 - Reset File Permissions 27/37 O:\Skins & Sub Folders Start (26/09/2013 6:11:34 PM) Running Repair Under System Account Done (26/09/2013 6:11:36 PM) 02 - Reset File Permissions 28/37 O:\SP & Sub Folders Start (26/09/2013 6:11:36 PM) Running Repair Under System Account Done (26/09/2013 6:11:41 PM) 02 - Reset File Permissions 29/37 O:\taobao & Sub Folders Start (26/09/2013 6:11:41 PM) Running Repair Under System Account Done (26/09/2013 6:11:43 PM) 02 - Reset File Permissions 30/37 O:\Text Effects & Sub Folders Start (26/09/2013 6:11:43 PM) Running Repair Under System Account Done (26/09/2013 6:11:46 PM) 02 - Reset File Permissions 31/37 O:\Textures & Sub Folders Start (26/09/2013 6:11:46 PM) Running Repair Under System Account Done (26/09/2013 6:11:49 PM) 02 - Reset File Permissions 32/37 O:\Wallpaper & Sub Folders Start (26/09/2013 6:11:49 PM) Running Repair Under System Account Done (26/09/2013 6:11:51 PM) 02 - Reset File Permissions 33/37 O:\want & Sub Folders Start (26/09/2013 6:11:51 PM) Running Repair Under System Account Done (26/09/2013 6:11:54 PM) 02 - Reset File Permissions 34/37 O:\Websites & Sub Folders Start (26/09/2013 6:11:54 PM) Running Repair Under System Account Done (26/09/2013 6:12:11 PM) 02 - Reset File Permissions 35/37 O:\Yahoo Japan & Sub Folders Start (26/09/2013 6:12:11 PM) Running Repair Under System Account Done (26/09/2013 6:12:13 PM) 02 - Reset File Permissions 36/37 O:\Ð?o m? bút ký & Sub Folders Start (26/09/2013 6:12:13 PM) Running Repair Under System Account Done (26/09/2013 6:12:16 PM) 02 - Reset File Permissions 37/37 O:\??? Gallery & Sub Folders Start (26/09/2013 6:12:16 PM) Running Repair Under System Account Done (26/09/2013 6:12:19 PM) 02 - Reset File Permissions 01/78 P:\3 Kingdoms mv & Sub Folders Start (26/09/2013 6:12:22 PM) Running Repair Under System Account Done (26/09/2013 6:12:25 PM) 02 - Reset File Permissions 02/78 P:\5sing & Sub Folders Start (26/09/2013 6:12:25 PM) Running Repair Under System Account Done (26/09/2013 6:12:27 PM) 02 - Reset File Permissions 03/78 P:\Arts Pili & Sub Folders Start (26/09/2013 6:12:27 PM) Running Repair Under System Account Done (26/09/2013 6:12:30 PM) 02 - Reset File Permissions 04/78 P:\AWKK_c04 & Sub Folders Start (26/09/2013 6:12:30 PM) Running Repair Under System Account Done (26/09/2013 6:12:32 PM) 02 - Reset File Permissions 05/78 P:\AWKK_c05 & Sub Folders Start (26/09/2013 6:12:33 PM) Running Repair Under System Account Done (26/09/2013 6:12:35 PM) 02 - Reset File Permissions 06/78 P:\Before_Daylight_Love_v01_ch01_[Dangerous_Pleasure] & Sub Folders Start (26/09/2013 6:12:35 PM) Running Repair Under System Account Done (26/09/2013 6:12:38 PM) 02 - Reset File Permissions 07/78 P:\BT Downloads & Sub Folders Start (26/09/2013 6:12:38 PM) Running Repair Under System Account Done (26/09/2013 6:12:40 PM) 02 - Reset File Permissions 08/78 P:\C?nh Khanh mvs & Sub Folders Start (26/09/2013 6:12:40 PM) Running Repair Under System Account Done (26/09/2013 6:12:43 PM) 02 - Reset File Permissions 09/78 P:\Dam My mvs & Sub Folders Start (26/09/2013 6:12:43 PM) Running Repair Under System Account Done (26/09/2013 6:12:45 PM) 02 - Reset File Permissions 10/78 P:\Dong Soo x Yeo Woon mvs & Sub Folders Start (26/09/2013 6:12:45 PM) Running Repair Under System Account Done (26/09/2013 6:12:48 PM) 02 - Reset File Permissions 11/78 P:\Fics & Sub Folders Start (26/09/2013 6:12:48 PM) Running Repair Under System Account Done (26/09/2013 6:12:53 PM) 02 - Reset File Permissions 12/78 P:\Haikei, Niisan-sama ch01 & Sub Folders Start (26/09/2013 6:12:53 PM) Running Repair Under System Account Done (26/09/2013 6:12:55 PM) 02 - Reset File Permissions 13/78 P:\Hak3 & Sub Folders Start (26/09/2013 6:12:55 PM) Running Repair Under System Account Done (26/09/2013 6:12:58 PM) 02 - Reset File Permissions 14/78 P:\Hak4 & Sub Folders Start (26/09/2013 6:12:58 PM) Running Repair Under System Account Done (26/09/2013 6:13:01 PM) 02 - Reset File Permissions 15/78 P:\Hak5 & Sub Folders Start (26/09/2013 6:13:01 PM) Running Repair Under System Account Done (26/09/2013 6:13:03 PM) 02 - Reset File Permissions 16/78 P:\Hak6 & Sub Folders Start (26/09/2013 6:13:03 PM) Running Repair Under System Account Done (26/09/2013 6:13:06 PM) 02 - Reset File Permissions 17/78 P:\Hak7 & Sub Folders Start (26/09/2013 6:13:06 PM) Running Repair Under System Account Done (26/09/2013 6:13:08 PM) 02 - Reset File Permissions 18/78 P:\Hak8 & Sub Folders Start (26/09/2013 6:13:08 PM) Running Repair Under System Account Done (26/09/2013 6:13:11 PM) 02 - Reset File Permissions 19/78 P:\Heung Soo x Nam Soon mvs & Sub Folders Start (26/09/2013 6:13:11 PM) Running Repair Under System Account Done (26/09/2013 6:13:13 PM) 02 - Reset File Permissions 20/78 P:\HnY1 & Sub Folders Start (26/09/2013 6:13:14 PM) Running Repair Under System Account Done (26/09/2013 6:13:16 PM) 02 - Reset File Permissions 21/78 P:\Inu_to_no_Hibi_v01_ch06_[Dangerous_Pleasure] & Sub Folders Start (26/09/2013 6:13:16 PM) Running Repair Under System Account Done (26/09/2013 6:13:19 PM) 02 - Reset File Permissions 22/78 P:\Jae Shin x Yong Ha mvs & Sub Folders Start (26/09/2013 6:13:19 PM) Running Repair Under System Account Done (26/09/2013 6:13:21 PM) 02 - Reset File Permissions 23/78 P:\jiangyuheng??? - ???? years later.mp3 & Sub Folders Start (26/09/2013 6:13:21 PM) Running Repair Under System Account Done (26/09/2013 6:13:24 PM) 02 - Reset File Permissions 24/78 P:\KaeMi2 & Sub Folders Start (26/09/2013 6:13:24 PM) Running Repair Under System Account Done (26/09/2013 6:13:26 PM) 02 - Reset File Permissions 25/78 P:\Kich Tinh Ca & Sub Folders Start (26/09/2013 6:13:27 PM) Running Repair Under System Account Done (26/09/2013 6:13:29 PM) 02 - Reset File Permissions 26/78 P:\Kich Truyen Thanh & Sub Folders Start (26/09/2013 6:13:29 PM) Running Repair Under System Account Done (26/09/2013 6:13:32 PM) 02 - Reset File Permissions 27/78 P:\Kim Bo Kyung (???) - ?? It hurts (Inst.).mp3 & Sub Folders Start (26/09/2013 6:13:32 PM) Running Repair Under System Account Done (26/09/2013 6:13:34 PM) 02 - Reset File Permissions 28/78 P:\mazu_05 & Sub Folders Start (26/09/2013 6:13:34 PM) Running Repair Under System Account Done (26/09/2013 6:13:37 PM) 02 - Reset File Permissions 29/78 P:\Misc mvs & Sub Folders Start (26/09/2013 6:13:37 PM) Running Repair Under System Account Done (26/09/2013 6:13:40 PM) 02 - Reset File Permissions 30/78 P:\Miwakujikake Amai Wana 01 & Sub Folders Start (26/09/2013 6:13:40 PM) Running Repair Under System Account Done (26/09/2013 6:13:42 PM) 02 - Reset File Permissions 31/78 P:\Nekoka Danshi no Shitsukekata ch05 [GGScans] & Sub Folders Start (26/09/2013 6:13:42 PM) Running Repair Under System Account Done (26/09/2013 6:13:45 PM) 02 - Reset File Permissions 32/78 P:\Ni Shui Han mvs & Sub Folders Start (26/09/2013 6:13:45 PM) Running Repair Under System Account Done (26/09/2013 6:13:47 PM) 02 - Reset File Permissions 33/78 P:\nick chung ??? - ????? what happened.mp3 & Sub Folders Start (26/09/2013 6:13:47 PM) Running Repair Under System Account Done (26/09/2013 6:13:50 PM) 02 - Reset File Permissions 34/78 P:\Pho Diep MV & Sub Folders Start (26/09/2013 6:13:50 PM) Running Repair Under System Account Done (26/09/2013 6:13:53 PM) 02 - Reset File Permissions 35/78 P:\Phích l?ch mvs & Sub Folders Start (26/09/2013 6:13:53 PM) Running Repair Under System Account Done (26/09/2013 6:13:55 PM) 02 - Reset File Permissions 36/78 P:\Pili Puppet mvs & Sub Folders Start (26/09/2013 6:13:55 PM) Running Repair Under System Account Done (26/09/2013 6:13:58 PM) 02 - Reset File Permissions 37/78 P:\Pili Theme mp3 & Sub Folders Start (26/09/2013 6:13:58 PM) Running Repair Under System Account Done (26/09/2013 6:14:00 PM) 02 - Reset File Permissions 38/78 P:\Pretty_Babies_v01_ch02c_[Dangerous_Pleasure] & Sub Folders Start (26/09/2013 6:14:00 PM) Running Repair Under System Account Done (26/09/2013 6:14:03 PM) 02 - Reset File Permissions 39/78 P:\Rats and the Cat mvs & Sub Folders Start (26/09/2013 6:14:03 PM) Running Repair Under System Account Done (26/09/2013 6:14:06 PM) 02 - Reset File Permissions 40/78 P:\Shingeki no Kyojin DJ - Heichou Log [Blissful Sin] & Sub Folders Start (26/09/2013 6:14:06 PM) Running Repair Under System Account Done (26/09/2013 6:14:08 PM) 02 - Reset File Permissions 41/78 P:\Stay Gold Ch01.5[acme] & Sub Folders Start (26/09/2013 6:14:08 PM) Running Repair Under System Account Done (26/09/2013 6:14:11 PM) 02 - Reset File Permissions 42/78 P:\Stay Gold Ch01[acme] & Sub Folders Start (26/09/2013 6:14:11 PM) Running Repair Under System Account Done (26/09/2013 6:14:13 PM) 02 - Reset File Permissions 43/78 P:\Stay Gold Ch02[acme] & Sub Folders Start (26/09/2013 6:14:13 PM) Running Repair Under System Account Done (26/09/2013 6:14:16 PM) 02 - Reset File Permissions 44/78 P:\Stay_Gold_Ch03[acme] & Sub Folders Start (26/09/2013 6:14:16 PM) Running Repair Under System Account Done (26/09/2013 6:14:19 PM) 02 - Reset File Permissions 45/78 P:\T-ARA - Sexy Love (DJ.LarsMV???????).mp3 & Sub Folders Start (26/09/2013 6:14:19 PM) Running Repair Under System Account Done (26/09/2013 6:14:21 PM) 02 - Reset File Permissions 46/78 P:\Taiwan remixes & Sub Folders Start (26/09/2013 6:14:21 PM) Running Repair Under System Account Done (26/09/2013 6:14:24 PM) 02 - Reset File Permissions 47/78 P:\Taiwan songs & Sub Folders Start (26/09/2013 6:14:24 PM) Running Repair Under System Account Done (26/09/2013 6:14:26 PM) 02 - Reset File Permissions 48/78 P:\Thich Co mvs & Sub Folders Start (26/09/2013 6:14:26 PM) Running Repair Under System Account Done (26/09/2013 6:14:29 PM) 02 - Reset File Permissions 49/78 P:\Vol 05 ch 4 & Sub Folders Start (26/09/2013 6:14:29 PM) Running Repair Under System Account Done (26/09/2013 6:14:32 PM) 02 - Reset File Permissions 50/78 P:\Yoru to Asa - I [BA&BS&NH] & Sub Folders Start (26/09/2013 6:14:32 PM) Running Repair Under System Account Done (26/09/2013 6:14:34 PM) 02 - Reset File Permissions 51/78 P:\[Echochi]Stranger_-_Vol01_Chap01 & Sub Folders Start (26/09/2013 6:14:34 PM) Running Repair Under System Account Done (26/09/2013 6:14:37 PM) 02 - Reset File Permissions 52/78 P:\[L.O.V.E.]Ilegenes-Kokuyou-no-Kiseki_v05_ch27 & Sub Folders Start (26/09/2013 6:14:37 PM) Running Repair Under System Account Done (26/09/2013 6:14:39 PM) 02 - Reset File Permissions 53/78 P:\[L.O.V.E]Adekan_v05_ch03 & Sub Folders Start (26/09/2013 6:14:40 PM) Running Repair Under System Account Done (26/09/2013 6:14:42 PM) 02 - Reset File Permissions 54/78 P:\[L.O.V.E]Adekan_v05_ch2 & Sub Folders Start (26/09/2013 6:14:42 PM) Running Repair Under System Account Done (26/09/2013 6:14:45 PM) 02 - Reset File Permissions 55/78 P:\[Nakama]_Yabai_me_de_minna_yo_ch1 & Sub Folders Start (26/09/2013 6:14:45 PM) Running Repair Under System Account Done (26/09/2013 6:14:47 PM) 02 - Reset File Permissions 56/78 P:\[Phó Di?p] [Ðam m?] Ái vô c?m k?.flv & Sub Folders Start (26/09/2013 6:14:47 PM) Running Repair Under System Account Done (26/09/2013 6:14:50 PM) 02 - Reset File Permissions 57/78 P:\[Phó Di?p__Thiên Nhai Minh Nguy?t Ðao] M?i Ki?p Ð?u Ð?i Ngu?i.flv & Sub Folders Start (26/09/2013 6:14:50 PM) Running Repair Under System Account Done (26/09/2013 6:14:53 PM) 02 - Reset File Permissions 58/78 P:\[Vietsub Ðam M?] [Phó Di?p] Lu?ng Sinh Luy?n.mp4 & Sub Folders Start (26/09/2013 6:14:53 PM) Running Repair Under System Account Done (26/09/2013 6:14:55 PM) 02 - Reset File Permissions 59/78 P:\[Vietsub dam m?] [T?n La] Ðái Ngã Phi MV.flv & Sub Folders Start (26/09/2013 6:14:55 PM) Running Repair Under System Account Done (26/09/2013 6:14:58 PM) 02 - Reset File Permissions 60/78 P:\[Vietsub] K?ch truy?n thanh Phu?ng Vu C?u Thiên - Vuong Uy H?o Ðãng (trích do?n).flv & Sub Folders Start (26/09/2013 6:14:58 PM) Running Repair Under System Account Done (26/09/2013 6:15:00 PM) 02 - Reset File Permissions 61/78 P:\[Vietsub] K?ch truy?n thanh “Hoàng Bán Tiên”.mp4 & Sub Folders Start (26/09/2013 6:15:00 PM) Running Repair Under System Account Done (26/09/2013 6:15:03 PM) 02 - Reset File Permissions 62/78 P:\[Vietsub] T? quý lo?n ng? chi xuân - Miêu Ph?n [B?c C?u x C?u Thiên Th?ng].flv & Sub Folders Start (26/09/2013 6:15:03 PM) Running Repair Under System Account Done (26/09/2013 6:15:06 PM) 02 - Reset File Permissions 63/78 P:\[Vietsub][C?nh Khanh Movie] Truy?n Thuy?t Th?n Ma .avi & Sub Folders Start (26/09/2013 6:15:06 PM) Running Repair Under System Account Done (26/09/2013 6:15:08 PM) 02 - Reset File Permissions 64/78 P:\[Vietsub][C?nh Khanh x Phi Luu Mini Movie] Liêu Trai Ninh Thái Th?n.avi & Sub Folders Start (26/09/2013 6:15:08 PM) Running Repair Under System Account Done (26/09/2013 6:15:11 PM) 02 - Reset File Permissions 65/78 P:\[Vietsub__ Fanfic Trailer] Phong Nguy?t Bát Thiên Lý.flv & Sub Folders Start (26/09/2013 6:15:11 PM) Running Repair Under System Account Done (26/09/2013 6:15:13 PM) 02 - Reset File Permissions 66/78 P:\[Vietsub__H? Ho?c Mini Movie] Nh?t Ni?m Ch?p Tru?c__ Suy Nghi C? Ch?p Part 1.flv & Sub Folders Start (26/09/2013 6:15:14 PM) Running Repair Under System Account Done (26/09/2013 6:15:16 PM) 02 - Reset File Permissions 67/78 P:\[Ðam m? Vietsub] M? di thành d?, tuong tu thành yên __ Tri?u Ðoan x Truong Trân.flv & Sub Folders Start (26/09/2013 6:15:16 PM) Running Repair Under System Account Done (26/09/2013 6:15:19 PM) 02 - Reset File Permissions 68/78 P:\???-??? alive.flv & Sub Folders Start (26/09/2013 6:15:19 PM) Running Repair Under System Account Done (26/09/2013 6:15:21 PM) 02 - Reset File Permissions 69/78 P:\?????MMD - ??·??·?? ??Everybody.flv & Sub Folders Start (26/09/2013 6:15:21 PM) Running Repair Under System Account Done (26/09/2013 6:15:24 PM) 02 - Reset File Permissions 70/78 P:\???????(?).flv & Sub Folders Start (26/09/2013 6:15:24 PM) Running Repair Under System Account Done (26/09/2013 6:15:27 PM) 02 - Reset File Permissions 71/78 P:\???????(?).flv & Sub Folders Start (26/09/2013 6:15:27 PM) Running Repair Under System Account Done (26/09/2013 6:15:29 PM) 02 - Reset File Permissions 72/78 P:\?????06-??????????:??? ???.mp4 & Sub Folders Start (26/09/2013 6:15:29 PM) Running Repair Under System Account Done (26/09/2013 6:15:32 PM) 02 - Reset File Permissions 73/78 P:\??MV ??.f4v & Sub Folders Start (26/09/2013 6:15:32 PM) Running Repair Under System Account Done (26/09/2013 6:15:34 PM) 02 - Reset File Permissions 74/78 P:\??? - ???? sub.flv & Sub Folders Start (26/09/2013 6:15:35 PM) Running Repair Under System Account Done (26/09/2013 6:15:37 PM) 02 - Reset File Permissions 75/78 P:\???(??? ??).flv & Sub Folders Start (26/09/2013 6:15:37 PM) Running Repair Under System Account Done (26/09/2013 6:15:40 PM) 02 - Reset File Permissions 76/78 P:\?????? ???????«??».flv & Sub Folders Start (26/09/2013 6:15:40 PM) Running Repair Under System Account Done (26/09/2013 6:15:42 PM) 02 - Reset File Permissions 77/78 P:\???? - ???? M?c v?n kim tri?u ver 2.mp3 & Sub Folders Start (26/09/2013 6:15:42 PM) Running Repair Under System Account Done (26/09/2013 6:15:45 PM) 02 - Reset File Permissions 78/78 P:\???? - ???? M?c v?n kim tri?u.mp3 & Sub Folders Start (26/09/2013 6:15:45 PM) Running Repair Under System Account Done (26/09/2013 6:15:48 PM) 02 - Reset File Permissions: Cleanup & Sub Folders Start (26/09/2013 6:15:48 PM) Running Repair Under System Account Done (26/09/2013 6:15:52 PM) 03 - Register System Files Start (26/09/2013 6:15:52 PM) Running Repair Under Current User Account Running Repair Under System Account Done (26/09/2013 6:17:23 PM) 04 - Repair WMI Start (26/09/2013 6:17:23 PM) Running Repair Under Current User Account Running Repair Under System Account Done (26/09/2013 6:21:39 PM) 05 - Repair Windows Firewall Start (26/09/2013 6:21:39 PM) Running Repair Under Current User Account Running Repair Under System Account Done (26/09/2013 6:22:21 PM) 06 - Repair Internet Explorer Start (26/09/2013 6:22:21 PM) Running Repair Under Current User Account Running Repair Under System Account Done (26/09/2013 6:24:16 PM) 07 - Repair MDAC/MS Jet Start (26/09/2013 6:24:17 PM) Running Repair Under Current User Account Running Repair Under System Account Done (26/09/2013 6:28:02 PM) 08 - Repair Hosts File Start (26/09/2013 6:28:02 PM) Running Repair Under System Account Done (26/09/2013 6:28:07 PM) 09 - Remove Policies Set By Infections Start (26/09/2013 6:28:07 PM) Running Repair Under Current User Account Running Repair Under System Account Done (26/09/2013 6:28:15 PM) 10 - Repair Missing Start Menu Icons Removed By Infections Start (26/09/2013 6:28:15 PM) Running Repair Under System Account Done (26/09/2013 6:28:18 PM) 11 - Repair Icons Start (26/09/2013 6:28:18 PM) Running Repair Under System Account Done (26/09/2013 6:28:20 PM) 12 - Repair Winsock & DNS Cache Start (26/09/2013 6:28:20 PM) Running Repair Under Current User Account Running Repair Under System Account Done (26/09/2013 6:28:54 PM) 13 - Remove Temp Files Start (26/09/2013 6:28:54 PM) Running Repair Under System Account Done (26/09/2013 6:28:57 PM) 14 - Repair Proxy Settings Start (26/09/2013 6:28:57 PM) Running Repair Under Current User Account Running Repair Under System Account Done (26/09/2013 6:29:07 PM) 15 - Unhide Non System Files Start (26/09/2013 6:29:07 PM) C:\ - Total Files Unhidden: 584Check Unhidden_Files.txt for list of files unhidden L:\ - Total Files Unhidden: 3Check Unhidden_Files.txt for list of files unhidden M:\ - Total Files Unhidden: 3Check Unhidden_Files.txt for list of files unhidden N:\ - Total Files Unhidden: 0Check Unhidden_Files.txt for list of files unhidden O:\ - Total Files Unhidden: 121Check Unhidden_Files.txt for list of files unhidden P:\ - Total Files Unhidden: 2Check Unhidden_Files.txt for list of files unhidden Done (26/09/2013 6:38:31 PM) 16 - Repair Windows Updates Start (26/09/2013 6:38:31 PM) Running Repair Under Current User Account Running Repair Under System Account Done (26/09/2013 6:41:30 PM) 17 - Repair CD/DVD Missing/Not Working Start (26/09/2013 6:41:30 PM) Done (26/09/2013 6:41:30 PM) 18 - Repair Volume Shadow Copy Service Start (26/09/2013 6:41:30 PM) Running Repair Under Current User Account Running Repair Under System Account Done (26/09/2013 6:42:01 PM) 19 - Repair Windows Sidebar/Gadgets Start (26/09/2013 6:42:01 PM) Running Repair Under Current User Account Running Repair Under System Account Done (26/09/2013 6:42:28 PM) 20 - Repair MSI (Windows Installer) Start (26/09/2013 6:42:28 PM) Running Repair Under Current User Account Running Repair Under System Account Done (26/09/2013 6:42:46 PM) 21 - Repair Windows Snipping Tool Start (26/09/2013 6:42:46 PM) Running Repair Under Current User Account Running Repair Under System Account Done (26/09/2013 6:43:01 PM) 22.01 - Repair bat Association Start (26/09/2013 6:43:01 PM) Running Repair Under Current User Account Running Repair Under System Account Done (26/09/2013 6:43:20 PM) 22.02 - Repair cmd Association Start (26/09/2013 6:43:20 PM) Running Repair Under Current User Account Running Repair Under System Account Done (26/09/2013 6:43:28 PM) 22.03 - Repair com Association Start (26/09/2013 6:43:28 PM) Running Repair Under Current User Account Running Repair Under System Account Done (26/09/2013 6:43:37 PM) 22.04 - Repair Directory Association Start (26/09/2013 6:43:37 PM) Running Repair Under Current User Account Running Repair Under System Account Done (26/09/2013 6:43:48 PM) 22.05 - Repair Drive Association Start (26/09/2013 6:43:48 PM) Running Repair Under Current User Account Running Repair Under System Account Done (26/09/2013 6:43:56 PM) 22.06 - Repair exe Association Start (26/09/2013 6:43:56 PM) Running Repair Under Current User Account Running Repair Under System Account Done (26/09/2013 6:44:08 PM) 22.07 - Repair Folder Association Start (26/09/2013 6:44:08 PM) Running Repair Under Current User Account Running Repair Under System Account Done (26/09/2013 6:44:25 PM) 22.08 - Repair inf Association Start (26/09/2013 6:44:25 PM) Running Repair Under Current User Account Running Repair Under System Account Done (26/09/2013 6:44:34 PM) 22.09 - Repair lnk (Shortcuts) Association Start (26/09/2013 6:44:34 PM) Running Repair Under Current User Account Running Repair Under System Account Done (26/09/2013 6:44:44 PM) 22.10 - Repair msc Association Start (26/09/2013 6:44:44 PM) Running Repair Under Current User Account Running Repair Under System Account Done (26/09/2013 6:44:52 PM) 22.11 - Repair reg Association Start (26/09/2013 6:44:52 PM) Running Repair Under Current User Account Running Repair Under System Account Done (26/09/2013 6:45:00 PM) 22.12 - Repair scr Association Start (26/09/2013 6:45:00 PM) Running Repair Under Current User Account Running Repair Under System Account Done (26/09/2013 6:45:16 PM) 23 - Repair Windows Safe Mode Start (26/09/2013 6:45:16 PM) Running Repair Under Current User Account Running Repair Under System Account Done (26/09/2013 6:45:25 PM) 24 - Repair Print Spooler Start (26/09/2013 6:45:25 PM) Running Repair Under Current User Account Running Repair Under System Account Done (26/09/2013 6:45:43 PM) 25 - Restore Important Windows Services Start (26/09/2013 6:45:43 PM) Running Repair Under Current User Account Running Repair Under System Account Done (26/09/2013 6:46:00 PM) 26 - Set Windows Services To Default Startup Start (26/09/2013 6:46:00 PM) Running Repair Under Current User Account Running Repair Under System Account Done (26/09/2013 6:46:29 PM) Cleaning up empty logs... All Selected Repairs Done. Done (26/09/2013 6:46:29 PM) Total Repair Time: 00:57:04 ...YOU MUST RESTART YOUR SYSTEM... Running Repair Under Current User Account

#14 OCD

SuperHelper

Malware Team
5,574 posts

Posted 26 September 2013 - 08:19 PM

Hi tahaminey,

I have not attempted to restart again but will do so later.

Post update after you have attempted the restart.

OCD

Proud Graduate of WTT Classroom
Member of UNITE

Threads will be closed if no response after 5 days

If you are satisfied with the help you have received, please consider making a donation.

#15 tahaminey

Authentic Member

Authentic Member
69 posts

Posted 27 September 2013 - 07:17 AM

Hi OCD, When I turned on my computer today, I was able to login and go to desktop with no black screen showing. I have attempted to restart a few times and was still able to get in. I don't know if the problem has been fixed or if it's having mood swings. Will continue to test it and see.

Body Background

skin color theme