Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Got Trojan.FakeAV [Solved]

Started by KP Nguyen , Jan 05 2012 11:51 AM

  • This topic is locked This topic is locked

#1
KP Nguyen
Posted 05 January 2012 - 11:51 AM

KP Nguyen

    New Member

  • Member
  • Pip
  • 4 posts
Hi, yesterday I started to receive a notice on my Norton aleart that it has blocked the virus Trojan.FaveAV and since then I have been getting it everytime I try to get onto Internet Explorer. Microsoft Windows keep saying "Internet Explorer Developer Tools has stopped working" everytime I attempt to get on the internet. I don't know how but I guess by luck, I am using internet explorer right now. I kept trying until I got on. I've been using another laptop to look up how to get rid of this virus and found this website. I have a Windows 7. My first few tries on scanning OTL I did not get a wordpad from OTL so I ran it as adminsistrator and then I got a OTL.Txt. Please help.

Thank you very much
Kim


OTL logfile created on: 1/5/2012 11:46:24 AM - Run 3
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Kimphuong\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.96 Gb Total Physical Memory | 1.32 Gb Available Physical Memory | 44.74% Memory free
6.11 Gb Paging File | 4.27 Gb Available in Paging File | 69.86% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 288.01 Gb Total Space | 123.62 Gb Free Space | 42.92% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 2.77 Gb Free Space | 27.71% Space Free | Partition Type: NTFS

Computer Name: KIMPHUONG-PC | User Name: Kimphuong | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/01/05 11:35:25 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Kimphuong\Desktop\OTL.exe
PRC - [2011/11/12 12:14:23 | 000,307,376 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
PRC - [2011/11/02 08:24:04 | 000,068,896 | ---- | M] (Nalpeiron Ltd.) -- C:\Windows\System32\NLSSRV32.EXE
PRC - [2011/09/21 18:35:57 | 000,117,648 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Internet Security\Engine\16.8.3.6\ccSvcHst.exe
PRC - [2011/07/06 11:12:22 | 000,210,144 | ---- | M] () -- C:\Program Files\PDFLite Toolbar\ToolbarUpdaterService.exe
PRC - [2011/05/24 19:02:56 | 000,240,288 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashUtil10q_ActiveX.exe
PRC - [2011/05/20 11:03:34 | 000,210,144 | ---- | M] () -- C:\Program Files\StartNow Toolbar\ToolbarUpdaterService.exe
PRC - [2010/02/08 19:49:19 | 000,032,838 | ---- | M] (MyWebSearch.com) -- C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE
PRC - [2010/02/08 19:49:19 | 000,028,762 | ---- | M] (MyWebSearch.com) -- C:\Program Files\MyWebSearch\bar\1.bin\MWSSVC.EXE
PRC - [2010/02/08 19:49:19 | 000,024,688 | ---- | M] (MyWebSearch.com) -- C:\Program Files\MyWebSearch\bar\1.bin\M3SRCHMN.EXE
PRC - [2009/04/11 00:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/02/27 14:10:16 | 001,316,192 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DellDock.exe
PRC - [2009/02/23 08:48:06 | 000,632,048 | ---- | M] (SoftThinks) -- C:\Windows\sminst\SftService.exe
PRC - [2009/02/23 07:05:34 | 000,111,856 | ---- | M] (Yahoo! Inc) -- C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
PRC - [2009/01/29 23:50:06 | 000,201,968 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe
PRC - [2009/01/05 16:19:10 | 000,824,560 | ---- | M] (Dell Inc.) -- c:\Program Files\Common Files\Dell\Advanced Networking Service\hnm_svc.exe
PRC - [2009/01/05 16:19:08 | 000,173,296 | ---- | M] (SingleClick Systems) -- C:\Program Files\Common Files\Dell\Remote Access File Sync Service\dsl_fs_sync.exe
PRC - [2008/12/22 03:26:46 | 000,483,420 | ---- | M] (IDT, Inc.) -- C:\Program Files\IDT\WDM\sttray.exe
PRC - [2008/12/22 03:26:36 | 000,241,746 | ---- | M] (IDT, Inc.) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_ae0b52e0\stacsv.exe
PRC - [2008/12/22 03:26:08 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_ae0b52e0\AEstSrv.exe
PRC - [2008/12/18 12:05:28 | 000,155,648 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DockLogin.exe
PRC - [2008/12/17 22:27:22 | 004,823,928 | ---- | M] (Dell Inc. and SightSpeed Inc.) -- C:\Program Files\Dell Video Chat\DellVideoChat.exe
PRC - [2008/11/09 14:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/07/31 11:58:38 | 001,616,976 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\QuickSet\quickset.exe
PRC - [2008/07/04 13:16:58 | 000,132,392 | ---- | M] (CyberLink Corp.) -- C:\Program Files\Dell\MediaDirect\PCMService.exe
PRC - [2008/02/19 09:43:30 | 000,438,403 | ---- | M] (Creative Technology Ltd.) -- C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell.exe
PRC - [2008/01/20 20:23:24 | 000,215,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\WindowsMobile\wmdSync.exe
PRC - [2007/09/21 12:26:34 | 000,015,872 | ---- | M] (Apache Software Foundation) -- C:\Program Files\Common Files\Dell\apache\bin\httpd.exe
PRC - [2007/09/14 12:35:04 | 005,730,304 | ---- | M] () -- C:\Program Files\Common Files\Dell\MySQL\bin\mysqld.exe
PRC - [2007/02/28 18:38:18 | 000,538,096 | ---- | M] ( ) -- C:\Windows\System32\dlbucoms.exe


========== Modules (No Company Name) ==========

MOD - [2011/10/14 16:30:12 | 015,881,216 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\MenuSkinning\20b730293740ca779552bdb6fa0b650e\MenuSkinning.ni.dll
MOD - [2011/10/14 16:29:30 | 000,284,160 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\VistaBridgeLibrary\77e2e010d880be3d9d1a38c400a9bb7c\VistaBridgeLibrary.ni.dll
MOD - [2011/10/14 16:29:23 | 000,998,400 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\6bc98e9b5eedaa8f71c5454d36a4b772\System.Management.ni.dll
MOD - [2011/10/14 16:29:19 | 002,557,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\DellDock\53310c02d109b1981d817d4b21d2770a\DellDock.ni.exe
MOD - [2011/10/14 16:29:16 | 000,286,208 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\MyDock.Util\9da54ae40eef7103114335191945aafb\MyDock.Util.ni.dll
MOD - [2011/10/14 16:28:02 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\40da9084d0863e07d7ce55953833b8b0\System.Configuration.ni.dll
MOD - [2011/10/14 16:27:41 | 000,025,600 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Accessibility\bcb66dbad2b45d05235b37a02f737eb5\Accessibility.ni.dll
MOD - [2011/10/13 22:02:33 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\c1c06a392871267db27f7cbc40e1c4fb\System.Xml.ni.dll
MOD - [2011/10/13 22:01:40 | 012,430,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\1363115565fff5a641243a48f396f107\System.Windows.Forms.ni.dll
MOD - [2011/10/13 22:01:25 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\367c4043efc2f32d843cb588b0dc97fc\System.Drawing.ni.dll
MOD - [2011/10/13 21:58:06 | 007,950,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\f9c36ea806e77872dce891c77b68fac3\System.ni.dll
MOD - [2011/10/13 21:57:37 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\b6632a8b2f276a8e31f5b0f6b2006cd1\mscorlib.ni.dll
MOD - [2011/09/27 07:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/09/27 07:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2008/12/17 22:24:14 | 006,510,416 | ---- | M] () -- C:\Program Files\Dell Video Chat\QtGui4.dll
MOD - [2008/12/17 22:24:14 | 001,657,168 | ---- | M] () -- C:\Program Files\Dell Video Chat\QtCore4.dll
MOD - [2008/12/17 22:24:14 | 000,396,112 | ---- | M] () -- C:\Program Files\Dell Video Chat\QtOpenGL4.dll
MOD - [2008/12/17 22:24:14 | 000,366,928 | ---- | M] () -- C:\Program Files\Dell Video Chat\QtNetwork4.dll
MOD - [2008/12/17 22:24:14 | 000,027,472 | ---- | M] () -- C:\Program Files\Dell Video Chat\SDL.dll
MOD - [2008/05/19 15:47:00 | 000,450,560 | ---- | M] () -- C:\Program Files\Common Files\Dell\apache\ioncube_loader_win_5.2.dll
MOD - [2007/09/21 12:32:18 | 002,035,712 | ---- | M] () -- C:\Program Files\Common Files\Dell\apache\libmysql.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/11/02 08:24:04 | 000,068,896 | ---- | M] (Nalpeiron Ltd.) [Auto | Running] -- C:\Windows\System32\NLSSRV32.EXE -- (nlsX86cc)
SRV - [2011/09/21 18:35:57 | 000,117,648 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton Internet Security\Engine\16.8.3.6\ccSvcHst.exe -- (Norton Internet Security)
SRV - [2011/07/06 11:12:22 | 000,210,144 | ---- | M] () [Auto | Running] -- C:\Program Files\PDFLite Toolbar\ToolbarUpdaterService.exe -- (Updater Service for PDFLite Toolbar)
SRV - [2011/05/20 11:03:34 | 000,210,144 | ---- | M] () [Auto | Running] -- C:\Program Files\StartNow Toolbar\ToolbarUpdaterService.exe -- (Updater Service for StartNow Toolbar)
SRV - [2010/10/12 11:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
SRV - [2010/02/08 19:49:19 | 000,028,762 | ---- | M] (MyWebSearch.com) [Auto | Running] -- C:\Program Files\MyWebSearch\bar\1.bin\MWSSVC.EXE -- (MyWebSearchService)
SRV - [2009/05/05 21:30:20 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe -- (GoToAssist)
SRV - [2009/02/23 08:48:06 | 000,632,048 | ---- | M] (SoftThinks) [Auto | Running] -- C:\Windows\sminst\sftservice.EXE -- (SftService)
SRV - [2009/01/29 23:50:06 | 000,201,968 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_DellSupportCenter) SupportSoft Sprocket Service (DellSupportCenter)
SRV - [2009/01/05 16:19:10 | 000,824,560 | ---- | M] (Dell Inc.) [Auto | Running] -- c:\Program Files\Common Files\Dell\Advanced Networking Service\hnm_svc.exe -- (hnmsvc)
SRV - [2009/01/05 16:19:08 | 000,173,296 | ---- | M] (SingleClick Systems) [Auto | Running] -- C:\Program Files\Common Files\Dell\Remote Access File Sync Service\dsl_fs_sync.exe -- (dsl-fs-sync)
SRV - [2008/12/22 03:26:36 | 000,241,746 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_ae0b52e0\stacsv.exe -- (STacSV)
SRV - [2008/12/22 03:26:08 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_ae0b52e0\AEstSrv.exe -- (AESTFilters)
SRV - [2008/12/18 12:05:28 | 000,155,648 | ---- | M] (Stardock Corporation) [Auto | Running] -- C:\Program Files\Dell\DellDock\DockLogin.exe -- (DockLoginService)
SRV - [2008/11/09 14:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/01/20 20:23:24 | 000,365,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2008/01/20 20:23:24 | 000,167,936 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
SRV - [2007/09/21 12:26:34 | 000,015,872 | ---- | M] (Apache Software Foundation) [Auto | Running] -- C:\Program Files\Common Files\Dell\apache\bin\httpd.exe -- (Apache2.2)
SRV - [2007/09/14 12:35:04 | 005,730,304 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\Dell\MySQL\bin\mysqld.exe -- (dsl-db)
SRV - [2007/02/28 18:38:18 | 000,538,096 | ---- | M] ( ) [Auto | Running] -- C:\Windows\System32\dlbucoms.exe -- (dlbu_device)


========== Driver Services (SafeList) ==========

DRV - [2011/11/08 03:00:00 | 000,374,392 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2011/11/08 03:00:00 | 000,106,104 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2011/10/10 20:04:24 | 000,467,592 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\Drivers\NIS\1008030.006\ccHPx86.sys -- (ccHP)
DRV - [2011/09/21 18:35:58 | 000,217,464 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\Drivers\NIS\1008030.006\SYMTDI.SYS -- (SYMTDI)
DRV - [2011/09/21 18:35:58 | 000,089,976 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\NIS\1008030.006\SYMFW.SYS -- (SYMFW)
DRV - [2011/09/21 18:35:58 | 000,048,760 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\NIS\1008030.006\SYMNDISV.SYS -- (SYMNDISV)
DRV - [2011/08/22 23:17:32 | 000,368,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20120104.002\IDSvix86.sys -- (IDSVix86)
DRV - [2011/08/03 02:00:00 | 001,576,312 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20120104.032\NAVEX15.SYS -- (NAVEX15)
DRV - [2011/08/03 02:00:00 | 000,086,136 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20120104.032\NAVENG.SYS -- (NAVENG)
DRV - [2009/08/22 01:28:17 | 000,310,320 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\system32\drivers\NIS\1008030.006\SYMEFA.SYS -- (SymEFA)
DRV - [2009/08/22 01:28:17 | 000,308,272 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\Windows\System32\Drivers\NIS\1008030.006\SRTSP.SYS -- (SRTSP)
DRV - [2009/08/22 01:28:17 | 000,259,632 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\Drivers\NIS\1008030.006\BHDrvx86.sys -- (BHDrvx86)
DRV - [2009/08/22 01:28:17 | 000,043,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\system32\drivers\NIS\1008030.006\SRTSPX.SYS -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV - [2009/08/22 01:28:07 | 000,025,648 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\SymIMV.sys -- (SymIM)
DRV - [2009/08/20 10:31:04 | 000,124,976 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2009/04/10 22:42:52 | 000,031,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (winusb)
DRV - [2009/01/19 06:38:16 | 000,133,472 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\OA001Ufd.sys -- (OA001Ufd)
DRV - [2009/01/19 06:38:12 | 000,279,488 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\OA001Vid.sys -- (OA001Vid)
DRV - [2008/12/22 03:26:50 | 000,393,216 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2008/12/22 03:12:06 | 003,662,848 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw5v32.sys -- (NETw5v32) Intel®
DRV - [2008/11/21 05:15:30 | 000,112,128 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\IntcHdmi.sys -- (IntcHdmiAddService) Intel®
DRV - [2008/11/04 17:16:40 | 000,022,904 | ---- | M] (PC-Doctor, Inc.) [Kernel | On_Demand | Stopped] -- C:\Program Files\Dell Support Center\HWDiag\bin\pcd5srvc.pkms -- (PCD5SRVC{F6CE0040-33AA1442-05040104})
DRV - [2008/11/04 17:16:40 | 000,022,904 | ---- | M] (PC-Doctor, Inc.) [Kernel | On_Demand | Stopped] -- C:\Program Files\Dell Support Center\HWDiag\bin\pcd5srvc.pkms -- (PCD5SRVC{3F6A8B78-EC003E00-05040104})
DRV - [2008/08/25 05:25:52 | 000,170,032 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2008/08/25 04:37:44 | 000,203,264 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\k57nd60x.sys -- (k57nd60x) Broadcom NetLink ™
DRV - [2008/08/25 04:35:24 | 000,054,784 | ---- | M] (ITE Tech. Inc. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\itecir.sys -- (itecir)
DRV - [2008/07/16 05:46:52 | 000,038,400 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2008/07/16 05:46:50 | 000,046,592 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2008/07/16 05:46:48 | 000,043,008 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2008/06/17 10:01:06 | 000,022,016 | ---- | M] (SingleClick Systems) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\packet.sys -- (Packet)
DRV - [2008/01/20 20:23:25 | 000,220,672 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel®
DRV - [2006/11/02 01:36:43 | 002,028,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USCON/1
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.c...//www.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.c...//www.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.c...rch/search.html

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USCON/1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.c...//www.yahoo.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://m.www.yahoo.com/?r0=1263615215
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\bar\1.bin\MWSSRCAS.DLL (MyWebSearch.com)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.order.1: "Yahoo"
FF - prefs.js..browser.search.order.2: ""
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..browser.startup.homepage: "http://mystart.incre...60387738895718"
FF - prefs.js..network.proxy.no_proxies_on: "*.local"
FF - prefs.js..network.proxy.type: 0
FF - prefs.js..keyword.URL: "http://search.yahoo....type=937811&p="
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=937811&ilc=12"

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Musicnotes.com/Musicnotes Viewer: C:\Program Files\Musicnotes\npmusicn.dll (Musicnotes, Inc.)
FF - HKLM\Software\MozillaPlugins\@mywebsearch.com/Plugin: C:\Program Files\MyWebSearch\bar\1.bin\NPMyWebS.dll (MyWebSearch.com)
FF - HKLM\Software\MozillaPlugins\@Sibelius.com/Scorch Plugin: C:\Program Files\Musicnotes\npsibelius.dll ()
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@veoh.com/VeohTVPlugin: C:\Program Files\Veoh Networks\VeohWebPlayer\NPVeohTVPlugin.dll (Veoh Networks )
FF - HKLM\Software\MozillaPlugins\@veoh.com/VeohWebPlayer: C:\Program Files\Veoh Networks\VeohWebPlayer\npWebPlayerVideoPluginATL.dll (Veoh)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF - HKCU\Software\MozillaPlugins\@yahoo.com/BrowserPlus,version=2.9.8: C:\Users\Kimphuong\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll (Yahoo! Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\MyWebSearch\bar\1.bin [2010/02/08 19:49:26 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{7BA52691-1876-45ce-9EE6-54BCB3B04BBC}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn\ [2011/10/11 08:24:46 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/11/16 16:42:09 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Veoh Networks\VeohWebPlayer\FFVideoFinder [2009/06/02 00:32:40 | 000,000,000 | ---D | M]

[2009/08/27 23:27:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kimphuong\AppData\Roaming\Mozilla\Extensions
[2009/08/27 23:27:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kimphuong\AppData\Roaming\Mozilla\Extensions\[email protected]
[2011/12/25 15:30:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kimphuong\AppData\Roaming\Mozilla\Firefox\Profiles\tvw24wa3.default\extensions
[2011/11/16 01:14:47 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Kimphuong\AppData\Roaming\Mozilla\Firefox\Profiles\tvw24wa3.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2011/11/16 01:14:40 | 000,002,207 | ---- | M] () -- C:\Users\Kimphuong\AppData\Roaming\Mozilla\Firefox\Profiles\tvw24wa3.default\searchplugins\MyStart Search.xml
[2012/01/05 10:37:51 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/10/19 23:26:15 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\distribution\extensions
[2011/10/19 23:26:15 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Program Files\Mozilla Firefox\distribution\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
File not found (No name found) -- C:\PROGRAM FILES\COMMON FILES\SPIGOT\WTXPCOM
[2010/02/08 19:49:26 | 000,000,000 | ---D | M] (My Web Search) -- C:\PROGRAM FILES\MYWEBSEARCH\BAR\1.BIN
File not found (No name found) -- C:\PROGRAM FILES\YOUTUBE DOWNLOADER TOOLBAR\FF
[2012/01/05 10:37:50 | 000,000,000 | ---D | M] (Norton IPS) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NORTON\IPSFFPLGN
[2009/06/24 18:13:21 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2011/06/15 22:17:34 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2010/01/01 02:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\15.0.874.106\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\15.0.874.106\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\15.0.874.106\pdf.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll
CHR - plugin: Musicnotes (Enabled) = C:\Program Files\Musicnotes\npmusicn.dll
CHR - plugin: ScorchPlugin (Enabled) = C:\Program Files\Musicnotes\npsibelius.dll
CHR - plugin: My Web Search Plugin Stub (Enabled) = C:\Program Files\MyWebSearch\bar\1.bin\NPMyWebS.dll
CHR - plugin: VeohTV Plugin (Enabled) = C:\Program Files\Veoh Networks\VeohWebPlayer\NPVeohTVPlugin.dll
CHR - plugin: Veoh Web Player Beta (Enabled) = C:\Program Files\Veoh Networks\VeohWebPlayer\npWebPlayerVideoPluginATL.dll
CHR - plugin: WildTangent Games App Presence Detector (Enabled) = C:\Program Files\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: BrowserPlus (from Yahoo!) v2.9.8 (Enabled) = C:\Users\Kimphuong\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin

O1 HOSTS File: ([2006/09/18 15:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (MyWebSearch Search Assistant BHO) - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\bar\1.bin\MWSSRCAS.DLL (MyWebSearch.com)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (mwsBar BHO) - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL (MyWebSearch.com)
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: (ooVoo Toolbar) - {59c6f12b-f004-43e5-9997-08f2123119b6} - C:\Program Files\oovootoolbar\oovootoolbarX.dll ()
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\16.8.3.6\CoIEPlg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\16.8.3.6\IPSBHO.dll (Symantec Corporation)
O2 - BHO: (StartNow Toolbar Helper) - {6E13D095-45C3-4271-9475-F3B48227DD9F} - C:\Program Files\StartNow Toolbar\Toolbar32.dll (StartNow.com)
O2 - BHO: (PDFLite Toolbar Helper) - {7413F9FC-8E54-4c93-BEB7-1225EB0970CA} - C:\Program Files\PDFLite Toolbar\Toolbar32.dll (PDFLite)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (MediaBar) - {ABB49B3B-AB7D-4ED0-9135-93FD5AA4F69F} - C:\Program Files\iMeshMediabarTb\iMeshMediaBarDx.dll ()
O3 - HKLM\..\Toolbar: (My Web Search) - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL (MyWebSearch.com)
O3 - HKLM\..\Toolbar: (Veoh Web Player Video Finder) - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll (Veoh Networks Inc)
O3 - HKLM\..\Toolbar: (StartNow Toolbar) - {5911488E-9D1E-40ec-8CBB-06B231CC153F} - C:\Program Files\StartNow Toolbar\Toolbar32.dll (StartNow.com)
O3 - HKLM\..\Toolbar: (ooVoo Toolbar) - {59c6f12b-f004-43e5-9997-08f2123119b6} - C:\Program Files\oovootoolbar\oovootoolbarX.dll ()
O3 - HKLM\..\Toolbar: (PDFLite Toolbar) - {7C8ACEEB-B1D8-43cc-A387-DA838515368D} - C:\Program Files\PDFLite Toolbar\Toolbar32.dll (PDFLite)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\16.8.3.6\CoIEPlg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (MediaBar) - {ABB49B3B-AB7D-4ED0-9135-93FD5AA4F69F} - C:\Program Files\iMeshMediabarTb\iMeshMediaBarDx.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (My Web Search) - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL (MyWebSearch.com)
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\16.8.3.6\CoIEPlg.dll (Symantec Corporation)
O4 - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [Dell DataSafe Online] C:\Program Files\Dell DataSafe Online\DataSafeOnline.exe ()
O4 - HKLM..\Run: [Dell Webcam Central] C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell.exe (Creative Technology Ltd.)
O4 - HKLM..\Run: [dellsupportcenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [My Web Search Bar Search Scope Monitor] C:\Program Files\MyWebSearch\bar\1.bin\M3SRCHMN.EXE (MyWebSearch.com)
O4 - HKLM..\Run: [MyWebSearch Email Plugin] C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE (MyWebSearch.com)
O4 - HKLM..\Run: [PCMService] C:\Program Files\Dell\MediaDirect\PCMService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.)
O4 - HKLM..\Run: [Wfrmsrv] C:\Windows\Wfrmsrv.exe ()
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Windows Mobile-based device management] C:\Windows\WindowsMobile\wmdSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [YSearchProtection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe (Yahoo! Inc)
O4 - HKCU..\Run: [MyWebSearch Email Plugin] C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE (MyWebSearch.com)
O4 - HKCU..\Run: [ooVoo.exe] C:\Program Files\ooVoo\oovoo.exe (ooVoo LLC)
O4 - HKCU..\Run: [Search Protection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe (Yahoo! Inc)
O4 - HKCU..\Run: [SightSpeed] C:\Program Files\Dell Video Chat\DellVideoChat.exe (Dell Inc. and SightSpeed Inc.)
O4 - HKCU..\Run: [VPSKEYS] C:\Program Files\Vpskeys\VPSKEYS.EXE (Hoi Chuyen Gia Viet Nam)
O4 - HKLM..\RunOnce: [DSUpdateLauncher] C:\Program Files\Dell DataSafe Local Backup\Components\DSUpdate\runhstart.bat ()
O4 - HKCU..\RunOnce: [FlashPlayerUpdate] C:\Windows\System32\Macromed\Flash\FlashUtil10q_ActiveX.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Users\Kimphuong\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
O4 - Startup: C:\Users\Kimphuong\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ViiKiiDesktopPlugin.lnk = File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableStatusMessages = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O8 - Extra context menu item: &Search - http://edits.mywebse...?p=ZJxdm431YYUS File not found
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebo...toUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} http://ak.exe.imgfar...etup1.0.1.1.cab (Reg Error: Key error.)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebo...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} http://lads.myspace....ceUploader2.cab (MySpace Uploader Control)
O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BFE957CD-D169-45DC-9A39-BE9F50550276}: DhcpNameServer = 10.101.101.100 163.244.101.69 163.244.100.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E0E09F98-8191-4533-98AA-DE2AF70709EE}: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\symres {AA1061FE-6C41-421f-9344-69640C9732AB} - C:\Program Files\Norton Internet Security\Engine\16.8.3.6\CoIEPlg.dll (Symantec Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll) - C:\Program Files\Citrix\GoToAssist\514\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
O24 - Desktop WallPaper: C:\Users\Kimphuong\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Kimphuong\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 15:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2004/04/30 15:01:00 | 000,000,053 | -HS- | M] () - D:\AUTORUN.INF -- [ NTFS ]
O33 - MountPoints2\{26bd5a65-07b5-11e1-a0b8-002219e9c4ac}\Shell - "" = AutoRun
O33 - MountPoints2\{26bd5a65-07b5-11e1-a0b8-002219e9c4ac}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O33 - MountPoints2\{4d191c86-dc38-11de-aa17-002219e8ae1e}\Shell\AutoRun\command - "" = F:\InstallTomTomHOME.exe
O33 - MountPoints2\{522c729a-f80b-11e0-b4f3-002219e9c4ac}\Shell - "" = AutoRun
O33 - MountPoints2\{522c729a-f80b-11e0-b4f3-002219e9c4ac}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O33 - MountPoints2\{55b14351-2fad-11df-8464-002219e8ae1e}\Shell - "" = AutoRun
O33 - MountPoints2\{55b14351-2fad-11df-8464-002219e8ae1e}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O33 - MountPoints2\{cc686c57-4171-11e0-bb36-002219e9c4ac}\Shell - "" = AutoRun
O33 - MountPoints2\{cc686c57-4171-11e0-bb36-002219e9c4ac}\Shell\AutoRun\command - "" = F:\unlock.exe autoplay=true
O33 - MountPoints2\{fd4c1526-89f5-11de-a763-002219e8ae1e}\Shell - "" = AutoRun
O33 - MountPoints2\{fd4c1526-89f5-11de-a763-002219e8ae1e}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = 18L] -- "C:\Users\KIMPHU~1\AppData\Local\Temp\sconmxeraw.exe" -a "%1" %* (Microsoft Corporation)

========== Files/Folders - Created Within 30 Days ==========

[2012/01/05 11:35:23 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Kimphuong\Desktop\OTL.exe
[2012/01/03 22:44:22 | 000,000,000 | ---D | C] -- C:\Users\Kimphuong\Documents\Tet Dragon 2012
[2011/12/13 23:12:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2011/12/13 23:11:20 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011/12/13 23:11:17 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2010/08/25 18:59:08 | 000,004,096 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll
[2009/07/26 16:16:47 | 008,653,312 | ---- | C] (Dell, Inc. ) -- C:\Users\Kimphuong\AppData\Roaming\DataSafeDotNet.exe
[2007/02/28 18:38:18 | 000,538,096 | ---- | C] ( ) -- C:\Windows\System32\dlbucoms.exe
[2007/02/28 18:38:18 | 000,386,544 | ---- | C] ( ) -- C:\Windows\System32\dlbuih.exe
[2007/02/28 18:38:16 | 000,382,448 | ---- | C] ( ) -- C:\Windows\System32\dlbucfg.exe
[2007/01/30 09:47:52 | 000,643,072 | ---- | C] ( ) -- C:\Windows\System32\dlbupmui.dll
[2007/01/30 09:46:00 | 001,224,704 | ---- | C] ( ) -- C:\Windows\System32\dlbuserv.dll
[2007/01/30 09:38:18 | 000,421,888 | ---- | C] ( ) -- C:\Windows\System32\dlbucomm.dll
[2007/01/30 09:36:30 | 000,585,728 | ---- | C] ( ) -- C:\Windows\System32\dlbulmpm.dll
[2007/01/30 09:35:00 | 000,397,312 | ---- | C] ( ) -- C:\Windows\System32\dlbuiesc.dll
[2007/01/30 09:32:06 | 000,094,208 | ---- | C] ( ) -- C:\Windows\System32\dlbupplc.dll
[2007/01/30 09:31:08 | 000,684,032 | ---- | C] ( ) -- C:\Windows\System32\dlbucomc.dll
[2007/01/30 09:30:30 | 000,163,840 | ---- | C] ( ) -- C:\Windows\System32\dlbuprox.dll
[2007/01/30 09:22:32 | 000,413,696 | ---- | C] ( ) -- C:\Windows\System32\dlbuinpa.dll
[2007/01/30 09:21:46 | 000,995,328 | ---- | C] ( ) -- C:\Windows\System32\dlbuusb1.dll
[2007/01/30 09:17:02 | 000,696,320 | ---- | C] ( ) -- C:\Windows\System32\dlbuhbn3.dll
[2 C:\Users\Kimphuong\Documents\*.tmp files -> C:\Users\Kimphuong\Documents\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/01/05 11:48:00 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/01/05 11:35:25 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Kimphuong\Desktop\OTL.exe
[2012/01/05 10:37:30 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/01/05 10:37:21 | 000,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/01/05 10:37:21 | 000,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/01/05 10:37:13 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/01/05 10:36:41 | 3176,054,784 | -HS- | M] () -- C:\hiberfil.sys
[2012/01/04 22:23:47 | 000,000,000 | -HS- | M] () -- C:\Users\Kimphuong\AppData\Local\bsc7o1i0dbmi
[2012/01/04 00:47:48 | 000,010,336 | -HS- | M] () -- C:\ProgramData\bsc7o1i0dbmi
[2012/01/02 21:37:14 | 000,007,052 | ---- | M] () -- C:\Users\Kimphuong\AppData\Local\d3d9caps.dat
[2011/12/30 22:30:39 | 006,080,931 | ---- | M] () -- C:\Users\Kimphuong\Documents\I Never Told you.mp3
[2011/12/30 22:29:13 | 000,005,540 | -HS- | M] () -- C:\Users\Kimphuong\Documents\Folder.jpg
[2011/12/30 22:29:13 | 000,005,540 | -HS- | M] () -- C:\Users\Kimphuong\Documents\AlbumArt_{8E7C75D3-3E48-4C0C-86C1-0B70A227787B}_Large.jpg
[2011/12/30 22:29:13 | 000,001,374 | -HS- | M] () -- C:\Users\Kimphuong\Documents\AlbumArtSmall.jpg
[2011/12/30 22:29:13 | 000,001,374 | -HS- | M] () -- C:\Users\Kimphuong\Documents\AlbumArt_{8E7C75D3-3E48-4C0C-86C1-0B70A227787B}_Small.jpg
[2011/12/30 22:28:11 | 005,344,962 | ---- | M] () -- C:\Users\Kimphuong\Documents\Amazing Grace (My Chains Are Gone).mp3
[2011/12/30 22:27:54 | 000,008,580 | -HS- | M] () -- C:\Users\Kimphuong\Documents\AlbumArt_{F7D4951E-E15D-489E-92CC-0B7719F6221D}_Large.jpg
[2011/12/30 22:27:49 | 000,002,194 | -HS- | M] () -- C:\Users\Kimphuong\Documents\AlbumArt_{F7D4951E-E15D-489E-92CC-0B7719F6221D}_Small.jpg
[2011/12/21 21:44:54 | 006,823,181 | ---- | M] () -- C:\Users\Kimphuong\Documents\A Thousand Years.mp3
[2011/12/21 21:44:05 | 005,911,843 | ---- | M] () -- C:\Users\Kimphuong\Documents\Realize.mp3
[2011/12/21 21:43:33 | 004,571,952 | ---- | M] () -- C:\Users\Kimphuong\Documents\Lucky.mp3
[2011/12/21 21:42:14 | 003,704,155 | ---- | M] () -- C:\Users\Kimphuong\Documents\Who You Are.mp3
[2011/12/21 21:39:17 | 008,951,319 | ---- | M] () -- C:\Users\Kimphuong\Documents\Price Tag.mp3
[2011/12/21 21:28:45 | 003,540,159 | ---- | M] () -- C:\Users\Kimphuong\Documents\Better With The Lights Off.mp3
[2011/12/21 21:28:34 | 005,041,446 | ---- | M] () -- C:\Users\Kimphuong\Documents\I Can't Make You Love Me.mp3
[2011/12/21 21:09:41 | 004,127,662 | ---- | M] () -- C:\Users\Kimphuong\Documents\It Will Rain.mp3
[2011/12/21 21:07:21 | 003,711,172 | ---- | M] () -- C:\Users\Kimphuong\Documents\show it.mp3
[2011/12/21 21:07:08 | 005,814,205 | ---- | M] () -- C:\Users\Kimphuong\Documents\Say (All I Need).mp3
[2011/12/16 03:43:59 | 000,424,680 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/12/15 19:55:19 | 000,001,973 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2011/12/15 10:13:32 | 005,408,130 | ---- | M] () -- C:\Users\Kimphuong\Documents\be my baby.mp3
[2011/12/13 23:12:46 | 000,001,653 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011/12/11 01:56:21 | 020,511,917 | ---- | M] () -- C:\Users\Kimphuong\Desktop\UNICEF Tap Project 2011.flv
[2011/12/06 13:35:34 | 001,122,271 | ---- | M] () -- C:\Users\Kimphuong\Documents\We Wish You A Merry Christmas Disney.mp3
[2011/12/06 13:34:33 | 000,009,369 | -HS- | M] () -- C:\Users\Kimphuong\Documents\AlbumArt_{63029C1F-EC6A-41DC-9D13-8BF5104E02D2}_Large.jpg
[2011/12/06 13:34:32 | 000,002,449 | -HS- | M] () -- C:\Users\Kimphuong\Documents\AlbumArt_{63029C1F-EC6A-41DC-9D13-8BF5104E02D2}_Small.jpg
[2011/12/06 13:33:43 | 004,592,688 | ---- | M] () -- C:\Users\Kimphuong\Documents\Tears In Heaven.mp3
[2011/12/06 13:33:09 | 000,006,740 | -HS- | M] () -- C:\Users\Kimphuong\Documents\AlbumArt_{8214BAEB-6846-41A8-80F2-F983CC246097}_Large.jpg
[2011/12/06 13:33:09 | 000,001,938 | -HS- | M] () -- C:\Users\Kimphuong\Documents\AlbumArt_{8214BAEB-6846-41A8-80F2-F983CC246097}_Small.jpg
[2011/12/06 13:32:05 | 004,429,106 | ---- | M] () -- C:\Users\Kimphuong\Documents\Passing By.mp3
[2011/12/06 13:32:02 | 002,905,738 | ---- | M] () -- C:\Users\Kimphuong\Documents\Merry Christmas Darling.mp3
[2011/12/06 13:31:07 | 000,009,125 | -HS- | M] () -- C:\Users\Kimphuong\Documents\AlbumArt_{2DD20492-6530-47C6-AF47-7C18B10BF8C6}_Large.jpg
[2011/12/06 13:31:06 | 000,002,488 | -HS- | M] () -- C:\Users\Kimphuong\Documents\AlbumArt_{2DD20492-6530-47C6-AF47-7C18B10BF8C6}_Small.jpg
[2011/12/06 13:30:43 | 000,012,010 | -HS- | M] () -- C:\Users\Kimphuong\Documents\AlbumArt_{E9139D03-A65B-40DD-8236-9C39F5EEB8AB}_Large.jpg
[2011/12/06 13:30:42 | 000,002,872 | -HS- | M] () -- C:\Users\Kimphuong\Documents\AlbumArt_{E9139D03-A65B-40DD-8236-9C39F5EEB8AB}_Small.jpg
[2011/12/06 13:30:06 | 004,675,786 | ---- | M] () -- C:\Users\Kimphuong\Documents\Lam Sao Em Biet.mp3
[2011/12/06 13:30:05 | 004,309,335 | ---- | M] () -- C:\Users\Kimphuong\Documents\I Want To Break Free.mp3
[2011/12/06 13:30:05 | 003,493,870 | ---- | M] () -- C:\Users\Kimphuong\Documents\I Need A Girl.mp3
[2011/12/06 13:29:30 | 000,011,999 | -HS- | M] () -- C:\Users\Kimphuong\Documents\AlbumArt_{5CF855DB-24FC-421B-AE49-74BFF4A696E6}_Large.jpg
[2011/12/06 13:29:30 | 000,002,780 | -HS- | M] () -- C:\Users\Kimphuong\Documents\AlbumArt_{5CF855DB-24FC-421B-AE49-74BFF4A696E6}_Small.jpg
[2011/12/06 13:29:05 | 000,013,651 | -HS- | M] () -- C:\Users\Kimphuong\Documents\AlbumArt_{5EA4A270-57CE-4680-9AAB-1FA2C96FA31E}_Large.jpg
[2011/12/06 13:29:05 | 000,002,035 | -HS- | M] () -- C:\Users\Kimphuong\Documents\AlbumArt_{5EA4A270-57CE-4680-9AAB-1FA2C96FA31E}_Small.jpg
[2011/12/06 13:28:42 | 004,399,721 | ---- | M] () -- C:\Users\Kimphuong\Documents\I Love You For Sentimental Reasons.mp3
[2011/12/06 13:27:27 | 004,444,042 | ---- | M] () -- C:\Users\Kimphuong\Documents\December.mp3
[2011/12/06 13:26:51 | 000,010,487 | -HS- | M] () -- C:\Users\Kimphuong\Documents\AlbumArt_{B8F1E00B-6B8D-4B9A-AC3A-18DB45319F4C}_Large.jpg
[2011/12/06 13:26:51 | 000,002,326 | -HS- | M] () -- C:\Users\Kimphuong\Documents\AlbumArt_{B8F1E00B-6B8D-4B9A-AC3A-18DB45319F4C}_Small.jpg
[2011/12/06 13:25:28 | 014,114,281 | ---- | M] () -- C:\Users\Kimphuong\Documents\A Flying Butterfly (English).mp3
[2011/12/06 13:24:53 | 000,008,706 | -HS- | M] () -- C:\Users\Kimphuong\Documents\AlbumArt_{05196D47-3BED-4B3E-979B-50A1402EC18B}_Large.jpg
[2011/12/06 13:24:53 | 000,001,950 | -HS- | M] () -- C:\Users\Kimphuong\Documents\AlbumArt_{05196D47-3BED-4B3E-979B-50A1402EC18B}_Small.jpg
[2011/12/06 13:24:40 | 008,571,649 | ---- | M] () -- C:\Users\Kimphuong\Documents\Yue Ya Wan.mp3
[2011/12/06 13:24:32 | 000,009,617 | -HS- | M] () -- C:\Users\Kimphuong\Documents\AlbumArt_{79942F71-666B-43E0-97EB-4DB9B691E316}_Large.jpg
[2011/12/06 13:24:32 | 000,002,495 | -HS- | M] () -- C:\Users\Kimphuong\Documents\AlbumArt_{79942F71-666B-43E0-97EB-4DB9B691E316}_Small.jpg
[2011/12/06 13:23:43 | 007,455,275 | ---- | M] () -- C:\Users\Kimphuong\Documents\Mr. Know It All.mp3
[2011/12/06 13:23:39 | 003,146,959 | ---- | M] () -- C:\Users\Kimphuong\Documents\Mona Lisa.mp3
[2011/12/06 13:23:27 | 005,419,008 | ---- | M] () -- C:\Users\Kimphuong\Documents\Give Us Clean Hands.mp3
[2011/12/06 13:23:19 | 005,438,132 | ---- | M] () -- C:\Users\Kimphuong\Documents\Carry On.mp3
[2011/12/06 13:22:35 | 000,010,308 | -HS- | M] () -- C:\Users\Kimphuong\Documents\AlbumArt_{01DF94CD-2CB7-46CC-BC08-7BE95920948C}_Large.jpg
[2011/12/06 13:22:33 | 000,002,722 | -HS- | M] () -- C:\Users\Kimphuong\Documents\AlbumArt_{01DF94CD-2CB7-46CC-BC08-7BE95920948C}_Small.jpg
[2011/12/06 13:22:16 | 000,010,494 | -HS- | M] () -- C:\Users\Kimphuong\Documents\AlbumArt_{7255E7DB-FAFD-4578-85A3-21C06A3F8363}_Large.jpg
[2011/12/06 13:22:15 | 000,002,535 | -HS- | M] () -- C:\Users\Kimphuong\Documents\AlbumArt_{7255E7DB-FAFD-4578-85A3-21C06A3F8363}_Small.jpg
[2011/12/06 13:22:13 | 000,010,515 | -HS- | M] () -- C:\Users\Kimphuong\Documents\AlbumArt_{E95D292B-9199-44FF-B956-A3DFC3219989}_Large.jpg
[2011/12/06 13:22:12 | 000,002,769 | -HS- | M] () -- C:\Users\Kimphuong\Documents\AlbumArt_{E95D292B-9199-44FF-B956-A3DFC3219989}_Small.jpg
[2011/12/06 13:21:53 | 000,007,085 | -HS- | M] () -- C:\Users\Kimphuong\Documents\AlbumArt_{83970D40-BE13-4B84-92D1-ECCF4D6ABF7D}_Large.jpg
[2011/12/06 13:21:52 | 000,001,743 | -HS- | M] () -- C:\Users\Kimphuong\Documents\AlbumArt_{83970D40-BE13-4B84-92D1-ECCF4D6ABF7D}_Small.jpg
[2011/12/06 13:21:39 | 004,069,504 | ---- | M] () -- C:\Users\Kimphuong\Documents\Baby Girl.mp3
[2011/12/06 13:21:28 | 000,008,646 | -HS- | M] () -- C:\Users\Kimphuong\Documents\AlbumArt_{15981066-537A-4845-9E26-3D375BFF36CF}_Large.jpg
[2011/12/06 13:21:28 | 000,002,145 | -HS- | M] () -- C:\Users\Kimphuong\Documents\AlbumArt_{15981066-537A-4845-9E26-3D375BFF36CF}_Small.jpg
[2 C:\Users\Kimphuong\Documents\*.tmp files -> C:\Users\Kimphuong\Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/01/04 22:23:47 | 000,000,000 | -HS- | C] () -- C:\Users\Kimphuong\AppData\Local\bsc7o1i0dbmi
[2012/01/04 00:44:53 | 000,010,336 | -HS- | C] () -- C:\ProgramData\bsc7o1i0dbmi
[2011/12/30 22:29:13 | 000,005,540 | -HS- | C] () -- C:\Users\Kimphuong\Documents\AlbumArt_{8E7C75D3-3E48-4C0C-86C1-0B70A227787B}_Large.jpg
[2011/12/30 22:29:13 | 000,001,374 | -HS- | C] () -- C:\Users\Kimphuong\Documents\AlbumArt_{8E7C75D3-3E48-4C0C-86C1-0B70A227787B}_Small.jpg
[2011/12/30 22:27:58 | 000,008,580 | -HS- | C] () -- C:\Users\Kimphuong\Documents\AlbumArt_{F7D4951E-E15D-489E-92CC-0B7719F6221D}_Large.jpg
[2011/12/30 22:27:58 | 000,002,194 | -HS- | C] () -- C:\Users\Kimphuong\Documents\AlbumArt_{F7D4951E-E15D-489E-92CC-0B7719F6221D}_Small.jpg
[2011/12/21 21:44:03 | 006,823,181 | ---- | C] () -- C:\Users\Kimphuong\Documents\A Thousand Years.mp3
[2011/12/21 21:42:54 | 005,911,843 | ---- | C] () -- C:\Users\Kimphuong\Documents\Realize.mp3
[2011/12/21 21:42:38 | 004,571,952 | ---- | C] () -- C:\Users\Kimphuong\Documents\Lucky.mp3
[2011/12/21 21:42:01 | 006,080,931 | ---- | C] () -- C:\Users\Kimphuong\Documents\I Never Told you.mp3
[2011/12/21 21:40:29 | 003,704,155 | ---- | C] () -- C:\Users\Kimphuong\Documents\Who You Are.mp3
[2011/12/21 21:34:11 | 008,951,319 | ---- | C] () -- C:\Users\Kimphuong\Documents\Price Tag.mp3
[2011/12/21 21:27:06 | 005,041,446 | ---- | C] () -- C:\Users\Kimphuong\Documents\I Can't Make You Love Me.mp3
[2011/12/21 21:24:04 | 003,540,159 | ---- | C] () -- C:\Users\Kimphuong\Documents\Better With The Lights Off.mp3
[2011/12/21 21:09:35 | 004,127,662 | ---- | C] () -- C:\Users\Kimphuong\Documents\It Will Rain.mp3
[2011/12/21 21:05:54 | 005,814,205 | ---- | C] () -- C:\Users\Kimphuong\Documents\Say (All I Need).mp3
[2011/12/15 10:03:38 | 005,408,130 | ---- | C] () -- C:\Users\Kimphuong\Documents\be my baby.mp3
[2011/12/15 10:03:10 | 003,711,172 | ---- | C] () -- C:\Users\Kimphuong\Documents\show it.mp3
[2011/12/13 23:12:46 | 000,001,653 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011/12/11 01:52:05 | 020,511,917 | ---- | C] () -- C:\Users\Kimphuong\Desktop\UNICEF Tap Project 2011.flv
[2011/12/06 13:34:33 | 000,009,369 | -HS- | C] () -- C:\Users\Kimphuong\Documents\AlbumArt_{63029C1F-EC6A-41DC-9D13-8BF5104E02D2}_Large.jpg
[2011/12/06 13:34:33 | 000,002,449 | -HS- | C] () -- C:\Users\Kimphuong\Documents\AlbumArt_{63029C1F-EC6A-41DC-9D13-8BF5104E02D2}_Small.jpg
[2011/12/06 13:33:09 | 000,006,740 | -HS- | C] () -- C:\Users\Kimphuong\Documents\AlbumArt_{8214BAEB-6846-41A8-80F2-F983CC246097}_Large.jpg
[2011/12/06 13:33:09 | 000,001,938 | -HS- | C] () -- C:\Users\Kimphuong\Documents\AlbumArt_{8214BAEB-6846-41A8-80F2-F983CC246097}_Small.jpg
[2011/12/06 13:31:07 | 000,009,125 | -HS- | C] () -- C:\Users\Kimphuong\Documents\AlbumArt_{2DD20492-6530-47C6-AF47-7C18B10BF8C6}_Large.jpg
[2011/12/06 13:31:07 | 000,002,488 | -HS- | C] () -- C:\Users\Kimphuong\Documents\AlbumArt_{2DD20492-6530-47C6-AF47-7C18B10BF8C6}_Small.jpg
[2011/12/06 13:30:43 | 000,012,010 | -HS- | C] () -- C:\Users\Kimphuong\Documents\AlbumArt_{E9139D03-A65B-40DD-8236-9C39F5EEB8AB}_Large.jpg
[2011/12/06 13:30:43 | 000,002,872 | -HS- | C] () -- C:\Users\Kimphuong\Documents\AlbumArt_{E9139D03-A65B-40DD-8236-9C39F5EEB8AB}_Small.jpg
[2011/12/06 13:29:30 | 000,011,999 | -HS- | C] () -- C:\Users\Kimphuong\Documents\AlbumArt_{5CF855DB-24FC-421B-AE49-74BFF4A696E6}_Large.jpg
[2011/12/06 13:29:30 | 000,002,780 | -HS- | C] () -- C:\Users\Kimphuong\Documents\AlbumArt_{5CF855DB-24FC-421B-AE49-74BFF4A696E6}_Small.jpg
[2011/12/06 13:29:05 | 000,013,651 | -HS- | C] () -- C:\Users\Kimphuong\Documents\AlbumArt_{5EA4A270-57CE-4680-9AAB-1FA2C96FA31E}_Large.jpg
[2011/12/06 13:29:05 | 000,002,035 | -HS- | C] () -- C:\Users\Kimphuong\Documents\AlbumArt_{5EA4A270-57CE-4680-9AAB-1FA2C96FA31E}_Small.jpg
[2011/12/06 13:26:51 | 000,010,487 | -HS- | C] () -- C:\Users\Kimphuong\Documents\AlbumArt_{B8F1E00B-6B8D-4B9A-AC3A-18DB45319F4C}_Large.jpg
[2011/12/06 13:26:51 | 000,002,326 | -HS- | C] () -- C:\Users\Kimphuong\Documents\AlbumArt_{B8F1E00B-6B8D-4B9A-AC3A-18DB45319F4C}_Small.jpg
[2011/12/06 13:24:53 | 000,008,706 | -HS- | C] () -- C:\Users\Kimphuong\Documents\AlbumArt_{05196D47-3BED-4B3E-979B-50A1402EC18B}_Large.jpg
[2011/12/06 13:24:53 | 000,001,950 | -HS- | C] () -- C:\Users\Kimphuong\Documents\AlbumArt_{05196D47-3BED-4B3E-979B-50A1402EC18B}_Small.jpg
[2011/12/06 13:24:32 | 000,009,617 | -HS- | C] () -- C:\Users\Kimphuong\Documents\AlbumArt_{79942F71-666B-43E0-97EB-4DB9B691E316}_Large.jpg
[2011/12/06 13:24:32 | 000,002,495 | -HS- | C] () -- C:\Users\Kimphuong\Documents\AlbumArt_{79942F71-666B-43E0-97EB-4DB9B691E316}_Small.jpg
[2011/12/06 13:22:35 | 000,010,308 | -HS- | C] () -- C:\Users\Kimphuong\Documents\AlbumArt_{01DF94CD-2CB7-46CC-BC08-7BE95920948C}_Large.jpg
[2011/12/06 13:22:35 | 000,002,722 | -HS- | C] () -- C:\Users\Kimphuong\Documents\AlbumArt_{01DF94CD-2CB7-46CC-BC08-7BE95920948C}_Small.jpg
[2011/12/06 13:22:16 | 000,010,494 | -HS- | C] () -- C:\Users\Kimphuong\Documents\AlbumArt_{7255E7DB-FAFD-4578-85A3-21C06A3F8363}_Large.jpg
[2011/12/06 13:22:16 | 000,002,535 | -HS- | C] () -- C:\Users\Kimphuong\Documents\AlbumArt_{7255E7DB-FAFD-4578-85A3-21C06A3F8363}_Small.jpg
[2011/12/06 13:22:13 | 000,010,515 | -HS- | C] () -- C:\Users\Kimphuong\Documents\AlbumArt_{E95D292B-9199-44FF-B956-A3DFC3219989}_Large.jpg
[2011/12/06 13:22:13 | 000,002,769 | -HS- | C] () -- C:\Users\Kimphuong\Documents\AlbumArt_{E95D292B-9199-44FF-B956-A3DFC3219989}_Small.jpg
[2011/12/06 13:21:53 | 000,007,085 | -HS- | C] () -- C:\Users\Kimphuong\Documents\AlbumArt_{83970D40-BE13-4B84-92D1-ECCF4D6ABF7D}_Large.jpg
[2011/12/06 13:21:53 | 000,001,743 | -HS- | C] () -- C:\Users\Kimphuong\Documents\AlbumArt_{83970D40-BE13-4B84-92D1-ECCF4D6ABF7D}_Small.jpg
[2011/12/06 13:21:28 | 000,008,646 | -HS- | C] () -- C:\Users\Kimphuong\Documents\AlbumArt_{15981066-537A-4845-9E26-3D375BFF36CF}_Large.jpg
[2011/12/06 13:21:28 | 000,002,145 | -HS- | C] () -- C:\Users\Kimphuong\Documents\AlbumArt_{15981066-537A-4845-9E26-3D375BFF36CF}_Small.jpg
[2011/06/30 23:48:24 | 000,116,224 | ---- | C] () -- C:\Windows\System32\redmonnt.dll
[2011/06/30 23:48:24 | 000,045,056 | ---- | C] () -- C:\Windows\System32\unredmon.exe
[2011/06/30 23:39:18 | 000,116,224 | ---- | C] () -- C:\Windows\System32\pdfmonnt.dll
[2011/06/30 23:39:15 | 000,000,164 | ---- | C] () -- C:\Windows\System32\psconv.ini
[2011/06/30 16:22:01 | 000,004,972 | ---- | C] () -- C:\ProgramData\ojobkspa.ako
[2011/06/30 15:42:20 | 000,165,376 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2010/10/27 21:42:23 | 000,001,940 | ---- | C] () -- C:\Users\Kimphuong\AppData\Local\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
[2010/08/25 19:30:02 | 000,439,308 | ---- | C] () -- C:\Windows\System32\igcompkrng500.bin
[2010/08/25 19:30:00 | 000,982,240 | ---- | C] () -- C:\Windows\System32\igkrng500.bin
[2010/08/25 19:30:00 | 000,092,356 | ---- | C] () -- C:\Windows\System32\igfcg500m.bin
[2010/08/25 18:57:00 | 000,000,151 | ---- | C] () -- C:\Windows\System32\GfxUI.exe.config
[2010/08/25 18:52:00 | 000,208,896 | ---- | C] () -- C:\Windows\System32\iglhsip32.dll
[2010/08/25 18:52:00 | 000,143,360 | ---- | C] () -- C:\Windows\System32\iglhcp32.dll
[2010/04/05 18:39:48 | 000,007,052 | ---- | C] () -- C:\Users\Kimphuong\AppData\Local\d3d9caps.dat
[2010/01/15 22:05:09 | 000,002,560 | ---- | C] () -- C:\Windows\_MSRSTRT.EXE
[2009/09/16 18:27:58 | 000,508,224 | ---- | C] () -- C:\Windows\System32\ICCProfiles.dll
[2009/09/10 19:06:51 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/09/10 19:06:51 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009/06/25 21:58:10 | 000,329,728 | ---- | C] () -- C:\Windows\Wfrmsrv.exe
[2009/05/13 20:58:19 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009/05/13 18:51:24 | 000,077,824 | ---- | C] () -- C:\Users\Kimphuong\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/05/13 18:49:51 | 000,024,944 | ---- | C] () -- C:\Users\Kimphuong\AppData\Roaming\wklnhst.dat
[2009/05/05 23:52:22 | 000,147,172 | ---- | C] () -- C:\Windows\System32\igfcg550.bin
[2009/05/05 23:52:21 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1576.dll
[2009/05/05 23:52:19 | 000,004,608 | ---- | C] () -- C:\Windows\System32\HdmiCoin.dll
[2009/05/05 23:47:39 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2009/05/05 21:53:01 | 000,471,040 | ---- | C] () -- C:\Windows\System32\PSTImage.dll
[2009/05/05 21:53:01 | 000,385,024 | ---- | C] () -- C:\Windows\System32\STODD.dll
[2009/05/05 21:53:01 | 000,380,928 | ---- | C] () -- C:\Windows\System32\STODDRD.dll
[2009/05/05 21:53:01 | 000,266,240 | ---- | C] () -- C:\Windows\System32\STODDIM.dll
[2009/05/05 21:53:01 | 000,253,952 | ---- | C] () -- C:\Windows\System32\STODDSC.dll
[2009/05/05 21:53:01 | 000,229,376 | ---- | C] () -- C:\Windows\System32\STFiles.dll
[2009/05/05 21:53:01 | 000,122,880 | ---- | C] () -- C:\Windows\System32\STLog.dll
[2009/05/05 21:53:01 | 000,118,784 | ---- | C] () -- C:\Windows\System32\STCrypto.dll
[2009/05/05 21:53:01 | 000,115,712 | ---- | C] () -- C:\Windows\System32\STNLS.dll
[2009/05/05 21:53:01 | 000,110,592 | ---- | C] () -- C:\Windows\System32\PSTVdsDisk.dll
[2009/05/05 21:53:01 | 000,106,496 | ---- | C] () -- C:\Windows\System32\STPE.dll
[2009/05/05 21:53:01 | 000,098,304 | ---- | C] () -- C:\Windows\System32\STFileMonitor.dll
[2009/05/05 21:53:01 | 000,094,208 | ---- | C] () -- C:\Windows\System32\STMsXml.dll
[2009/05/05 21:53:01 | 000,077,824 | ---- | C] () -- C:\Windows\System32\STLangXml.dll
[2009/05/05 21:53:01 | 000,069,632 | ---- | C] () -- C:\Windows\System32\STRegistry.dll
[2009/05/05 21:53:01 | 000,066,048 | ---- | C] () -- C:\Windows\System32\STWiz.dll
[2009/05/05 21:53:01 | 000,065,536 | ---- | C] () -- C:\Windows\System32\STProcess.dll
[2009/05/05 21:53:00 | 000,126,976 | ---- | C] () -- C:\Windows\System32\STWmiM.dll
[2009/05/05 21:53:00 | 000,102,400 | ---- | C] () -- C:\Windows\System32\STShellVC6.dll
[2009/05/05 21:53:00 | 000,090,112 | ---- | C] () -- C:\Windows\System32\wnaspi32.dll
[2009/05/05 21:53:00 | 000,073,728 | ---- | C] () -- C:\Windows\System32\zlib1.dll
[2009/05/05 21:52:59 | 000,053,248 | ---- | C] () -- C:\Windows\System32\STCoreXml.dll
[2009/05/05 21:52:58 | 001,118,208 | ---- | C] () -- C:\Windows\System32\libxml2.dll
[2009/05/05 21:23:42 | 000,000,075 | RHS- | C] () -- C:\Windows\CT4CET.bin
[2008/02/03 17:11:25 | 000,000,000 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2007/02/19 02:32:34 | 000,106,496 | ---- | C] () -- C:\Windows\System32\dlbuinsr.dll
[2007/02/19 02:32:30 | 000,036,864 | ---- | C] () -- C:\Windows\System32\dlbucur.dll
[2007/02/19 02:32:08 | 000,135,168 | ---- | C] () -- C:\Windows\System32\dlbujswr.dll
[2007/02/19 02:29:24 | 000,176,128 | ---- | C] () -- C:\Windows\System32\dlbuinsb.dll
[2007/02/19 02:29:20 | 000,086,016 | ---- | C] () -- C:\Windows\System32\dlbucub.dll
[2007/02/19 02:29:14 | 000,073,728 | ---- | C] () -- C:\Windows\System32\dlbucu.dll
[2007/02/19 02:29:10 | 000,159,744 | ---- | C] () -- C:\Windows\System32\dlbuins.dll
[2007/02/19 02:28:10 | 000,434,176 | ---- | C] () -- C:\Windows\System32\dlbuutil.dll
[2007/02/07 12:57:16 | 000,344,064 | ---- | C] () -- C:\Windows\System32\dlbucoin.dll
[2007/01/22 07:19:00 | 000,069,632 | ---- | C] () -- C:\Windows\System32\dlbucfg.dll
[2006/11/02 06:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 06:47:37 | 000,424,680 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 06:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 04:33:01 | 000,607,406 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 04:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 04:33:01 | 000,105,014 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 04:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 04:25:44 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2006/11/02 04:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 02:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 02:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 01:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 01:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2005/08/18 06:26:46 | 000,040,960 | ---- | C] () -- C:\Windows\System32\dlbuvs.dll
[2005/05/25 13:07:26 | 000,061,440 | ---- | C] () -- C:\Windows\System32\dlbucnv4.dll

========== LOP Check ==========

[2011/11/16 01:12:25 | 000,000,000 | ---D | M] -- C:\Users\Kimphuong\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2011/11/19 09:18:21 | 000,000,000 | ---D | M] -- C:\Users\Kimphuong\AppData\Roaming\Downloaded Installations
[2011/06/30 19:43:56 | 000,000,000 | ---D | M] -- C:\Users\Kimphuong\AppData\Roaming\ImTOO
[2011/06/30 15:43:03 | 000,000,000 | ---D | M] -- C:\Users\Kimphuong\AppData\Roaming\Leawo
[2011/06/30 15:43:05 | 000,000,000 | ---D | M] -- C:\Users\Kimphuong\AppData\Roaming\Leawo Video2AVI v2
[2010/11/05 00:20:31 | 000,000,000 | ---D | M] -- C:\Users\Kimphuong\AppData\Roaming\LimeWire
[2011/06/30 16:22:05 | 000,000,000 | ---D | M] -- C:\Users\Kimphuong\AppData\Roaming\MOVAVI
[2011/06/30 15:43:05 | 000,000,000 | ---D | M] -- C:\Users\Kimphuong\AppData\Roaming\Moyea
[2009/08/30 23:29:03 | 000,000,000 | ---D | M] -- C:\Users\Kimphuong\AppData\Roaming\MusicNet
[2011/12/09 08:59:14 | 000,000,000 | ---D | M] -- C:\Users\Kimphuong\AppData\Roaming\Nitro PDF
[2011/02/09 10:35:03 | 000,000,000 | ---D | M] -- C:\Users\Kimphuong\AppData\Roaming\ooVoo Details
[2011/05/28 14:25:05 | 000,000,000 | ---D | M] -- C:\Users\Kimphuong\AppData\Roaming\OpenCandy
[2011/11/16 09:08:57 | 000,000,000 | ---D | M] -- C:\Users\Kimphuong\AppData\Roaming\PDFlite
[2011/05/27 18:09:15 | 000,000,000 | ---D | M] -- C:\Users\Kimphuong\AppData\Roaming\Registry Mechanic
[2009/05/13 18:49:52 | 000,000,000 | ---D | M] -- C:\Users\Kimphuong\AppData\Roaming\Template
[2010/05/19 23:23:13 | 000,000,000 | ---D | M] -- C:\Users\Kimphuong\AppData\Roaming\ViiKiiDesktopPlugin.5E22EA0FF243470AB5EDDF282C0A5B52E9909C36.1
[2012/01/04 22:31:42 | 000,032,600 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Files - Unicode (All) ==========
[2011/12/03 10:23:25 | 011,368,458 | ---- | M] ()(C:\Users\Kimphuong\Documents\???? (??).mp3) -- C:\Users\Kimphuong\Documents\빙글빙글 (나미).mp3
[2011/12/03 10:21:58 | 007,464,960 | ---- | M] ()(C:\Users\Kimphuong\Documents\?? ???? ?? (???).mp3) -- C:\Users\Kimphuong\Documents\크게 라디오를 켜고 (시나위).mp3
[2011/12/03 10:21:26 | 008,308,746 | ---- | M] ()(C:\Users\Kimphuong\Documents\???? (???).mp3) -- C:\Users\Kimphuong\Documents\빗속에서 (이문세).mp3
[2011/12/03 10:20:15 | 010,733,297 | ---- | M] ()(C:\Users\Kimphuong\Documents\?? ??(?????).mp3) -- C:\Users\Kimphuong\Documents\붉은 노을(나는가수다).mp3
[2011/12/03 10:19:22 | 008,308,746 | ---- | C] ()(C:\Users\Kimphuong\Documents\???? (???).mp3) -- C:\Users\Kimphuong\Documents\빗속에서 (이문세).mp3
[2011/12/03 10:17:35 | 011,368,458 | ---- | C] ()(C:\Users\Kimphuong\Documents\???? (??).mp3) -- C:\Users\Kimphuong\Documents\빙글빙글 (나미).mp3
[2011/12/03 10:16:27 | 010,733,297 | ---- | C] ()(C:\Users\Kimphuong\Documents\?? ??(?????).mp3) -- C:\Users\Kimphuong\Documents\붉은 노을(나는가수다).mp3
[2011/12/03 10:15:24 | 007,464,960 | ---- | C] ()(C:\Users\Kimphuong\Documents\?? ???? ?? (???).mp3) -- C:\Users\Kimphuong\Documents\크게 라디오를 켜고 (시나위).mp3
[2011/10/09 23:31:54 | 000,840,192 | ---- | M] ()(C:\Users\Kimphuong\Documents\N?i Quy.ppt) -- C:\Users\Kimphuong\Documents\Nội Quy.ppt
[2011/10/09 23:31:50 | 000,840,192 | ---- | C] ()(C:\Users\Kimphuong\Documents\N?i Quy.ppt) -- C:\Users\Kimphuong\Documents\Nội Quy.ppt
[2009/12/29 21:26:48 | 001,959,529 | ---- | M] ()(C:\Users\Kimphuong\Documents\TNTT Đ?ng Ph?c.docx) -- C:\Users\Kimphuong\Documents\TNTT Đồng Phục.docx
[2009/12/29 21:25:34 | 001,959,529 | ---- | C] ()(C:\Users\Kimphuong\Documents\TNTT Đ?ng Ph?c.docx) -- C:\Users\Kimphuong\Documents\TNTT Đồng Phục.docx
[2009/07/26 19:35:55 | 000,026,112 | ---- | M] ()(C:\Users\Kimphuong\Documents\BÁNH B̉ NU?NG 1.doc) -- C:\Users\Kimphuong\Documents\BÁNH B̉ NƯỚNG 1.doc
[2009/07/26 19:35:54 | 000,026,112 | ---- | C] ()(C:\Users\Kimphuong\Documents\BÁNH B̉ NU?NG 1.doc) -- C:\Users\Kimphuong\Documents\BÁNH B̉ NƯỚNG 1.doc
[2009/07/26 08:34:16 | 000,026,112 | ---- | M] ()(C:\Users\Kimphuong\Documents\BÁNH B̉ NU?NG.doc) -- C:\Users\Kimphuong\Documents\BÁNH B̉ NƯỚNG.doc
[2009/07/26 08:34:15 | 000,026,112 | ---- | C] ()(C:\Users\Kimphuong\Documents\BÁNH B̉ NU?NG.doc) -- C:\Users\Kimphuong\Documents\BÁNH B̉ NƯỚNG.doc

========== Alternate Data Streams ==========

@Alternate Data Stream - 64 bytes -> C:\Users\Kimphuong\Documents\Why-Can-t-We-Be-Friends.mp3:TOC.WMV
@Alternate Data Stream - 64 bytes -> C:\Users\Kimphuong\Documents\Give Me Everything (Tonight) - Pitbull Ft. Ne-Yo.mp3:TOC.WMV
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:5D432CE3
@Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:D1B5B4F1

< End of report >
  • 0

Advertisements

#2
KP Nguyen
Posted 05 January 2012 - 03:07 PM

KP Nguyen

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
Now Norton says it's detected FakeCloudAV2012. Please help
  • 0

#3
Essexboy
Posted 05 January 2012 - 03:41 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi there lets see if we can clear the way for you

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    SRV - [2010/02/08 19:49:19 | 000,028,762 | ---- | M] (MyWebSearch.com) [Auto | Running] -- C:\Program Files\MyWebSearch\bar\1.bin\MWSSVC.EXE -- (MyWebSearchService)
    IE - HKCU\..\URLSearchHook: {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\bar\1.bin\MWSSRCAS.DLL (MyWebSearch.com)
    FF - HKLM\Software\MozillaPlugins\@mywebsearch.com/Plugin: C:\Program Files\MyWebSearch\bar\1.bin\NPMyWebS.dll (MyWebSearch.com)
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\MyWebSearch\bar\1.bin [2010/02/08 19:49:26 | 000,000,000 | ---D | M]
    [2010/02/08 19:49:26 | 000,000,000 | ---D | M] (My Web Search) -- C:\PROGRAM FILES\MYWEBSEARCH\BAR\1.BIN
    O2 - BHO: (MyWebSearch Search Assistant BHO) - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\bar\1.bin\MWSSRCAS.DLL (MyWebSearch.com)
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
    O2 - BHO: (mwsBar BHO) - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL (MyWebSearch.com)
    O2 - BHO: (StartNow Toolbar Helper) - {6E13D095-45C3-4271-9475-F3B48227DD9F} - C:\Program Files\StartNow Toolbar\Toolbar32.dll (StartNow.com)
    O3 - HKLM\..\Toolbar: (My Web Search) - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL (MyWebSearch.com)
    O3 - HKLM\..\Toolbar: (StartNow Toolbar) - {5911488E-9D1E-40ec-8CBB-06B231CC153F} - C:\Program Files\StartNow Toolbar\Toolbar32.dll (StartNow.com)
    O3 - HKCU\..\Toolbar\WebBrowser: (My Web Search) - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL (MyWebSearch.com)
    O4 - HKLM..\Run: [My Web Search Bar Search Scope Monitor] C:\Program Files\MyWebSearch\bar\1.bin\M3SRCHMN.EXE (MyWebSearch.com)
    O4 - HKLM..\Run: [MyWebSearch Email Plugin] C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE (MyWebSearch.com)
    O4 - HKLM..\Run: [Wfrmsrv] C:\Windows\Wfrmsrv.exe ()
    O4 - HKCU..\Run: [MyWebSearch Email Plugin] C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE (MyWebSearch.com)
    O37 - HKCU\...exe [@ = 18L] -- "C:\Users\KIMPHU~1\AppData\Local\Temp\sconmxeraw.exe" -a "%1" %* (Microsoft Corporation)
    [2012/01/04 22:23:47 | 000,000,000 | -HS- | M] () -- C:\Users\Kimphuong\AppData\Local\bsc7o1i0dbmi
    [2012/01/04 00:47:48 | 000,010,336 | -HS- | M] () -- C:\ProgramData\bsc7o1i0dbmi
    [2011/05/28 14:25:05 | 000,000,000 | ---D | M] -- C:\Users\Kimphuong\AppData\Roaming\OpenCandy

    :Files
    ipconfig /flushdns /c
    C:\Program Files\MyWebSearch
    C:\Program Files\StartNow Toolbar

    :Commands
    [purity]
    [resethosts]
    [emptytemp]
    [CREATERESTOREPOINT]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

THEN

Please download Malwarebytes' Anti-Malware

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish, so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.
  • 0

#4
KP Nguyen
Posted 05 January 2012 - 04:37 PM

KP Nguyen

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
Thanks for the Help Essexboy. Heres the OTL after the scan after reboot.

OTL logfile created on: 1/5/2012 4:30:34 PM - Run 4
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Kimphuong\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.96 Gb Total Physical Memory | 1.72 Gb Available Physical Memory | 58.14% Memory free
6.12 Gb Paging File | 4.56 Gb Available in Paging File | 74.64% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 288.01 Gb Total Space | 158.79 Gb Free Space | 55.13% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 2.77 Gb Free Space | 27.71% Space Free | Partition Type: NTFS

Computer Name: KIMPHUONG-PC | User Name: Kimphuong | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/01/05 11:35:25 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Kimphuong\Desktop\OTL.exe
PRC - [2011/11/02 08:24:04 | 000,068,896 | ---- | M] (Nalpeiron Ltd.) -- C:\Windows\System32\NLSSRV32.EXE
PRC - [2011/09/21 18:35:57 | 000,117,648 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Internet Security\Engine\16.8.3.6\ccSvcHst.exe
PRC - [2011/07/06 11:12:22 | 000,210,144 | ---- | M] () -- C:\Program Files\PDFLite Toolbar\ToolbarUpdaterService.exe
PRC - [2011/01/25 09:07:44 | 022,504,120 | ---- | M] (ooVoo LLC) -- C:\Program Files\ooVoo\ooVoo.exe
PRC - [2009/11/13 16:15:00 | 001,807,600 | ---- | M] () -- C:\Program Files\Dell DataSafe Online\DataSafeOnline.exe
PRC - [2009/04/11 00:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/02/27 14:10:16 | 001,316,192 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DellDock.exe
PRC - [2009/02/23 08:48:06 | 000,632,048 | ---- | M] (SoftThinks) -- C:\Windows\sminst\SftService.exe
PRC - [2009/02/23 07:05:34 | 000,111,856 | ---- | M] (Yahoo! Inc) -- C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
PRC - [2009/01/29 23:50:06 | 000,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtcmd.exe
PRC - [2009/01/29 23:50:06 | 000,201,968 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe
PRC - [2009/01/05 16:19:10 | 000,824,560 | ---- | M] (Dell Inc.) -- c:\Program Files\Common Files\Dell\Advanced Networking Service\hnm_svc.exe
PRC - [2009/01/05 16:19:08 | 000,173,296 | ---- | M] (SingleClick Systems) -- C:\Program Files\Common Files\Dell\Remote Access File Sync Service\dsl_fs_sync.exe
PRC - [2008/12/22 03:26:46 | 000,483,420 | ---- | M] (IDT, Inc.) -- C:\Program Files\IDT\WDM\sttray.exe
PRC - [2008/12/22 03:26:36 | 000,241,746 | ---- | M] (IDT, Inc.) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_ae0b52e0\stacsv.exe
PRC - [2008/12/22 03:26:08 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_ae0b52e0\AEstSrv.exe
PRC - [2008/12/18 12:05:28 | 000,155,648 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DockLogin.exe
PRC - [2008/12/17 22:27:22 | 004,823,928 | ---- | M] (Dell Inc. and SightSpeed Inc.) -- C:\Program Files\Dell Video Chat\DellVideoChat.exe
PRC - [2008/11/09 14:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/08/25 05:26:04 | 000,040,960 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\hidfind.exe
PRC - [2008/08/25 05:25:54 | 000,200,704 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\Apoint.exe
PRC - [2008/08/25 05:25:54 | 000,049,152 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApntEx.exe
PRC - [2008/08/25 05:25:52 | 000,046,376 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApMsgFwd.exe
PRC - [2008/07/31 11:58:38 | 001,616,976 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\QuickSet\quickset.exe
PRC - [2008/07/04 13:16:58 | 000,132,392 | ---- | M] (CyberLink Corp.) -- C:\Program Files\Dell\MediaDirect\PCMService.exe
PRC - [2008/02/19 09:43:30 | 000,438,403 | ---- | M] (Creative Technology Ltd.) -- C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell.exe
PRC - [2008/01/20 20:23:24 | 000,215,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\WindowsMobile\wmdSync.exe
PRC - [2007/09/21 12:26:34 | 000,015,872 | ---- | M] (Apache Software Foundation) -- C:\Program Files\Common Files\Dell\apache\bin\httpd.exe
PRC - [2007/09/14 12:35:04 | 005,730,304 | ---- | M] () -- C:\Program Files\Common Files\Dell\MySQL\bin\mysqld.exe
PRC - [2007/02/28 18:38:18 | 000,538,096 | ---- | M] ( ) -- C:\Windows\System32\dlbucoms.exe
PRC - [2003/03/29 11:52:02 | 000,102,400 | ---- | M] (Hoi Chuyen Gia Viet Nam) -- C:\Program Files\Vpskeys\VPSKEYS.EXE


========== Modules (No Company Name) ==========

MOD - [2011/10/14 16:30:12 | 015,881,216 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\MenuSkinning\20b730293740ca779552bdb6fa0b650e\MenuSkinning.ni.dll
MOD - [2011/10/14 16:29:30 | 000,284,160 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\VistaBridgeLibrary\77e2e010d880be3d9d1a38c400a9bb7c\VistaBridgeLibrary.ni.dll
MOD - [2011/10/14 16:29:23 | 000,998,400 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\6bc98e9b5eedaa8f71c5454d36a4b772\System.Management.ni.dll
MOD - [2011/10/14 16:29:19 | 002,557,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\DellDock\53310c02d109b1981d817d4b21d2770a\DellDock.ni.exe
MOD - [2011/10/14 16:29:16 | 000,286,208 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\MyDock.Util\9da54ae40eef7103114335191945aafb\MyDock.Util.ni.dll
MOD - [2011/10/14 16:28:40 | 001,840,640 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\6b88a2bf58d8529fc33f8f3437a7ff06\System.Web.Services.ni.dll
MOD - [2011/10/14 16:28:02 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\40da9084d0863e07d7ce55953833b8b0\System.Configuration.ni.dll
MOD - [2011/10/14 16:27:41 | 000,025,600 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Accessibility\bcb66dbad2b45d05235b37a02f737eb5\Accessibility.ni.dll
MOD - [2011/10/13 22:02:33 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\c1c06a392871267db27f7cbc40e1c4fb\System.Xml.ni.dll
MOD - [2011/10/13 22:01:40 | 012,430,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\1363115565fff5a641243a48f396f107\System.Windows.Forms.ni.dll
MOD - [2011/10/13 22:01:25 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\367c4043efc2f32d843cb588b0dc97fc\System.Drawing.ni.dll
MOD - [2011/10/13 21:58:06 | 007,950,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\f9c36ea806e77872dce891c77b68fac3\System.ni.dll
MOD - [2011/10/13 21:57:37 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\b6632a8b2f276a8e31f5b0f6b2006cd1\mscorlib.ni.dll
MOD - [2011/09/27 07:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/09/27 07:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2009/11/13 16:15:00 | 001,807,600 | ---- | M] () -- C:\Program Files\Dell DataSafe Online\DataSafeOnline.exe
MOD - [2009/11/13 16:15:00 | 000,275,696 | ---- | M] () -- C:\Program Files\Dell DataSafe Online\SdbShared.dll
MOD - [2009/11/13 16:15:00 | 000,152,816 | ---- | M] () -- C:\Program Files\Dell DataSafe Online\SdbShared.XmlSerializers.dll
MOD - [2009/11/13 16:15:00 | 000,095,472 | ---- | M] () -- C:\Program Files\Dell DataSafe Online\SdbUI.dll
MOD - [2009/11/13 16:15:00 | 000,017,648 | ---- | M] () -- C:\Program Files\Dell DataSafe Online\CppUtils.dll
MOD - [2008/12/17 22:24:14 | 006,510,416 | ---- | M] () -- C:\Program Files\Dell Video Chat\QtGui4.dll
MOD - [2008/12/17 22:24:14 | 001,657,168 | ---- | M] () -- C:\Program Files\Dell Video Chat\QtCore4.dll
MOD - [2008/12/17 22:24:14 | 000,396,112 | ---- | M] () -- C:\Program Files\Dell Video Chat\QtOpenGL4.dll
MOD - [2008/12/17 22:24:14 | 000,366,928 | ---- | M] () -- C:\Program Files\Dell Video Chat\QtNetwork4.dll
MOD - [2008/12/17 22:24:14 | 000,027,472 | ---- | M] () -- C:\Program Files\Dell Video Chat\SDL.dll
MOD - [2008/11/03 08:54:00 | 000,058,608 | ---- | M] () -- C:\Program Files\Dell DataSafe Online\BalloonWindow.dll
MOD - [2008/05/19 15:47:00 | 000,450,560 | ---- | M] () -- C:\Program Files\Common Files\Dell\apache\ioncube_loader_win_5.2.dll
MOD - [2007/09/21 12:32:18 | 002,035,712 | ---- | M] () -- C:\Program Files\Common Files\Dell\apache\libmysql.dll
MOD - [2003/03/29 12:03:22 | 000,069,632 | ---- | M] () -- C:\Program Files\Vpskeys\VPSKM32.DLL
MOD - [2003/03/29 11:51:44 | 000,061,440 | ---- | M] () -- C:\Program Files\Vpskeys\VPSKH32.DLL
MOD - [2003/03/29 11:51:26 | 000,098,304 | ---- | M] () -- C:\Program Files\Vpskeys\VPSVNL32.DLL


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (Updater Service for StartNow Toolbar)
SRV - [2011/11/02 08:24:04 | 000,068,896 | ---- | M] (Nalpeiron Ltd.) [Auto | Running] -- C:\Windows\System32\NLSSRV32.EXE -- (nlsX86cc)
SRV - [2011/09/21 18:35:57 | 000,117,648 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton Internet Security\Engine\16.8.3.6\ccSvcHst.exe -- (Norton Internet Security)
SRV - [2011/07/06 11:12:22 | 000,210,144 | ---- | M] () [Auto | Running] -- C:\Program Files\PDFLite Toolbar\ToolbarUpdaterService.exe -- (Updater Service for PDFLite Toolbar)
SRV - [2010/10/12 11:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
SRV - [2009/05/05 21:30:20 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe -- (GoToAssist)
SRV - [2009/02/23 08:48:06 | 000,632,048 | ---- | M] (SoftThinks) [Auto | Running] -- C:\Windows\sminst\sftservice.EXE -- (SftService)
SRV - [2009/01/29 23:50:06 | 000,201,968 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_DellSupportCenter) SupportSoft Sprocket Service (DellSupportCenter)
SRV - [2009/01/05 16:19:10 | 000,824,560 | ---- | M] (Dell Inc.) [Auto | Running] -- c:\Program Files\Common Files\Dell\Advanced Networking Service\hnm_svc.exe -- (hnmsvc)
SRV - [2009/01/05 16:19:08 | 000,173,296 | ---- | M] (SingleClick Systems) [Auto | Running] -- C:\Program Files\Common Files\Dell\Remote Access File Sync Service\dsl_fs_sync.exe -- (dsl-fs-sync)
SRV - [2008/12/22 03:26:36 | 000,241,746 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_ae0b52e0\stacsv.exe -- (STacSV)
SRV - [2008/12/22 03:26:08 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_ae0b52e0\AEstSrv.exe -- (AESTFilters)
SRV - [2008/12/18 12:05:28 | 000,155,648 | ---- | M] (Stardock Corporation) [Auto | Running] -- C:\Program Files\Dell\DellDock\DockLogin.exe -- (DockLoginService)
SRV - [2008/11/09 14:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/01/20 20:23:24 | 000,365,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2008/01/20 20:23:24 | 000,167,936 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
SRV - [2007/09/21 12:26:34 | 000,015,872 | ---- | M] (Apache Software Foundation) [Auto | Running] -- C:\Program Files\Common Files\Dell\apache\bin\httpd.exe -- (Apache2.2)
SRV - [2007/09/14 12:35:04 | 005,730,304 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\Dell\MySQL\bin\mysqld.exe -- (dsl-db)
SRV - [2007/02/28 18:38:18 | 000,538,096 | ---- | M] ( ) [Auto | Running] -- C:\Windows\System32\dlbucoms.exe -- (dlbu_device)


========== Driver Services (SafeList) ==========

DRV - [2011/11/08 03:00:00 | 000,374,392 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2011/11/08 03:00:00 | 000,106,104 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2011/10/10 20:04:24 | 000,467,592 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\Drivers\NIS\1008030.006\ccHPx86.sys -- (ccHP)
DRV - [2011/09/21 18:35:58 | 000,217,464 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\Drivers\NIS\1008030.006\SYMTDI.SYS -- (SYMTDI)
DRV - [2011/09/21 18:35:58 | 000,089,976 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\NIS\1008030.006\SYMFW.SYS -- (SYMFW)
DRV - [2011/09/21 18:35:58 | 000,048,760 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\NIS\1008030.006\SYMNDISV.SYS -- (SYMNDISV)
DRV - [2011/08/22 23:17:32 | 000,368,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20120104.002\IDSvix86.sys -- (IDSVix86)
DRV - [2011/08/03 02:00:00 | 001,576,312 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20120105.007\NAVEX15.SYS -- (NAVEX15)
DRV - [2011/08/03 02:00:00 | 000,086,136 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20120105.007\NAVENG.SYS -- (NAVENG)
DRV - [2009/08/22 01:28:17 | 000,310,320 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\system32\drivers\NIS\1008030.006\SYMEFA.SYS -- (SymEFA)
DRV - [2009/08/22 01:28:17 | 000,308,272 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\Windows\System32\Drivers\NIS\1008030.006\SRTSP.SYS -- (SRTSP)
DRV - [2009/08/22 01:28:17 | 000,259,632 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\Drivers\NIS\1008030.006\BHDrvx86.sys -- (BHDrvx86)
DRV - [2009/08/22 01:28:17 | 000,043,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\system32\drivers\NIS\1008030.006\SRTSPX.SYS -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV - [2009/08/22 01:28:07 | 000,025,648 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\SymIMV.sys -- (SymIM)
DRV - [2009/08/20 10:31:04 | 000,124,976 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2009/04/10 22:42:52 | 000,031,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (winusb)
DRV - [2009/01/19 06:38:16 | 000,133,472 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\OA001Ufd.sys -- (OA001Ufd)
DRV - [2009/01/19 06:38:12 | 000,279,488 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\OA001Vid.sys -- (OA001Vid)
DRV - [2008/12/22 03:26:50 | 000,393,216 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2008/12/22 03:12:06 | 003,662,848 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw5v32.sys -- (NETw5v32) Intel®
DRV - [2008/11/21 05:15:30 | 000,112,128 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\IntcHdmi.sys -- (IntcHdmiAddService) Intel®
DRV - [2008/11/04 17:16:40 | 000,022,904 | ---- | M] (PC-Doctor, Inc.) [Kernel | On_Demand | Stopped] -- C:\Program Files\Dell Support Center\HWDiag\bin\pcd5srvc.pkms -- (PCD5SRVC{F6CE0040-33AA1442-05040104})
DRV - [2008/11/04 17:16:40 | 000,022,904 | ---- | M] (PC-Doctor, Inc.) [Kernel | On_Demand | Stopped] -- C:\Program Files\Dell Support Center\HWDiag\bin\pcd5srvc.pkms -- (PCD5SRVC{3F6A8B78-EC003E00-05040104})
DRV - [2008/08/25 05:25:52 | 000,170,032 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2008/08/25 04:37:44 | 000,203,264 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\k57nd60x.sys -- (k57nd60x) Broadcom NetLink ™
DRV - [2008/08/25 04:35:24 | 000,054,784 | ---- | M] (ITE Tech. Inc. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\itecir.sys -- (itecir)
DRV - [2008/07/16 05:46:52 | 000,038,400 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2008/07/16 05:46:50 | 000,046,592 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2008/07/16 05:46:48 | 000,043,008 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2008/06/17 10:01:06 | 000,022,016 | ---- | M] (SingleClick Systems) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\packet.sys -- (Packet)
DRV - [2008/01/20 20:23:25 | 000,220,672 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel®
DRV - [2006/11/02 01:36:43 | 002,028,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USCON/1
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.c...//www.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.c...//www.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.c...rch/search.html

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USCON/1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.c...//www.yahoo.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://m.www.yahoo.com/?r0=1263615215
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.order.1: "Yahoo"
FF - prefs.js..browser.search.order.2: ""
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..browser.startup.homepage: "http://mystart.incre...60387738895718"
FF - prefs.js..network.proxy.no_proxies_on: "*.local"
FF - prefs.js..network.proxy.type: 0
FF - prefs.js..keyword.URL: "http://search.yahoo....type=937811&p="
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=937811&ilc=12"

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Musicnotes.com/Musicnotes Viewer: C:\Program Files\Musicnotes\npmusicn.dll (Musicnotes, Inc.)
FF - HKLM\Software\MozillaPlugins\@Sibelius.com/Scorch Plugin: C:\Program Files\Musicnotes\npsibelius.dll ()
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@veoh.com/VeohTVPlugin: C:\Program Files\Veoh Networks\VeohWebPlayer\NPVeohTVPlugin.dll (Veoh Networks )
FF - HKLM\Software\MozillaPlugins\@veoh.com/VeohWebPlayer: C:\Program Files\Veoh Networks\VeohWebPlayer\npWebPlayerVideoPluginATL.dll (Veoh)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF - HKCU\Software\MozillaPlugins\@yahoo.com/BrowserPlus,version=2.9.8: C:\Users\Kimphuong\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll (Yahoo! Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\MyWebSearch\bar\1.bin
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{7BA52691-1876-45ce-9EE6-54BCB3B04BBC}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn\ [2011/10/11 08:24:46 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/11/16 16:42:09 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Veoh Networks\VeohWebPlayer\FFVideoFinder [2009/06/02 00:32:40 | 000,000,000 | ---D | M]

[2009/08/27 23:27:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kimphuong\AppData\Roaming\Mozilla\Extensions
[2009/08/27 23:27:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kimphuong\AppData\Roaming\Mozilla\Extensions\[email protected]
[2011/12/25 15:30:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kimphuong\AppData\Roaming\Mozilla\Firefox\Profiles\tvw24wa3.default\extensions
[2011/11/16 01:14:47 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Kimphuong\AppData\Roaming\Mozilla\Firefox\Profiles\tvw24wa3.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2011/11/16 01:14:40 | 000,002,207 | ---- | M] () -- C:\Users\Kimphuong\AppData\Roaming\Mozilla\Firefox\Profiles\tvw24wa3.default\searchplugins\MyStart Search.xml
[2012/01/05 16:18:44 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/10/19 23:26:15 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\distribution\extensions
[2011/10/19 23:26:15 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Program Files\Mozilla Firefox\distribution\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
File not found (No name found) -- C:\PROGRAM FILES\COMMON FILES\SPIGOT\WTXPCOM
File not found (No name found) -- C:\PROGRAM FILES\MYWEBSEARCH\BAR\1.BIN
File not found (No name found) -- C:\PROGRAM FILES\YOUTUBE DOWNLOADER TOOLBAR\FF
[2012/01/05 16:18:44 | 000,000,000 | ---D | M] (Norton IPS) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NORTON\IPSFFPLGN
[2009/06/24 18:13:21 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2011/06/15 22:17:34 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2010/01/01 02:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\15.0.874.106\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\15.0.874.106\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\15.0.874.106\pdf.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll
CHR - plugin: Musicnotes (Enabled) = C:\Program Files\Musicnotes\npmusicn.dll
CHR - plugin: ScorchPlugin (Enabled) = C:\Program Files\Musicnotes\npsibelius.dll
CHR - plugin: My Web Search Plugin Stub (Enabled) = C:\Program Files\MyWebSearch\bar\1.bin\NPMyWebS.dll
CHR - plugin: VeohTV Plugin (Enabled) = C:\Program Files\Veoh Networks\VeohWebPlayer\NPVeohTVPlugin.dll
CHR - plugin: Veoh Web Player Beta (Enabled) = C:\Program Files\Veoh Networks\VeohWebPlayer\npWebPlayerVideoPluginATL.dll
CHR - plugin: WildTangent Games App Presence Detector (Enabled) = C:\Program Files\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: BrowserPlus (from Yahoo!) v2.9.8 (Enabled) = C:\Users\Kimphuong\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin

O1 HOSTS File: ([2012/01/05 15:54:35 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: (ooVoo Toolbar) - {59c6f12b-f004-43e5-9997-08f2123119b6} - C:\Program Files\oovootoolbar\oovootoolbarX.dll ()
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\16.8.3.6\CoIEPlg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\16.8.3.6\IPSBHO.dll (Symantec Corporation)
O2 - BHO: (PDFLite Toolbar Helper) - {7413F9FC-8E54-4c93-BEB7-1225EB0970CA} - C:\Program Files\PDFLite Toolbar\Toolbar32.dll (PDFLite)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (MediaBar) - {ABB49B3B-AB7D-4ED0-9135-93FD5AA4F69F} - C:\Program Files\iMeshMediabarTb\iMeshMediaBarDx.dll ()
O3 - HKLM\..\Toolbar: (Veoh Web Player Video Finder) - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll (Veoh Networks Inc)
O3 - HKLM\..\Toolbar: (ooVoo Toolbar) - {59c6f12b-f004-43e5-9997-08f2123119b6} - C:\Program Files\oovootoolbar\oovootoolbarX.dll ()
O3 - HKLM\..\Toolbar: (PDFLite Toolbar) - {7C8ACEEB-B1D8-43cc-A387-DA838515368D} - C:\Program Files\PDFLite Toolbar\Toolbar32.dll (PDFLite)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\16.8.3.6\CoIEPlg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (MediaBar) - {ABB49B3B-AB7D-4ED0-9135-93FD5AA4F69F} - C:\Program Files\iMeshMediabarTb\iMeshMediaBarDx.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\16.8.3.6\CoIEPlg.dll (Symantec Corporation)
O4 - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [Dell DataSafe Online] C:\Program Files\Dell DataSafe Online\DataSafeOnline.exe ()
O4 - HKLM..\Run: [Dell Webcam Central] C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell.exe (Creative Technology Ltd.)
O4 - HKLM..\Run: [dellsupportcenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [PCMService] C:\Program Files\Dell\MediaDirect\PCMService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Windows Mobile-based device management] C:\Windows\WindowsMobile\wmdSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [YSearchProtection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe (Yahoo! Inc)
O4 - HKCU..\Run: [ooVoo.exe] C:\Program Files\ooVoo\oovoo.exe (ooVoo LLC)
O4 - HKCU..\Run: [Search Protection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe (Yahoo! Inc)
O4 - HKCU..\Run: [SightSpeed] C:\Program Files\Dell Video Chat\DellVideoChat.exe (Dell Inc. and SightSpeed Inc.)
O4 - HKCU..\Run: [VPSKEYS] C:\Program Files\Vpskeys\VPSKEYS.EXE (Hoi Chuyen Gia Viet Nam)
O4 - HKLM..\RunOnce: [DSUpdateLauncher] C:\Program Files\Dell DataSafe Local Backup\Components\DSUpdate\runhstart.bat ()
O4 - Startup: C:\Users\Kimphuong\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
O4 - Startup: C:\Users\Kimphuong\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ViiKiiDesktopPlugin.lnk = File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableStatusMessages = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O8 - Extra context menu item: &Search - http://edits.mywebse...?p=ZJxdm431YYUS File not found
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebo...toUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} http://ak.exe.imgfar...etup1.0.1.1.cab (Reg Error: Key error.)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebo...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} http://lads.myspace....ceUploader2.cab (MySpace Uploader Control)
O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BFE957CD-D169-45DC-9A39-BE9F50550276}: DhcpNameServer = 10.101.101.100 163.244.101.69 163.244.100.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E0E09F98-8191-4533-98AA-DE2AF70709EE}: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\symres {AA1061FE-6C41-421f-9344-69640C9732AB} - C:\Program Files\Norton Internet Security\Engine\16.8.3.6\CoIEPlg.dll (Symantec Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll) - C:\Program Files\Citrix\GoToAssist\514\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
O24 - Desktop WallPaper: C:\Users\Kimphuong\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Kimphuong\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 15:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2004/04/30 15:01:00 | 000,000,053 | -HS- | M] () - D:\AUTORUN.INF -- [ NTFS ]
O33 - MountPoints2\{26bd5a65-07b5-11e1-a0b8-002219e9c4ac}\Shell - "" = AutoRun
O33 - MountPoints2\{26bd5a65-07b5-11e1-a0b8-002219e9c4ac}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O33 - MountPoints2\{4d191c86-dc38-11de-aa17-002219e8ae1e}\Shell\AutoRun\command - "" = F:\InstallTomTomHOME.exe
O33 - MountPoints2\{522c729a-f80b-11e0-b4f3-002219e9c4ac}\Shell - "" = AutoRun
O33 - MountPoints2\{522c729a-f80b-11e0-b4f3-002219e9c4ac}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O33 - MountPoints2\{55b14351-2fad-11df-8464-002219e8ae1e}\Shell - "" = AutoRun
O33 - MountPoints2\{55b14351-2fad-11df-8464-002219e8ae1e}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O33 - MountPoints2\{cc686c57-4171-11e0-bb36-002219e9c4ac}\Shell - "" = AutoRun
O33 - MountPoints2\{cc686c57-4171-11e0-bb36-002219e9c4ac}\Shell\AutoRun\command - "" = F:\unlock.exe autoplay=true
O33 - MountPoints2\{fd4c1526-89f5-11de-a763-002219e8ae1e}\Shell - "" = AutoRun
O33 - MountPoints2\{fd4c1526-89f5-11de-a763-002219e8ae1e}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/01/05 15:53:45 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/01/05 11:35:23 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Kimphuong\Desktop\OTL.exe
[2012/01/03 22:44:22 | 000,000,000 | ---D | C] -- C:\Users\Kimphuong\Documents\Tet Dragon 2012
[2011/12/13 23:12:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2011/12/13 23:11:20 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011/12/13 23:11:17 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2010/08/25 18:59:08 | 000,004,096 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll
[2009/07/26 16:16:47 | 008,653,312 | ---- | C] (Dell, Inc. ) -- C:\Users\Kimphuong\AppData\Roaming\DataSafeDotNet.exe
[2007/02/28 18:38:18 | 000,538,096 | ---- | C] ( ) -- C:\Windows\System32\dlbucoms.exe
[2007/02/28 18:38:18 | 000,386,544 | ---- | C] ( ) -- C:\Windows\System32\dlbuih.exe
[2007/02/28 18:38:16 | 000,382,448 | ---- | C] ( ) -- C:\Windows\System32\dlbucfg.exe
[2007/01/30 09:47:52 | 000,643,072 | ---- | C] ( ) -- C:\Windows\System32\dlbupmui.dll
[2007/01/30 09:46:00 | 001,224,704 | ---- | C] ( ) -- C:\Windows\System32\dlbuserv.dll
[2007/01/30 09:38:18 | 000,421,888 | ---- | C] ( ) -- C:\Windows\System32\dlbucomm.dll
[2007/01/30 09:36:30 | 000,585,728 | ---- | C] ( ) -- C:\Windows\System32\dlbulmpm.dll
[2007/01/30 09:35:00 | 000,397,312 | ---- | C] ( ) -- C:\Windows\System32\dlbuiesc.dll
[2007/01/30 09:32:06 | 000,094,208 | ---- | C] ( ) -- C:\Windows\System32\dlbupplc.dll
[2007/01/30 09:31:08 | 000,684,032 | ---- | C] ( ) -- C:\Windows\System32\dlbucomc.dll
[2007/01/30 09:30:30 | 000,163,840 | ---- | C] ( ) -- C:\Windows\System32\dlbuprox.dll
[2007/01/30 09:22:32 | 000,413,696 | ---- | C] ( ) -- C:\Windows\System32\dlbuinpa.dll
[2007/01/30 09:21:46 | 000,995,328 | ---- | C] ( ) -- C:\Windows\System32\dlbuusb1.dll
[2007/01/30 09:17:02 | 000,696,320 | ---- | C] ( ) -- C:\Windows\System32\dlbuhbn3.dll
[2 C:\Users\Kimphuong\Documents\*.tmp files -> C:\Users\Kimphuong\Documents\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/01/05 16:22:10 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/01/05 16:18:33 | 000,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/01/05 16:18:33 | 000,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/01/05 16:18:07 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/01/05 16:17:32 | 3178,123,264 | -HS- | M] () -- C:\hiberfil.sys
[2012/01/05 15:54:35 | 000,000,098 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts
[2012/01/05 15:48:10 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/01/05 11:35:25 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Kimphuong\Desktop\OTL.exe
[2012/01/02 21:37:14 | 000,007,052 | ---- | M] () -- C:\Users\Kimphuong\AppData\Local\d3d9caps.dat
[2011/12/30 22:30:39 | 006,080,931 | ---- | M] () -- C:\Users\Kimphuong\Documents\I Never Told you.mp3
[2011/12/30 22:29:13 | 000,005,540 | -HS- | M] () -- C:\Users\Kimphuong\Documents\Folder.jpg
[2011/12/30 22:29:13 | 000,005,540 | -HS- | M] () -- C:\Users\Kimphuong\Documents\AlbumArt_{8E7C75D3-3E48-4C0C-86C1-0B70A227787B}_Large.jpg
[2011/12/30 22:29:13 | 000,001,374 | -HS- | M] () -- C:\Users\Kimphuong\Documents\AlbumArtSmall.jpg
[2011/12/30 22:29:13 | 000,001,374 | -HS- | M] () -- C:\Users\Kimphuong\Documents\AlbumArt_{8E7C75D3-3E48-4C0C-86C1-0B70A227787B}_Small.jpg
[2011/12/30 22:28:11 | 005,344,962 | ---- | M] () -- C:\Users\Kimphuong\Documents\Amazing Grace (My Chains Are Gone).mp3
[2011/12/30 22:27:54 | 000,008,580 | -HS- | M] () -- C:\Users\Kimphuong\Documents\AlbumArt_{F7D4951E-E15D-489E-92CC-0B7719F6221D}_Large.jpg
[2011/12/30 22:27:49 | 000,002,194 | -HS- | M] () -- C:\Users\Kimphuong\Documents\AlbumArt_{F7D4951E-E15D-489E-92CC-0B7719F6221D}_Small.jpg
[2011/12/21 21:44:54 | 006,823,181 | ---- | M] () -- C:\Users\Kimphuong\Documents\A Thousand Years.mp3
[2011/12/21 21:44:05 | 005,911,843 | ---- | M] () -- C:\Users\Kimphuong\Documents\Realize.mp3
[2011/12/21 21:43:33 | 004,571,952 | ---- | M] () -- C:\Users\Kimphuong\Documents\Lucky.mp3
[2011/12/21 21:42:14 | 003,704,155 | ---- | M] () -- C:\Users\Kimphuong\Documents\Who You Are.mp3
[2011/12/21 21:39:17 | 008,951,319 | ---- | M] () -- C:\Users\Kimphuong\Documents\Price Tag.mp3
[2011/12/21 21:28:45 | 003,540,159 | ---- | M] () -- C:\Users\Kimphuong\Documents\Better With The Lights Off.mp3
[2011/12/21 21:28:34 | 005,041,446 | ---- | M] () -- C:\Users\Kimphuong\Documents\I Can't Make You Love Me.mp3
[2011/12/21 21:09:41 | 004,127,662 | ---- | M] () -- C:\Users\Kimphuong\Documents\It Will Rain.mp3
[2011/12/21 21:07:21 | 003,711,172 | ---- | M] () -- C:\Users\Kimphuong\Documents\show it.mp3
[2011/12/21 21:07:08 | 005,814,205 | ---- | M] () -- C:\Users\Kimphuong\Documents\Say (All I Need).mp3
[2011/12/16 03:43:59 | 000,424,680 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/12/15 19:55:19 | 000,001,973 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2011/12/15 10:13:32 | 005,408,130 | ---- | M] () -- C:\Users\Kimphuong\Documents\be my baby.mp3
[2011/12/13 23:12:46 | 000,001,653 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011/12/11 01:56:21 | 020,511,917 | ---- | M] () -- C:\Users\Kimphuong\Desktop\UNICEF Tap Project 2011.flv
[2 C:\Users\Kimphuong\Documents\*.tmp files -> C:\Users\Kimphuong\Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/12/30 22:29:13 | 000,005,540 | -HS- | C] () -- C:\Users\Kimphuong\Documents\AlbumArt_{8E7C75D3-3E48-4C0C-86C1-0B70A227787B}_Large.jpg
[2011/12/30 22:29:13 | 000,001,374 | -HS- | C] () -- C:\Users\Kimphuong\Documents\AlbumArt_{8E7C75D3-3E48-4C0C-86C1-0B70A227787B}_Small.jpg
[2011/12/30 22:27:58 | 000,008,580 | -HS- | C] () -- C:\Users\Kimphuong\Documents\AlbumArt_{F7D4951E-E15D-489E-92CC-0B7719F6221D}_Large.jpg
[2011/12/30 22:27:58 | 000,002,194 | -HS- | C] () -- C:\Users\Kimphuong\Documents\AlbumArt_{F7D4951E-E15D-489E-92CC-0B7719F6221D}_Small.jpg
[2011/12/21 21:44:03 | 006,823,181 | ---- | C] () -- C:\Users\Kimphuong\Documents\A Thousand Years.mp3
[2011/12/21 21:42:54 | 005,911,843 | ---- | C] () -- C:\Users\Kimphuong\Documents\Realize.mp3
[2011/12/21 21:42:38 | 004,571,952 | ---- | C] () -- C:\Users\Kimphuong\Documents\Lucky.mp3
[2011/12/21 21:42:01 | 006,080,931 | ---- | C] () -- C:\Users\Kimphuong\Documents\I Never Told you.mp3
[2011/12/21 21:40:29 | 003,704,155 | ---- | C] () -- C:\Users\Kimphuong\Documents\Who You Are.mp3
[2011/12/21 21:34:11 | 008,951,319 | ---- | C] () -- C:\Users\Kimphuong\Documents\Price Tag.mp3
[2011/12/21 21:27:06 | 005,041,446 | ---- | C] () -- C:\Users\Kimphuong\Documents\I Can't Make You Love Me.mp3
[2011/12/21 21:24:04 | 003,540,159 | ---- | C] () -- C:\Users\Kimphuong\Documents\Better With The Lights Off.mp3
[2011/12/21 21:09:35 | 004,127,662 | ---- | C] () -- C:\Users\Kimphuong\Documents\It Will Rain.mp3
[2011/12/21 21:05:54 | 005,814,205 | ---- | C] () -- C:\Users\Kimphuong\Documents\Say (All I Need).mp3
[2011/12/15 10:03:38 | 005,408,130 | ---- | C] () -- C:\Users\Kimphuong\Documents\be my baby.mp3
[2011/12/15 10:03:10 | 003,711,172 | ---- | C] () -- C:\Users\Kimphuong\Documents\show it.mp3
[2011/12/13 23:12:46 | 000,001,653 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011/12/11 01:52:05 | 020,511,917 | ---- | C] () -- C:\Users\Kimphuong\Desktop\UNICEF Tap Project 2011.flv
[2011/06/30 23:48:24 | 000,116,224 | ---- | C] () -- C:\Windows\System32\redmonnt.dll
[2011/06/30 23:48:24 | 000,045,056 | ---- | C] () -- C:\Windows\System32\unredmon.exe
[2011/06/30 23:39:18 | 000,116,224 | ---- | C] () -- C:\Windows\System32\pdfmonnt.dll
[2011/06/30 23:39:15 | 000,000,164 | ---- | C] () -- C:\Windows\System32\psconv.ini
[2011/06/30 16:22:01 | 000,004,972 | ---- | C] () -- C:\ProgramData\ojobkspa.ako
[2011/06/30 15:42:20 | 000,165,376 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2010/10/27 21:42:23 | 000,001,940 | ---- | C] () -- C:\Users\Kimphuong\AppData\Local\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
[2010/08/25 19:30:02 | 000,439,308 | ---- | C] () -- C:\Windows\System32\igcompkrng500.bin
[2010/08/25 19:30:00 | 000,982,240 | ---- | C] () -- C:\Windows\System32\igkrng500.bin
[2010/08/25 19:30:00 | 000,092,356 | ---- | C] () -- C:\Windows\System32\igfcg500m.bin
[2010/08/25 18:57:00 | 000,000,151 | ---- | C] () -- C:\Windows\System32\GfxUI.exe.config
[2010/08/25 18:52:00 | 000,208,896 | ---- | C] () -- C:\Windows\System32\iglhsip32.dll
[2010/08/25 18:52:00 | 000,143,360 | ---- | C] () -- C:\Windows\System32\iglhcp32.dll
[2010/04/05 18:39:48 | 000,007,052 | ---- | C] () -- C:\Users\Kimphuong\AppData\Local\d3d9caps.dat
[2010/01/15 22:05:09 | 000,002,560 | ---- | C] () -- C:\Windows\_MSRSTRT.EXE
[2009/09/16 18:27:58 | 000,508,224 | ---- | C] () -- C:\Windows\System32\ICCProfiles.dll
[2009/09/10 19:06:51 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/09/10 19:06:51 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009/05/13 20:58:19 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009/05/13 18:51:24 | 000,077,824 | ---- | C] () -- C:\Users\Kimphuong\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/05/13 18:49:51 | 000,024,944 | ---- | C] () -- C:\Users\Kimphuong\AppData\Roaming\wklnhst.dat
[2009/05/05 23:52:22 | 000,147,172 | ---- | C] () -- C:\Windows\System32\igfcg550.bin
[2009/05/05 23:52:21 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1576.dll
[2009/05/05 23:52:19 | 000,004,608 | ---- | C] () -- C:\Windows\System32\HdmiCoin.dll
[2009/05/05 23:47:39 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2009/05/05 21:53:01 | 000,471,040 | ---- | C] () -- C:\Windows\System32\PSTImage.dll
[2009/05/05 21:53:01 | 000,385,024 | ---- | C] () -- C:\Windows\System32\STODD.dll
[2009/05/05 21:53:01 | 000,380,928 | ---- | C] () -- C:\Windows\System32\STODDRD.dll
[2009/05/05 21:53:01 | 000,266,240 | ---- | C] () -- C:\Windows\System32\STODDIM.dll
[2009/05/05 21:53:01 | 000,253,952 | ---- | C] () -- C:\Windows\System32\STODDSC.dll
[2009/05/05 21:53:01 | 000,229,376 | ---- | C] () -- C:\Windows\System32\STFiles.dll
[2009/05/05 21:53:01 | 000,122,880 | ---- | C] () -- C:\Windows\System32\STLog.dll
[2009/05/05 21:53:01 | 000,118,784 | ---- | C] () -- C:\Windows\System32\STCrypto.dll
[2009/05/05 21:53:01 | 000,115,712 | ---- | C] () -- C:\Windows\System32\STNLS.dll
[2009/05/05 21:53:01 | 000,110,592 | ---- | C] () -- C:\Windows\System32\PSTVdsDisk.dll
[2009/05/05 21:53:01 | 000,106,496 | ---- | C] () -- C:\Windows\System32\STPE.dll
[2009/05/05 21:53:01 | 000,098,304 | ---- | C] () -- C:\Windows\System32\STFileMonitor.dll
[2009/05/05 21:53:01 | 000,094,208 | ---- | C] () -- C:\Windows\System32\STMsXml.dll
[2009/05/05 21:53:01 | 000,077,824 | ---- | C] () -- C:\Windows\System32\STLangXml.dll
[2009/05/05 21:53:01 | 000,069,632 | ---- | C] () -- C:\Windows\System32\STRegistry.dll
[2009/05/05 21:53:01 | 000,066,048 | ---- | C] () -- C:\Windows\System32\STWiz.dll
[2009/05/05 21:53:01 | 000,065,536 | ---- | C] () -- C:\Windows\System32\STProcess.dll
[2009/05/05 21:53:00 | 000,126,976 | ---- | C] () -- C:\Windows\System32\STWmiM.dll
[2009/05/05 21:53:00 | 000,102,400 | ---- | C] () -- C:\Windows\System32\STShellVC6.dll
[2009/05/05 21:53:00 | 000,090,112 | ---- | C] () -- C:\Windows\System32\wnaspi32.dll
[2009/05/05 21:53:00 | 000,073,728 | ---- | C] () -- C:\Windows\System32\zlib1.dll
[2009/05/05 21:52:59 | 000,053,248 | ---- | C] () -- C:\Windows\System32\STCoreXml.dll
[2009/05/05 21:52:58 | 001,118,208 | ---- | C] () -- C:\Windows\System32\libxml2.dll
[2009/05/05 21:23:42 | 000,000,075 | RHS- | C] () -- C:\Windows\CT4CET.bin
[2008/02/03 17:11:25 | 000,000,000 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2007/02/19 02:32:34 | 000,106,496 | ---- | C] () -- C:\Windows\System32\dlbuinsr.dll
[2007/02/19 02:32:30 | 000,036,864 | ---- | C] () -- C:\Windows\System32\dlbucur.dll
[2007/02/19 02:32:08 | 000,135,168 | ---- | C] () -- C:\Windows\System32\dlbujswr.dll
[2007/02/19 02:29:24 | 000,176,128 | ---- | C] () -- C:\Windows\System32\dlbuinsb.dll
[2007/02/19 02:29:20 | 000,086,016 | ---- | C] () -- C:\Windows\System32\dlbucub.dll
[2007/02/19 02:29:14 | 000,073,728 | ---- | C] () -- C:\Windows\System32\dlbucu.dll
[2007/02/19 02:29:10 | 000,159,744 | ---- | C] () -- C:\Windows\System32\dlbuins.dll
[2007/02/19 02:28:10 | 000,434,176 | ---- | C] () -- C:\Windows\System32\dlbuutil.dll
[2007/02/07 12:57:16 | 000,344,064 | ---- | C] () -- C:\Windows\System32\dlbucoin.dll
[2007/01/22 07:19:00 | 000,069,632 | ---- | C] () -- C:\Windows\System32\dlbucfg.dll
[2006/11/02 06:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 06:47:37 | 000,424,680 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 06:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 04:33:01 | 000,607,406 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 04:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 04:33:01 | 000,105,014 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 04:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 04:25:44 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2006/11/02 04:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 02:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 02:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 01:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 01:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2005/08/18 06:26:46 | 000,040,960 | ---- | C] () -- C:\Windows\System32\dlbuvs.dll
[2005/05/25 13:07:26 | 000,061,440 | ---- | C] () -- C:\Windows\System32\dlbucnv4.dll

========== LOP Check ==========

[2011/11/16 01:12:25 | 000,000,000 | ---D | M] -- C:\Users\Kimphuong\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2011/11/19 09:18:21 | 000,000,000 | ---D | M] -- C:\Users\Kimphuong\AppData\Roaming\Downloaded Installations
[2011/06/30 19:43:56 | 000,000,000 | ---D | M] -- C:\Users\Kimphuong\AppData\Roaming\ImTOO
[2011/06/30 15:43:03 | 000,000,000 | ---D | M] -- C:\Users\Kimphuong\AppData\Roaming\Leawo
[2011/06/30 15:43:05 | 000,000,000 | ---D | M] -- C:\Users\Kimphuong\AppData\Roaming\Leawo Video2AVI v2
[2010/11/05 00:20:31 | 000,000,000 | ---D | M] -- C:\Users\Kimphuong\AppData\Roaming\LimeWire
[2011/06/30 16:22:05 | 000,000,000 | ---D | M] -- C:\Users\Kimphuong\AppData\Roaming\MOVAVI
[2011/06/30 15:43:05 | 000,000,000 | ---D | M] -- C:\Users\Kimphuong\AppData\Roaming\Moyea
[2009/08/30 23:29:03 | 000,000,000 | ---D | M] -- C:\Users\Kimphuong\AppData\Roaming\MusicNet
[2011/12/09 08:59:14 | 000,000,000 | ---D | M] -- C:\Users\Kimphuong\AppData\Roaming\Nitro PDF
[2011/02/09 10:35:03 | 000,000,000 | ---D | M] -- C:\Users\Kimphuong\AppData\Roaming\ooVoo Details
[2011/11/16 09:08:57 | 000,000,000 | ---D | M] -- C:\Users\Kimphuong\AppData\Roaming\PDFlite
[2011/05/27 18:09:15 | 000,000,000 | ---D | M] -- C:\Users\Kimphuong\AppData\Roaming\Registry Mechanic
[2009/05/13 18:49:52 | 000,000,000 | ---D | M] -- C:\Users\Kimphuong\AppData\Roaming\Template
[2010/05/19 23:23:13 | 000,000,000 | ---D | M] -- C:\Users\Kimphuong\AppData\Roaming\ViiKiiDesktopPlugin.5E22EA0FF243470AB5EDDF282C0A5B52E9909C36.1
[2012/01/05 16:15:47 | 000,032,600 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Files - Unicode (All) ==========
[2011/12/03 10:23:25 | 011,368,458 | ---- | M] ()(C:\Users\Kimphuong\Documents\???? (??).mp3) -- C:\Users\Kimphuong\Documents\빙글빙글 (나미).mp3
[2011/12/03 10:21:58 | 007,464,960 | ---- | M] ()(C:\Users\Kimphuong\Documents\?? ???? ?? (???).mp3) -- C:\Users\Kimphuong\Documents\크게 라디오를 켜고 (시나위).mp3
[2011/12/03 10:21:26 | 008,308,746 | ---- | M] ()(C:\Users\Kimphuong\Documents\???? (???).mp3) -- C:\Users\Kimphuong\Documents\빗속에서 (이문세).mp3
[2011/12/03 10:20:15 | 010,733,297 | ---- | M] ()(C:\Users\Kimphuong\Documents\?? ??(?????).mp3) -- C:\Users\Kimphuong\Documents\붉은 노을(나는가수다).mp3
[2011/12/03 10:19:22 | 008,308,746 | ---- | C] ()(C:\Users\Kimphuong\Documents\???? (???).mp3) -- C:\Users\Kimphuong\Documents\빗속에서 (이문세).mp3
[2011/12/03 10:17:35 | 011,368,458 | ---- | C] ()(C:\Users\Kimphuong\Documents\???? (??).mp3) -- C:\Users\Kimphuong\Documents\빙글빙글 (나미).mp3
[2011/12/03 10:16:27 | 010,733,297 | ---- | C] ()(C:\Users\Kimphuong\Documents\?? ??(?????).mp3) -- C:\Users\Kimphuong\Documents\붉은 노을(나는가수다).mp3
[2011/12/03 10:15:24 | 007,464,960 | ---- | C] ()(C:\Users\Kimphuong\Documents\?? ???? ?? (???).mp3) -- C:\Users\Kimphuong\Documents\크게 라디오를 켜고 (시나위).mp3
[2011/10/09 23:31:54 | 000,840,192 | ---- | M] ()(C:\Users\Kimphuong\Documents\N?i Quy.ppt) -- C:\Users\Kimphuong\Documents\Nội Quy.ppt
[2011/10/09 23:31:50 | 000,840,192 | ---- | C] ()(C:\Users\Kimphuong\Documents\N?i Quy.ppt) -- C:\Users\Kimphuong\Documents\Nội Quy.ppt
[2009/12/29 21:26:48 | 001,959,529 | ---- | M] ()(C:\Users\Kimphuong\Documents\TNTT Đ?ng Ph?c.docx) -- C:\Users\Kimphuong\Documents\TNTT Đồng Phục.docx
[2009/12/29 21:25:34 | 001,959,529 | ---- | C] ()(C:\Users\Kimphuong\Documents\TNTT Đ?ng Ph?c.docx) -- C:\Users\Kimphuong\Documents\TNTT Đồng Phục.docx
[2009/07/26 19:35:55 | 000,026,112 | ---- | M] ()(C:\Users\Kimphuong\Documents\BÁNH B̉ NU?NG 1.doc) -- C:\Users\Kimphuong\Documents\BÁNH B̉ NƯỚNG 1.doc
[2009/07/26 19:35:54 | 000,026,112 | ---- | C] ()(C:\Users\Kimphuong\Documents\BÁNH B̉ NU?NG 1.doc) -- C:\Users\Kimphuong\Documents\BÁNH B̉ NƯỚNG 1.doc
[2009/07/26 08:34:16 | 000,026,112 | ---- | M] ()(C:\Users\Kimphuong\Documents\BÁNH B̉ NU?NG.doc) -- C:\Users\Kimphuong\Documents\BÁNH B̉ NƯỚNG.doc
[2009/07/26 08:34:15 | 000,026,112 | ---- | C] ()(C:\Users\Kimphuong\Documents\BÁNH B̉ NU?NG.doc) -- C:\Users\Kimphuong\Documents\BÁNH B̉ NƯỚNG.doc

========== Alternate Data Streams ==========

@Alternate Data Stream - 64 bytes -> C:\Users\Kimphuong\Documents\Why-Can-t-We-Be-Friends.mp3:TOC.WMV
@Alternate Data Stream - 64 bytes -> C:\Users\Kimphuong\Documents\Give Me Everything (Tonight) - Pitbull Ft. Ne-Yo.mp3:TOC.WMV
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:5D432CE3
@Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:D1B5B4F1

< End of report >
  • 0

#5
Essexboy
Posted 05 January 2012 - 04:39 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Once Malwarebytes has finished can you let me know what problems you are having
  • 0

#6
KP Nguyen
Posted 05 January 2012 - 05:04 PM

KP Nguyen

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
Here is the log from Malwarebytes after the Quick Scan and computer restart. I haven't seen any problems but I just restarted the computer. Should I attempt to scan on Norton to make sure? Thanks a lot for the help. :)

Malwarebytes Anti-Malware (Trial) 1.60.0.1800
www.malwarebytes.org

Database version: v2012.01.05.05

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
Kimphuong :: KIMPHUONG-PC [administrator]

Protection: Enabled

1/5/2012 4:42:18 PM
mbam-log-2012-01-05 (16-42-18).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 193951
Time elapsed: 6 minute(s), 20 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 1
C:\Program Files\Windows Live\Messenger\msimg32.dll (PUP.FunWebProducts) -> Delete on reboot.

Registry Keys Detected: 119
HKCR\CLSID\{07B18EAB-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\TypeLib\{07B18EA0-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\Interface\{07B18EAA-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\MyWebSearchToolBar.SettingsPlugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\MyWebSearchToolBar.SettingsPlugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EAB-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{07B18EAB-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CLSID\{0F8ECF4F-3646-4C3A-8881-8E138FFCAF70} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\TypeLib\{8CA01F0E-987C-49C3-B852-2F1AC4A7094C} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\Interface\{1093995A-BA37-41D2-836E-091067C4AD17} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\FunWebProducts.IECookiesManager.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\FunWebProducts.IECookiesManager (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CLSID\{147A976F-EEE1-4377-8EA7-4716E4CDD239} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CLSID\{1E0DE227-5CE4-4ea3-AB0C-8B03E1AA76BC} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CLSID\{25560540-9571-4D7B-9389-0F166788785A} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\TypeLib\{C8CECDE3-1AE1-4C4A-AD82-6D5B00212144} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\Interface\{17DE5E5E-BFE3-4E83-8E1F-8755795359EC} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\FunWebProducts.DataControl.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\FunWebProducts.DataControl (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{25560540-9571-4D7B-9389-0F166788785A} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CLSID\{3DC201FB-E9C9-499C-A11F-23C360D7C3F8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\FunWebProducts.HTMLMenu.2 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\FunWebProducts.HTMLMenu (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3DC201FB-E9C9-499C-A11F-23C360D7C3F8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CLSID\{3E720452-B472-4954-B7AA-33069EB53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\TypeLib\{3E720450-B472-4954-B7AA-33069EB53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\Interface\{3E720451-B472-4954-B7AA-33069EB53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\MyWebSearch.HTMLPanel.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\MyWebSearch.HTMLPanel (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3E720452-B472-4954-B7AA-33069EB53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CLSID\{53CED2D0-5E9A-4761-9005-648404E6F7E5} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\MyWebSearchToolBar.ToolbarPlugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\MyWebSearchToolBar.ToolbarPlugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CLSID\{63D0ED2C-B45B-4458-8B3B-60C69BBBD83C} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\TypeLib\{8E6F1830-9607-4440-8530-13BE7C4B1D14} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\Interface\{63D0ED2B-B45B-4458-8B3B-60C69BBBD83C} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\FunWebProducts.PopSwatterSettingsControl.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\FunWebProducts.PopSwatterSettingsControl (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{63D0ED2C-B45B-4458-8B3B-60C69BBBD83C} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CLSID\{7473D292-B7BB-4f24-AE82-7E2CE94BB6A9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\TypeLib\{7473D290-B7BB-4f24-AE82-7E2CE94BB6A9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\Interface\{7473D291-B7BB-4F24-AE82-7E2CE94BB6A9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CLSID\{7473D294-B7BB-4f24-AE82-7E2CE94BB6A9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\MyWebSearch.PseudoTransparentPlugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\MyWebSearch.PseudoTransparentPlugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7473D294-B7BB-4F24-AE82-7E2CE94BB6A9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CLSID\{7473D296-B7BB-4f24-AE82-7E2CE94BB6A9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CLSID\{84DA4FDF-A1CF-4195-8688-3E961F505983} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CLSID\{8E6F1832-9607-4440-8530-13BE7C4B1D14} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\FunWebProducts.PopSwatterBarButton.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\FunWebProducts.PopSwatterBarButton (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CLSID\{938AA51A-996C-4884-98CE-80DD16A5C9DA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CLSID\{98D9753D-D73B-42D5-8C85-4469CDA897AB} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\FunWebProducts.HTMLMenu.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{98D9753D-D73B-42D5-8C85-4469CDA897AB} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CLSID\{9FF05104-B030-46FC-94B8-81276E4E27DF} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\TypeLib\{29D67D3C-509A-4544-903F-C8C1B8236554} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\Interface\{2E3537FC-CF2F-4F56-AF54-5A6A3DD375CC} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\ScreenSaverControl.ScreenSaverInstaller.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\ScreenSaverControl.ScreenSaverInstaller (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{9FF05104-B030-46FC-94B8-81276E4E27DF} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CLSID\{A4730EBE-43A6-443e-9776-36915D323AD3} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CLSID\{A9571378-68A1-443d-B082-284F960C6D17} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CLSID\{ADB01E81-3C79-4272-A0F1-7B2BE7A782DC} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\MyWebSearch.OutlookAddin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\MyWebSearch.OutlookAddin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CLSID\{B813095C-81C0-4E40-AA14-67520372B987} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\FunWebProducts.KillerObjManager.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\FunWebProducts.KillerObjManager (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CLSID\{C9D7BE3E-141A-4C85-8CD6-32461F3DF2C7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\FunWebProducts.HistoryKillerScheduler.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\FunWebProducts.HistoryKillerScheduler (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CLSID\{CFF4CE82-3AA2-451F-9B77-7165605FB835} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\FunWebProducts.HistorySwatterControlBar.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\FunWebProducts.HistorySwatterControlBar (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CLSID\{D9FFFB27-D62A-4D64-8CEC-1FF006528805} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\TypeLib\{0D26BC71-A633-4E71-AD31-EADC3A1B6A3A} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\Interface\{E342AF55-B78A-4CD0-A2BB-DA7F52D9D25E} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CLSID\{E79DFBCA-5697-4fbd-94E5-5B2A9C7C1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\TypeLib\{E79DFBC0-5697-4fbd-94E5-5B2A9C7C1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\Interface\{72EE7F04-15BD-4845-A005-D6711144D86A} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\MyWebSearch.ChatSessionPlugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\MyWebSearch.ChatSessionPlugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{E79DFBCA-5697-4FBD-94E5-5B2A9C7C1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\Typelib\{D518921A-4A03-425E-9873-B9A71756821E} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\Interface\{CF54BE1C-9359-4395-8533-1657CF209CFE} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\Typelib\{E47CAEE0-DEEA-464A-9326-3F2801535A4D} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\Interface\{3E1656ED-F60E-4597-B6AA-B6A58E171495} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\Typelib\{F42228FB-E84E-479E-B922-FBBD096E792C} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\Interface\{6E74766C-4D93-4CC0-96D1-47B8E07FF9CA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{00A6FAF1-072E-44cf-8957-5838F569A31D} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00A6FAF1-072E-44cf-8957-5838F569A31D} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{07B18EA1-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA1-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{07B18EA9-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA9-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00A6FAF6-072E-44CF-8957-5838F569A31D} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1E0DE227-5CE4-4EA3-AB0C-8B03E1AA76BC} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59C7FC09-1C83-4648-B3E6-003D2BBC7481} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68AF847F-6E91-45dd-9B68-D6A12C30E5D7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170B96C-28D4-4626-8358-27E6CAEEF907} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D1A71FA0-FF48-48dd-9B6D-7A13A3E42127} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{DDB1968E-EAD6-40fd-8DAE-FF14757F60C7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F138D901-86F0-4383-99B6-9CDD406036DA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKCU\Software\avsoft (Trojan.Fraudpack) -> Quarantined and deleted successfully.
HKCU\Software\avsuite (Rogue.AntivirusSuite) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\FocusInteractive (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\FunWebProducts (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Office\Outlook\Addins\MyWebSearch.OutlookAddin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Office\Word\Addins\MyWebSearch.OutlookAddin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MyWebSearch bar Uninstall (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Registry Values Detected: 3
HKCU\SOFTWARE\Microsoft\Internet Explorer\MenuExt\&Search| (Adware.Hotbar) -> Data: http://edits.mywebse...?p=ZJxdm431YYUS -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows Media\WMSDK\Sources|f3PopularScreensavers (Adware.MyWebSearch) -> Data: C:\Program Files\MyWebSearch\bar\1.bin\F3SCRCTR.DLL -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform|FunWebProducts (Adware.MyWebSearch) -> Data: -> Quarantined and deleted successfully.

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 3
C:\Program Files\FunWebProducts (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\ScreenSaver (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\ScreenSaver\Images (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Files Detected: 4
C:\Program Files\Windows Live\Messenger\msimg32.dll (PUP.FunWebProducts) -> Delete on reboot.
C:\Windows\System32\f3PSSavr.scr (PUP.FunWebProducts) -> Quarantined and deleted successfully.
C:\Users\Kimphuong\Downloads\cnet2_setup-cnet_exe.exe (PUP.CNET.Adware.Bundle) -> Quarantined and deleted successfully.
C:\Windows\System32\f3PSSavr.scr (Trojan.Agent) -> Quarantined and deleted successfully.

(end)
  • 0

#7
Essexboy
Posted 06 January 2012 - 12:18 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Most of that was mywebserach remnants and the CNET downloader.. As an aside I never use that site now due to the wrapper they use

Sure run a quick Norton scan and let me know if it finds anything
  • 0

#8
Essexboy
Posted 10 January 2012 - 04:00 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Subject to no further problems :)

I will remove my tools now and give some recommendations, but, I would like you to run for 24 hours or so and come back if you have any problems

Now the best part of the day ----- Your log now appears clean :thumbsup:

A good workman always cleans up after himself so..The following will implement some cleanup procedures as well as reset System Restore points:

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :Commands
    [resethosts]
    [emptytemp]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done

Run OTL and hit the cleanup button. It will remove all the programmes we have used plus itself.

We will now confirm that your hidden files are set to that, as some of the tools I use will change that
  • Click Start.
  • Open My Computer.
  • Select the Tools menu and click Folder Options.
  • Select the View Tab.
  • Under the Hidden files and folders heading select Do not show hidden files and folders.
  • Click Yes to confirm.
  • Click OK.

Posted Image
Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system.
Please follow these steps to remove older version of Java components and upgrade the application.

Upgrading Java:
  • Go to this site and click Do I have Java
  • It will check your current version and then offer to update to the latest version

SPRING CLEAN

To manually create a new Restore Point
  • Go to Control Panel and select System
  • Select System
  • On the left select System Protection and accept the warning if you get one
  • Select System Protection Tab
  • Select Create at the bottom
  • Type in a name i.e. Clean
  • Select Create

Now we can purge the infected ones
  • GoStart > All programs > Accessories > system tools
  • Right click Disc cleanup and select run as administrator
  • Select Your main drive and accept the warning if you get one
  • For a few moments the system will make some calculations
  • Select the More Options tab
  • In the System Restore and Shadow Backups select Clean up
  • Select Delete on the pop up
  • Select OK
  • Select Delete

Now that you are clean, to help protect your computer in the future I recommend that you get the following free programmes:
Posted Image
Malwarebytes. Update and run weekly to keep your system clean

Download and install FileHippo update checker and run it monthly it will show you which programmes on your system need updating and give a download link

It is critical to have both a firewall and anti virus to protect your system and to keep them updated. To keep your operating system up to date visit

To learn more about how to protect yourself while on the internet read our little guide How did I get infected in the first place ?

Keep safe :wave:
  • 0

#9
Essexboy
Posted 12 January 2012 - 02:44 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP