If so, any brief info about the malware/spyware would be much appreciated.
Thanks.
OTL logfile created on: 08/10/2013 22:59:49 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Administrator\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
2.00 Gb Total Physical Memory | 1.11 Gb Available Physical Memory | 55.41% Memory free
3.85 Gb Paging File | 3.16 Gb Available in Paging File | 82.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 55.88 Gb Total Space | 16.50 Gb Free Space | 29.53% Space Free | Partition Type: NTFS
Drive D: | 93.17 Gb Total Space | 17.48 Gb Free Space | 18.76% Space Free | Partition Type: NTFS
Computer Name: EU4DPJ12ERS95ID | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2013/10/08 22:59:04 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
PRC - [2013/10/01 07:12:08 | 000,274,840 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2013/07/13 16:07:35 | 000,217,992 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\1.3.21.153\GoogleCrashHandler.exe
PRC - [2013/06/24 20:59:28 | 000,182,184 | ---- | M] (Oracle Corporation) -- C:\Program Files\Java\jre7\bin\jqs.exe
PRC - [2013/06/06 00:28:40 | 027,370,808 | ---- | M] (Dropbox, Inc.) -- C:\Documents and Settings\Administrator\Application Data\Dropbox\bin\Dropbox.exe
PRC - [2013/03/28 16:32:38 | 001,106,288 | ---- | M] (Samsung) -- C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
PRC - [2013/03/28 16:32:32 | 001,511,792 | ---- | M] (Samsung) -- C:\Program Files\Samsung\Kies\Kies.exe
PRC - [2013/02/05 15:54:40 | 000,233,472 | ---- | M] (Teruten) -- C:\WINDOWS\system32\FsUsbExService.Exe
PRC - [2010/12/28 08:26:36 | 001,432,064 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/03/21 18:50:00 | 000,163,840 | ---- | M] (Syntek Ltd.) -- C:\WINDOWS\STK02N\STK02NM.exe
PRC - [2007/03/21 18:38:00 | 000,163,840 | ---- | M] (Syntek Ltd.) -- C:\WINDOWS\STK02H\STK02HM.exe
========== Modules (No Company Name) ==========
MOD - [2013/10/01 07:12:07 | 003,279,768 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2013/09/11 15:44:18 | 016,177,544 | ---- | M] () -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_8_800_168.dll
MOD - [2013/04/08 11:14:59 | 017,490,432 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Kies.Theme\94e19e415fd9426fe444235f56cdb9fe\Kies.Theme.ni.dll
MOD - [2013/04/08 11:14:57 | 000,306,176 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\DummyStorePlugin\808b449cf795fb003653acbd7fddd7ae\DummyStorePlugin.ni.dll
MOD - [2013/04/08 11:14:56 | 000,602,112 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\DevicePodcast\30f6666888027eadeb727a7b0a8d9acf\DevicePodcast.ni.dll
MOD - [2013/04/08 11:14:53 | 000,288,256 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\DeviceVideo\12f2b0fbd7bd7911cba6f527ee77ad76\DeviceVideo.ni.dll
MOD - [2013/04/08 11:14:52 | 000,338,944 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\DevicePhoto\95c0b1e0159893898e31d989ef0eb995\DevicePhoto.ni.dll
MOD - [2013/04/08 11:14:50 | 000,296,448 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\DeviceMusic\de388c545a2a2d1613328f8c30e67efd\DeviceMusic.ni.dll
MOD - [2013/04/08 11:14:49 | 000,453,120 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\VideoManager\3862b9dbe895bcd0bf59fe810d2c77f9\VideoManager.ni.dll
MOD - [2013/04/08 11:14:47 | 000,747,008 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\PhotoManager\471348950618a60f2c0391778b292d54\PhotoManager.ni.dll
MOD - [2013/04/08 11:14:44 | 001,929,216 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Phonebook\33519f9eb63e294f519b4ecd3cacc962\Phonebook.ni.dll
MOD - [2013/04/08 11:14:38 | 000,909,312 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\MusicManager\9fb603c21834a60dc0a7f1ecc2bbc562\MusicManager.ni.dll
MOD - [2013/04/08 11:14:35 | 000,394,240 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\BATPlugin\458adc14c790a8d93d88868d8fe5eb98\BATPlugin.ni.dll
MOD - [2013/04/08 11:14:33 | 000,512,000 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Kies.Common.MediaDB\180d111a1c0767db67f4226904a5ec12\Kies.Common.MediaDB.ni.dll
MOD - [2013/04/08 11:14:33 | 000,028,672 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Kies.Common.StoreMa#\c56909d17c3f04acba5e8119e8ae50f6\Kies.Common.StoreManager.ni.dll
MOD - [2013/04/08 11:14:31 | 000,062,976 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Kies.Common.AllShare\6c0c99b7483c5597fd4d8e19d2b6d995\Kies.Common.AllShare.ni.dll
MOD - [2013/04/08 11:14:30 | 000,066,048 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Kies.Common.DBManag#\b6c474fd4d6fd6fe4eebf4ee7a87ae64\Kies.Common.DBManager.ni.dll
MOD - [2013/04/08 11:14:29 | 000,108,544 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Kies.Common.CRMMana#\7f5bb6a12793c853a9fd6396f90d0055\Kies.Common.CRMManager.ni.dll
MOD - [2013/04/08 11:14:28 | 000,196,608 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Kies.Common.MainUI\214c39331525116bba5aa03ef2d72096\Kies.Common.MainUI.ni.dll
MOD - [2013/04/08 11:14:27 | 000,281,600 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\da1135b01c9e94871515a84a1942684b\Kies.Common.DeviceServiceLib.FirmwareUpdate.Common.ni.dll
MOD - [2013/04/08 11:14:26 | 000,189,440 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\95a82c021d10eacdc9f584cfd29c14b8\Kies.Common.DeviceServiceLib.FirmwareUpdate.Downloader.ni.dll
MOD - [2013/04/08 11:14:25 | 000,175,616 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Interop.DevFileServ#\97de05e69f5a5299af5ed294209482dd\Interop.DevFileServiceLib.ni.dll
MOD - [2013/04/08 11:14:24 | 000,574,464 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\d40688708bafeb2dc4fc027e3045ee20\Kies.Common.DeviceServiceLib.FileService.ni.dll
MOD - [2013/04/08 11:14:22 | 001,164,288 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\b5fd979db1a546a678287c1989a6d785\Kies.Common.DeviceService.ni.dll
MOD - [2013/04/08 11:14:18 | 001,087,488 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Podcaster\cecb890c70c91319e7004c3614879968\Podcaster.ni.dll
MOD - [2013/04/08 11:14:14 | 000,689,664 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\DeviceCommonLib\e2016333f3ce241a803f9e1e85c782e3\DeviceCommonLib.ni.dll
MOD - [2013/04/08 11:14:12 | 000,714,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Kies.Plugin.Content#\9175042f06d42fae829346f2aa423184\Kies.Plugin.ContentsManagerLib.ni.dll
MOD - [2013/04/08 11:13:57 | 000,915,968 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\a96d3089ac68f9d1e90ad36cbed9e119\Kies.Common.DeviceServiceLib.DeviceManagement.ni.dll
MOD - [2013/04/08 11:13:57 | 000,045,056 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\bf79b7034e223dd5e0170629b2692670\Kies.Common.DeviceServiceLib.FirmwareUpdate.FirmwareUpdateAgentHelper.ni.dll
MOD - [2013/04/08 11:13:53 | 000,030,720 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Interop.PRPLAYERCOR#\62e3b1d0cea30bda0b2f0c77e9bd1e62\Interop.PRPLAYERCORELib.ni.dll
MOD - [2013/04/08 11:13:52 | 002,168,832 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Kies.Common.Multime#\6d94ce7898dc2630b3870980417cbc11\Kies.Common.Multimedia.ni.dll
MOD - [2013/04/08 11:13:46 | 000,185,856 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\55e78adde8d1123e261f68d417152622\Kies.Common.DeviceServiceLib.Interface.ni.dll
MOD - [2013/04/08 11:13:45 | 000,626,688 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\973c4296a1a0dfbba79209b3fbcfc526\Kies.Common.DeviceServiceLib.DeviceDataService.ni.dll
MOD - [2013/04/08 11:13:33 | 006,760,448 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\DeviceHost\0b5b4e0a3d64e4a0837c8b62301fa38f\DeviceHost.ni.dll
MOD - [2013/04/08 11:13:16 | 000,279,040 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Kies.Common.Util\c4e3223a03b5e7cdfa06ad8e38cc4e53\Kies.Common.Util.ni.dll
MOD - [2013/04/08 11:13:14 | 001,618,432 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Kies.Locale\d69cedda622b078dcff178aee52829c6\Kies.Locale.ni.dll
MOD - [2013/04/08 11:13:13 | 000,078,848 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Kies.MVVM\c2daac9e10649e5ebe9f16944eee7d5d\Kies.MVVM.ni.dll
MOD - [2013/04/08 11:13:12 | 001,813,504 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Kies.UI\059133cff6d55bf31188c1fa426cf79b\Kies.UI.ni.dll
MOD - [2013/04/08 11:13:08 | 001,252,864 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Kies.Interface\dd05013f61b2c59460e6bd777864e427\Kies.Interface.ni.dll
MOD - [2013/04/08 11:13:04 | 002,065,408 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Kies\8573eb5e1bac6f0ad5f0b71873365d7a\Kies.ni.exe
MOD - [2013/03/20 19:28:28 | 000,231,424 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\ASF_cSharpAPI\cb34d3670a2c8a087d1e2e76e2d24d90\ASF_cSharpAPI.ni.dll
MOD - [2013/03/20 19:12:14 | 000,052,224 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Interop.MP3FileInfo#\264c1653641f1c23c69360519b509335\Interop.MP3FileInfoCOMLib.ni.dll
MOD - [2013/03/20 19:12:14 | 000,032,256 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Interop.OGGFileInfo#\59b4b3f2d5220d5d211f2d2ee1171127\Interop.OGGFileInfoCOMLib.ni.dll
MOD - [2013/03/20 19:12:11 | 000,171,520 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Interop.P3MPINTERFA#\c554f87102e1b75c73c850530b16a5b6\Interop.P3MPINTERFACECTRLLib.ni.dll
MOD - [2013/03/20 19:10:27 | 000,394,240 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\CabLib\bf7d84702d92e3ab0f320a82d16c9a4a\CabLib.ni.dll
MOD - [2013/03/20 19:10:21 | 000,052,224 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Interop.DeviceSearc#\695a202ec9b010e9f1aa04b1ba81004e\Interop.DeviceSearchLib.ni.dll
MOD - [2013/03/20 19:10:01 | 000,154,112 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\GongSolutions.Wpf.D#\d7c5594e092123d20a438d56e5ff15cb\GongSolutions.Wpf.DragDrop.ni.dll
MOD - [2013/03/14 03:48:52 | 024,978,944 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Dropbox\bin\libcef.dll
MOD - [2012/11/14 06:32:50 | 003,558,400 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Dropbox\bin\wxmsw28uh_vc.dll
MOD - [2011/04/09 12:36:28 | 000,220,672 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.ServiceProce#\3f1613bcf5b9cf536359bfff7bd18a5a\System.ServiceProcess.ni.dll
MOD - [2011/04/09 12:36:11 | 000,767,488 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\9a7bb1e3cbae28550d7e796e9162dc58\System.Runtime.Remoting.ni.dll
MOD - [2011/04/09 12:35:12 | 001,776,640 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Xaml\d85a3d6ed5bb77f5603e098cccf60bfa\System.Xaml.ni.dll
MOD - [2011/04/09 01:27:34 | 011,057,664 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\PresentationCore\7a1eeb425f9318f432afead4b2da965a\PresentationCore.ni.dll
MOD - [2011/04/09 01:27:23 | 003,779,072 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\WindowsBase\f1f3a74eb37b27b7d05b8ffa941f8473\WindowsBase.ni.dll
MOD - [2011/04/09 01:27:15 | 007,025,664 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Core\85693dfd9ba4905b0fd947fdb51446d5\System.Core.ni.dll
MOD - [2011/04/09 01:27:14 | 000,973,312 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Configuration\ac2cd19f2159d48684e17cbdecfaa3b7\System.Configuration.ni.dll
MOD - [2011/04/09 01:27:12 | 005,571,584 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Xml\2d7c29ad77c15abfa6a8fe6d24840a91\System.Xml.ni.dll
MOD - [2011/04/09 01:27:05 | 009,000,960 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System\161c6f80ad93b0505054d244f1c6243c\System.ni.dll
MOD - [2011/04/09 01:26:56 | 014,415,872 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\mscorlib\4ff1f12a08d455f195ba996fe77497c6\mscorlib.ni.dll
MOD - [2011/01/01 06:58:15 | 017,632,256 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\c5076f9a8ecf90a4c86ac5cfcb9e5528\PresentationFramework.ni.dll
MOD - [2008/04/14 19:00:00 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll
MOD - [2008/04/14 19:00:00 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
========== Services (SafeList) ==========
SRV - [2013/10/01 07:12:07 | 000,118,680 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/09/11 15:44:19 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/06/24 20:59:28 | 000,182,184 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Program Files\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2013/06/21 09:53:36 | 000,162,408 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013/02/05 15:54:40 | 000,233,472 | ---- | M] (Teruten) [Auto | Running] -- C:\WINDOWS\system32\FsUsbExService.Exe -- (FsUsbExService)
SRV - [2005/10/06 18:12:30 | 000,855,552 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Media Connect 2\wmccds.exe -- (WMConnectCDS)
========== Driver Services (SafeList) ==========
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\idmtdi.sys -- (IDMTDI)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\BprotectEx.sys -- (BprotectEx)
DRV - [2013/08/08 10:25:30 | 000,064,480 | ---- | M] (Baidu, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\Bhbase.sys -- (Bhbase)
DRV - [2013/02/22 14:17:04 | 000,181,784 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssudmdm.sys -- (ssudmdm)
DRV - [2013/02/22 14:17:04 | 000,083,864 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssudbus.sys -- (dg_ssudbus)
DRV - [2013/02/05 15:54:40 | 000,037,344 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\FsUsbExDisk.Sys -- (FsUsbExDisk)
DRV - [2011/01/14 14:06:40 | 000,277,352 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2010/11/01 01:57:54 | 000,228,392 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\k57xp32.sys -- (k57w2k)
DRV - [2010/08/26 12:18:24 | 000,087,536 | ---- | M] (CyberLink Corp.) [2011/04/09 13:15:50] [Kernel | Auto | Running] -- C:\Program Files\CyberLink\PowerDVD10\NavFilter\000.fcl -- ({1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC})
DRV - [2010/08/20 10:49:08 | 000,027,632 | ---- | M] (CyberLink Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\clwvd.sys -- (clwvd)
DRV - [2008/09/24 09:40:22 | 004,122,368 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://th.hao123.com...hp_01_hao123_th
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://th.hao123.com...hp_01_hao123_th
IE - HKCU\..\URLSearchHook: - No CLSID value found
IE - HKCU\..\URLSearchHook: {fa887e92-8f5f-4ec9-99ca-09be0e4120d6} - C:\Program Files\AddThis Toolbar\Helper.dll ()
IE - HKCU\..\SearchScopes,DefaultScope = {D90F316B-087E-4B35-9D63-956DE2B2D7C9}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...Box&Form=IE8SRC
IE - HKCU\..\SearchScopes\{5DFC8C2B-A1EE-4DF6-B565-4FE894CF90F9}: "URL" = http://search.yahoo....p={searchTerms}
IE - HKCU\..\SearchScopes\{D90F316B-087E-4B35-9D63-956DE2B2D7C9}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.startup.homepage: "www.google.co.uk"
FF - prefs.js..extensions.enabledAddons: %7BFC5BAC7D-D696-4ba6-B913-CF8F000C33DF%7D:5.1.14
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:24.0
FF - prefs.js..network.proxy.autoconfig_url: "https://mediahint.co...om/default.pac"
FF - prefs.js..network.proxy.type: 2
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_8_800_168.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.5: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=8: C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\1.2.183.39\npGoogleOneClick8.dll (Google Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2011/04/09 12:19:24 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 24.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 24.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Documents and Settings\Administrator\Application Data\IDM\idmmzcc3 [2011/04/08 20:19:02 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\SeaMonkey\Extensions\\[email protected]: C:\Documents and Settings\Administrator\Application Data\IDM\idmmzcc3 [2011/04/08 20:19:02 | 000,000,000 | ---D | M]
[2011/04/08 18:53:43 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions
[2013/10/02 14:47:54 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\pf8wfa3x.default\extensions
[2013/03/06 08:07:19 | 000,000,000 | ---D | M] (New Tab King) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\pf8wfa3x.default\extensions\{FC5BAC7D-D696-4ba6-B913-CF8F000C33DF}
[2013/10/02 14:47:54 | 000,322,327 | ---- | M] () (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\pf8wfa3x.default\extensions\[email protected]
[2013/08/14 17:30:13 | 000,069,465 | ---- | M] () (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\pf8wfa3x.default\extensions\[email protected]
[2013/07/31 17:06:00 | 000,824,302 | ---- | M] () (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\pf8wfa3x.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2013/10/01 07:11:41 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2013/10/01 07:11:42 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2013/10/01 07:11:41 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2013/10/01 07:11:41 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2013/10/01 07:12:08 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
========== Chrome ==========
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: http://th.hao123.com...hp_01_hao123_th
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\30.0.1599.69\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\30.0.1599.69\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\30.0.1599.69\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Browser\nppdf32.dll
CHR - plugin: Microsoft00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Microsoft00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\1.2.183.39\npGoogleOneClick8.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll
CHR - plugin: Java Platform SE 7 U13 (Enabled) = C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: Windows Live00AE Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll
CHR - plugin: Java Deployment Toolkit 7.0.130.20 (Enabled) = C:\WINDOWS\system32\npDeployJava1.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: Google 0E400E2D0E010E2A0E320E23 = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: Google 0E440E140E230E1F0E4C = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: 0E040E490E190E2B0E320E420E140E22 Google = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Skype Click to Call = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.9.0.12585_0\
CHR - Extension: Chrome In-App Payments service = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.11_0\
CHR - Extension: Gmail = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
O1 HOSTS File: ([2011/04/09 12:20:57 | 000,000,764 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 activate.adobe.com
O2 - BHO: (IDMIEHlprObj Class) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll (Internet Download Manager, Tonec Inc.)
O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (AddThis Toolbar BHO) - {9EBF8AAF-0A31-4786-909A-97A0EF101743} - C:\Program Files\AddThis Toolbar\Toolbar.dll ()
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (AddThis Toolbar) - {B43176CC-4D9E-493B-A636-D9CBFE39C6DA} - C:\Program Files\AddThis Toolbar\Toolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (AddThis Toolbar) - {B43176CC-4D9E-493B-A636-D9CBFE39C6DA} - C:\Program Files\AddThis Toolbar\Toolbar.dll ()
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [KiesHelper] C:\Program Files\Samsung\Kies\KiesHelper.exe /s File not found
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKCU..\Run: [] C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe (Samsung)
O4 - HKCU..\Run: [KiesPDLR] C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe (Samsung)
O4 - HKCU..\Run: [KiesPreload] C:\Program Files\Samsung\Kies\Kies.exe (Samsung)
O4 - Startup: C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\Dropbox.lnk = C:\Documents and Settings\Administrator\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\STK02H 2.3 PNP Monitor.lnk = C:\WINDOWS\STK02H\STK02HM.exe (Syntek Ltd.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\STK02N 2.4 PNP Monitor.lnk = C:\WINDOWS\STK02N\STK02NM.exe (Syntek Ltd.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 189
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 189
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm ()
O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm ()
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm ()
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FCC9BD46-B9AB-4FA8-9B34-8E4F318C7F66}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/04/08 11:14:11 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
========== Files/Folders - Created Within 30 Days ==========
[2013/10/08 22:58:51 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2013/10/07 14:03:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\EXTRA DESKTOP 2014
[2013/10/07 13:58:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\TEACHING 2014
[2013/10/01 07:11:40 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2013/09/20 09:25:58 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\NtmsData
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2013/10/08 22:59:04 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2013/10/08 22:44:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2013/10/08 22:12:00 | 000,000,900 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2013/10/08 22:09:00 | 000,000,418 | ---- | M] () -- C:\WINDOWS\tasks\At1.job
[2013/10/08 21:31:13 | 000,000,896 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2013/10/08 21:30:32 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013/10/08 13:50:24 | 000,192,503 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Processes.jpg
[2013/10/06 05:08:15 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013/10/05 11:24:55 | 000,001,823 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2013/10/03 07:32:48 | 000,037,376 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/09/13 13:42:28 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2013/09/09 12:32:10 | 000,000,218 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\recently-used.xbel
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
========== Files Created - No Company Name ==========
[2013/10/08 13:50:22 | 000,192,503 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Processes.jpg
[2013/09/09 12:32:10 | 000,000,218 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\recently-used.xbel
[2013/05/21 16:15:32 | 000,121,316 | ---- | C] () -- C:\WINDOWS\HPHins15.dat.temp
[2013/05/21 16:15:32 | 000,002,885 | ---- | C] () -- C:\WINDOWS\hphmdl15.dat.temp
[2013/05/21 10:40:35 | 000,120,915 | ---- | C] () -- C:\WINDOWS\HPHins15.dat
[2013/05/21 10:40:35 | 000,002,885 | ---- | C] () -- C:\WINDOWS\hphmdl15.dat
[2013/04/08 10:37:14 | 000,000,440 | RHS- | C] () -- C:\Documents and Settings\Administrator\ntuser.pol
[2013/03/20 14:13:09 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\FsUsbExDevice.Dll
[2013/03/20 14:13:09 | 000,037,344 | ---- | C] () -- C:\WINDOWS\System32\FsUsbExDisk.Sys
[2013/03/04 20:09:20 | 000,611,560 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2011/04/09 17:08:31 | 000,037,376 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/04/08 18:21:03 | 000,000,434 | RHS- | C] () -- C:\Documents and Settings\All Users\ntuser.pol
[2011/01/22 08:53:01 | 000,489,458 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-299502267-562591055-1606980848-500-0.dat
[2011/01/01 07:11:38 | 000,489,458 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
========== ZeroAccess Check ==========
[2011/04/08 11:16:05 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2010/12/28 08:27:15 | 001,510,400 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2010/12/28 08:26:35 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008/04/14 19:00:00 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
========== LOP Check ==========
[2011/04/09 17:16:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\ACD Systems
[2013/10/07 13:57:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\AIMP
[2013/06/02 09:33:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\avidemux
[2013/04/08 10:37:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Baidu
[2013/08/17 19:09:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Baidu Security
[2013/04/08 14:56:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\BaiduPcFaster
[2013/09/09 12:32:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\BitLord
[2011/04/09 13:12:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Camfrog
[2013/08/17 19:09:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Dealply
[2011/04/08 19:32:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\DMCache
[2013/10/08 21:32:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Dropbox
[2013/03/04 00:36:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\FCTB000061107
[2013/06/25 16:16:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\IDM
[2011/04/09 01:23:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Notepad++
[2013/04/08 10:37:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\PCF
[2011/04/09 12:13:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\PhotoScape
[2013/08/17 19:27:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Python-Eggs
[2013/03/29 13:54:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Samsung
[2011/04/09 15:10:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\TeamViewer
[2013/08/16 06:42:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\UKTV
[2011/04/08 18:22:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Zbshareware Lab
[2011/04/09 17:14:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ACD Systems
[2013/04/08 10:37:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Baidu
[2013/08/17 19:10:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Baidu Security
[2013/08/17 19:09:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DealPlyLive
[2011/04/09 00:53:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DFX
[2011/04/09 12:42:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Messenger Plus!
[2011/04/09 12:21:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\regid.1986-12.com.adobe
[2011/01/01 06:45:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Samsung
[2013/08/18 08:23:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Tarma Installer
[2011/04/09 13:22:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Temp
[2011/01/15 20:40:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Zbshareware Lab
========== Purity Check ==========
OTL Extras logfile created on: 08/10/2013 22:59:49 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Administrator\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
2.00 Gb Total Physical Memory | 1.11 Gb Available Physical Memory | 55.41% Memory free
3.85 Gb Paging File | 3.16 Gb Available in Paging File | 82.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 55.88 Gb Total Space | 16.50 Gb Free Space | 29.53% Space Free | Partition Type: NTFS
Drive D: | 93.17 Gb Total Space | 17.48 Gb Free Space | 18.76% Space Free | Partition Type: NTFS
Computer Name: EU4DPJ12ERS95ID | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"UpdatesDisableNotify" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 4
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Connect
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Connect
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Connect
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Connect
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Connect
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Connect
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Connect
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Connect
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Connect
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Connect
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Connect
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Connect
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" = C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" = C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)
"C:\Documents and Settings\Administrator\My Documents\Downloads\Programs\Setup-MsgPlus-501.exe" = C:\Documents and Settings\Administrator\My Documents\Downloads\Programs\Setup-MsgPlus-501.exe:*:Enabled:InstallCore™
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE" = C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE" = C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE" = C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote -- (Microsoft Corporation)
"C:\WINDOWS\system32\muzapp.exe" = C:\WINDOWS\system32\muzapp.exe:*:Enabled:MUZ AOD APP player -- (Musiccity Co.Ltd.)
"C:\Program Files\AddThis Toolbar\TroubleShooter.exe" = C:\Program Files\AddThis Toolbar\TroubleShooter.exe:*:Enabled:AddThis Toolbar (Helper) -- (FreeCause Inc.)
"C:\Program Files\AddThis Toolbar\ToolbarUpdate.exe" = C:\Program Files\AddThis Toolbar\ToolbarUpdate.exe:*:Enabled:AddThis Toolbar (Update) -- (FreeCause Inc.)
"C:\Program Files\Skype\Phone\Skype.exe" = C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.)
"C:\Program Files\BitLord 2\Bitlord files\bitlord.exe" = C:\Program Files\BitLord 2\Bitlord files\bitlord.exe:*:Enabled:BitLord -- (House of Life)
"C:\Documents and Settings\Administrator\Application Data\Dropbox\bin\Dropbox.exe" = C:\Documents and Settings\Administrator\Application Data\Dropbox\bin\Dropbox.exe:*:Enabled:Dropbox -- (Dropbox, Inc.)
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{07F0FD47-305E-4C4D-9BE0-6D829D4CFF44}" = จดหมาย Windows Live
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{1B280FAF-AE10-4E31-A41A-DB3917D651DC}" = ACDSee Pro 3
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = เครื่องมืออัปโหลดของ Windows Live
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83217025FF}" = Java 7 Update 25
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{4908C75E-E5E2-43F7-B1DF-023CBA831054}" = Nero 7 Ultra Edition
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.6
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"{75C22B40-6D12-4439-80DC-CAB3313EADA5}" = dj_sf_software_req
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{96AD3B61-EAE2-11E2-9E72-B8AC6F98CCE3}" = Google Earth
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A31F87C2-0A39-4207-BAB1-E25C87F75CBA}" = Windows Live Essentials
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AAE62F77-F3F3-4E9C-BFC1-3141EC42AD8A}" = ตัวช่วยในการลงชื่อเข้าใช้ Windows Live
"{AC76BA86-1033-F400-7760-000000000005}" = Adobe Acrobat X Pro - English, Fran็ais, Deutsch
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Display Control Panel
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{BB179579-CE94-4F8F-B7B0-293BB36F4874}" = Windows Live Photo Gallery
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C2A1B4E7-5298-406B-A154-D9BA9AB1ECAD}" = Windows Live Messenger
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{DA48EC21-CC7C-4808-A6B9-2BE06044D2FA}" = STK02H 2.3
"{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}" = CyberLink PowerDVD 10
"{E0C18BB0-32CA-4679-B422-9B9FA825378F}" = HP Deskjet Printer Driver Software 9.0
"{E42E07F5-5A90-4BA9-B55A-79FCF9EAF9B5}" = STK02N 2.4
"{E9C18EBD-85BE-47D0-AA73-3FEDCC976B04}" = Toolbox
"{F07A7F51-6572-4FE3-8D29-A5AD7AB8B99D}" = Internet Download Manager v6.01 Beta Build 6
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{FA5EDE18-A012-4AD8-A1F2-A362B164696D}" = Windows Live Sync
"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
"{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"AddThis Toolbar" = AddThis Toolbar
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Avidemux 2.6" = Avidemux 2.6 (32-bit)
"BitLord" = BitLord 2.3
"CPLBonus" = Kels' CPL Bonus Pack!
"ENTERPRISE" = Microsoft Office Enterprise 2007
"Free FLV Player" = Free FLV
"Google Chrome" = Google Chrome
"ie8" = Windows Internet Explorer 8
"InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}" = CyberLink PowerDVD 10
"Internet Download Manager" = Internet Download Manager
"Messenger Plus!" = Messenger Plus! 5
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Mozilla Firefox 24.0 (x86 en-US)" = Mozilla Firefox 24.0 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Notepad++" = Notepad++
"ST6UNST #1" = Thai Translator Tool
"ST6UNST #2" = EnglishToThai
"The Logo Creator v3" = The Logo Creator v3
"UKTV" = UKTV
"VLC media player" = VLC media player 2.0.5
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = โปรแกรมจัดทำเอกสาร WinRAR
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"Free Internet TV_is1" = Free Internet TV v8.0
"MyFreeCodec" = MyFreeCodec
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 01/08/2013 07:56:59 | Computer Name = EU4DPJ12ERS95ID | Source = Microsoft Office 12 | ID = 2001
Description = Rejected Safe Mode action : Microsoft Office Outlook.
Error - 07/08/2013 01:45:50 | Computer Name = EU4DPJ12ERS95ID | Source = LoadPerf | ID = 3001
Description = The performance counter name string value in the registry is incorrectly
formatted.
The bogus string is 5010, the bogus index value is the first DWORD in Data section
while the last valid index values are the second and third DWORD in Data section.
Error - 07/08/2013 01:45:50 | Computer Name = EU4DPJ12ERS95ID | Source = LoadPerf | ID = 3011
Description = Unloading the performance counter strings for service WmiApRpl (WmiApRpl)
failed. The Error code is the first DWORD in Data section.
Error - 07/08/2013 01:45:53 | Computer Name = EU4DPJ12ERS95ID | Source = LoadPerf | ID = 3001
Description = The performance counter name string value in the registry is incorrectly
formatted.
The bogus string is 5010, the bogus index value is the first DWORD in Data section
while the last valid index values are the second and third DWORD in Data section.
Error - 12/08/2013 05:49:46 | Computer Name = EU4DPJ12ERS95ID | Source = Microsoft Office 12 | ID = 1000
Description = Faulting application winword.exe, version 12.0.4518.1014, stamp 45428028,
faulting module mso.dll, version 12.0.4518.1014, stamp 4542867b, debug? 0, fault
address 0x008f4f36.
Error - 17/08/2013 08:09:16 | Computer Name = EU4DPJ12ERS95ID | Source = MsiInstaller | ID = 11316
Description = Product: Google Update Helper -- Error 1316. A network error occurred
while attempting to read from the file: C:\Program Files\DealPlyLive\Update\1.3.23.0\GoogleUpdateHelper.msi
[ OSession Events ]
Error - 12/08/2013 05:49:42 | Computer Name = EU4DPJ12ERS95ID | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 11092
seconds with 7200 seconds of active time. This session ended with a crash.
[ System Events ]
Error - 07/10/2013 21:09:00 | Computer Name = EU4DPJ12ERS95ID | Source = Schedule | ID = 7901
Description = The At1.job command failed to start due to the following error: %%2147942402
Error - 07/10/2013 22:09:00 | Computer Name = EU4DPJ12ERS95ID | Source = Schedule | ID = 7901
Description = The At1.job command failed to start due to the following error: %%2147942402
Error - 07/10/2013 23:09:00 | Computer Name = EU4DPJ12ERS95ID | Source = Schedule | ID = 7901
Description = The At1.job command failed to start due to the following error: %%2147942402
Error - 08/10/2013 00:09:00 | Computer Name = EU4DPJ12ERS95ID | Source = Schedule | ID = 7901
Description = The At1.job command failed to start due to the following error: %%2147942402
Error - 08/10/2013 01:09:00 | Computer Name = EU4DPJ12ERS95ID | Source = Schedule | ID = 7901
Description = The At1.job command failed to start due to the following error: %%2147942402
Error - 08/10/2013 02:09:00 | Computer Name = EU4DPJ12ERS95ID | Source = Schedule | ID = 7901
Description = The At1.job command failed to start due to the following error: %%2147942402
Error - 08/10/2013 03:09:00 | Computer Name = EU4DPJ12ERS95ID | Source = Schedule | ID = 7901
Description = The At1.job command failed to start due to the following error: %%2147942402
Error - 08/10/2013 04:09:00 | Computer Name = EU4DPJ12ERS95ID | Source = Schedule | ID = 7901
Description = The At1.job command failed to start due to the following error: %%2147942402
Error - 08/10/2013 05:09:00 | Computer Name = EU4DPJ12ERS95ID | Source = Schedule | ID = 7901
Description = The At1.job command failed to start due to the following error: %%2147942402
Error - 08/10/2013 11:09:00 | Computer Name = EU4DPJ12ERS95ID | Source = Schedule | ID = 7901
Description = The At1.job command failed to start due to the following error: %%2147942402
< End of report >
Computer is based in Bangkok Thailand.
Thanks very much for the heads up RKinner
Basically I'm looking to know if this computer is being tracked, has a key logger installed, stealth remote access is active and or skype has been hacked. Is this computer bugged (in a nutshell)
Thanks in advance for any help/insight
Edited by check12, 08 October 2013 - 10:46 AM.