Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

A little help please

Started by check12 , Oct 08 2013 02:06 AM

  • Please log in to reply

#1
check12
Posted 08 October 2013 - 02:06 AM

check12

    New Member

  • Member
  • Pip
  • 1 posts
Could someone please tell me if anything suspicious is running here (please see screenshot of processes).

If so, any brief info about the malware/spyware would be much appreciated.

Thanks.Posted Image

OTL logfile created on: 08/10/2013 22:59:49 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Administrator\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.11 Gb Available Physical Memory | 55.41% Memory free
3.85 Gb Paging File | 3.16 Gb Available in Paging File | 82.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 55.88 Gb Total Space | 16.50 Gb Free Space | 29.53% Space Free | Partition Type: NTFS
Drive D: | 93.17 Gb Total Space | 17.48 Gb Free Space | 18.76% Space Free | Partition Type: NTFS

Computer Name: EU4DPJ12ERS95ID | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/10/08 22:59:04 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
PRC - [2013/10/01 07:12:08 | 000,274,840 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2013/07/13 16:07:35 | 000,217,992 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\1.3.21.153\GoogleCrashHandler.exe
PRC - [2013/06/24 20:59:28 | 000,182,184 | ---- | M] (Oracle Corporation) -- C:\Program Files\Java\jre7\bin\jqs.exe
PRC - [2013/06/06 00:28:40 | 027,370,808 | ---- | M] (Dropbox, Inc.) -- C:\Documents and Settings\Administrator\Application Data\Dropbox\bin\Dropbox.exe
PRC - [2013/03/28 16:32:38 | 001,106,288 | ---- | M] (Samsung) -- C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
PRC - [2013/03/28 16:32:32 | 001,511,792 | ---- | M] (Samsung) -- C:\Program Files\Samsung\Kies\Kies.exe
PRC - [2013/02/05 15:54:40 | 000,233,472 | ---- | M] (Teruten) -- C:\WINDOWS\system32\FsUsbExService.Exe
PRC - [2010/12/28 08:26:36 | 001,432,064 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/03/21 18:50:00 | 000,163,840 | ---- | M] (Syntek Ltd.) -- C:\WINDOWS\STK02N\STK02NM.exe
PRC - [2007/03/21 18:38:00 | 000,163,840 | ---- | M] (Syntek Ltd.) -- C:\WINDOWS\STK02H\STK02HM.exe


========== Modules (No Company Name) ==========

MOD - [2013/10/01 07:12:07 | 003,279,768 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2013/09/11 15:44:18 | 016,177,544 | ---- | M] () -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_8_800_168.dll
MOD - [2013/04/08 11:14:59 | 017,490,432 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Kies.Theme\94e19e415fd9426fe444235f56cdb9fe\Kies.Theme.ni.dll
MOD - [2013/04/08 11:14:57 | 000,306,176 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\DummyStorePlugin\808b449cf795fb003653acbd7fddd7ae\DummyStorePlugin.ni.dll
MOD - [2013/04/08 11:14:56 | 000,602,112 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\DevicePodcast\30f6666888027eadeb727a7b0a8d9acf\DevicePodcast.ni.dll
MOD - [2013/04/08 11:14:53 | 000,288,256 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\DeviceVideo\12f2b0fbd7bd7911cba6f527ee77ad76\DeviceVideo.ni.dll
MOD - [2013/04/08 11:14:52 | 000,338,944 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\DevicePhoto\95c0b1e0159893898e31d989ef0eb995\DevicePhoto.ni.dll
MOD - [2013/04/08 11:14:50 | 000,296,448 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\DeviceMusic\de388c545a2a2d1613328f8c30e67efd\DeviceMusic.ni.dll
MOD - [2013/04/08 11:14:49 | 000,453,120 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\VideoManager\3862b9dbe895bcd0bf59fe810d2c77f9\VideoManager.ni.dll
MOD - [2013/04/08 11:14:47 | 000,747,008 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\PhotoManager\471348950618a60f2c0391778b292d54\PhotoManager.ni.dll
MOD - [2013/04/08 11:14:44 | 001,929,216 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Phonebook\33519f9eb63e294f519b4ecd3cacc962\Phonebook.ni.dll
MOD - [2013/04/08 11:14:38 | 000,909,312 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\MusicManager\9fb603c21834a60dc0a7f1ecc2bbc562\MusicManager.ni.dll
MOD - [2013/04/08 11:14:35 | 000,394,240 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\BATPlugin\458adc14c790a8d93d88868d8fe5eb98\BATPlugin.ni.dll
MOD - [2013/04/08 11:14:33 | 000,512,000 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Kies.Common.MediaDB\180d111a1c0767db67f4226904a5ec12\Kies.Common.MediaDB.ni.dll
MOD - [2013/04/08 11:14:33 | 000,028,672 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Kies.Common.StoreMa#\c56909d17c3f04acba5e8119e8ae50f6\Kies.Common.StoreManager.ni.dll
MOD - [2013/04/08 11:14:31 | 000,062,976 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Kies.Common.AllShare\6c0c99b7483c5597fd4d8e19d2b6d995\Kies.Common.AllShare.ni.dll
MOD - [2013/04/08 11:14:30 | 000,066,048 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Kies.Common.DBManag#\b6c474fd4d6fd6fe4eebf4ee7a87ae64\Kies.Common.DBManager.ni.dll
MOD - [2013/04/08 11:14:29 | 000,108,544 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Kies.Common.CRMMana#\7f5bb6a12793c853a9fd6396f90d0055\Kies.Common.CRMManager.ni.dll
MOD - [2013/04/08 11:14:28 | 000,196,608 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Kies.Common.MainUI\214c39331525116bba5aa03ef2d72096\Kies.Common.MainUI.ni.dll
MOD - [2013/04/08 11:14:27 | 000,281,600 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\da1135b01c9e94871515a84a1942684b\Kies.Common.DeviceServiceLib.FirmwareUpdate.Common.ni.dll
MOD - [2013/04/08 11:14:26 | 000,189,440 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\95a82c021d10eacdc9f584cfd29c14b8\Kies.Common.DeviceServiceLib.FirmwareUpdate.Downloader.ni.dll
MOD - [2013/04/08 11:14:25 | 000,175,616 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Interop.DevFileServ#\97de05e69f5a5299af5ed294209482dd\Interop.DevFileServiceLib.ni.dll
MOD - [2013/04/08 11:14:24 | 000,574,464 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\d40688708bafeb2dc4fc027e3045ee20\Kies.Common.DeviceServiceLib.FileService.ni.dll
MOD - [2013/04/08 11:14:22 | 001,164,288 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\b5fd979db1a546a678287c1989a6d785\Kies.Common.DeviceService.ni.dll
MOD - [2013/04/08 11:14:18 | 001,087,488 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Podcaster\cecb890c70c91319e7004c3614879968\Podcaster.ni.dll
MOD - [2013/04/08 11:14:14 | 000,689,664 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\DeviceCommonLib\e2016333f3ce241a803f9e1e85c782e3\DeviceCommonLib.ni.dll
MOD - [2013/04/08 11:14:12 | 000,714,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Kies.Plugin.Content#\9175042f06d42fae829346f2aa423184\Kies.Plugin.ContentsManagerLib.ni.dll
MOD - [2013/04/08 11:13:57 | 000,915,968 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\a96d3089ac68f9d1e90ad36cbed9e119\Kies.Common.DeviceServiceLib.DeviceManagement.ni.dll
MOD - [2013/04/08 11:13:57 | 000,045,056 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\bf79b7034e223dd5e0170629b2692670\Kies.Common.DeviceServiceLib.FirmwareUpdate.FirmwareUpdateAgentHelper.ni.dll
MOD - [2013/04/08 11:13:53 | 000,030,720 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Interop.PRPLAYERCOR#\62e3b1d0cea30bda0b2f0c77e9bd1e62\Interop.PRPLAYERCORELib.ni.dll
MOD - [2013/04/08 11:13:52 | 002,168,832 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Kies.Common.Multime#\6d94ce7898dc2630b3870980417cbc11\Kies.Common.Multimedia.ni.dll
MOD - [2013/04/08 11:13:46 | 000,185,856 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\55e78adde8d1123e261f68d417152622\Kies.Common.DeviceServiceLib.Interface.ni.dll
MOD - [2013/04/08 11:13:45 | 000,626,688 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\973c4296a1a0dfbba79209b3fbcfc526\Kies.Common.DeviceServiceLib.DeviceDataService.ni.dll
MOD - [2013/04/08 11:13:33 | 006,760,448 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\DeviceHost\0b5b4e0a3d64e4a0837c8b62301fa38f\DeviceHost.ni.dll
MOD - [2013/04/08 11:13:16 | 000,279,040 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Kies.Common.Util\c4e3223a03b5e7cdfa06ad8e38cc4e53\Kies.Common.Util.ni.dll
MOD - [2013/04/08 11:13:14 | 001,618,432 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Kies.Locale\d69cedda622b078dcff178aee52829c6\Kies.Locale.ni.dll
MOD - [2013/04/08 11:13:13 | 000,078,848 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Kies.MVVM\c2daac9e10649e5ebe9f16944eee7d5d\Kies.MVVM.ni.dll
MOD - [2013/04/08 11:13:12 | 001,813,504 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Kies.UI\059133cff6d55bf31188c1fa426cf79b\Kies.UI.ni.dll
MOD - [2013/04/08 11:13:08 | 001,252,864 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Kies.Interface\dd05013f61b2c59460e6bd777864e427\Kies.Interface.ni.dll
MOD - [2013/04/08 11:13:04 | 002,065,408 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Kies\8573eb5e1bac6f0ad5f0b71873365d7a\Kies.ni.exe
MOD - [2013/03/20 19:28:28 | 000,231,424 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\ASF_cSharpAPI\cb34d3670a2c8a087d1e2e76e2d24d90\ASF_cSharpAPI.ni.dll
MOD - [2013/03/20 19:12:14 | 000,052,224 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Interop.MP3FileInfo#\264c1653641f1c23c69360519b509335\Interop.MP3FileInfoCOMLib.ni.dll
MOD - [2013/03/20 19:12:14 | 000,032,256 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Interop.OGGFileInfo#\59b4b3f2d5220d5d211f2d2ee1171127\Interop.OGGFileInfoCOMLib.ni.dll
MOD - [2013/03/20 19:12:11 | 000,171,520 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Interop.P3MPINTERFA#\c554f87102e1b75c73c850530b16a5b6\Interop.P3MPINTERFACECTRLLib.ni.dll
MOD - [2013/03/20 19:10:27 | 000,394,240 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\CabLib\bf7d84702d92e3ab0f320a82d16c9a4a\CabLib.ni.dll
MOD - [2013/03/20 19:10:21 | 000,052,224 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Interop.DeviceSearc#\695a202ec9b010e9f1aa04b1ba81004e\Interop.DeviceSearchLib.ni.dll
MOD - [2013/03/20 19:10:01 | 000,154,112 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\GongSolutions.Wpf.D#\d7c5594e092123d20a438d56e5ff15cb\GongSolutions.Wpf.DragDrop.ni.dll
MOD - [2013/03/14 03:48:52 | 024,978,944 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Dropbox\bin\libcef.dll
MOD - [2012/11/14 06:32:50 | 003,558,400 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Dropbox\bin\wxmsw28uh_vc.dll
MOD - [2011/04/09 12:36:28 | 000,220,672 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.ServiceProce#\3f1613bcf5b9cf536359bfff7bd18a5a\System.ServiceProcess.ni.dll
MOD - [2011/04/09 12:36:11 | 000,767,488 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\9a7bb1e3cbae28550d7e796e9162dc58\System.Runtime.Remoting.ni.dll
MOD - [2011/04/09 12:35:12 | 001,776,640 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Xaml\d85a3d6ed5bb77f5603e098cccf60bfa\System.Xaml.ni.dll
MOD - [2011/04/09 01:27:34 | 011,057,664 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\PresentationCore\7a1eeb425f9318f432afead4b2da965a\PresentationCore.ni.dll
MOD - [2011/04/09 01:27:23 | 003,779,072 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\WindowsBase\f1f3a74eb37b27b7d05b8ffa941f8473\WindowsBase.ni.dll
MOD - [2011/04/09 01:27:15 | 007,025,664 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Core\85693dfd9ba4905b0fd947fdb51446d5\System.Core.ni.dll
MOD - [2011/04/09 01:27:14 | 000,973,312 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Configuration\ac2cd19f2159d48684e17cbdecfaa3b7\System.Configuration.ni.dll
MOD - [2011/04/09 01:27:12 | 005,571,584 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Xml\2d7c29ad77c15abfa6a8fe6d24840a91\System.Xml.ni.dll
MOD - [2011/04/09 01:27:05 | 009,000,960 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System\161c6f80ad93b0505054d244f1c6243c\System.ni.dll
MOD - [2011/04/09 01:26:56 | 014,415,872 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\mscorlib\4ff1f12a08d455f195ba996fe77497c6\mscorlib.ni.dll
MOD - [2011/01/01 06:58:15 | 017,632,256 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\c5076f9a8ecf90a4c86ac5cfcb9e5528\PresentationFramework.ni.dll
MOD - [2008/04/14 19:00:00 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll
MOD - [2008/04/14 19:00:00 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll


========== Services (SafeList) ==========

SRV - [2013/10/01 07:12:07 | 000,118,680 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/09/11 15:44:19 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/06/24 20:59:28 | 000,182,184 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Program Files\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2013/06/21 09:53:36 | 000,162,408 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013/02/05 15:54:40 | 000,233,472 | ---- | M] (Teruten) [Auto | Running] -- C:\WINDOWS\system32\FsUsbExService.Exe -- (FsUsbExService)
SRV - [2005/10/06 18:12:30 | 000,855,552 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Media Connect 2\wmccds.exe -- (WMConnectCDS)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\idmtdi.sys -- (IDMTDI)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\BprotectEx.sys -- (BprotectEx)
DRV - [2013/08/08 10:25:30 | 000,064,480 | ---- | M] (Baidu, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\Bhbase.sys -- (Bhbase)
DRV - [2013/02/22 14:17:04 | 000,181,784 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssudmdm.sys -- (ssudmdm)
DRV - [2013/02/22 14:17:04 | 000,083,864 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssudbus.sys -- (dg_ssudbus)
DRV - [2013/02/05 15:54:40 | 000,037,344 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\FsUsbExDisk.Sys -- (FsUsbExDisk)
DRV - [2011/01/14 14:06:40 | 000,277,352 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2010/11/01 01:57:54 | 000,228,392 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\k57xp32.sys -- (k57w2k)
DRV - [2010/08/26 12:18:24 | 000,087,536 | ---- | M] (CyberLink Corp.) [2011/04/09 13:15:50] [Kernel | Auto | Running] -- C:\Program Files\CyberLink\PowerDVD10\NavFilter\000.fcl -- ({1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC})
DRV - [2010/08/20 10:49:08 | 000,027,632 | ---- | M] (CyberLink Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\clwvd.sys -- (clwvd)
DRV - [2008/09/24 09:40:22 | 004,122,368 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://th.hao123.com...hp_01_hao123_th
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://th.hao123.com...hp_01_hao123_th
IE - HKCU\..\URLSearchHook: - No CLSID value found
IE - HKCU\..\URLSearchHook: {fa887e92-8f5f-4ec9-99ca-09be0e4120d6} - C:\Program Files\AddThis Toolbar\Helper.dll ()
IE - HKCU\..\SearchScopes,DefaultScope = {D90F316B-087E-4B35-9D63-956DE2B2D7C9}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...Box&Form=IE8SRC
IE - HKCU\..\SearchScopes\{5DFC8C2B-A1EE-4DF6-B565-4FE894CF90F9}: "URL" = http://search.yahoo....p={searchTerms}
IE - HKCU\..\SearchScopes\{D90F316B-087E-4B35-9D63-956DE2B2D7C9}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "www.google.co.uk"
FF - prefs.js..extensions.enabledAddons: %7BFC5BAC7D-D696-4ba6-B913-CF8F000C33DF%7D:5.1.14
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:24.0
FF - prefs.js..network.proxy.autoconfig_url: "https://mediahint.co...om/default.pac"
FF - prefs.js..network.proxy.type: 2


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_8_800_168.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.5: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=8: C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\1.2.183.39\npGoogleOneClick8.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2011/04/09 12:19:24 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 24.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 24.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Documents and Settings\Administrator\Application Data\IDM\idmmzcc3 [2011/04/08 20:19:02 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\SeaMonkey\Extensions\\[email protected]: C:\Documents and Settings\Administrator\Application Data\IDM\idmmzcc3 [2011/04/08 20:19:02 | 000,000,000 | ---D | M]

[2011/04/08 18:53:43 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions
[2013/10/02 14:47:54 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\pf8wfa3x.default\extensions
[2013/03/06 08:07:19 | 000,000,000 | ---D | M] (New Tab King) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\pf8wfa3x.default\extensions\{FC5BAC7D-D696-4ba6-B913-CF8F000C33DF}
[2013/10/02 14:47:54 | 000,322,327 | ---- | M] () (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\pf8wfa3x.default\extensions\[email protected]
[2013/08/14 17:30:13 | 000,069,465 | ---- | M] () (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\pf8wfa3x.default\extensions\[email protected]
[2013/07/31 17:06:00 | 000,824,302 | ---- | M] () (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\pf8wfa3x.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2013/10/01 07:11:41 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2013/10/01 07:11:42 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2013/10/01 07:11:41 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2013/10/01 07:11:41 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2013/10/01 07:12:08 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: http://th.hao123.com...hp_01_hao123_th
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\30.0.1599.69\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\30.0.1599.69\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\30.0.1599.69\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Browser\nppdf32.dll
CHR - plugin: Microsoft00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Microsoft00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\1.2.183.39\npGoogleOneClick8.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll
CHR - plugin: Java™ Platform SE 7 U13 (Enabled) = C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: Windows Live00AE Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll
CHR - plugin: Java Deployment Toolkit 7.0.130.20 (Enabled) = C:\WINDOWS\system32\npDeployJava1.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: Google 0E400E2D0E010E2A0E320E23 = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: Google 0E440E140E230E1F0E4C = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: 0E040E490E190E2B0E320E420E140E22 Google = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Skype Click to Call = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.9.0.12585_0\
CHR - Extension: Chrome In-App Payments service = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.11_0\
CHR - Extension: Gmail = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2011/04/09 12:20:57 | 000,000,764 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 activate.adobe.com
O2 - BHO: (IDMIEHlprObj Class) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll (Internet Download Manager, Tonec Inc.)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (AddThis Toolbar BHO) - {9EBF8AAF-0A31-4786-909A-97A0EF101743} - C:\Program Files\AddThis Toolbar\Toolbar.dll ()
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (AddThis Toolbar) - {B43176CC-4D9E-493B-A636-D9CBFE39C6DA} - C:\Program Files\AddThis Toolbar\Toolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (AddThis Toolbar) - {B43176CC-4D9E-493B-A636-D9CBFE39C6DA} - C:\Program Files\AddThis Toolbar\Toolbar.dll ()
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [KiesHelper] C:\Program Files\Samsung\Kies\KiesHelper.exe /s File not found
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKCU..\Run: [] C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe (Samsung)
O4 - HKCU..\Run: [KiesPDLR] C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe (Samsung)
O4 - HKCU..\Run: [KiesPreload] C:\Program Files\Samsung\Kies\Kies.exe (Samsung)
O4 - Startup: C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\Dropbox.lnk = C:\Documents and Settings\Administrator\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\STK02H 2.3 PNP Monitor.lnk = C:\WINDOWS\STK02H\STK02HM.exe (Syntek Ltd.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\STK02N 2.4 PNP Monitor.lnk = C:\WINDOWS\STK02N\STK02NM.exe (Syntek Ltd.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 189
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 189
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm ()
O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm ()
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm ()
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FCC9BD46-B9AB-4FA8-9B34-8E4F318C7F66}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/04/08 11:14:11 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2013/10/08 22:58:51 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2013/10/07 14:03:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\EXTRA DESKTOP 2014
[2013/10/07 13:58:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\TEACHING 2014
[2013/10/01 07:11:40 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2013/09/20 09:25:58 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\NtmsData
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/10/08 22:59:04 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2013/10/08 22:44:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2013/10/08 22:12:00 | 000,000,900 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2013/10/08 22:09:00 | 000,000,418 | ---- | M] () -- C:\WINDOWS\tasks\At1.job
[2013/10/08 21:31:13 | 000,000,896 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2013/10/08 21:30:32 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013/10/08 13:50:24 | 000,192,503 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Processes.jpg
[2013/10/06 05:08:15 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013/10/05 11:24:55 | 000,001,823 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2013/10/03 07:32:48 | 000,037,376 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/09/13 13:42:28 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2013/09/09 12:32:10 | 000,000,218 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\recently-used.xbel
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/10/08 13:50:22 | 000,192,503 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Processes.jpg
[2013/09/09 12:32:10 | 000,000,218 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\recently-used.xbel
[2013/05/21 16:15:32 | 000,121,316 | ---- | C] () -- C:\WINDOWS\HPHins15.dat.temp
[2013/05/21 16:15:32 | 000,002,885 | ---- | C] () -- C:\WINDOWS\hphmdl15.dat.temp
[2013/05/21 10:40:35 | 000,120,915 | ---- | C] () -- C:\WINDOWS\HPHins15.dat
[2013/05/21 10:40:35 | 000,002,885 | ---- | C] () -- C:\WINDOWS\hphmdl15.dat
[2013/04/08 10:37:14 | 000,000,440 | RHS- | C] () -- C:\Documents and Settings\Administrator\ntuser.pol
[2013/03/20 14:13:09 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\FsUsbExDevice.Dll
[2013/03/20 14:13:09 | 000,037,344 | ---- | C] () -- C:\WINDOWS\System32\FsUsbExDisk.Sys
[2013/03/04 20:09:20 | 000,611,560 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2011/04/09 17:08:31 | 000,037,376 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/04/08 18:21:03 | 000,000,434 | RHS- | C] () -- C:\Documents and Settings\All Users\ntuser.pol
[2011/01/22 08:53:01 | 000,489,458 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-299502267-562591055-1606980848-500-0.dat
[2011/01/01 07:11:38 | 000,489,458 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat

========== ZeroAccess Check ==========

[2011/04/08 11:16:05 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2010/12/28 08:27:15 | 001,510,400 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2010/12/28 08:26:35 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008/04/14 19:00:00 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2011/04/09 17:16:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\ACD Systems
[2013/10/07 13:57:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\AIMP
[2013/06/02 09:33:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\avidemux
[2013/04/08 10:37:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Baidu
[2013/08/17 19:09:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Baidu Security
[2013/04/08 14:56:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\BaiduPcFaster
[2013/09/09 12:32:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\BitLord
[2011/04/09 13:12:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Camfrog
[2013/08/17 19:09:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Dealply
[2011/04/08 19:32:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\DMCache
[2013/10/08 21:32:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Dropbox
[2013/03/04 00:36:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\FCTB000061107
[2013/06/25 16:16:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\IDM
[2011/04/09 01:23:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Notepad++
[2013/04/08 10:37:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\PCF
[2011/04/09 12:13:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\PhotoScape
[2013/08/17 19:27:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Python-Eggs
[2013/03/29 13:54:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Samsung
[2011/04/09 15:10:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\TeamViewer
[2013/08/16 06:42:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\UKTV
[2011/04/08 18:22:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Zbshareware Lab
[2011/04/09 17:14:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ACD Systems
[2013/04/08 10:37:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Baidu
[2013/08/17 19:10:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Baidu Security
[2013/08/17 19:09:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DealPlyLive
[2011/04/09 00:53:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DFX
[2011/04/09 12:42:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Messenger Plus!
[2011/04/09 12:21:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\regid.1986-12.com.adobe
[2011/01/01 06:45:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Samsung
[2013/08/18 08:23:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Tarma Installer
[2011/04/09 13:22:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Temp
[2011/01/15 20:40:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Zbshareware Lab

========== Purity Check ==========

OTL Extras logfile created on: 08/10/2013 22:59:49 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Administrator\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.11 Gb Available Physical Memory | 55.41% Memory free
3.85 Gb Paging File | 3.16 Gb Available in Paging File | 82.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 55.88 Gb Total Space | 16.50 Gb Free Space | 29.53% Space Free | Partition Type: NTFS
Drive D: | 93.17 Gb Total Space | 17.48 Gb Free Space | 18.76% Space Free | Partition Type: NTFS

Computer Name: EU4DPJ12ERS95ID | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"UpdatesDisableNotify" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 4

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Connect
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Connect
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Connect
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Connect
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Connect
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Connect

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Connect
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Connect
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Connect
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Connect
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Connect
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Connect

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" = C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" = C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)
"C:\Documents and Settings\Administrator\My Documents\Downloads\Programs\Setup-MsgPlus-501.exe" = C:\Documents and Settings\Administrator\My Documents\Downloads\Programs\Setup-MsgPlus-501.exe:*:Enabled:InstallCore™
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE" = C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE" = C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE" = C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote -- (Microsoft Corporation)
"C:\WINDOWS\system32\muzapp.exe" = C:\WINDOWS\system32\muzapp.exe:*:Enabled:MUZ AOD APP player -- (Musiccity Co.Ltd.)
"C:\Program Files\AddThis Toolbar\TroubleShooter.exe" = C:\Program Files\AddThis Toolbar\TroubleShooter.exe:*:Enabled:AddThis Toolbar (Helper) -- (FreeCause Inc.)
"C:\Program Files\AddThis Toolbar\ToolbarUpdate.exe" = C:\Program Files\AddThis Toolbar\ToolbarUpdate.exe:*:Enabled:AddThis Toolbar (Update) -- (FreeCause Inc.)
"C:\Program Files\Skype\Phone\Skype.exe" = C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.)
"C:\Program Files\BitLord 2\Bitlord files\bitlord.exe" = C:\Program Files\BitLord 2\Bitlord files\bitlord.exe:*:Enabled:BitLord -- (House of Life)
"C:\Documents and Settings\Administrator\Application Data\Dropbox\bin\Dropbox.exe" = C:\Documents and Settings\Administrator\Application Data\Dropbox\bin\Dropbox.exe:*:Enabled:Dropbox -- (Dropbox, Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{07F0FD47-305E-4C4D-9BE0-6D829D4CFF44}" = จดหมาย Windows Live
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{1B280FAF-AE10-4E31-A41A-DB3917D651DC}" = ACDSee Pro 3
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = เครื่องมืออัปโหลดของ Windows Live
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83217025FF}" = Java 7 Update 25
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{4908C75E-E5E2-43F7-B1DF-023CBA831054}" = Nero 7 Ultra Edition
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.6
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"{75C22B40-6D12-4439-80DC-CAB3313EADA5}" = dj_sf_software_req
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{96AD3B61-EAE2-11E2-9E72-B8AC6F98CCE3}" = Google Earth
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A31F87C2-0A39-4207-BAB1-E25C87F75CBA}" = Windows Live Essentials
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AAE62F77-F3F3-4E9C-BFC1-3141EC42AD8A}" = ตัวช่วยในการลงชื่อเข้าใช้ Windows Live
"{AC76BA86-1033-F400-7760-000000000005}" = Adobe Acrobat X Pro - English, Fran็ais, Deutsch
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Display Control Panel
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{BB179579-CE94-4F8F-B7B0-293BB36F4874}" = Windows Live Photo Gallery
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C2A1B4E7-5298-406B-A154-D9BA9AB1ECAD}" = Windows Live Messenger
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{DA48EC21-CC7C-4808-A6B9-2BE06044D2FA}" = STK02H 2.3
"{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}" = CyberLink PowerDVD 10
"{E0C18BB0-32CA-4679-B422-9B9FA825378F}" = HP Deskjet Printer Driver Software 9.0
"{E42E07F5-5A90-4BA9-B55A-79FCF9EAF9B5}" = STK02N 2.4
"{E9C18EBD-85BE-47D0-AA73-3FEDCC976B04}" = Toolbox
"{F07A7F51-6572-4FE3-8D29-A5AD7AB8B99D}" = Internet Download Manager v6.01 Beta Build 6
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{FA5EDE18-A012-4AD8-A1F2-A362B164696D}" = Windows Live Sync
"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
"{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"AddThis Toolbar" = AddThis Toolbar
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Avidemux 2.6" = Avidemux 2.6 (32-bit)
"BitLord" = BitLord 2.3
"CPLBonus" = Kels' CPL Bonus Pack!
"ENTERPRISE" = Microsoft Office Enterprise 2007
"Free FLV Player" = Free FLV
"Google Chrome" = Google Chrome
"ie8" = Windows Internet Explorer 8
"InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}" = CyberLink PowerDVD 10
"Internet Download Manager" = Internet Download Manager
"Messenger Plus!" = Messenger Plus! 5
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Mozilla Firefox 24.0 (x86 en-US)" = Mozilla Firefox 24.0 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Notepad++" = Notepad++
"ST6UNST #1" = Thai Translator Tool
"ST6UNST #2" = EnglishToThai
"The Logo Creator v3" = The Logo Creator v3
"UKTV" = UKTV
"VLC media player" = VLC media player 2.0.5
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = โปรแกรมจัดทำเอกสาร WinRAR
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"Free Internet TV_is1" = Free Internet TV v8.0
"MyFreeCodec" = MyFreeCodec

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 01/08/2013 07:56:59 | Computer Name = EU4DPJ12ERS95ID | Source = Microsoft Office 12 | ID = 2001
Description = Rejected Safe Mode action : Microsoft Office Outlook.

Error - 07/08/2013 01:45:50 | Computer Name = EU4DPJ12ERS95ID | Source = LoadPerf | ID = 3001
Description = The performance counter name string value in the registry is incorrectly
formatted.
The bogus string is 5010, the bogus index value is the first DWORD in Data section
while the last valid index values are the second and third DWORD in Data section.

Error - 07/08/2013 01:45:50 | Computer Name = EU4DPJ12ERS95ID | Source = LoadPerf | ID = 3011
Description = Unloading the performance counter strings for service WmiApRpl (WmiApRpl)
failed. The Error code is the first DWORD in Data section.

Error - 07/08/2013 01:45:53 | Computer Name = EU4DPJ12ERS95ID | Source = LoadPerf | ID = 3001
Description = The performance counter name string value in the registry is incorrectly
formatted.
The bogus string is 5010, the bogus index value is the first DWORD in Data section
while the last valid index values are the second and third DWORD in Data section.

Error - 12/08/2013 05:49:46 | Computer Name = EU4DPJ12ERS95ID | Source = Microsoft Office 12 | ID = 1000
Description = Faulting application winword.exe, version 12.0.4518.1014, stamp 45428028,
faulting module mso.dll, version 12.0.4518.1014, stamp 4542867b, debug? 0, fault
address 0x008f4f36.

Error - 17/08/2013 08:09:16 | Computer Name = EU4DPJ12ERS95ID | Source = MsiInstaller | ID = 11316
Description = Product: Google Update Helper -- Error 1316. A network error occurred
while attempting to read from the file: C:\Program Files\DealPlyLive\Update\1.3.23.0\GoogleUpdateHelper.msi

[ OSession Events ]
Error - 12/08/2013 05:49:42 | Computer Name = EU4DPJ12ERS95ID | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 11092
seconds with 7200 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 07/10/2013 21:09:00 | Computer Name = EU4DPJ12ERS95ID | Source = Schedule | ID = 7901
Description = The At1.job command failed to start due to the following error: %%2147942402

Error - 07/10/2013 22:09:00 | Computer Name = EU4DPJ12ERS95ID | Source = Schedule | ID = 7901
Description = The At1.job command failed to start due to the following error: %%2147942402

Error - 07/10/2013 23:09:00 | Computer Name = EU4DPJ12ERS95ID | Source = Schedule | ID = 7901
Description = The At1.job command failed to start due to the following error: %%2147942402

Error - 08/10/2013 00:09:00 | Computer Name = EU4DPJ12ERS95ID | Source = Schedule | ID = 7901
Description = The At1.job command failed to start due to the following error: %%2147942402

Error - 08/10/2013 01:09:00 | Computer Name = EU4DPJ12ERS95ID | Source = Schedule | ID = 7901
Description = The At1.job command failed to start due to the following error: %%2147942402

Error - 08/10/2013 02:09:00 | Computer Name = EU4DPJ12ERS95ID | Source = Schedule | ID = 7901
Description = The At1.job command failed to start due to the following error: %%2147942402

Error - 08/10/2013 03:09:00 | Computer Name = EU4DPJ12ERS95ID | Source = Schedule | ID = 7901
Description = The At1.job command failed to start due to the following error: %%2147942402

Error - 08/10/2013 04:09:00 | Computer Name = EU4DPJ12ERS95ID | Source = Schedule | ID = 7901
Description = The At1.job command failed to start due to the following error: %%2147942402

Error - 08/10/2013 05:09:00 | Computer Name = EU4DPJ12ERS95ID | Source = Schedule | ID = 7901
Description = The At1.job command failed to start due to the following error: %%2147942402

Error - 08/10/2013 11:09:00 | Computer Name = EU4DPJ12ERS95ID | Source = Schedule | ID = 7901
Description = The At1.job command failed to start due to the following error: %%2147942402


< End of report >

Computer is based in Bangkok Thailand.

Thanks very much for the heads up RKinner

Basically I'm looking to know if this computer is being tracked, has a key logger installed, stealth remote access is active and or skype has been hacked. Is this computer bugged (in a nutshell)

Thanks in advance for any help/insight

Edited by check12, 08 October 2013 - 10:46 AM.

  • 0

Advertisements

#2
RKinner
Posted 09 October 2013 - 09:43 PM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
Download : ADWCleaner to your desktop. Make sure you get the correct Download button. Sometimes the ads on BleepingComputer will mimic the real Download button which should say: Download Now @BleepingComputer

NOTE: If using Internet Explorer and you get an alert that stops the program downloading, click on the warning and allow the download to complete.

Close all programs, pause your anti-virus and run AdwCleaner (Vista or Win 7 => right click and Run As Administrator).

Posted Image

Click on Scan and follow the prompts. Let it run unhindered. When done, click on the Clean button, and follow the prompts. Allow the system to reboot. You will then be presented with the report. Copy & Paste this report on your next reply.

The report will be saved in the C:\AdwCleaner folder.



Junkware-Removal-Tool

Please download Junkware Removal Tool to your desktop. Make sure you get the correct Download button. Sometimes the ads on BleepingComputer will mimic the real Download button which should say: Download Now @Author's site
  • Pause your anti-virus. Close all browsers.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.


Download aswMBR.exe to your desktop.
Run aswMBR.exe (Vista or Win 7 => right click and Run As Administrator)

uncheck trace disk IO calls
Click the "Scan" button to start scan (Accept the Avast Engine)
On completion of the scan if the Fix button is enabled (not the FixMBR button) press it and then run a new scan and click save log, save it to your desktop and post in your next reply
If the Fix button is not enabled then just click save log, save it to your desktop and post in your next reply


Get the free version of Speccy:

http://www.filehippo...download_speccy (Look in the upper right for the Download
Latest Version button) Download, Save and Install it. Run Speccy. When it finishes (the little icon in the bottom left will stop moving), File, Save as Text File, (to your desktop) note the name it gives. OK. Open the file in notepad and delete the line that gives the serial number of your Operating System. (It will be near the top about 10 lines down.) Attach the file to your next post.

(If you do not already have OTL then: Download OTL from
http://www.geekstogo...timers-list-it/
and Save it to your desktop.)

Copy the text in the code box:

DRIVES
nnetsvcs
%SYSTEMDRIVE%\*.exe
%systemroot%\assembly\GAC_32\*.ini
%systemroot%\assembly\GAC_64\*.ini
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%SYSTEMDRIVE%\*.exe
%ALLUSERSPROFILE%\Application Data\*.exe
%APPDATA%\*.
/md5start
rsvpsp.dll
pnrpnsp.dll 
nwprovau.dll
nlaapi.dll
napinsp.dll
mswsock.dll
winrnr.dll
wshelper.dll
services.exe
atapi.sys
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
csrss.exe
PrintIsolationHost.exe
consrv.dll
user32.dll
/md5stop
dir C:\ /S /A:L /C
C:\Windows\assembly\tmp\U\*.* /s
%systemroot%\*. /mp /s
hklm\software\clients\startmenuinternet|command /rs
hklm\software\clients\startmenuinternet|command /64 /rs
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%ProgramFiles%\WINDOWS NT\*.* /s
%systemroot%\system32\drivers\*.sys /lockedfiles
CREATERESTOREPOINT

Run OTL (Vista or Win 7 => right click and Run As Administrator)

Paste (Ctrl + v) the copied text in the box where it says Custom Scan/Fixes

Select the All option in the Extra Registry group then Run Scan.

You should get two logs. Please copy and paste both of them.

Please download Security Check by screen317 from here. BleepingComputer allows ads which mimic the download so be careful that you click on the Download Now @BleepingComputer button and not some adware's Download button
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document in your next reply.


Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will produce a log called FRST.txt in the same directory the tool is run from.
  • Please copy and paste log back here.
  • The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.

  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP