1. no more rundll error on startup, yaaaaa
2.rkreport D
RogueKiller V8.8.0 _x64_ [Dec 27 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.adlice.com/forum/
Website : http://www.adlice.co...es/roguekiller/
Blog : http://www.adlice.com
Operating System : Windows 7 (6.1.7600 ) 64 bits version
Started in : Normal mode
User : thanhnguyen [Admin rights]
Mode : Remove -- Date : 12/31/2013 09:11:08
| ARK || FAK || MBR |
¤¤¤ Bad processes : 0 ¤¤¤
¤¤¤ Registry Entries : 6 ¤¤¤
[HJ POL][PUM] HKCU\[...]\System : DisableTaskMgr (0) -> DELETED
[HJ POL][PUM] HKCU\[...]\System : DisableRegistryTools (0) -> DELETED
[HJ POL][PUM] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> REPLACED (2)
[HJ POL][PUM] HKLM\[...]\Wow6432Node\[...]\System : ConsentPromptBehaviorAdmin (0) -> REPLACED (2)
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> NOT SELECTED
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> NOT SELECTED
¤¤¤ Scheduled tasks : 1 ¤¤¤
[V2][SUSP PATH] Updater26278.exe : C:\Users\thanhnguyen\AppData\Local\Updater26278\Updater26278.exe - /extensionid=26278 /extensionname="Solid Savings" /chromeid=cijeeimilokkhlfjombmalgpabbonmah [x][x] -> DELETED
¤¤¤ Startup Entries : 0 ¤¤¤
¤¤¤ Web browsers : 0 ¤¤¤
¤¤¤ Browser Addons : 0 ¤¤¤
¤¤¤ Particular Files / Folders: ¤¤¤
¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤
¤¤¤ External Hives: ¤¤¤
¤¤¤ Infection : ¤¤¤
¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts
¤¤¤ MBR Check: ¤¤¤
+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) Hitachi HDS721032CLA362 ATA Device +++++
--- User ---
[MBR] 6f7fa6d2543cb65a725ff3434512af44
[BSP] f94b693582bcbe78d8cbbebfaef8565c : Acer MBR Code
Partition table:
0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 16384 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 33556480 | Size: 100 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 33761280 | Size: 288759 Mo
User = LL1 ... OK!
User = LL2 ... OK!
Finished : << RKreport[0]_D_12312013_091108.txt >>
RKreport[0]_S_12312013_063431.txt;RKreport[0]_S_12312013_090425.txt
3.rkreport sc
RogueKiller V8.8.0 _x64_ [Dec 27 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.adlice.com/forum/
Website : http://www.adlice.co...es/roguekiller/
Blog : http://www.adlice.com
Operating System : Windows 7 (6.1.7600 ) 64 bits version
Started in : Normal mode
User : thanhnguyen [Admin rights]
Mode : Shortcuts HJfix -- Date : 12/31/2013 09:12:28
| ARK || FAK || MBR |
¤¤¤ Bad processes : 0 ¤¤¤
¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤
¤¤¤ External Hives: ¤¤¤
¤¤¤ File attributes restored: ¤¤¤
Desktop: Success 0 / Fail 0
Quick launch: Success 0 / Fail 0
Programs: Success 0 / Fail 0
Start menu: Success 0 / Fail 0
User folder: Success 0 / Fail 0
My documents: Success 0 / Fail 0
My favorites: Success 0 / Fail 0
My pictures: Success 0 / Fail 0
My music: Success 0 / Fail 0
My videos: Success 0 / Fail 0
Local drives: Success 5 / Fail 7
Backup: [NOT FOUND]
Drives:
[C:] \Device\HarddiskVolume3 -- 0x3 --> Restored
[D:] \Device\CdRom0 -- 0x5 --> Skipped
[E:] \Device\HarddiskVolume4 -- 0x2 --> Restored
[F:] \Device\HarddiskVolume5 -- 0x2 --> Restored
¤¤¤ Infection : ¤¤¤
Finished : << RKreport[0]_SC_12312013_091228.txt >>
RKreport[0]_D_12312013_091108.txt;RKreport[0]_S_12312013_063431.txt;RKreport[0]_S_12312013_090425.txt
4.MBAM report
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org
Database version: v2013.12.31.06
Windows 7 x64 NTFS
Internet Explorer 9.0.8112.16421
thanhnguyen :: EMACHINES [administrator]
12/31/2013 9:18:04 AM
mbam-log-2013-12-31 (09-18-04).txt
Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 318819
Time elapsed: 32 minute(s), 22 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)
5. eset scan
C:\AdwCleaner\Quarantine\C\Users\thanhnguyen\AppData\LocalLow\VisualBee_V.12\plugins\{5E1360DC-8FA8-40df-A8CD-FC3831B3634B}\3.6.12\bin\PriceGongIE.dll.vir a variant of Win32/PriceGong.A application cleaned by deleting - quarantined
C:\OLIVER\ccsetup327.exe Win32/Bundled.Toolbar.Google.D application cleaned by deleting - quarantined
C:\OLIVER\ccsetup408.exe Win32/Bundled.Toolbar.Google.D application cleaned by deleting - quarantined
C:\OLIVER\ccsetup409.exe Win32/Bundled.Toolbar.Google.D application cleaned by deleting - quarantined
6. OTL scan
OTL logfile created on: 12/31/2013 11:02:24 AM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\thanhnguyen\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
1.97 Gb Total Physical Memory | 0.85 Gb Available Physical Memory | 43.34% Memory free
3.93 Gb Paging File | 2.75 Gb Available in Paging File | 69.94% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 281.99 Gb Total Space | 250.39 Gb Free Space | 88.79% Space Free | Partition Type: NTFS
Computer Name: EMACHINES | User Name: thanhnguyen | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2013/12/18 11:12:42 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\thanhnguyen\Desktop\OTL.exe
PRC - [2013/12/18 09:30:03 | 003,764,024 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2013/12/18 09:30:02 | 000,050,344 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2013/05/09 23:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2010/03/25 18:29:36 | 000,563,744 | ---- | M] () -- C:\Program Files (x86)\eMachines\Hotkey Utility\HotkeyUtility.exe
PRC - [2010/01/28 15:27:36 | 000,243,232 | ---- | M] (Acer Group) -- C:\Program Files\eMachines\eMachines Updater\UpdaterService.exe
PRC - [2009/08/28 01:38:58 | 001,150,496 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\eMachines\Registration\GregHSRW.exe
PRC - [2008/11/09 12:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
========== Modules (No Company Name) ==========
MOD - [2013/11/15 15:11:04 | 019,336,120 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\libcef.dll
MOD - [2010/03/25 18:29:36 | 000,563,744 | ---- | M] () -- C:\Program Files (x86)\eMachines\Hotkey Utility\HotkeyUtility.exe
MOD - [2010/03/25 18:29:36 | 000,154,144 | ---- | M] () -- C:\Program Files (x86)\eMachines\Hotkey Utility\HotkeyHook.dll
========== Services (SafeList) ==========
SRV:64bit: - [2013/12/18 09:30:02 | 000,050,344 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2010/01/28 15:27:36 | 000,243,232 | ---- | M] (Acer Group) [Auto | Running] -- C:\Program Files\eMachines\eMachines Updater\UpdaterService.exe -- (Updater Service)
SRV:64bit: - [2009/07/13 17:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2013/12/13 15:10:35 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/12/05 11:36:33 | 000,119,408 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/05/09 23:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/01/15 13:08:38 | 000,935,208 | ---- | M] (Nero AG) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)
SRV - [2009/10/09 18:59:08 | 000,238,328 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\eMachines Games\eMachines Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2009/08/28 01:38:58 | 001,150,496 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\eMachines\Registration\GregHSRW.exe -- (Greg_Service)
SRV - [2009/06/10 13:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/11/09 12:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
========== Driver Services (SafeList) ==========
DRV:64bit: - [2013/12/27 07:19:48 | 000,079,672 | ---- | M] (AVAST Software) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\aswstm.sys -- (aswStm)
DRV:64bit: - [2013/12/18 09:30:06 | 001,034,464 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
DRV:64bit: - [2013/12/18 09:30:06 | 000,422,216 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
DRV:64bit: - [2013/12/18 09:30:06 | 000,207,904 | ---- | M] () [Kernel | Boot | Running] -- C:\windows\SysNative\drivers\aswVmm.sys -- (aswVmm)
DRV:64bit: - [2013/12/18 09:30:06 | 000,078,648 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2013/11/15 15:11:06 | 000,092,544 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr)
DRV:64bit: - [2013/11/15 15:11:06 | 000,065,776 | ---- | M] () [Kernel | Boot | Running] -- C:\windows\SysNative\drivers\aswRvrt.sys -- (aswRvrt)
DRV:64bit: - [2012/01/17 22:44:36 | 004,865,568 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lvuvc64.sys -- (LVUVC64)
DRV:64bit: - [2012/01/17 22:44:28 | 000,351,136 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lvrs64.sys -- (LVRS64)
DRV:64bit: - [2011/02/11 19:16:38 | 010,628,640 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/12/09 01:39:52 | 000,537,624 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009/07/13 17:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009/07/13 17:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009/07/13 17:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 17:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 17:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 17:47:48 | 000,023,104 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2009/07/13 17:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 12:35:42 | 000,187,392 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009/06/10 12:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 12:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 12:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 12:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009/07/13 17:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.emac...45v1j5r4562s38p
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.emac...45v1j5r4562s38p
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://in.yahoo.com/?fr=mkg029
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.co...ng}&rlz=1I7ACEW
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-2038435613-138853392-2710362757-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default Download Directory = C:\Users\thanhnguyen\Desktop
IE - HKU\S-1-5-21-2038435613-138853392-2710362757-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKU\S-1-5-21-2038435613-138853392-2710362757-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/
IE - HKU\S-1-5-21-2038435613-138853392-2710362757-1000\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKU\S-1-5-21-2038435613-138853392-2710362757-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKU\S-1-5-21-2038435613-138853392-2710362757-1000\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.co...1I7ACEW_enUS460
IE - HKU\S-1-5-21-2038435613-138853392-2710362757-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKU\S-1-5-21-2038435613-138853392-2710362757-1000\..\SearchScopes\{D4820E3D-028A-4D15-AF7F-0A2AB1E5AC0C}: "URL" = http://search.yahoo....p={SearchTerms}
IE - HKU\S-1-5-21-2038435613-138853392-2710362757-1000\..\SearchScopes\{F7743156-08A6-EFA8-2B22-C14CE44F71D8}: "URL" = http://www.bing.com/...eferrer:source}
IE - HKU\S-1-5-21-2038435613-138853392-2710362757-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.search.defaultengine: "Google"
FF - prefs.js..browser.search.defaultthis.engineName: ""
FF - prefs.js..browser.search.defaulturl: ""
FF - prefs.js..browser.search.order.1: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "https://www.google.com/"
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:26.0
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@nsroblox.roblox.com/launcher: C:\Users\thanhnguyen\AppData\Local\Roblox\Versions\version-28a069d7dccb4f92\\NPRobloxProxy.dll ()
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2013/12/18 09:30:06 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 26.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 26.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/12/17 07:35:15 | 000,000,000 | ---D | M]
[2011/12/02 21:56:31 | 000,000,000 | ---D | M] (No name found) -- C:\Users\thanhnguyen\AppData\Roaming\Mozilla\Extensions
[2013/12/27 09:51:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\thanhnguyen\AppData\Roaming\Mozilla\Firefox\Profiles\oovskqja.default\extensions
[2013/12/27 09:47:54 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2013/12/27 09:47:54 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2013/02/22 16:53:38 | 000,002,024 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\McSiteAdvisor.xml
O1 HOSTS File: ([2009/06/10 13:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (avast! Online Security) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2:64bit: - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3:64bit: - HKLM\..\Toolbar: (avast! Online Security) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3:64bit: - HKLM\..\Toolbar: (avast! Online Security) - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (avast! Online Security) - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [OOTag] C:\Program Files (x86)\eMachines\OOBEOffer\OOTag.exe (Microsoft)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [AvastUI.exe] C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [Hotkey Utility] C:\Program Files (x86)\eMachines\Hotkey Utility\HotkeyUtility.exe ()
O4 - HKLM..\Run: [OOTag] C:\Program Files (x86)\eMachines\OOBEOffer\OOTag.exe (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.205 192.168.1.206
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C43E0BB9-072C-4878-897E-F95BD2D00B47}: DhcpNameServer = 192.168.1.205 192.168.1.206
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{81439ffe-6667-11e3-a14f-4487fcd7c4e4}\Shell - "" = AutoRun
O33 - MountPoints2\{81439ffe-6667-11e3-a14f-4487fcd7c4e4}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
========== Files/Folders - Created Within 30 Days ==========
[2013/12/31 10:04:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2013/12/31 09:13:43 | 000,000,000 | ---D | C] -- C:\Users\thanhnguyen\Desktop\OLD REPORTS
[2013/12/31 06:34:27 | 000,016,464 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\wmilib.sys.bak
[2013/12/31 06:34:26 | 000,042,496 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\watchdog.sys.bak
[2013/12/31 06:34:26 | 000,042,064 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\WdfLdr.sys.bak
[2013/12/31 06:34:25 | 000,129,024 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\videoprt.sys.bak
[2013/12/31 06:34:23 | 000,324,608 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\usbport.sys.bak
[2013/12/31 06:34:23 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\usbrpm.sys.bak
[2013/12/31 06:34:22 | 000,032,896 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\USBCAMD2.sys.bak
[2013/12/31 06:34:22 | 000,019,968 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\usb8023.sys.bak
[2013/12/31 06:34:22 | 000,007,936 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\usbd.sys.bak
[2013/12/31 06:34:20 | 000,185,936 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\storport.sys.bak
[2013/12/31 06:34:20 | 000,068,864 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\stream.sys.bak
[2013/12/31 06:34:20 | 000,029,184 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\tape.sys.bak
[2013/12/31 06:34:20 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\tdi.sys.bak
[2013/12/31 06:34:19 | 000,426,496 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\spsys.sys.bak
[2013/12/31 06:34:19 | 000,024,656 | ---- | C] (Promise Technology) -- C:\windows\SysNative\drivers\stexstor.sys.bak
[2013/12/31 06:34:18 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\smclib.sys.bak
[2013/12/31 06:34:17 | 000,171,600 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\scsiport.sys.bak
[2013/12/31 06:34:16 | 000,187,392 | ---- | C] (Realtek Corporation ) -- C:\windows\SysNative\drivers\Rt64win7.sys.bak
[2013/12/31 06:34:16 | 000,145,920 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\rmcast.sys.bak
[2013/12/31 06:34:16 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\RNDISMP.sys.bak
[2013/12/31 06:34:16 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\rootmdm.sys.bak
[2013/12/31 06:34:12 | 000,230,400 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\portcls.sys.bak
[2013/12/31 06:34:11 | 000,048,720 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\pciidex.sys.bak
[2013/12/31 06:34:08 | 000,374,864 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\netio.sys.bak
[2013/12/31 06:34:02 | 000,022,016 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\mcd.sys.bak
[2013/12/31 06:34:01 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbam.sys.bak
[2013/12/31 06:34:00 | 004,865,568 | ---- | C] (Logitech Inc.) -- C:\windows\SysNative\drivers\lvuvc64.sys.bak
[2013/12/31 06:34:00 | 000,351,136 | ---- | C] (Logitech Inc.) -- C:\windows\SysNative\drivers\lvrs64.sys.bak
[2013/12/31 06:34:00 | 000,065,600 | ---- | C] (LSI Corporation) -- C:\windows\SysNative\drivers\lsi_sas2.sys.bak
[2013/12/31 06:33:58 | 000,120,320 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\irda.sys.bak
[2013/12/31 06:33:55 | 010,628,640 | ---- | C] (Intel Corporation) -- C:\windows\SysNative\drivers\igdkmd64.sys.bak
[2013/12/31 06:33:55 | 000,537,624 | ---- | C] (Intel Corporation) -- C:\windows\SysNative\drivers\iaStor.sys.bak
[2013/12/31 06:33:54 | 000,077,888 | ---- | C] (Hewlett-Packard Company) -- C:\windows\SysNative\drivers\HpSAMD.sys.bak
[2013/12/31 06:33:54 | 000,076,288 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\hidclass.sys.bak
[2013/12/31 06:33:54 | 000,032,896 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\hidparse.sys.bak
[2013/12/31 06:33:53 | 000,288,336 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\FWPKCLNT.SYS.bak
[2013/12/31 06:33:53 | 000,031,232 | ---- | C] (Hauppauge Computer Works, Inc.) -- C:\windows\SysNative\drivers\hcw85cir.sys.bak
[2013/12/31 06:33:53 | 000,023,104 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\fs_rec.sys.bak
[2013/12/31 06:33:51 | 003,286,016 | ---- | C] (Broadcom Corporation) -- C:\windows\SysNative\drivers\evbda.sys.bak
[2013/12/31 06:33:51 | 000,265,088 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\dxgmms1.sys.bak
[2013/12/31 06:33:51 | 000,116,224 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\drmk.sys.bak
[2013/12/31 06:33:51 | 000,098,816 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\dxg.sys.bak
[2013/12/31 06:33:51 | 000,055,128 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\dumpfve.sys.bak
[2013/12/31 06:33:51 | 000,028,736 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\Dumpata.sys.bak
[2013/12/31 06:33:51 | 000,027,008 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\Diskdump.sys.bak
[2013/12/31 06:33:51 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\dxapi.sys.bak
[2013/12/31 06:33:50 | 000,178,752 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\Classpnp.sys.bak
[2013/12/31 06:33:50 | 000,039,504 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\crashdmp.sys.bak
[2013/12/31 06:33:49 | 000,468,480 | ---- | C] (Broadcom Corporation) -- C:\windows\SysNative\drivers\bxvbda.sys.bak
[2013/12/31 06:33:48 | 000,270,848 | ---- | C] (Broadcom Corporation) -- C:\windows\SysNative\drivers\b57nd60a.sys.bak
[2013/12/31 06:33:48 | 000,155,728 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\ataport.sys.bak
[2013/12/31 06:33:48 | 000,028,240 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\battc.sys.bak
[2013/12/31 06:33:47 | 000,194,128 | ---- | C] (AMD Technologies Inc.) -- C:\windows\SysNative\drivers\amdsbs.sys.bak
[2013/12/31 06:33:47 | 000,106,576 | ---- | C] (Advanced Micro Devices) -- C:\windows\SysNative\drivers\amdsata.sys.bak
[2013/12/31 06:33:47 | 000,028,752 | ---- | C] (Advanced Micro Devices) -- C:\windows\SysNative\drivers\amdxata.sys.bak
[2013/12/31 06:33:46 | 000,068,096 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\1394bus.sys.bak
[2013/12/31 06:32:34 | 000,000,000 | ---D | C] -- C:\Users\thanhnguyen\Desktop\RK_Quarantine
[2013/12/31 06:16:03 | 000,000,000 | ---D | C] -- C:\windows\ERUNT
[2013/12/27 10:00:43 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2013/12/27 09:47:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service
[2013/12/27 07:28:14 | 000,000,000 | ---D | C] -- C:\_OTL
[2013/12/27 07:26:28 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\thanhnguyen\Desktop\OTL.exe
[2013/12/24 08:32:03 | 004,745,728 | ---- | C] (AVAST Software) -- C:\Users\thanhnguyen\Desktop\aswMBR.exe
[2013/12/18 09:30:10 | 000,079,672 | ---- | C] (AVAST Software) -- C:\windows\SysNative\drivers\aswstm.sys
[2013/12/17 11:35:08 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbam.sys
[2013/12/17 11:35:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/12/17 11:35:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013/12/17 09:25:26 | 000,000,000 | ---D | C] -- C:\windows\Microsoft Antimalware
[2013/12/17 08:54:08 | 000,181,064 | ---- | C] (Sysinternals) -- C:\windows\PSEXESVC.EXE
[2013/12/16 12:31:12 | 000,000,000 | ---D | C] -- C:\Users\thanhnguyen\AppData\Local\Programs
[2013/12/16 08:13:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Sophos
[2013/12/16 08:12:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2013/12/16 08:12:39 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2013/12/16 08:10:05 | 000,000,000 | ---D | C] -- C:\OLIVER
[2013/12/15 10:21:48 | 000,000,000 | ---D | C] -- C:\Users\thanhnguyen\AppData\Roaming\yahoo!
[2013/12/13 18:11:46 | 000,000,000 | ---D | C] -- C:\Users\thanhnguyen\AppData\Local\Apps
[2013/12/13 18:11:45 | 000,000,000 | ---D | C] -- C:\Users\thanhnguyen\AppData\Local\Deployment
[2013/12/13 15:10:20 | 009,272,200 | ---- | C] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerInstaller.exe
[2013/12/05 17:36:57 | 000,000,000 | ---D | C] -- C:\Users\thanhnguyen\AppData\Local\Macromedia
[2013/12/05 13:56:33 | 000,000,000 | ---D | C] -- C:\Users\thanhnguyen\AppData\Local\emaze
[2013/12/01 15:52:33 | 000,000,000 | ---D | C] -- C:\temp
========== Files - Modified Within 30 Days ==========
[2013/12/31 10:10:02 | 000,000,830 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2013/12/31 09:08:30 | 000,009,920 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/12/31 09:08:30 | 000,009,920 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/12/31 09:04:22 | 000,016,464 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\drivers\wmilib.sys.bak
[2013/12/31 09:04:21 | 000,042,496 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\drivers\watchdog.sys.bak
[2013/12/31 09:04:21 | 000,042,064 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\drivers\WdfLdr.sys.bak
[2013/12/31 09:04:19 | 000,129,024 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\drivers\videoprt.sys.bak
[2013/12/31 09:04:18 | 000,324,608 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\drivers\usbport.sys.bak
[2013/12/31 09:04:18 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\drivers\usbrpm.sys.bak
[2013/12/31 09:04:17 | 000,007,936 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\drivers\usbd.sys.bak
[2013/12/31 09:04:16 | 000,032,896 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\drivers\USBCAMD2.sys.bak
[2013/12/31 09:04:16 | 000,019,968 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\drivers\usb8023.sys.bak
[2013/12/31 09:04:14 | 000,026,624 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\drivers\tdi.sys.bak
[2013/12/31 09:04:13 | 000,185,936 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\drivers\storport.sys.bak
[2013/12/31 09:04:13 | 000,068,864 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\drivers\stream.sys.bak
[2013/12/31 09:04:13 | 000,029,184 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\drivers\tape.sys.bak
[2013/12/31 09:04:13 | 000,024,656 | ---- | M] (Promise Technology) -- C:\windows\SysNative\drivers\stexstor.sys.bak
[2013/12/31 09:04:12 | 000,426,496 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\drivers\spsys.sys.bak
[2013/12/31 09:04:12 | 000,020,992 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\drivers\smclib.sys.bak
[2013/12/31 09:04:11 | 000,171,600 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\drivers\scsiport.sys.bak
[2013/12/31 09:04:10 | 000,187,392 | ---- | M] (Realtek Corporation ) -- C:\windows\SysNative\drivers\Rt64win7.sys.bak
[2013/12/31 09:04:10 | 000,145,920 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\drivers\rmcast.sys.bak
[2013/12/31 09:04:10 | 000,041,472 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\drivers\RNDISMP.sys.bak
[2013/12/31 09:04:10 | 000,011,264 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\drivers\rootmdm.sys.bak
[2013/12/31 09:04:07 | 000,230,400 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\drivers\portcls.sys.bak
[2013/12/31 09:04:06 | 000,048,720 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\drivers\pciidex.sys.bak
[2013/12/31 09:04:04 | 000,374,864 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\drivers\netio.sys.bak
[2013/12/31 09:04:00 | 000,025,928 | ---- | M] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbam.sys.bak
[2013/12/31 09:04:00 | 000,022,016 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\drivers\mcd.sys.bak
[2013/12/31 09:03:59 | 004,865,568 | ---- | M] (Logitech Inc.) -- C:\windows\SysNative\drivers\lvuvc64.sys.bak
[2013/12/31 09:03:59 | 000,351,136 | ---- | M] (Logitech Inc.) -- C:\windows\SysNative\drivers\lvrs64.sys.bak
[2013/12/31 09:03:58 | 000,065,600 | ---- | M] (LSI Corporation) -- C:\windows\SysNative\drivers\lsi_sas2.sys.bak
[2013/12/31 09:03:57 | 000,120,320 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\drivers\irda.sys.bak
[2013/12/31 09:03:54 | 010,628,640 | ---- | M] (Intel Corporation) -- C:\windows\SysNative\drivers\igdkmd64.sys.bak
[2013/12/31 09:03:53 | 000,537,624 | ---- | M] (Intel Corporation) -- C:\windows\SysNative\drivers\iaStor.sys.bak
[2013/12/31 09:03:52 | 000,077,888 | ---- | M] (Hewlett-Packard Company) -- C:\windows\SysNative\drivers\HpSAMD.sys.bak
[2013/12/31 09:03:52 | 000,076,288 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\drivers\hidclass.sys.bak
[2013/12/31 09:03:52 | 000,032,896 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\drivers\hidparse.sys.bak
[2013/12/31 09:03:51 | 000,288,336 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\drivers\FWPKCLNT.SYS.bak
[2013/12/31 09:03:51 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) -- C:\windows\SysNative\drivers\hcw85cir.sys.bak
[2013/12/31 09:03:51 | 000,023,104 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\drivers\fs_rec.sys.bak
[2013/12/31 09:03:49 | 003,286,016 | ---- | M] (Broadcom Corporation) -- C:\windows\SysNative\drivers\evbda.sys.bak
[2013/12/31 09:03:48 | 000,265,088 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\drivers\dxgmms1.sys.bak
[2013/12/31 09:03:47 | 000,116,224 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\drivers\drmk.sys.bak
[2013/12/31 09:03:47 | 000,098,816 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\drivers\dxg.sys.bak
[2013/12/31 09:03:47 | 000,055,128 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\drivers\dumpfve.sys.bak
[2013/12/31 09:03:47 | 000,028,736 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\drivers\Dumpata.sys.bak
[2013/12/31 09:03:47 | 000,027,008 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\drivers\Diskdump.sys.bak
[2013/12/31 09:03:47 | 000,016,896 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\drivers\dxapi.sys.bak
[2013/12/31 09:03:46 | 000,039,504 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\drivers\crashdmp.sys.bak
[2013/12/31 09:03:45 | 000,468,480 | ---- | M] (Broadcom Corporation) -- C:\windows\SysNative\drivers\bxvbda.sys.bak
[2013/12/31 09:03:45 | 000,178,752 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\drivers\Classpnp.sys.bak
[2013/12/31 09:03:43 | 000,270,848 | ---- | M] (Broadcom Corporation) -- C:\windows\SysNative\drivers\b57nd60a.sys.bak
[2013/12/31 09:03:43 | 000,155,728 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\drivers\ataport.sys.bak
[2013/12/31 09:03:43 | 000,028,240 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\drivers\battc.sys.bak
[2013/12/31 09:03:42 | 000,194,128 | ---- | M] (AMD Technologies Inc.) -- C:\windows\SysNative\drivers\amdsbs.sys.bak
[2013/12/31 09:03:42 | 000,106,576 | ---- | M] (Advanced Micro Devices) -- C:\windows\SysNative\drivers\amdsata.sys.bak
[2013/12/31 09:03:42 | 000,028,752 | ---- | M] (Advanced Micro Devices) -- C:\windows\SysNative\drivers\amdxata.sys.bak
[2013/12/31 09:03:40 | 000,068,096 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\drivers\1394bus.sys.bak
[2013/12/31 09:01:14 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2013/12/31 09:01:10 | 1583,276,032 | -HS- | M] () -- C:\hiberfil.sys
[2013/12/27 10:01:32 | 000,984,576 | ---- | M] () -- C:\Users\thanhnguyen\Desktop\MicrosoftFixit50906.msi
[2013/12/27 09:47:56 | 000,001,116 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2013/12/27 07:19:48 | 000,079,672 | ---- | M] (AVAST Software) -- C:\windows\SysNative\drivers\aswstm.sys
[2013/12/24 11:30:44 | 004,745,728 | ---- | M] (AVAST Software) -- C:\Users\thanhnguyen\Desktop\aswMBR.exe
[2013/12/18 11:12:42 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\thanhnguyen\Desktop\OTL.exe
[2013/12/18 09:32:22 | 000,343,552 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT
[2013/12/18 09:30:15 | 000,001,975 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2013/12/18 09:30:06 | 001,034,464 | ---- | M] (AVAST Software) -- C:\windows\SysNative\drivers\aswSnx.sys
[2013/12/18 09:30:06 | 000,422,216 | ---- | M] (AVAST Software) -- C:\windows\SysNative\drivers\aswSP.sys
[2013/12/18 09:30:06 | 000,334,136 | ---- | M] (AVAST Software) -- C:\windows\SysNative\aswBoot.exe
[2013/12/18 09:30:06 | 000,207,904 | ---- | M] () -- C:\windows\SysNative\drivers\aswVmm.sys
[2013/12/18 09:30:06 | 000,078,648 | ---- | M] (AVAST Software) -- C:\windows\SysNative\drivers\aswMonFlt.sys
[2013/12/18 09:30:05 | 000,043,152 | ---- | M] (AVAST Software) -- C:\windows\avastSS.scr
[2013/12/18 09:26:24 | 000,000,831 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2013/12/17 12:27:31 | 000,001,078 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/12/17 08:57:19 | 000,181,064 | ---- | M] (Sysinternals) -- C:\windows\PSEXESVC.EXE
[2013/12/17 07:09:54 | 000,001,412 | ---- | M] () -- C:\Users\thanhnguyen\Desktop\Internet Explorer.lnk
[2013/12/16 09:13:20 | 000,001,249 | ---- | M] () -- C:\Users\thanhnguyen\Desktop\dfrgui.exe - Shortcut.lnk
[2013/12/16 09:12:16 | 000,001,269 | ---- | M] () -- C:\Users\thanhnguyen\Desktop\cleanmgr.exe - Shortcut.lnk
[2013/12/16 08:12:05 | 000,778,150 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2013/12/16 08:12:05 | 000,659,580 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2013/12/16 08:12:05 | 000,120,508 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2013/12/15 06:38:38 | 000,001,363 | ---- | M] () -- C:\Users\thanhnguyen\Desktop\ROBLOX Player.lnk
[2013/12/15 06:38:38 | 000,001,182 | ---- | M] () -- C:\Users\thanhnguyen\Desktop\ROBLOX Studio 2013.lnk
[2013/12/13 15:10:35 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerApp.exe
[2013/12/13 15:10:34 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
[2013/12/13 15:10:20 | 009,272,200 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerInstaller.exe
[2013/12/05 15:17:51 | 000,771,962 | ---- | M] () -- C:\windows\SysWow64\PerfStringBackup.INI
========== Files Created - No Company Name ==========
[2013/12/27 09:47:56 | 000,001,128 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2013/12/27 09:47:56 | 000,001,116 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2013/12/27 07:02:54 | 000,984,576 | ---- | C] () -- C:\Users\thanhnguyen\Desktop\MicrosoftFixit50906.msi
[2013/12/18 09:31:15 | 000,343,552 | ---- | C] () -- C:\windows\SysNative\FNTCACHE.DAT
[2013/12/17 11:35:09 | 000,001,078 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/12/17 07:09:54 | 000,001,412 | ---- | C] () -- C:\Users\thanhnguyen\Desktop\Internet Explorer.lnk
[2013/12/16 09:13:20 | 000,001,249 | ---- | C] () -- C:\Users\thanhnguyen\Desktop\dfrgui.exe - Shortcut.lnk
[2013/12/16 09:12:16 | 000,001,269 | ---- | C] () -- C:\Users\thanhnguyen\Desktop\cleanmgr.exe - Shortcut.lnk
[2013/12/16 08:12:41 | 000,000,831 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2013/12/05 15:17:49 | 000,771,962 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI
[2013/12/05 13:46:59 | 000,001,975 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2013/11/09 21:43:30 | 000,000,646 | ---- | C] () -- C:\Users\thanhnguyen\Minesweeper.lnk
[2012/01/17 22:44:00 | 010,920,984 | ---- | C] () -- C:\windows\SysWow64\LogiDPP.dll
[2012/01/17 22:44:00 | 000,336,408 | ---- | C] () -- C:\windows\SysWow64\DevManagerCore.dll
[2012/01/17 22:44:00 | 000,104,472 | ---- | C] () -- C:\windows\SysWow64\LogiDPPApp.exe
========== ZeroAccess Check ==========
[2009/07/13 20:55:00 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2011/08/29 21:21:15 | 014,164,480 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2011/08/29 20:28:32 | 012,868,096 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 17:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/07/13 17:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 17:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
========== LOP Check ==========
[2011/12/02 22:19:59 | 000,000,000 | ---D | M] -- C:\Users\thanhnguyen\AppData\Roaming\.purple
[2013/11/15 15:56:01 | 000,000,000 | ---D | M] -- C:\Users\thanhnguyen\AppData\Roaming\AVAST Software
[2011/12/23 14:32:17 | 000,000,000 | ---D | M] -- C:\Users\thanhnguyen\AppData\Roaming\Leadertech
[2011/12/02 21:47:28 | 000,000,000 | ---D | M] -- C:\Users\thanhnguyen\AppData\Roaming\OEM
[2012/04/02 17:52:47 | 000,000,000 | ---D | M] -- C:\Users\thanhnguyen\AppData\Roaming\WildTangent
========== Purity Check ==========
========== Custom Scans ==========
< MD5 for: FOO.TXT >
[2013/12/01 15:52:44 | 000,339,606 | ---- | M] () MD5=BC39C6A157942EEBE04F920B998CCCCA -- C:\temp\foo.txt
< End of report >