Hello,
I am infected with the babylon virus and maybe more.
I get a Wireless Configuration popup after restarting that says "Notification dll has not been registered, program will not work correctly". The system tray does not show the wireless connection or the ethernet connection. Also, clicking on network connection shows a blank page.
Here are test files of the OTL.txt (EXTRA.txt and adwCleaner.txt will be on 2 of 2 since files are too big to submit together :
OTL.txt
OTL logfile created on: 11/12/2012 2:53:54 PM - Run 1
OTL by OldTimer - Version 3.2.70.1 Folder = C:\Documents and Settings\Dien Truong\Desktop\Download
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
2.96 Gb Total Physical Memory | 2.44 Gb Available Physical Memory | 82.28% Memory free
4.80 Gb Paging File | 4.22 Gb Available in Paging File | 87.95% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232.84 Gb Total Space | 209.19 Gb Free Space | 89.84% Space Free | Partition Type: NTFS
Computer Name: DTRUONG-LAPTOP | User Name: Dien Truong | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2012/11/12 14:53:20 | 000,600,064 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Dien Truong\Desktop\Download\OTL.com
PRC - [2012/11/06 08:25:41 | 004,763,008 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
PRC - [2012/09/23 19:27:57 | 000,296,096 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\RealPlayer\Update\realsched.exe
PRC - [2012/09/17 10:36:53 | 000,148,520 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\mfevtps.exe
PRC - [2012/09/17 10:36:52 | 000,166,024 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
PRC - [2012/07/11 08:54:49 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCore.exe
PRC - [2012/05/25 04:25:02 | 006,595,928 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
PRC - [2011/09/14 20:08:00 | 000,215,360 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\shstat.exe
PRC - [2011/09/14 20:08:00 | 000,209,760 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe
PRC - [2011/09/14 20:08:00 | 000,033,648 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\mfeann.exe
PRC - [2011/05/19 16:05:00 | 000,185,664 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\naPrdMgr.exe
PRC - [2011/05/19 16:05:00 | 000,120,128 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\FrameworkService.exe
PRC - [2010/03/23 13:19:32 | 001,528,616 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
PRC - [2009/02/20 18:36:00 | 000,483,420 | ---- | M] (IDT, Inc.) -- C:\Program Files\IDT\WDM\sttray.exe
PRC - [2009/02/20 18:36:00 | 000,249,938 | ---- | M] (IDT, Inc.) -- c:\Program Files\IDT\XPV10_6147v005\WDM\stacsv.exe
PRC - [2009/01/08 11:55:00 | 000,072,224 | ---- | M] (O2Micro International) -- C:\WINDOWS\system32\drivers\o2flash.exe
PRC - [2008/11/09 10:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/09/02 20:49:28 | 000,365,864 | ---- | M] (Juniper Networks, Inc.) -- C:\Program Files\Juniper Networks\Odyssey Access Client\odClientService.exe
PRC - [2008/08/20 05:42:34 | 000,087,416 | ---- | M] (Juniper Networks) -- C:\Program Files\Common Files\Juniper Networks\JUNS\dsAccessService.exe
PRC - [2008/04/13 13:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
========== Modules (No Company Name) ==========
MOD - [2012/05/25 04:25:00 | 000,921,600 | ---- | M] () -- C:\Program Files\Yahoo!\Messenger\yui.dll
MOD - [2012/05/25 04:25:00 | 000,078,336 | ---- | M] () -- C:\Program Files\Yahoo!\Messenger\pcre.dll
MOD - [2011/11/03 05:28:36 | 001,292,288 | ---- | M] () -- C:\WINDOWS\system32\quartz.dll
MOD - [2011/05/19 16:05:00 | 000,070,976 | ---- | M] () -- C:\Program Files\McAfee\Common Framework\boost_thread-vc80-mt-1_32.dll
MOD - [2010/03/23 13:26:48 | 000,201,512 | ---- | M] () -- C:\WINDOWS\system32\vpnapi.dll
MOD - [2008/10/24 13:00:12 | 000,753,664 | ---- | M] () -- C:\WINDOWS\system32\bcm1xsup.dll
MOD - [2008/04/13 13:00:00 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll
MOD - [2008/04/13 13:00:00 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2007/04/18 20:30:46 | 000,471,040 | ---- | M] () -- C:\Program Files\McAfee\Common Framework\ccme_base.dll
MOD - [2007/04/18 20:30:46 | 000,393,216 | ---- | M] () -- C:\Program Files\McAfee\Common Framework\cryptocme2.dll
========== Services (SafeList) ==========
SRV - [2012/11/03 23:19:23 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/09/17 10:36:53 | 000,148,520 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\WINDOWS\system32\mfevtps.exe -- (mfevtp)
SRV - [2012/09/17 10:36:52 | 000,166,024 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe -- (McShield)
SRV - [2012/07/11 08:54:49 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore.exe -- (!SASCORE)
SRV - [2011/09/14 20:08:00 | 000,209,760 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe -- (McTaskManager)
SRV - [2011/05/19 16:05:00 | 000,120,128 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\Common Framework\FrameworkService.exe -- (McAfeeFramework)
SRV - [2010/03/23 13:19:32 | 001,528,616 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND)
SRV - [2009/02/20 18:36:00 | 000,249,938 | ---- | M] (IDT, Inc.) [Auto | Running] -- c:\Program Files\IDT\XPV10_6147v005\WDM\stacsv.exe -- (STacSV)
SRV - [2009/01/08 11:55:00 | 000,072,224 | ---- | M] (O2Micro International) [Auto | Running] -- C:\WINDOWS\system32\drivers\o2flash.exe -- (O2FLASH)
SRV - [2008/11/09 10:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/09/02 20:49:28 | 000,365,864 | ---- | M] (Juniper Networks, Inc.) [Auto | Running] -- C:\Program Files\Juniper Networks\Odyssey Access Client\odClientService.exe -- (odClientService)
SRV - [2008/09/02 20:06:52 | 000,116,008 | ---- | M] (Juniper Networks) [On_Demand | Stopped] -- C:\Program Files\Common Files\Juniper Networks\TNC Client\jTnccService.exe -- (EacService)
SRV - [2008/08/20 05:42:34 | 000,087,416 | ---- | M] (Juniper Networks) [Auto | Running] -- C:\Program Files\Common Files\Juniper Networks\JUNS\dsAccessService.exe -- (JuniperAccessService)
========== Driver Services (SafeList) ==========
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | On_Demand | Unknown] -- -- (mfeavfk01)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | Boot | Stopped] -- -- (cerc6)
DRV - [2012/09/17 10:36:53 | 000,089,624 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\mfetdi2k.sys -- (mfetdi2k)
DRV - [2012/09/17 10:36:53 | 000,087,808 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mferkdet.sys -- (mferkdet)
DRV - [2012/09/17 10:36:52 | 000,461,864 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2012/09/17 10:36:52 | 000,180,072 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2012/09/17 10:36:52 | 000,119,968 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfeapfk.sys -- (mfeapfk)
DRV - [2012/09/17 10:36:52 | 000,059,288 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2011/07/22 06:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011/07/12 11:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/03/23 13:15:36 | 000,308,859 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\CVPNDRVA.sys -- (CVPNDRVA)
DRV - [2009/02/20 18:36:00 | 001,548,339 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2009/02/20 18:35:00 | 000,112,512 | ---- | M] (Andrea Electronics Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AESTAud.sys -- (AESTAud)
DRV - [2009/02/02 15:54:00 | 000,120,064 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2009/01/08 11:55:00 | 000,051,616 | ---- | M] (O2Micro ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\o2mdg.sys -- (O2MDGRDR)
DRV - [2009/01/08 11:55:00 | 000,041,760 | ---- | M] (O2Micro ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\o2sdg.sys -- (O2SDGRDR)
DRV - [2008/11/16 18:39:44 | 000,131,984 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\dne2000.sys -- (DNE)
DRV - [2008/10/24 13:00:32 | 001,287,552 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2008/09/02 19:43:10 | 000,282,496 | ---- | M] (Juniper Networks, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\odFIPS2.sys -- (odFips2)
DRV - [2008/09/02 19:43:10 | 000,009,856 | ---- | M] (Juniper Networks, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\odFIPS.sys -- (odFips)
DRV - [2008/08/26 11:43:32 | 000,390,528 | ---- | M] (Juniper Networks, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\jnprna.sys -- (jnprna)
DRV - [2008/08/26 11:43:32 | 000,029,312 | ---- | M] (Juniper Networks, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\jnprvamgr.sys -- (JnprVaMgr)
DRV - [2007/11/14 19:05:16 | 000,394,952 | ---- | M] (Zone Labs, LLC) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\vsdatant.sys -- (vsdatant)
DRV - [2007/01/18 20:28:02 | 000,005,275 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CVirtA.sys -- (CVirtA)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{62DE0E27-4541-4078-B47C-7E08B6C6DABE}: "URL" = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.6.14: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.6.14: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.6.14: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.6.14: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=15.0.6.14: C:\Program Files\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{D19CA586-DD6C-4a0a-96F8-14644F340D60}: C:\Program Files\Common Files\McAfee\SystemCore [2012/11/12 14:32:32 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{0153E448-190B-4987-BDE1-F256CADA672F}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/09/23 19:28:09 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\statuswinks@StatusWinks: C:\Documents and Settings\Dien Truong\Application Data\Mozilla\Extensions\statuswinks@StatusWinks [2012/10/29 05:30:52 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\statuswinks@StatusWinks: C:\Documents and Settings\Dien Truong\Application Data\Mozilla\Extensions\statuswinks@StatusWinks [2012/10/29 05:30:52 | 000,000,000 | ---D | M]
[2012/10/29 05:30:52 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Dien Truong\Application Data\Mozilla\Extensions
[2012/10/29 05:30:52 | 000,000,000 | ---D | M] (Smiley Bar for Facebook) -- C:\Documents and Settings\Dien Truong\Application Data\Mozilla\Extensions\statuswinks@StatusWinks
[2012/10/29 05:30:16 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
========== Chrome ==========
CHR - homepage: http://www.google.com/
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: http://www.google.com/
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\22.0.1229.96\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\22.0.1229.96\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\22.0.1229.96\pdf.dll
CHR - plugin: Conduit Chrome Plugin (Enabled) = C:\Documents and Settings\Dien Truong\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda\2.3.15.10_0\plugins/ConduitChromeApiPlugin.dll
CHR - plugin: Conduit Radio Plugin (Enabled) = C:\Documents and Settings\Dien Truong\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fgkbmedckhcibhkdhaokebnllokeokek\10.11.21.5_0\plugins/np-cwmp.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.230.5 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U23 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: RealNetworks(tm) Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
CHR - plugin: RealPlayer(tm) HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll
CHR - plugin: RealPlayer Download Plugin (Enabled) = C:\Program Files\Real\RealPlayer\Netscape6\nprpplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll
CHR - Extension: YouTube = C:\Documents and Settings\Dien Truong\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Documents and Settings\Dien Truong\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: uTorrentControl_v2 = C:\Documents and Settings\Dien Truong\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda\2.3.15.10_0\
CHR - Extension: InternetHelper1.5 = C:\Documents and Settings\Dien Truong\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fgkbmedckhcibhkdhaokebnllokeokek\10.11.21.5_0\
CHR - Extension: Smiley Bar for Facebook = C:\Documents and Settings\Dien Truong\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\hgojaaaiddhmiiakpejiklijbalpckih\1.0.0.3_0\
CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Documents and Settings\Dien Truong\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0\
CHR - Extension: Gmail = C:\Documents and Settings\Dien Truong\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
O1 HOSTS File: ([2008/04/13 13:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (no name) - {2EECD738-5844-4a99-B4B6-146BF802613B} - No CLSID value found.
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20120917103712.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (no name) - {98889811-442D-49dd-99D7-DC866BE87DBC} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O4 - HKLM..\Run: [Adobe ARM] FILES\ADOBE\ARM\1.0\ADOBEARM.EXE" File not found
O4 - HKLM..\Run: [AESTFltr] ODLG File not found
O4 - HKLM..\Run: [Broadcom Wireless Manager UI] DOWS\SYSTEM32\WLTRAY.EXE File not found
O4 - HKLM..\Run: [HotKeysCmds] DOWS\SYSTEM32\HKCMD.EXE File not found
O4 - HKLM..\Run: [IgfxTray] DOWS\SYSTEM32\IGFXTRAY.EXE File not found
O4 - HKLM..\Run: [McAfeeUpdaterUI] KEY File not found
O4 - HKLM..\Run: [OdTray.exe] T\ODTRAY.EXE File not found
O4 - HKLM..\Run: [Persistence] DOWS\SYSTEM32\IGFXPERS.EXE File not found
O4 - HKLM..\Run: [ShStatEXE] E File not found
O4 - HKLM..\Run: [SunJavaUpdateSched] FILES\JAVA\JAVA UPDATE\JUSCHED.EXE" File not found
O4 - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKCU..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\VPN Client.lnk = C:\WINDOWS\Installer\{B0BF7057-6869-4E4B-920C-EA2A58DA07F0}\Icon3E5562ED7.ico ()
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - mswsock.dll File not found
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1347905104810 (WUWebControl Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://javadl-esd.oracle.com/update/1.6.0/jinstall-6u23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} https://juniper.net/dana-cached/setup/JuniperSetupSP1.cab (JuniperSetupControlXP Class)
O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://juniper.net/dana-cached/sc/JuniperSetupClient.cab (JuniperSetupClientControl Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A7F2F06C-3DE3-44CE-A454-2E092A02D0FB}: DhcpNameServer = 192.168.1.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\WINDOWS\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Dien Truong\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Dien Truong\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2012/09/16 15:58:16 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{1effa95a-0121-11e2-b5e2-701a04427680}\Shell - "" = AutoRun
O33 - MountPoints2\{1effa95a-0121-11e2-b5e2-701a04427680}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{1effa95a-0121-11e2-b5e2-701a04427680}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
SafeBootMin: !SASCORE - C:\Program Files\SUPERAntiSpyware\SASCore.exe (SUPERAntiSpyware.com)
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: SRService - Service
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {5056b317-8d4c-43ee-8543-b9d1e234b8f4} - Security Update for Windows XP (KB923789)
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Web Folders
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {ACC563BC-4266-43f0-B6ED-9D38C4202C7E} -
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax ()
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll ()
NetSvcs: 6to4 - File not found
NetSvcs: EventSystem - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: Sharedaccess - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: BITS - File not found
NetSvcs: helpsvc - File not found
NetSvcs: WmdmPmSN - File not found
CREATERESTOREPOINT
Unable to start System Restore Service. Error code 2
========== Files/Folders - Created Within 30 Days ==========
[2012/11/12 13:33:16 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Dien Truong\Start Menu\Programs\Administrative Tools
[2012/11/12 13:33:12 | 000,000,000 | -H-D | C] -- C:\WINDOWS\System32\GroupPolicy
[2012/11/12 10:50:06 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012/11/12 08:18:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dien Truong\Application Data\Malwarebytes
[2012/11/12 08:17:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2012/11/12 08:17:52 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012/11/12 08:17:51 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/11/11 08:54:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dien Truong\Application Data\RealNetworks
[2012/11/06 22:07:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dien Truong\Application Data\Media Player Lite
[2012/11/06 22:06:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dien Truong\Start Menu\Programs\MediaPlayerLite
[2012/11/06 22:06:48 | 000,000,000 | ---D | C] -- C:\Program Files\MediaPlayerLite
[2012/11/04 20:19:04 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\appmgmt
[2012/11/04 00:01:37 | 000,000,000 | -HSD | C] -- C:\WINDOWS\assembly
[2012/11/04 00:01:31 | 000,000,000 | ---D | C] -- C:\QUARANTINE
[2012/10/29 20:11:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Yahoo! Messenger
[2012/10/29 05:30:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dien Truong\Application Data\StatusWinks
[2012/10/29 05:30:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dien Truong\Application Data\Mozilla
[2012/10/29 05:30:16 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2012/10/29 05:30:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dien Truong\Start Menu\Programs\Haali Media Splitter
[2012/10/29 05:30:13 | 000,000,000 | ---D | C] -- C:\Program Files\Haali
[2012/10/29 05:30:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dien Truong\Application Data\Babylon
[2012/10/29 05:30:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Babylon
[2012/10/29 05:30:02 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\searchplugins
[2012/10/29 05:30:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dien Truong\Start Menu\Programs\ffdshow
[2012/10/29 05:30:02 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Extensions
[2012/10/22 08:39:02 | 009,575,864 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerInstaller.exe
[2008/08/20 05:39:32 | 000,069,632 | ---- | C] (Juniper Networks) -- C:\Documents and Settings\All Users\Application Data\NeoterisSetup.ocx
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2012/11/12 14:39:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012/11/12 14:32:32 | 000,002,447 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\VPN Client.lnk
[2012/11/12 14:32:28 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/11/12 14:32:27 | 000,000,290 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1644491937-1343024091-1801674531-1003.job
[2012/11/12 14:32:20 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/11/12 13:11:43 | 000,000,434 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{53D556AE-5E4D-453A-B96D-52D4735E00A6}.job
[2012/11/12 11:03:13 | 000,001,441 | ---- | M] () -- C:\scu.dat
[2012/11/12 08:17:57 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/11/11 21:36:14 | 000,000,298 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1644491937-1343024091-1801674531-1003.job
[2012/11/09 16:07:43 | 000,020,200 | ---- | M] () -- C:\Documents and Settings\Dien Truong\Desktop\MAP Loading Dock.pdf
[2012/11/09 09:21:57 | 000,860,774 | ---- | M] () -- C:\Documents and Settings\Dien Truong\Desktop\Veeder Root TLS350.pdf
[2012/11/08 05:33:06 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/11/07 17:04:54 | 000,136,019 | ---- | M] () -- C:\Documents and Settings\Dien Truong\Desktop\Drawing Relocate Light Fixture.pdf
[2012/11/06 23:25:53 | 000,005,632 | ---- | M] () -- C:\Documents and Settings\Dien Truong\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/11/06 22:06:50 | 000,001,572 | ---- | M] () -- C:\Documents and Settings\Dien Truong\Desktop\MediaPlayerLite.lnk
[2012/11/03 23:19:22 | 000,696,760 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2012/11/03 23:19:22 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2012/11/02 14:00:05 | 000,051,899 | ---- | M] () -- C:\Documents and Settings\Dien Truong\Desktop\BSB140 New Receptacle.pdf
[2012/11/02 11:04:18 | 000,031,448 | ---- | M] () -- C:\Documents and Settings\Dien Truong\Desktop\Submeter Reading 11-1-2012.pdf
[2012/11/02 08:55:50 | 000,291,494 | ---- | M] () -- C:\Documents and Settings\Dien Truong\Desktop\Bubbletight Damper drwg.pdf
[2012/10/31 16:11:39 | 000,059,767 | ---- | M] () -- C:\Documents and Settings\Dien Truong\Desktop\JABSOM Quality Improvement _ Fire Sprinkler Incident Report -162AA.pdf
[2012/10/31 13:31:59 | 000,558,133 | ---- | M] () -- C:\WINDOWS\System32\sqlite3.dll
[2012/10/29 20:11:31 | 000,000,820 | ---- | M] () -- C:\Documents and Settings\Dien Truong\Application Data\Microsoft\Internet Explorer\Quick Launch\Yahoo! Messenger.lnk
[2012/10/29 20:11:31 | 000,000,802 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Yahoo! Messenger.lnk
[2012/10/28 20:13:25 | 000,000,804 | ---- | M] () -- C:\Documents and Settings\Dien Truong\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2012/10/26 16:35:33 | 000,197,175 | ---- | M] () -- C:\Documents and Settings\Dien Truong\My Documents\Basis of design.pdf
[2012/10/25 09:57:47 | 000,065,703 | ---- | M] () -- C:\Documents and Settings\Dien Truong\My Documents\CPI PO001.pdf
[2012/10/23 08:13:02 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/10/22 08:39:02 | 009,575,864 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerInstaller.exe
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
========== Files Created - No Company Name ==========
[2012/11/12 11:01:07 | 000,001,441 | ---- | C] () -- C:\scu.dat
[2012/11/12 08:17:57 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/11/09 16:07:43 | 000,020,200 | ---- | C] () -- C:\Documents and Settings\Dien Truong\Desktop\MAP Loading Dock.pdf
[2012/11/09 09:21:57 | 000,860,774 | ---- | C] () -- C:\Documents and Settings\Dien Truong\Desktop\Veeder Root TLS350.pdf
[2012/11/08 05:32:36 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/11/07 17:04:52 | 000,136,019 | ---- | C] () -- C:\Documents and Settings\Dien Truong\Desktop\Drawing Relocate Light Fixture.pdf
[2012/11/06 22:06:50 | 000,001,572 | ---- | C] () -- C:\Documents and Settings\Dien Truong\Desktop\MediaPlayerLite.lnk
[2012/11/02 14:00:05 | 000,051,899 | ---- | C] () -- C:\Documents and Settings\Dien Truong\Desktop\BSB140 New Receptacle.pdf
[2012/11/02 11:04:18 | 000,031,448 | ---- | C] () -- C:\Documents and Settings\Dien Truong\Desktop\Submeter Reading 11-1-2012.pdf
[2012/11/02 08:55:50 | 000,291,494 | ---- | C] () -- C:\Documents and Settings\Dien Truong\Desktop\Bubbletight Damper drwg.pdf
[2012/10/31 16:11:39 | 000,059,767 | ---- | C] () -- C:\Documents and Settings\Dien Truong\Desktop\JABSOM Quality Improvement _ Fire Sprinkler Incident Report -162AA.pdf
[2012/10/31 13:32:19 | 000,558,133 | ---- | C] () -- C:\WINDOWS\System32\sqlite3.dll
[2012/10/29 20:11:31 | 000,000,820 | ---- | C] () -- C:\Documents and Settings\Dien Truong\Application Data\Microsoft\Internet Explorer\Quick Launch\Yahoo! Messenger.lnk
[2012/10/29 20:11:31 | 000,000,802 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Yahoo! Messenger.lnk
[2012/10/28 20:13:25 | 000,000,804 | ---- | C] () -- C:\Documents and Settings\Dien Truong\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2012/10/28 20:13:07 | 000,005,632 | ---- | C] () -- C:\Documents and Settings\Dien Truong\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/10/26 16:35:32 | 000,197,175 | ---- | C] () -- C:\Documents and Settings\Dien Truong\My Documents\Basis of design.pdf
[2012/10/25 09:57:47 | 000,065,703 | ---- | C] () -- C:\Documents and Settings\Dien Truong\My Documents\CPI PO001.pdf
[2012/09/19 11:12:10 | 000,229,888 | ---- | C] () -- C:\Documents and Settings\Dien Truong\DataRefreshUI_5.2.0.5400.dll
[2012/09/17 13:45:21 | 000,009,842 | ---- | C] () -- C:\WINDOWS\hpdj6122.ini
[2012/09/17 12:07:05 | 002,026,604 | ---- | C] () -- C:\WINDOWS\System32\igkrng500.bin
[2012/09/17 12:07:04 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v5016.dll
[2012/09/17 12:07:03 | 000,442,964 | ---- | C] () -- C:\WINDOWS\System32\igcompkrng500.bin
[2012/09/17 08:14:36 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/09/17 07:52:08 | 000,753,664 | ---- | C] () -- C:\WINDOWS\System32\bcm1xsup.dll
[2012/09/17 07:52:08 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\preflib.dll
[2012/09/17 07:52:08 | 000,024,064 | ---- | C] () -- C:\WINDOWS\System32\WLTRYSVC.EXE
[2012/09/16 16:42:24 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2012/09/16 16:00:01 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2012/09/16 15:55:56 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
========== ZeroAccess Check ==========
[2012/11/04 00:01:32 | 000,000,000 | -HSD | M] -- C:\RECYCLER\S-1-5-18\$6840a5f7fe6b3ce7f077dd10851581a7\L
[2012/11/04 00:01:32 | 000,000,000 | -HSD | M] -- C:\RECYCLER\S-1-5-18\$6840a5f7fe6b3ce7f077dd10851581a7\U
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2012/06/28 11:33:05 | 001,510,400 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %SystemRoot%\system32\wbem\fastprox.dll -- [2009/02/09 02:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008/04/13 13:00:00 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
========== Custom Scans ==========
< %AppData%\Roaming\Mozilla\Firefox\Profiles\*.default\extensions\ /s /md5 >
< %AppData%\Local\ >
< %systemroot%\system32\sysprep >
< *.xpi /md5 >
< %systemroot%\Downloaded Program Files\ >
< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile >
< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2012/08/28 02:07:34 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2012/08/28 02:07:34 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2012/08/28 02:07:34 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
< hklm\software\clients\startmenuinternet|command /64 /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2012/08/28 02:07:34 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2012/08/28 02:07:34 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2012/08/28 02:07:34 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
< %systemroot%\system32\drivers\*.sys /lockedfiles >
< %systemroot%\system32\drivers\*.sys /90 >
[2012/09/29 19:54:26 | 000,022,856 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\system32\drivers\mbam.sys
[2012/09/17 10:36:52 | 000,119,968 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\drivers\mfeapfk.sys
[2012/09/17 10:36:52 | 000,180,072 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\drivers\mfeavfk.sys
[2012/09/17 10:36:52 | 000,059,288 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\drivers\mfebopk.sys
[2012/09/17 10:36:52 | 000,009,344 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\drivers\mfeclnk.sys
[2012/09/17 10:36:52 | 000,461,864 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\drivers\mfehidk.sys
[2012/09/17 10:36:53 | 000,087,808 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\drivers\mferkdet.sys
[2012/09/17 10:36:53 | 000,089,624 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\drivers\mfetdi2k.sys
< %systemroot%\System32\config\*.sav >
[2008/01/02 06:18:37 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav
[2008/01/02 06:18:37 | 001,089,536 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav
[2008/01/02 06:18:37 | 000,925,696 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav
< %SYSTEMDRIVE%\*.exe /md5 >
< "%WinDir%\$NtUninstallKB*$." /30 >
< %systemdrive%\Program Files\Common Files\ComObjects\*.* /s >
< %systemroot%\*. /mp /s >
< %systemroot%\*. /rp /s >
< %systemroot%\system32\*.dll /lockedfiles >
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]
< %systemroot%\Tasks\*.job /lockedfiles >
< %systemroot%\Installer\ /s >
< %systemroot%\system32\Cache\ /s >
< %systemroot%\system32\config\systemprofile\ /s >
< %PROGRAMFILES%\*. >
[2012/09/18 11:27:37 | 000,000,000 | ---D | M] -- C:\Program Files\Adobe
[2012/09/17 11:07:10 | 000,000,000 | ---D | M] -- C:\Program Files\Cisco Systems
[2012/09/23 19:28:12 | 000,000,000 | ---D | M] -- C:\Program Files\Common Files
[2012/09/16 15:55:54 | 000,000,000 | ---D | M] -- C:\Program Files\ComPlus Applications
[2012/09/18 19:10:02 | 000,000,000 | ---D | M] -- C:\Program Files\Conduit
[2012/09/17 07:52:08 | 000,000,000 | ---D | M] -- C:\Program Files\Dell
[2012/11/12 10:50:06 | 000,000,000 | ---D | M] -- C:\Program Files\ESET
[2012/11/12 11:31:33 | 000,000,000 | ---D | M] -- C:\Program Files\Google
[2012/10/29 05:30:13 | 000,000,000 | ---D | M] -- C:\Program Files\Haali
[2012/09/17 17:06:28 | 000,000,000 | ---D | M] -- C:\Program Files\Hewlett-Packard
[2012/09/17 12:03:58 | 000,000,000 | ---D | M] -- C:\Program Files\IDT
[2012/09/17 12:03:01 | 000,000,000 | -H-D | M] -- C:\Program Files\InstallShield Installation Information
[2012/09/17 13:10:49 | 000,000,000 | ---D | M] -- C:\Program Files\Intel
[2012/09/22 06:18:39 | 000,000,000 | ---D | M] -- C:\Program Files\Internet Explorer
[2012/09/17 22:22:54 | 000,000,000 | ---D | M] -- C:\Program Files\Java
[2012/09/17 11:00:04 | 000,000,000 | ---D | M] -- C:\Program Files\Juniper Networks
[2012/11/12 08:17:57 | 000,000,000 | ---D | M] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/09/17 10:36:39 | 000,000,000 | ---D | M] -- C:\Program Files\McAfee
[2012/11/06 22:06:50 | 000,000,000 | ---D | M] -- C:\Program Files\MediaPlayerLite
[2012/09/17 08:16:06 | 000,000,000 | ---D | M] -- C:\Program Files\Messenger
[2012/09/16 16:42:06 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft ActiveSync
[2012/09/16 15:58:35 | 000,000,000 | ---D | M] -- C:\Program Files\microsoft frontpage
[2012/09/27 13:47:20 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Office
[2012/09/17 08:18:19 | 000,000,000 | ---D | M] -- C:\Program Files\Movie Maker
[2012/10/29 05:30:16 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox
[2012/09/27 13:47:13 | 000,000,000 | ---D | M] -- C:\Program Files\MSECache
[2012/09/16 15:55:12 | 000,000,000 | ---D | M] -- C:\Program Files\MSN
[2012/09/16 15:55:42 | 000,000,000 | ---D | M] -- C:\Program Files\MSN Gaming Zone
[2012/09/16 15:56:56 | 000,000,000 | ---D | M] -- C:\Program Files\NetMeeting
[2012/09/17 11:54:39 | 000,000,000 | ---D | M] -- C:\Program Files\O2Micro
[2012/09/16 15:55:49 | 000,000,000 | ---D | M] -- C:\Program Files\Online Services
[2012/09/17 08:18:48 | 000,000,000 | ---D | M] -- C:\Program Files\Outlook Express
[2012/09/23 19:28:14 | 000,000,000 | ---D | M] -- C:\Program Files\Real
[2012/09/17 11:57:04 | 000,000,000 | ---D | M] -- C:\Program Files\Realtek
[2012/11/06 08:25:41 | 000,000,000 | ---D | M] -- C:\Program Files\SUPERAntiSpyware
[2012/09/16 16:02:04 | 000,000,000 | -H-D | M] -- C:\Program Files\Uninstall Information
[2012/09/18 19:09:47 | 000,000,000 | ---D | M] -- C:\Program Files\uTorrent
[2012/09/16 15:58:15 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Media Player
[2012/09/16 15:55:35 | 000,000,000 | ---D | M] -- C:\Program Files\Windows NT
[2012/09/16 15:57:22 | 000,000,000 | -H-D | M] -- C:\Program Files\WindowsUpdate
[2012/09/16 15:58:35 | 000,000,000 | ---D | M] -- C:\Program Files\xerox
[2012/10/29 20:11:30 | 000,000,000 | ---D | M] -- C:\Program Files\Yahoo!
< %appdata%\*.* >
[2008/01/02 06:19:56 | 000,000,062 | -HS- | M] () -- C:\Documents and Settings\Dien Truong\Application Data\desktop.ini
< MD5 for: AFD.SYS >
[2011/08/17 03:49:54 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=1E44BC1E83D8FD2305F8D452DB109CF9 -- C:\WINDOWS\system32\dllcache\afd.sys
[2011/08/17 03:49:54 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=1E44BC1E83D8FD2305F8D452DB109CF9 -- C:\WINDOWS\system32\drivers\afd.sys
[2008/04/13 13:00:00 | 000,138,112 | ---- | M] (Microsoft Corporation) MD5=322D0E36693D6E24A2398BEE62A268CD -- C:\WINDOWS\$NtUninstallKB2509553$\afd.sys
[2008/10/16 05:07:58 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=38D7B715504DA4741DF35E3594FE2099 -- C:\WINDOWS\$hf_mig$\KB2509553\SP3QFE\afd.sys
[2008/10/16 04:43:01 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=7618D5218F2A614672EC61A80D854A37 -- C:\WINDOWS\$NtUninstallKB2592799$\afd.sys
[2011/08/17 03:41:46 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=F6B7B1ECD7B41736BDB6FF4B092BCB79 -- C:\WINDOWS\$hf_mig$\KB2592799\SP3QFE\afd.sys
< MD5 for: ATAPI.SYS >
[2008/04/13 13:00:00 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008/04/13 13:00:00 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
< MD5 for: CRYPTSVC.DLL >
[2008/04/13 13:00:00 | 000,062,464 | ---- | M] (Microsoft Corporation) MD5=3D4E199942E29207970E04315D02AD3B -- C:\WINDOWS\system32\cryptsvc.dll
[2008/04/13 13:00:00 | 000,062,464 | ---- | M] (Microsoft Corporation) MD5=3D4E199942E29207970E04315D02AD3B -- C:\WINDOWS\system32\dllcache\cryptsvc.dll
< MD5 for: DNSRSLVR.DLL >
[2008/04/13 13:00:00 | 000,045,568 | ---- | M] (Microsoft Corporation) MD5=474B4DC3983173E4B4C9740B0DAC98A6 -- C:\WINDOWS\$NtUninstallKB2509553$\dnsrslvr.dll
[2009/04/20 07:17:26 | 000,045,568 | ---- | M] (Microsoft Corporation) MD5=5F7E24FA9EAB896051FFB87F840730D2 -- C:\WINDOWS\system32\dllcache\dnsrslvr.dll
[2009/04/20 07:17:26 | 000,045,568 | ---- | M] (Microsoft Corporation) MD5=5F7E24FA9EAB896051FFB87F840730D2 -- C:\WINDOWS\system32\dnsrslvr.dll
[2009/04/20 07:06:44 | 000,045,568 | ---- | M] (Microsoft Corporation) MD5=D977659AE4D8ECE5286D99D1ED34614D -- C:\WINDOWS\$hf_mig$\KB2509553\SP3QFE\dnsrslvr.dll
< MD5 for: ES.DLL >
[2008/04/13 13:00:00 | 000,246,272 | ---- | M] (Microsoft Corporation) MD5=19A799805B24990867B00C120D300C3A -- C:\WINDOWS\$NtUninstallKB950974$\es.dll
[2008/07/07 10:26:58 | 000,253,952 | ---- | M] (Microsoft Corporation) MD5=D4991D98F2DB73C60D042F1AEF79EFAE -- C:\WINDOWS\system32\dllcache\es.dll
[2008/07/07 10:26:58 | 000,253,952 | ---- | M] (Microsoft Corporation) MD5=D4991D98F2DB73C60D042F1AEF79EFAE -- C:\WINDOWS\system32\es.dll
[2008/07/07 10:23:18 | 000,253,952 | ---- | M] (Microsoft Corporation) MD5=F17F6226BDC0CD5F0BEF0DAF84D29BEC -- C:\WINDOWS\$hf_mig$\KB950974\SP3QFE\es.dll
< MD5 for: EXPLORER.EXE >
[2008/04/13 13:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe
[2008/04/13 13:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\system32\dllcache\explorer.exe
< MD5 for: IPNATHLP.DLL >
[2008/04/13 13:00:00 | 000,331,264 | ---- | M] (Microsoft Corporation) MD5=83F41D0D89645D7235C051AB1D9523AC -- C:\WINDOWS\system32\dllcache\ipnathlp.dll
[2008/04/13 13:00:00 | 000,331,264 | ---- | M] (Microsoft Corporation) MD5=83F41D0D89645D7235C051AB1D9523AC -- C:\WINDOWS\system32\ipnathlp.dll
< MD5 for: IPSEC.SYS >
[2008/04/13 13:00:00 | 000,075,264 | ---- | M] (Microsoft Corporation) MD5=23C74D75E36E7158768DD63D92789A91 -- C:\WINDOWS\system32\dllcache\ipsec.sys
[2008/04/13 13:00:00 | 000,075,264 | ---- | M] (Microsoft Corporation) MD5=23C74D75E36E7158768DD63D92789A91 -- C:\WINDOWS\system32\drivers\ipsec.sys
< MD5 for: NETBT.SYS >
[2008/04/13 13:00:00 | 000,162,816 | ---- | M] (Microsoft Corporation) MD5=74B2B2F5BEA5E9A3DC021D685551BD3D -- C:\WINDOWS\system32\dllcache\netbt.sys
[2008/04/13 13:00:00 | 000,162,816 | ---- | M] (Microsoft Corporation) MD5=74B2B2F5BEA5E9A3DC021D685551BD3D -- C:\WINDOWS\system32\drivers\netbt.sys
< MD5 for: NETMAN.DLL >
[2008/04/13 13:00:00 | 000,198,144 | ---- | M] (Microsoft Corporation) MD5=13E67B55B3ABD7BF3FE7AAE5A0F9A9DE -- C:\WINDOWS\system32\dllcache\netman.dll
[2008/04/13 13:00:00 | 000,198,144 | ---- | M] (Microsoft Corporation) MD5=13E67B55B3ABD7BF3FE7AAE5A0F9A9DE -- C:\WINDOWS\system32\netman.dll
< MD5 for: QMGR.DLL >
[2008/04/13 13:00:00 | 000,409,088 | ---- | M] (Microsoft Corporation) MD5=574738F61FCA2935F5265DC4E5691314 -- C:\WINDOWS\system32\dllcache\qmgr.dll
[2008/04/13 13:00:00 | 000,409,088 | ---- | M] (Microsoft Corporation) MD5=574738F61FCA2935F5265DC4E5691314 -- C:\WINDOWS\system32\qmgr.dll
< MD5 for: RPCSS.DLL >
[2008/04/13 13:00:00 | 000,399,360 | ---- | M] (Microsoft Corporation) MD5=2589FE6015A316C0F5D5112B4DA7B509 -- C:\WINDOWS\$NtUninstallKB956572$\rpcss.dll
[2009/02/09 02:10:48 | 000,401,408 | ---- | M] (Microsoft Corporation) MD5=6B27A5C03DFB94B4245739065431322C -- C:\WINDOWS\system32\dllcache\rpcss.dll
[2009/02/09 02:10:48 | 000,401,408 | ---- | M] (Microsoft Corporation) MD5=6B27A5C03DFB94B4245739065431322C -- C:\WINDOWS\system32\rpcss.dll
[2009/02/09 00:56:36 | 000,401,408 | ---- | M] (Microsoft Corporation) MD5=9222562D44021B988B9F9F62207FB6F2 -- C:\WINDOWS\$hf_mig$\KB956572\SP3QFE\rpcss.dll
< MD5 for: SERVICES.EXE >
[2009/02/06 01:06:24 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=020CEAAEDC8EB655B6506B8C70D53BB6 -- C:\WINDOWS\$hf_mig$\KB956572\SP3QFE\services.exe
[2008/04/13 13:00:00 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=0E776ED5F7CC9F94299E70461B7B8185 -- C:\WINDOWS\$NtUninstallKB956572$\services.exe
[2009/02/06 01:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=65DF52F5B8B6E9BBD183505225C37315 -- C:\WINDOWS\system32\dllcache\services.exe
[2009/02/06 01:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=65DF52F5B8B6E9BBD183505225C37315 -- C:\WINDOWS\system32\services.exe
< MD5 for: SR.SYS >
[2008/04/13 13:00:00 | 000,073,472 | ---- | M] (Microsoft Corporation) MD5=76BB022C2FB6902FD5BDD4F78FC13A5D -- C:\WINDOWS\system32\dllcache\sr.sys
[2008/04/13 13:00:00 | 000,073,472 | ---- | M] (Microsoft Corporation) MD5=76BB022C2FB6902FD5BDD4F78FC13A5D -- C:\WINDOWS\system32\drivers\sr.sys
< MD5 for: SRSVC.DLL >
[2008/04/13 13:00:00 | 000,171,008 | ---- | M] (Microsoft Corporation) MD5=3805DF0AC4296A34BA4BF93B346CC378 -- C:\WINDOWS\system32\dllcache\srsvc.dll
[2008/04/13 13:00:00 | 000,171,008 | ---- | M] (Microsoft Corporation) MD5=3805DF0AC4296A34BA4BF93B346CC378 -- C:\WINDOWS\system32\srsvc.dll
< MD5 for: SVCHOST.EXE >
[2008/04/13 13:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\dllcache\svchost.exe
[2008/04/13 13:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\svchost.exe
[2012/09/29 19:54:26 | 000,218,184 | ---- | M] () MD5=8846E87210AD131CF71E3E2E49F647B0 -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\svchost.exe
< MD5 for: TCPIP.SYS >
[2008/04/13 13:00:00 | 000,361,344 | ---- | M] (Microsoft Corporation) MD5=93EA8D04EC73A85DB02EB8805988F733 -- C:\WINDOWS\$NtUninstallKB2509553$\tcpip.sys
[2008/06/20 01:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- C:\WINDOWS\system32\dllcache\tcpip.sys
[2008/06/20 01:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- C:\WINDOWS\system32\drivers\tcpip.sys
[2008/06/20 01:59:02 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=AD978A1B783B5719720CFF204B666C8E -- C:\WINDOWS\$hf_mig$\KB2509553\SP3QFE\tcpip.sys
< MD5 for: USERINIT.EXE >
[2008/04/13 13:00:00 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\dllcache\userinit.exe
[2008/04/13 13:00:00 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\userinit.exe
< MD5 for: VOLSNAP.SYS >
[2008/04/13 13:00:00 | 000,052,352 | ---- | M] (Microsoft Corporation) MD5=4C8FCB5CC53AAB716D810740FE59D025 -- C:\WINDOWS\system32\dllcache\volsnap.sys
[2008/04/13 13:00:00 | 000,052,352 | ---- | M] (Microsoft Corporation) MD5=4C8FCB5CC53AAB716D810740FE59D025 -- C:\WINDOWS\system32\drivers\volsnap.sys
< MD5 for: WINLOGON.EXE >
[2012/09/29 19:54:26 | 000,218,184 | ---- | M] () MD5=8846E87210AD131CF71E3E2E49F647B0 -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2008/04/13 13:00:00 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\dllcache\winlogon.exe
[2008/04/13 13:00:00 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\winlogon.exe
< MD5 for: WMISVC.DLL >
[2008/04/13 13:00:00 | 000,144,896 | ---- | M] (Microsoft Corporation) MD5=2D0E4ED081963804CCC196A0929275B5 -- C:\WINDOWS\system32\dllcache\wmisvc.dll
[2008/04/13 13:00:00 | 000,144,896 | ---- | M] (Microsoft Corporation) MD5=2D0E4ED081963804CCC196A0929275B5 -- C:\WINDOWS\system32\wbem\wmisvc.dll
< MD5 for: WSCSVC.DLL >
[2008/04/13 13:00:00 | 000,080,896 | ---- | M] (Microsoft Corporation) MD5=7C278E6408D1DCE642230C0585A854D5 -- C:\WINDOWS\system32\dllcache\wscsvc.dll
[2008/04/13 13:00:00 | 000,080,896 | ---- | M] (Microsoft Corporation) MD5=7C278E6408D1DCE642230C0585A854D5 -- C:\WINDOWS\system32\wscsvc.dll
< MD5 for: WUAUSERV.DLL >
[2008/04/13 13:00:00 | 000,006,656 | ---- | M] (Microsoft Corporation) MD5=35321FB577CDC98CE3EB3A3EB9E4610A -- C:\WINDOWS\system32\dllcache\wuauserv.dll
[2008/04/13 13:00:00 | 000,006,656 | ---- | M] (Microsoft Corporation) MD5=35321FB577CDC98CE3EB3A3EB9E4610A -- C:\WINDOWS\system32\wuauserv.dll
< >
< >
< End of report >
Thank you for your assistance.
Dien
I am infected with the babylon virus and maybe more.
I get a Wireless Configuration popup after restarting that says "Notification dll has not been registered, program will not work correctly". The system tray does not show the wireless connection or the ethernet connection. Also, clicking on network connection shows a blank page.
Here are test files of the OTL.txt (EXTRA.txt and adwCleaner.txt will be on 2 of 2 since files are too big to submit together :
OTL.txt
OTL logfile created on: 11/12/2012 2:53:54 PM - Run 1
OTL by OldTimer - Version 3.2.70.1 Folder = C:\Documents and Settings\Dien Truong\Desktop\Download
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
2.96 Gb Total Physical Memory | 2.44 Gb Available Physical Memory | 82.28% Memory free
4.80 Gb Paging File | 4.22 Gb Available in Paging File | 87.95% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232.84 Gb Total Space | 209.19 Gb Free Space | 89.84% Space Free | Partition Type: NTFS
Computer Name: DTRUONG-LAPTOP | User Name: Dien Truong | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2012/11/12 14:53:20 | 000,600,064 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Dien Truong\Desktop\Download\OTL.com
PRC - [2012/11/06 08:25:41 | 004,763,008 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
PRC - [2012/09/23 19:27:57 | 000,296,096 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\RealPlayer\Update\realsched.exe
PRC - [2012/09/17 10:36:53 | 000,148,520 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\mfevtps.exe
PRC - [2012/09/17 10:36:52 | 000,166,024 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
PRC - [2012/07/11 08:54:49 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCore.exe
PRC - [2012/05/25 04:25:02 | 006,595,928 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
PRC - [2011/09/14 20:08:00 | 000,215,360 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\shstat.exe
PRC - [2011/09/14 20:08:00 | 000,209,760 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe
PRC - [2011/09/14 20:08:00 | 000,033,648 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\mfeann.exe
PRC - [2011/05/19 16:05:00 | 000,185,664 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\naPrdMgr.exe
PRC - [2011/05/19 16:05:00 | 000,120,128 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\FrameworkService.exe
PRC - [2010/03/23 13:19:32 | 001,528,616 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
PRC - [2009/02/20 18:36:00 | 000,483,420 | ---- | M] (IDT, Inc.) -- C:\Program Files\IDT\WDM\sttray.exe
PRC - [2009/02/20 18:36:00 | 000,249,938 | ---- | M] (IDT, Inc.) -- c:\Program Files\IDT\XPV10_6147v005\WDM\stacsv.exe
PRC - [2009/01/08 11:55:00 | 000,072,224 | ---- | M] (O2Micro International) -- C:\WINDOWS\system32\drivers\o2flash.exe
PRC - [2008/11/09 10:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/09/02 20:49:28 | 000,365,864 | ---- | M] (Juniper Networks, Inc.) -- C:\Program Files\Juniper Networks\Odyssey Access Client\odClientService.exe
PRC - [2008/08/20 05:42:34 | 000,087,416 | ---- | M] (Juniper Networks) -- C:\Program Files\Common Files\Juniper Networks\JUNS\dsAccessService.exe
PRC - [2008/04/13 13:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
========== Modules (No Company Name) ==========
MOD - [2012/05/25 04:25:00 | 000,921,600 | ---- | M] () -- C:\Program Files\Yahoo!\Messenger\yui.dll
MOD - [2012/05/25 04:25:00 | 000,078,336 | ---- | M] () -- C:\Program Files\Yahoo!\Messenger\pcre.dll
MOD - [2011/11/03 05:28:36 | 001,292,288 | ---- | M] () -- C:\WINDOWS\system32\quartz.dll
MOD - [2011/05/19 16:05:00 | 000,070,976 | ---- | M] () -- C:\Program Files\McAfee\Common Framework\boost_thread-vc80-mt-1_32.dll
MOD - [2010/03/23 13:26:48 | 000,201,512 | ---- | M] () -- C:\WINDOWS\system32\vpnapi.dll
MOD - [2008/10/24 13:00:12 | 000,753,664 | ---- | M] () -- C:\WINDOWS\system32\bcm1xsup.dll
MOD - [2008/04/13 13:00:00 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll
MOD - [2008/04/13 13:00:00 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2007/04/18 20:30:46 | 000,471,040 | ---- | M] () -- C:\Program Files\McAfee\Common Framework\ccme_base.dll
MOD - [2007/04/18 20:30:46 | 000,393,216 | ---- | M] () -- C:\Program Files\McAfee\Common Framework\cryptocme2.dll
========== Services (SafeList) ==========
SRV - [2012/11/03 23:19:23 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/09/17 10:36:53 | 000,148,520 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\WINDOWS\system32\mfevtps.exe -- (mfevtp)
SRV - [2012/09/17 10:36:52 | 000,166,024 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe -- (McShield)
SRV - [2012/07/11 08:54:49 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore.exe -- (!SASCORE)
SRV - [2011/09/14 20:08:00 | 000,209,760 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe -- (McTaskManager)
SRV - [2011/05/19 16:05:00 | 000,120,128 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\Common Framework\FrameworkService.exe -- (McAfeeFramework)
SRV - [2010/03/23 13:19:32 | 001,528,616 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND)
SRV - [2009/02/20 18:36:00 | 000,249,938 | ---- | M] (IDT, Inc.) [Auto | Running] -- c:\Program Files\IDT\XPV10_6147v005\WDM\stacsv.exe -- (STacSV)
SRV - [2009/01/08 11:55:00 | 000,072,224 | ---- | M] (O2Micro International) [Auto | Running] -- C:\WINDOWS\system32\drivers\o2flash.exe -- (O2FLASH)
SRV - [2008/11/09 10:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/09/02 20:49:28 | 000,365,864 | ---- | M] (Juniper Networks, Inc.) [Auto | Running] -- C:\Program Files\Juniper Networks\Odyssey Access Client\odClientService.exe -- (odClientService)
SRV - [2008/09/02 20:06:52 | 000,116,008 | ---- | M] (Juniper Networks) [On_Demand | Stopped] -- C:\Program Files\Common Files\Juniper Networks\TNC Client\jTnccService.exe -- (EacService)
SRV - [2008/08/20 05:42:34 | 000,087,416 | ---- | M] (Juniper Networks) [Auto | Running] -- C:\Program Files\Common Files\Juniper Networks\JUNS\dsAccessService.exe -- (JuniperAccessService)
========== Driver Services (SafeList) ==========
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | On_Demand | Unknown] -- -- (mfeavfk01)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | Boot | Stopped] -- -- (cerc6)
DRV - [2012/09/17 10:36:53 | 000,089,624 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\mfetdi2k.sys -- (mfetdi2k)
DRV - [2012/09/17 10:36:53 | 000,087,808 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mferkdet.sys -- (mferkdet)
DRV - [2012/09/17 10:36:52 | 000,461,864 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2012/09/17 10:36:52 | 000,180,072 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2012/09/17 10:36:52 | 000,119,968 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfeapfk.sys -- (mfeapfk)
DRV - [2012/09/17 10:36:52 | 000,059,288 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2011/07/22 06:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011/07/12 11:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/03/23 13:15:36 | 000,308,859 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\CVPNDRVA.sys -- (CVPNDRVA)
DRV - [2009/02/20 18:36:00 | 001,548,339 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2009/02/20 18:35:00 | 000,112,512 | ---- | M] (Andrea Electronics Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AESTAud.sys -- (AESTAud)
DRV - [2009/02/02 15:54:00 | 000,120,064 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2009/01/08 11:55:00 | 000,051,616 | ---- | M] (O2Micro ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\o2mdg.sys -- (O2MDGRDR)
DRV - [2009/01/08 11:55:00 | 000,041,760 | ---- | M] (O2Micro ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\o2sdg.sys -- (O2SDGRDR)
DRV - [2008/11/16 18:39:44 | 000,131,984 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\dne2000.sys -- (DNE)
DRV - [2008/10/24 13:00:32 | 001,287,552 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2008/09/02 19:43:10 | 000,282,496 | ---- | M] (Juniper Networks, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\odFIPS2.sys -- (odFips2)
DRV - [2008/09/02 19:43:10 | 000,009,856 | ---- | M] (Juniper Networks, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\odFIPS.sys -- (odFips)
DRV - [2008/08/26 11:43:32 | 000,390,528 | ---- | M] (Juniper Networks, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\jnprna.sys -- (jnprna)
DRV - [2008/08/26 11:43:32 | 000,029,312 | ---- | M] (Juniper Networks, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\jnprvamgr.sys -- (JnprVaMgr)
DRV - [2007/11/14 19:05:16 | 000,394,952 | ---- | M] (Zone Labs, LLC) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\vsdatant.sys -- (vsdatant)
DRV - [2007/01/18 20:28:02 | 000,005,275 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CVirtA.sys -- (CVirtA)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{62DE0E27-4541-4078-B47C-7E08B6C6DABE}: "URL" = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.6.14: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.6.14: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.6.14: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.6.14: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=15.0.6.14: C:\Program Files\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{D19CA586-DD6C-4a0a-96F8-14644F340D60}: C:\Program Files\Common Files\McAfee\SystemCore [2012/11/12 14:32:32 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{0153E448-190B-4987-BDE1-F256CADA672F}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/09/23 19:28:09 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\statuswinks@StatusWinks: C:\Documents and Settings\Dien Truong\Application Data\Mozilla\Extensions\statuswinks@StatusWinks [2012/10/29 05:30:52 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\statuswinks@StatusWinks: C:\Documents and Settings\Dien Truong\Application Data\Mozilla\Extensions\statuswinks@StatusWinks [2012/10/29 05:30:52 | 000,000,000 | ---D | M]
[2012/10/29 05:30:52 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Dien Truong\Application Data\Mozilla\Extensions
[2012/10/29 05:30:52 | 000,000,000 | ---D | M] (Smiley Bar for Facebook) -- C:\Documents and Settings\Dien Truong\Application Data\Mozilla\Extensions\statuswinks@StatusWinks
[2012/10/29 05:30:16 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
========== Chrome ==========
CHR - homepage: http://www.google.com/
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: http://www.google.com/
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\22.0.1229.96\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\22.0.1229.96\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\22.0.1229.96\pdf.dll
CHR - plugin: Conduit Chrome Plugin (Enabled) = C:\Documents and Settings\Dien Truong\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda\2.3.15.10_0\plugins/ConduitChromeApiPlugin.dll
CHR - plugin: Conduit Radio Plugin (Enabled) = C:\Documents and Settings\Dien Truong\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fgkbmedckhcibhkdhaokebnllokeokek\10.11.21.5_0\plugins/np-cwmp.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.230.5 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U23 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: RealNetworks(tm) Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
CHR - plugin: RealPlayer(tm) HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll
CHR - plugin: RealPlayer Download Plugin (Enabled) = C:\Program Files\Real\RealPlayer\Netscape6\nprpplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll
CHR - Extension: YouTube = C:\Documents and Settings\Dien Truong\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Documents and Settings\Dien Truong\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: uTorrentControl_v2 = C:\Documents and Settings\Dien Truong\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda\2.3.15.10_0\
CHR - Extension: InternetHelper1.5 = C:\Documents and Settings\Dien Truong\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fgkbmedckhcibhkdhaokebnllokeokek\10.11.21.5_0\
CHR - Extension: Smiley Bar for Facebook = C:\Documents and Settings\Dien Truong\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\hgojaaaiddhmiiakpejiklijbalpckih\1.0.0.3_0\
CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Documents and Settings\Dien Truong\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0\
CHR - Extension: Gmail = C:\Documents and Settings\Dien Truong\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
O1 HOSTS File: ([2008/04/13 13:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (no name) - {2EECD738-5844-4a99-B4B6-146BF802613B} - No CLSID value found.
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20120917103712.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (no name) - {98889811-442D-49dd-99D7-DC866BE87DBC} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O4 - HKLM..\Run: [Adobe ARM] FILES\ADOBE\ARM\1.0\ADOBEARM.EXE" File not found
O4 - HKLM..\Run: [AESTFltr] ODLG File not found
O4 - HKLM..\Run: [Broadcom Wireless Manager UI] DOWS\SYSTEM32\WLTRAY.EXE File not found
O4 - HKLM..\Run: [HotKeysCmds] DOWS\SYSTEM32\HKCMD.EXE File not found
O4 - HKLM..\Run: [IgfxTray] DOWS\SYSTEM32\IGFXTRAY.EXE File not found
O4 - HKLM..\Run: [McAfeeUpdaterUI] KEY File not found
O4 - HKLM..\Run: [OdTray.exe] T\ODTRAY.EXE File not found
O4 - HKLM..\Run: [Persistence] DOWS\SYSTEM32\IGFXPERS.EXE File not found
O4 - HKLM..\Run: [ShStatEXE] E File not found
O4 - HKLM..\Run: [SunJavaUpdateSched] FILES\JAVA\JAVA UPDATE\JUSCHED.EXE" File not found
O4 - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKCU..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\VPN Client.lnk = C:\WINDOWS\Installer\{B0BF7057-6869-4E4B-920C-EA2A58DA07F0}\Icon3E5562ED7.ico ()
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - mswsock.dll File not found
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1347905104810 (WUWebControl Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://javadl-esd.oracle.com/update/1.6.0/jinstall-6u23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} https://juniper.net/dana-cached/setup/JuniperSetupSP1.cab (JuniperSetupControlXP Class)
O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://juniper.net/dana-cached/sc/JuniperSetupClient.cab (JuniperSetupClientControl Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A7F2F06C-3DE3-44CE-A454-2E092A02D0FB}: DhcpNameServer = 192.168.1.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\WINDOWS\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Dien Truong\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Dien Truong\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2012/09/16 15:58:16 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{1effa95a-0121-11e2-b5e2-701a04427680}\Shell - "" = AutoRun
O33 - MountPoints2\{1effa95a-0121-11e2-b5e2-701a04427680}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{1effa95a-0121-11e2-b5e2-701a04427680}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
SafeBootMin: !SASCORE - C:\Program Files\SUPERAntiSpyware\SASCore.exe (SUPERAntiSpyware.com)
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: SRService - Service
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {5056b317-8d4c-43ee-8543-b9d1e234b8f4} - Security Update for Windows XP (KB923789)
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Web Folders
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {ACC563BC-4266-43f0-B6ED-9D38C4202C7E} -
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax ()
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll ()
NetSvcs: 6to4 - File not found
NetSvcs: EventSystem - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: Sharedaccess - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: BITS - File not found
NetSvcs: helpsvc - File not found
NetSvcs: WmdmPmSN - File not found
CREATERESTOREPOINT
Unable to start System Restore Service. Error code 2
========== Files/Folders - Created Within 30 Days ==========
[2012/11/12 13:33:16 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Dien Truong\Start Menu\Programs\Administrative Tools
[2012/11/12 13:33:12 | 000,000,000 | -H-D | C] -- C:\WINDOWS\System32\GroupPolicy
[2012/11/12 10:50:06 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012/11/12 08:18:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dien Truong\Application Data\Malwarebytes
[2012/11/12 08:17:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2012/11/12 08:17:52 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012/11/12 08:17:51 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/11/11 08:54:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dien Truong\Application Data\RealNetworks
[2012/11/06 22:07:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dien Truong\Application Data\Media Player Lite
[2012/11/06 22:06:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dien Truong\Start Menu\Programs\MediaPlayerLite
[2012/11/06 22:06:48 | 000,000,000 | ---D | C] -- C:\Program Files\MediaPlayerLite
[2012/11/04 20:19:04 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\appmgmt
[2012/11/04 00:01:37 | 000,000,000 | -HSD | C] -- C:\WINDOWS\assembly
[2012/11/04 00:01:31 | 000,000,000 | ---D | C] -- C:\QUARANTINE
[2012/10/29 20:11:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Yahoo! Messenger
[2012/10/29 05:30:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dien Truong\Application Data\StatusWinks
[2012/10/29 05:30:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dien Truong\Application Data\Mozilla
[2012/10/29 05:30:16 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2012/10/29 05:30:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dien Truong\Start Menu\Programs\Haali Media Splitter
[2012/10/29 05:30:13 | 000,000,000 | ---D | C] -- C:\Program Files\Haali
[2012/10/29 05:30:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dien Truong\Application Data\Babylon
[2012/10/29 05:30:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Babylon
[2012/10/29 05:30:02 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\searchplugins
[2012/10/29 05:30:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dien Truong\Start Menu\Programs\ffdshow
[2012/10/29 05:30:02 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Extensions
[2012/10/22 08:39:02 | 009,575,864 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerInstaller.exe
[2008/08/20 05:39:32 | 000,069,632 | ---- | C] (Juniper Networks) -- C:\Documents and Settings\All Users\Application Data\NeoterisSetup.ocx
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2012/11/12 14:39:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012/11/12 14:32:32 | 000,002,447 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\VPN Client.lnk
[2012/11/12 14:32:28 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/11/12 14:32:27 | 000,000,290 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1644491937-1343024091-1801674531-1003.job
[2012/11/12 14:32:20 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/11/12 13:11:43 | 000,000,434 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{53D556AE-5E4D-453A-B96D-52D4735E00A6}.job
[2012/11/12 11:03:13 | 000,001,441 | ---- | M] () -- C:\scu.dat
[2012/11/12 08:17:57 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/11/11 21:36:14 | 000,000,298 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1644491937-1343024091-1801674531-1003.job
[2012/11/09 16:07:43 | 000,020,200 | ---- | M] () -- C:\Documents and Settings\Dien Truong\Desktop\MAP Loading Dock.pdf
[2012/11/09 09:21:57 | 000,860,774 | ---- | M] () -- C:\Documents and Settings\Dien Truong\Desktop\Veeder Root TLS350.pdf
[2012/11/08 05:33:06 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/11/07 17:04:54 | 000,136,019 | ---- | M] () -- C:\Documents and Settings\Dien Truong\Desktop\Drawing Relocate Light Fixture.pdf
[2012/11/06 23:25:53 | 000,005,632 | ---- | M] () -- C:\Documents and Settings\Dien Truong\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/11/06 22:06:50 | 000,001,572 | ---- | M] () -- C:\Documents and Settings\Dien Truong\Desktop\MediaPlayerLite.lnk
[2012/11/03 23:19:22 | 000,696,760 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2012/11/03 23:19:22 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2012/11/02 14:00:05 | 000,051,899 | ---- | M] () -- C:\Documents and Settings\Dien Truong\Desktop\BSB140 New Receptacle.pdf
[2012/11/02 11:04:18 | 000,031,448 | ---- | M] () -- C:\Documents and Settings\Dien Truong\Desktop\Submeter Reading 11-1-2012.pdf
[2012/11/02 08:55:50 | 000,291,494 | ---- | M] () -- C:\Documents and Settings\Dien Truong\Desktop\Bubbletight Damper drwg.pdf
[2012/10/31 16:11:39 | 000,059,767 | ---- | M] () -- C:\Documents and Settings\Dien Truong\Desktop\JABSOM Quality Improvement _ Fire Sprinkler Incident Report -162AA.pdf
[2012/10/31 13:31:59 | 000,558,133 | ---- | M] () -- C:\WINDOWS\System32\sqlite3.dll
[2012/10/29 20:11:31 | 000,000,820 | ---- | M] () -- C:\Documents and Settings\Dien Truong\Application Data\Microsoft\Internet Explorer\Quick Launch\Yahoo! Messenger.lnk
[2012/10/29 20:11:31 | 000,000,802 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Yahoo! Messenger.lnk
[2012/10/28 20:13:25 | 000,000,804 | ---- | M] () -- C:\Documents and Settings\Dien Truong\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2012/10/26 16:35:33 | 000,197,175 | ---- | M] () -- C:\Documents and Settings\Dien Truong\My Documents\Basis of design.pdf
[2012/10/25 09:57:47 | 000,065,703 | ---- | M] () -- C:\Documents and Settings\Dien Truong\My Documents\CPI PO001.pdf
[2012/10/23 08:13:02 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/10/22 08:39:02 | 009,575,864 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerInstaller.exe
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
========== Files Created - No Company Name ==========
[2012/11/12 11:01:07 | 000,001,441 | ---- | C] () -- C:\scu.dat
[2012/11/12 08:17:57 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/11/09 16:07:43 | 000,020,200 | ---- | C] () -- C:\Documents and Settings\Dien Truong\Desktop\MAP Loading Dock.pdf
[2012/11/09 09:21:57 | 000,860,774 | ---- | C] () -- C:\Documents and Settings\Dien Truong\Desktop\Veeder Root TLS350.pdf
[2012/11/08 05:32:36 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/11/07 17:04:52 | 000,136,019 | ---- | C] () -- C:\Documents and Settings\Dien Truong\Desktop\Drawing Relocate Light Fixture.pdf
[2012/11/06 22:06:50 | 000,001,572 | ---- | C] () -- C:\Documents and Settings\Dien Truong\Desktop\MediaPlayerLite.lnk
[2012/11/02 14:00:05 | 000,051,899 | ---- | C] () -- C:\Documents and Settings\Dien Truong\Desktop\BSB140 New Receptacle.pdf
[2012/11/02 11:04:18 | 000,031,448 | ---- | C] () -- C:\Documents and Settings\Dien Truong\Desktop\Submeter Reading 11-1-2012.pdf
[2012/11/02 08:55:50 | 000,291,494 | ---- | C] () -- C:\Documents and Settings\Dien Truong\Desktop\Bubbletight Damper drwg.pdf
[2012/10/31 16:11:39 | 000,059,767 | ---- | C] () -- C:\Documents and Settings\Dien Truong\Desktop\JABSOM Quality Improvement _ Fire Sprinkler Incident Report -162AA.pdf
[2012/10/31 13:32:19 | 000,558,133 | ---- | C] () -- C:\WINDOWS\System32\sqlite3.dll
[2012/10/29 20:11:31 | 000,000,820 | ---- | C] () -- C:\Documents and Settings\Dien Truong\Application Data\Microsoft\Internet Explorer\Quick Launch\Yahoo! Messenger.lnk
[2012/10/29 20:11:31 | 000,000,802 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Yahoo! Messenger.lnk
[2012/10/28 20:13:25 | 000,000,804 | ---- | C] () -- C:\Documents and Settings\Dien Truong\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2012/10/28 20:13:07 | 000,005,632 | ---- | C] () -- C:\Documents and Settings\Dien Truong\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/10/26 16:35:32 | 000,197,175 | ---- | C] () -- C:\Documents and Settings\Dien Truong\My Documents\Basis of design.pdf
[2012/10/25 09:57:47 | 000,065,703 | ---- | C] () -- C:\Documents and Settings\Dien Truong\My Documents\CPI PO001.pdf
[2012/09/19 11:12:10 | 000,229,888 | ---- | C] () -- C:\Documents and Settings\Dien Truong\DataRefreshUI_5.2.0.5400.dll
[2012/09/17 13:45:21 | 000,009,842 | ---- | C] () -- C:\WINDOWS\hpdj6122.ini
[2012/09/17 12:07:05 | 002,026,604 | ---- | C] () -- C:\WINDOWS\System32\igkrng500.bin
[2012/09/17 12:07:04 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v5016.dll
[2012/09/17 12:07:03 | 000,442,964 | ---- | C] () -- C:\WINDOWS\System32\igcompkrng500.bin
[2012/09/17 08:14:36 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/09/17 07:52:08 | 000,753,664 | ---- | C] () -- C:\WINDOWS\System32\bcm1xsup.dll
[2012/09/17 07:52:08 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\preflib.dll
[2012/09/17 07:52:08 | 000,024,064 | ---- | C] () -- C:\WINDOWS\System32\WLTRYSVC.EXE
[2012/09/16 16:42:24 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2012/09/16 16:00:01 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2012/09/16 15:55:56 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
========== ZeroAccess Check ==========
[2012/11/04 00:01:32 | 000,000,000 | -HSD | M] -- C:\RECYCLER\S-1-5-18\$6840a5f7fe6b3ce7f077dd10851581a7\L
[2012/11/04 00:01:32 | 000,000,000 | -HSD | M] -- C:\RECYCLER\S-1-5-18\$6840a5f7fe6b3ce7f077dd10851581a7\U
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2012/06/28 11:33:05 | 001,510,400 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %SystemRoot%\system32\wbem\fastprox.dll -- [2009/02/09 02:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008/04/13 13:00:00 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
========== Custom Scans ==========
< %AppData%\Roaming\Mozilla\Firefox\Profiles\*.default\extensions\ /s /md5 >
< %AppData%\Local\ >
< %systemroot%\system32\sysprep >
< *.xpi /md5 >
< %systemroot%\Downloaded Program Files\ >
< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile >
< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2012/08/28 02:07:34 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2012/08/28 02:07:34 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2012/08/28 02:07:34 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
< hklm\software\clients\startmenuinternet|command /64 /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2012/08/28 02:07:34 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2012/08/28 02:07:34 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2012/08/28 02:07:34 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
< %systemroot%\system32\drivers\*.sys /lockedfiles >
< %systemroot%\system32\drivers\*.sys /90 >
[2012/09/29 19:54:26 | 000,022,856 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\system32\drivers\mbam.sys
[2012/09/17 10:36:52 | 000,119,968 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\drivers\mfeapfk.sys
[2012/09/17 10:36:52 | 000,180,072 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\drivers\mfeavfk.sys
[2012/09/17 10:36:52 | 000,059,288 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\drivers\mfebopk.sys
[2012/09/17 10:36:52 | 000,009,344 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\drivers\mfeclnk.sys
[2012/09/17 10:36:52 | 000,461,864 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\drivers\mfehidk.sys
[2012/09/17 10:36:53 | 000,087,808 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\drivers\mferkdet.sys
[2012/09/17 10:36:53 | 000,089,624 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\drivers\mfetdi2k.sys
< %systemroot%\System32\config\*.sav >
[2008/01/02 06:18:37 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav
[2008/01/02 06:18:37 | 001,089,536 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav
[2008/01/02 06:18:37 | 000,925,696 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav
< %SYSTEMDRIVE%\*.exe /md5 >
< "%WinDir%\$NtUninstallKB*$." /30 >
< %systemdrive%\Program Files\Common Files\ComObjects\*.* /s >
< %systemroot%\*. /mp /s >
< %systemroot%\*. /rp /s >
< %systemroot%\system32\*.dll /lockedfiles >
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]
< %systemroot%\Tasks\*.job /lockedfiles >
< %systemroot%\Installer\ /s >
< %systemroot%\system32\Cache\ /s >
< %systemroot%\system32\config\systemprofile\ /s >
< %PROGRAMFILES%\*. >
[2012/09/18 11:27:37 | 000,000,000 | ---D | M] -- C:\Program Files\Adobe
[2012/09/17 11:07:10 | 000,000,000 | ---D | M] -- C:\Program Files\Cisco Systems
[2012/09/23 19:28:12 | 000,000,000 | ---D | M] -- C:\Program Files\Common Files
[2012/09/16 15:55:54 | 000,000,000 | ---D | M] -- C:\Program Files\ComPlus Applications
[2012/09/18 19:10:02 | 000,000,000 | ---D | M] -- C:\Program Files\Conduit
[2012/09/17 07:52:08 | 000,000,000 | ---D | M] -- C:\Program Files\Dell
[2012/11/12 10:50:06 | 000,000,000 | ---D | M] -- C:\Program Files\ESET
[2012/11/12 11:31:33 | 000,000,000 | ---D | M] -- C:\Program Files\Google
[2012/10/29 05:30:13 | 000,000,000 | ---D | M] -- C:\Program Files\Haali
[2012/09/17 17:06:28 | 000,000,000 | ---D | M] -- C:\Program Files\Hewlett-Packard
[2012/09/17 12:03:58 | 000,000,000 | ---D | M] -- C:\Program Files\IDT
[2012/09/17 12:03:01 | 000,000,000 | -H-D | M] -- C:\Program Files\InstallShield Installation Information
[2012/09/17 13:10:49 | 000,000,000 | ---D | M] -- C:\Program Files\Intel
[2012/09/22 06:18:39 | 000,000,000 | ---D | M] -- C:\Program Files\Internet Explorer
[2012/09/17 22:22:54 | 000,000,000 | ---D | M] -- C:\Program Files\Java
[2012/09/17 11:00:04 | 000,000,000 | ---D | M] -- C:\Program Files\Juniper Networks
[2012/11/12 08:17:57 | 000,000,000 | ---D | M] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/09/17 10:36:39 | 000,000,000 | ---D | M] -- C:\Program Files\McAfee
[2012/11/06 22:06:50 | 000,000,000 | ---D | M] -- C:\Program Files\MediaPlayerLite
[2012/09/17 08:16:06 | 000,000,000 | ---D | M] -- C:\Program Files\Messenger
[2012/09/16 16:42:06 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft ActiveSync
[2012/09/16 15:58:35 | 000,000,000 | ---D | M] -- C:\Program Files\microsoft frontpage
[2012/09/27 13:47:20 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Office
[2012/09/17 08:18:19 | 000,000,000 | ---D | M] -- C:\Program Files\Movie Maker
[2012/10/29 05:30:16 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox
[2012/09/27 13:47:13 | 000,000,000 | ---D | M] -- C:\Program Files\MSECache
[2012/09/16 15:55:12 | 000,000,000 | ---D | M] -- C:\Program Files\MSN
[2012/09/16 15:55:42 | 000,000,000 | ---D | M] -- C:\Program Files\MSN Gaming Zone
[2012/09/16 15:56:56 | 000,000,000 | ---D | M] -- C:\Program Files\NetMeeting
[2012/09/17 11:54:39 | 000,000,000 | ---D | M] -- C:\Program Files\O2Micro
[2012/09/16 15:55:49 | 000,000,000 | ---D | M] -- C:\Program Files\Online Services
[2012/09/17 08:18:48 | 000,000,000 | ---D | M] -- C:\Program Files\Outlook Express
[2012/09/23 19:28:14 | 000,000,000 | ---D | M] -- C:\Program Files\Real
[2012/09/17 11:57:04 | 000,000,000 | ---D | M] -- C:\Program Files\Realtek
[2012/11/06 08:25:41 | 000,000,000 | ---D | M] -- C:\Program Files\SUPERAntiSpyware
[2012/09/16 16:02:04 | 000,000,000 | -H-D | M] -- C:\Program Files\Uninstall Information
[2012/09/18 19:09:47 | 000,000,000 | ---D | M] -- C:\Program Files\uTorrent
[2012/09/16 15:58:15 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Media Player
[2012/09/16 15:55:35 | 000,000,000 | ---D | M] -- C:\Program Files\Windows NT
[2012/09/16 15:57:22 | 000,000,000 | -H-D | M] -- C:\Program Files\WindowsUpdate
[2012/09/16 15:58:35 | 000,000,000 | ---D | M] -- C:\Program Files\xerox
[2012/10/29 20:11:30 | 000,000,000 | ---D | M] -- C:\Program Files\Yahoo!
< %appdata%\*.* >
[2008/01/02 06:19:56 | 000,000,062 | -HS- | M] () -- C:\Documents and Settings\Dien Truong\Application Data\desktop.ini
< MD5 for: AFD.SYS >
[2011/08/17 03:49:54 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=1E44BC1E83D8FD2305F8D452DB109CF9 -- C:\WINDOWS\system32\dllcache\afd.sys
[2011/08/17 03:49:54 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=1E44BC1E83D8FD2305F8D452DB109CF9 -- C:\WINDOWS\system32\drivers\afd.sys
[2008/04/13 13:00:00 | 000,138,112 | ---- | M] (Microsoft Corporation) MD5=322D0E36693D6E24A2398BEE62A268CD -- C:\WINDOWS\$NtUninstallKB2509553$\afd.sys
[2008/10/16 05:07:58 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=38D7B715504DA4741DF35E3594FE2099 -- C:\WINDOWS\$hf_mig$\KB2509553\SP3QFE\afd.sys
[2008/10/16 04:43:01 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=7618D5218F2A614672EC61A80D854A37 -- C:\WINDOWS\$NtUninstallKB2592799$\afd.sys
[2011/08/17 03:41:46 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=F6B7B1ECD7B41736BDB6FF4B092BCB79 -- C:\WINDOWS\$hf_mig$\KB2592799\SP3QFE\afd.sys
< MD5 for: ATAPI.SYS >
[2008/04/13 13:00:00 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008/04/13 13:00:00 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
< MD5 for: CRYPTSVC.DLL >
[2008/04/13 13:00:00 | 000,062,464 | ---- | M] (Microsoft Corporation) MD5=3D4E199942E29207970E04315D02AD3B -- C:\WINDOWS\system32\cryptsvc.dll
[2008/04/13 13:00:00 | 000,062,464 | ---- | M] (Microsoft Corporation) MD5=3D4E199942E29207970E04315D02AD3B -- C:\WINDOWS\system32\dllcache\cryptsvc.dll
< MD5 for: DNSRSLVR.DLL >
[2008/04/13 13:00:00 | 000,045,568 | ---- | M] (Microsoft Corporation) MD5=474B4DC3983173E4B4C9740B0DAC98A6 -- C:\WINDOWS\$NtUninstallKB2509553$\dnsrslvr.dll
[2009/04/20 07:17:26 | 000,045,568 | ---- | M] (Microsoft Corporation) MD5=5F7E24FA9EAB896051FFB87F840730D2 -- C:\WINDOWS\system32\dllcache\dnsrslvr.dll
[2009/04/20 07:17:26 | 000,045,568 | ---- | M] (Microsoft Corporation) MD5=5F7E24FA9EAB896051FFB87F840730D2 -- C:\WINDOWS\system32\dnsrslvr.dll
[2009/04/20 07:06:44 | 000,045,568 | ---- | M] (Microsoft Corporation) MD5=D977659AE4D8ECE5286D99D1ED34614D -- C:\WINDOWS\$hf_mig$\KB2509553\SP3QFE\dnsrslvr.dll
< MD5 for: ES.DLL >
[2008/04/13 13:00:00 | 000,246,272 | ---- | M] (Microsoft Corporation) MD5=19A799805B24990867B00C120D300C3A -- C:\WINDOWS\$NtUninstallKB950974$\es.dll
[2008/07/07 10:26:58 | 000,253,952 | ---- | M] (Microsoft Corporation) MD5=D4991D98F2DB73C60D042F1AEF79EFAE -- C:\WINDOWS\system32\dllcache\es.dll
[2008/07/07 10:26:58 | 000,253,952 | ---- | M] (Microsoft Corporation) MD5=D4991D98F2DB73C60D042F1AEF79EFAE -- C:\WINDOWS\system32\es.dll
[2008/07/07 10:23:18 | 000,253,952 | ---- | M] (Microsoft Corporation) MD5=F17F6226BDC0CD5F0BEF0DAF84D29BEC -- C:\WINDOWS\$hf_mig$\KB950974\SP3QFE\es.dll
< MD5 for: EXPLORER.EXE >
[2008/04/13 13:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe
[2008/04/13 13:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\system32\dllcache\explorer.exe
< MD5 for: IPNATHLP.DLL >
[2008/04/13 13:00:00 | 000,331,264 | ---- | M] (Microsoft Corporation) MD5=83F41D0D89645D7235C051AB1D9523AC -- C:\WINDOWS\system32\dllcache\ipnathlp.dll
[2008/04/13 13:00:00 | 000,331,264 | ---- | M] (Microsoft Corporation) MD5=83F41D0D89645D7235C051AB1D9523AC -- C:\WINDOWS\system32\ipnathlp.dll
< MD5 for: IPSEC.SYS >
[2008/04/13 13:00:00 | 000,075,264 | ---- | M] (Microsoft Corporation) MD5=23C74D75E36E7158768DD63D92789A91 -- C:\WINDOWS\system32\dllcache\ipsec.sys
[2008/04/13 13:00:00 | 000,075,264 | ---- | M] (Microsoft Corporation) MD5=23C74D75E36E7158768DD63D92789A91 -- C:\WINDOWS\system32\drivers\ipsec.sys
< MD5 for: NETBT.SYS >
[2008/04/13 13:00:00 | 000,162,816 | ---- | M] (Microsoft Corporation) MD5=74B2B2F5BEA5E9A3DC021D685551BD3D -- C:\WINDOWS\system32\dllcache\netbt.sys
[2008/04/13 13:00:00 | 000,162,816 | ---- | M] (Microsoft Corporation) MD5=74B2B2F5BEA5E9A3DC021D685551BD3D -- C:\WINDOWS\system32\drivers\netbt.sys
< MD5 for: NETMAN.DLL >
[2008/04/13 13:00:00 | 000,198,144 | ---- | M] (Microsoft Corporation) MD5=13E67B55B3ABD7BF3FE7AAE5A0F9A9DE -- C:\WINDOWS\system32\dllcache\netman.dll
[2008/04/13 13:00:00 | 000,198,144 | ---- | M] (Microsoft Corporation) MD5=13E67B55B3ABD7BF3FE7AAE5A0F9A9DE -- C:\WINDOWS\system32\netman.dll
< MD5 for: QMGR.DLL >
[2008/04/13 13:00:00 | 000,409,088 | ---- | M] (Microsoft Corporation) MD5=574738F61FCA2935F5265DC4E5691314 -- C:\WINDOWS\system32\dllcache\qmgr.dll
[2008/04/13 13:00:00 | 000,409,088 | ---- | M] (Microsoft Corporation) MD5=574738F61FCA2935F5265DC4E5691314 -- C:\WINDOWS\system32\qmgr.dll
< MD5 for: RPCSS.DLL >
[2008/04/13 13:00:00 | 000,399,360 | ---- | M] (Microsoft Corporation) MD5=2589FE6015A316C0F5D5112B4DA7B509 -- C:\WINDOWS\$NtUninstallKB956572$\rpcss.dll
[2009/02/09 02:10:48 | 000,401,408 | ---- | M] (Microsoft Corporation) MD5=6B27A5C03DFB94B4245739065431322C -- C:\WINDOWS\system32\dllcache\rpcss.dll
[2009/02/09 02:10:48 | 000,401,408 | ---- | M] (Microsoft Corporation) MD5=6B27A5C03DFB94B4245739065431322C -- C:\WINDOWS\system32\rpcss.dll
[2009/02/09 00:56:36 | 000,401,408 | ---- | M] (Microsoft Corporation) MD5=9222562D44021B988B9F9F62207FB6F2 -- C:\WINDOWS\$hf_mig$\KB956572\SP3QFE\rpcss.dll
< MD5 for: SERVICES.EXE >
[2009/02/06 01:06:24 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=020CEAAEDC8EB655B6506B8C70D53BB6 -- C:\WINDOWS\$hf_mig$\KB956572\SP3QFE\services.exe
[2008/04/13 13:00:00 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=0E776ED5F7CC9F94299E70461B7B8185 -- C:\WINDOWS\$NtUninstallKB956572$\services.exe
[2009/02/06 01:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=65DF52F5B8B6E9BBD183505225C37315 -- C:\WINDOWS\system32\dllcache\services.exe
[2009/02/06 01:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=65DF52F5B8B6E9BBD183505225C37315 -- C:\WINDOWS\system32\services.exe
< MD5 for: SR.SYS >
[2008/04/13 13:00:00 | 000,073,472 | ---- | M] (Microsoft Corporation) MD5=76BB022C2FB6902FD5BDD4F78FC13A5D -- C:\WINDOWS\system32\dllcache\sr.sys
[2008/04/13 13:00:00 | 000,073,472 | ---- | M] (Microsoft Corporation) MD5=76BB022C2FB6902FD5BDD4F78FC13A5D -- C:\WINDOWS\system32\drivers\sr.sys
< MD5 for: SRSVC.DLL >
[2008/04/13 13:00:00 | 000,171,008 | ---- | M] (Microsoft Corporation) MD5=3805DF0AC4296A34BA4BF93B346CC378 -- C:\WINDOWS\system32\dllcache\srsvc.dll
[2008/04/13 13:00:00 | 000,171,008 | ---- | M] (Microsoft Corporation) MD5=3805DF0AC4296A34BA4BF93B346CC378 -- C:\WINDOWS\system32\srsvc.dll
< MD5 for: SVCHOST.EXE >
[2008/04/13 13:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\dllcache\svchost.exe
[2008/04/13 13:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\svchost.exe
[2012/09/29 19:54:26 | 000,218,184 | ---- | M] () MD5=8846E87210AD131CF71E3E2E49F647B0 -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\svchost.exe
< MD5 for: TCPIP.SYS >
[2008/04/13 13:00:00 | 000,361,344 | ---- | M] (Microsoft Corporation) MD5=93EA8D04EC73A85DB02EB8805988F733 -- C:\WINDOWS\$NtUninstallKB2509553$\tcpip.sys
[2008/06/20 01:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- C:\WINDOWS\system32\dllcache\tcpip.sys
[2008/06/20 01:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- C:\WINDOWS\system32\drivers\tcpip.sys
[2008/06/20 01:59:02 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=AD978A1B783B5719720CFF204B666C8E -- C:\WINDOWS\$hf_mig$\KB2509553\SP3QFE\tcpip.sys
< MD5 for: USERINIT.EXE >
[2008/04/13 13:00:00 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\dllcache\userinit.exe
[2008/04/13 13:00:00 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\userinit.exe
< MD5 for: VOLSNAP.SYS >
[2008/04/13 13:00:00 | 000,052,352 | ---- | M] (Microsoft Corporation) MD5=4C8FCB5CC53AAB716D810740FE59D025 -- C:\WINDOWS\system32\dllcache\volsnap.sys
[2008/04/13 13:00:00 | 000,052,352 | ---- | M] (Microsoft Corporation) MD5=4C8FCB5CC53AAB716D810740FE59D025 -- C:\WINDOWS\system32\drivers\volsnap.sys
< MD5 for: WINLOGON.EXE >
[2012/09/29 19:54:26 | 000,218,184 | ---- | M] () MD5=8846E87210AD131CF71E3E2E49F647B0 -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2008/04/13 13:00:00 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\dllcache\winlogon.exe
[2008/04/13 13:00:00 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\winlogon.exe
< MD5 for: WMISVC.DLL >
[2008/04/13 13:00:00 | 000,144,896 | ---- | M] (Microsoft Corporation) MD5=2D0E4ED081963804CCC196A0929275B5 -- C:\WINDOWS\system32\dllcache\wmisvc.dll
[2008/04/13 13:00:00 | 000,144,896 | ---- | M] (Microsoft Corporation) MD5=2D0E4ED081963804CCC196A0929275B5 -- C:\WINDOWS\system32\wbem\wmisvc.dll
< MD5 for: WSCSVC.DLL >
[2008/04/13 13:00:00 | 000,080,896 | ---- | M] (Microsoft Corporation) MD5=7C278E6408D1DCE642230C0585A854D5 -- C:\WINDOWS\system32\dllcache\wscsvc.dll
[2008/04/13 13:00:00 | 000,080,896 | ---- | M] (Microsoft Corporation) MD5=7C278E6408D1DCE642230C0585A854D5 -- C:\WINDOWS\system32\wscsvc.dll
< MD5 for: WUAUSERV.DLL >
[2008/04/13 13:00:00 | 000,006,656 | ---- | M] (Microsoft Corporation) MD5=35321FB577CDC98CE3EB3A3EB9E4610A -- C:\WINDOWS\system32\dllcache\wuauserv.dll
[2008/04/13 13:00:00 | 000,006,656 | ---- | M] (Microsoft Corporation) MD5=35321FB577CDC98CE3EB3A3EB9E4610A -- C:\WINDOWS\system32\wuauserv.dll
< >
< >
< End of report >
Thank you for your assistance.
Dien