Help with Virus/Maleware

View previous topic View next topic Go down

Help with Virus/Maleware

Post by Tokxia on Sun 12 Aug 2012, 10:01 am

Hi, recently my computer got infected with this nasty bug and I've tired everything in my power to get rid of it with no success. It sometimes slows down my computer. There are random pop ups every five to ten minutes and random tabs opening up on my web browser. If you can please help me out. Thank you..

P.S. totally unrelated to the virus but sometimes I get the line-1 error message. Any suggestions.


Extra

OTL Extras logfile created on: 8/11/2012 1:44:54 PM - Run 1
OTL by OldTimer - Version 3.2.56.0 Folder = C:\Users\Hien\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19272)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.87 Gb Total Physical Memory | 1.80 Gb Available Physical Memory | 62.77% Memory free
5.94 Gb Paging File | 4.85 Gb Available in Paging File | 81.66% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 177.60 Gb Total Space | 89.43 Gb Free Space | 50.36% Space Free | Partition Type: NTFS

Computer Name: HIEN-PC | User Name: Hien | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

[HKEY_CURRENT_USER\SOFTWARE\Classes\]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
http [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-2378769042-2310627262-2564490496-1000]
"EnableNotifications" = 0
"EnableNotificationsRef" = 1

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{2C572A8C-2520-417B-849A-CE91161C5530}" = lport=4482 | protocol=17 | dir=in | name=blackberry desktop software wireless music sync discovery |
"{45414D77-A88C-4C33-B608-840B0B2BB5F1}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{67518E51-398F-49CD-AE16-6C7C3F77C947}" = lport=4481 | protocol=6 | dir=in | name=blackberry desktop software wireless music sync data transfer |
"{942BEAEB-FDC0-48A9-8062-90D21261B68B}" = lport=4482 | protocol=6 | dir=in | name=blackberry desktop software wireless music sync data transfer |
"{B7F53F33-EE95-4FA7-95B4-FC61DF98346A}" = lport=4481 | protocol=17 | dir=in | name=blackberry desktop software wireless music sync discovery |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00904587-B1BE-476B-AF13-9F5348928F27}" = protocol=17 | dir=in | app=c:\users\hien\desktop\youtubetomp3_setup.exe |
"{01C1E022-66B7-4FF6-BC76-F225243BEC7B}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{25575214-3845-4BAA-964A-A65D7B360E22}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{2A9481CC-13EC-46CB-8C24-4907A5B2C780}" = protocol=17 | dir=in | app=c:\programdata\nexonus\ngm\ngm.exe |
"{2DE68DED-BCE5-4153-9B23-B7F42140E709}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{34DDF60A-DE5F-4C1F-BE6A-AF7472179871}" = dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{3B87D728-B0A2-4388-96CD-BD9ED7694D94}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{4F4A5DC7-0F0B-42BC-88D6-F9624D562B8E}" = dir=in | app=c:\program files\skype\plugin manager\skypepm.exe |
"{5797CC21-FEBB-410A-9A9D-3BBCEED6A667}" = protocol=17 | dir=in | app=c:\users\hien\appdata\local\google\google talk plugin\googletalkplugin.exe |
"{5A8A5CEA-C0DE-4C13-BC5A-7B7C591EE017}" = protocol=17 | dir=in | app=c:\users\hien\appdata\local\google\google talk plugin\googletalkplugin.exe |
"{683372C2-445B-498B-897C-E13D1B40C691}" = protocol=17 | dir=in | app=c:\program files\aim\aim.exe |
"{69FAE5C2-3360-4422-B019-1C42EFCF766A}" = protocol=6 | dir=in | app=c:\program files\expressfiles\expressdl.exe |
"{726FCED5-28DD-4717-820A-37D41307601E}" = protocol=6 | dir=in | app=c:\users\hien\appdata\local\google\google talk plugin\googletalkplugin.exe |
"{7603EF72-9B72-4F09-B141-3B3E8936174B}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{7D1739CE-6DF7-4EC4-91D5-7C847369102A}" = protocol=6 | dir=in | app=c:\program files\aim\aim.exe |
"{7F16B453-DB5A-47C0-B0BC-D85CD841CB0E}" = protocol=17 | dir=in | app=c:\users\hien\downloads\the_basic_practice_of_statistics_(5th_edition)_by_david_s._moore_downloader_363a.exe |
"{8395B25B-842C-4025-A01C-4654BF71A62D}" = protocol=6 | dir=in | app=c:\program files\limewire\limewire.exe |
"{85AC30A9-E8E8-47C4-8DEA-68685737D1A8}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{87FF2777-DE98-482A-9278-BFFF96139208}" = protocol=17 | dir=in | app=c:\program files\expressfiles\expressfiles.exe |
"{897E49F1-8E42-4F90-84F4-453846E6FA0E}" = protocol=17 | dir=in | app=c:\users\hien\appdata\roaming\dropbox\bin\dropbox.exe |
"{8AF597FE-1A87-4435-AF1F-B03DBBC079FA}" = protocol=6 | dir=in | app=c:\users\hien\desktop\youtubetomp3_setup.exe |
"{98024712-FBC5-4E16-B93A-B24EE6BEF6FC}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{9B6377A0-1553-4353-8438-A7FCC87B89DD}" = protocol=6 | dir=in | app=c:\nexon\dragonnest\dragonnest.exe |
"{A1F617F7-09C5-4653-826C-2FC48284A423}" = protocol=17 | dir=in | app=c:\program files\limewire\limewire.exe |
"{A777F94A-A6E9-4E37-BF6C-28E7E67D329B}" = protocol=17 | dir=in | app=c:\program files\research in motion\blackberry desktop\rim.desktop.exe |
"{AAD1C1E9-48C5-46C7-972A-BF86D9F5E2D7}" = protocol=6 | dir=in | app=c:\program files\expressfiles\expressfiles.exe |
"{ABBF09EB-664B-4882-8D2A-F9EB6B19F6B7}" = protocol=17 | dir=in | app=c:\program files\expressfiles\expressdl.exe |
"{AD5962E1-2D20-4ACD-93CC-12896C73B5F0}" = protocol=17 | dir=in | app=c:\nexon\dragonnest\dragonnest.exe |
"{C056B13A-EA10-4AF2-9277-BC623F995C8C}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{C314B3B9-7839-40C9-977C-AED49E72F5C5}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{C6DA0574-CFAF-4015-81A2-B2FD2667500B}" = dir=in | app=c:\users\hien\appdata\local\facebook\video\skype\facebookvideocalling.exe |
"{CAB9CC1D-6DBF-4474-9F88-78E852726CAE}" = protocol=6 | dir=out | app=c:\program files\windows media player\wmplayer.exe |
"{D027C77D-5B50-484E-935E-8BB3A65045E4}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{D1727F17-B272-41E9-829E-A33786360A9C}" = protocol=6 | dir=in | app=c:\users\hien\appdata\roaming\dropbox\bin\dropbox.exe |
"{D37D0304-8D3C-442C-BC4D-7C73D46B134D}" = protocol=17 | dir=out | app=c:\program files\windows media player\wmplayer.exe |
"{DB82206D-459A-4A85-9223-D09326FEAA23}" = protocol=17 | dir=in | app=c:\program files\windows media player\wmplayer.exe |
"{E424851C-07F6-45D2-B999-8B7CD21B7BFB}" = protocol=6 | dir=in | app=c:\users\hien\downloads\the_basic_practice_of_statistics_(5th_edition)_by_david_s._moore_downloader_363a.exe |
"{F361FDE1-9957-42C6-B37B-935B62BE8669}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{F3BFD93A-B3A9-4101-AF30-A5F1AE4A8C09}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{F91CBC89-110D-4C66-B2C4-C99E1E221D23}" = protocol=6 | dir=in | app=c:\program files\research in motion\blackberry desktop\rim.desktop.exe |
"{F967F98F-26C8-47AC-9681-8B08AC51D395}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{F9961C00-4A3A-4DDB-8218-BC3668D3B67C}" = protocol=6 | dir=in | app=c:\programdata\nexonus\ngm\ngm.exe |
"{FF4907FA-0809-49FA-B499-EEA9E375806C}" = protocol=6 | dir=in | app=c:\users\hien\appdata\local\google\google talk plugin\googletalkplugin.exe |
"TCP Query User{C613A847-34C1-4381-B6EB-FF82738A6B1F}C:\program files\oovoo\oovoo.exe" = protocol=6 | dir=in | app=c:\program files\oovoo\oovoo.exe |
"UDP Query User{1572D0E1-C95A-448C-9281-D6934B715168}C:\program files\oovoo\oovoo.exe" = protocol=17 | dir=in | app=c:\program files\oovoo\oovoo.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{008D69EB-70FF-46AB-9C75-924620DF191A}" = TOSHIBA Speech System SR Engine(U.S.) Version1.0
"{0289B35E-DC07-4c7a-9710-BBD686EA4B7D}" = Status
"{0D5D0BEE-FBA9-4928-A50D-6CDFAB827755}" = TOSHIBA ConfigFree
"{0F7C2E47-089E-4d23-B9F7-39BE00100776}" = Toolbox
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{12B3A009-A080-4619-9A2A-C6DB151D8D67}" = TOSHIBA Assist
"{18669FF9-C8FE-407a-9F70-E674896B1DB4}" = GPBaseService
"{1D7CE340-70C3-4848-BCCF-215950328A4C}" = Facebook Video Calling 1.0.0.8953
"{23B8A91D-680B-462B-87AD-3D70F7341731}" = iTunes
"{24176A21-AFC8-3DCC-A2BB-901734AA64B9}" = Google Talk Plugin
"{2614F54E-A828-49FA-93BA-45A3F756BFAA}" = 32 Bit HP CIO Components Installer
"{26921B2E-3E62-47F9-A514-1FC4A83BD738}" = Intel(R) PROSet/Wireless WiFi Software
"{26A24AE4-039D-4CA4-87B4-2F83216021FF}" = Java(TM) 6 Update 24
"{26A24AE4-039D-4CA4-87B4-2F83217005FF}" = Java(TM) 7 Update 5
"{2883F6F5-0509-43F3-868C-D50330DD9DD3}" = TOSHIBA Hardware Setup
"{2C5C0BAF-36E4-4FC1-A3DD-A381BA6A409B}" = LoggerPro3
"{3248F0A8-6813-11D6-A77B-00B0D0160060}" = Java(TM) 6 Update 6
"{34BFB099-07B2-4E95-A673-7362D60866A2}" = PSSWCORE
"{36FDBE6E-6684-462b-AE98-9A39A1B200CC}" = HPProductAssistant
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3FBF6F99-8EC6-41B4-8527-0A32241B5496}" = TOSHIBA Speech System TTS Engine(U.S.) Version1.0
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B1E87C3-00DE-4898-8E39-E390AAEF2391}" = TOSHIBA Supervisor Password
"{5109C064-813E-4e87-B0DE-C8AF7B5BC02B}" = SmartWebPrintingOC
"{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"{624E54D0-E4F4-434F-9EF6-D4D066EE4348}" = Facebook Video Calling 1.1.1.1
"{640BE6CD-9B4E-4FA4-98BC-E6975A30DC4F}" = ESET NOD32 Antivirus
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{687FEF8A-8597-40b4-832C-297EA3F35817}" = BufferChm
"{6C5F3BDC-0A1B-4436-A696-5939629D5C31}" = TOSHIBA DVD PLAYER
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7988ba74-4a27-4685-991a-53f072f22808}" = F2200_Help
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{7C9AD221-994C-45B2-B46D-26F5735158CF}" = Sony Vegas Pro 8.0
"{7CAC6A44-C3DE-4153-ACA6-7524602C789E}" = Facebook Video Calling 1.2.0.159
"{80533B67-C407-485D-8B5D-63BB8ED9D878}" = Scan
"{84A78614-0E4B-4A4E-BA8C-2B0A05A08E4E}" = BlackBerry Desktop Software 6.0.1
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 8168 8101E 8102E Ethernet Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A85DEAD-7C1F-4368-881C-72AC74CB2E91}" = UnloadSupport
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0015-0409-0000-0000000FF1CE}_PROPLUSR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}_PROPLUSR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}_PROPLUSR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0409-0000-0000000FF1CE}_PROPLUSR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}_PROPLUSR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}_PROPLUSR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROHYBRIDR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}_PROPLUSR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROHYBRIDR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}_PROPLUSR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROHYBRIDR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROPLUSR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_PROPLUSR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_PROHYBRIDR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}_PROPLUSR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_PROHYBRIDR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}_PROPLUSR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0117-0409-0000-0000000FF1CE}_PROPLUSR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{91120000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2007
"{91120000-0011-0000-0000-0000000FF1CE}_PROPLUSR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{91120000-0031-0000-0000-0000000FF1CE}" = Microsoft Office Professional Hybrid 2007
"{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C2D4047-0E40-499a-AC7A-C4B9BB12FE03}" = TrayApp
"{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}" = CD/DVD Drive Acoustic Silencer
"{A5AB9D5E-52E2-440e-A3ED-9512E253C81A}" = SolutionCenter
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC6569FA-6919-442A-8552-073BE69E247A}" = TOSHIBA Service Station
"{AC76BA86-7AD7-1033-7B44-A82000000003}" = Adobe Reader 8.2.3
"{B0069CFA-5BB9-4C03-B1C6-89CE290E5AFE}" = HP Update
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B4750ECE-3B5F-462F-8950-614D1E0B2204}" = Facebook Video Calling 1.1.0.13
"{B5FDA445-CAC4-4BA6-A8FB-A7212BD439DE}" = Microsoft XML Parser
"{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}" = TOSHIBA Recovery Disc Creator
"{B8DBED1E-8BC3-4d08-B94A-F9D7D88E9BBF}" = HPSSupply
"{BAD0FA60-09CF-4411-AE6A-C2844C8812FA}" = HP Photosmart Essential 2.5
"{C4124E95-5061-4776-8D5D-E3D931C778E1}" = Microsoft VC9 runtime libraries
"{C53D16CC-E56F-47B8-906E-70AAF8EABB4F}" = Toshiba Registration
"{c6922d7f-c698-4d9e-9671-8b3de04d1511}" = DJ_AIO_03_F2200_Software_Min
"{C730E42C-935A-45BB-A0C5-37E5234D111B}" = TOSHIBA Face Recognition
"{CCB9B81A-167F-4832-B305-D2A0430840B3}" = WebReg
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D2E0F0CC-6BE0-490b-B08B-9267083E34C9}" = MarketResearch
"{D77D43B5-ED55-426b-B67B-E21F804F6102}" = HP Deskjet F2200 All-In-One Driver Software 10.0 Rel .3
"{D99A8E3A-AE5A-4692-8B19-6F16D454E240}" = Destination Component
"{DA7DF8E2-4B8F-4286-97FE-DE3FFFE9B728}" = iCloud
"{db18dc72-cd20-4801-be82-f5d2caeec4d7}" = DJ_AIO_03_F2200_Software
"{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader
"{E08DC77E-D09A-4e36-8067-D6DBBCC5F8DC}" = VideoToolkit01
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{E8A602BF-C276-4DB2-A9FF-B4C30EA1CB7C}_is1" = iDump (Freeware) Build:29
"{e97a9fd7-2fa1-4474-820d-3f8893a5b78a}" = F2200
"{EA2DB6E0-72C5-4ef9-A3A0-E6705F4A6A9E}" = Nexon Game Manager
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{eca3039b-e429-420f-bd5e-7dec0683fc32}" = DJ_AIO_03_F2200_ProductContext
"{EE033C1F-443E-41EC-A0E2-559B539A4E4D}" = TOSHIBA Speech System Applications
"{EF1ADA5A-0B1A-4662-8C55-7475A61D8B65}" = DeviceDiscovery
"{EFC04D3F-A152-47E7-8517-EE0F6201AFEF}" = Apple Mobile Device Support
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F214EAA4-A069-4BAF-9DA4-4DB8BEEDE485}" = DVD MovieFactory for TOSHIBA
"{F42CD69D-E393-47c8-B2CD-B139C4ADA9A8}" = Copy
"{FA54AFB1-5745-4389-B8C1-9F7509672ED1}" = iPhone Configuration Utility
"{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Audacity_is1" = Audacity 1.2.6
"AVG Secure Search" = AVG Security Toolbar
"BlackBerry_Desktop" = BlackBerry Desktop Software 6.0.1
"CCleaner" = CCleaner (remove only)
"ffdshow_is1" = ffdshow v1.1.3452 [2010-05-24]
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HP Imaging Device Functions" = HP Imaging Device Functions 10.0
"HP Photosmart Essential" = HP Photosmart Essential 2.5
"HP Smart Web Printing" = HP Smart Web Printing
"HP Solution Center & Imaging Support Tools" = HP Solution Center 10.0
"HPExtendedCapabilities" = HP Customer Participation Program 10.0
"InstallShield_{2C5C0BAF-36E4-4FC1-A3DD-A381BA6A409B}" = Logger Pro 3.8
"InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"InstallShield_{C730E42C-935A-45BB-A0C5-37E5234D111B}" = TOSHIBA Face Recognition
"InstallShield_{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
"LAME for Audacity_is1" = LAME v3.98.3 for Audacity
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.62.0.1300
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox 15.0 (x86 en-US)" = Mozilla Firefox 15.0 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NodEnabler" = NodEnabler 3.2.4
"PROHYBRIDR" = 2007 Microsoft Office system
"ProInst" = Intel PROSet Wireless
"PROPLUSR" = Microsoft Office Professional Plus 2007
"SafeConnect" = SafeConnect
"Search Toolbar" = Search Toolbar
"Shop for HP Supplies" = Shop for HP Supplies
"SoftwareUpdUtility" = Download Updater (AOL LLC)
"Spartan Student V4.1.2" = Spartan Student V4.1.2
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"The Extractor1.4.1" = The Extractor
"TOSHIBA Software Modem" = TOSHIBA Software Modem
"Uninstall_is1" = Uninstall 1.0.0.1
"VASST Notepad" = VASST Notepad 1.1.0
"ViewpointMediaPlayer" = Viewpoint Media Player
"WildTangent toshiba Master Uninstall" = WildTangent Games
"Windows Media Encoder 9" = Windows Media Encoder 9 Series
"WinRAR archiver" = WinRAR archiver

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"Facebook Plug-In" = Facebook Plug-In
"Google Chrome" = Google Chrome

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 8/1/2012 7:07:02 AM | Computer Name = Hien-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 5444

Error - 8/1/2012 7:07:02 AM | Computer Name = Hien-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 5444

Error - 8/1/2012 7:07:03 AM | Computer Name = Hien-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 8/1/2012 7:07:03 AM | Computer Name = Hien-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 6521

Error - 8/1/2012 7:07:03 AM | Computer Name = Hien-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 6521

Error - 8/1/2012 7:07:04 AM | Computer Name = Hien-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 8/1/2012 7:07:04 AM | Computer Name = Hien-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 7644

Error - 8/1/2012 7:07:04 AM | Computer Name = Hien-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 7644

Error - 8/1/2012 7:07:05 AM | Computer Name = Hien-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 8/1/2012 7:07:05 AM | Computer Name = Hien-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 8689

Error - 8/1/2012 7:07:05 AM | Computer Name = Hien-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 8689

[ Media Center Events ]
Error - 5/31/2010 10:00:27 PM | Computer Name = Hien-PC | Source = Media Center Guide | ID = 0
Description = Event Info: ERROR: SqmApiWrapper.TimerRecord failed; Win32 GetLastError
returned 10000105 Process: DefaultDomain Object Name: Media Center Guide

Error - 5/31/2010 10:00:34 PM | Computer Name = Hien-PC | Source = Media Center Guide | ID = 0
Description = Event Info: ERROR: SqmApiWrapper.TimerRecord failed; Win32 GetLastError
returned 10000105 Process: DefaultDomain Object Name: Media Center Guide

Error - 6/1/2010 1:16:37 AM | Computer Name = Hien-PC | Source = Media Center Guide | ID = 0
Description = Event Info: ERROR: SqmApiWrapper.TimerRecord failed; Win32 GetLastError
returned 10000105 Process: DefaultDomain Object Name: Media Center Guide

Error - 6/1/2010 9:16:27 PM | Computer Name = Hien-PC | Source = Media Center Guide | ID = 0
Description = Event Info: ERROR: SqmApiWrapper.WaitForUploadComplete failed. Please
try to ping [You must be registered and logged in to see this link.] prior to filing a bug.; Win32 GetLastError returned 10000109
Process: DefaultDomain Object Name: Media Center Guide

Error - 6/1/2010 10:56:49 PM | Computer Name = Hien-PC | Source = Media Center Guide | ID = 0
Description = Event Info: ERROR: SqmApiWrapper.TimerRecord failed; Win32 GetLastError
returned 10000105 Process: DefaultDomain Object Name: Media Center Guide

Error - 6/2/2010 3:21:54 PM | Computer Name = Hien-PC | Source = Media Center Guide | ID = 0
Description = Event Info: ERROR: SqmApiWrapper.TimerRecord failed; Win32 GetLastError
returned 10000105 Process: DefaultDomain Object Name: Media Center Guide

Error - 6/4/2010 4:12:00 AM | Computer Name = Hien-PC | Source = Media Center Guide | ID = 0
Description = Event Info: ERROR: SqmApiWrapper.TimerRecord failed; Win32 GetLastError
returned 10000105 Process: DefaultDomain Object Name: Media Center Guide

Error - 2/1/2011 4:06:13 PM | Computer Name = Hien-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 2/9/2011 5:50:28 PM | Computer Name = Hien-PC | Source = Media Center Guide | ID = 0
Description = Event Info: ERROR: SqmApiWrapper.TimerRecord failed; Win32 GetLastError
returned 10000105 Process: DefaultDomain Object Name: Media Center Guide

Error - 2/19/2011 5:51:02 AM | Computer Name = Hien-PC | Source = MCUpdate | ID = 0
Description = Failed to wait on MCUpdate mutex with exception: 'The wait completed
due to an abandoned mutex.'.

[ OSession Events ]
Error - 6/22/2010 11:15:34 PM | Computer Name = Hien-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6524.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 1013
seconds with 840 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 8/11/2012 4:11:41 PM | Computer Name = Hien-PC | Source = Service Control Manager | ID = 7023
Description =

Error - 8/11/2012 4:11:41 PM | Computer Name = Hien-PC | Source = Service Control Manager | ID = 7023
Description =

Error - 8/11/2012 4:11:41 PM | Computer Name = Hien-PC | Source = Service Control Manager | ID = 7023
Description =

Error - 8/11/2012 4:11:41 PM | Computer Name = Hien-PC | Source = Service Control Manager | ID = 7023
Description =

Error - 8/11/2012 4:11:41 PM | Computer Name = Hien-PC | Source = Service Control Manager | ID = 7023
Description =

Error - 8/11/2012 4:11:41 PM | Computer Name = Hien-PC | Source = Service Control Manager | ID = 7023
Description =

Error - 8/11/2012 4:11:41 PM | Computer Name = Hien-PC | Source = Service Control Manager | ID = 7023
Description =

Error - 8/11/2012 4:11:41 PM | Computer Name = Hien-PC | Source = Service Control Manager | ID = 7023
Description =

Error - 8/11/2012 4:13:07 PM | Computer Name = Hien-PC | Source = Service Control Manager | ID = 7022
Description =

Error - 8/11/2012 4:14:37 PM | Computer Name = Hien-PC | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.11 for the Network Card with network
address 0022FA63C672 has been denied by the DHCP server 192.168.1.254 (The DHCP
Server sent a DHCPNACK message).


< End of report >





aswMBR


OTL Extras logfile created on: 8/11/2012 1:44:54 PM - Run 1
OTL by OldTimer - Version 3.2.56.0 Folder = C:\Users\Hien\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19272)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.87 Gb Total Physical Memory | 1.80 Gb Available Physical Memory | 62.77% Memory free
5.94 Gb Paging File | 4.85 Gb Available in Paging File | 81.66% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 177.60 Gb Total Space | 89.43 Gb Free Space | 50.36% Space Free | Partition Type: NTFS

Computer Name: HIEN-PC | User Name: Hien | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

[HKEY_CURRENT_USER\SOFTWARE\Classes\]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
http [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-2378769042-2310627262-2564490496-1000]
"EnableNotifications" = 0
"EnableNotificationsRef" = 1

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{2C572A8C-2520-417B-849A-CE91161C5530}" = lport=4482 | protocol=17 | dir=in | name=blackberry desktop software wireless music sync discovery |
"{45414D77-A88C-4C33-B608-840B0B2BB5F1}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{67518E51-398F-49CD-AE16-6C7C3F77C947}" = lport=4481 | protocol=6 | dir=in | name=blackberry desktop software wireless music sync data transfer |
"{942BEAEB-FDC0-48A9-8062-90D21261B68B}" = lport=4482 | protocol=6 | dir=in | name=blackberry desktop software wireless music sync data transfer |
"{B7F53F33-EE95-4FA7-95B4-FC61DF98346A}" = lport=4481 | protocol=17 | dir=in | name=blackberry desktop software wireless music sync discovery |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00904587-B1BE-476B-AF13-9F5348928F27}" = protocol=17 | dir=in | app=c:\users\hien\desktop\youtubetomp3_setup.exe |
"{01C1E022-66B7-4FF6-BC76-F225243BEC7B}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{25575214-3845-4BAA-964A-A65D7B360E22}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{2A9481CC-13EC-46CB-8C24-4907A5B2C780}" = protocol=17 | dir=in | app=c:\programdata\nexonus\ngm\ngm.exe |
"{2DE68DED-BCE5-4153-9B23-B7F42140E709}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{34DDF60A-DE5F-4C1F-BE6A-AF7472179871}" = dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{3B87D728-B0A2-4388-96CD-BD9ED7694D94}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{4F4A5DC7-0F0B-42BC-88D6-F9624D562B8E}" = dir=in | app=c:\program files\skype\plugin manager\skypepm.exe |
"{5797CC21-FEBB-410A-9A9D-3BBCEED6A667}" = protocol=17 | dir=in | app=c:\users\hien\appdata\local\google\google talk plugin\googletalkplugin.exe |
"{5A8A5CEA-C0DE-4C13-BC5A-7B7C591EE017}" = protocol=17 | dir=in | app=c:\users\hien\appdata\local\google\google talk plugin\googletalkplugin.exe |
"{683372C2-445B-498B-897C-E13D1B40C691}" = protocol=17 | dir=in | app=c:\program files\aim\aim.exe |
"{69FAE5C2-3360-4422-B019-1C42EFCF766A}" = protocol=6 | dir=in | app=c:\program files\expressfiles\expressdl.exe |
"{726FCED5-28DD-4717-820A-37D41307601E}" = protocol=6 | dir=in | app=c:\users\hien\appdata\local\google\google talk plugin\googletalkplugin.exe |
"{7603EF72-9B72-4F09-B141-3B3E8936174B}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{7D1739CE-6DF7-4EC4-91D5-7C847369102A}" = protocol=6 | dir=in | app=c:\program files\aim\aim.exe |
"{7F16B453-DB5A-47C0-B0BC-D85CD841CB0E}" = protocol=17 | dir=in | app=c:\users\hien\downloads\the_basic_practice_of_statistics_(5th_edition)_by_david_s._moore_downloader_363a.exe |
"{8395B25B-842C-4025-A01C-4654BF71A62D}" = protocol=6 | dir=in | app=c:\program files\limewire\limewire.exe |
"{85AC30A9-E8E8-47C4-8DEA-68685737D1A8}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{87FF2777-DE98-482A-9278-BFFF96139208}" = protocol=17 | dir=in | app=c:\program files\expressfiles\expressfiles.exe |
"{897E49F1-8E42-4F90-84F4-453846E6FA0E}" = protocol=17 | dir=in | app=c:\users\hien\appdata\roaming\dropbox\bin\dropbox.exe |
"{8AF597FE-1A87-4435-AF1F-B03DBBC079FA}" = protocol=6 | dir=in | app=c:\users\hien\desktop\youtubetomp3_setup.exe |
"{98024712-FBC5-4E16-B93A-B24EE6BEF6FC}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{9B6377A0-1553-4353-8438-A7FCC87B89DD}" = protocol=6 | dir=in | app=c:\nexon\dragonnest\dragonnest.exe |
"{A1F617F7-09C5-4653-826C-2FC48284A423}" = protocol=17 | dir=in | app=c:\program files\limewire\limewire.exe |
"{A777F94A-A6E9-4E37-BF6C-28E7E67D329B}" = protocol=17 | dir=in | app=c:\program files\research in motion\blackberry desktop\rim.desktop.exe |
"{AAD1C1E9-48C5-46C7-972A-BF86D9F5E2D7}" = protocol=6 | dir=in | app=c:\program files\expressfiles\expressfiles.exe |
"{ABBF09EB-664B-4882-8D2A-F9EB6B19F6B7}" = protocol=17 | dir=in | app=c:\program files\expressfiles\expressdl.exe |
"{AD5962E1-2D20-4ACD-93CC-12896C73B5F0}" = protocol=17 | dir=in | app=c:\nexon\dragonnest\dragonnest.exe |
"{C056B13A-EA10-4AF2-9277-BC623F995C8C}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{C314B3B9-7839-40C9-977C-AED49E72F5C5}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{C6DA0574-CFAF-4015-81A2-B2FD2667500B}" = dir=in | app=c:\users\hien\appdata\local\facebook\video\skype\facebookvideocalling.exe |
"{CAB9CC1D-6DBF-4474-9F88-78E852726CAE}" = protocol=6 | dir=out | app=c:\program files\windows media player\wmplayer.exe |
"{D027C77D-5B50-484E-935E-8BB3A65045E4}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{D1727F17-B272-41E9-829E-A33786360A9C}" = protocol=6 | dir=in | app=c:\users\hien\appdata\roaming\dropbox\bin\dropbox.exe |
"{D37D0304-8D3C-442C-BC4D-7C73D46B134D}" = protocol=17 | dir=out | app=c:\program files\windows media player\wmplayer.exe |
"{DB82206D-459A-4A85-9223-D09326FEAA23}" = protocol=17 | dir=in | app=c:\program files\windows media player\wmplayer.exe |
"{E424851C-07F6-45D2-B999-8B7CD21B7BFB}" = protocol=6 | dir=in | app=c:\users\hien\downloads\the_basic_practice_of_statistics_(5th_edition)_by_david_s._moore_downloader_363a.exe |
"{F361FDE1-9957-42C6-B37B-935B62BE8669}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{F3BFD93A-B3A9-4101-AF30-A5F1AE4A8C09}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{F91CBC89-110D-4C66-B2C4-C99E1E221D23}" = protocol=6 | dir=in | app=c:\program files\research in motion\blackberry desktop\rim.desktop.exe |
"{F967F98F-26C8-47AC-9681-8B08AC51D395}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{F9961C00-4A3A-4DDB-8218-BC3668D3B67C}" = protocol=6 | dir=in | app=c:\programdata\nexonus\ngm\ngm.exe |
"{FF4907FA-0809-49FA-B499-EEA9E375806C}" = protocol=6 | dir=in | app=c:\users\hien\appdata\local\google\google talk plugin\googletalkplugin.exe |
"TCP Query User{C613A847-34C1-4381-B6EB-FF82738A6B1F}C:\program files\oovoo\oovoo.exe" = protocol=6 | dir=in | app=c:\program files\oovoo\oovoo.exe |
"UDP Query User{1572D0E1-C95A-448C-9281-D6934B715168}C:\program files\oovoo\oovoo.exe" = protocol=17 | dir=in | app=c:\program files\oovoo\oovoo.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{008D69EB-70FF-46AB-9C75-924620DF191A}" = TOSHIBA Speech System SR Engine(U.S.) Version1.0
"{0289B35E-DC07-4c7a-9710-BBD686EA4B7D}" = Status
"{0D5D0BEE-FBA9-4928-A50D-6CDFAB827755}" = TOSHIBA ConfigFree
"{0F7C2E47-089E-4d23-B9F7-39BE00100776}" = Toolbox
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{12B3A009-A080-4619-9A2A-C6DB151D8D67}" = TOSHIBA Assist
"{18669FF9-C8FE-407a-9F70-E674896B1DB4}" = GPBaseService
"{1D7CE340-70C3-4848-BCCF-215950328A4C}" = Facebook Video Calling 1.0.0.8953
"{23B8A91D-680B-462B-87AD-3D70F7341731}" = iTunes
"{24176A21-AFC8-3DCC-A2BB-901734AA64B9}" = Google Talk Plugin
"{2614F54E-A828-49FA-93BA-45A3F756BFAA}" = 32 Bit HP CIO Components Installer
"{26921B2E-3E62-47F9-A514-1FC4A83BD738}" = Intel(R) PROSet/Wireless WiFi Software
"{26A24AE4-039D-4CA4-87B4-2F83216021FF}" = Java(TM) 6 Update 24
"{26A24AE4-039D-4CA4-87B4-2F83217005FF}" = Java(TM) 7 Update 5
"{2883F6F5-0509-43F3-868C-D50330DD9DD3}" = TOSHIBA Hardware Setup
"{2C5C0BAF-36E4-4FC1-A3DD-A381BA6A409B}" = LoggerPro3
"{3248F0A8-6813-11D6-A77B-00B0D0160060}" = Java(TM) 6 Update 6
"{34BFB099-07B2-4E95-A673-7362D60866A2}" = PSSWCORE
"{36FDBE6E-6684-462b-AE98-9A39A1B200CC}" = HPProductAssistant
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3FBF6F99-8EC6-41B4-8527-0A32241B5496}" = TOSHIBA Speech System TTS Engine(U.S.) Version1.0
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B1E87C3-00DE-4898-8E39-E390AAEF2391}" = TOSHIBA Supervisor Password
"{5109C064-813E-4e87-B0DE-C8AF7B5BC02B}" = SmartWebPrintingOC
"{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"{624E54D0-E4F4-434F-9EF6-D4D066EE4348}" = Facebook Video Calling 1.1.1.1
"{640BE6CD-9B4E-4FA4-98BC-E6975A30DC4F}" = ESET NOD32 Antivirus
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{687FEF8A-8597-40b4-832C-297EA3F35817}" = BufferChm
"{6C5F3BDC-0A1B-4436-A696-5939629D5C31}" = TOSHIBA DVD PLAYER
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7988ba74-4a27-4685-991a-53f072f22808}" = F2200_Help
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{7C9AD221-994C-45B2-B46D-26F5735158CF}" = Sony Vegas Pro 8.0
"{7CAC6A44-C3DE-4153-ACA6-7524602C789E}" = Facebook Video Calling 1.2.0.159
"{80533B67-C407-485D-8B5D-63BB8ED9D878}" = Scan
"{84A78614-0E4B-4A4E-BA8C-2B0A05A08E4E}" = BlackBerry Desktop Software 6.0.1
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 8168 8101E 8102E Ethernet Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A85DEAD-7C1F-4368-881C-72AC74CB2E91}" = UnloadSupport
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0015-0409-0000-0000000FF1CE}_PROPLUSR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}_PROPLUSR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}_PROPLUSR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0409-0000-0000000FF1CE}_PROPLUSR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}_PROPLUSR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}_PROPLUSR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROHYBRIDR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}_PROPLUSR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROHYBRIDR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}_PROPLUSR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROHYBRIDR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROPLUSR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_PROPLUSR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_PROHYBRIDR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}_PROPLUSR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_PROHYBRIDR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}_PROPLUSR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0117-0409-0000-0000000FF1CE}_PROPLUSR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{91120000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2007
"{91120000-0011-0000-0000-0000000FF1CE}_PROPLUSR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{91120000-0031-0000-0000-0000000FF1CE}" = Microsoft Office Professional Hybrid 2007
"{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C2D4047-0E40-499a-AC7A-C4B9BB12FE03}" = TrayApp
"{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}" = CD/DVD Drive Acoustic Silencer
"{A5AB9D5E-52E2-440e-A3ED-9512E253C81A}" = SolutionCenter
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC6569FA-6919-442A-8552-073BE69E247A}" = TOSHIBA Service Station
"{AC76BA86-7AD7-1033-7B44-A82000000003}" = Adobe Reader 8.2.3
"{B0069CFA-5BB9-4C03-B1C6-89CE290E5AFE}" = HP Update
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B4750ECE-3B5F-462F-8950-614D1E0B2204}" = Facebook Video Calling 1.1.0.13
"{B5FDA445-CAC4-4BA6-A8FB-A7212BD439DE}" = Microsoft XML Parser
"{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}" = TOSHIBA Recovery Disc Creator
"{B8DBED1E-8BC3-4d08-B94A-F9D7D88E9BBF}" = HPSSupply
"{BAD0FA60-09CF-4411-AE6A-C2844C8812FA}" = HP Photosmart Essential 2.5
"{C4124E95-5061-4776-8D5D-E3D931C778E1}" = Microsoft VC9 runtime libraries
"{C53D16CC-E56F-47B8-906E-70AAF8EABB4F}" = Toshiba Registration
"{c6922d7f-c698-4d9e-9671-8b3de04d1511}" = DJ_AIO_03_F2200_Software_Min
"{C730E42C-935A-45BB-A0C5-37E5234D111B}" = TOSHIBA Face Recognition
"{CCB9B81A-167F-4832-B305-D2A0430840B3}" = WebReg
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D2E0F0CC-6BE0-490b-B08B-9267083E34C9}" = MarketResearch
"{D77D43B5-ED55-426b-B67B-E21F804F6102}" = HP Deskjet F2200 All-In-One Driver Software 10.0 Rel .3
"{D99A8E3A-AE5A-4692-8B19-6F16D454E240}" = Destination Component
"{DA7DF8E2-4B8F-4286-97FE-DE3FFFE9B728}" = iCloud
"{db18dc72-cd20-4801-be82-f5d2caeec4d7}" = DJ_AIO_03_F2200_Software
"{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader
"{E08DC77E-D09A-4e36-8067-D6DBBCC5F8DC}" = VideoToolkit01
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{E8A602BF-C276-4DB2-A9FF-B4C30EA1CB7C}_is1" = iDump (Freeware) Build:29
"{e97a9fd7-2fa1-4474-820d-3f8893a5b78a}" = F2200
"{EA2DB6E0-72C5-4ef9-A3A0-E6705F4A6A9E}" = Nexon Game Manager
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{eca3039b-e429-420f-bd5e-7dec0683fc32}" = DJ_AIO_03_F2200_ProductContext
"{EE033C1F-443E-41EC-A0E2-559B539A4E4D}" = TOSHIBA Speech System Applications
"{EF1ADA5A-0B1A-4662-8C55-7475A61D8B65}" = DeviceDiscovery
"{EFC04D3F-A152-47E7-8517-EE0F6201AFEF}" = Apple Mobile Device Support
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F214EAA4-A069-4BAF-9DA4-4DB8BEEDE485}" = DVD MovieFactory for TOSHIBA
"{F42CD69D-E393-47c8-B2CD-B139C4ADA9A8}" = Copy
"{FA54AFB1-5745-4389-B8C1-9F7509672ED1}" = iPhone Configuration Utility
"{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Audacity_is1" = Audacity 1.2.6
"AVG Secure Search" = AVG Security Toolbar
"BlackBerry_Desktop" = BlackBerry Desktop Software 6.0.1
"CCleaner" = CCleaner (remove only)
"ffdshow_is1" = ffdshow v1.1.3452 [2010-05-24]
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HP Imaging Device Functions" = HP Imaging Device Functions 10.0
"HP Photosmart Essential" = HP Photosmart Essential 2.5
"HP Smart Web Printing" = HP Smart Web Printing
"HP Solution Center & Imaging Support Tools" = HP Solution Center 10.0
"HPExtendedCapabilities" = HP Customer Participation Program 10.0
"InstallShield_{2C5C0BAF-36E4-4FC1-A3DD-A381BA6A409B}" = Logger Pro 3.8
"InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"InstallShield_{C730E42C-935A-45BB-A0C5-37E5234D111B}" = TOSHIBA Face Recognition
"InstallShield_{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
"LAME for Audacity_is1" = LAME v3.98.3 for Audacity
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.62.0.1300
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox 15.0 (x86 en-US)" = Mozilla Firefox 15.0 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NodEnabler" = NodEnabler 3.2.4
"PROHYBRIDR" = 2007 Microsoft Office system
"ProInst" = Intel PROSet Wireless
"PROPLUSR" = Microsoft Office Professional Plus 2007
"SafeConnect" = SafeConnect
"Search Toolbar" = Search Toolbar
"Shop for HP Supplies" = Shop for HP Supplies
"SoftwareUpdUtility" = Download Updater (AOL LLC)
"Spartan Student V4.1.2" = Spartan Student V4.1.2
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"The Extractor1.4.1" = The Extractor
"TOSHIBA Software Modem" = TOSHIBA Software Modem
"Uninstall_is1" = Uninstall 1.0.0.1
"VASST Notepad" = VASST Notepad 1.1.0
"ViewpointMediaPlayer" = Viewpoint Media Player
"WildTangent toshiba Master Uninstall" = WildTangent Games
"Windows Media Encoder 9" = Windows Media Encoder 9 Series
"WinRAR archiver" = WinRAR archiver

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"Facebook Plug-In" = Facebook Plug-In
"Google Chrome" = Google Chrome

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 8/1/2012 7:07:02 AM | Computer Name = Hien-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 5444

Error - 8/1/2012 7:07:02 AM | Computer Name = Hien-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 5444

Error - 8/1/2012 7:07:03 AM | Computer Name = Hien-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 8/1/2012 7:07:03 AM | Computer Name = Hien-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 6521

Error - 8/1/2012 7:07:03 AM | Computer Name = Hien-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 6521

Error - 8/1/2012 7:07:04 AM | Computer Name = Hien-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 8/1/2012 7:07:04 AM | Computer Name = Hien-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 7644

Error - 8/1/2012 7:07:04 AM | Computer Name = Hien-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 7644

Error - 8/1/2012 7:07:05 AM | Computer Name = Hien-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 8/1/2012 7:07:05 AM | Computer Name = Hien-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 8689

Error - 8/1/2012 7:07:05 AM | Computer Name = Hien-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 8689

[ Media Center Events ]
Error - 5/31/2010 10:00:27 PM | Computer Name = Hien-PC | Source = Media Center Guide | ID = 0
Description = Event Info: ERROR: SqmApiWrapper.TimerRecord failed; Win32 GetLastError
returned 10000105 Process: DefaultDomain Object Name: Media Center Guide

Error - 5/31/2010 10:00:34 PM | Computer Name = Hien-PC | Source = Media Center Guide | ID = 0
Description = Event Info: ERROR: SqmApiWrapper.TimerRecord failed; Win32 GetLastError
returned 10000105 Process: DefaultDomain Object Name: Media Center Guide

Error - 6/1/2010 1:16:37 AM | Computer Name = Hien-PC | Source = Media Center Guide | ID = 0
Description = Event Info: ERROR: SqmApiWrapper.TimerRecord failed; Win32 GetLastError
returned 10000105 Process: DefaultDomain Object Name: Media Center Guide

Error - 6/1/2010 9:16:27 PM | Computer Name = Hien-PC | Source = Media Center Guide | ID = 0
Description = Event Info: ERROR: SqmApiWrapper.WaitForUploadComplete failed. Please
try to ping [You must be registered and logged in to see this link.] prior to filing a bug.; Win32 GetLastError returned 10000109
Process: DefaultDomain Object Name: Media Center Guide

Error - 6/1/2010 10:56:49 PM | Computer Name = Hien-PC | Source = Media Center Guide | ID = 0
Description = Event Info: ERROR: SqmApiWrapper.TimerRecord failed; Win32 GetLastError
returned 10000105 Process: DefaultDomain Object Name: Media Center Guide

Error - 6/2/2010 3:21:54 PM | Computer Name = Hien-PC | Source = Media Center Guide | ID = 0
Description = Event Info: ERROR: SqmApiWrapper.TimerRecord failed; Win32 GetLastError
returned 10000105 Process: DefaultDomain Object Name: Media Center Guide

Error - 6/4/2010 4:12:00 AM | Computer Name = Hien-PC | Source = Media Center Guide | ID = 0
Description = Event Info: ERROR: SqmApiWrapper.TimerRecord failed; Win32 GetLastError
returned 10000105 Process: DefaultDomain Object Name: Media Center Guide

Error - 2/1/2011 4:06:13 PM | Computer Name = Hien-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 2/9/2011 5:50:28 PM | Computer Name = Hien-PC | Source = Media Center Guide | ID = 0
Description = Event Info: ERROR: SqmApiWrapper.TimerRecord failed; Win32 GetLastError
returned 10000105 Process: DefaultDomain Object Name: Media Center Guide

Error - 2/19/2011 5:51:02 AM | Computer Name = Hien-PC | Source = MCUpdate | ID = 0
Description = Failed to wait on MCUpdate mutex with exception: 'The wait completed
due to an abandoned mutex.'.

[ OSession Events ]
Error - 6/22/2010 11:15:34 PM | Computer Name = Hien-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6524.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 1013
seconds with 840 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 8/11/2012 4:11:41 PM | Computer Name = Hien-PC | Source = Service Control Manager | ID = 7023
Description =

Error - 8/11/2012 4:11:41 PM | Computer Name = Hien-PC | Source = Service Control Manager | ID = 7023
Description =

Error - 8/11/2012 4:11:41 PM | Computer Name = Hien-PC | Source = Service Control Manager | ID = 7023
Description =

Error - 8/11/2012 4:11:41 PM | Computer Name = Hien-PC | Source = Service Control Manager | ID = 7023
Description =

Error - 8/11/2012 4:11:41 PM | Computer Name = Hien-PC | Source = Service Control Manager | ID = 7023
Description =

Error - 8/11/2012 4:11:41 PM | Computer Name = Hien-PC | Source = Service Control Manager | ID = 7023
Description =

Error - 8/11/2012 4:11:41 PM | Computer Name = Hien-PC | Source = Service Control Manager | ID = 7023
Description =

Error - 8/11/2012 4:11:41 PM | Computer Name = Hien-PC | Source = Service Control Manager | ID = 7023
Description =

Error - 8/11/2012 4:13:07 PM | Computer Name = Hien-PC | Source = Service Control Manager | ID = 7022
Description =

Error - 8/11/2012 4:14:37 PM | Computer Name = Hien-PC | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.11 for the Network Card with network
address 0022FA63C672 has been denied by the DHCP server 192.168.1.254 (The DHCP
Server sent a DHCPNACK message).


< End of report >



Security Check


Results of screen317's Security Check version 0.99.43
Windows Vista Service Pack 2 x86 (UAC is disabled!)
Internet Explorer 8 Out of date!
``````````````Antivirus/Firewall Check:``````````````
Windows Security Center service is not running! This report may not be accurate!
WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.62.0.1300
CCleaner (remove only)
JavaFX 2.1.1
Java(TM) 6 Update 24
Java(TM) 7 Update 5
Java(TM) 6 Update 6
Adobe Flash Player 11.3.300.270
Adobe Reader 8 Adobe Reader out of Date!
Mozilla Firefox (15.0)
Google Chrome 21.0.1180.60
Google Chrome 21.0.1180.75
Google Chrome VisualElementsManifest.xml..
````````Process Check: objlist.exe by Laurent````````
Malwarebytes Anti-Malware mbamservice.exe
Malwarebytes Anti-Malware mbamgui.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: %
````````````````````End of Log``````````````````````




Tokxia

Newbie Surfer
Newbie Surfer

Posts : 28
Joined : 2011-09-03
Operating System : HP

View user profile

Back to top Go down

Re: Help with Virus/Maleware

Post by Tokxia on Sun 12 Aug 2012, 10:02 am

OTL part 1/4


OTL logfile created on: 8/11/2012 1:44:54 PM - Run 1
OTL by OldTimer - Version 3.2.56.0 Folder = C:\Users\Hien\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19272)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.87 Gb Total Physical Memory | 1.80 Gb Available Physical Memory | 62.77% Memory free
5.94 Gb Paging File | 4.85 Gb Available in Paging File | 81.66% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 177.60 Gb Total Space | 89.43 Gb Free Space | 50.36% Space Free | Partition Type: NTFS

Computer Name: HIEN-PC | User Name: Hien | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/08/11 13:41:23 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Hien\Desktop\OTL.com
PRC - [2012/07/12 01:38:26 | 000,935,008 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe
PRC - [2012/07/12 01:38:20 | 001,107,552 | ---- | M] () -- C:\Program Files\AVG Secure Search\vprot.exe
PRC - [2012/07/03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/07/03 13:46:44 | 000,462,920 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012/05/24 11:39:22 | 027,112,840 | ---- | M] (Dropbox, Inc.) -- C:\Users\Hien\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2012/02/23 12:30:40 | 000,059,240 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Internet Services\ubd.exe
PRC - [2012/02/23 12:22:56 | 000,059,240 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe
PRC - [2012/02/20 21:28:32 | 000,059,240 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe
PRC - [2010/12/07 15:17:44 | 000,297,240 | ---- | M] (Impulse Point, LLC) -- C:\Program Files\SafeConnect\SCClient.exe
PRC - [2010/11/04 18:15:50 | 000,810,144 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET Smart Security\ekrn.exe
PRC - [2010/11/04 18:15:32 | 002,219,184 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET Smart Security\egui.exe
PRC - [2009/06/17 10:51:24 | 000,292,632 | ---- | M] (Impulse Point, LLC) -- C:\Program Files\SafeConnect\Uninstall.exe
PRC - [2009/04/10 23:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/04/30 20:41:12 | 000,815,104 | ---- | M] (Intel(R) Corporation) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe
PRC - [2008/04/30 20:10:10 | 000,466,944 | ---- | M] (Intel(R) Corporation) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
PRC - [2008/04/24 13:03:12 | 000,430,080 | ---- | M] (TOSHIBA) -- C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe
PRC - [2008/04/17 00:19:48 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe
PRC - [2008/04/15 18:54:42 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2008/04/15 18:54:40 | 000,178,712 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2008/04/08 16:14:50 | 006,037,504 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2008/02/06 14:52:40 | 000,431,456 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
PRC - [2008/01/20 19:23:43 | 000,021,504 | ---- | M] () -- \\.\globalroot\SystemRoot\system32\svchost.exe


========== Modules (No Company Name) ==========

MOD - [2012/07/12 01:38:28 | 000,132,704 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\11.2.0\SiteSafety.dll
MOD - [2012/07/12 01:38:20 | 001,107,552 | ---- | M] () -- C:\Program Files\AVG Secure Search\vprot.exe
MOD - [2011/09/27 08:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/09/27 08:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2009/04/10 23:28:22 | 000,223,232 | ---- | M] () -- \\?\globalroot\systemroot\system32\mswsock.dll
MOD - [2009/04/10 23:28:22 | 000,223,232 | ---- | M] () -- \\.\globalroot\systemroot\system32\mswsock.dll
MOD - [2008/09/16 20:18:06 | 000,132,608 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- %systemroot%\system32\rvscc.dll -- (wudfpf)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\wg111nd5.dll -- (thinkpadmodemservice)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\USR1806V.dll -- (SRVLOC)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\s24eventmonitor.dll -- (spmd)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\PDExchange.dll -- (snare)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\knobserv.dll -- (SE2Eobex)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\plugplay.dll -- (ScsiPort)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\avg7rsxp.dll -- (rvscc)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\bwmservice.dll -- (rtl8139)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\oraclesnmppeermasteragent.dll -- (purgeieservice)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\nvsmu.dll -- (orbpvr)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\nsvcip.dll -- (msfwsvc)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\rxmssync.dll -- (hpzius12)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\dhcp.dll -- (ESMCR)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\wmccds.dll -- (bcserver)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\Airgo.dll -- (bc_ngn)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\rp32service.dll -- (atitool)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\cpuz132.dll -- (ami0nt)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\smcservice.dll -- (aksusb)
SRV - [2012/08/08 16:29:16 | 000,114,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/08/03 02:52:21 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/07/12 01:38:26 | 000,935,008 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe -- (vToolbarUpdater11.2.0)
SRV - [2012/07/03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2010/12/07 15:17:41 | 000,174,432 | ---- | M] (Impulse Point, LLC) [Auto | Stopped] -- C:\Program Files\SafeConnect\scManager.sys -- (SCManager)
SRV - [2010/11/04 18:18:10 | 000,033,584 | ---- | M] (ESET) [On_Demand | Stopped] -- C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe -- (EhttpSrv)
SRV - [2010/11/04 18:15:50 | 000,810,144 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET Smart Security\ekrn.exe -- (ekrn)
SRV - [2010/02/08 13:32:52 | 000,238,328 | ---- | M] (WildTangent, Inc.) [Disabled | Stopped] -- C:\Program Files\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2008/08/04 14:46:22 | 000,046,392 | ---- | M] (TOSHIBA Corporation) [Disabled | Stopped] -- C:\Program Files\Toshiba\TOSHIBA Service Station\TMachInfo.exe -- (TMachInfo)
SRV - [2008/07/18 21:39:30 | 000,083,312 | ---- | M] (TOSHIBA Corporation) [Disabled | Stopped] -- C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe -- (TNaviSrv)
SRV - [2008/04/30 20:41:12 | 000,815,104 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV - [2008/04/30 20:10:10 | 000,466,944 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV - [2008/04/24 19:35:46 | 000,073,728 | ---- | M] (Toshiba) [Disabled | Stopped] -- C:\Program Files\Toshiba\SmartFaceV\SmartFaceVWatchSrv.exe -- (SmartFaceVWatchSrv)
SRV - [2008/04/17 00:19:48 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe -- (ConfigFree Service)
SRV - [2008/04/15 18:54:42 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON)
SRV - [2008/02/06 14:52:40 | 000,431,456 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV - [2008/01/20 19:23:43 | 000,005,632 | ---- | M] (Oak Technology Inc.) [Auto | Running] -- C:\Windows\System32\CTMSHD.dll -- (SNDO763)
SRV - [2007/12/03 18:03:52 | 000,126,976 | ---- | M] (TOSHIBA Corporation) [Disabled | Stopped] -- C:\Program Files\Toshiba\SMARTLogService\TosIPCSrv.exe -- (TOSHIBA SMART Log Service)
SRV - [2007/11/21 18:23:32 | 000,129,632 | ---- | M] (TOSHIBA Corporation) [Disabled | Stopped] -- C:\Windows\System32\TODDSrv.exe -- (TODDSrv)
SRV - [2006/10/05 13:10:12 | 000,009,216 | ---- | M] (Agere Systems) [Disabled | Stopped] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2006/08/23 16:39:48 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\SYSPREP\Drivers\ioport.sys -- (IO_Memory)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\EagleXNt.sys -- (EagleXNt)
DRV - [2012/07/03 13:46:44 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2010/09/03 07:13:46 | 000,137,144 | ---- | M] (ESET) [File_System | Auto | Running] -- C:\Windows\System32\drivers\eamonm.sys -- (eamonm)
DRV - [2010/07/29 13:31:26 | 000,115,008 | ---- | M] (ESET) [Kernel | System | Running] -- C:\Windows\System32\drivers\ehdrv.sys -- (ehdrv)
DRV - [2010/07/29 13:31:26 | 000,096,920 | ---- | M] (ESET) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\epfwwfpr.sys -- (epfwwfpr)
DRV - [2009/04/10 21:45:22 | 000,066,560 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\drivers\smb.sys -- (Smb)
DRV - [2009/01/20 06:49:26 | 000,142,848 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2008/07/18 19:52:16 | 000,279,376 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\tos_sps32.sys -- (tos_sps32)
DRV - [2008/07/03 11:59:54 | 000,193,696 | ---- | M] (Jungo) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\windrvr6.sys -- (WinDriver6)
DRV - [2008/04/28 07:29:26 | 003,658,752 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw5v32.sys -- (NETw5v32)
DRV - [2008/01/18 09:22:00 | 000,009,216 | ---- | M] (Inventec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\sysprep\PEDRV.SYS -- (SVRPEDRV)
DRV - [2007/12/17 12:45:20 | 000,018,432 | ---- | M] (Chicony Electronics Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\UVCFTR_S.SYS -- (UVCFTR)
DRV - [2007/12/14 12:53:24 | 000,024,200 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV - [2007/11/09 15:00:52 | 000,023,640 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\TVALZ_O.SYS -- (TVALZ)
DRV - [2006/11/28 16:11:00 | 001,161,888 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2006/11/20 14:11:14 | 000,007,168 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\FwLnk.sys -- (FwLnk)
DRV - [2006/11/08 23:32:00 | 000,219,264 | ---- | M] (TOSHIBA CORPORATION) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\KR10I.sys -- (KR10I)
DRV - [2006/11/08 23:31:00 | 000,211,072 | ---- | M] (TOSHIBA CORPORATION) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\KR10N.sys -- (KR10N)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = [You must be registered and logged in to see this link.]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = [You must be registered and logged in to see this link.]
IE - HKLM\..\SearchScopes,DefaultScope = {0B4A10D1-FBD6-451d-BFDA-F03252B05984}
IE - HKLM\..\SearchScopes\{0B4A10D1-FBD6-451d-BFDA-F03252B05984}: "URL" = [You must be registered and logged in to see this link.]
IE - HKLM\..\SearchScopes\{2E693E70-20FB-4ACD-93EA-BF4721FBA9BB}: "URL" = [You must be registered and logged in to see this link.]
IE - HKLM\..\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}: "URL" = [You must be registered and logged in to see this link.]
IE - HKLM\..\SearchScopes\{CF739809-1C6C-47C0-85B9-569DBB141420}: "URL" = [You must be registered and logged in to see this link.]

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKCU\..\SearchScopes,DefaultScope = {996C8B56-2461-4AC6-99EA-493E3268205F}
IE - HKCU\..\SearchScopes\{0B4A10D1-FBD6-451d-BFDA-F03252B05984}: "URL" = [You must be registered and logged in to see this link.]
IE - HKCU\..\SearchScopes\{2E693E70-20FB-4ACD-93EA-BF4721FBA9BB}: "URL" = [You must be registered and logged in to see this link.]
IE - HKCU\..\SearchScopes\{3D41F773-C2A2-4541-8F58-DF94FA1311D3}: "URL" = [You must be registered and logged in to see this link.]
IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = [You must be registered and logged in to see this link.] 02:04:14&v=10.2.0.3&sap=dsp&q={searchTerms}
IE - HKCU\..\SearchScopes\{996C8B56-2461-4AC6-99EA-493E3268205F}: "URL" = [You must be registered and logged in to see this link.]
IE - HKCU\..\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}: "URL" = [You must be registered and logged in to see this link.]
IE - HKCU\..\SearchScopes\{CF739809-1C6C-47C0-85B9-569DBB141420}: "URL" = [You must be registered and logged in to see this link.]
IE - HKCU\..\SearchScopes\{DECA3892-BA8F-44b8-A993-A466AD694AE4}: "URL" = [You must be registered and logged in to see this link.]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "AIM Search"
FF - prefs.js..browser.search.defaulturl: "http://aim.search.aol.com/aol/search?query={searchTerms}&invocationType=tb50-ff-aim-chromesbox-en-us"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com/"
FF - prefs.js..extensions.enabledItems: {DCBD1271-D228-4082-9FBC-36D9B7660B03}:1.1.9.1
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2.1
FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.2.145
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.9.8
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: [You must be registered and logged in to see this link.]:1.5.3
FF - prefs.js..extensions.enabledItems: [You must be registered and logged in to see this link.]:1.2
FF - prefs.js..extensions.enabledItems: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20100908
FF - prefs.js..extensions.enabledItems: [You must be registered and logged in to see this link.]:1.0.7
FF - prefs.js..keyword.URL: "http://isearch.avg.com/search?cid=%7B59d239d3-f46f-43cd-a191-6676cb818186%7D&mid=0aa67551b1dd47d09793d15775403860-08446b76d2fd74931488b66acbfaaf0562f6e12f&ds=dw011&v=10.2.0.3&lang=en&pr=sa&d=2012-04-06%2002%3A04%3A14&sap=ku&q="
FF - prefs.js..network.proxy.no_proxies_on: "*.local"


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_270.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\11.2.0\\npsitesafety.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@millisecond.com/npInquisit,version=2.0: C:\Program Files\Millisecond Software\Inquisit 2.0 Mozilla Plugin\npInquisit_20610047.dll (Millisecond Software)
FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Media Player\npViewpoint.dll ()
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: C:\Users\Hien\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll ( )
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Hien\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Hien\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Hien\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Hien\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Hien\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\ProgramData\AVG Secure Search\11.1.0.12\ [2012/07/12 01:38:37 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/08/11 13:34:17 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/08/11 13:34:14 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2010/12/07 15:24:37 | 000,000,000 | ---D | M]

[2009/11/18 00:21:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Hien\AppData\Roaming\Mozilla\Extensions
[2009/08/24 00:52:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Hien\AppData\Roaming\Mozilla\Extensions\home2@tomtom.com
[2012/08/11 13:34:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Hien\AppData\Roaming\Mozilla\Firefox\Profiles\yng2obcu.default\extensions
[2010/06/30 01:26:45 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Hien\AppData\Roaming\Mozilla\Firefox\Profiles\yng2obcu.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/12/18 15:10:07 | 000,000,000 | ---D | M] (WOT) -- C:\Users\Hien\AppData\Roaming\Mozilla\Firefox\Profiles\yng2obcu.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2012/01/17 22:54:43 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Hien\AppData\Roaming\Mozilla\Firefox\Profiles\yng2obcu.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2010/07/14 01:03:59 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Hien\AppData\Roaming\Mozilla\Firefox\Profiles\yng2obcu.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010/02/08 03:51:31 | 000,000,000 | ---D | M] () -- C:\Users\Hien\AppData\Roaming\Mozilla\Firefox\Profiles\yng2obcu.default\extensions\{DCBD1271-D228-4082-9FBC-36D9B7660B03}
[2010/04/14 12:00:07 | 000,000,000 | ---D | M] (Personas) -- C:\Users\Hien\AppData\Roaming\Mozilla\Firefox\Profiles\yng2obcu.default\extensions\personas@christopher.beard
[2011/01/08 00:27:32 | 000,000,000 | ---D | M] (Search Toolbar) -- C:\Users\Hien\AppData\Roaming\Mozilla\Firefox\Profiles\yng2obcu.default\extensions\searchtoolbar@zugo.com
[2010/07/24 10:02:21 | 000,000,000 | ---D | M] (YouTube to MP3) -- C:\Users\Hien\AppData\Roaming\Mozilla\Firefox\Profiles\yng2obcu.default\extensions\youtube2mp3@mondayx.de
[2010/06/30 01:26:45 | 000,000,000 | ---D | M] (1-Click YouTube Video Downloader) -- C:\Users\Hien\AppData\Roaming\Mozilla\Firefox\Profiles\yng2obcu.default\extensions\YoutubeDownloader@PeterOlayev.com
[2010/03/22 20:53:02 | 000,001,490 | ---- | M] () -- C:\Users\Hien\AppData\Roaming\Mozilla\Firefox\Profiles\yng2obcu.default\searchplugins\AIM Search.xml
[2010/03/22 19:23:47 | 000,002,275 | ---- | M] () -- C:\Users\Hien\AppData\Roaming\Mozilla\Firefox\Profiles\yng2obcu.default\searchplugins\aim-search.xml
[2012/08/11 13:34:17 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/08/11 13:34:17 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\distribution\extensions
[2012/07/12 01:38:37 | 000,000,000 | ---D | M] (AVG Security Toolbar) -- C:\PROGRAMDATA\AVG SECURE SEARCH\11.1.0.12
[2012/08/08 16:29:41 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2009/04/29 20:07:00 | 000,023,864 | ---- | M] (McAfee, Inc.) -- C:\Program Files\mozilla firefox\components\Scriptff.dll
[2007/04/16 10:07:12 | 000,180,293 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\npViewpoint.dll
[2012/07/12 01:38:18 | 000,003,769 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\avg-secure-search.xml
[2012/08/08 16:28:58 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/08/08 16:28:58 | 000,002,253 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - homepage: [You must be registered and logged in to see this link.]
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: [You must be registered and logged in to see this link.]
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Hien\AppData\Local\Google\Chrome\Application\21.0.1180.60\PepperFlash\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Hien\AppData\Local\Google\Chrome\Application\21.0.1180.75\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_270.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Hien\AppData\Local\Google\Chrome\Application\21.0.1180.75\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Hien\AppData\Local\Google\Chrome\Application\21.0.1180.75\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll
CHR - plugin: downloadUpdater (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdnu.dll
CHR - plugin: downloadUpdater2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdnupdater2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: MetaStream 3 Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npViewpoint.dll
CHR - plugin: Google Talk Plugin (Enabled) = C:\Users\Hien\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Users\Hien\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
CHR - plugin: AVG SiteSafety plugin (Enabled) = C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\11.2.0\\npsitesafety.dll
CHR - plugin: RIM Handheld Application Loader (Enabled) = C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files\Google\Picasa3\npPicasa3.dll
CHR - plugin: Inquisit Web Edition (Enabled) = C:\Program Files\Millisecond Software\Inquisit 2.0 Mozilla Plugin\npInquisit_20610047.dll
CHR - plugin: Java(TM) Platform SE 7 U5 (Enabled) = C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll
CHR - plugin: Java Deployment Toolkit 7.0.50.255 (Enabled) = C:\Windows\system32\npDeployJava1.dll
CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Nexon Game Controller (Enabled) = C:\ProgramData\NexonUS\NGM\npNxGameUS.dll
CHR - plugin: Facebook Video Calling Plugin (Enabled) = C:\Users\Hien\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Hien\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll
CHR - plugin: Facebook Plugin (Enabled) = C:\Users\Hien\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

O1 HOSTS File: ([2006/09/18 14:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (no name) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - No CLSID value found.
O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll ()
O2 - BHO: (Search Toolbar) - {9D425283-D487-4337-BAB6-AB8354A81457} - C:\Program Files\Search Toolbar\SearchToolbar.dll ()
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll ()
O3 - HKLM\..\Toolbar: (Search Toolbar) - {9D425283-D487-4337-BAB6-AB8354A81457} - C:\Program Files\Search Toolbar\SearchToolbar.dll ()
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Search Toolbar) - {9D425283-D487-4337-BAB6-AB8354A81457} - C:\Program Files\Search Toolbar\SearchToolbar.dll ()
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET Smart Security\egui.exe (ESET)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [vProt] C:\Program Files\AVG Secure Search\vprot.exe ()
O4 - HKCU..\Run: [Facebook Update] C:\Users\Hien\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKCU..\Run: [iCloudServices] C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe (Apple Inc.)
O4 - HKCU..\Run: [MobileDocuments] C:\Program Files\Common Files\Apple\Internet Services\ubd.exe (Apple Inc.)
O4 - HKCU..\Run: [TOSCDSPD] TOSCDSPD.EXE File not found
O4 - Startup: C:\Users\Hien\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Hien\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000028 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [You must be registered and logged in to see this link.] (Java Plug-in 10.5.1)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 10.5.1)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0A2E6BA9-3B42-4B4C-BBFB-E7D86FD7E9DB}: DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{18C2EC58-8F36-470A-9509-12392CB9E69F}: DhcpNameServer = 192.168.42.129
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1FE2E2E9-AB11-4485-9D54-96CF4D146B30}: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\11.2.0\ViProtocol.dll ()
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Hien\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Hien\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 14:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{35f71156-e5fd-11de-b522-001e33a4d193}\Shell\AutoRun\command - "" = E:\__DTMEDIA\DTMedia.exe
O33 - MountPoints2\{529239c0-4694-11de-a69a-001e33a4d193}\Shell\AutoRun\command - "" = E:\Setup_FlipShare.exe
O33 - MountPoints2\{529239c0-4694-11de-a69a-001e33a4d193}\Shell\Setup FlipShare\command - "" = E:\Setup_FlipShare.exe
O33 - MountPoints2\{58514c42-78d2-11df-99ed-001e33a4d193}\Shell - "" = AutoRun
O33 - MountPoints2\{58514c42-78d2-11df-99ed-001e33a4d193}\Shell\AutoRun\command - "" = "F:\WD SmartWare.exe" autoplay=true
O33 - MountPoints2\{5e75d330-45d8-11df-9981-001e33a4d193}\Shell - "" = AutoRun
O33 - MountPoints2\{5e75d330-45d8-11df-9981-001e33a4d193}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O33 - MountPoints2\{89edb773-23f8-11de-b694-0022fa63c672}\Shell - "" = AutoRun
O33 - MountPoints2\{89edb773-23f8-11de-b694-0022fa63c672}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O33 - MountPoints2\{a50d3fd7-6e5b-11df-94df-001e33a4d193}\Shell\AutoRun\command - "" = E:\sources\sperr32.exe x64
O33 - MountPoints2\{a50d4004-6e5b-11df-94df-001e33a4d193}\Shell\AutoRun\command - "" = wd_windows_tools\setup.exe
O33 - MountPoints2\{db5729e8-8e11-11de-abe8-001e33a4d193}\Shell\AutoRun\command - "" = E:\InstallTomTomHOME.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

MsConfig - StartUpReg: 00TCrdMain - hkey= - key= - File not found
MsConfig - StartUpReg: 155732904 - hkey= - key= - C:\Program Files\Toshiba Registration\Registration.exe (DataLode, Inc.)
MsConfig - StartUpReg: Aim6 - hkey= - key= - File not found
MsConfig - StartUpReg: Camera Assistant Software - hkey= - key= - File not found
MsConfig - StartUpReg: cfFncEnabler.exe - hkey= - key= - File not found
MsConfig - StartUpReg: DNS7reminder - hkey= - key= - File not found
MsConfig - StartUpReg: HSON - hkey= - key= - File not found
MsConfig - StartUpReg: ISUSPM Startup - hkey= - key= - File not found
MsConfig - StartUpReg: ISUSScheduler - hkey= - key= - C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
MsConfig - StartUpReg: iTunesHelper - hkey= - key= - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
MsConfig - StartUpReg: NDSTray.exe - hkey= - key= - File not found
MsConfig - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
MsConfig - StartUpReg: SmoothView - hkey= - key= - File not found
MsConfig - StartUpReg: SSBkgdUpdate - hkey= - key= - File not found
MsConfig - StartUpReg: ToshibaServiceStation - hkey= - key= - C:\Program Files\TOSHIBA\TOSHIBA Service Station\TSS.exe (TOSHIBA Corporation)
MsConfig - StartUpReg: TPwrMain - hkey= - key= - File not found
MsConfig - State: "services" - 2
MsConfig - State: "startup" - 2
MsConfig - State: "bootini" - 0

SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS - File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: WinDefend - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

ActiveX: {03F998B2-0E00-11D3-A498-00104B6EB52E} - Viewpoint Media Player
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {1B00725B-C455-4DE6-BFB6-AD540AD427CD} - Viewpoint Media Player
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} -
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} -
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

Drivers32: msacm.dvacm - C:\Program Files\Common Files\Ulead Systems\vio\DVACM.acm (Ulead Systems, Inc.)
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.3IV2 - C:\Windows\System32\3ivxVfWCodec.dll (3ivx Technologies Pty. Ltd.)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.FFDS - C:\Windows\System32\ff_vfw.dll ()

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: wudfpf - %systemroot%\system32\rvscc.dll File not found
NetSvcs: rtl8139 - %systemroot%\system32\bwmservice.dll File not found
NetSvcs: ScsiPort - %systemroot%\system32\plugplay.dll File not found
NetSvcs: pctoolsfirewallplus - File not found
NetSvcs: atitool - %systemroot%\system32\rp32service.dll File not found
NetSvcs: ql2100 - File not found
NetSvcs: orbpvr - %systemroot%\system32\nvsmu.dll File not found
NetSvcs: Xponaut_WBD - File not found
NetSvcs: w300bus - File not found
NetSvcs: asp.net_2.0.50727 - File not found
NetSvcs: bc_ngn - %systemroot%\system32\Airgo.dll File not found
NetSvcs: rvscc - %systemroot%\system32\avg7rsxp.dll File not found
NetSvcs: purgeieservice - %systemroot%\system32\oraclesnmppeermasteragent.dll File not found
NetSvcs: IntelC51 - File not found
NetSvcs: SE2Cmgmt - File not found
NetSvcs: RMCAST - C:\Windows\System32\drivers\rmcast.sys (Microsoft Corporation)
NetSvcs: spmd - %systemroot%\system32\s24eventmonitor.dll File not found
NetSvcs: snare - %systemroot%\system32\PDExchange.dll File not found
NetSvcs: DVDVRRdr_xp - File not found
NetSvcs: nvidesm - File not found
NetSvcs: mediamaxxlservice - File not found
NetSvcs: fsssvc - File not found
NetSvcs: SNDO763 - C:\Windows\System32\CTMSHD.dll (Oak Technology Inc.)
NetSvcs: bcserver - %systemroot%\system32\wmccds.dll File not found
NetSvcs: pcidrv - File not found
NetSvcs: BUFADPT - File not found
NetSvcs: w800mgmt - File not found
NetSvcs: lxcccustomerconnect - File not found
NetSvcs: SRVLOC - %systemroot%\system32\USR1806V.dll File not found
NetSvcs: QPSched - File not found
NetSvcs: sdcplh - File not found
NetSvcs: NtMtlFax - File not found
NetSvcs: se45mdm - File not found
NetSvcs: aksusb - %systemroot%\system32\smcservice.dll File not found
NetSvcs: msfwsvc - %systemroot%\system32\nsvcip.dll File not found
NetSvcs: ds1 - File not found
NetSvcs: HssDrv - File not found
NetSvcs: raidmsvr - File not found
NetSvcs: ami0nt - %systemroot%\system32\cpuz132.dll File not found
NetSvcs: hpzius12 - %systemroot%\system32\rxmssync.dll File not found
NetSvcs: thinkpadmodemservice - %systemroot%\system32\wg111nd5.dll File not found
NetSvcs: aniwzcsdservice - File not found
NetSvcs: maya70docserver - File not found
NetSvcs: ESMCR - %systemroot%\system32\dhcp.dll File not found
NetSvcs: SE2Eobex - %systemroot%\system32\knobserv.dll File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found


Last edited by Tokxia on Sun 12 Aug 2012, 10:31 am; edited 2 times in total

Tokxia

Newbie Surfer
Newbie Surfer

Posts : 28
Joined : 2011-09-03
Operating System : HP

View user profile

Back to top Go down

Re: Help with Virus/Maleware

Post by Tokxia on Sun 12 Aug 2012, 10:18 am

OTL part 2/4

CREATERESTOREPOINT
System Restore Service not available.

========== Files/Folders - Created Within 30 Days ==========

[2012/08/11 13:41:34 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\Hien\Desktop\OTL.com
[2012/08/11 13:34:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2012/08/11 13:34:17 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service
[2012/08/09 04:09:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/08/09 04:09:51 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012/08/07 00:48:00 | 000,000,000 | ---D | C] -- C:\Users\Hien\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2012/08/07 00:45:54 | 000,000,000 | ---D | C] -- C:\Users\Hien\AppData\Local\Apps
[2012/08/07 00:45:53 | 000,000,000 | ---D | C] -- C:\Users\Hien\AppData\Local\Deployment
[2012/08/07 00:43:10 | 000,000,000 | ---D | C] -- C:\Users\Hien\AppData\Local\Macromedia
[2012/08/06 01:46:05 | 002,047,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2012/08/05 21:08:45 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winusb.dll
[2012/08/05 21:02:39 | 009,827,016 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerInstaller.exe
[2012/07/18 04:59:42 | 000,000,000 | ---D | C] -- C:\Program Files\Oracle
[2012/07/18 04:57:47 | 000,772,544 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\npDeployJava1.dll
[2012/07/18 04:57:47 | 000,227,760 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaws.exe
[2012/07/18 04:57:28 | 000,174,064 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2012/07/18 04:57:28 | 000,174,064 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/08/11 13:52:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/08/11 13:47:08 | 000,000,443 | ---- | M] () -- C:\Users\Hien\Desktop\Documents.lnk
[2012/08/11 13:43:18 | 000,000,924 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2378769042-2310627262-2564490496-1000UA.job
[2012/08/11 13:41:23 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Hien\Desktop\OTL.com
[2012/08/11 13:34:19 | 000,000,841 | ---- | M] () -- C:\Users\Hien\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012/08/11 13:34:18 | 000,000,817 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012/08/11 13:18:28 | 000,619,858 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/08/11 13:18:28 | 000,109,238 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/08/11 13:11:36 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/08/11 13:11:36 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/08/11 13:11:33 | 000,000,000 | -HS- | M] () -- C:\Windows\System32\dds_trash_log.cmd
[2012/08/11 13:11:29 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/08/10 17:03:00 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2378769042-2310627262-2564490496-1000UA.job
[2012/08/10 15:25:33 | 000,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2378769042-2310627262-2564490496-1000Core.job
[2012/08/10 15:17:34 | 000,002,048 | ---- | M] () -- C:\Users\Hien\Desktop\Google Chrome.lnk
[2012/08/10 15:17:34 | 000,002,010 | ---- | M] () -- C:\Users\Hien\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012/08/10 15:14:08 | 000,000,902 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2378769042-2310627262-2564490496-1000Core.job
[2012/08/09 04:09:55 | 000,000,877 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/08/06 02:04:32 | 000,395,080 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/08/05 21:03:06 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012/08/05 21:03:06 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012/08/05 21:02:43 | 009,827,016 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerInstaller.exe
[2012/07/26 01:17:22 | 000,000,482 | ---- | M] () -- C:\WirelessDiagLog.csv
[2012/07/18 04:56:59 | 000,174,064 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2012/07/18 04:56:59 | 000,174,064 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/08/11 13:47:08 | 000,000,443 | ---- | C] () -- C:\Users\Hien\Desktop\Documents.lnk
[2012/08/11 13:34:18 | 000,000,841 | ---- | C] () -- C:\Users\Hien\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012/08/11 13:34:18 | 000,000,829 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2012/08/11 13:34:18 | 000,000,817 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012/08/09 04:09:55 | 000,000,877 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/08/07 00:48:05 | 000,002,048 | ---- | C] () -- C:\Users\Hien\Desktop\Google Chrome.lnk
[2012/08/07 00:48:05 | 000,002,010 | ---- | C] () -- C:\Users\Hien\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012/08/03 01:26:12 | 000,000,000 | -HS- | C] () -- C:\Windows\System32\dds_trash_log.cmd
[2012/01/21 08:00:52 | 000,000,000 | ---- | C] () -- C:\Users\Hien\AppData\Local\{518002A5-BBE1-4E6A-9726-6B7A91D375CE}
[2010/12/22 13:25:22 | 000,192,576 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat
[2010/12/03 14:55:03 | 000,000,056 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat
[2010/11/13 20:03:08 | 000,000,680 | ---- | C] () -- C:\Users\Hien\AppData\Local\d3d9caps.dat
[2010/08/23 03:52:37 | 000,000,256 | ---- | C] () -- C:\Windows\System32\pool.bin
[2009/04/08 17:18:54 | 000,002,314 | ---- | C] () -- C:\Users\Hien\AppData\Roaming\SAS7_000.DAT
[2009/04/07 23:16:20 | 000,074,752 | ---- | C] () -- C:\Users\Hien\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== Custom Scans ==========

< %AppData%\Roaming\Mozilla\Firefox\Profiles\*.default\extensions\ /s /md5 >

< %AppData%\Local\ >

< %systemroot%\system32\sysprep >

< *.xpi /md5 >

< %systemroot%\Downloaded Program Files\ >

< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile >
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\Logging]

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2012/08/08 16:29:41 | 000,883,864 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2012/08/08 16:29:41 | 000,883,864 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2012/08/08 16:29:41 | 000,883,864 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2012/08/08 16:29:14 | 000,917,984 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2012/08/08 16:29:14 | 000,917,984 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2012/08/08 16:29:14 | 000,917,984 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome.7XKFRMTEMLYJ6SI63OXVO4KIPI\InstallInfo\\ShowIconsCommand: "C:\Users\Hien\AppData\Local\Google\Chrome\Application\chrome.exe" --show-icons [2012/08/06 23:43:41 | 001,229,848 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome.7XKFRMTEMLYJ6SI63OXVO4KIPI\InstallInfo\\HideIconsCommand: "C:\Users\Hien\AppData\Local\Google\Chrome\Application\chrome.exe" --hide-icons [2012/08/06 23:43:41 | 001,229,848 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome.7XKFRMTEMLYJ6SI63OXVO4KIPI\InstallInfo\\ReinstallCommand: "C:\Users\Hien\AppData\Local\Google\Chrome\Application\chrome.exe" --make-default-browser [2012/08/06 23:43:41 | 001,229,848 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome.7XKFRMTEMLYJ6SI63OXVO4KIPI\shell\open\command\\: "C:\Users\Hien\AppData\Local\Google\Chrome\Application\chrome.exe" [2012/08/06 23:43:41 | 001,229,848 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\system32\ie4uinit.exe" -hide [2012/05/14 20:25:37 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\system32\ie4uinit.exe" -show [2012/05/14 20:25:37 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\system32\ie4uinit.exe" -reinstall [2012/05/14 20:25:37 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2012/05/14 23:37:18 | 000,638,048 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2012/05/14 23:37:18 | 000,638,048 | ---- | M] (Microsoft Corporation)

< hklm\software\clients\startmenuinternet|command /64 /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2012/08/08 16:29:41 | 000,883,864 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2012/08/08 16:29:41 | 000,883,864 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2012/08/08 16:29:41 | 000,883,864 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2012/08/08 16:29:14 | 000,917,984 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2012/08/08 16:29:14 | 000,917,984 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2012/08/08 16:29:14 | 000,917,984 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome.7XKFRMTEMLYJ6SI63OXVO4KIPI\InstallInfo\\ShowIconsCommand: "C:\Users\Hien\AppData\Local\Google\Chrome\Application\chrome.exe" --show-icons [2012/08/06 23:43:41 | 001,229,848 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome.7XKFRMTEMLYJ6SI63OXVO4KIPI\InstallInfo\\HideIconsCommand: "C:\Users\Hien\AppData\Local\Google\Chrome\Application\chrome.exe" --hide-icons [2012/08/06 23:43:41 | 001,229,848 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome.7XKFRMTEMLYJ6SI63OXVO4KIPI\InstallInfo\\ReinstallCommand: "C:\Users\Hien\AppData\Local\Google\Chrome\Application\chrome.exe" --make-default-browser [2012/08/06 23:43:41 | 001,229,848 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome.7XKFRMTEMLYJ6SI63OXVO4KIPI\shell\open\command\\: "C:\Users\Hien\AppData\Local\Google\Chrome\Application\chrome.exe" [2012/08/06 23:43:41 | 001,229,848 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\system32\ie4uinit.exe" -hide [2012/05/14 20:25:37 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\system32\ie4uinit.exe" -show [2012/05/14 20:25:37 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\system32\ie4uinit.exe" -reinstall [2012/05/14 20:25:37 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2012/05/14 23:37:18 | 000,638,048 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2012/05/14 23:37:18 | 000,638,048 | ---- | M] (Microsoft Corporation)

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\system32\drivers\*.sys /90 >
[2012/06/04 08:26:04 | 000,440,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\ksecdd.sys
[2012/07/03 13:46:44 | 000,022,344 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\system32\drivers\mbam.sys

< %systemroot%\System32\config\*.sav >
[2008/08/18 10:51:06 | 012,820,480 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2008/08/18 10:51:02 | 000,106,496 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2008/08/18 10:51:06 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2008/08/18 10:51:12 | 017,186,816 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2008/08/18 10:51:13 | 006,635,520 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV

< %SYSTEMDRIVE%\*.exe /md5 >

< "%WinDir%\$NtUninstallKB*$." /30 >

< %systemdrive%\Program Files\Common Files\ComObjects\*.* /s >

< %systemroot%\*. /mp /s >

< %systemroot%\*. /rp /s >

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %USERPROFILE%\AppData\Local\Google\Chrome\User Data\*.* /s >
[2012/08/11 13:26:08 | 000,243,823 | ---- | M] () -- C:\Users\Hien\AppData\Local\Google\Chrome\User Data\Certificate Revocation Lists
[2012/08/11 13:44:37 | 000,000,004 | ---- | M] () -- C:\Users\Hien\AppData\Local\Google\Chrome\User Data\chrome_shutdown_ms.txt
[2012/08/11 13:44:37 | 000,001,669 | ---- | M] () -- C:\Users\Hien\AppData\Local\Google\Chrome\User Data\Local State
[2012/08/11 13:25:08 | 000,000,000 | ---- | M] () -- C:\Users\Hien\AppData\Local\Google\Chrome\User Data\Safe Browsing Bloom_new
[2012/08/07 00:48:17 | 000,006,144 | ---- | M] () -- C:\Users\Hien\AppData\Local\Google\Chrome\User Data\Safe Browsing Cookies
[2012/08/07 00:48:17 | 000,001,544 | ---- | M] () -- C:\Users\Hien\AppData\Local\Google\Chrome\User Data\Safe Browsing Cookies-journal
[2012/08/11 13:25:08 | 000,000,000 | ---- | M] () -- C:\Users\Hien\AppData\Local\Google\Chrome\User Data\Safe Browsing Csd Whitelist_new
[2012/08/11 13:25:08 | 000,000,000 | ---- | M] () -- C:\Users\Hien\AppData\Local\Google\Chrome\User Data\Safe Browsing Download Whitelist_new
[2012/08/11 13:25:08 | 000,000,000 | ---- | M] () -- C:\Users\Hien\AppData\Local\Google\Chrome\User Data\Safe Browsing Download_new
[2012/08/07 01:40:28 | 000,000,055 | ---- | M] () -- C:\Users\Hien\AppData\Local\Google\Chrome\User Data\Service State
[2012/08/09 05:57:05 | 000,057,344 | ---- | M] () -- C:\Users\Hien\AppData\Local\Google\Chrome\User Data\Default\Archived History
[2012/08/09 05:57:05 | 000,000,512 | ---- | M] () -- C:\Users\Hien\AppData\Local\Google\Chrome\User Data\Default\Archived History-journal
[2012/08/07 01:48:10 | 000,001,356 | ---- | M] () -- C:\Users\Hien\AppData\Local\Google\Chrome\User Data\Default\Bookmarks
[2012/08/07 01:48:10 | 000,001,356 | ---- | M] () -- C:\Users\Hien\AppData\Local\Google\Chrome\User Data\Default\Bookmarks.bak
[2012/08/11 13:41:07 | 000,149,504 | ---- | M] () -- C:\Users\Hien\AppData\Local\Google\Chrome\User Data\Default\Cookies
[2012/08/11 13:41:07 | 000,016,384 | ---- | M] () -- C:\Users\Hien\AppData\Local\Google\Chrome\User Data\Default\Cookies-journal
[2012/08/11 13:44:37 | 000,448,466 | ---- | M] () -- C:\Users\Hien\AppData\Local\Google\Chrome\User Data\Default\Current Session
[2012/08/11 13:44:37 | 000,694,083 | ---- | M] () -- C:\Users\Hien\AppData\Local\Google\Chrome\User Data\Default\Current Tabs
[2012/08/11 13:41:01 | 000,090,112 | ---- | M] () -- C:\Users\Hien\AppData\Local\Google\Chrome\User Data\Default\Favicons
[2012/08/11 13:41:01 | 000,016,384 | ---- | M] () -- C:\Users\Hien\AppData\Local\Google\Chrome\User Data\Default\Favicons-journal
[2012/08/11 13:44:37 | 000,167,936 | ---- | M] () -- C:\Users\Hien\AppData\Local\Google\Chrome\User Data\Default\History
[2012/08/11 13:41:01 | 000,532,480 | ---- | M] () -- C:\Users\Hien\AppData\Local\Google\Chrome\User Data\Default\History Index 2012-08
[2012/08/11 13:41:01 | 000,016,384 | ---- | M] () -- C:\Users\Hien\AppData\Local\Google\Chrome\User Data\Default\History Index 2012-08-journal
[2012/08/11 13:44:37 | 000,072,683 | ---- | M] () -- C:\Users\Hien\AppData\Local\Google\Chrome\User Data\Default\History Provider Cache
[2012/08/11 13:44:37 | 000,016,384 | ---- | M] () -- C:\Users\Hien\AppData\Local\Google\Chrome\User Data\Default\History-journal
[2012/08/09 08:28:40 | 000,714,360 | ---- | M] () -- C:\Users\Hien\AppData\Local\Google\Chrome\User Data\Default\Last Session
[2012/08/09 08:28:40 | 000,193,669 | ---- | M] () -- C:\Users\Hien\AppData\Local\Google\Chrome\User Data\Default\Last Tabs
[2012/08/11 13:21:56 | 000,012,288 | ---- | M] () -- C:\Users\Hien\AppData\Local\Google\Chrome\User Data\Default\Login Data
[2012/08/11 13:21:56 | 000,008,736 | ---- | M] () -- C:\Users\Hien\AppData\Local\Google\Chrome\User Data\Default\Login Data-journal
[2012/08/11 13:20:14 | 000,000,008 | ---- | M] () -- C:\Users\Hien\AppData\Local\Google\Chrome\User Data\Default\Managed Mode Settings
[2012/08/11 13:36:22 | 000,145,408 | ---- | M] () -- C:\Users\Hien\AppData\Local\Google\Chrome\User Data\Default\Network Action Predictor
[2012/08/11 13:36:22 | 000,016,384 | ---- | M] () -- C:\Users\Hien\AppData\Local\Google\Chrome\User Data\Default\Network Action Predictor-journal
[2012/08/11 13:44:37 | 000,034,144 | ---- | M] () -- C:\Users\Hien\AppData\Local\Google\Chrome\User Data\Default\Preferences
[2012/08/07 00:49:05 | 000,000,180 | ---- | M] () -- C:\Users\Hien\AppData\Local\Google\Chrome\User Data\Default\README
[2012/08/11 13:36:22 | 000,012,288 | ---- | M] () -- C:\Users\Hien\AppData\Local\Google\Chrome\User Data\Default\Shortcuts
[2012/08/11 13:36:22 | 000,012,824 | ---- | M] () -- C:\Users\Hien\AppData\Local\Google\Chrome\User Data\Default\Shortcuts-journal
[2012/08/09 05:54:21 | 000,000,000 | ---- | M] () -- C:\Users\Hien\AppData\Local\Google\Chrome\User Data\Default\Thumbnails
[2012/08/11 13:27:54 | 000,118,784 | ---- | M] () -- C:\Users\Hien\AppData\Local\Google\Chrome\User Data\Default\Top Sites
[2012/08/11 13:27:54 | 000,016,384 | ---- | M] () -- C:\Users\Hien\AppData\Local\Google\Chrome\User Data\Default\Top Sites-journal
[2012/08/11 13:44:37 | 000,131,072 | ---- | M] () -- C:\Users\Hien\AppData\Local\Google\Chrome\User Data\Default\Visited Links
[2012/08/11 13:40:06 | 000,083,968 | ---- | M] () -- C:\Users\Hien\AppData\Local\Google\Chrome\User Data\Default\Web Data
[2012/08/11 13:40:06 | 000,016,384 | ---- | M] () -- C:\Users\Hien\AppData\Local\Google\Chrome\User Data\Default\Web Data-journal
[2012/08/11 13:44:37 | 000,118,784 | ---- | M] () -- C:\Users\Hien\AppData\Local\Google\Chrome\User Data\Default\Cache\data_0
[2012/08/11 13:44:37 | 002,891,776 | ---- | M] () -- C:\Users\Hien\AppData\Local\Google\Chrome\User Data\Default\Cache\data_1
[2012/08/11 13:44:37 | 002,105,344 | ---- | M] () -- C:\Users\Hien\AppData\Local\Google\Chrome\User Data\Default\Cache\data_2
[2012/08/11 13:44:37 | 008,396,800 | ---- | M] () -- C:\Users\Hien\AppData\Local\Google\Chrome\User Data\Default\Cache\data_3


Last edited by Tokxia on Sun 12 Aug 2012, 10:30 am; edited 2 times in total

Tokxia

Newbie Surfer
Newbie Surfer

Posts : 28
Joined : 2011-09-03
Operating System : HP

View user profile

Back to top Go down

Re: Help with Virus/Maleware

Post by Tokxia on Sun 12 Aug 2012, 10:24 am

OTL 3/4

[2012/08/09 06:04:55 | 000,020,040 | ---- | M] () -- C:\Users\Hien\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000001
[2012/08/09 06:04:56 | 000,020,683 | ---- | M] () -- C:\Users\Hien\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000002
[2012/08/09 06:04:56 | 000,086,081 | ---- | M] () -- C:\Users\Hien\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000003
[2012/08/09 06:04:56 | 000,047,102 | ---- | M] () -- C:\Users\Hien\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000004
[2012/08/09 06:04:57 | 000,036,981 | ---- | M] () -- C:\Users\Hien\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000005
[2012/08/09 06:04:57 | 000,072,859 | ---- | M] () -- C:\Users\Hien\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000006
[2012/08/09 06:04:59 | 000,034,209 | ---- | M] () -- C:\Users\Hien\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000007
[2012/08/09 06:04:59 | 000,017,420 | ---- | M] () -- C:\Users\Hien\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000008
[2012/08/09 06:05:00 | 000,024,839 | ---- | M] () -- C:\Users\Hien\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000009
[2012/08/09 06:05:08 | 000,016,558 | ---- | M] () -- C:\Users\Hien\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00000a
[2012/08/09 06:05:17 | 000,026,310 | ---- | M] () -- C:\Users\Hien\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00000b
[2012/08/09 06:05:18 | 000,273,198 | ---- | M] () -- C:\Users\Hien\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00000c
[2012/08/09 06:05:21 | 001,781,747 | ---- | M] () -- C:\Users\Hien\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00000d
[2012/08/09 06:05:23 | 001,781,760 | ---- | M] () -- C:\Users\Hien\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00000e
[2012/08/09 06:05:25 | 001,781,760 | ---- | M] () -- C:\Users\Hien\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00000f
[2012/08/09 06:05:29 | 000,099,293 | ---- | M] () -- C:\Users\Hien\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000010
[2012/08/09 06:05:30 | 000,078,944 | ---- | M] () -- C:\Users\Hien\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000011
[2012/08/09 06:05:31 | 001,052,095 | ---- | M] () -- C:\Users\Hien\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000012
[2012/08/09 06:05:59 | 001,781,760 | ---- | M] () -- C:\Users\Hien\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000013
[2012/08/09 06:06:23 | 001,781,760 | ---- | M] () -- C:\Users\Hien\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000014
[2012/08/09 06:06:43 | 001,781,760 | ---- | M] () -- C:\Users\Hien\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000015
[2012/08/09 06:06:55 | 001,781,760 | ---- | M] () -- C:\Users\Hien\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000016
[2012/08/09 06:07:11 | 001,781,760 | ---- | M] () -- C:\Users\Hien\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000017
[2012/08/09 06:07:30 | 001,781,760 | ---- | M] () -- C:\Users\Hien\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000018
[2012/08/09 06:07:48 | 000,643,470 | ---- | M] () -- C:\Users\Hien\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000019
[2012/08/09 06:08:15 | 000,023,053 | ---- | M] () -- C:\Users\Hien\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00001a
[2012/08/09 06:09:03 | 000,085,871 | ---- | M] () -- C:\Users\Hien\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00001b
[2012/08/09 06:09:08 | 000,076,444 | ---- | M] () -- C:\Users\Hien\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00001c
[2012/08/09 06:10:31 | 000,019,626 | ---- | M] () -- C:\Users\Hien\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00001d
[2012/08/09 06:10:53 | 000,045,207 | ---- | M] () -- C:\Users\Hien\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00001e
[2012/08/09 06:11:09 | 000,025,359 | ---- | M] () -- C:\Users\Hien\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00001f
[2012/08/09 06:11:12 | 001,781,747 | ---- | M] () -- C:\Users\Hien\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000020
[2012/08/09 06:11:14 | 001,781,760 | ---- | M] () -- C:\Users\Hien\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000021
[2012/08/09 06:11:16 | 001,781,760 | ---- | M] () -- C:\Users\Hien\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000022
[2012/08/09 06:11:18 | 001,781,760 | ---- | M] () -- C:\Users\Hien\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000023
[2012/08/09 06:11:23 | 000,087,141 | ---- | M] () -- C:\Users\Hien\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000024
[2012/08/09 06:11:23 | 000,086,707 | ---- | M] () -- C:\Users\Hien\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000025
[2012/08/09 06:11:23 | 001,062,504 | ---- | M] () -- C:\Users\Hien\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000026
[2012/08/09 06:11:31 | 000,891,724 | ---- | M] () -- C:\Users\Hien\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000027
[2012/08/09 06:11:36 | 002,457,600 | ---- | M] () -- C:\Users\Hien\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000028
[2012/08/09 06:11:42 | 002,457,600 | ---- | M] () -- C:\Users\Hien\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000029
[2012/08/09 06:11:47 | 001,598,663 | ---- | M] () -- C:\Users\Hien\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00002a
[2012/08/09 06:11:55 | 000,017,328 | ---- | M] () -- C:\Users\Hien\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00002b
[2012/08/09 06:11:55 | 000,016,493 | ---- | M] () -- C:\Users\Hien\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00002c
[2012/08/09 06:11:55 | 000,018,203 | ---- | M] () -- C:\Users\Hien\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00002d
[2012/08/09 06:12:27 | 000,094,271 | ---- | M] () -- C:\Users\Hien\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00002e
[2012/08/09 06:12:30 | 002,025,020 | ---- | M] () -- C:\Users\Hien\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00002f
[2012/08/09 06:12:48 | 001,783,555 | ---- | M] () -- C:\Users\Hien\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000030
[2012/08/09 06:13:19 | 000,826,360 | ---- | M] () -- C:\Users\Hien\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000031
[2012/08/09 06:13:44 | 000,039,017 | ---- | M] () -- C:\Users\Hien\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000032
[2012/08/09 06:13:49 | 000,026,515 | ---- | M] () -- C:\Users\Hien\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000033
[2012/08/09 06:13:50 | 000,019,768 | ---- | M] () -- C:\Users\Hien\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000034
[2012/08/09 06:13:50 | 000,055,327 | ---- | M] () -- C:\Users\Hien\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000035
[2012/08/09 06:13:51 | 000,131,536 | ---- | M] () -- C:\Users\Hien\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000036
[2012/08/09 06:13:51 | 000,026,657 | ---- | M] () -- C:\Users\Hien\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000037
[2012/08/09 06:13:52 | 000,558,862 | ---- | M] () -- C:\Users\Hien\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000038
[2012/08/09 06:13:52 | 000,277,378 | ---- | M] () -- C:\Users\Hien\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000039
[2012/08/09 06:13:53 | 000,034,950 | ---- | M] () -- C:\Users\Hien\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00003a
[2012/08/09 06:13:55 | 000,017,276 | ---- | M] () -- C:\Users\Hien\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00003b
[2012/08/09 06:13:55 | 000,106,303 | ---- | M] () -- C:\Users\Hien\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00003c
[2012/08/09 06:13:57 | 000,041,712 | ---- | M] () -- C:\Users\Hien\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00003d
[2012/08/09 06:14:07 | 000,052,318 | ---- | M] () -- C:\Users\Hien\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00003e
[2012/08/09 06:14:07 | 000,028,765 | ---- | M] () -- C:\Users\Hien\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00003f
[2012/08/09 06:14:09 | 000,157,534 | ---- | M] () -- C:\Users\Hien\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000040
[2012/08/09 06:14:10 | 000,020,191 | ---- | M] () -- C:\Users\Hien\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000041
[2012/08/09 06:14:10 | 000,016,758 | ---- | M] () -- C:\Users\Hien\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000042
[2012/08/09 06:14:17 | 000,018,103 | ---- | M] () -- C:\Users\Hien\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000043
[2012/08/09 06:14:17 | 000,030,819 | ---- | M] () -- C:\Users\Hien\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000044
[2012/08/09 06:14:17 | 000,047,723 | ---- | M] () -- C:\Users\Hien\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000045
[2012/08/09 06:14:17 | 000,044,340 | ---- | M] () -- C:\Users\Hien\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000046
[2012/08/09 06:14:18 | 000,064,786 | ---- | M] () -- C:\Users\Hien\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000047
[2012/08/09 06:14:18 | 000,025,621 | ---- | M] () -- C:\Users\Hien\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000048
[2012/08/09 06:14:18 | 000,019,745 | ---- | M] () -- C:\Users\Hien\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000049
[2012/08/09 06:14:19 | 000,186,099 | ---- | M] () -- C:\Users\Hien\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00004a
[2012/08/09 06:14:19 | 000,026,018 | ---- | M] () -- C:\Users\Hien\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00004b
[2012/08/09 06:14:19 | 000,051,516 | ---- | M] () -- C:\Users\Hien\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00004c
[2012/08/09 06:14:19 | 000,021,296 | ---- | M] () -- C:\Users\Hien\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00004d
[2012/08/09 06:14:21 | 000,066,410 | ---- | M] () -- C:\Users\Hien\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00004e
[2012/08/09 06:14:21 | 000,060,607 | ---- | M] () -- C:\Users\Hien\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00004f
[2012/08/09 06:14:23 | 000,017,143 | ---- | M] () -- C:\Users\Hien\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000050
[2012/08/09 06:14:24 | 000,044,257 | ---- | M] () -- C:\Users\Hien\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000051
[2012/08/09 06:14:24 | 000,128,919 | ---- | M] () -- C:\Users\Hien\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000052
[2012/08/09 06:14:34 | 000,021,533 | ---- | M] () -- C:\Users\Hien\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000053
[2012/08/09 06:14:37 | 000,024,537 | ---- | M] () -- C:\Users\Hien\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000054
[2012/08/09 06:14:38 | 000,112,105 | ---- | M] () -- C:\Users\Hien\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000055
[2012/08/09 06:14:42 | 000,045,492 | ---- | M] () -- C:\Users\Hien\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000056
[2012/08/09 06:14:43 | 000,019,618 | ---- | M] () -- C:\Users\Hien\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000057
[2012/08/09 06:14:44 | 000,021,463 | ---- | M] () -- C:\Users\Hien\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000058
[2012/08/09 06:14:44 | 000,233,261 | ---- | M] () -- C:\Users\Hien\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000059
[2012/08/09 06:14:45 | 000,048,271 | ---- | M] () -- C:\Users\Hien\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00005a
[2012/08/09 06:14:46 | 000,071,335 | ---- | M] () -- C:\Users\Hien\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00005b
[2012/08/09 06:14:47 | 000,023,386 | ---- | M] () -- C:\Users\Hien\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00005c
[2012/08/09 06:14:48 | 000,102,512 | ---- | M] () -- C:\Users\Hien\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00005d
[2012/08/09 06:14:55 | 000,029,920 | ---- | M] () -- C:\Users\Hien\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00005e
[2012/08/09 06:14:55 | 001,456,138 | ---- | M] () -- C:\Users\Hien\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00005f
[2012/08/09 06:15:11 | 000,020,642 | ---- | M] () -- C:\Users\Hien\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000060
[2012/08/09 06:15:13 | 000,401,558 | ---- | M] () -- C:\Users\Hien\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000061
[2012/08/09 06:15:13 | 000,019,088 | ---- | M] () -- C:\Users\Hien\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000062
[2012/08/09 06:15:14 | 000,072,491 | ---- | M] () -- C:\Users\Hien\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000063
[2012/08/09 06:15:19 | 000,040,644 | ---- | M] () -- C:\Users\Hien\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000064
[2012/08/09 06:15:22 | 001,781,747 | ---- | M] () -- C:\Users\Hien\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000065
[2012/08/09 06:15:23 | 001,781,760 | ---- | M] () -- C:\Users\Hien\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000066
[2012/08/09 06:15:24 | 000,023,671 | ---- | M] () -- C:\Users\Hien\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000067
[2012/08/09 06:15:27 | 001,781,760 | ---- | M] () -- C:\Users\Hien\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000068
[2012/08/09 06:15:31 | 001,781,760 | ---- | M] () -- C:\Users\Hien\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000069
[2012/08/09 06:15:36 | 000,764,913 | ---- | M] () -- C:\Users\Hien\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00006a
[2012/08/09 06:16:03 | 000,034,506 | ---- | M] () -- C:\Users\Hien\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00006b
[2012/08/09 06:16:03 | 000,023,277 | ---- | M] () -- C:\Users\Hien\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00006c
[2012/08/09 06:16:03 | 000,016,527 | ---- | M] () -- C:\Users\Hien\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00006d
[2012/08/09 06:16:03 | 000,023,023 | ---- | M] () -- C:\Users\Hien\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00006e
[2012/08/09 06:16:03 | 000,023,034 | ---- | M] () -- C:\Users\Hien\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00006f
[2012/08/09 06:16:03 | 000,020,866 | ---- | M] () -- C:\Users\Hien\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000070
[2012/08/09 06:16:03 | 000,026,261 | ---- | M] () -- C:\Users\Hien\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000071
[2012/08/09 06:16:03 | 000,020,383 | ---- | M] () -- C:\Users\Hien\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000072
[2012/08/09 06:16:03 | 000,026,680 | ---- | M] () -- C:\Users\Hien\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000073
[2012/08/09 06:16:03 | 000,034,122 | ---- | M] () -- C:\Users\Hien\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000074
[2012/08/09 06:16:03 | 000,035,118 | ---- | M] () -- C:\Users\Hien\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000075
[2012/08/09 06:16:03 | 000,034,497 | ---- | M] () -- C:\Users\Hien\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000076
[2012/08/09 06:16:03 | 000,036,546 | ---- | M] () -- C:\Users\Hien\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000077
[2012/08/09 06:16:03 | 000,025,232 | ---- | M] () -- C:\Users\Hien\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000078
[2012/08/09 06:16:03 | 000,022,328 | ---- | M] () -- C:\Users\Hien\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000079
[2012/08/09 06:16:03 | 000,025,669 | ---- | M] () -- C:\Users\Hien\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00007a
[2012/08/09 06:16:03 | 000,034,563 | ---- | M] () -- C:\Users\Hien\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00007b
[2012/08/09 06:16:35 | 000,077,110 | ---- | M] () -- C:\Users\Hien\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00007c
[2012/08/09 06:16:38 | 000,021,246 | ---- | M] () -- C:\Users\Hien\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00007d
[2012/08/09 06:16:38 | 000,086,146 | ---- | M] () -- C:\Users\Hien\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00007e
[2012/08/09 06:17:14 | 000,078,407 | ---- | M] () -- C:\Users\Hien\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00007f
[2012/08/09 06:17:58 | 000,021,959 | ---- | M] () -- C:\Users\Hien\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000080
[2012/08/09 06:18:03 | 000,018,520 | ---- | M] () -- C:\Users\Hien\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000081
[2012/08/09 06:18:09 | 001,456,138 | ---- | M] () -- C:\Users\Hien\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000082
[2012/08/09 06:18:09 | 000,036,379 | ---- | M] () -- C:\Users\Hien\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000083
[2012/08/09 06:18:25 | 000,031,135 | ---- | M] () -- C:\Users\Hien\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000084
[2012/08/09 06:18:27 | 000,401,558 | ---- | M] () -- C:\Users\Hien\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000085
[2012/08/09 06:18:27 | 000,039,869 | ---- | M] () -- C:\Users\Hien\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000086
[2012/08/09 06:18:33 | 000,029,635 | ---- | M] () -- C:\Users\Hien\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000087
[2012/08/09 06:18:45 | 001,781,747 | ---- | M] () -- C:\Users\Hien\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000088
[2012/08/09 06:18:48 | 001,781,760 | ---- | M] () -- C:\Users\Hien\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000089
[2012/08/09 06:18:53 | 001,781,760 | ---- | M] () -- C:\Users\Hien\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00008a
[2012/08/09 06:18:59 | 001,781,760 | ---- | M] () -- C:\Users\Hien\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00008b
[2012/08/09 06:19:04 | 001,781,760 | ---- | M] () -- C:\Users\Hien\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00008c
[2012/08/09 06:19:17 | 001,781,760 | ---- | M] () -- C:\Users\Hien\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00008d
[2012/08/09 06:19:44 | 001,781,760 | ---- | M] () -- C:\Users\Hien\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00008e
[2012/08/09 06:19:50 | 001,781,760 | ---- | M] () -- C:\Users\Hien\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00008f
[2012/08/09 06:20:03 | 000,103,507 | ---- | M] () -- C:\Users\Hien\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000090
[2012/08/09 06:20:03 | 000,088,849 | ---- | M] () -- C:\Users\Hien\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000091
[2012/08/09 06:20:04 | 000,066,667 | ---- | M] () -- C:\Users\Hien\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000092
[2012/08/09 06:20:04 | 000,079,540 | ---- | M] () -- C:\Users\Hien\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000093
[2012/08/09 06:20:09 | 001,844,935 | ---- | M] () -- C:\Users\Hien\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000094
[2012/08/09 06:20:41 | 000,085,220 | ---- | M] () -- C:\Users\Hien\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000095
[2012/08/09 06:20:42 | 000,717,827 | ---- | M] () -- C:\Users\Hien\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000096
[2012/08/09 06:20:45 | 001,091,570 | ---- | M] () -- C:\Users\Hien\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000097
[2012/08/09 06:21:08 | 001,781,760 | ---- | M] () -- C:\Users\Hien\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000098
[2012/08/09 06:21:17 | 000,023,093 | ---- | M] () -- C:\Users\Hien\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000099
[2012/08/09 06:21:22 | 000,028,952 | ---- | M] () -- C:\Users\Hien\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00009a
[2012/08/09 06:21:22 | 000,034,656 | ---- | M] () -- C:\Users\Hien\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00009b
[2012/08/09 06:21:23 | 001,643,072 | ---- | M] () -- C:\Users\Hien\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00009c
[2012/08/09 06:21:23 | 000,035,494 | ---- | M] () -- C:\Users\Hien\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00009d
[2012/08/09 06:21:26 | 000,090,138 | ---- | M] () -- C:\Users\Hien\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00009e
[2012/08/09 06:21:27 | 000,101,314 | ---- | M] () -- C:\Users\Hien\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00009f
[2012/08/09 06:21:43 | 001,781,747 | ---- | M] () -- C:\Users\Hien\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0000a0
[2012/08/09 06:21:43 | 000,090,777 | ---- | M] () -- C:\Users\Hien\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0000a1
[2012/08/09 06:21:43 | 000,063,729 | ---- | M] () -- C:\Users\Hien\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0000a2
[2012/08/09 06:21:45 | 001,781,760 | ---- | M] () -- C:\Users\Hien\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0000a3
[2012/08/09 06:21:44 | 000,026,401 | ---- | M] () -- C:\Users\Hien\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0000a4
[2012/08/09 06:21:47 | 001,781,760 | ---- | M] () -- C:\Users\Hien\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0000a5
[2012/08/09 06:21:50 | 001,781,760 | ---- | M] () -- C:\Users\Hien\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0000a6
[2012/08/09 06:22:09 | 001,720,875 | ---- | M] () -- C:\Users\Hien\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0000a7
[2012/08/09 06:22:46 | 000,025,090 | ---- | M] () -- C:\Users\Hien\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0000a8
[2012/08/09 06:22:46 | 000,018,835 | ---- | M] () -- C:\Users\Hien\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0000a9
[2012/08/09 06:22:46 | 000,020,379 | ---- | M] () -- C:\Users\Hien\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0000aa
[2012/08/09 06:22:46 | 000,016,579 | ---- | M] () -- C:\Users\Hien\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0000ab
[2012/08/09 06:22:46 | 000,023,978 | ---- | M] () -- C:\Users\Hien\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0000ac
[2012/08/09 06:22:46 | 000,021,953 | ---- | M] () -- C:\Users\Hien\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0000ad
[2012/08/09 06:22:46 | 000,023,969 | ---- | M] () -- C:\Users\Hien\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0000ae
[2012/08/09 06:22:46 | 000,022,984 | ---- | M] () -- C:\Users\Hien\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0000af
[2012/08/09 06:22:46 | 000,027,439 | ---- | M] () -- C:\Users\Hien\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0000b0
[2012/08/09 06:22:46 | 000,018,760 | ---- | M] () -- C:\Users\Hien\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0000b1
[2012/08/09 06:22:46 | 000,024,045 | ---- | M] () -- C:\Users\Hien\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0000b2
[2012/08/09 06:22:46 | 000,017,179 | ---- | M] () -- C:\Users\Hien\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0000b3
[2012/08/09 06:22:46 | 000,018,474 | ---- | M] () -- C:\Users\Hien\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0000b4
[2012/08/09 06:22:46 | 000,017,954 | ---- | M] () -- C:\Users\Hien\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0000b5
[2012/08/09 06:22:46 | 000,022,760 | ---- | M] () -- C:\Users\Hien\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0000b6
[2012/08/09 06:22:46 | 000,025,626 | ---- | M] () -- C:\Users\Hien\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0000b7
[2012/08/09 06:23:02 | 000,077,629 | ---- | M] () -- C:\Users\Hien\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0000b8
[2012/08/09 06:23:03 | 000,071,169 | ---- | M] () -- C:\Users\Hien\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0000b9
[2012/08/09 06:23:58 | 000,031,591 | ---- | M] () -- C:\Users\Hien\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0000ba
[2012/08/09 06:24:01 | 000,020,167 | ---- | M] () -- C:\Users\Hien\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0000bb
[2012/08/09 06:24:03 | 001,781,747 | ---- | M] () -- C:\Users\Hien\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0000bc
[2012/08/09 06:24:04 | 000,017,284 | ---- | M] () -- C:\Users\Hien\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0000bd
[2012/08/09 06:24:04 | 001,781,760 | ---- | M] () -- C:\Users\Hien\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0000be
[2012/08/09 06:24:04 | 000,085,178 | ---- | M] () -- C:\Users\Hien\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0000bf
[2012/08/09 06:24:05 | 000,034,560 | ---- | M] () -- C:\Users\Hien\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0000c0
[2012/08/09 06:24:05 | 000,032,334 | ---- | M] () -- C:\Users\Hien\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0000c1
[2012/08/09 06:24:05 | 000,024,444 | ---- | M] () -- C:\Users\Hien\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0000c2
[2012/08/09 06:24:06 | 000,023,469 | ---- | M] () -- C:\Users\Hien\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0000c3
[2012/08/09 06:24:06 | 001,781,760 | ---- | M] () -- C:\Users\Hien\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0000c4
[2012/08/09 06:24:09 | 001,781,760 | ---- | M] () -- C:\Users\Hien\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0000c5
[2012/08/09 06:24:31 | 001,781,760 | ---- | M] () -- C:\Users\Hien\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0000c6
[2012/08/09 06:24:56 | 000,190,603 | ---- | M] () -- C:\Users\Hien\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0000c7
[2012/08/09 06:24:56 | 000,089,579 | ---- | M] () -- C:\Users\Hien\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0000c8
[2012/08/09 06:24:56 | 000,072,627 | ---- | M] () -- C:\Users\Hien\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0000c9
[2012/08/09 06:24:58 | 000,065,293 | ---- | M] () -- C:\Users\Hien\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0000ca
[2012/08/09 06:24:58 | 001,721,924 | ---- | M] () -- C:\Users\Hien\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0000cb
[2012/08/09 06:25:00 | 001,781,760 | ---- | M] () -- C:\Users\Hien\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0000cc
[2012/08/09 06:25:02 | 001,076,259 | ---- | M] () -- C:\Users\Hien\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0000cd
[2012/08/09 06:25:02 | 000,059,260 | ---- | M] () -- C:\Users\Hien\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0000ce
[2012/08/09 06:25:04 | 001,781,760 | ---- | M] () -- C:\Users\Hien\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0000cf
[2012/08/09 06:25:06 | 001,781,760 | ---- | M] () -- C:\Users\Hien\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0000d0
[2012/08/09 06:25:20 | 001,781,760 | ---- | M] () -- C:\Users\Hien\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0000d1
[2012/08/09 06:25:30 | 001,212,895 | ---- | M] () -- C:\Users\Hien\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0000d2
[2012/08/09 06:25:30 | 000,367,920 | ---- | M] () -- C:\Users\Hien\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0000d3
[2012/08/09 06:25:31 | 000,056,634 | ---- | M] () -- C:\Users\Hien\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0000d4
[2012/08/09 06:25:33 | 002,133,675 | ---- | M] () -- C:\Users\Hien\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0000d5
[2012/08/09 06:25:34 | 001,018,587 | ---- | M] () -- C:\Users\Hien\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0000d6
[2012/08/09 06:25:36 | 001,560,740 | ---- | M] () -- C:\Users\Hien\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0000d7
[2012/08/09 06:25:42 | 001,001,412 | ---- | M] () -- C:\Users\Hien\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0000d8
[2012/08/09 06:25:38 | 000,654,805 | ---- | M] () -- C:\Users\Hien\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0000d9
[2012/08/09 06:25:38 | 000,036,500 | ---- | M] () -- C:\Users\Hien\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0000da
[2012/08/09 06:25:40 | 000,491,528 | ---- | M] () -- C:\Users\Hien\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0000db
[2012/08/09 06:25:41 | 000,335,800 | ---- | M] () -- C:\Users\Hien\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0000dc
[2012/08/09 06:26:16 | 001,781,760 | ---- | M] () -- C:\Users\Hien\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0000dd
[2012/08/09 06:26:50 | 001,781,760 | ---- | M] () -- C:\Users\Hien\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0000de
[2012/08/09 06:27:08 | 000,844,847 | ---- | M] () -- C:\Users\Hien\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0000df
[2012/08/09 06:27:10 | 001,461,564 | ---- | M] () -- C:\Users\Hien\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0000e0
[2012/08/09 06:27:12 | 000,693,500 | ---- | M] () -- C:\Users\Hien\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0000e1
[2012/08/09 06:27:14 | 001,958,989 | ---- | M] () -- C:\Users\Hien\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0000e2
[2012/08/09 06:27:33 | 000,031,567 | ---- | M] () -- C:\Users\Hien\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0000e3
[2012/08/09 06:27:47 | 002,329,829 | ---- | M] () -- C:\Users\Hien\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0000e4
[2012/08/11 13:20:37 | 000,033,102 | ---- | M] () -- C:\Users\Hien\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0000e5
[2012/08/11 13:20:40 | 000,018,451 | ---- | M] () -- C:\Users\Hien\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0000e6
[2012/08/11 13:20:40 | 000,029,137 | ---- | M] () -- C:\Users\Hien\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0000e7
[2012/08/11 13:21:08 | 000,134,397 | ---- | M] () -- C:\Users\Hien\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0000e8
[2012/08/11 13:21:09 | 000,213,268 | ---- | M] () -- C:\Users\Hien\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0000e9
[2012/08/11 13:21:09 | 000,025,518 | ---- | M] () -- C:\Users\Hien\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0000ea
[2012/08/11 13:21:10 | 000,016,705 | ---- | M] () -- C:\Users\Hien\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0000eb
[2012/08/11 13:21:10 | 000,029,158 | ---- | M] () -- C:\Users\Hien\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0000ec
[2012/08/11 13:21:10 | 000,029,027 | ---- | M] () -- C:\Users\Hien\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0000ed
[2012/08/11 13:21:10 | 000,022,173 | ---- | M] () -- C:\Users\Hien\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0000ee
[2012/08/11 13:21:11 | 000,022,515 | ---- | M] () -- C:\Users\Hien\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0000ef
[2012/08/11 13:21:11 | 000,020,662 | ---- | M] () -- C:\Users\Hien\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0000f0
[2012/08/11 13:21:11 | 000,019,559 | ---- | M] () -- C:\Users\Hien\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0000f1
[2012/08/11 13:21:11 | 000,022,189 | ---- | M] () -- C:\Users\Hien\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0000f2
[2012/08/11 13:21:11 | 000,020,110 | ---- | M] () -- C:\Users\Hien\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0000f3
[2012/08/11 13:21:12 | 000,023,573 | ---- | M] () -- C:\Users\Hien\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0000f4
[2012/08/11 13:21:12 | 000,021,590 | ---- | M] () -- C:\Users\Hien\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0000f5
[2012/08/11 13:21:12 | 000,027,984 | ---- | M] () -- C:\Users\Hien\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0000f6
[2012/08/11 13:21:13 | 000,019,931 | ---- | M] () -- C:\Users\Hien\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0000f7
[2012/08/11 13:21:15 | 000,023,312 | ---- | M] () -- C:\Users\Hien\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0000f8
[2012/08/11 13:21:29 | 000,032,184 | ---- | M] () -- C:\Users\Hien\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0000f9
[2012/08/11 13:21:29 | 000,023,554 | ---- | M] () -- C:\Users\Hien\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0000fa
[2012/08/11 13:21:30 | 000,310,058 | ---- | M] () -- C:\Users\Hien\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0000fb
[2012/08/11 13:21:30 | 000,075,345 | ---- | M] () -- C:\Users\Hien\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0000fc
[2012/08/11 13:21:39 | 000,032,722 | ---- | M] () -- C:\Users\Hien\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0000fd
[2012/08/11 13:21:42 | 000,052,938 | ---- | M] () -- C:\Users\Hien\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0000fe
[2012/08/11 13:21:43 | 000,063,962 | ---- | M] () -- C:\Users\Hien\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0000ff
[2012/08/11 13:21:44 | 000,026,738 | ---- | M] () -- C:\Users\Hien\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000100
[2012/08/11 13:21:44 | 000,018,397 | ---- | M] () -- C:\Users\Hien\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000101
[2012/08/11 13:22:41 | 000,026,607 | ---- | M] () -- C:\Users\Hien\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000102
[2012/08/11 13:22:42 | 000,034,518 | ---- | M] () -- C:\Users\Hien\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000103
[2012/08/11 13:22:43 | 000,032,978 | ---- | M] () -- C:\Users\Hien\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000104
[2012/08/11 13:22:47 | 000,022,592 | ---- | M] () -- C:\Users\Hien\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000105
[2012/08/11 13:23:18 | 000,028,171 | ---- | M] () -- C:\Users\Hien\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000106
[2012/08/11 13:23:22 | 000,020,808 | ---- | M] () -- C:\Users\Hien\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000107
[2012/08/11 13:23:23 | 000,016,960 | ---- | M] () -- C:\Users\Hien\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000108
[2012/08/11 13:23:23 | 000,023,367 | ---- | M] () -- C:\Users\Hien\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000109
[2012/08/11 13:23:23 | 000,030,374 | ---- | M] () -- C:\Users\Hien\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00010a
[2012/08/11 13:23:23 | 000,021,410 | ---- | M] () -- C:\Users\Hien\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00010b
[2012/08/11 13:23:24 | 000,032,860 | ---- | M] () -- C:\Users\Hien\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00010c
[2012/08/11 13:23:39 | 000,035,328 | ---- | M] () -- C:\Users\Hien\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00010d
[2012/08/11 13:23:40 | 000,037,782 | ---- | M] () -- C:\Users\Hien\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00010e
[2012/08/11 13:23:40 | 000,018,397 | ---- | M] () -- C:\Users\Hien\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00010f
[2012/08/11 13:23:42 | 000,520,033 | ---- | M] () -- C:\Users\Hien\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000110
[2012/08/11 13:24:56 | 000,019,206 | ---- | M] () -- C:\Users\Hien\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000111
[2012/08/11 13:24:56 | 000,050,388 | ---- | M] () -- C:\Users\Hien\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000112
[2012/08/11 13:25:26 | 000,034,925 | ---- | M] () -- C:\Users\Hien\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000113
[2012/08/11 13:25:26 | 000,024,149 | ---- | M] () -- C:\Users\Hien\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000114
[2012/08/11 13:25:55 | 000,157,555 | ---- | M] () -- C:\Users\Hien\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000116
[2012/08/11 13:25:57 | 000,027,009 | ---- | M] () -- C:\Users\Hien\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000119
[2012/08/11 13:25:58 | 000,036,583 | ---- | M] () -- C:\Users\Hien\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00011a
[2012/08/11 13:25:58 | 000,020,284 | ---- | M] () -- C:\Users\Hien\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00011b
[2012/08/11 13:25:58 | 000,023,401 | ---- | M] () -- C:\Users\Hien\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00011c
[2012/08/11 13:25:59 | 000,095,640 | ---- | M] () -- C:\Users\Hien\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00011d
[2012/08/11 13:25:59 | 000,017,865 | ---- | M] () -- C:\Users\Hien\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00011e
[2012/08/11 13:26:00 | 000,024,966 | ---- | M] () -- C:\Users\Hien\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00011f
[2012/08/11 13:26:01 | 000,506,807 | ---- | M] () -- C:\Users\Hien\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000120
[2012/08/11 13:26:02 | 000,031,107 | ---- | M] () -- C:\Users\Hien\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000121
[2012/08/11 13:26:02 | 000,028,136 | ---- | M] () -- C:\Users\Hien\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000122
[2012/08/11 13:26:32 | 000,026,607 | ---- | M] () -- C:\Users\Hien\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000123
[2012/08/11 13:26:32 | 000,026,299 | ---- | M] () -- C:\Users\Hien\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000124
[2012/08/11 13:26:48 | 000,018,397 | ---- | M] () -- C:\Users\Hien\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000125
[2012/08/11 13:26:48 | 000,035,165 | ---- | M] () -- C:\Users\Hien\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000126
[2012/08/11 13:26:48 | 000,098,938 | ---- | M] () -- C:\Users\Hien\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000127
[2012/08/11 13:26:48 | 000,059,242 | ---- | M] () -- C:\Users\Hien\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000128
[2012/08/11 13:26:48 | 000,018,397 | ---- | M] () -- C:\Users\Hien\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000129
[2012/08/11 13:27:05 | 000,030,825 | ---- | M] () -- C:\Users\Hien\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00012a
[2012/08/11 13:27:24 | 000,019,675 | ---- | M] () -- C:\Users\Hien\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00012b
[2012/08/11 13:27:24 | 000,017,841 | ---- | M] () -- C:\Users\Hien\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00012c
[2012/08/11 13:27:25 | 000,017,999 | ---- | M] () -- C:\Users\Hien\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00012d
[2012/08/11 13:28:29 | 000,019,749 | ---- | M] () -- C:\Users\Hien\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00012f
[2012/08/11 13:28:31 | 000,026,452 | ---- | M] () -- C:\Users\Hien\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000130
[2012/08/11 13:28:31 | 000,052,898 | ---- | M] () -- C:\Users\Hien\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000131
[2012/08/11 13:28:49 | 000,025,735 | ---- | M] () -- C:\Users\Hien\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000132
[2012/08/11 13:28:50 | 000,020,071 | ---- | M] () -- C:\Users\Hien\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000133
[2012/08/11 13:28:52 | 000,040,670 | ---- | M] () -- C:\Users\Hien\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000134
[2012/08/11 13:28:55 | 000,018,161 | ---- | M] () -- C:\Users\Hien\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000135
[2012/08/11 13:28:55 | 000,040,739 | ---- | M] () -- C:\Users\Hien\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000136
[2012/08/11 13:28:55 | 000,019,378 | ---- | M] () -- C:\Users\Hien\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000137
[2012/08/11 13:28:55 | 000,019,605 | ---- | M] () -- C:\Users\Hien\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000138
[2012/08/11 13:28:56 | 000,019,605 | ---- | M] () -- C:\Users\Hien\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000139
[2012/08/11 13:28:56 | 000,019,721 | ---- | M] () -- C:\Users\Hien\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00013a
[2012/08/11 13:28:56 | 000,019,721 | ---- | M] () -- C:\Users\Hien\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00013b
[2012/08/11 13:28:56 | 000,019,378 | ---- | M] () -- C:\Users\Hien\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00013c
[2012/08/11 13:28:57 | 000,108,242 | ---- | M] () -- C:\Users\Hien\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00013d
[2012/08/11 13:28:59 | 000,031,650 | ---- | M] () -- C:\Users\Hien\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00013e
[2012/08/11 13:28:59 | 000,027,282 | ---- | M] () -- C:\Users\Hien\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00013f
[2012/08/11 13:28:59 | 000,043,555 | ---- | M] () -- C:\Users\Hien\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000140
[2012/08/11 13:29:00 | 000,119,871 | ---- | M] () -- C:\Users\Hien\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000141
[2012/08/11 13:29:22 | 000,025,448 | ---- | M] () -- C:\Users\Hien\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000142
[2012/08/11 13:29:22 | 000,039,947 | ---- | M] () -- C:\Users\Hien\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000143
[2012/08/11 13:29:22 | 000,020,191 | ---- | M] () -- C:\Users\Hien\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000144
[2012/08/11 13:29:25 | 000,019,523 | ---- | M] () -- C:\Users\Hien\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000145
[2012/08/11 13:29:31 | 000,033,220 | ---- | M] () -- C:\Users\Hien\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000146
[2012/08/11 13:29:31 | 000,019,738 | ---- | M] () -- C:\Users\Hien\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000147
[2012/08/11 13:29:33 | 000,029,789 | ---- | M] () -- C:\Users\Hien\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000148
[2012/08/11 13:29:34 | 000,046,960 | ---- | M] () -- C:\Users\Hien\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000149
[2012/08/11 13:29:37 | 000,050,879 | ---- | M] () -- C:\Users\Hien\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00014a
[2012/08/11 13:29:37 | 000,018,374 | ---- | M] () -- C:\Users\Hien\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00014b
[2012/08/11 13:29:38 | 000,045,348 | ---- | M] () -- C:\Users\Hien\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00014c
[2012/08/11 13:29:38 | 000,060,461 | ---- | M] () -- C:\Users\Hien\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00014d
[2012/08/11 13:29:38 | 000,017,012 | ---- | M] () -- C:\Users\Hien\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00014e
[2012/08/11 13:29:39 | 000,017,079 | ---- | M] () -- C:\Users\Hien\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00014f
[2012/08/11 13:30:05 | 000,059,574 | ---- | M] () -- C:\Users\Hien\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000150
[2012/08/11 13:30:46 | 000,093,868 | ---- | M] () -- C:\Users\Hien\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000151
[2012/08/11 13:31:00 | 000,030,590 | ---- | M] () -- C:\Users\Hien\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000152
[2012/08/11 13:31:01 | 000,034,697 | ---- | M] () -- C:\Users\Hien\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000153
[2012/08/11 13:31:05 | 000,149,223 | ---- | M] () -- C:\Users\Hien\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000154
[2012/08/11 13:31:06 | 000,017,334 | ---- | M] () -- C:\Users\Hien\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000155
[2012/08/11 13:31:19 | 000,022,574 | ---- | M] () -- C:\Users\Hien\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000156
[2012/08/11 13:31:26 | 000,020,408 | ---- | M] () -- C:\Users\Hien\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000157
[2012/08/11 13:31:35 | 000,017,669 | ---- | M] () -- C:\Users\Hien\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000158
[2012/08/11 13:31:36 | 000,020,489 | ---- | M] () -- C:\Users\Hien\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000159
[2012/08/11 13:31:39 | 000,024,966 | ---- | M] () -- C:\Users\Hien\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00015a
[2012/08/11 13:31:41 | 000,033,385 | ---- | M] () -- C:\Users\Hien\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00015b
[2012/08/11 13:32:02 | 000,025,896 | ---- | M] () -- C:\Users\Hien\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00015c
[2012/08/11 13:32:04 | 000,026,607 | ---- | M] () -- C:\Users\Hien\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00015d
[2012/08/11 13:32:04 | 000,026,607 | ---- | M] () -- C:\Users\Hien\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00015e
[2012/08/11 13:32:10 | 000,018,397 | ---- | M] () -- C:\Users\Hien\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00015f
[2012/08/11 13:32:57 | 000,034,518 | ---- | M] () -- C:\Users\Hien\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000160
[2012/08/11 13:32:58 | 000,024,407 | ---- | M] () -- C:\Users\Hien\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000161
[2012/08/11 13:33:24 | 000,034,518 | ---- | M] () -- C:\Users\Hien\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000162
[2012/08/11 13:33:41 | 000,032,978 | ---- | M] () -- C:\Users\Hien\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000163
[2012/08/11 13:33:41 | 000,032,978 | ---- | M] () -- C:\Users\Hien\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000164
[2012/08/11 13:34:47 | 000,017,823 | ---- | M] () -- C:\Users\Hien\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000165
[2012/08/11 13:34:47 | 000,025,657 | ---- | M] () -- C:\Users\Hien\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000166
[2012/08/11 13:34:50 | 000,042,527 | ---- | M] () -- C:\Users\Hien\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000167
[2012/08/11 13:35:23 | 000,028,516 | ---- | M] () -- C:\Users\Hien\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000168
[2012/08/11 13:35:23 | 000,017,079 | ---- | M] () -- C:\Users\Hien\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000169
[2012/08/11 13:35:33 | 000,021,118 | ---- | M] () -- C:\Users\Hien\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00016a
[2012/08/11 13:36:23 | 000,053,728 | ---- | M] () -- C:\Users\Hien\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00016b
[2012/08/11 13:36:27 | 000,016,506 | ---- | M] () -- C:\Users\Hien\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00016c
[2012/08/11 13:36:29 | 000,016,706 | ---- | M] () -- C:\Users\Hien\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00016d
[2012/08/11 13:36:31 | 000,018,440 | ---- | M] () -- C:\Users\Hien\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00016e
[2012/08/11 13:36:32 | 000,063,028 | ---- | M] () -- C:\Users\Hien\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00016f
[2012/08/11 13:36:33 | 000,017,156 | ---- | M] () -- C:\Users\Hien\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000170
[2012/08/11 13:36:34 | 000,028,001 | ---- | M] () -- C:\Users\Hien\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000171
[2012/08/11 13:36:34 | 000,029,848 | ---- | M] () -- C:\Users\Hien\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000172
[2012/08/11 13:36:34 | 000,043,626 | ---- | M] () -- C:\Users\Hien\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000173
[2012/08/11 13:36:35 | 000,030,097 | ---- | M] () -- C:\Users\Hien\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000174
[2012/08/11 13:36:36 | 000,078,558 | ---- | M] () -- C:\Users\Hien\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000175
[2012/08/11 13:36:38 | 000,128,214 | ---- | M] () -- C:\Users\Hien\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000176
[2012/08/11 13:36:40 | 000,050,692 | ---- | M] () -- C:\Users\Hien\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000177
[2012/08/11 13:36:43 | 000,032,877 | ---- | M] () -- C:\Users\Hien\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000178
[2012/08/11 13:36:43 | 000,019,514 | ---- | M] () -- C:\Users\Hien\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000179
[2012/08/11 13:37:08 | 000,050,829 | ---- | M] () -- C:\Users\Hien\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00017a
[2012/08/11 13:37:09 | 000,050,493 | ---- | M] () -- C:\Users\Hien\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00017b
[2012/08/11 13:37:14 | 000,049,450 | ---- | M] () -- C:\Users\Hien\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00017c
[2012/08/11 13:37:16 | 000,050,860 | ---- | M] () -- C:\Users\Hien\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00017d
[2012/08/11 13:37:23 | 000,037,439 | ---- | M] () -- C:\Users\Hien\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00017e
[2012/08/11 13:37:27 | 000,028,660 | ---- | M] () -- C:\Users\Hien\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00017f
[2012/08/11 13:37:28 | 000,028,639 | ---- | M] () -- C:\Users\Hien\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000180
[2012/08/11 13:37:29 | 000,017,629 | ---- | M] () -- C:\Users\Hien\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000181
[2012/08/11 13:37:30 | 000,020,572 | ---- | M] () -- C:\Users\Hien\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000182
[2012/08/11 13:39:01 | 000,029,155 | ---- | M] () -- C:\Users\Hien\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000183
[2012/08/11 13:40:19 | 000,029,848 | ---- | M] () -- C:\Users\Hien\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000184
[2012/08/11 13:40:22 | 000,030,446 | ---- | M] () -- C:\Users\Hien\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000185
[2012/08/11 13:40:34 | 000,075,367 | ---- | M] () -- C:\Users\Hien\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000186
[2012/08/09 05:57:08 | 000,524,656 | ---- | M] () -- C:\Users\Hien\AppData\Local\Google\Chrome\User Data\Default\Cache\index

Tokxia

Newbie Surfer
Newbie Surfer

Posts : 28
Joined : 2011-09-03
Operating System : HP

View user profile

Back to top Go down

Re: Help with Virus/Maleware

Post by Tokxia on Sun 12 Aug 2012, 10:28 am

OTL part 4/4



M] () -- C:\Users\Hien\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_disqus.com_0.localstorage
[2012/08/11 13:21:41 | 000,003,608 | ---- | M] () -- C:\Users\Hien\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_disqus.com_0.localstorage-journal
[2012/08/09 06:21:15 | 000,003,072 | ---- | M] () -- C:\Users\Hien\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.nbcolympics.com_0.localstorage
[2012/08/09 06:21:15 | 000,003,608 | ---- | M] () -- C:\Users\Hien\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.nbcolympics.com_0.localstorage-journal
[2012/08/09 06:27:09 | 000,003,072 | ---- | M] () -- C:\Users\Hien\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.youtube.com_0.localstorage
[2012/08/09 06:27:09 | 000,003,608 | ---- | M] () -- C:\Users\Hien\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.youtube.com_0.localstorage-journal
[2012/08/09 06:27:44 | 000,000,275 | ---- | M] () -- C:\Users\Hien\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\LURBLHU6\s.ytimg.com\videostats.sol
[2012/08/09 06:14:45 | 000,000,044 | ---- | M] () -- C:\Users\Hien\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\LURBLHU6\[You must be registered and logged in to see this link.]
[2012/08/11 13:21:30 | 000,000,487 | ---- | M] () -- C:\Users\Hien\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\macromedia.com\support\flashplayer\sys\settings.sol
[2012/08/11 13:21:30 | 000,000,090 | ---- | M] () -- C:\Users\Hien\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\macromedia.com\support\flashplayer\sys\#cdnbakmi.kaltura.com\settings.sol
[2012/08/07 01:49:02 | 000,000,081 | ---- | M] () -- C:\Users\Hien\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\macromedia.com\support\flashplayer\sys\#s.ytimg.com\settings.sol
[2012/08/07 01:48:36 | 000,000,081 | ---- | M] () -- C:\Users\Hien\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\macromedia.com\support\flashplayer\sys\#s0.2mdn.net\settings.sol
[2012/08/09 06:14:45 | 000,000,089 | ---- | M] () -- C:\Users\Hien\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\macromedia.com\support\flashplayer\sys\#[You must be registered and logged in to see this link.]
[2012/08/07 00:48:12 | 000,000,000 | ---- | M] () -- C:\Users\Hien\AppData\Local\Google\Chrome\User Data\Default\User StyleSheets\Custom.css
[2012/08/07 00:54:20 | 000,100,864 | ---- | M] () -- C:\Users\Hien\AppData\Local\Google\Chrome\User Data\SwiftShader\1.0.0.3\libEGL.dll
[2012/08/07 00:54:20 | 004,051,456 | ---- | M] () -- C:\Users\Hien\AppData\Local\Google\Chrome\User Data\SwiftShader\1.0.0.3\libGLESv2.dll
[2012/08/07 00:54:20 | 000,000,202 | ---- | M] () -- C:\Users\Hien\AppData\Local\Google\Chrome\User Data\SwiftShader\1.0.0.3\manifest.json

< %USERPROFILE%\AppData\Local\ /s >

< %systemroot%\Installer\ /s >

< %systemroot%\system32\Cache\ /s >

< %systemroot%\system32\config\systemprofile\Application Data /s >

< %PROGRAMFILES%\*. >
[2010/08/16 00:52:35 | 000,000,000 | ---D | M] -- C:\Program Files\Adobe
[2012/01/30 04:19:37 | 000,000,000 | ---D | M] -- C:\Program Files\Apple Software Update
[2009/04/13 21:32:50 | 000,000,000 | ---D | M] -- C:\Program Files\Audacity
[2012/07/12 01:38:33 | 000,000,000 | ---D | M] -- C:\Program Files\AVG Secure Search
[2012/01/30 04:15:42 | 000,000,000 | ---D | M] -- C:\Program Files\Bonjour
[2009/07/14 18:38:12 | 000,000,000 | ---D | M] -- C:\Program Files\CCleaner
[2012/08/08 00:59:54 | 000,000,000 | ---D | M] -- C:\Program Files\Common Files
[2012/06/24 22:16:21 | 000,000,000 | ---D | M] -- C:\Program Files\Dropbox
[2009/09/12 20:14:53 | 000,000,000 | ---D | M] -- C:\Program Files\ESET
[2010/06/03 14:04:25 | 000,000,000 | ---D | M] -- C:\Program Files\ffdshow
[2012/08/09 03:53:22 | 000,000,000 | ---D | M] -- C:\Program Files\Google
[2009/04/09 23:49:56 | 000,000,000 | ---D | M] -- C:\Program Files\Hewlett-Packard
[2009/04/09 23:50:15 | 000,000,000 | ---D | M] -- C:\Program Files\HP
[2009/07/31 21:43:38 | 000,000,000 | ---D | M] -- C:\Program Files\iDump (Freeware)
[2010/01/15 02:13:11 | 000,000,000 | -H-D | M] -- C:\Program Files\InstallShield Installation Information
[2009/03/03 19:26:43 | 000,000,000 | ---D | M] -- C:\Program Files\Intel
[2012/08/06 01:51:50 | 000,000,000 | ---D | M] -- C:\Program Files\Internet Explorer
[2008/08/18 11:07:48 | 000,000,000 | ---D | M] -- C:\Program Files\InterVideo
[2009/09/11 23:15:27 | 000,000,000 | ---D | M] -- C:\Program Files\iPhone Configuration Utility
[2012/04/13 21:22:52 | 000,000,000 | ---D | M] -- C:\Program Files\iPod
[2012/04/13 21:24:12 | 000,000,000 | ---D | M] -- C:\Program Files\iTunes
[2012/07/18 04:56:47 | 000,000,000 | ---D | M] -- C:\Program Files\Java
[2010/11/04 19:54:07 | 000,000,000 | ---D | M] -- C:\Program Files\Lame For Audacity
[2009/03/03 19:16:01 | 000,000,000 | ---D | M] -- C:\Program Files\ltmoh
[2012/08/09 04:09:58 | 000,000,000 | ---D | M] -- C:\Program Files\Malwarebytes' Anti-Malware
[2006/11/02 05:37:34 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Games
[2011/08/01 01:38:20 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Office
[2012/08/06 02:03:32 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Silverlight
[2009/03/03 19:02:31 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Visual Studio
[2009/04/07 22:14:15 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Visual Studio 8
[2009/06/16 02:29:28 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Works
[2010/11/28 05:20:05 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft.NET
[2011/03/09 17:45:11 | 000,000,000 | ---D | M] -- C:\Program Files\Millisecond Software
[2010/12/10 16:47:57 | 000,000,000 | ---D | M] -- C:\Program Files\Movie Maker
[2012/08/11 13:34:16 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox
[2012/08/11 13:34:18 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Maintenance Service
[2009/04/07 22:16:54 | 000,000,000 | ---D | M] -- C:\Program Files\MSBuild
[2008/08/18 11:43:18 | 000,000,000 | ---D | M] -- C:\Program Files\MSXML 4.0
[2010/12/06 10:59:39 | 000,000,000 | ---D | M] -- C:\Program Files\ooVoo
[2012/07/18 04:59:42 | 000,000,000 | ---D | M] -- C:\Program Files\Oracle
[2011/08/03 22:20:48 | 000,000,000 | ---D | M] -- C:\Program Files\Pando Networks
[2009/09/15 17:55:02 | 000,000,000 | ---D | M] -- C:\Program Files\PeerGuardian2
[2012/04/13 03:03:13 | 000,000,000 | ---D | M] -- C:\Program Files\QuickTime
[2009/03/03 19:13:31 | 000,000,000 | ---D | M] -- C:\Program Files\Realtek
[2006/11/02 05:37:34 | 000,000,000 | ---D | M] -- C:\Program Files\Reference Assemblies
[2011/03/02 14:36:43 | 000,000,000 | ---D | M] -- C:\Program Files\Research In Motion
[2010/12/09 15:39:02 | 000,000,000 | ---D | M] -- C:\Program Files\SafeConnect
[2011/01/08 00:27:32 | 000,000,000 | ---D | M] -- C:\Program Files\Search Toolbar
[2009/04/12 12:30:48 | 000,000,000 | ---D | M] -- C:\Program Files\Sony
[2009/03/03 19:20:27 | 000,000,000 | ---D | M] -- C:\Program Files\Synaptics
[2009/04/04 23:56:25 | 000,000,000 | ---D | M] -- C:\Program Files\The Extractor
[2009/04/07 22:53:25 | 000,000,000 | ---D | M] -- C:\Program Files\Toshiba
[2008/08/18 10:57:38 | 000,000,000 | ---D | M] -- C:\Program Files\TOSHIBA Games
[2008/08/18 11:18:53 | 000,000,000 | ---D | M] -- C:\Program Files\Toshiba Registration
[2008/08/18 11:03:34 | 000,000,000 | ---D | M] -- C:\Program Files\Ulead Systems
[2006/11/02 06:01:55 | 000,000,000 | -H-D | M] -- C:\Program Files\Uninstall Information
[2010/06/01 20:07:20 | 000,000,000 | ---D | M] -- C:\Program Files\VASST
[2010/01/15 02:01:20 | 000,000,000 | ---D | M] -- C:\Program Files\Vernier Software
[2010/03/22 21:07:15 | 000,000,000 | ---D | M] -- C:\Program Files\Viewpoint
[2009/04/12 12:31:41 | 000,000,000 | ---D | M] -- C:\Program Files\Vstplugins
[2010/01/15 03:16:21 | 000,000,000 | ---D | M] -- C:\Program Files\Wavefunction
[2009/08/13 20:49:28 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Calendar
[2009/08/13 20:49:28 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Collaboration
[2009/08/13 20:49:27 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Defender
[2012/08/06 01:51:51 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Journal
[2012/08/06 01:51:48 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Mail
[2008/08/18 11:07:17 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Media Components
[2010/12/10 16:48:03 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Media Player
[2006/11/02 05:37:34 | 000,000,000 | ---D | M] -- C:\Program Files\Windows NT
[2009/08/13 20:49:27 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Photo Gallery
[2009/11/17 04:43:32 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Portable Devices
[2009/08/13 20:49:28 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Sidebar
[2009/07/05 19:05:30 | 000,000,000 | ---D | M] -- C:\Program Files\WinRAR
[2009/06/27 22:26:23 | 000,000,000 | ---D | M] -- C:\Program Files\Yahoo!

< %appdata%\*.* >
[2011/03/02 14:41:15 | 000,001,147 | ---- | M] () -- C:\Users\Hien\AppData\Roaming\Rim.Desktop.HttpServerSetup.log
[2010/10/12 13:54:01 | 000,002,314 | ---- | M] () -- C:\Users\Hien\AppData\Roaming\SAS7_000.DAT

< MD5 for: AFD.SYS >
[2011/04/21 06:58:27 | 000,273,408 | ---- | M] (Microsoft Corporation) MD5=3911B972B55FEA0478476B2E777B29FA -- C:\Windows\System32\drivers\afd.sys
[2011/04/21 06:58:27 | 000,273,408 | ---- | M] (Microsoft Corporation) MD5=3911B972B55FEA0478476B2E777B29FA -- C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.0.6002.18457_none_d99fb42e5bb59d9b\afd.sys
[2011/04/21 06:16:42 | 000,273,408 | ---- | M] (Microsoft Corporation) MD5=48EB99503533C27AC6135648E5474457 -- C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.0.6001.18639_none_d7d0e0cc5e7d461c\afd.sys
[2011/04/21 06:28:53 | 000,273,920 | ---- | M] (Microsoft Corporation) MD5=70EE0FC7A0F384DBD929A01384AEEB4B -- C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.0.6002.22629_none_da4bc33774b91967\afd.sys
[2008/01/20 19:24:17 | 000,273,920 | ---- | M] (Microsoft Corporation) MD5=763E172A55177E478CB419F88FD0BA03 -- C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.0.6001.18000_none_d7e842925e6d1f50\afd.sys
[2009/04/10 21:47:03 | 000,273,920 | ---- | M] (Microsoft Corporation) MD5=A201207363AA900ABF1A388468688570 -- C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.0.6002.18005_none_d9d3bb9e5b8eea9c\afd.sys
[2011/04/21 06:12:21 | 000,273,920 | ---- | M] (Microsoft Corporation) MD5=C8AF25017CECB75906A571AC70D2D306 -- C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.0.6001.22905_none_d876efff77862705\afd.sys

< MD5 for: ATAPI.SYS >
[2008/03/11 23:38:18 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=0D83C87A801A3DFCD1BF73893FE7518C -- C:\Windows\System32\drivers\atapi.sys
[2008/03/11 23:38:18 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=0D83C87A801A3DFCD1BF73893FE7518C -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_4c9c5a00\atapi.sys
[2008/03/11 23:38:18 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=0D83C87A801A3DFCD1BF73893FE7518C -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18034_none_dd1bb97e219e87cb\atapi.sys
[2009/04/10 23:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys
[2009/04/10 23:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2008/01/20 19:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008/01/20 19:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006/11/02 02:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
[2008/03/11 23:24:20 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=96DC4E1A9F90CCD489950A8935425C59 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.22134_none_dda556493abc2795\atapi.sys

< MD5 for: CRYPTSVC.DLL >
[2008/01/20 19:24:35 | 000,128,000 | ---- | M] (Microsoft Corporation) MD5=6DE363F9F99334514C46AEC02D3E3678 -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.0.6001.18000_none_75ff99649acf4de9\cryptsvc.dll
[2012/04/23 09:00:53 | 000,133,120 | ---- | M] (Microsoft Corporation) MD5=75C6A297E364014840B48ECCD7525E30 -- C:\Windows\System32\cryptsvc.dll
[2012/04/23 09:00:53 | 000,133,120 | ---- | M] (Microsoft Corporation) MD5=75C6A297E364014840B48ECCD7525E30 -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.0.6002.18618_none_77e34ec697f67015\cryptsvc.dll
[2012/04/23 07:48:06 | 000,135,168 | ---- | M] (Microsoft Corporation) MD5=C979AEA8C4D8F875CD25507D08980006 -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.0.6002.22840_none_78447b63b1339621\cryptsvc.dll
[2009/04/10 23:28:18 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=FB27772BEAF8E1D28CCD825C09DA939B -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.0.6002.18005_none_77eb127097f11935\cryptsvc.dll

< MD5 for: DNSRSLVR.DLL >
[2011/03/02 07:25:54 | 000,086,528 | ---- | M] (Microsoft Corporation) MD5=1FF4F12AF03AA5DAFE05F6937E497193 -- C:\Windows\winsxs\x86_microsoft-windows-dns-client_31bf3856ad364e35_6.0.6001.22866_none_e23149269ba22ef6\dnsrslvr.dll
[2009/04/10 23:28:18 | 000,086,528 | ---- | M] (Microsoft Corporation) MD5=30A08728740E71947AE1E073B5CE69B4 -- C:\Windows\winsxs\x86_microsoft-windows-dns-client_31bf3856ad364e35_6.0.6002.18005_none_e3cdf5e97f7b2eb7\dnsrslvr.dll
[2011/03/02 07:49:43 | 000,086,528 | ---- | M] (Microsoft Corporation) MD5=4805D9A6D281C7A7DEFD9094DEC6AF7D -- C:\Windows\winsxs\x86_microsoft-windows-dns-client_31bf3856ad364e35_6.0.6001.18611_none_e1d8b89f8260879d\dnsrslvr.dll
[2011/03/02 08:44:27 | 000,086,528 | ---- | M] (Microsoft Corporation) MD5=57D762F6F5974AF0DA2BE88A3349BAAA -- C:\Windows\System32\dnsrslvr.dll
[2011/03/02 08:44:27 | 000,086,528 | ---- | M] (Microsoft Corporation) MD5=57D762F6F5974AF0DA2BE88A3349BAAA -- C:\Windows\winsxs\x86_microsoft-windows-dns-client_31bf3856ad364e35_6.0.6002.18416_none_e3c42ddf7f82589b\dnsrslvr.dll
[2011/03/02 11:19:46 | 000,086,528 | ---- | M] (Microsoft Corporation) MD5=9BC2EB15BB0E08579536AC47D7C6F92A -- C:\Windows\winsxs\x86_microsoft-windows-dns-client_31bf3856ad364e35_6.0.6002.22600_none_e4529ac0989d4191\dnsrslvr.dll
[2008/01/20 19:24:26 | 000,086,528 | ---- | M] (Microsoft Corporation) MD5=F5A0F1DA1ED8B429597E71D27D976E31 -- C:\Windows\winsxs\x86_microsoft-windows-dns-client_31bf3856ad364e35_6.0.6001.18000_none_e1e27cdd8259636b\dnsrslvr.dll

< MD5 for: ES.DLL >
[2008/04/19 01:27:37 | 000,268,800 | ---- | M] (Microsoft Corporation) MD5=131B7E46A7ACD49CB56BB03917A76DE3 -- C:\Windows\winsxs\x86_microsoft-windows-c..complus-eventsystem_31bf3856ad364e35_6.0.6000.20818_none_0b8e318c6db592d2\es.dll
[2008/04/17 22:48:39 | 000,269,312 | ---- | M] (Microsoft Corporation) MD5=3CB3343D720168B575133A0A20DC2465 -- C:\Windows\winsxs\x86_microsoft-windows-c..complus-eventsystem_31bf3856ad364e35_6.0.6001.18057_none_0cbe918751dfdd3f\es.dll
[2012/07/30 22:35:14 | 000,008,728 | ---- | M] () MD5=5653263DC8AB89F5467E379CE4D95AF1 -- C:\Users\Hien\AppData\Local\Google\Chrome\Application\21.0.1180.60\Locales\es.dll
[2009/04/10 23:28:19 | 000,268,800 | ---- | M] (Microsoft Corporation) MD5=67058C46504BC12D821F38CF99B7B28F -- C:\Windows\System32\es.dll
[2009/04/10 23:28:19 | 000,268,800 | ---- | M] (Microsoft Corporation) MD5=67058C46504BC12D821F38CF99B7B28F -- C:\Windows\winsxs\x86_microsoft-windows-c..complus-eventsystem_31bf3856ad364e35_6.0.6002.18005_none_0ed918294edf6b75\es.dll
[2008/04/17 22:30:29 | 000,269,312 | ---- | M] (Microsoft Corporation) MD5=776D75AF432C598068CC933C7421171B -- C:\Windows\winsxs\x86_microsoft-windows-c..complus-eventsystem_31bf3856ad364e35_6.0.6001.22162_none_0d385cf46b0a1a47\es.dll
[2008/04/19 01:13:07 | 000,268,800 | ---- | M] (Microsoft Corporation) MD5=7B4971C3D43525175A4EA0D143E0412E -- C:\Windows\winsxs\x86_microsoft-windows-c..complus-eventsystem_31bf3856ad364e35_6.0.6000.16677_none_0ac2b30954c98430\es.dll
[2012/08/06 23:42:39 | 000,008,728 | ---- | M] () MD5=DA1DB7B22439EEFAF1AF12F32164772C -- C:\Users\Hien\AppData\Local\Google\Chrome\Application\21.0.1180.75\Locales\es.dll
[2008/01/20 19:24:11 | 000,262,144 | ---- | M] (Microsoft Corporation) MD5=F4BF4FA769DB51B106D2B4B35256988B -- C:\Windows\winsxs\x86_microsoft-windows-c..complus-eventsystem_31bf3856ad364e35_6.0.6001.18000_none_0ced9f1d51bda029\es.dll

< MD5 for: EXPLORER.EXE >
[2008/10/28 23:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
[2008/10/28 23:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
[2008/10/29 20:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
[2009/04/10 23:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\explorer.exe
[2009/04/10 23:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe
[2008/10/27 19:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
[2008/01/20 19:24:24 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe

< MD5 for: IPNATHLP.DLL >
[2008/01/20 19:24:09 | 000,288,256 | ---- | M] (Microsoft Corporation) MD5=E1499BD0FF76B1B2FBBF1AF339D91165 -- C:\Windows\System32\ipnathlp.dll
[2008/01/20 19:24:09 | 000,288,256 | ---- | M] (Microsoft Corporation) MD5=E1499BD0FF76B1B2FBBF1AF339D91165 -- C:\Windows\winsxs\x86_microsoft-windows-sharedaccess_31bf3856ad364e35_6.0.6001.18000_none_04cd5ea6494c4867\ipnathlp.dll

< MD5 for: NETBT.SYS >
[2008/01/20 19:24:59 | 000,184,320 | ---- | M] (Microsoft Corporation) MD5=7C5FEE5B1C5728507CD96FB4A13E7A02 -- C:\Windows\winsxs\x86_microsoft-windows-netbt_31bf3856ad364e35_6.0.6001.18000_none_6064c861f7442765\netbt.sys
[2009/04/10 21:45:37 | 000,185,856 | ---- | M] (Microsoft Corporation) MD5=ECD64230A59CBD93C85F1CD1CAB9F3F6 -- C:\Windows\System32\drivers\netbt.sys
[2009/04/10 21:45:37 | 000,185,856 | ---- | M] (Microsoft Corporation) MD5=ECD64230A59CBD93C85F1CD1CAB9F3F6 -- C:\Windows\winsxs\x86_microsoft-windows-netbt_31bf3856ad364e35_6.0.6002.18005_none_6250416df465f2b1\netbt.sys

< MD5 for: NETMAN.DLL >
[2008/01/20 19:24:11 | 000,274,432 | ---- | M] (Microsoft Corporation) MD5=C8052711DAECC48B982434C5116CA401 -- C:\Windows\System32\netman.dll
[2008/01/20 19:24:11 | 000,274,432 | ---- | M] (Microsoft Corporation) MD5=C8052711DAECC48B982434C5116CA401 -- C:\Windows\winsxs\x86_microsoft-windows-netman_31bf3856ad364e35_6.0.6001.18000_none_0fbd1b9651cfd333\netman.dll

< MD5 for: QMGR.DLL >
[2008/01/20 19:25:00 | 000,758,272 | ---- | M] (Microsoft Corporation) MD5=02ED7B4DBC2A3232A389106DA7515C3D -- C:\Windows\winsxs\x86_microsoft-windows-bits-client_31bf3856ad364e35_6.0.6001.18000_none_2390c4ecf9720b8c\qmgr.dll
[2009/04/10 23:28:23 | 000,758,784 | ---- | M] (Microsoft Corporation) MD5=93952506C6D67330367F7E7934B6A02F -- C:\Windows\System32\qmgr.dll
[2009/04/10 23:28:23 | 000,758,784 | ---- | M] (Microsoft Corporation) MD5=93952506C6D67330367F7E7934B6A02F -- C:\Windows\winsxs\x86_microsoft-windows-bits-client_31bf3856ad364e35_6.0.6002.18005_none_257c3df8f693d6d8\qmgr.dll

< MD5 for: RPCSS.DLL >
[2009/03/02 21:39:32 | 000,551,424 | ---- | M] (Microsoft Corporation) MD5=301AE00E12408650BADDC04DBC832830 -- C:\Windows\winsxs\x86_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.0.6001.18226_none_69bb41ac3deac876\rpcss.dll
[2008/01/20 19:24:06 | 000,547,328 | ---- | M] (Microsoft Corporation) MD5=33FB1F0193EE2051067441492D56113C -- C:\Windows\winsxs\x86_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.0.6001.18000_none_69cadbfc3ddffe3c\rpcss.dll
[2009/04/10 23:28:24 | 000,550,400 | ---- | M] (Microsoft Corporation) MD5=3B5B4D53FEC14F7476CA29A20CC31AC9 -- C:\Windows\System32\rpcss.dll
[2009/04/10 23:28:24 | 000,550,400 | ---- | M] (Microsoft Corporation) MD5=3B5B4D53FEC14F7476CA29A20CC31AC9 -- C:\Windows\winsxs\x86_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.0.6002.18005_none_6bb655083b01c988\rpcss.dll
[2009/03/02 21:32:23 | 000,551,424 | ---- | M] (Microsoft Corporation) MD5=4DFCBDEF3CCAA98F99038DED78945253 -- C:\Windows\winsxs\x86_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.0.6001.22389_none_6a06ffcd57365beb\rpcss.dll
[2009/03/02 21:19:41 | 000,549,888 | ---- | M] (Microsoft Corporation) MD5=7B981222A257D076885BFFB66F19B7CE -- C:\Windows\winsxs\x86_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.0.6000.16830_none_67c4315e40d1bb6c\rpcss.dll
[2009/03/02 21:17:45 | 000,550,400 | ---- | M] (Microsoft Corporation) MD5=B1BB45E24717A7F790B4411C4446EF5E -- C:\Windows\winsxs\x86_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.0.6000.21023_none_685b771559e4be8c\rpcss.dll

< MD5 for: SERVICES.EXE >
[2008/01/20 19:24:48 | 000,279,040 | ---- | M] (Microsoft Corporation) MD5=2B336AB6286D6C81FA02CBAB914E3C6C -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6001.18000_none_cf5fc067cd49010a\services.exe
[2009/04/10 23:27:59 | 000,279,552 | ---- | M] (Microsoft Corporation) MD5=D4E6D91C1349B7BFB3599A6ADA56851B -- C:\Windows\System32\services.exe
[2009/04/10 23:27:59 | 000,279,552 | ---- | M] (Microsoft Corporation) MD5=D4E6D91C1349B7BFB3599A6ADA56851B -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_d14b3973ca6acc56\services.exe

< MD5 for: SVCHOST.EXE >
[2008/01/20 19:23:43 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\System32\svchost.exe
[2008/01/20 19:23:43 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6001.18000_none_b5bb59a1054dbde5\svchost.exe
[2012/07/03 13:46:42 | 000,217,672 | ---- | M] () MD5=8A7F34F0BBD076EC3815680A7309114F -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\svchost.exe

< MD5 for: TCPIP.SYS >
[2008/04/26 01:08:16 | 000,891,448 | ---- | M] (Microsoft Corporation) MD5=01EC1E92595F839BEE70D439C46796E3 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22167_none_b36dd19b7fae39c7\tcpip.sys
[2009/04/10 23:33:02 | 000,897,000 | ---- | M] (Microsoft Corporation) MD5=0E6B0885C3D5E4643ED2D043DE3433D8 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.18005_none_b5098b5e63880c42\tcpip.sys
[2011/09/20 14:02:55 | 000,913,280 | ---- | M] (Microsoft Corporation) MD5=16731B631F28F63CD9F4CB60940E7DDD -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.22719_none_b58c64c97caa1c43\tcpip.sys
[2009/12/08 13:52:30 | 000,897,624 | ---- | M] (Microsoft Corporation) MD5=1ACBB7A47E78F4CC82D2EFFB72901528 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18377_none_b2d96a966698ad63\tcpip.sys
[2009/08/15 14:30:53 | 000,816,640 | ---- | M] (Microsoft Corporation) MD5=2512B4D1353370D6688B1AF1F5AFA1CF -- C:\Windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.21108_none_6030d425ab49af00\tcpip.sys
[2009/08/14 10:01:55 | 000,900,168 | ---- | M] (Microsoft Corporation) MD5=2608E71AAD54564647D4BB984E1925AA -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22497_none_b34d67897fc6850f\tcpip.sys
[2011/06/17 13:13:55 | 000,905,104 | ---- | M] (Microsoft Corporation) MD5=2756186E287139310997090797E0182B -- C:\Windows\SoftwareDistribution\Download\c68e58bffe950a5e67a846a19e8e30c5\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.18484_none_b4b2134c63c9c70f\tcpip.sys
[2012/03/30 05:39:11 | 000,905,600 | ---- | M] (Microsoft Corporation) MD5=27D470DABC77BC60D0A3B0E4DEB6CB91 -- C:\Windows\System32\drivers\tcpip.sys
[2012/03/30 05:39:11 | 000,905,600 | ---- | M] (Microsoft Corporation) MD5=27D470DABC77BC60D0A3B0E4DEB6CB91 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.18604_none_b50896786388e1d5\tcpip.sys
[2010/02/18 04:51:51 | 000,818,688 | ---- | M] (Microsoft Corporation) MD5=2C1F7005AA3B62721BFDB307BD5F5010 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.21226_none_6019359fab5bb15b\tcpip.sys
[2010/02/18 07:49:38 | 000,898,952 | ---- | M] (Microsoft Corporation) MD5=2EAE4500984C2F8DACFB977060300A15 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18427_none_b30f7c1866701ed5\tcpip.sys
[2009/08/14 07:24:47 | 000,813,568 | ---- | M] (Microsoft Corporation) MD5=300208927321066EA53761FDC98747C6 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.16908_none_5fa75f38922bdbf4\tcpip.sys
[2009/12/08 13:15:00 | 000,907,832 | ---- | M] (Microsoft Corporation) MD5=46E6685F3E92AEC743773ADD4CD54F57 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.22283_none_b53aaa1b7ce8560d\tcpip.sys
[2010/02/18 07:07:16 | 000,904,576 | ---- | M] (Microsoft Corporation) MD5=48CBE6D53632D0067C2D6B20F90D84CA -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.18209_none_b50d905263846bec\tcpip.sys
[2010/02/18 05:05:37 | 000,815,104 | ---- | M] (Microsoft Corporation) MD5=4A82FA8F0DF67AA354580C3FAAF8BDE3 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.17021_none_5f8a957c924295b7\tcpip.sys
[2009/12/08 13:37:09 | 000,900,696 | ---- | M] (Microsoft Corporation) MD5=5653230D480A9C54D169E1B080B72CF5 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22577_none_b36309477fb64a54\tcpip.sys
[2010/06/16 08:55:58 | 000,902,032 | ---- | M] (Microsoft Corporation) MD5=6216A954ED7045B62880A92D6C9B9FC7 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22713_none_b39feb737f8937a0\tcpip.sys
[2009/08/14 09:27:34 | 000,904,776 | ---- | M] (Microsoft Corporation) MD5=65877AA1B6A7CB797488E831698973E9 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.18091_none_b4a43aea63d4a25f\tcpip.sys
[2011/06/17 13:13:55 | 000,913,296 | ---- | M] (Microsoft Corporation) MD5=6647FCE6FC4970DAAFE5C64C794513D3 -- C:\Windows\SoftwareDistribution\Download\c68e58bffe950a5e67a846a19e8e30c5\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.22662_none_b54f51417cd8f970\tcpip.sys
[2010/06/16 09:39:32 | 000,912,776 | ---- | M] (Microsoft Corporation) MD5=6A10AFCE0B38371064BE41C1FBFD3C6B -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.22425_none_b57d8e037cb5db63\tcpip.sys
[2010/06/16 08:59:54 | 000,898,952 | ---- | M] (Microsoft Corporation) MD5=782568AB6A43160A159B6215B70BCCE9 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18493_none_b2bfcb7c66ac7d10\tcpip.sys
[2011/09/20 14:02:55 | 000,905,088 | ---- | M] (Microsoft Corporation) MD5=814A1C66FBD4E1B310A517221F1456BF -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.18519_none_b502c618638c7f52\tcpip.sys
[2008/04/26 01:26:49 | 000,891,448 | ---- | M] (Microsoft Corporation) MD5=82E266BEE5F0167E41C6ECFDD2A79C02 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18063_none_b2e033a8669434a1\tcpip.sys
[2009/12/08 10:58:13 | 000,813,568 | ---- | M] (Microsoft Corporation) MD5=8734BD051FFDCBF8425CF222141C3741 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.16973_none_5f56ae52926920d8\tcpip.sys
[2009/08/14 10:07:56 | 000,897,608 | ---- | M] (Microsoft Corporation) MD5=8A7AD2A214233F684242F289ED83EBC3 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18311_none_b3144862666d6db3\tcpip.sys
[2010/02/18 10:36:50 | 000,902,024 | ---- | M] (Microsoft Corporation) MD5=93A5655CD9CD2F080EF1CB71A3666215 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22636_none_b38d4a937f96be60\tcpip.sys
[2010/06/16 09:04:57 | 000,905,088 | ---- | M] (Microsoft Corporation) MD5=A474879AFA4A596B3A531F3E69730DBF -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.18272_none_b4baded863c37e22\tcpip.sys
[2009/12/08 10:45:32 | 000,816,640 | ---- | M] (Microsoft Corporation) MD5=CA3A5756672013A66BB9D547A5A62DCA -- C:\Windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.21175_none_5fe223d3ab852692\tcpip.sys
[2010/02/18 07:22:11 | 000,910,216 | ---- | M] (Microsoft Corporation) MD5=D9F5DD5BBC8348E8F8220CCBF14C022E -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.22341_none_b563eb1d7cc9b0c2\tcpip.sys
[2009/12/08 13:01:08 | 000,904,776 | ---- | M] (Microsoft Corporation) MD5=DA467E7619AE5F4588E6262C13C8940A -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.18160_none_b4c3ac4a63bd325c\tcpip.sys
[2012/03/30 05:39:11 | 000,914,304 | ---- | M] (Microsoft Corporation) MD5=EE7E10BED85C312C1D5D30C435BDDA9F -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.22828_none_b58096797cb31c04\tcpip.sys
[2008/01/20 19:25:03 | 000,891,448 | ---- | M] (Microsoft Corporation) MD5=FC6E2835D667774D409C7C7021EAF9C4 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18000_none_b31e1252666640f6\tcpip.sys
[2009/08/14 09:33:50 | 000,905,784 | ---- | M] (Microsoft Corporation) MD5=FF71856BD4CD6D4367F9FD84BE79A874 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.22200_none_b58e289d7caa2a80\tcpip.sys

< MD5 for: TDX.SYS >
[2009/04/10 21:45:56 | 000,072,192 | ---- | M] (Microsoft Corporation) MD5=76B06EB8A01FC8624D699E7045303E54 -- C:\Windows\System32\drivers\tdx.sys
[2009/04/10 21:45:56 | 000,072,192 | ---- | M] (Microsoft Corporation) MD5=76B06EB8A01FC8624D699E7045303E54 -- C:\Windows\winsxs\x86_microsoft-windows-tdi-over-tcpip_31bf3856ad364e35_6.0.6002.18005_none_ec294157d9377403\tdx.sys
[2008/01/20 19:24:53 | 000,071,680 | ---- | M] (Microsoft Corporation) MD5=D09276B1FAB033CE1D40DCBDF303D10F -- C:\Windows\winsxs\x86_microsoft-windows-tdi-over-tcpip_31bf3856ad364e35_6.0.6001.18000_none_ea3dc84bdc15a8b7\tdx.sys

< MD5 for: USERINIT.EXE >
[2008/01/20 19:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008/01/20 19:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe

< MD5 for: VOLSNAP.SYS >
[2006/11/02 02:51:18 | 000,208,488 | ---- | M] (Microsoft Corporation) MD5=11EF6C1CAEF76B685233450A126125D6 -- C:\Windows\System32\DriverStore\FileRepository\volume.inf_9320b452\volsnap.sys
[2009/04/10 23:32:55 | 000,226,280 | ---- | M] (Microsoft Corporation) MD5=147281C01FCB1DF9252DE2A10D5E7093 -- C:\Windows\System32\drivers\volsnap.sys
[2009/04/10 23:32:55 | 000,226,280 | ---- | M] (Microsoft Corporation) MD5=147281C01FCB1DF9252DE2A10D5E7093 -- C:\Windows\System32\DriverStore\FileRepository\volume.inf_1e6030e4\volsnap.sys
[2009/04/10 23:32:55 | 000,226,280 | ---- | M] (Microsoft Corporation) MD5=147281C01FCB1DF9252DE2A10D5E7093 -- C:\Windows\winsxs\x86_volume.inf_31bf3856ad364e35_6.0.6002.18005_none_17a2308cf936c619\volsnap.sys
[2008/01/20 19:23:21 | 000,227,896 | ---- | M] (Microsoft Corporation) MD5=D8B4A53DD2769F226B3EB374374987C9 -- C:\Windows\System32\DriverStore\FileRepository\volume.inf_f53a1785\volsnap.sys
[2008/01/20 19:23:21 | 000,227,896 | ---- | M] (Microsoft Corporation) MD5=D8B4A53DD2769F226B3EB374374987C9 -- C:\Windows\winsxs\x86_volume.inf_31bf3856ad364e35_6.0.6001.18000_none_15b6b780fc14facd\volsnap.sys

< MD5 for: WININIT.EXE >
[2008/01/20 19:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\System32\wininit.exe
[2008/01/20 19:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe

< MD5 for: WINLOGON.EXE >
[2009/04/10 23:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe
[2009/04/10 23:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2012/07/03 13:46:42 | 000,217,672 | ---- | M] () MD5=8A7F34F0BBD076EC3815680A7309114F -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2008/01/20 19:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe

< MD5 for: WMISVC.DLL >
[2008/01/20 19:24:59 | 000,161,792 | ---- | M] (Microsoft Corporation) MD5=00B79A7C984678F24CF052E5BEB3A2F5 -- C:\Windows\winsxs\x86_microsoft-windows-wmi-core-svc_31bf3856ad364e35_6.0.6001.18000_none_a0b2bbcff6f11e8e\WMIsvc.dll
[2009/04/10 23:28:25 | 000,162,304 | ---- | M] (Microsoft Corporation) MD5=6B2A1D0E80110E3D04E6863C6E62FD8A -- C:\Windows\System32\wbem\WMIsvc.dll
[2009/04/10 23:28:25 | 000,162,304 | ---- | M] (Microsoft Corporation) MD5=6B2A1D0E80110E3D04E6863C6E62FD8A -- C:\Windows\winsxs\x86_microsoft-windows-wmi-core-svc_31bf3856ad364e35_6.0.6002.18005_none_a29e34dbf412e9da\WMIsvc.dll

< MD5 for: WSCSVC.DLL >
[2009/04/10 23:28:26 | 000,061,440 | ---- | M] (Microsoft Corporation) MD5=1CA6C40261DDC0425987980D0CD2AAAB -- C:\Windows\System32\wscsvc.dll
[2009/04/10 23:28:26 | 000,061,440 | ---- | M] (Microsoft Corporation) MD5=1CA6C40261DDC0425987980D0CD2AAAB -- C:\Windows\winsxs\x86_microsoft-windows-securitycenter-core_31bf3856ad364e35_6.0.6002.18005_none_1c2bd6beaf3aa18d\wscsvc.dll
[2008/01/20 19:23:39 | 000,061,440 | ---- | M] (Microsoft Corporation) MD5=683DD16B590372F2C9661D277F35E49C -- C:\Windows\winsxs\x86_microsoft-windows-securitycenter-core_31bf3856ad364e35_6.0.6001.18000_none_1a405db2b218d641\wscsvc.dll

========== Hard Links - Junction Points - Mount Points - Symbolic Links ==========
[C:\Windows\$NtUninstallKB47354$\systemprofile\AppData\Local\Application Data] -> C:\Windows\system32\config\systemprofile\AppData\Local -> Junction
[C:\Windows\$NtUninstallKB47354$\systemprofile\AppData\Local\History] -> C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History -> Junction
[C:\Windows\$NtUninstallKB47354$\systemprofile\AppData\Local\Temporary Internet Files] -> C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files -> Junction
[C:\Windows\$NtUninstallKB47354$\systemprofile\Application Data] -> C:\Windows\system32\config\systemprofile\AppData\Roaming -> Junction
[C:\Windows\$NtUninstallKB47354$\systemprofile\Cookies] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies -> Junction
[C:\Windows\$NtUninstallKB47354$\systemprofile\Documents\My Music] -> C:\Windows\system32\config\systemprofile\Music -> Junction
[C:\Windows\$NtUninstallKB47354$\systemprofile\Documents\My Pictures] -> C:\Windows\system32\config\systemprofile\Pictures -> Junction
[C:\Windows\$NtUninstallKB47354$\systemprofile\Documents\My Videos] -> C:\Windows\system32\config\systemprofile\Videos -> Junction
[C:\Windows\$NtUninstallKB47354$\systemprofile\Local Settings] -> C:\Windows\system32\config\systemprofile\AppData\Local -> Junction
[C:\Windows\$NtUninstallKB47354$\systemprofile\My Documents] -> C:\Windows\system32\config\systemprofile\Documents -> Junction
[C:\Windows\$NtUninstallKB47354$\systemprofile\NetHood] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Network Shortcuts -> Junction
[C:\Windows\$NtUninstallKB47354$\systemprofile\PrintHood] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Printer Shortcuts -> Junction
[C:\Windows\$NtUninstallKB47354$\systemprofile\Recent] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Recent -> Junction
[C:\Windows\$NtUninstallKB47354$\systemprofile\SendTo] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\SendTo -> Junction
[C:\Windows\$NtUninstallKB47354$\systemprofile\Start Menu] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu -> Junction
[C:\Windows\$NtUninstallKB47354$\systemprofile\Templates] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Templates -> Junction
[C:\Windows\$NtUninstallKB47354$] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\System32\config\systemprofile\AppData\Local\Application Data] -> C:\Windows\system32\config\systemprofile\AppData\Local -> Junction
[C:\Windows\System32\config\systemprofile\AppData\Local\History] -> C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History -> Junction
[C:\Windows\System32\config\systemprofile\AppData\Local\Temporary Internet Files] -> C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files -> Junction
[C:\Windows\System32\config\systemprofile\Application Data] -> C:\Windows\system32\config\systemprofile\AppData\Roaming -> Junction
[C:\Windows\System32\config\systemprofile\Cookies] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies -> Junction
[C:\Windows\System32\config\systemprofile\Documents\My Music] -> C:\Windows\system32\config\systemprofile\Music -> Junction
[C:\Windows\System32\config\systemprofile\Documents\My Pictures] -> C:\Windows\system32\config\systemprofile\Pictures -> Junction
[C:\Windows\System32\config\systemprofile\Documents\My Videos] -> C:\Windows\system32\config\systemprofile\Videos -> Junction
[C:\Windows\System32\config\systemprofile\Local Settings] -> C:\Windows\system32\config\systemprofile\AppData\Local -> Junction
[C:\Windows\System32\config\systemprofile\My Documents] -> C:\Windows\system32\config\systemprofile\Documents -> Junction
[C:\Windows\System32\config\systemprofile\NetHood] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Network Shortcuts -> Junction
[C:\Windows\System32\config\systemprofile\PrintHood] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Printer Shortcuts -> Junction
[C:\Windows\System32\config\systemprofile\Recent] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Recent -> Junction
[C:\Windows\System32\config\systemprofile\SendTo] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\SendTo -> Junction
[C:\Windows\System32\config\systemprofile\Start Menu] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu -> Junction
[C:\Windows\System32\config\systemprofile\Templates] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Templates -> Junction

========== Alternate Data Streams ==========

@Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:FB1B13D8
@Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:F35A93AD
@Alternate Data Stream - 111 bytes -> C:\ProgramData\TEMP:333D43C5
@Alternate Data Stream - 110 bytes -> C:\ProgramData\TEMP:888AFB86

< End of report >

Tokxia

Newbie Surfer
Newbie Surfer

Posts : 28
Joined : 2011-09-03
Operating System : HP

View user profile

Back to top Go down

Re: Help with Virus/Maleware

Post by Superdave on Tue 14 Aug 2012, 9:24 am

Hello and welcome to GeekPolice.Net My name is Dave. I will be helping you out with your particular problem on your computer.

1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.
2. The fixes are specific to your problem and should only be used for this issue on this machine.
3. If you don't know or understand something, please don't hesitate to ask.
4. Please DO NOT run any other tools or scans while I am helping you.
5. It is important that you reply to this thread. Do not start a new topic.
6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
7. Absence of symptoms does not mean that everything is clear.

If you can't access the internet with your infected computer you will have to download and transfer any programs to the computer you're using now and transfer them to the infected computer with a CD-RW or a USB storage device. I prefer a CD because a storage device can get infected. If you use a storage device hold the shift key down while inserting the USB storage device for about 10 secs. You will also have to transfer the logs you receive back to the good computer using the same method until we can get the computer back on-line.
*****************************************************************
Looking over your log it seems you don't have any antivirus software.

Before we continue download and install a free antivirus.

Remember to only install one antivirus!

1) Avast! Home Edition
2) AVG Free Edition
3) Avira AntiVir Personal
4) Microsoft Security Essentials for Windows Vista\Windows 7 - 64 bit Download
4-a) Microsoft Security Essentials for Windows XP
5) Comodo Antivirus (Uncheck during installation "Install Comodo SafeSurf..", Make Comodo my default search provider" and "Make Comodo Search my homepage" if you choose this one)
6) PC Tools AntiVirus Free Edition
7) ThreatFire

It is strongly recommended that you run only one antivirus program at a time. Having more than one antivirus program active in memory uses additional resources and can result in program conflicts and false virus alerts. If you choose to install more than one antivirus program on your computer, then only one of them should be active in memory at a time.
*************************************************************
Please download aswMBR.exe ( 511KB ) to your desktop.

Double click the aswMBR.exe to run it



Click the "Scan" button to start scan

Note: Do not take action against any **Rootkit** entries until I have reviewed the log. Often there are false positives



On completion of the scan click save log, save it to your desktop and post in your next reply
**************************************************************
SUPERAntiSpyware

If you already have SUPERAntiSpyware be sure to check for updates before scanning!


Download SuperAntispyware Free Edition (SAS)
* Double-click the icon on your desktop to run the installer.
* When asked to Update the program definitions, click Yes
* If you encounter any problems while downloading the updates, manually download and unzip them from here
* Next click the Preferences button.

•Under Start-Up Options uncheck Start SUPERAntiSpyware when Windows starts
* Click the Scanning Control tab.
* Under Scanner Options make sure only the following are checked:

•Close browsers before scanning
•Scan for tracking cookies
•Terminate memory threats before quarantining
Please leave the others unchecked

•Click the Close button to leave the control center screen.

* On the main screen click Scan your computer
* On the left check the box for the drive you are scanning.
* On the right choose Perform Complete Scan
* Click Next to start the scan. Please be patient while it scans your computer.
* After the scan is complete a summary box will appear. Click OK
* Make sure everything in the white box has a check next to it, then click Next
* It will quarantine what it found and if it asks if you want to reboot, click Yes

•To retrieve the removal information please do the following:
•After reboot, double-click the SUPERAntiSpyware icon on your desktop.
•Click Preferences. Click the Statistics/Logs tab.

•Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.

•It will open in your default text editor (preferably Notepad).
•Save the notepad file to your desktop by clicking (in notepad) File > Save As...

* Save the log somewhere you can easily find it. (normally the desktop)
* Click close and close again to exit the program.
*Copy and Paste the log in your post.
*********************************************
Please download Malwarebytes Anti-Malware from here.
Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Full Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • Please save the log to a location you will remember.
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

Superdave
Tech Staff


Tech Staff

Posts : 4193
Joined : 2010-02-01
Operating System : Windows 8.1 and a dual-boot with XP Home SP3

View user profile

Back to top Go down

Re: Help with Virus/Maleware

Post by Tokxia on Wed 15 Aug 2012, 5:03 pm

Hi Dave, thanks for helping out. Here it is.

I accidentally ran ccleaner after I did scan with superantispyware and it deleted the log

aswMBR

aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-08-13 21:52:20
-----------------------------
21:52:20.089 OS Version: Windows 6.0.6002 Service Pack 2
21:52:20.089 Number of processors: 2 586 0x170A
21:52:20.092 ComputerName: HIEN-PC UserName: Hien
21:53:22.051 Initialize success
21:57:10.826 AVAST engine defs: 12081301
21:57:15.402 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
21:57:15.417 Disk 0 Vendor: FUJITSU_ 0040 Size: 190782MB BusType: 3
21:57:15.449 Disk 0 MBR read successfully
21:57:15.449 Disk 0 MBR scan
21:57:15.449 Disk 0 Windows VISTA default MBR code
21:57:15.480 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 1500 MB offset 2048
21:57:15.495 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 181862 MB offset 3074048
21:57:15.527 Disk 0 Partition 3 00 17 Hidd HPFS/NTFS NTFS 7419 MB offset 375527424
21:57:15.542 Disk 0 scanning sectors +390721536
21:57:15.698 Disk 0 scanning C:\Windows\system32\drivers
21:57:29.022 File: C:\Windows\system32\drivers\smb.sys **INFECTED** Win32:Aluroot-C [Rtk]
21:57:34.049 Disk 0 trace - called modules:
21:57:34.065 ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x8f6cafd0]<<
21:57:34.080 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8610dac8]
21:57:34.080 3 CLASSPNP.SYS[89d0a8b3] -> nt!IofCallDriver -> [0x8f66d518]
21:57:34.096 \Driver\00000939[0x8eabf4d0] -> IRP_MJ_CREATE -> 0x8f6cafd0
21:57:35.672 AVAST engine scan C:\Windows
21:57:40.024 AVAST engine scan C:\Windows\system32
21:57:42.186 File: C:\Windows\system32\AEAudioService.dll **INFECTED** Win32:Sirefef-SM [Trj]
21:57:43.544 File: C:\Windows\system32\atfsd.dll **INFECTED** Win32:Sirefef-SM [Trj]
21:57:46.224 File: C:\Windows\system32\bantext.dll **INFECTED** Win32:Sirefef-SM [Trj]
21:57:55.548 File: C:\Windows\system32\CTMSHD.dll **INFECTED** Win32:Sirefef-SM [Trj]
21:57:55.598 File: C:\Windows\system32\cygserver.dll **INFECTED** Win32:Sirefef-SM [Trj]
21:58:02.407 File: C:\Windows\system32\disk.dll **INFECTED** Win32:Sirefef-SM [Trj]
21:58:08.403 File: C:\Windows\system32\eskerlicensecontrol.dll **INFECTED** Win32:Sirefef-SM [Trj]
21:58:13.240 File: C:\Windows\system32\genregistrar.dll **INFECTED** Win32:Sirefef-SM [Trj]
21:58:14.095 File: C:\Windows\system32\gv3.dll **INFECTED** Win32:Sirefef-SM [Trj]
21:58:15.565 File: C:\Windows\system32\hpzid412.dll **INFECTED** Win32:Sirefef-SM [Trj]
21:58:27.943 File: C:\Windows\system32\IPFilter.dll **INFECTED** Win32:Sirefef-SM [Trj]
21:58:30.633 File: C:\Windows\system32\ISODrive.dll **INFECTED** Win32:Sirefef-SM [Trj]
21:58:58.793 File: C:\Windows\system32\mssmbios.dll **INFECTED** Win32:Sirefef-SM [Trj]
21:58:59.183 File: C:\Windows\system32\mssql$soshome22.dll **INFECTED** Win32:Sirefef-SM [Trj]
21:59:33.626 File: C:\Windows\system32\pav_service.dll **INFECTED** Win32:Sirefef-SM [Trj]
21:59:35.977 File: C:\Windows\system32\Pnp680r.dll **INFECTED** Win32:Sirefef-SM [Trj]
21:59:38.438 File: C:\Windows\system32\proxyserverservice.dll **INFECTED** Win32:Sirefef-SM [Trj]
21:59:40.886 File: C:\Windows\system32\QWAVEDRV.dll **INFECTED** Win32:Sirefef-SM [Trj]
21:59:41.274 File: C:\Windows\system32\rapapp.dll **INFECTED** Win32:Sirefef-SM [Trj]
21:59:45.722 File: C:\Windows\system32\RTL8169.dll **INFECTED** Win32:Sirefef-SM [Trj]
21:59:46.794 File: C:\Windows\system32\scan.dll **INFECTED** Win32:Sirefef-SM [Trj]
21:59:58.152 File: C:\Windows\system32\SRTSPL.dll **INFECTED** Win32:Sirefef-SM [Trj]
21:59:58.579 File: C:\Windows\system32\stcagent.dll **INFECTED** Win32:Sirefef-SM [Trj]
21:59:58.839 File: C:\Windows\system32\StMp3Rec.dll **INFECTED** Win32:Sirefef-SM [Trj]
22:00:06.584 File: C:\Windows\system32\tosrfnds.dll **INFECTED** Win32:Sirefef-SM [Trj]
22:00:14.461 File: C:\Windows\system32\V0070VID.dll **INFECTED** Win32:Sirefef-SM [Trj]
22:02:26.360 AVAST engine scan C:\Windows\system32\drivers
22:02:42.201 File: C:\Windows\system32\drivers\smb.sys **INFECTED** Win32:Aluroot-C [Rtk]
22:02:49.967 AVAST engine scan C:\Users\Hien
22:13:30.695 AVAST engine scan C:\ProgramData
22:17:08.251 Scan finished successfully
22:17:21.484 Disk 0 MBR has been saved successfully to "C:\Users\Hien\Desktop\MBR.dat"
22:17:21.499 The log file has been saved successfully to "C:\Users\Hien\Desktop\aswMBR.txt"


mbam

Malwarebytes Anti-Malware (PRO) 1.62.0.1300
[You must be registered and logged in to see this link.]

Database version: v2012.08.14.02

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 8.0.6001.19272
Hien :: HIEN-PC [administrator]

Protection: Enabled

8/14/2012 3:33:13 AM
mbam-log-2012-08-14 (08-02-57).txt

Scan type: Full scan (C:\|D:\|E:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 371610
Time elapsed: 1 hour(s), 24 minute(s), 47 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 1
C:\Windows\System32\CTMSHD.dll (RootKit.0Access.H) -> No action taken.

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 26
C:\Windows\System32\CTMSHD.dll (RootKit.0Access.H) -> No action taken.
C:\Windows\System32\AEAudioService.dll (RootKit.0Access.H) -> No action taken.
C:\Windows\System32\atfsd.dll (RootKit.0Access.H) -> No action taken.
C:\Windows\System32\bantext.dll (RootKit.0Access.H) -> No action taken.
C:\Windows\System32\cygserver.dll (RootKit.0Access.H) -> No action taken.
C:\Windows\System32\disk.dll (RootKit.0Access.H) -> No action taken.
C:\Windows\System32\eskerlicensecontrol.dll (RootKit.0Access.H) -> No action taken.
C:\Windows\System32\genregistrar.dll (RootKit.0Access.H) -> No action taken.
C:\Windows\System32\gv3.dll (RootKit.0Access.H) -> No action taken.
C:\Windows\System32\IPFilter.dll (RootKit.0Access.H) -> No action taken.
C:\Windows\System32\ISODrive.dll (RootKit.0Access.H) -> No action taken.
C:\Windows\System32\mssmbios.dll (RootKit.0Access.H) -> No action taken.
C:\Windows\System32\mssql$soshome22.dll (RootKit.0Access.H) -> No action taken.
C:\Windows\System32\pav_service.dll (RootKit.0Access.H) -> No action taken.
C:\Windows\System32\Pnp680r.dll (RootKit.0Access.H) -> No action taken.
C:\Windows\System32\proxyserverservice.dll (RootKit.0Access.H) -> No action taken.
C:\Windows\System32\QWAVEDRV.dll (RootKit.0Access.H) -> No action taken.
C:\Windows\System32\rapapp.dll (RootKit.0Access.H) -> No action taken.
C:\Windows\System32\scan.dll (RootKit.0Access.H) -> No action taken.
C:\Windows\System32\SRTSPL.dll (RootKit.0Access.H) -> No action taken.
C:\Windows\System32\stcagent.dll (RootKit.0Access.H) -> No action taken.
C:\Windows\System32\StMp3Rec.dll (RootKit.0Access.H) -> No action taken.
C:\Windows\System32\tosrfnds.dll (RootKit.0Access.H) -> No action taken.
C:\Windows\System32\V0070VID.dll (RootKit.0Access.H) -> No action taken.
C:\Windows\System32\RTL8169.dll (RootKit.0Access.H) -> No action taken.
C:\Windows\System32\hpzid412.dll (RootKit.0Access.H) -> No action taken.

(end)


Malwarebytes Anti-Malware (PRO) 1.62.0.1300
[You must be registered and logged in to see this link.]

Database version: v2012.08.14.02

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 8.0.6001.19272
Hien :: HIEN-PC [administrator]

Protection: Enabled

8/14/2012 3:33:13 AM
mbam-log-2012-08-14 (03-33-13).txt

Scan type: Full scan (C:\|D:\|E:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 371610
Time elapsed: 1 hour(s), 24 minute(s), 47 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 1
C:\Windows\System32\CTMSHD.dll (RootKit.0Access.H) -> Delete on reboot.

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 26
C:\Windows\System32\CTMSHD.dll (RootKit.0Access.H) -> Delete on reboot.
C:\Windows\System32\AEAudioService.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\Windows\System32\atfsd.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\Windows\System32\bantext.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\Windows\System32\cygserver.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\Windows\System32\disk.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\Windows\System32\eskerlicensecontrol.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\Windows\System32\genregistrar.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\Windows\System32\gv3.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\Windows\System32\IPFilter.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\Windows\System32\ISODrive.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\Windows\System32\mssmbios.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\Windows\System32\mssql$soshome22.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\Windows\System32\pav_service.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\Windows\System32\Pnp680r.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\Windows\System32\proxyserverservice.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\Windows\System32\QWAVEDRV.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\Windows\System32\rapapp.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\Windows\System32\scan.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\Windows\System32\SRTSPL.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\Windows\System32\stcagent.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\Windows\System32\StMp3Rec.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\Windows\System32\tosrfnds.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\Windows\System32\V0070VID.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\Windows\System32\RTL8169.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\Windows\System32\hpzid412.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.

(end)



Superantispyware


SUPERAntiSpyware Scan Log
[You must be registered and logged in to see this link.]

Generated 08/14/2012 at 08:51 PM

Application Version : 5.5.1012

Core Rules Database Version : 9052
Trace Rules Database Version: 6864

Scan type : Complete Scan
Total Scan Time : 12:28:19

Operating System Information
Windows Vista Home Premium 32-bit, Service Pack 2 (Build 6.00.6002)
UAC Off - Administrator

Memory items scanned : 680
Memory threats detected : 0
Registry items scanned : 36236
Registry threats detected : 0
File items scanned : 47790
File threats detected : 10

Adware.Tracking Cookie
cdn2.baronsmedia.com [ C:\WINDOWS\$NTUNINSTALLKB47354$\SYSTEMPROFILE\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\JLANVX6W ]
core.insightexpressai.com [ C:\WINDOWS\$NTUNINSTALLKB47354$\SYSTEMPROFILE\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\JLANVX6W ]
media.mtvu.com [ C:\WINDOWS\$NTUNINSTALLKB47354$\SYSTEMPROFILE\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\JLANVX6W ]
objects.tremormedia.com [ C:\WINDOWS\$NTUNINSTALLKB47354$\SYSTEMPROFILE\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\JLANVX6W ]
tag.2bluemedia.hiro.tv [ C:\WINDOWS\$NTUNINSTALLKB47354$\SYSTEMPROFILE\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\JLANVX6W ]
cdn2.baronsmedia.com [ C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\JLANVX6W ]
core.insightexpressai.com [ C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\JLANVX6W ]
media.mtvu.com [ C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\JLANVX6W ]
objects.tremormedia.com [ C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\JLANVX6W ]
tag.2bluemedia.hiro.tv [ C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\JLANVX6W ]


Tokxia

Newbie Surfer
Newbie Surfer

Posts : 28
Joined : 2011-09-03
Operating System : HP

View user profile

Back to top Go down

Re: Help with Virus/Maleware

Post by Superdave on Thu 16 Aug 2012, 9:16 am


  • Download TDSSKiller and save it to your Desktop.
  • Extract its contents to your desktop.
  • Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.

  • If an infected file is detected, the default action will be Cure, click on Continue.

  • If a suspicious file is detected, the default action will be Skip, click on Continue.

  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.

  • Click the Report button and copy/paste the contents of it into your next reply
Note:It will also create a log in the C:\ directory..
****************************************************
I'm required to give you this warning.

It appears your system is infected with a rootkit. A rootkit is a powerful piece of malware, that allows hackers full control over your computer for means of sending attacks over the Internet, or using your computer to generate revenue.

Malware experts have recommended that we make it clear that with the system under control of a hacker, your computer might become impossible to clean 100%.

Many rootkits can hook into the Windows 32-bit kernel, and patch several APIs to hide new registry keys and files they install. They can disable your antivirus and security tools to prevent detection and removal. This type of exploit allows them to steal sensitive information like passwords, personal and financial data which is sent back to the hacker. To learn more about these types of infections, you can refer to:

What danger is presented by rootkits?
Rootkits and how to combat them
r00tkit Analysis: What Is A Rootkit

If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable. Do NOT change passwords or do any transactions while using the infected computer because the attacker may get the new passwords and transaction information. (If using a router, you need to reset it with a strong logon/password so the malware cannot gain control before connecting again.) Banking and credit card institutions should be notified to apprise them of your situation (possible security breach). To protect your information that may have been compromised, I recommend reading these references:
How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
What Should I Do If I've Become A Victim Of Identity Theft?
Identity Theft Victims Guide - What to do
It is dangerous and incorrect to assume the computer is secure even if the malware appears to have been removed. In some instances an infection may have caused so much damage to your system that it cannot
be completely cleaned or repaired so you can never be sure that you have completely removed a rootkit. The malware may leave so many remnants behind that security tools cannot find them. Tools that claim to be able to remove rootkits cannot guarantee that all traces of it will be removed. Many experts in the security community believe that once infected with such a piece of malware, the best course of action would be a reformat and clean reinstall of the OS. This is something I don't like to recommend normally, but in most cases it is the best solution for your safety. Making this decision is based on what the computer is used for, and what information can be accessed from it. For more information, please read these references very carefully:
When should I re-format? How should I reinstall?
Help: I Got Hacked. Now What Do I Do?
Help: I Got Hacked. Now What Do I Do? Part II
Where to draw the line? When to recommend a format and reinstall?

[You must be registered and logged in to see this link.]

how-to-reformat-and-reinstall-your-operating-system-the-easy-way

However, if you do not have the resources to reinstall your computer's OS and would like me to attempt to clean it, I will be happy to do so. But please consider carefully before deciding against a reformat.
If you do make that decision, I will do my best to help you clean the computer of any infections, but you must understand that once a machine has been taken over by this type of malware, I cannot guarantee that it will be 100% secure even after disinfection or that the removal will be successful.

Please let me know what you have decided to do in your next post. Should you have any questions, please feel free to ask.

Superdave
Tech Staff


Tech Staff

Posts : 4193
Joined : 2010-02-01
Operating System : Windows 8.1 and a dual-boot with XP Home SP3

View user profile

Back to top Go down

Re: Help with Virus/Maleware

Post by Tokxia on Thu 16 Aug 2012, 1:18 pm

I want to reformat my computer, how can I do it?

Tokxia

Newbie Surfer
Newbie Surfer

Posts : 28
Joined : 2011-09-03
Operating System : HP

View user profile

Back to top Go down

Re: Help with Virus/Maleware

Post by Superdave on Fri 17 Aug 2012, 11:19 am

To wipe the drive clean, re-format and reinstall the OS.

Superdave
Tech Staff


Tech Staff

Posts : 4193
Joined : 2010-02-01
Operating System : Windows 8.1 and a dual-boot with XP Home SP3

View user profile

Back to top Go down

Re: Help with Virus/Maleware

Post by Sponsored content Today at 9:39 pm


Sponsored content


Back to top Go down

View previous topic View next topic Back to top


 
Permissions in this forum:
You cannot reply to topics in this forum