department of justice virus

View previous topic View next topic Go down

department of justice virus

Post by DIENT42 on Sun May 05, 2013 7:58 am

i have been hijacked by the department of justice virus.

when i go to safemode with network, it does not go into safemode but prompts the following:

Please select the operating system to start:

Microsoft Windows XP Pro
Microsoft Windows Recovery Console

When I select the Microsoft Windows XP Pro, it crashes , data dump

thank you for your help

DIENT42
Intermediate
Intermediate

Status :
Online
Offline

Posts : 65
Joined : 2010-06-11
OS : XP

View user profile

Back to top Go down

Re: department of justice virus

Post by Superdave on Sun May 05, 2013 5:06 pm

Hello and welcome to GeekPolice.Net My name is Dave. I will be helping you out with your particular problem on your computer.

1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.
2. The fixes are specific to your problem and should only be used for this issue on this machine.
3. If you don't know or understand something, please don't hesitate to ask.
4. Please DO NOT run any other tools or scans while I am helping you.
5. It is important that you reply to this thread. Do not start a new topic.
6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
7. Absence of symptoms does not mean that everything is clear.

If you can't access the internet with your infected computer you will have to download and transfer any programs to the computer you're using now and transfer them to the infected computer with a CD-RW or a USB storage device. I prefer a CD because a storage device can get infected. If you use a storage device hold the shift key down while inserting the USB storage device for about 10 secs. You will also have to transfer the logs you receive back to the good computer using the same method until we can get the computer back on-line.
*****************************************************************
We are going to be using a Windows Recovery Environment to help disinfect the system so it may boot again.

Download the OTLPE Standard REATOGO Windows Recovery Environment.

  • Place a blank CD-R disc in to your CD burning drive.
  • Download [You must be registered and logged in to see this link.] and double-click on it to burn to a CD using an ISO Burner. One can be found [You must be registered and logged in to see this link.]
  • Reboot your system using the boot CD you just created.
  • Note : If you do not know how to set your computer to boot from CD follow the steps [You must be registered and logged in to see this link.]
  • Your system should now display a REATOGO-X-PE desktop.
  • Double-click on the OTLPE icon.
  • When asked "Do you wish to load the remote registry", select Yes
  • When asked "Do you wish to load remote user profile(s) for scanning", select Yes
  • Ensure the box "Automatically Load All Remaining Users" is checked and press OK
  • OTL should now start. Change the following settings
  • Change Drivers to Non-Microsoft
  • Press Run Scan to start the scan.
  • When finished, the file will be saved in drive C:\_OTL\MovedFiles
  • Copy this file to your USB drive if you do not have internet connection on this system
  • Please post the contents of the OTL.txt file in your reply.


Superdave
Captain
Captain

Status :
Online
Offline

Posts : 4202
Joined : 2010-02-01
Gender : Male
OS : Windows 8.1 and a dual-boot with XP Home SP3

View user profile

Back to top Go down

Re: department of justice virus

Post by DIENT42 on Mon May 06, 2013 12:27 am

Hi SuperDave,

I copied and pasted the OTL.txt file:

OTL logfile created on: 5/5/2013 3:07:13 PM - Run
OTLPE by OldTimer - Version 3.1.48.0 Folder = X:\Programs\OTLPE
Microsoft Windows XP Service Pack 3 (Version = 5.1.2600) - Type = SYSTEM
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 92.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 98.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232.84 Gb Total Space | 104.05 Gb Free Space | 44.69% Space Free | Partition Type: NTFS
Drive X: | 284.12 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet002

========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled] -- -- (HidServ)
SRV - [2012/09/17 16:36:52 | 000,166,024 | ---- | M] (McAfee, Inc.) [Auto] -- C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe -- (McShield)
SRV - [2012/07/11 14:54:49 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto] -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE -- (!SASCORE)
SRV - [2012/04/11 18:00:38 | 000,148,520 | ---- | M] (McAfee, Inc.) [Auto] -- C:\WINDOWS\System32\mfevtps.exe -- (mfevtp)
SRV - [2012/04/11 12:24:51 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2011/09/15 02:08:00 | 000,209,760 | ---- | M] (McAfee, Inc.) [Auto] -- C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe -- (McTaskManager)
SRV - [2011/05/19 22:05:00 | 000,120,128 | ---- | M] (McAfee, Inc.) [Auto] -- C:\Program Files\McAfee\Common Framework\FrameworkService.exe -- (McAfeeFramework)
SRV - [2010/09/27 17:58:24 | 001,528,616 | ---- | M] (Cisco Systems, Inc.) [Auto] -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND)
SRV - [2010/04/14 21:45:21 | 000,598,696 | ---- | M] ( ) [Auto] -- C:\WINDOWS\System32\lxeacoms.exe -- (lxea_device)
SRV - [2010/04/14 21:45:14 | 000,193,192 | ---- | M] () [Auto] -- C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxeaserv.exe -- (lxeaCATSCustConnectService)
SRV - [2009/02/21 00:36:00 | 000,249,938 | ---- | M] (IDT, Inc.) [Auto] -- C:\Program Files\IDT\XPV10_6147v005\WDM\stacsv.exe -- (STacSV)
SRV - [2009/01/19 19:38:36 | 000,365,864 | ---- | M] (Juniper Networks, Inc.) [Auto] -- C:\Program Files\Juniper Networks\Odyssey Access Client\odClientService.exe -- (odClientService)
SRV - [2009/01/19 18:48:24 | 000,116,008 | ---- | M] (Juniper Networks) [On_Demand] -- C:\Program Files\Common Files\Juniper Networks\TNC Client\jTnccService.exe -- (EacService)
SRV - [2009/01/08 17:55:00 | 000,072,224 | ---- | M] (O2Micro International) [Auto] -- C:\WINDOWS\system32\drivers\o2flash.exe -- (O2FLASH)
SRV - [2008/11/05 00:10:10 | 000,087,416 | ---- | M] (Juniper Networks) [Auto] -- C:\Program Files\Common Files\Juniper Networks\JUNS\dsAccessService.exe -- (JuniperAccessService)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\Dien_Truong.JABSOM-173E0BC2_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKU\Dien_Truong.JABSOM-173E0BC2_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1



FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.21.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=16.0.1.18: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlchromebrowserrecordext;version=1.3.1: C:\Documents and Settings\All Users.WINDOWS\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlhtml5videoshim;version=1.3.1: C:\Documents and Settings\All Users.WINDOWS\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlpepperflashvideoshim;version=1.3.1: C:\Documents and Settings\All Users.WINDOWS\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=16.0.1.18: C:\Program Files\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@realnetworks.com/npdlplugin;version=1: C:\Documents and Settings\All Users.WINDOWS\Application Data\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{D19CA586-DD6C-4a0a-96F8-14644F340D60}: C:\Program Files\Common Files\McAfee\SystemCore [2013/05/05 19:42:17 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{DAC3F861-B30D-40dd-9166-F4E75327FAC7}: C:\Documents and Settings\All Users.WINDOWS\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ [2013/04/14 02:07:48 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users.WINDOWS\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013/04/14 02:07:48 | 000,000,000 | ---D | M]

[2013/04/14 01:51:10 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Dien Truong.JABSOM-173E0BC2\Application Data\Mozilla\Firefox\extensions
[2013/04/14 01:51:19 | 000,000,000 | ---D | M] (uTorrentControl_v6) -- C:\Documents and Settings\Dien Truong.JABSOM-173E0BC2\Application Data\Mozilla\Firefox\extensions\{96f454ea-9d38-474f-b504-56193e00c1a5}
[2012/11/30 21:29:04 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/11/29 04:27:51 | 000,262,112 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/11/29 04:27:12 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/11/29 04:27:12 | 000,002,058 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2008/04/13 19:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {29AAADC9-DA30-4264-BCC4-D447F7146FC1} - No CLSID value found.
O2 - BHO: (RealNetworks Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users.WINDOWS\Application Data\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20120411120059.dll (McAfee, Inc.)
O3 - HKU\Dien_Truong.JABSOM-173E0BC2_ON_C\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\Dien_Truong.JABSOM-173E0BC2_ON_C\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4 - HKLM..\Run: [AESTFltr] C:\WINDOWS\System32\AESTFltr.exe (Andrea Electronics Corporation)
O4 - HKLM..\Run: [DisplaySwitch] C:\Documents and Settings\All Users.WINDOWS\Application Data\DisplaySwitch.exe (Hilgraeve, Inc.)
O4 - HKLM..\Run: [DivXMediaServer] C:\Program Files\DivX\DivX Media Server\DivXMediaServer.exe (DivX, LLC)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [EzPrint] C:\Program Files\Lexmark S300-S400 Series\ezprint.exe ()
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKLM..\Run: [lxeamon.exe] C:\Program Files\Lexmark S300-S400 Series\lxeamon.exe ()
O4 - HKLM..\Run: [McAfeeUpdaterUI] C:\Program Files\McAfee\Common Framework\udaterui.exe (McAfee, Inc.)
O4 - HKLM..\Run: [OdTray.exe] C:\Program Files\Juniper Networks\Odyssey Access Client\odTray.exe (Juniper Networks, Inc.)
O4 - HKLM..\Run: [ShStatEXE] C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE (McAfee, Inc.)
O4 - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKU\Dien_Truong.JABSOM-173E0BC2_ON_C..\Run: [DW6] File not found
O4 - HKU\Dien_Truong.JABSOM-173E0BC2_ON_C..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\VPN Client.lnk = File not found
O4 - Startup: C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\VPN Client.lnk = C:\WINDOWS\Installer\{1CE60928-8325-49A8-8B06-633E48DD2B67}\Icon3E5562ED7.ico ()
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Dien_Truong.JABSOM-173E0BC2_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\LocalService.NT_AUTHORITY_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\NetworkService.NT_AUTHORITY_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} [You must be registered and logged in to see this link.] (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} [You must be registered and logged in to see this link.] (MUWebControl Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} [You must be registered and logged in to see this link.] (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_23)
O16 - DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} [You must be registered and logged in to see this link.] (JuniperSetupControlXP Class)
O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} [You must be registered and logged in to see this link.] (JuniperSetupClientControl Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\OdysseyClient: DllName - odyEvent.dll - C:\WINDOWS\System32\odyEvent.dll (Juniper Networks, Inc.)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2012/09/16 21:58:16 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{1effa95a-0121-11e2-b5e2-701a04427680}\Shell - "" = AutoRun
O33 - MountPoints2\{1effa95a-0121-11e2-b5e2-701a04427680}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{1effa95a-0121-11e2-b5e2-701a04427680}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2013/05/04 12:00:37 | 000,093,696 | ---- | C] (Hilgraeve, Inc.) -- C:\Documents and Settings\All Users.WINDOWS\Application Data\DisplaySwitch.exe
[2013/05/02 15:00:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dien Truong.JABSOM-173E0BC2\Desktop\Dien's Work folder4
[2013/04/22 17:58:58 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2013/04/22 17:58:58 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2013/04/22 17:58:58 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2013/04/22 17:58:58 | 000,073,728 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2013/04/22 17:32:11 | 000,000,000 | ---D | C] -- C:\Firefox
[2013/04/22 17:22:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dien Truong.JABSOM-173E0BC2\Local Settings\Application Data\Sun
[2013/04/22 17:22:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Ask
[2013/04/22 17:22:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Sun
[2013/04/22 17:21:56 | 000,866,720 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\npDeployJava1.dll
[2013/04/22 17:21:56 | 000,472,808 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2013/04/22 17:12:31 | 016,561,952 | ---- | C] (Sun Microsystems, Inc.) -- C:\Program Files\jre-6u23-windows-i586.exe
[2013/04/22 15:50:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dien Truong.JABSOM-173E0BC2\Application Data\Leadertech
[2013/04/22 15:50:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dien Truong.JABSOM-173E0BC2\Application Data\Xerox
[2013/04/22 15:50:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Xerox
[2013/04/18 16:27:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dien Truong.JABSOM-173E0BC2\Documents
[2013/04/18 16:26:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dien Truong.JABSOM-173E0BC2\Lab
[2013/04/18 16:25:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dien Truong.JABSOM-173E0BC2\Work pics
[2013/04/18 16:25:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dien Truong.JABSOM-173E0BC2\VHP Package
[2013/04/18 16:25:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dien Truong.JABSOM-173E0BC2\Technical Specs2
[2013/04/18 16:24:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dien Truong.JABSOM-173E0BC2\Dien
[2013/04/18 16:24:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dien Truong.JABSOM-173E0BC2\Dien's important docs
[2013/04/18 16:23:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dien Truong.JABSOM-173E0BC2\Dien's work folder2
[2013/04/18 16:23:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dien Truong.JABSOM-173E0BC2\Dien's work Folder3
[2013/04/18 16:23:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dien Truong.JABSOM-173E0BC2\Dien's work Folder
[2013/04/18 16:23:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dien Truong.JABSOM-173E0BC2\Lab Electrical
[2013/04/18 16:22:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dien Truong.JABSOM-173E0BC2\BSB Mech pdf dwg2
[2013/04/18 16:18:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dien Truong.JABSOM-173E0BC2\!PROJECTS
[2013/04/18 16:17:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dien Truong.JABSOM-173E0BC2\JABSOM
[2013/04/18 16:16:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dien Truong.JABSOM-173E0BC2\AutoCAD
[2013/04/18 16:15:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dien Truong.JABSOM-173E0BC2\!JABSOM FILES
[2013/04/18 03:43:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dien Truong.JABSOM-173E0BC2\Application Data\DivX
[2013/04/18 03:42:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\DivX Plus
[2013/04/18 03:42:06 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DivX Shared
[2013/04/18 03:40:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dien Truong.JABSOM-173E0BC2\Application Data\SwvUpdater
[2013/04/18 03:40:56 | 000,000,000 | ---D | C] -- C:\Program Files\DivX
[2013/04/18 03:40:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\DivX
[2013/04/18 03:39:50 | 000,000,000 | ---D | C] -- C:\Program Files\OApps
[2013/04/18 03:39:15 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Dien Truong.JABSOM-173E0BC2\My Documents\My Videos
[2013/04/18 03:39:15 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Dien Truong.JABSOM-173E0BC2\Start Menu\Programs\Administrative Tools
[2013/04/17 15:30:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dien Truong.JABSOM-173E0BC2\Application Data\SUPERAntiSpyware.com
[2013/04/17 15:30:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\SUPERAntiSpyware
[2013/04/17 15:30:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\SUPERAntiSpyware.com
[2013/04/17 15:26:49 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2013/04/15 15:27:27 | 000,270,336 | ---- | C] (Hewlett-Packard Company) -- C:\WINDOWS\System32\hpzcon07.dll
[2013/04/15 15:27:27 | 000,208,896 | ---- | C] (HP) -- C:\WINDOWS\System32\hpzcoi07.dll
[2013/04/15 15:27:27 | 000,147,512 | ---- | C] (HP) -- C:\WINDOWS\System32\hpzlnt07.dll
[2013/04/15 15:27:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dien Truong.JABSOM-173E0BC2\Desktop\0900a5a2803d0a1e
[2013/04/14 20:35:13 | 000,000,000 | R--D | C] -- C:\Documents and Settings\LocalService.NT AUTHORITY\Favorites
[2013/04/14 02:08:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dien Truong.JABSOM-173E0BC2\Application Data\RealNetworks
[2013/04/14 02:08:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dien Truong.JABSOM-173E0BC2\Local Settings\Application Data\Real
[2013/04/14 02:07:48 | 000,000,000 | ---D | C] -- C:\Program Files\RealNetworks
[2013/04/14 02:07:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\RealNetworks
[2013/04/14 02:07:21 | 000,201,872 | ---- | C] (RealNetworks, Inc.) -- C:\WINDOWS\System32\rmoc3260.dll
[2013/04/14 02:07:13 | 000,006,656 | ---- | C] (RealNetworks, Inc.) -- C:\WINDOWS\System32\pndx5016.dll
[2013/04/14 02:07:13 | 000,005,632 | ---- | C] (RealNetworks, Inc.) -- C:\WINDOWS\System32\pndx5032.dll
[2013/04/14 02:07:12 | 000,272,896 | ---- | C] (Progressive Networks) -- C:\WINDOWS\System32\pncrt.dll
[2013/04/14 02:07:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\RealNetworks
[2013/04/14 02:06:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dien Truong.JABSOM-173E0BC2\Application Data\Real
[2013/04/14 02:02:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Real
[2013/04/14 01:54:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dien Truong.JABSOM-173E0BC2\My Documents\Downloads
[2013/04/14 01:51:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dien Truong.JABSOM-173E0BC2\Local Settings\Application Data\CRE
[2013/04/14 01:51:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dien Truong.JABSOM-173E0BC2\Application Data\Mozilla
[2013/04/14 01:50:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dien Truong.JABSOM-173E0BC2\Application Data\Nico Mak Computing
[2013/04/14 01:50:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dien Truong.JABSOM-173E0BC2\Application Data\PriceGong
[2013/04/14 01:50:47 | 000,018,304 | ---- | C] (WinZip Computing, S.L.(WinZip Computing)) -- C:\WINDOWS\System32\roboot.exe
[2013/04/14 01:50:42 | 000,000,000 | ---D | C] -- C:\Program Files\Conduit
[2013/04/14 01:50:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dien Truong.JABSOM-173E0BC2\Local Settings\Application Data\Conduit
[2013/04/14 01:50:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dien Truong.JABSOM-173E0BC2\Local Settings\Application Data\Temp
[2013/04/14 01:48:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dien Truong.JABSOM-173E0BC2\Application Data\uTorrent
[2013/04/14 01:41:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Lx_cats
[2013/04/14 01:39:29 | 000,442,368 | ---- | C] ( ) -- C:\WINDOWS\System32\lxeacoin.dll
[2013/04/14 01:39:25 | 000,983,121 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\lxk_gf.dll
[2013/04/14 01:39:13 | 000,087,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wiafbdrv.dll
[2013/04/14 01:39:13 | 000,087,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wiafbdrv.dll
[2013/04/14 01:39:05 | 000,372,736 | ---- | C] (Lexmark International, Inc.) -- C:\WINDOWS\System32\LXEAwupd.dll
[2013/04/14 01:39:05 | 000,213,672 | ---- | C] (Lexmark International, Inc.) -- C:\WINDOWS\System32\LXEAwupd.exe
[2013/04/14 01:38:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Lexmark
[2013/04/14 01:37:48 | 001,048,576 | ---- | C] ( ) -- C:\WINDOWS\System32\lxeaserv.dll
[2013/04/14 01:37:48 | 000,847,872 | ---- | C] ( ) -- C:\WINDOWS\System32\lxeausb1.dll
[2013/04/14 01:37:48 | 000,643,072 | ---- | C] ( ) -- C:\WINDOWS\System32\lxeapmui.dll
[2013/04/14 01:37:48 | 000,364,544 | ---- | C] ( ) -- C:\WINDOWS\System32\lxeainpa.dll
[2013/04/14 01:37:48 | 000,356,352 | ---- | C] ( ) -- C:\WINDOWS\System32\LXEAhcp.dll
[2013/04/14 01:37:48 | 000,344,064 | ---- | C] ( ) -- C:\WINDOWS\System32\lxeaiesc.dll
[2013/04/14 01:37:47 | 000,688,128 | ---- | C] ( ) -- C:\WINDOWS\System32\lxeahbn3.dll
[2013/04/14 01:37:47 | 000,577,536 | ---- | C] ( ) -- C:\WINDOWS\System32\lxealmpm.dll
[2013/04/14 01:37:47 | 000,324,264 | ---- | C] ( ) -- C:\WINDOWS\System32\lxeaih.exe
[2013/04/14 01:37:46 | 000,802,816 | ---- | C] ( ) -- C:\WINDOWS\System32\lxeacomc.dll
[2013/04/14 01:37:46 | 000,598,696 | ---- | C] ( ) -- C:\WINDOWS\System32\lxeacoms.exe
[2013/04/14 01:37:46 | 000,373,416 | ---- | C] ( ) -- C:\WINDOWS\System32\lxeacfg.exe
[2013/04/14 01:37:46 | 000,372,736 | ---- | C] ( ) -- C:\WINDOWS\System32\lxeacomm.dll
[2013/04/14 01:37:46 | 000,086,186 | ---- | C] (Lexmark International) -- C:\WINDOWS\System32\LXEAcfg.dll
[2013/04/12 20:27:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Microsoft Office
[2013/04/12 20:27:17 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Works
[2013/04/12 20:27:15 | 000,000,000 | ---D | C] -- C:\Program Files\MSBuild
[2013/04/12 20:27:08 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio
[2013/04/12 20:23:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dien Truong.JABSOM-173E0BC2\Local Settings\Application Data\Microsoft Help
[2013/04/12 20:23:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft Help
[2013/04/12 20:22:31 | 000,000,000 | RH-D | C] -- C:\MSOCache
[2013/04/11 12:42:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dien Truong.JABSOM-173E0BC2\Application Data\Sun
[2013/04/11 04:09:19 | 000,630,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeeds.dll
[2013/04/11 04:09:19 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeedsbs.dll
[2013/04/11 04:09:17 | 000,743,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iedvtool.dll
[2013/04/11 04:09:16 | 002,004,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iertutil.dll
[2013/04/11 04:09:16 | 000,522,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\jsdbgui.dll
[2013/04/11 04:09:14 | 011,111,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieframe.dll
[2013/04/11 04:07:53 | 000,272,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bthport.sys
[2013/04/11 04:07:21 | 000,456,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mrxsmb.sys
[2013/04/11 04:04:17 | 000,012,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usb8023x.sys
[2013/04/10 22:27:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Windows Genuine Advantage
[2013/04/10 20:26:49 | 000,275,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mucltui.dll
[2013/04/10 20:26:49 | 000,017,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mucltui.dll.mui
[2008/11/05 00:06:56 | 000,069,632 | ---- | C] (Juniper Networks) -- C:\Documents and Settings\All Users.WINDOWS\Application Data\NeoterisSetup.ocx
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/05/05 02:44:46 | 000,002,447 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\VPN Client.lnk
[2013/05/05 02:44:30 | 000,000,290 | ---- | M] () -- C:\WINDOWS\tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-507921405-651377827-682003330-1003.job
[2013/05/05 02:44:29 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013/05/05 02:44:29 | 000,000,298 | ---- | M] () -- C:\WINDOWS\tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-507921405-651377827-682003330-1003.job
[2013/05/05 02:44:26 | 000,000,312 | ---- | M] () -- C:\WINDOWS\tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-507921405-651377827-682003330-1003.job
[2013/05/04 20:34:43 | 000,000,320 | ---- | M] () -- C:\WINDOWS\tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-507921405-651377827-682003330-1003.job
[2013/05/04 20:24:59 | 002,250,054 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Application Data\1.bmp
[2013/05/04 20:24:45 | 000,350,795 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Application Data\1.jpg
[2013/05/04 12:00:34 | 000,093,696 | ---- | M] (Hilgraeve, Inc.) -- C:\Documents and Settings\All Users.WINDOWS\Application Data\DisplaySwitch.exe
[2013/05/04 03:47:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2013/05/03 22:26:32 | 001,215,749 | ---- | M] () -- C:\Documents and Settings\Dien Truong.JABSOM-173E0BC2\Desktop\TEGG - MEB.pdf
[2013/05/03 21:59:00 | 001,204,415 | ---- | M] () -- C:\Documents and Settings\Dien Truong.JABSOM-173E0BC2\Desktop\TEGG - ANC - CP.pdf
[2013/05/03 21:58:36 | 002,084,594 | ---- | M] () -- C:\Documents and Settings\Dien Truong.JABSOM-173E0BC2\Desktop\TEGG - BSB.pdf
[2013/05/03 02:04:33 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\Dien Truong.JABSOM-173E0BC2\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2013/05/02 21:59:18 | 000,023,080 | ---- | M] () -- C:\Documents and Settings\Dien Truong.JABSOM-173E0BC2\Desktop\CPR Replace MB.pdf
[2013/05/02 21:14:01 | 000,583,821 | ---- | M] () -- C:\Documents and Settings\Dien Truong.JABSOM-173E0BC2\Desktop\Form 95.pdf
[2013/05/01 22:41:52 | 000,031,347 | ---- | M] () -- C:\Documents and Settings\Dien Truong.JABSOM-173E0BC2\Desktop\Submeter Reading 05-01-2013.pdf
[2013/04/28 00:57:01 | 000,011,264 | ---- | M] () -- C:\Documents and Settings\Dien Truong.JABSOM-173E0BC2\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/04/26 22:10:32 | 000,372,503 | ---- | M] () -- C:\Documents and Settings\Dien Truong.JABSOM-173E0BC2\Desktop\Form 10 overtime authorization form.pdf
[2013/04/26 16:58:43 | 000,173,561 | ---- | M] () -- C:\Documents and Settings\Dien Truong.JABSOM-173E0BC2\Desktop\Trane FanBlowerAssembly.pdf
[2013/04/25 22:07:42 | 000,028,101 | ---- | M] () -- C:\Documents and Settings\Dien Truong.JABSOM-173E0BC2\Desktop\Deficiencies.pdf
[2013/04/22 20:00:14 | 000,229,888 | ---- | M] () -- C:\Documents and Settings\Dien Truong.JABSOM-173E0BC2\DataRefreshUI_5.2.0.5400.dll
[2013/04/22 17:58:44 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2013/04/22 17:58:44 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2013/04/22 17:58:44 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2013/04/22 17:58:44 | 000,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2013/04/22 17:58:43 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2013/04/22 17:30:30 | 000,866,720 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\npDeployJava1.dll
[2013/04/19 04:48:09 | 000,000,338 | ---- | M] () -- C:\WINDOWS\tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-507921405-651377827-682003330-1003.job
[2013/04/18 03:42:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\DivX Plus
[2013/04/18 03:40:48 | 000,000,009 | ---- | M] () -- C:\END
[2013/04/18 03:40:19 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\TempWmicBatchFile.bat
[2013/04/18 03:39:55 | 000,000,000 | ---- | M] () -- C:\extensions.sqlite
[2013/04/17 15:30:29 | 000,001,678 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\SUPERAntiSpyware Free Edition.lnk
[2013/04/17 15:30:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\SUPERAntiSpyware
[2013/04/17 04:16:54 | 000,000,804 | ---- | M] () -- C:\Documents and Settings\Dien Truong.JABSOM-173E0BC2\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2013/04/15 16:31:34 | 000,018,904 | ---- | M] () -- C:\WINDOWS\hpdj6122.his
[2013/04/15 16:31:34 | 000,003,142 | ---- | M] () -- C:\WINDOWS\hpdj6122.ini
[2013/04/15 16:19:44 | 000,127,276 | ---- | M] () -- C:\WINDOWS\hpdj6122.hi1
[2013/04/15 16:19:44 | 000,010,287 | ---- | M] () -- C:\WINDOWS\hpdj6122.bu1
[2013/04/15 16:02:45 | 000,140,144 | ---- | M] () -- C:\WINDOWS\hpdj6122.hi2
[2013/04/15 16:02:45 | 000,010,287 | ---- | M] () -- C:\WINDOWS\hpdj6122.bu2
[2013/04/14 18:51:55 | 000,263,024 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2013/04/14 02:07:54 | 000,000,929 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\RealPlayer.lnk
[2013/04/14 02:07:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\RealNetworks
[2013/04/14 02:07:21 | 000,201,872 | ---- | M] (RealNetworks, Inc.) -- C:\WINDOWS\System32\rmoc3260.dll
[2013/04/14 02:07:13 | 000,006,656 | ---- | M] (RealNetworks, Inc.) -- C:\WINDOWS\System32\pndx5016.dll
[2013/04/14 02:07:13 | 000,005,632 | ---- | M] (RealNetworks, Inc.) -- C:\WINDOWS\System32\pndx5032.dll
[2013/04/14 02:07:12 | 000,272,896 | ---- | M] (Progressive Networks) -- C:\WINDOWS\System32\pncrt.dll
[2013/04/14 01:41:36 | 000,198,047 | ---- | M] () -- C:\WINDOWS\System32\LexFiles.ulf
[2013/04/14 01:38:39 | 000,000,814 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Launch Lexmark Printer Home.LNK
[2013/04/14 01:38:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Lexmark
[2013/04/12 20:27:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Microsoft Office
[2013/04/12 13:11:46 | 000,312,172 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2013/04/12 13:11:46 | 000,040,394 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2013/04/12 10:48:20 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/05/04 20:24:59 | 002,250,054 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Application Data\1.bmp
[2013/05/04 20:24:39 | 000,350,795 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Application Data\1.jpg
[2013/05/03 22:26:31 | 001,215,749 | ---- | C] () -- C:\Documents and Settings\Dien Truong.JABSOM-173E0BC2\Desktop\TEGG - MEB.pdf
[2013/05/03 21:58:59 | 001,204,415 | ---- | C] () -- C:\Documents and Settings\Dien Truong.JABSOM-173E0BC2\Desktop\TEGG - ANC - CP.pdf
[2013/05/03 21:58:34 | 002,084,594 | ---- | C] () -- C:\Documents and Settings\Dien Truong.JABSOM-173E0BC2\Desktop\TEGG - BSB.pdf
[2013/05/02 21:24:48 | 000,023,080 | ---- | C] () -- C:\Documents and Settings\Dien Truong.JABSOM-173E0BC2\Desktop\CPR Replace MB.pdf
[2013/05/02 21:14:00 | 000,583,821 | ---- | C] () -- C:\Documents and Settings\Dien Truong.JABSOM-173E0BC2\Desktop\Form 95.pdf
[2013/05/01 22:41:51 | 000,031,347 | ---- | C] () -- C:\Documents and Settings\Dien Truong.JABSOM-173E0BC2\Desktop\Submeter Reading 05-01-2013.pdf
[2013/04/26 22:10:32 | 000,372,503 | ---- | C] () -- C:\Documents and Settings\Dien Truong.JABSOM-173E0BC2\Desktop\Form 10 overtime authorization form.pdf
[2013/04/26 16:58:41 | 000,173,561 | ---- | C] () -- C:\Documents and Settings\Dien Truong.JABSOM-173E0BC2\Desktop\Trane FanBlowerAssembly.pdf
[2013/04/25 22:07:41 | 000,028,101 | ---- | C] () -- C:\Documents and Settings\Dien Truong.JABSOM-173E0BC2\Desktop\Deficiencies.pdf
[2013/04/22 20:00:14 | 000,229,888 | ---- | C] () -- C:\Documents and Settings\Dien Truong.JABSOM-173E0BC2\DataRefreshUI_5.2.0.5400.dll
[2013/04/19 04:48:12 | 000,000,320 | ---- | C] () -- C:\WINDOWS\tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-507921405-651377827-682003330-1003.job
[2013/04/19 04:48:12 | 000,000,312 | ---- | C] () -- C:\WINDOWS\tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-507921405-651377827-682003330-1003.job
[2013/04/19 04:48:09 | 000,000,338 | ---- | C] () -- C:\WINDOWS\tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-507921405-651377827-682003330-1003.job
[2013/04/18 03:40:19 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\TempWmicBatchFile.bat
[2013/04/18 03:39:55 | 000,000,000 | ---- | C] () -- C:\extensions.sqlite
[2013/04/17 15:30:29 | 000,001,678 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\SUPERAntiSpyware Free Edition.lnk
[2013/04/17 04:16:54 | 000,000,804 | ---- | C] () -- C:\Documents and Settings\Dien Truong.JABSOM-173E0BC2\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2013/04/17 04:16:21 | 000,011,264 | ---- | C] () -- C:\Documents and Settings\Dien Truong.JABSOM-173E0BC2\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/04/15 16:08:51 | 000,140,144 | ---- | C] () -- C:\WINDOWS\hpdj6122.hi2
[2013/04/15 16:08:51 | 000,010,287 | ---- | C] () -- C:\WINDOWS\hpdj6122.bu2
[2013/04/15 15:49:39 | 000,127,276 | ---- | C] () -- C:\WINDOWS\hpdj6122.hi1
[2013/04/15 15:49:39 | 000,010,287 | ---- | C] () -- C:\WINDOWS\hpdj6122.bu1
[2013/04/15 15:27:54 | 000,018,904 | ---- | C] () -- C:\WINDOWS\hpdj6122.his
[2013/04/15 15:27:54 | 000,003,142 | ---- | C] () -- C:\WINDOWS\hpdj6122.ini
[2013/04/14 02:08:27 | 000,000,298 | ---- | C] () -- C:\WINDOWS\tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-507921405-651377827-682003330-1003.job
[2013/04/14 02:08:27 | 000,000,290 | ---- | C] () -- C:\WINDOWS\tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-507921405-651377827-682003330-1003.job
[2013/04/14 02:07:54 | 000,000,929 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\RealPlayer.lnk
[2013/04/14 01:50:25 | 000,000,964 | ---- | C] () -- C:\Documents and Settings\Dien Truong.JABSOM-173E0BC2\Start Menu\Programs\µTorrent.lnk
[2013/04/14 01:39:32 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\lxeavs.dll
[2013/04/14 01:39:25 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\lxeagcfg.dll
[2013/04/14 01:39:25 | 000,065,106 | ---- | C] () -- C:\WINDOWS\System32\lxeaprpr.chm
[2013/04/14 01:39:24 | 000,294,912 | ---- | C] () -- C:\WINDOWS\System32\lxeacui.dll
[2013/04/14 01:39:24 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\lxeacuir.dll
[2013/04/14 01:39:24 | 000,008,694 | ---- | C] () -- C:\WINDOWS\System32\lxeacommuilogo_rtl.bmp
[2013/04/14 01:39:24 | 000,008,694 | ---- | C] () -- C:\WINDOWS\System32\lxeacommuilogo.bmp
[2013/04/14 01:38:39 | 000,000,814 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Launch Lexmark Printer Home.LNK
[2013/04/14 01:37:48 | 000,331,776 | ---- | C] () -- C:\WINDOWS\System32\LXEAinst.dll
[2013/04/14 01:37:48 | 000,198,047 | ---- | C] () -- C:\WINDOWS\System32\LexFiles.ulf
[2013/04/14 01:37:47 | 000,323,584 | ---- | C] () -- C:\WINDOWS\System32\lxeains.dll
[2013/04/14 01:37:47 | 000,262,144 | ---- | C] () -- C:\WINDOWS\System32\lxeainsb.dll
[2013/04/14 01:37:47 | 000,208,896 | ---- | C] () -- C:\WINDOWS\System32\lxeagrd.dll
[2013/04/14 01:37:47 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\lxeainsr.dll
[2013/04/14 01:37:47 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\lxeacub.dll
[2013/04/14 01:37:47 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\lxeajswr.dll
[2013/04/14 01:37:47 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\lxeacur.dll
[2013/04/14 01:37:46 | 000,253,952 | ---- | C] () -- C:\WINDOWS\System32\lxeacu.dll
[2013/04/14 01:37:46 | 000,002,106 | ---- | C] () -- C:\WINDOWS\System32\lxea.loc
[2013/04/14 01:37:32 | 000,299,008 | ---- | C] () -- C:\WINDOWS\System32\LXEAsm.dll
[2013/04/14 01:37:32 | 000,023,552 | ---- | C] () -- C:\WINDOWS\System32\LXEAsmr.dll
[2013/04/11 04:02:00 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2013/04/11 04:02:00 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\dllcache\iacenc.dll
[2012/04/11 14:26:43 | 002,026,604 | ---- | C] () -- C:\WINDOWS\System32\igkrng500.bin
[2012/04/11 14:26:43 | 000,442,964 | ---- | C] () -- C:\WINDOWS\System32\igcompkrng500.bin
[2012/04/11 14:26:43 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v5016.dll
[2012/04/11 12:33:42 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/04/11 06:23:29 | 000,753,664 | ---- | C] () -- C:\WINDOWS\System32\bcm1xsup.dll
[2012/04/11 06:23:29 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\preflib.dll
[2012/04/11 06:23:29 | 000,024,064 | ---- | C] () -- C:\WINDOWS\System32\WLTRYSVC.EXE
[2012/04/11 05:47:26 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2010/09/27 18:03:08 | 000,201,512 | ---- | C] () -- C:\WINDOWS\System32\vpnapi.dll
[2010/09/27 17:57:26 | 000,197,416 | ---- | C] () -- C:\WINDOWS\System32\CSGina.dll
[2009/01/19 18:18:30 | 000,000,064 | ---- | C] () -- C:\WINDOWS\System32\drivers\odFIPS2.sys.icv
[2008/04/13 19:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2008/04/13 19:00:00 | 000,588,800 | ---- | C] () -- C:\WINDOWS\System32\autochk.exe
[2008/04/13 19:00:00 | 000,312,172 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2008/04/13 19:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2008/04/13 19:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2008/04/13 19:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2008/04/13 19:00:00 | 000,040,394 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2008/04/13 19:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2008/04/13 19:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2008/04/13 19:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2008/04/13 19:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2008/01/01 15:01:34 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2008/01/01 15:00:05 | 000,263,024 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2005/04/14 23:52:33 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2005/04/14 23:52:33 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat

========== LOP Check ==========

[2012/04/11 15:14:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dien Truong.JABSOM-173E0BC2\Application Data\Funk Software
[2013/04/22 15:50:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dien Truong.JABSOM-173E0BC2\Application Data\Leadertech
[2013/04/14 18:58:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dien Truong.JABSOM-173E0BC2\Application Data\Nico Mak Computing
[2013/04/18 14:39:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dien Truong.JABSOM-173E0BC2\Application Data\PriceGong
[2013/04/18 14:44:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dien Truong.JABSOM-173E0BC2\Application Data\SwvUpdater
[2013/05/04 11:59:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dien Truong.JABSOM-173E0BC2\Application Data\uTorrent
[2013/04/22 15:50:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dien Truong.JABSOM-173E0BC2\Application Data\Xerox
[2013/04/22 17:22:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Ask
[2012/04/11 15:13:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Juniper Networks
[2013/04/22 15:50:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Xerox

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 23040 bytes -> C:\WINDOWS\System32\autochk.exe:BAK
< End of report >

DIENT42
Intermediate
Intermediate

Status :
Online
Offline

Posts : 65
Joined : 2010-06-11
OS : XP

View user profile

Back to top Go down

Re: department of justice virus

Post by Superdave on Mon May 06, 2013 1:50 am

* Open OTL
* Copy and Paste the following text in the codebox into the Custom Scans/Fixes window.

Code:

:OTL
O3 - HKU\Dien_Truong.JABSOM-173E0BC2_ON_C\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\Dien_Truong.JABSOM-173E0BC2_ON_C\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKU\Dien_Truong.JABSOM-173E0BC2_ON_C..\Run: [DW6] File not found
O2 - BHO: (no name) - {29AAADC9-DA30-4264-BCC4-D447F7146FC1} - No CLSID value found.
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\VPN Client.lnk = File not found
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
:COMMANDS
[resethosts]
[purity]
[start explorer]

* Click Run Fix
* OTLI2 may ask to reboot the machine. Please do so if asked.
* Click OK
* A report will open. Copy and Paste that report in your next reply.
***********************************************************
I'm not seeing very much wrong here. Please try this. Download MBAM on another computer and transfer it to your computer using a USB memory stick. While you have the computer booted using the OTLPE disk, try running MBAM and see if it comes up with anything. If that doesn't work the only thing I can think of doing is to save your important data to an external drive or DVD's and running the Recovery Console.

Please download Malwarebytes Anti-Malware from [You must be registered and logged in to see this link.]
Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Full Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • Please save the log to a location you will remember.
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

Superdave
Captain
Captain

Status :
Online
Offline

Posts : 4202
Joined : 2010-02-01
Gender : Male
OS : Windows 8.1 and a dual-boot with XP Home SP3

View user profile

Back to top Go down

Re: department of justice virus

Post by DIENT42 on Mon May 06, 2013 5:56 am

Hi SuperDave,

Here is the log file for running the fix:

OTL ==========
Registry value HKEY_USERS\Dien_Truong.JABSOM-173E0BC2_ON_C\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found.
Registry value HKEY_USERS\Dien_Truong.JABSOM-173E0BC2_ON_C\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\KernelFaultCheck deleted successfully.
Registry value HKEY_USERS\Dien_Truong.JABSOM-173E0BC2_ON_C\Software\Microsoft\Windows\CurrentVersion\Run\\DW6 deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{29AAADC9-DA30-4264-BCC4-D447F7146FC1}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{29AAADC9-DA30-4264-BCC4-D447F7146FC1}\ not found.
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\VPN Client.lnk moved successfully.
C:\WINDOWS\SET3.tmp deleted successfully.
C:\WINDOWS\SET4.tmp deleted successfully.
C:\WINDOWS\SET8.tmp deleted successfully.
C:\WINDOWS\System32\CONFIG.TMP deleted successfully.
C:\WINDOWS\System32\ody13.tmp deleted successfully.
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTLPE by OldTimer - Version 3.1.48.0 log created on 05052013_202621

DIENT42
Intermediate
Intermediate

Status :
Online
Offline

Posts : 65
Joined : 2010-06-11
OS : XP

View user profile

Back to top Go down

Re: department of justice virus

Post by DIENT42 on Mon May 06, 2013 6:45 am

Hi SuperDave,

Having trouble running MBAM, keeps coming up with errors, or runs for 2 seconds and says no errors.

I can get to the recovery console, but what do i do when i get there?

DIENT42
Intermediate
Intermediate

Status :
Online
Offline

Posts : 65
Joined : 2010-06-11
OS : XP

View user profile

Back to top Go down

Re: department of justice virus

Post by DIENT42 on Mon May 06, 2013 7:08 am

hi Superdave,

dont know if it is significant or not, but when i ran the otlpe, when you said to change drivers to non-microsoft, i selected "none" since the other two choices were, "all" or " use safelist" .

DIENT42
Intermediate
Intermediate

Status :
Online
Offline

Posts : 65
Joined : 2010-06-11
OS : XP

View user profile

Back to top Go down

Re: department of justice virus

Post by DIENT42 on Mon May 06, 2013 7:23 am

Hi SuoerDave,

I ran a new scan of the OTLPE with the "skip Microsoft files" selected and here is the text file:

OTL logfile created on: 5/5/2013 10:15:07 PM - Run
OTLPE by OldTimer - Version 3.1.48.0 Folder = X:\Programs\OTLPE
Microsoft Windows XP Service Pack 3 (Version = 5.1.2600) - Type = SYSTEM
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 90.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 97.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232.84 Gb Total Space | 97.50 Gb Free Space | 41.87% Space Free | Partition Type: NTFS
Drive D: | 7.45 Gb Total Space | 6.98 Gb Free Space | 93.74% Space Free | Partition Type: FAT32
Drive X: | 284.12 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet002

========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled] -- -- (HidServ)
SRV - [2012/09/17 16:36:52 | 000,166,024 | ---- | M] (McAfee, Inc.) [Auto] -- C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe -- (McShield)
SRV - [2012/07/11 14:54:49 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto] -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE -- (!SASCORE)
SRV - [2012/04/11 18:00:38 | 000,148,520 | ---- | M] (McAfee, Inc.) [Auto] -- C:\WINDOWS\System32\mfevtps.exe -- (mfevtp)
SRV - [2012/04/11 12:24:51 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2011/09/15 02:08:00 | 000,209,760 | ---- | M] (McAfee, Inc.) [Auto] -- C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe -- (McTaskManager)
SRV - [2011/05/19 22:05:00 | 000,120,128 | ---- | M] (McAfee, Inc.) [Auto] -- C:\Program Files\McAfee\Common Framework\FrameworkService.exe -- (McAfeeFramework)
SRV - [2010/09/27 17:58:24 | 001,528,616 | ---- | M] (Cisco Systems, Inc.) [Auto] -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND)
SRV - [2010/04/14 21:45:21 | 000,598,696 | ---- | M] ( ) [Auto] -- C:\WINDOWS\System32\lxeacoms.exe -- (lxea_device)
SRV - [2010/04/14 21:45:14 | 000,193,192 | ---- | M] () [Auto] -- C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxeaserv.exe -- (lxeaCATSCustConnectService)
SRV - [2009/02/21 00:36:00 | 000,249,938 | ---- | M] (IDT, Inc.) [Auto] -- C:\Program Files\IDT\XPV10_6147v005\WDM\stacsv.exe -- (STacSV)
SRV - [2009/01/19 19:38:36 | 000,365,864 | ---- | M] (Juniper Networks, Inc.) [Auto] -- C:\Program Files\Juniper Networks\Odyssey Access Client\odClientService.exe -- (odClientService)
SRV - [2009/01/19 18:48:24 | 000,116,008 | ---- | M] (Juniper Networks) [On_Demand] -- C:\Program Files\Common Files\Juniper Networks\TNC Client\jTnccService.exe -- (EacService)
SRV - [2009/01/08 17:55:00 | 000,072,224 | ---- | M] (O2Micro International) [Auto] -- C:\WINDOWS\system32\drivers\o2flash.exe -- (O2FLASH)
SRV - [2008/11/05 00:10:10 | 000,087,416 | ---- | M] (Juniper Networks) [Auto] -- C:\Program Files\Common Files\Juniper Networks\JUNS\dsAccessService.exe -- (JuniperAccessService)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDCOMP)
DRV - File not found [Kernel | System] -- -- (PCIDump)
DRV - File not found [Kernel | On_Demand] -- -- (mfeavfk01)
DRV - File not found [Kernel | System] -- -- (lbrtfdc)
DRV - File not found [Kernel | System] -- -- (i2omgmt)
DRV - File not found [Kernel | System] -- -- (Changer)
DRV - File not found [Kernel | Boot] -- -- (cerc6)
DRV - [2012/04/11 18:00:37 | 000,461,864 | ---- | M] (McAfee, Inc.) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2012/04/11 18:00:37 | 000,180,072 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2012/04/11 18:00:37 | 000,119,968 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\mfeapfk.sys -- (mfeapfk)
DRV - [2012/04/11 18:00:37 | 000,089,624 | ---- | M] (McAfee, Inc.) [Kernel | System] -- C:\WINDOWS\system32\drivers\mfetdi2k.sys -- (mfetdi2k)
DRV - [2012/04/11 18:00:37 | 000,087,808 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\mferkdet.sys -- (mferkdet)
DRV - [2012/04/11 18:00:37 | 000,059,288 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2011/07/22 12:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011/07/12 17:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/09/27 17:56:00 | 000,308,859 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\CVPNDRVA.sys -- (CVPNDRVA)
DRV - [2009/02/21 00:36:00 | 001,548,339 | ---- | M] (IDT, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2009/02/21 00:35:00 | 000,112,512 | ---- | M] (Andrea Electronics Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\AESTAud.sys -- (AESTAud)
DRV - [2009/02/02 21:54:00 | 000,120,064 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2009/01/19 18:18:30 | 000,282,496 | ---- | M] (Juniper Networks, Inc.) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\odFIPS2.sys -- (odFips2)
DRV - [2009/01/19 18:18:30 | 000,009,856 | ---- | M] (Juniper Networks, Inc.) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\odFIPS.sys -- (odFips)
DRV - [2009/01/10 23:26:52 | 000,390,144 | ---- | M] (Juniper Networks, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\jnprna.sys -- (jnprna)
DRV - [2009/01/10 23:26:52 | 000,029,312 | ---- | M] (Juniper Networks, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\jnprvamgr.sys -- (JnprVaMgr)
DRV - [2009/01/10 23:26:52 | 000,011,008 | ---- | M] (Juniper Networks, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\jnprva.sys -- (jnprva)
DRV - [2009/01/08 17:55:00 | 000,051,616 | ---- | M] (O2Micro ) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\o2mdg.sys -- (O2MDGRDR)
DRV - [2009/01/08 17:55:00 | 000,041,760 | ---- | M] (O2Micro ) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\o2sdg.sys -- (O2SDGRDR)
DRV - [2008/11/17 00:39:44 | 000,131,984 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\dne2000.sys -- (DNE)
DRV - [2008/10/24 19:00:32 | 001,287,552 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2007/11/15 01:05:16 | 000,394,952 | ---- | M] (Zone Labs, LLC) [Kernel | On_Demand] -- C:\WINDOWS\system32\vsdatant.sys -- (vsdatant)
DRV - [2007/01/19 02:28:02 | 000,005,275 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\CVirtA.sys -- (CVirtA)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\Dien_Truong.JABSOM-173E0BC2_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKU\Dien_Truong.JABSOM-173E0BC2_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1



FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.21.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=16.0.1.18: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlchromebrowserrecordext;version=1.3.1: C:\Documents and Settings\All Users.WINDOWS\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlhtml5videoshim;version=1.3.1: C:\Documents and Settings\All Users.WINDOWS\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlpepperflashvideoshim;version=1.3.1: C:\Documents and Settings\All Users.WINDOWS\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=16.0.1.18: C:\Program Files\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@realnetworks.com/npdlplugin;version=1: C:\Documents and Settings\All Users.WINDOWS\Application Data\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{D19CA586-DD6C-4a0a-96F8-14644F340D60}: C:\Program Files\Common Files\McAfee\SystemCore [2013/05/06 02:15:13 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{DAC3F861-B30D-40dd-9166-F4E75327FAC7}: C:\Documents and Settings\All Users.WINDOWS\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ [2013/04/14 02:07:48 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users.WINDOWS\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013/04/14 02:07:48 | 000,000,000 | ---D | M]

[2013/04/14 01:51:10 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Dien Truong.JABSOM-173E0BC2\Application Data\Mozilla\Firefox\extensions
[2013/04/14 01:51:19 | 000,000,000 | ---D | M] (uTorrentControl_v6) -- C:\Documents and Settings\Dien Truong.JABSOM-173E0BC2\Application Data\Mozilla\Firefox\extensions\{96f454ea-9d38-474f-b504-56193e00c1a5}
[2012/11/30 21:29:04 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/11/29 04:27:51 | 000,262,112 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/11/29 04:27:12 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/11/29 04:27:12 | 000,002,058 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2013/05/05 20:26:26 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {29AAADC9-DA30-4264-BCC4-D447F7146FC1} - No CLSID value found.
O2 - BHO: (RealNetworks Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users.WINDOWS\Application Data\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20120411120059.dll (McAfee, Inc.)
O3 - HKU\Dien_Truong.JABSOM-173E0BC2_ON_C\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\Dien_Truong.JABSOM-173E0BC2_ON_C\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4 - HKLM..\Run: [AESTFltr] C:\WINDOWS\System32\AESTFltr.exe (Andrea Electronics Corporation)
O4 - HKLM..\Run: [DisplaySwitch] C:\Documents and Settings\All Users.WINDOWS\Application Data\DisplaySwitch.exe (Hilgraeve, Inc.)
O4 - HKLM..\Run: [DivXMediaServer] C:\Program Files\DivX\DivX Media Server\DivXMediaServer.exe (DivX, LLC)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [EzPrint] C:\Program Files\Lexmark S300-S400 Series\ezprint.exe ()
O4 - HKLM..\Run: [lxeamon.exe] C:\Program Files\Lexmark S300-S400 Series\lxeamon.exe ()
O4 - HKLM..\Run: [McAfeeUpdaterUI] C:\Program Files\McAfee\Common Framework\udaterui.exe (McAfee, Inc.)
O4 - HKLM..\Run: [OdTray.exe] C:\Program Files\Juniper Networks\Odyssey Access Client\odTray.exe (Juniper Networks, Inc.)
O4 - HKLM..\Run: [ShStatEXE] C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE (McAfee, Inc.)
O4 - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKU\Dien_Truong.JABSOM-173E0BC2_ON_C..\Run: [DW6] File not found
O4 - HKU\Dien_Truong.JABSOM-173E0BC2_ON_C..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - Startup: C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\VPN Client.lnk = C:\WINDOWS\Installer\{1CE60928-8325-49A8-8B06-633E48DD2B67}\Icon3E5562ED7.ico ()
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Dien_Truong.JABSOM-173E0BC2_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\LocalService.NT_AUTHORITY_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\NetworkService.NT_AUTHORITY_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} [You must be registered and logged in to see this link.] (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} [You must be registered and logged in to see this link.] (MUWebControl Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} [You must be registered and logged in to see this link.] (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_23)
O16 - DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} [You must be registered and logged in to see this link.] (JuniperSetupControlXP Class)
O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} [You must be registered and logged in to see this link.] (JuniperSetupClientControl Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\OdysseyClient: DllName - odyEvent.dll - C:\WINDOWS\System32\odyEvent.dll (Juniper Networks, Inc.)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2012/09/16 21:58:16 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{1effa95a-0121-11e2-b5e2-701a04427680}\Shell - "" = AutoRun
O33 - MountPoints2\{1effa95a-0121-11e2-b5e2-701a04427680}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{1effa95a-0121-11e2-b5e2-701a04427680}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2013/05/05 21:32:46 | 000,000,000 | ---D | C] -- C:\Underworld.1.2.3
[2013/05/05 21:31:06 | 000,000,000 | ---D | C] -- C:\The Matrix Trilogy
[2013/05/05 20:26:21 | 000,000,000 | ---D | C] -- C:\_OTL
[2013/05/04 12:00:37 | 000,093,696 | ---- | C] (Hilgraeve, Inc.) -- C:\Documents and Settings\All Users.WINDOWS\Application Data\DisplaySwitch.exe
[2013/05/02 15:00:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dien Truong.JABSOM-173E0BC2\Desktop\Dien's Work folder4
[2013/04/22 17:58:58 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2013/04/22 17:58:58 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2013/04/22 17:58:58 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2013/04/22 17:58:58 | 000,073,728 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2013/04/22 17:32:11 | 000,000,000 | ---D | C] -- C:\Firefox
[2013/04/22 17:22:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dien Truong.JABSOM-173E0BC2\Local Settings\Application Data\Sun
[2013/04/22 17:22:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Ask
[2013/04/22 17:22:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Sun
[2013/04/22 17:21:56 | 000,866,720 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\npDeployJava1.dll
[2013/04/22 17:21:56 | 000,472,808 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2013/04/22 17:12:31 | 016,561,952 | ---- | C] (Sun Microsystems, Inc.) -- C:\Program Files\jre-6u23-windows-i586.exe
[2013/04/22 15:50:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dien Truong.JABSOM-173E0BC2\Application Data\Leadertech
[2013/04/22 15:50:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dien Truong.JABSOM-173E0BC2\Application Data\Xerox
[2013/04/22 15:50:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Xerox
[2013/04/18 16:27:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dien Truong.JABSOM-173E0BC2\Documents
[2013/04/18 16:26:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dien Truong.JABSOM-173E0BC2\Lab
[2013/04/18 16:25:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dien Truong.JABSOM-173E0BC2\Work pics
[2013/04/18 16:25:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dien Truong.JABSOM-173E0BC2\VHP Package
[2013/04/18 16:25:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dien Truong.JABSOM-173E0BC2\Technical Specs2
[2013/04/18 16:24:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dien Truong.JABSOM-173E0BC2\Dien
[2013/04/18 16:24:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dien Truong.JABSOM-173E0BC2\Dien's important docs
[2013/04/18 16:23:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dien Truong.JABSOM-173E0BC2\Dien's work folder2
[2013/04/18 16:23:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dien Truong.JABSOM-173E0BC2\Dien's work Folder3
[2013/04/18 16:23:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dien Truong.JABSOM-173E0BC2\Dien's work Folder
[2013/04/18 16:23:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dien Truong.JABSOM-173E0BC2\Lab Electrical
[2013/04/18 16:22:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dien Truong.JABSOM-173E0BC2\BSB Mech pdf dwg2
[2013/04/18 16:18:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dien Truong.JABSOM-173E0BC2\!PROJECTS
[2013/04/18 16:17:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dien Truong.JABSOM-173E0BC2\JABSOM
[2013/04/18 16:16:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dien Truong.JABSOM-173E0BC2\AutoCAD
[2013/04/18 16:15:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dien Truong.JABSOM-173E0BC2\!JABSOM FILES
[2013/04/18 03:43:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dien Truong.JABSOM-173E0BC2\Application Data\DivX
[2013/04/18 03:42:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\DivX Plus
[2013/04/18 03:42:06 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DivX Shared
[2013/04/18 03:40:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dien Truong.JABSOM-173E0BC2\Application Data\SwvUpdater
[2013/04/18 03:40:56 | 000,000,000 | ---D | C] -- C:\Program Files\DivX
[2013/04/18 03:40:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\DivX
[2013/04/18 03:39:50 | 000,000,000 | ---D | C] -- C:\Program Files\OApps
[2013/04/18 03:39:15 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Dien Truong.JABSOM-173E0BC2\My Documents\My Videos
[2013/04/18 03:39:15 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Dien Truong.JABSOM-173E0BC2\Start Menu\Programs\Administrative Tools
[2013/04/17 15:30:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dien Truong.JABSOM-173E0BC2\Application Data\SUPERAntiSpyware.com
[2013/04/17 15:30:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\SUPERAntiSpyware
[2013/04/17 15:30:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\SUPERAntiSpyware.com
[2013/04/17 15:26:49 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2013/04/15 15:27:27 | 000,270,336 | ---- | C] (Hewlett-Packard Company) -- C:\WINDOWS\System32\hpzcon07.dll
[2013/04/15 15:27:27 | 000,208,896 | ---- | C] (HP) -- C:\WINDOWS\System32\hpzcoi07.dll
[2013/04/15 15:27:27 | 000,147,512 | ---- | C] (HP) -- C:\WINDOWS\System32\hpzlnt07.dll
[2013/04/15 15:27:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dien Truong.JABSOM-173E0BC2\Desktop\0900a5a2803d0a1e
[2013/04/14 20:35:13 | 000,000,000 | R--D | C] -- C:\Documents and Settings\LocalService.NT AUTHORITY\Favorites
[2013/04/14 02:08:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dien Truong.JABSOM-173E0BC2\Application Data\RealNetworks
[2013/04/14 02:08:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dien Truong.JABSOM-173E0BC2\Local Settings\Application Data\Real
[2013/04/14 02:07:48 | 000,000,000 | ---D | C] -- C:\Program Files\RealNetworks
[2013/04/14 02:07:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\RealNetworks
[2013/04/14 02:07:21 | 000,201,872 | ---- | C] (RealNetworks, Inc.) -- C:\WINDOWS\System32\rmoc3260.dll
[2013/04/14 02:07:13 | 000,006,656 | ---- | C] (RealNetworks, Inc.) -- C:\WINDOWS\System32\pndx5016.dll
[2013/04/14 02:07:13 | 000,005,632 | ---- | C] (RealNetworks, Inc.) -- C:\WINDOWS\System32\pndx5032.dll
[2013/04/14 02:07:12 | 000,272,896 | ---- | C] (Progressive Networks) -- C:\WINDOWS\System32\pncrt.dll
[2013/04/14 02:07:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\RealNetworks
[2013/04/14 02:06:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dien Truong.JABSOM-173E0BC2\Application Data\Real
[2013/04/14 02:02:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Real
[2013/04/14 01:54:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dien Truong.JABSOM-173E0BC2\My Documents\Downloads
[2013/04/14 01:51:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dien Truong.JABSOM-173E0BC2\Local Settings\Application Data\CRE
[2013/04/14 01:51:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dien Truong.JABSOM-173E0BC2\Application Data\Mozilla
[2013/04/14 01:50:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dien Truong.JABSOM-173E0BC2\Application Data\Nico Mak Computing
[2013/04/14 01:50:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dien Truong.JABSOM-173E0BC2\Application Data\PriceGong
[2013/04/14 01:50:47 | 000,018,304 | ---- | C] (WinZip Computing, S.L.(WinZip Computing)) -- C:\WINDOWS\System32\roboot.exe
[2013/04/14 01:50:42 | 000,000,000 | ---D | C] -- C:\Program Files\Conduit
[2013/04/14 01:50:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dien Truong.JABSOM-173E0BC2\Local Settings\Application Data\Conduit
[2013/04/14 01:50:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dien Truong.JABSOM-173E0BC2\Local Settings\Application Data\Temp
[2013/04/14 01:48:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dien Truong.JABSOM-173E0BC2\Application Data\uTorrent
[2013/04/14 01:41:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Lx_cats
[2013/04/14 01:39:29 | 000,442,368 | ---- | C] ( ) -- C:\WINDOWS\System32\lxeacoin.dll
[2013/04/14 01:39:05 | 000,372,736 | ---- | C] (Lexmark International, Inc.) -- C:\WINDOWS\System32\LXEAwupd.dll
[2013/04/14 01:39:05 | 000,213,672 | ---- | C] (Lexmark International, Inc.) -- C:\WINDOWS\System32\LXEAwupd.exe
[2013/04/14 01:38:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Lexmark
[2013/04/14 01:37:48 | 001,048,576 | ---- | C] ( ) -- C:\WINDOWS\System32\lxeaserv.dll
[2013/04/14 01:37:48 | 000,847,872 | ---- | C] ( ) -- C:\WINDOWS\System32\lxeausb1.dll
[2013/04/14 01:37:48 | 000,643,072 | ---- | C] ( ) -- C:\WINDOWS\System32\lxeapmui.dll
[2013/04/14 01:37:48 | 000,364,544 | ---- | C] ( ) -- C:\WINDOWS\System32\lxeainpa.dll
[2013/04/14 01:37:48 | 000,356,352 | ---- | C] ( ) -- C:\WINDOWS\System32\LXEAhcp.dll
[2013/04/14 01:37:48 | 000,344,064 | ---- | C] ( ) -- C:\WINDOWS\System32\lxeaiesc.dll
[2013/04/14 01:37:47 | 000,688,128 | ---- | C] ( ) -- C:\WINDOWS\System32\lxeahbn3.dll
[2013/04/14 01:37:47 | 000,577,536 | ---- | C] ( ) -- C:\WINDOWS\System32\lxealmpm.dll
[2013/04/14 01:37:47 | 000,324,264 | ---- | C] ( ) -- C:\WINDOWS\System32\lxeaih.exe
[2013/04/14 01:37:46 | 000,802,816 | ---- | C] ( ) -- C:\WINDOWS\System32\lxeacomc.dll
[2013/04/14 01:37:46 | 000,598,696 | ---- | C] ( ) -- C:\WINDOWS\System32\lxeacoms.exe
[2013/04/14 01:37:46 | 000,373,416 | ---- | C] ( ) -- C:\WINDOWS\System32\lxeacfg.exe
[2013/04/14 01:37:46 | 000,372,736 | ---- | C] ( ) -- C:\WINDOWS\System32\lxeacomm.dll
[2013/04/14 01:37:46 | 000,086,186 | ---- | C] (Lexmark International) -- C:\WINDOWS\System32\LXEAcfg.dll
[2013/04/12 20:27:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Microsoft Office
[2013/04/12 20:27:17 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Works
[2013/04/12 20:27:15 | 000,000,000 | ---D | C] -- C:\Program Files\MSBuild
[2013/04/12 20:27:08 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio
[2013/04/12 20:23:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dien Truong.JABSOM-173E0BC2\Local Settings\Application Data\Microsoft Help
[2013/04/12 20:23:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft Help
[2013/04/12 20:22:31 | 000,000,000 | RH-D | C] -- C:\MSOCache
[2013/04/11 12:42:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dien Truong.JABSOM-173E0BC2\Application Data\Sun
[2013/04/10 22:27:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Windows Genuine Advantage
[2008/11/05 00:06:56 | 000,069,632 | ---- | C] (Juniper Networks) -- C:\Documents and Settings\All Users.WINDOWS\Application Data\NeoterisSetup.ocx

========== Files - Modified Within 30 Days ==========

[2013/05/06 03:13:58 | 000,017,920 | ---- | M] () -- C:\WINDOWS\System32\rpcnetp.dll
[2013/05/06 03:13:22 | 000,017,920 | ---- | M] () -- C:\WINDOWS\System32\rpcnetp.exe
[2013/05/06 02:14:45 | 000,002,447 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\VPN Client.lnk
[2013/05/06 02:14:32 | 000,000,312 | ---- | M] () -- C:\WINDOWS\tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-507921405-651377827-682003330-1003.job
[2013/05/06 02:14:27 | 000,000,320 | ---- | M] () -- C:\WINDOWS\tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-507921405-651377827-682003330-1003.job
[2013/05/06 02:14:25 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013/05/06 02:14:20 | 000,000,290 | ---- | M] () -- C:\WINDOWS\tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-507921405-651377827-682003330-1003.job
[2013/05/05 02:44:29 | 000,000,298 | ---- | M] () -- C:\WINDOWS\tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-507921405-651377827-682003330-1003.job
[2013/05/04 20:24:59 | 002,250,054 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Application Data\1.bmp
[2013/05/04 20:24:45 | 000,350,795 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Application Data\1.jpg
[2013/05/04 12:00:34 | 000,093,696 | ---- | M] (Hilgraeve, Inc.) -- C:\Documents and Settings\All Users.WINDOWS\Application Data\DisplaySwitch.exe
[2013/05/04 03:47:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2013/05/03 22:26:32 | 001,215,749 | ---- | M] () -- C:\Documents and Settings\Dien Truong.JABSOM-173E0BC2\Desktop\TEGG - MEB.pdf
[2013/05/03 21:59:00 | 001,204,415 | ---- | M] () -- C:\Documents and Settings\Dien Truong.JABSOM-173E0BC2\Desktop\TEGG - ANC - CP.pdf
[2013/05/03 21:58:36 | 002,084,594 | ---- | M] () -- C:\Documents and Settings\Dien Truong.JABSOM-173E0BC2\Desktop\TEGG - BSB.pdf
[2013/05/03 02:04:33 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\Dien Truong.JABSOM-173E0BC2\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2013/05/02 21:59:18 | 000,023,080 | ---- | M] () -- C:\Documents and Settings\Dien Truong.JABSOM-173E0BC2\Desktop\CPR Replace MB.pdf
[2013/05/02 21:14:01 | 000,583,821 | ---- | M] () -- C:\Documents and Settings\Dien Truong.JABSOM-173E0BC2\Desktop\Form 95.pdf
[2013/05/01 22:41:52 | 000,031,347 | ---- | M] () -- C:\Documents and Settings\Dien Truong.JABSOM-173E0BC2\Desktop\Submeter Reading 05-01-2013.pdf
[2013/04/28 00:57:01 | 000,011,264 | ---- | M] () -- C:\Documents and Settings\Dien Truong.JABSOM-173E0BC2\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/04/26 22:10:32 | 000,372,503 | ---- | M] () -- C:\Documents and Settings\Dien Truong.JABSOM-173E0BC2\Desktop\Form 10 overtime authorization form.pdf
[2013/04/26 16:58:43 | 000,173,561 | ---- | M] () -- C:\Documents and Settings\Dien Truong.JABSOM-173E0BC2\Desktop\Trane FanBlowerAssembly.pdf
[2013/04/25 22:07:42 | 000,028,101 | ---- | M] () -- C:\Documents and Settings\Dien Truong.JABSOM-173E0BC2\Desktop\Deficiencies.pdf
[2013/04/22 20:00:14 | 000,229,888 | ---- | M] () -- C:\Documents and Settings\Dien Truong.JABSOM-173E0BC2\DataRefreshUI_5.2.0.5400.dll
[2013/04/22 17:58:44 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2013/04/22 17:58:44 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2013/04/22 17:58:44 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2013/04/22 17:58:44 | 000,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2013/04/22 17:58:43 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2013/04/22 17:30:30 | 000,866,720 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\npDeployJava1.dll
[2013/04/19 04:48:09 | 000,000,338 | ---- | M] () -- C:\WINDOWS\tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-507921405-651377827-682003330-1003.job
[2013/04/18 03:42:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\DivX Plus
[2013/04/18 03:40:48 | 000,000,009 | ---- | M] () -- C:\END
[2013/04/18 03:40:19 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\TempWmicBatchFile.bat
[2013/04/18 03:39:55 | 000,000,000 | ---- | M] () -- C:\extensions.sqlite
[2013/04/17 15:30:29 | 000,001,678 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\SUPERAntiSpyware Free Edition.lnk
[2013/04/17 15:30:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\SUPERAntiSpyware
[2013/04/17 04:16:54 | 000,000,804 | ---- | M] () -- C:\Documents and Settings\Dien Truong.JABSOM-173E0BC2\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2013/04/15 16:31:34 | 000,018,904 | ---- | M] () -- C:\WINDOWS\hpdj6122.his
[2013/04/15 16:31:34 | 000,003,142 | ---- | M] () -- C:\WINDOWS\hpdj6122.ini
[2013/04/15 16:19:44 | 000,127,276 | ---- | M] () -- C:\WINDOWS\hpdj6122.hi1
[2013/04/15 16:19:44 | 000,010,287 | ---- | M] () -- C:\WINDOWS\hpdj6122.bu1
[2013/04/15 16:02:45 | 000,140,144 | ---- | M] () -- C:\WINDOWS\hpdj6122.hi2
[2013/04/15 16:02:45 | 000,010,287 | ---- | M] () -- C:\WINDOWS\hpdj6122.bu2
[2013/04/14 18:51:55 | 000,263,024 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2013/04/14 02:07:54 | 000,000,929 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\RealPlayer.lnk
[2013/04/14 02:07:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\RealNetworks
[2013/04/14 02:07:21 | 000,201,872 | ---- | M] (RealNetworks, Inc.) -- C:\WINDOWS\System32\rmoc3260.dll
[2013/04/14 02:07:13 | 000,006,656 | ---- | M] (RealNetworks, Inc.) -- C:\WINDOWS\System32\pndx5016.dll
[2013/04/14 02:07:13 | 000,005,632 | ---- | M] (RealNetworks, Inc.) -- C:\WINDOWS\System32\pndx5032.dll
[2013/04/14 02:07:12 | 000,272,896 | ---- | M] (Progressive Networks) -- C:\WINDOWS\System32\pncrt.dll
[2013/04/14 01:41:36 | 000,198,047 | ---- | M] () -- C:\WINDOWS\System32\LexFiles.ulf
[2013/04/14 01:38:39 | 000,000,814 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Launch Lexmark Printer Home.LNK
[2013/04/14 01:38:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Lexmark
[2013/04/12 20:27:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Microsoft Office
[2013/04/12 13:11:46 | 000,312,172 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2013/04/12 13:11:46 | 000,040,394 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2013/04/12 10:48:20 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK

========== Files Created - No Company Name ==========

[2013/05/06 03:13:58 | 000,017,920 | ---- | C] () -- C:\WINDOWS\System32\rpcnetp.dll
[2013/05/06 03:13:22 | 000,017,920 | ---- | C] () -- C:\WINDOWS\System32\rpcnetp.exe
[2013/05/04 20:24:59 | 002,250,054 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Application Data\1.bmp
[2013/05/04 20:24:39 | 000,350,795 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Application Data\1.jpg
[2013/05/03 22:26:31 | 001,215,749 | ---- | C] () -- C:\Documents and Settings\Dien Truong.JABSOM-173E0BC2\Desktop\TEGG - MEB.pdf
[2013/05/03 21:58:59 | 001,204,415 | ---- | C] () -- C:\Documents and Settings\Dien Truong.JABSOM-173E0BC2\Desktop\TEGG - ANC - CP.pdf
[2013/05/03 21:58:34 | 002,084,594 | ---- | C] () -- C:\Documents and Settings\Dien Truong.JABSOM-173E0BC2\Desktop\TEGG - BSB.pdf
[2013/05/02 21:24:48 | 000,023,080 | ---- | C] () -- C:\Documents and Settings\Dien Truong.JABSOM-173E0BC2\Desktop\CPR Replace MB.pdf
[2013/05/02 21:14:00 | 000,583,821 | ---- | C] () -- C:\Documents and Settings\Dien Truong.JABSOM-173E0BC2\Desktop\Form 95.pdf
[2013/05/01 22:41:51 | 000,031,347 | ---- | C] () -- C:\Documents and Settings\Dien Truong.JABSOM-173E0BC2\Desktop\Submeter Reading 05-01-2013.pdf
[2013/04/26 22:10:32 | 000,372,503 | ---- | C] () -- C:\Documents and Settings\Dien Truong.JABSOM-173E0BC2\Desktop\Form 10 overtime authorization form.pdf
[2013/04/26 16:58:41 | 000,173,561 | ---- | C] () -- C:\Documents and Settings\Dien Truong.JABSOM-173E0BC2\Desktop\Trane FanBlowerAssembly.pdf
[2013/04/25 22:07:41 | 000,028,101 | ---- | C] () -- C:\Documents and Settings\Dien Truong.JABSOM-173E0BC2\Desktop\Deficiencies.pdf
[2013/04/22 20:00:14 | 000,229,888 | ---- | C] () -- C:\Documents and Settings\Dien Truong.JABSOM-173E0BC2\DataRefreshUI_5.2.0.5400.dll
[2013/04/19 04:48:12 | 000,000,320 | ---- | C] () -- C:\WINDOWS\tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-507921405-651377827-682003330-1003.job
[2013/04/19 04:48:12 | 000,000,312 | ---- | C] () -- C:\WINDOWS\tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-507921405-651377827-682003330-1003.job
[2013/04/19 04:48:09 | 000,000,338 | ---- | C] () -- C:\WINDOWS\tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-507921405-651377827-682003330-1003.job
[2013/04/18 03:40:19 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\TempWmicBatchFile.bat
[2013/04/18 03:39:55 | 000,000,000 | ---- | C] () -- C:\extensions.sqlite
[2013/04/17 15:30:29 | 000,001,678 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\SUPERAntiSpyware Free Edition.lnk
[2013/04/17 04:16:54 | 000,000,804 | ---- | C] () -- C:\Documents and Settings\Dien Truong.JABSOM-173E0BC2\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2013/04/17 04:16:21 | 000,011,264 | ---- | C] () -- C:\Documents and Settings\Dien Truong.JABSOM-173E0BC2\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/04/15 16:08:51 | 000,140,144 | ---- | C] () -- C:\WINDOWS\hpdj6122.hi2
[2013/04/15 16:08:51 | 000,010,287 | ---- | C] () -- C:\WINDOWS\hpdj6122.bu2
[2013/04/15 15:49:39 | 000,127,276 | ---- | C] () -- C:\WINDOWS\hpdj6122.hi1
[2013/04/15 15:49:39 | 000,010,287 | ---- | C] () -- C:\WINDOWS\hpdj6122.bu1
[2013/04/15 15:27:54 | 000,018,904 | ---- | C] () -- C:\WINDOWS\hpdj6122.his
[2013/04/15 15:27:54 | 000,003,142 | ---- | C] () -- C:\WINDOWS\hpdj6122.ini
[2013/04/14 02:08:27 | 000,000,298 | ---- | C] () -- C:\WINDOWS\tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-507921405-651377827-682003330-1003.job
[2013/04/14 02:08:27 | 000,000,290 | ---- | C] () -- C:\WINDOWS\tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-507921405-651377827-682003330-1003.job
[2013/04/14 02:07:54 | 000,000,929 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\RealPlayer.lnk
[2013/04/14 01:50:25 | 000,000,964 | ---- | C] () -- C:\Documents and Settings\Dien Truong.JABSOM-173E0BC2\Start Menu\Programs\µTorrent.lnk
[2013/04/14 01:39:32 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\lxeavs.dll
[2013/04/14 01:39:25 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\lxeagcfg.dll
[2013/04/14 01:39:25 | 000,065,106 | ---- | C] () -- C:\WINDOWS\System32\lxeaprpr.chm
[2013/04/14 01:39:24 | 000,294,912 | ---- | C] () -- C:\WINDOWS\System32\lxeacui.dll
[2013/04/14 01:39:24 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\lxeacuir.dll
[2013/04/14 01:39:24 | 000,008,694 | ---- | C] () -- C:\WINDOWS\System32\lxeacommuilogo_rtl.bmp
[2013/04/14 01:39:24 | 000,008,694 | ---- | C] () -- C:\WINDOWS\System32\lxeacommuilogo.bmp
[2013/04/14 01:38:39 | 000,000,814 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Launch Lexmark Printer Home.LNK
[2013/04/14 01:37:48 | 000,331,776 | ---- | C] () -- C:\WINDOWS\System32\LXEAinst.dll
[2013/04/14 01:37:48 | 000,198,047 | ---- | C] () -- C:\WINDOWS\System32\LexFiles.ulf
[2013/04/14 01:37:47 | 000,323,584 | ---- | C] () -- C:\WINDOWS\System32\lxeains.dll
[2013/04/14 01:37:47 | 000,262,144 | ---- | C] () -- C:\WINDOWS\System32\lxeainsb.dll
[2013/04/14 01:37:47 | 000,208,896 | ---- | C] () -- C:\WINDOWS\System32\lxeagrd.dll
[2013/04/14 01:37:47 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\lxeainsr.dll
[2013/04/14 01:37:47 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\lxeacub.dll
[2013/04/14 01:37:47 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\lxeajswr.dll
[2013/04/14 01:37:47 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\lxeacur.dll
[2013/04/14 01:37:46 | 000,253,952 | ---- | C] () -- C:\WINDOWS\System32\lxeacu.dll
[2013/04/14 01:37:46 | 000,002,106 | ---- | C] () -- C:\WINDOWS\System32\lxea.loc
[2013/04/14 01:37:32 | 000,299,008 | ---- | C] () -- C:\WINDOWS\System32\LXEAsm.dll
[2013/04/14 01:37:32 | 000,023,552 | ---- | C] () -- C:\WINDOWS\System32\LXEAsmr.dll
[2013/04/11 04:02:00 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2013/04/11 04:02:00 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\dllcache\iacenc.dll
[2012/04/11 14:26:43 | 002,026,604 | ---- | C] () -- C:\WINDOWS\System32\igkrng500.bin
[2012/04/11 14:26:43 | 000,442,964 | ---- | C] () -- C:\WINDOWS\System32\igcompkrng500.bin
[2012/04/11 14:26:43 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v5016.dll
[2012/04/11 12:33:42 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/04/11 06:23:29 | 000,753,664 | ---- | C] () -- C:\WINDOWS\System32\bcm1xsup.dll
[2012/04/11 06:23:29 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\preflib.dll
[2012/04/11 06:23:29 | 000,024,064 | ---- | C] () -- C:\WINDOWS\System32\WLTRYSVC.EXE
[2012/04/11 05:47:26 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2010/09/27 18:03:08 | 000,201,512 | ---- | C] () -- C:\WINDOWS\System32\vpnapi.dll
[2010/09/27 17:57:26 | 000,197,416 | ---- | C] () -- C:\WINDOWS\System32\CSGina.dll
[2009/01/19 18:18:30 | 000,000,064 | ---- | C] () -- C:\WINDOWS\System32\drivers\odFIPS2.sys.icv
[2008/04/13 19:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2008/04/13 19:00:00 | 000,312,172 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2008/04/13 19:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2008/04/13 19:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2008/04/13 19:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2008/04/13 19:00:00 | 000,040,394 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2008/04/13 19:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2008/04/13 19:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2008/04/13 19:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2008/04/13 19:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2008/01/01 15:01:34 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2008/01/01 15:00:05 | 000,263,024 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2005/04/14 23:52:33 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2005/04/14 23:52:33 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat

========== LOP Check ==========

[2012/04/11 15:14:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dien Truong.JABSOM-173E0BC2\Application Data\Funk Software
[2013/04/22 15:50:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dien Truong.JABSOM-173E0BC2\Application Data\Leadertech
[2013/04/14 18:58:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dien Truong.JABSOM-173E0BC2\Application Data\Nico Mak Computing
[2013/04/18 14:39:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dien Truong.JABSOM-173E0BC2\Application Data\PriceGong
[2013/04/18 14:44:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dien Truong.JABSOM-173E0BC2\Application Data\SwvUpdater
[2013/05/04 11:59:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dien Truong.JABSOM-173E0BC2\Application Data\uTorrent
[2013/04/22 15:50:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dien Truong.JABSOM-173E0BC2\Application Data\Xerox
[2013/04/22 17:22:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Ask
[2012/04/11 15:13:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Juniper Networks
[2013/04/22 15:50:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Xerox

========== Purity Check ==========


< End of report >

DIENT42
Intermediate
Intermediate

Status :
Online
Offline

Posts : 65
Joined : 2010-06-11
OS : XP

View user profile

Back to top Go down

Re: department of justice virus

Post by Superdave on Mon May 06, 2013 7:12 pm

At this point the only thing I can advise is to boot and run the Recovery Console. Choose Repair but save your important data first using the OTLPE disk.

Superdave
Captain
Captain

Status :
Online
Offline

Posts : 4202
Joined : 2010-02-01
Gender : Male
OS : Windows 8.1 and a dual-boot with XP Home SP3

View user profile

Back to top Go down

Re: department of justice virus

Post by DIENT42 on Mon May 06, 2013 7:48 pm

ok, thanks.

DIENT42
Intermediate
Intermediate

Status :
Online
Offline

Posts : 65
Joined : 2010-06-11
OS : XP

View user profile

Back to top Go down

Re: department of justice virus

Post by Superdave on Mon May 06, 2013 10:13 pm

[You must be registered and logged in to see this link.] wrote:ok, thanks.
Please let me know how it works out.

Superdave
Captain
Captain

Status :
Online
Offline

Posts : 4202
Joined : 2010-02-01
Gender : Male
OS : Windows 8.1 and a dual-boot with XP Home SP3

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum