Scan result of Farbar Recovery Scan Tool (FRST written by farbar) Version: 17-02-2012 (L) Ran by SYSTEM at 2012-02-20 11:19:51 Running from G:\ Windows 7 Ultimate (X86) OS Language: English(US) The current controlset is ControlSet001 ========================== Registry (Whitelisted) ============= HKLM\...\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [107112 2006-11-22] (Symantec Corporation) HKLM\...\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe [134808 2006-11-28] (Symantec Corporation) HKLM\...\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [54840 2007-05-08] (Hewlett-Packard) HKLM\...\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe [141848 2009-09-23] (Intel Corporation) HKLM\...\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe [173592 2009-09-23] (Intel Corporation) HKLM\...\Run: [Persistence] C:\Windows\system32\igfxpers.exe [150552 2009-09-23] (Intel Corporation) HKLM\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [37296 2011-09-07] (Adobe Systems Incorporated) HKLM\...\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [937920 2011-03-29] (Adobe Systems Incorporated) HKLM\...\Run: [Malwarebytes' Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript [981680 2012-01-13] (Malwarebytes Corporation) HKLM\...\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon [2516296 2010-03-24] (CANON INC.) HKLM\...\Run: [CanonSolutionMenuEx] C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE /logon [1185112 2010-04-02] (CANON INC.) HKLM\...\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" [254696 2011-04-08] (Sun Microsystems, Inc.) HKLM\...\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime [421888 2011-07-05] (Apple Inc.) HKLM\...\Run: [MRT] "C:\Windows\system32\MRT.exe" /R [x] HKU\dtran\...\Run: [SmileboxTray] "C:\Users\dtran\AppData\Roaming\Smilebox\SmileboxTray.exe" [313160 2011-04-12] (Smilebox, Inc.) HKU\dtran\...\Run: [Lingoes] C:\Program Files\Lingoes\Translator2\Lingoes.exe -minimize [2375680 2011-10-31] (Lingoes Project) HKU\dtran\...\Run: [Google Update] "C:\Users\dtran\AppData\Local\Google\Update\GoogleUpdate.exe" /c [136176 2012-01-20] (Google Inc.) Winlogon\Notify\igfxcui: igfxdev.dll (Intel Corporation) Tcpip\Parameters: [DhcpNameServer] 68.87.76.182 68.87.78.134 192.168.1.1 ================================ Services (Whitelisted) ================== 2 ccEvtMgr; "C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon [107624 2006-11-22] (Symantec Corporation) 2 ccSetMgr; "C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon [107624 2006-11-22] (Symantec Corporation) 2 DefWatch; "C:\Program Files\Symantec AntiVirus\DefWatch.exe" [30872 2006-11-28] (Symantec Corporation) 2 FlipShare Service; "C:\Program Files\Flip Video\FlipShare\FlipShareService.exe" [455944 2009-11-19] () 2 HitmanPro36CrusaderBoot; "C:\Users\dtran\Downloads\HitmanPro36.exe" /crusader:boot [6782952 2012-02-20] (SurfRight B.V.) 2 IJPLMSVC; C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE [116104 2010-04-05] () 3 LiveUpdate; "C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE" [2999664 2007-09-12] (Symantec Corporation) 2 ReflectService; "C:\Program Files\Macrium\Reflect\ReflectService.exe" [220824 2011-06-07] () 3 SavRoam; "C:\Program Files\Symantec AntiVirus\SavRoam.exe" [122008 2006-11-28] (symantec) 2 Symantec AntiVirus; "C:\Program Files\Symantec AntiVirus\Rtvscan.exe" [1962136 2006-11-28] (Symantec Corporation) 2 WlanWpsSvc; C:\Program Files\TRENDnet\TEW-641PC_TEW-643PI\WlanWpsSvc.exe [167936 2008-06-26] () ========================== Drivers (Whitelisted) ============= 1 eeCtrl; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [374392 2012-02-10] (Symantec Corporation) 3 EraserUtilRebootDrv; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [106104 2012-02-13] (Symantec Corporation) 4 hitmanpro35; \??\C:\Windows\system32\drivers\hitmanpro36.sys [23624 2012-02-20] () 3 NAVENG; \??\C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20120219.016\NAVENG.SYS [86136 2012-02-13] (Symantec Corporation) 3 NAVEX15; \??\C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20120219.016\NAVEX15.SYS [1576312 2012-02-13] (Symantec Corporation) 3 pcouffin; C:\Windows\System32\Drivers\pcouffin.sys [47360 2009-11-28] (VSO Software) 0 pssnap; C:\Windows\System32\DRIVERS\pssnap.sys [16024 2011-06-07] (Macrium Software) 3 rtl819xp; C:\Windows\System32\DRIVERS\rtl819xp.sys [541696 2010-02-27] (Realtek Semiconductor Corporation ) 1 SPBBCDrv; \??\C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys [406672 2006-10-06] (Symantec Corporation) 1 SRTSP; C:\Windows\System32\Drivers\SRTSP.SYS [247144 2006-11-22] (Symantec Corporation) 3 SRTSPL; C:\Windows\System32\Drivers\SRTSPL.SYS [274328 2006-11-22] (Symantec Corporation) 1 SRTSPX; C:\Windows\System32\Drivers\SRTSPX.SYS [25448 2006-11-22] (Symantec Corporation) 3 SymEvent; \??\C:\Windows\system32\Drivers\SYMEVENT.SYS [109744 2009-11-21] (Symantec Corporation) 3 SYMREDRV; C:\Windows\System32\Drivers\SYMREDRV.SYS [26384 2006-10-26] (Symantec Corporation) 1 SYMTDI; C:\Windows\System32\Drivers\SYMTDI.SYS [185744 2006-10-26] (Symantec Corporation) 3 IntcAzAudAddService; C:\Windows\System32\drivers\RTKVHDA.sys [x] 0 mqdyvnyh; C:\Windows\System32\drivers\usdksm.sys [x] 3 RtlProt; \??\C:\Windows\System32\Drivers\RtlProt.sys [x] ========================== NetSvcs (Whitelisted) =========== ============ One Month Created Files and Folders ============== 2012-02-20 11:19 - 2012-02-20 11:20 - 0000000 ____D C:\FRST 2012-02-20 10:02 - 2012-02-20 10:02 - 0012872 ____A (SurfRight B.V.) C:\Windows\System32\bootdelete.exe 2012-02-20 10:02 - 2012-02-20 10:02 - 0004066 ____A C:\Windows\System32\.crusader 2012-02-20 10:02 - 2012-02-20 10:02 - 0000400 ____A C:\Windows\System32\bootdelete.lst 2012-02-20 09:34 - 2012-02-20 10:01 - 0000000 ____D C:\Users\All Users\HitmanPro 2012-02-20 09:34 - 2012-02-20 10:01 - 0000000 ____D C:\ProgramData\HitmanPro 2012-02-20 09:34 - 2012-02-20 09:34 - 6782952 ____A (SurfRight B.V.) C:\Users\dtran\Downloads\HitmanPro36.exe 2012-02-20 09:34 - 2012-02-20 09:34 - 0023624 ____A C:\Windows\System32\Drivers\hitmanpro36.sys 2012-02-20 08:31 - 2012-02-20 09:07 - 0154124 ____A C:\Windows\ntbtlog.txt 2012-02-20 07:45 - 2012-02-20 07:49 - 0000000 ____D C:\Users\dtran\Desktop\Griffin B.day 2012-02-19 19:40 - 2012-02-19 19:40 - 0138200 ____A C:\Windows\Minidump\021912-26208-01.dmp 2012-02-19 18:48 - 2012-02-19 18:48 - 0005398 ____A C:\avenger.txt 2012-02-19 14:57 - 2012-02-19 14:57 - 0001071 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2012-02-18 03:31 - 2012-02-19 19:39 - 234224578 ____A C:\Windows\MEMORY.DMP 2012-02-18 03:31 - 2012-02-18 03:31 - 0145560 ____A C:\Windows\Minidump\021812-29437-01.dmp 2012-02-15 23:47 - 2012-02-15 23:48 - 0000382 ____A C:\Windows\Tasks\At1.job 2012-02-15 00:55 - 2012-01-13 19:48 - 2340864 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys 2012-02-15 00:55 - 2011-12-16 00:02 - 1230336 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll 2012-02-15 00:55 - 2011-12-16 00:02 - 0981504 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll 2012-02-15 00:55 - 2011-12-16 00:02 - 0132096 ____A (Microsoft Corporation) C:\Windows\System32\url.dll 2012-02-15 00:55 - 2011-12-15 23:59 - 5999104 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll 2012-02-15 00:55 - 2011-12-15 23:59 - 0606208 ____A (Microsoft Corporation) C:\Windows\System32\mstime.dll 2012-02-15 00:55 - 2011-12-15 23:59 - 0599552 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll 2012-02-15 00:55 - 2011-12-15 23:59 - 0067072 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll 2012-02-15 00:55 - 2011-12-15 23:59 - 0064512 ____A (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll 2012-02-15 00:55 - 2011-12-15 23:58 - 2072576 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll 2012-02-15 00:55 - 2011-12-15 23:58 - 10991104 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll 2012-02-15 00:55 - 2011-12-15 23:58 - 0381440 ____A (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll 2012-02-15 00:55 - 2011-12-15 23:58 - 0185856 ____A (Microsoft Corporation) C:\Windows\System32\iepeers.dll 2012-02-15 00:55 - 2011-12-15 23:58 - 0176640 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll 2012-02-15 00:55 - 2011-12-15 23:58 - 0048128 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll 2012-02-15 00:55 - 2011-12-15 23:58 - 0044544 ____A (Microsoft Corporation) C:\Windows\System32\licmgr10.dll 2012-02-15 00:55 - 2011-12-15 23:56 - 0012800 ____A (Microsoft Corporation) C:\Windows\System32\msfeedssync.exe 2012-02-15 00:55 - 2011-12-15 22:49 - 0386048 ____A (Microsoft Corporation) C:\Windows\System32\html.iec 2012-02-15 00:55 - 2011-12-15 22:15 - 1638912 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb 2012-02-13 03:02 - 2012-02-20 10:02 - 0000000 ____D C:\Users\dtran\AppData\Roaming\7094C 2012-02-12 21:02 - 2012-02-12 21:02 - 0000000 ____D C:\Program Files\4CD7B 2012-02-12 21:01 - 2012-02-12 21:01 - 0000000 ____D C:\Program Files\LP 2012-02-10 19:27 - 2012-02-10 19:27 - 7668489 ____A C:\Users\dtran\Downloads\MG5220_GS_U2_V1.pdf 2012-02-05 11:48 - 2012-02-05 11:48 - 0000162 ___AH C:\Users\dtran\Desktop\~$Bi mat.docx 2012-01-29 21:38 - 2012-01-29 21:38 - 0122712 ____A C:\Users\dtran\Downloads\A?nh019.jpg 2012-01-22 20:23 - 2011-11-16 21:48 - 0134000 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys 2012-01-22 20:23 - 2011-11-16 21:48 - 0067440 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys 2012-01-22 20:23 - 2011-11-16 21:42 - 0369352 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys 2012-01-22 20:23 - 2011-11-16 21:39 - 0314368 ____A (Microsoft Corporation) C:\Windows\System32\webio.dll 2012-01-22 20:23 - 2011-11-16 21:39 - 0224768 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll 2012-01-22 20:23 - 2011-11-16 21:39 - 0099840 ____A (Microsoft Corporation) C:\Windows\System32\sspicli.dll 2012-01-22 20:23 - 2011-11-16 21:39 - 0022016 ____A (Microsoft Corporation) C:\Windows\System32\secur32.dll 2012-01-22 20:23 - 2011-11-16 21:39 - 0015360 ____A (Microsoft Corporation) C:\Windows\System32\sspisrv.dll 2012-01-22 20:23 - 2011-11-16 21:38 - 1037312 ____A (Microsoft Corporation) C:\Windows\System32\lsasrv.dll 2012-01-22 20:23 - 2011-11-16 21:36 - 0022528 ____A (Microsoft Corporation) C:\Windows\System32\lsass.exe 2012-01-22 09:20 - 2012-01-22 09:20 - 0776320 ____A (Adobe Systems Incorporated) C:\Users\dtran\Downloads\install_flashplayer11x32_mssa_aih.exe ============ 3 Months Modified Files and Folders =============== 2012-02-20 10:02 - 2012-02-20 10:02 - 0012872 ____A (SurfRight B.V.) C:\Windows\System32\bootdelete.exe 2012-02-20 10:02 - 2012-02-20 10:02 - 0004066 ____A C:\Windows\System32\.crusader 2012-02-20 10:02 - 2012-02-20 10:02 - 0000400 ____A C:\Windows\System32\bootdelete.lst 2012-02-20 10:02 - 2012-02-13 03:02 - 0000000 ____D C:\Users\dtran\AppData\Roaming\7094C 2012-02-20 10:02 - 2012-01-01 15:10 - 0000000 ____D C:\Program Files\RewardsArcadeSuite 2012-02-20 10:02 - 2009-11-21 15:21 - 1259352 ____A C:\Windows\WindowsUpdate.log 2012-02-20 10:01 - 2012-02-20 09:34 - 0000000 ____D C:\Users\All Users\HitmanPro 2012-02-20 10:01 - 2012-02-20 09:34 - 0000000 ____D C:\ProgramData\HitmanPro 2012-02-20 09:41 - 2012-01-20 17:31 - 0000908 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2371140610-3733732066-4189319258-1000UA.job 2012-02-20 09:34 - 2012-02-20 09:34 - 6782952 ____A (SurfRight B.V.) C:\Users\dtran\Downloads\HitmanPro36.exe 2012-02-20 09:34 - 2012-02-20 09:34 - 0023624 ____A C:\Windows\System32\Drivers\hitmanpro36.sys 2012-02-20 09:14 - 2012-01-01 15:10 - 0000000 ____D C:\Users\All Users\WeCareReminder 2012-02-20 09:14 - 2012-01-01 15:10 - 0000000 ____D C:\ProgramData\WeCareReminder 2012-02-20 09:14 - 2009-07-13 20:34 - 0014224 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2012-02-20 09:14 - 2009-07-13 20:34 - 0014224 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2012-02-20 09:09 - 2012-01-01 15:10 - 0000378 ____A C:\Windows\Tasks\FreeFileViewerUpdateChecker.job 2012-02-20 09:09 - 2010-03-22 15:29 - 0000000 ___RD C:\Users\dtran\Documents\My Dropbox 2012-02-20 09:09 - 2010-03-22 15:27 - 0000000 ____D C:\Users\dtran\AppData\Roaming\Dropbox 2012-02-20 09:08 - 2009-11-21 15:18 - 2811736064 __ASH C:\hiberfil.sys 2012-02-20 09:08 - 2009-07-13 20:53 - 0000006 ___AH C:\Windows\Tasks\SA.DAT 2012-02-20 09:08 - 2009-07-13 20:39 - 0364039 ____A C:\Windows\setupact.log 2012-02-20 09:07 - 2012-02-20 08:31 - 0154124 ____A C:\Windows\ntbtlog.txt 2012-02-20 08:13 - 2009-11-21 16:44 - 0000000 ____D C:\Program Files\Mozilla Firefox 2012-02-20 07:49 - 2012-02-20 07:45 - 0000000 ____D C:\Users\dtran\Desktop\Griffin B.day 2012-02-19 19:40 - 2012-02-19 19:40 - 0138200 ____A C:\Windows\Minidump\021912-26208-01.dmp 2012-02-19 19:40 - 2011-01-12 05:29 - 0000000 ____D C:\Windows\Minidump 2012-02-19 19:39 - 2012-02-18 03:31 - 234224578 ____A C:\Windows\MEMORY.DMP 2012-02-19 19:39 - 2009-11-21 16:57 - 0016562 ____A C:\Windows\PFRO.log 2012-02-19 18:48 - 2012-02-19 18:48 - 0005398 ____A C:\avenger.txt 2012-02-19 18:48 - 2009-07-13 18:37 - 0000000 ____D C:\Windows\Vss 2012-02-19 14:57 - 2012-02-19 14:57 - 0001071 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2012-02-19 14:57 - 2009-11-21 16:46 - 0000000 ____D C:\Program Files\Malwarebytes' Anti-Malware 2012-02-19 11:33 - 2011-05-22 15:55 - 0000000 ____D C:\To E-Mail 2012-02-18 03:49 - 2009-11-21 15:41 - 0726316 ____A C:\Windows\System32\PerfStringBackup.INI 2012-02-18 03:31 - 2012-02-18 03:31 - 0145560 ____A C:\Windows\Minidump\021812-29437-01.dmp 2012-02-18 02:41 - 2012-01-20 17:31 - 0000856 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2371140610-3733732066-4189319258-1000Core.job 2012-02-17 22:48 - 2009-11-21 18:35 - 0000000 ___HD C:\Config.Msi 2012-02-17 22:48 - 2009-11-21 16:43 - 0000000 ____D C:\Users\All Users\Microsoft Help 2012-02-17 22:48 - 2009-11-21 16:43 - 0000000 ____D C:\ProgramData\Microsoft Help 2012-02-17 22:47 - 2009-07-13 18:37 - 0000000 ____D C:\Program Files\Common Files\microsoft shared 2012-02-17 22:46 - 2009-07-13 18:37 - 0000000 ____D C:\Program Files\Common Files\System 2012-02-17 22:46 - 2009-07-13 18:04 - 0000594 ____A C:\Windows\win.ini 2012-02-17 22:45 - 2009-12-17 20:03 - 0000000 ____D C:\Users\Public\Documents\Address to save 2012-02-17 04:37 - 2009-12-07 08:09 - 0000000 ____D C:\art work 2012-02-15 23:48 - 2012-02-15 23:47 - 0000382 ____A C:\Windows\Tasks\At1.job 2012-02-15 23:46 - 2011-07-05 08:24 - 0414368 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl 2012-02-15 23:43 - 2010-11-27 07:59 - 0000000 ____D C:\Program Files\Microsoft Silverlight 2012-02-15 19:03 - 2009-12-15 22:45 - 0000000 ____D C:\Users\Public\Documents\Health Inf 2012-02-15 07:03 - 2009-07-13 18:37 - 0000000 ____D C:\Windows\Microsoft.NET 2012-02-15 06:50 - 2009-12-28 16:32 - 0000000 ____D C:\Users\dtran\AppData\Roaming\vlc 2012-02-15 04:15 - 2009-07-13 20:33 - 0409784 ____A C:\Windows\System32\FNTCACHE.DAT 2012-02-14 16:39 - 2011-04-22 06:33 - 0017005 ____A C:\Users\dtran\Desktop\ON LINE USING.docx 2012-02-13 07:19 - 2010-02-13 19:42 - 0000000 ____D C:\Users\Public\Documents\Thing to remember 2012-02-12 21:02 - 2012-02-12 21:02 - 0000000 ____D C:\Program Files\4CD7B 2012-02-12 21:01 - 2012-02-12 21:01 - 0000000 ____D C:\Program Files\LP 2012-02-12 03:38 - 2009-07-13 20:53 - 0032562 ____A C:\Windows\Tasks\SCHEDLGU.TXT 2012-02-11 19:13 - 2011-03-25 20:13 - 0017344 ____A C:\Users\dtran\Desktop\Bi mat.docx 2012-02-10 22:05 - 2011-06-11 14:40 - 0000000 ____D C:\Users\All Users\CanonIJPLM 2012-02-10 22:05 - 2011-06-11 14:40 - 0000000 ____D C:\ProgramData\CanonIJPLM 2012-02-10 19:27 - 2012-02-10 19:27 - 7668489 ____A C:\Users\dtran\Downloads\MG5220_GS_U2_V1.pdf 2012-02-05 11:48 - 2012-02-05 11:48 - 0000162 ___AH C:\Users\dtran\Desktop\~$Bi mat.docx 2012-01-31 20:32 - 2009-12-11 22:09 - 0000000 ____D C:\Users\Public\Documents\Chuyen doi toi 2012-01-31 18:54 - 2011-11-20 19:56 - 0000000 ____D C:\Users\Public\Documents\THO VIET NAM 2012-01-31 18:35 - 2009-12-16 00:47 - 0000000 ____D C:\Users\Public\Documents\Money 2012-01-30 16:37 - 2009-12-16 10:28 - 0000000 ____D C:\Users\Public\Documents\To e-mail 2012-01-30 08:17 - 2009-11-23 19:15 - 0000000 ____D C:\Dung Photo 2012-01-29 21:38 - 2012-01-29 21:38 - 0122712 ____A C:\Users\dtran\Downloads\A?nh019.jpg 2012-01-27 02:51 - 2010-01-10 09:46 - 0000000 ____D C:\Users\dtran\AppData\Roaming\dvdcss 2012-01-27 00:21 - 2009-11-21 15:44 - 0237072 ____N (Microsoft Corporation) C:\Windows\System32\MpSigStub.exe 2012-01-22 09:20 - 2012-01-22 09:20 - 0776320 ____A (Adobe Systems Incorporated) C:\Users\dtran\Downloads\install_flashplayer11x32_mssa_aih.exe 2012-01-21 23:21 - 2009-12-15 22:49 - 0000000 ____D C:\Users\Public\Documents\Reading 2012-01-20 19:27 - 2010-11-07 02:16 - 0000000 ____D C:\Users\Public\Documents\Cleanning house- House stuffs 2012-01-20 19:27 - 2009-12-17 20:14 - 0000000 ____D C:\Users\Public\Documents\Insurance Information 2012-01-20 19:01 - 2009-12-17 20:08 - 0000000 ____D C:\Users\Public\Documents\Important Information-keep 2012-01-20 17:31 - 2012-01-20 17:31 - 0606552 ____A (Google Inc.) C:\Users\dtran\Downloads\GoogleVoiceAndVideoSetup.exe 2012-01-20 17:31 - 2012-01-01 15:10 - 0000000 ____D C:\Users\dtran\AppData\Local\Google 2012-01-20 17:31 - 2009-11-21 16:45 - 0000000 ____D C:\Users\dtran\AppData\Roaming\Mozilla 2012-01-18 19:06 - 2010-01-20 11:57 - 0000000 ____D C:\Users\Public\Documents\Spunik 2012-01-17 12:40 - 2010-10-18 20:43 - 0000000 ____D C:\Griffin 2012-01-16 22:03 - 2012-01-16 22:03 - 0004582 ____A C:\Users\dtran\Downloads\Pay pal.pdf 2012-01-13 19:48 - 2012-02-15 00:55 - 2340864 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys 2012-01-07 13:29 - 2012-01-07 13:29 - 8920630 ____A C:\Users\dtran\Desktop\THUCHOCON_18_layout_1page.pdf 2012-01-07 10:54 - 2010-10-03 21:35 - 0066515 ____A C:\Users\dtran\Desktop\Tieu Lam.docx 2012-01-06 18:46 - 2009-12-16 18:07 - 0000000 ____D C:\Users\Public\Documents\Samples to do art work 2012-01-06 18:45 - 2012-01-01 17:47 - 0000000 ____D C:\Users\dtran\AppData\Roaming\FreeFileViewer 2012-01-06 18:42 - 2009-12-17 22:00 - 0000000 ____D C:\Users\Public\Documents\Memories 2012-01-06 18:42 - 2009-12-17 20:06 - 0000000 ____D C:\Users\Public\Documents\Entertainment 2012-01-04 19:05 - 2012-01-04 19:05 - 0057077 ____A C:\Users\dtran\Desktop\Continental Airlines - confirmation-1.pdf 2012-01-01 15:45 - 2012-01-01 15:45 - 1482696 ____A C:\Users\dtran\Downloads\Free Vietnamese-English Dictionary.ld2 2012-01-01 15:32 - 2012-01-01 15:32 - 7394808 ____A C:\Users\dtran\Downloads\Free English-Vietnamese Dictionary.ld2 2012-01-01 15:11 - 2012-01-01 15:11 - 0000000 ____D C:\Program Files\File Type Assistant 2012-01-01 15:10 - 2012-01-01 15:10 - 0000000 ____D C:\Users\dtran\AppData\Local\RewardsArcadeSuite 2012-01-01 15:10 - 2012-01-01 15:10 - 0000000 ____D C:\Program Files\PriceGong 2012-01-01 15:10 - 2012-01-01 15:10 - 0000000 ____D C:\Program Files\FreeFileViewer 2012-01-01 15:10 - 2012-01-01 15:10 - 0000000 ____D C:\Program Files\Free Offers from Freeze.com 2012-01-01 15:10 - 2012-01-01 15:10 - 0000000 ____D C:\Program Files\BetterLinks 2012-01-01 15:10 - 2009-11-21 15:31 - 0000000 ____D C:\Users\dtran\AppData\LocalLow 2012-01-01 09:39 - 2012-01-01 09:39 - 0001991 ____A C:\Users\Public\Desktop\Lingoes.lnk 2012-01-01 09:39 - 2012-01-01 09:39 - 0000000 ____D C:\Program Files\Lingoes 2012-01-01 09:39 - 2012-01-01 09:38 - 6167192 ____A (Lingoes Project ) C:\Users\dtran\Downloads\lingoes_2.8.1.exe 2012-01-01 09:06 - 2012-01-01 08:46 - 1077979 ____A C:\Users\dtran\Desktop\Dung- Tuoi-35 years.docx 2011-12-31 19:29 - 2011-09-28 17:54 - 0308997 ____A C:\Users\dtran\Desktop\Danh ngon - teu.docx 2011-12-30 13:43 - 2009-12-17 20:06 - 0000000 ____D C:\Users\Public\Documents\Dung-Tuoi Information 2011-12-26 19:19 - 2009-11-22 11:48 - 0000000 ____D C:\Kayla Photo 2011-12-18 07:49 - 2011-12-18 07:49 - 0005167 ____A C:\Users\dtran\Desktop\TSP Catch-Up Contributions-2012.htm 2011-12-18 07:48 - 2011-12-18 07:48 - 0004823 ____A C:\Users\dtran\Desktop\Thrift Savings Plan-2012.htm 2011-12-18 07:45 - 2011-12-18 07:45 - 0005498 ____A C:\Users\dtran\Desktop\FSA- 2012.htm 2011-12-16 00:02 - 2012-02-15 00:55 - 1230336 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll 2011-12-16 00:02 - 2012-02-15 00:55 - 0981504 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll 2011-12-16 00:02 - 2012-02-15 00:55 - 0132096 ____A (Microsoft Corporation) C:\Windows\System32\url.dll 2011-12-15 23:59 - 2012-02-15 00:55 - 5999104 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll 2011-12-15 23:59 - 2012-02-15 00:55 - 0606208 ____A (Microsoft Corporation) C:\Windows\System32\mstime.dll 2011-12-15 23:59 - 2012-02-15 00:55 - 0599552 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll 2011-12-15 23:59 - 2012-02-15 00:55 - 0067072 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll 2011-12-15 23:59 - 2012-02-15 00:55 - 0064512 ____A (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll 2011-12-15 23:58 - 2012-02-15 00:55 - 2072576 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll 2011-12-15 23:58 - 2012-02-15 00:55 - 10991104 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll 2011-12-15 23:58 - 2012-02-15 00:55 - 0381440 ____A (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll 2011-12-15 23:58 - 2012-02-15 00:55 - 0185856 ____A (Microsoft Corporation) C:\Windows\System32\iepeers.dll 2011-12-15 23:58 - 2012-02-15 00:55 - 0176640 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll 2011-12-15 23:58 - 2012-02-15 00:55 - 0048128 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll 2011-12-15 23:58 - 2012-02-15 00:55 - 0044544 ____A (Microsoft Corporation) C:\Windows\System32\licmgr10.dll 2011-12-15 23:56 - 2012-02-15 00:55 - 0012800 ____A (Microsoft Corporation) C:\Windows\System32\msfeedssync.exe 2011-12-15 22:49 - 2012-02-15 00:55 - 0386048 ____A (Microsoft Corporation) C:\Windows\System32\html.iec 2011-12-15 22:15 - 2012-02-15 00:55 - 1638912 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb 2011-12-14 06:35 - 2009-07-13 18:37 - 0000000 ____D C:\Windows\rescache 2011-12-10 15:24 - 2009-11-21 16:46 - 0020464 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys 2011-12-10 08:33 - 2011-12-10 08:33 - 2496512 ____A C:\Users\Public\Documents\Ch? Tâm.pps 2011-12-04 22:39 - 2009-12-16 00:43 - 0000000 ____D C:\Users\Public\Documents\Dung's writing 2011-12-03 21:35 - 2011-12-03 21:35 - 0020278 ____A C:\Users\Public\Documents\Ten Things I Have Learned.docx 2011-11-29 18:59 - 2011-11-29 18:59 - 0665340 ____A C:\Users\dtran\Desktop\VideoJoiner111019120100.wmv 2011-11-28 08:42 - 2009-07-13 18:36 - 0000000 __SHD C:\$Recycle.Bin 2011-11-26 00:15 - 2009-12-16 04:42 - 0000000 ____D C:\Users\Public\Documents\Letter to keep 2011-11-25 22:31 - 2010-02-22 17:48 - 0000000 ____D C:\Users\Public\Documents\1-MUST SAVED 2011-11-23 23:01 - 2011-11-23 23:01 - 5409792 ____A C:\Users\Public\Documents\Words_of_Wisdom_from_the_Dalai_Lama.pps 2011-11-23 22:52 - 2011-01-17 08:28 - 0010190 ____A C:\Users\Public\Documents\Dung paid extra $10,000. on 1-17-11.docx ========================= Known DLLs (Whitelisted) ============ ========================= Bamital & volsnap Check ============ C:\Windows\explorer.exe => MD5 is legit C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit ========================= Memory info ====================== Percentage of memory in use: 11% Total physical RAM: 4087.31 MB Available physical RAM: 3628.09 MB Total Pagefile: 4085.59 MB Available Pagefile: 3629.09 MB Total Virtual: 2047.88 MB Available Virtual: 1962.31 MB ======================= Partitions ========================= 1 Drive c: () (Fixed) (Total:950.81 GB) (Free:789.87 GB) NTFS ==>[Drive with boot components (obtanied from BCD)] 4 Drive f: (U3 System) (CDROM) (Total:0.01 GB) (Free:0 GB) CDFS 5 Drive g: (PENDRIVE) (Removable) (Total:3.73 GB) (Free:3.73 GB) FAT32 6 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS Disk ### Status Size Free Dyn Gpt -------- ------------- ------- ------- --- --- Disk 0 Online 1863 GB 912 GB Disk 1 Online 3829 MB 0 B Partitions of Disk 0: =============== Partition ### Type Size Offset ------------- ---------------- ------- ------- Partition 1 Primary 950 GB 1039 KB Disk: 0 Partition 1 Type : 07 Hidden: No Active: Yes Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 3 C NTFS Partition 950 GB Healthy Partitions of Disk 1: =============== Partition ### Type Size Offset ------------- ---------------- ------- ------- Partition 1 Primary 3827 MB 19 KB Disk: 1 Partition 1 Type : 0B Hidden: No Active: Yes Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 4 G PENDRIVE FAT32 Removable 3827 MB Healthy ========================================================== TDL4: custom:26000022 ========================================================== Last Boot: 2012-02-19 04:09 ======================= End Of Log ==========================