Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

vundo, slow computer, etc.

Started by terpsteve11 , Mar 29 2009 03:27 PM

  • Please log in to reply

#1
terpsteve11
Posted 29 March 2009 - 03:27 PM

terpsteve11

    Member

  • Member
  • PipPip
  • 38 posts
My computer has started slowly, sometimes my desktop icons will not show up after a reboot. There is constantly a "loading icon" on my mouse pointer when I am not doing anything. Vundo gets detected when I scan for viruses, but the problem persists after I remove the trojans. Please help :)
  • 0

Advertisements

#2
terpsteve11
Posted 29 March 2009 - 03:28 PM

terpsteve11

    Member

  • Topic Starter
  • Member
  • PipPip
  • 38 posts
Malwarebytes' Anti-Malware 1.35
Database version: 1916
Windows 5.1.2600 Service Pack 3

3/29/09 5:07:22 PM
mbam-log-2009-03-29 (17-07-22).txt

Scan type: Quick Scan
Objects scanned: 71749
Time elapsed: 5 minute(s), 42 second(s)

Memory Processes Infected: 1
Memory Modules Infected: 0
Registry Keys Infected: 4
Registry Values Infected: 0
Registry Data Items Infected: 2
Folders Infected: 0
Files Infected: 29

Memory Processes Infected:
c:\lsass.exe (Trojan.Agent) -> Unloaded process successfully.

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\dslcnnct (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\UAC (Rootkit.Trace) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFolderOptions (Hijack.FolderOptions) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\instsp2.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\papevija.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\nagaduri.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\hakoyevi.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\reader_s.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\UACbiqhnkda.dll (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\UAChdkwmtua.dll (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\aoqckrns.exe (Worm.AutoRun) -> Quarantined and deleted successfully.
C:\dcowt.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\lxdwn.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\wicnin.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\RECYCLER\S-1-5-21-0243636035-3055115376-381863306-1556\pqlmq.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\RECYCLER\S-1-5-21-4466308423-0070945547-499842059-0164\service.exe (Worm.AutoRun) -> Quarantined and deleted successfully.
C:\Documents and Settings\Steven Anderson\Local Settings\Temp\ju9p8pjzuv.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Steven Anderson\Local Settings\Temp\hgiaisx2i.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Steven Anderson\reader_s.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Steven Anderson\Local Settings\Temporary Internet Files\Content.IE5\HQDMNK1K\pqz[1].exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Steven Anderson\Local Settings\Temporary Internet Files\Content.IE5\HQDMNK1K\lebcppdde[2].htm (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Steven Anderson\Local Settings\Temporary Internet Files\Content.IE5\OEE4K143\aasuper2[1].htm (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Steven Anderson\Local Settings\Temporary Internet Files\Content.IE5\RT5EUCDD\loaderadv563[1].exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Steven Anderson\Local Settings\Temporary Internet Files\Content.IE5\YT0MZLXT\aasuper3[1].htm (Worm.AutoRun) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\uacinit.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\lsass.exe (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\UACdojtaxxo.dat (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\UACeekqydgt.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\UACkhylagps.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\UACmpugafwj.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\UACmrduwiry.log (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\UACcxealtyq.sys (Trojan.Agent) -> Quarantined and deleted successfully.
  • 0

#3
terpsteve11
Posted 29 March 2009 - 03:28 PM

terpsteve11

    Member

  • Topic Starter
  • Member
  • PipPip
  • 38 posts
OTListIt logfile created on: 3/29/09 5:20:45 PM - Run 1
OTListIt2 by OldTimer - Version 2.0.7.2 Folder = C:\Documents and Settings\Steven Anderson\Desktop\Bug Fixers
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18241)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yy

1.49 Gb Total Physical Memory | 0.93 Gb Available Physical Memory | 62.68% Memory free
2.08 Gb Paging File | 1.70 Gb Available in Paging File | 81.65% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.47 Gb Total Space | 30.98 Gb Free Space | 41.60% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: UMDB8RFXC1
Current User Name: Steven Anderson
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Output = Minimal
File Age = 30 Days
Company Name Whitelist: On

========== Processes (SafeList) ==========

PRC - C:\WINDOWS\Explorer.EXE (Microsoft Corporation)
PRC - C:\ocqkmoc.exe ()
PRC - C:\Program Files\Dtella@UMD\dtella.exe ()
PRC - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
PRC - c:\Program Files\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.)
PRC - c:\Program Files\Network Associates\Common Framework\FrameworkService.exe (McAfee, Inc.)
PRC - c:\Program Files\Network Associates\VirusScan\mcshield.exe (Network Associates, Inc.)
PRC - c:\Program Files\Network Associates\VirusScan\vstskmgr.exe (Network Associates, Inc.)
PRC - c:\Program Files\Network Associates\Common Framework\naPrdMgr.exe (McAfee, Inc.)
PRC - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe (Dell Inc.)
PRC - C:\Program Files\Common Files\NMSAccessU.exe ()
PRC - C:\WINDOWS\system32\wbem\wmiprvse.exe (Microsoft Corporation)
PRC - C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe (Hewlett-Packard Co.)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Documents and Settings\Steven Anderson\Desktop\Bug Fixers\OTListIt2.exe (OldTimer Tools)

========== Win32 Services (SafeList) ==========

SRV - (Apple Mobile Device [Auto | Running]) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (aspnet_state [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (Microsoft Corporation)
SRV - (Bonjour Service [Auto | Running]) -- C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
SRV - (clr_optimization_v2.0.50727_32 [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (CVPND [Auto | Running]) -- c:\Program Files\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.)
SRV - (helpsvc [Auto | Running]) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)
SRV - (hpqcxs08 [On_Demand | Running]) -- C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll (Hewlett-Packard Co.)
SRV - (hpqddsvc [Auto | Running]) -- C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll (Hewlett-Packard Co.)
SRV - (iPod Service [On_Demand | Stopped]) -- C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
SRV - (McAfeeFramework [Auto | Running]) -- c:\Program Files\Network Associates\Common Framework\FrameworkService.exe (McAfee, Inc.)
SRV - (McShield [Auto | Running]) -- c:\Program Files\Network Associates\VirusScan\mcshield.exe (Network Associates, Inc.)
SRV - (McTaskManager [Auto | Running]) -- c:\Program Files\Network Associates\VirusScan\vstskmgr.exe (Network Associates, Inc.)
SRV - (NICCONFIGSVC [Auto | Running]) -- C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe (Dell Inc.)
SRV - (NMSAccessU [Auto | Running]) -- C:\Program Files\Common Files\NMSAccessU.exe ()
SRV - (ose [On_Demand | Stopped]) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (WMPNetworkSvc [On_Demand | Stopped]) -- C:\Program Files\Windows Media Player\WMPNetwk.exe (Microsoft Corporation)

========== Driver Services (SafeList) ==========

DRV - (a320raid [Boot | Running]) -- C:\WINDOWS\System32\DRIVERS\a320raid.sys (Adaptec, Inc.)
DRV - (aac [Boot | Running]) -- C:\WINDOWS\System32\DRIVERS\aac.sys (Adaptec, Inc.)
DRV - (aarich [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\aarich.sys (Adaptec, Inc.)
DRV - (adpu320 [Boot | Running]) -- C:\WINDOWS\system32\drivers\adpu320.sys (Adaptec, Inc.)
DRV - (APPDRV [System | Running]) -- C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS (Dell Inc)
DRV - (b57w2k [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\b57xp32.sys (Broadcom Corporation)
DRV - (cercsr6 [Boot | Running]) -- C:\WINDOWS\system32\drivers\cercsr6.sys (Adaptec, Inc.)
DRV - (CVirtA [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\CVirtA.sys (Cisco Systems, Inc.)
DRV - (CVPNDRVA [Auto | Running]) -- c:\WINDOWS\system32\Drivers\CVPNDRVA.sys (Cisco Systems, Inc.)
DRV - (DNE [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\dne2000.sys (Deterministic Networks, Inc.)
DRV - (fasttx2k [Boot | Running]) -- C:\WINDOWS\System32\DRIVERS\fasttx2k.sys (Promise Technology, Inc.)
DRV - (GEARAspiWDM [On_Demand | Stopped]) -- C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV - (HDAudBus [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\HDAudBus.sys (Windows ® Server 2003 DDK provider)
DRV - (HSF_DPV [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\HSX_DPV.sys (Conexant Systems, Inc.)
DRV - (HSXHWAZL [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\HSXHWAZL.sys (Conexant Systems, Inc.)
DRV - (ialm [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\ialmnt5.sys (Intel Corporation)
DRV - (iastor [Boot | Running]) -- C:\WINDOWS\System32\DRIVERS\iaStor.sys (Intel Corporation)
DRV - (mdmxsdk [Auto | Running]) -- C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys (Conexant)
DRV - (megasas [Boot | Running]) -- C:\WINDOWS\system32\drivers\megasas.sys (LSI Logic Corporation)
DRV - (motmodem [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\motmodem.sys (Motorola)
DRV - (NaiAvFilter1 [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\naiavf5x.sys (McAfee Inc.)
DRV - (NaiAvTdi1 [System | Running]) -- C:\WINDOWS\system32\drivers\mvstdi5x.sys (Network Associates, Inc.)
DRV - (NETw3x32 [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\NETw3x32.sys (Intel® Corporation)
DRV - (pmxmouse [System | Running]) -- C:\WINDOWS\system32\DRIVERS\pmxmouse.sys (Primax Electronics Ltd.)
DRV - (pmxps2m [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\pmxps2m.sys (Primax Electronics Ltd.)
DRV - (Ptilink [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\ptilink.sys (Parallel Technologies, Inc.)
DRV - (PxHelp20 [Boot | Running]) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys (Sonic Solutions)
DRV - (Secdrv [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (STHDA [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\sthda.sys (SigmaTel, Inc.)
DRV - (Symmpi [Boot | Running]) -- C:\WINDOWS\System32\DRIVERS\symmpi.sys (LSI Logic)
DRV - (USBAAPL [On_Demand | Stopped]) -- C:\WINDOWS\System32\Drivers\usbaapl.sys (Apple, Inc.)
DRV - (USBCCID [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\usbccid.sys (Microsoft Corporation)
DRV - (usbsermpt [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\usbsermpt.sys (Microsoft Corporation)
DRV - (winachsf [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\HSX_CNXT.sys (Conexant Systems, Inc.)
DRV - (EntDrv51 [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\EntDrv51.sys (McAfee, Inc)

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn...st/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...amp;ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.co...m...tf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.imesh.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "AIM Search"
FF - prefs.js..browser.search.defaultthis.engineName: "Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.condui...rchSource=3&q="
FF - prefs.js..browser.search.selectedEngine: "Yahoo!"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "https://mail.umd.edu/"
FF - prefs.js..extensions.enabledItems: {3112ca9c-de6d-4884-a869-9855de68056c}:3.1.20081127W
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}:6.0.03
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}:6.0.02
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}:6.0.01
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.0.07103010
FF - prefs.js..extensions.enabledItems: {2bae58c2-79f9-45d1-a286-81f911301c3a}:1.5.43.0
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.8
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:1.5.1.20080205
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.8
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.3
FF - prefs.js..keyword.URL: "http://search.yahoo....00102X001US&p="


FF - HKLM\software\mozilla\Mozilla Firefox 3.0.8\extensions\\Components: C:\PROGRAM FILES\MOZILLA FIREFOX\COMPONENTS [2009/03/28 15:30:02 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.8\extensions\\Plugins: C:\PROGRAM FILES\MOZILLA FIREFOX\PLUGINS [2009/03/28 15:20:05 | 00,000,000 | ---D | M]

[2008/09/09 20:38:40 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Steven Anderson\Application Data\mozilla\Extensions
[2008/09/09 20:38:40 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Steven Anderson\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/03/29 17:12:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Steven Anderson\Application Data\mozilla\Firefox\Profiles\s0ttj862.default\extensions
[2008/08/26 00:21:59 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Steven Anderson\Application Data\mozilla\Firefox\Profiles\s0ttj862.default\extensions\{2bae58c2-79f9-45d1-a286-81f911301c3a}
[2008/12/09 20:29:18 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Steven Anderson\Application Data\mozilla\Firefox\Profiles\s0ttj862.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2008/11/09 13:49:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Steven Anderson\Application Data\mozilla\Firefox\Profiles\s0ttj862.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2008/10/29 21:50:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Steven Anderson\Application Data\mozilla\Firefox\Profiles\s0ttj862.default\extensions\[email protected]
[2008/12/22 20:08:15 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Steven Anderson\Application Data\mozilla\Firefox\Profiles\s0ttj862.default\extensions\[email protected]
[2008/12/23 15:15:15 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Steven Anderson\Application Data\mozilla\Firefox\Profiles\s0ttj862.default\extensions\[email protected]
[2008/12/22 20:08:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Steven Anderson\Application Data\mozilla\Firefox\Profiles\s0ttj862.default\extensions\[email protected]\chrome\mozapps\extensions
[2008/12/05 15:41:33 | 00,001,739 | ---- | M] () -- C:\Documents and Settings\Steven Anderson\Application Data\Mozilla\FireFox\Profiles\s0ttj862.default\searchplugins\aim-search.xml
[2008/02/26 17:16:42 | 00,001,877 | ---- | M] () -- C:\Documents and Settings\Steven Anderson\Application Data\Mozilla\FireFox\Profiles\s0ttj862.default\searchplugins\aolsearch.xml
[2008/12/23 15:15:19 | 00,002,273 | ---- | M] () -- C:\Documents and Settings\Steven Anderson\Application Data\Mozilla\FireFox\Profiles\s0ttj862.default\searchplugins\ask.xml
[2008/12/22 20:08:39 | 00,000,567 | ---- | M] () -- C:\Documents and Settings\Steven Anderson\Application Data\Mozilla\FireFox\Profiles\s0ttj862.default\searchplugins\yahoo.xml
[2009/03/28 14:39:31 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2007/10/08 11:07:39 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2009/03/28 15:19:49 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2007/06/22 11:49:17 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}
[2007/07/22 14:41:49 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}
[2007/12/22 03:01:30 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
[2009/03/28 15:19:48 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/03/28 15:19:48 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2008/09/09 20:38:08 | 00,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2008/09/09 20:38:08 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2008/07/10 18:07:00 | 00,000,928 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\conduit.xml
[2008/09/09 20:38:08 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2008/11/13 18:22:42 | 00,002,343 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2008/09/09 20:38:08 | 00,001,706 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2008/09/09 20:38:09 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2008/09/09 20:38:09 | 00,000,792 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml

O1 HOSTS File: (380 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 82.98.235.133 browser-security.microsoft.com
O1 - Hosts: 82.98.235.133 url.adtrgt.com
O1 - Hosts: 82.98.235.133 best-click-scanner.info
O1 - Hosts: 82.98.235.133 antivirus-xp-pro-2009.com
O1 - Hosts: 82.98.235.133 microsoft.infosecuritycenter.com
O1 - Hosts: 82.98.235.133 microsoft.softwaresecurityhelp.com
O1 - Hosts: 82.98.235.133 onlinenotifyq.net
O1 - Hosts: 82.98.235.133 antivirusxp-pro-2009.com
O1 - Hosts: 82.98.235.133 microsoft.browser-security-center.com
O2 - BHO: (no name) - {C2BA40A2-74F3-42BD-F434-2604812C8954} - Reg Error: Key error. File not found
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {2BAE58C2-79F9-45D1-A286-81F911301C3A} - Reg Error: Key error. File not found
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F} - Reg Error: Key error. File not found
O4 - HKLM..\Run: [10423] C:\ocqkmoc.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Dtella.lnk = C:\Program Files\Dtella@UMD\dtella.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\VPN Client.lnk = c:\WINDOWS\Installer\{D25122BC-A60E-4663-B602-B01718F12044}\Icon3E5562ED7.ico ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFolderOptions = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O8 - Extra context menu item: Download with &Shareaza - res://C:\Program Files\Gnutella Turbo\Plugins\RazaWebHook.dll/3000
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\npjpi160_03.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [mdnsNSP] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [Bluetooth Namespace] - C:\WINDOWS\system32\wshbth.dll (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: macromedia.com ([fpdownload] https in Trusted sites)
O15 - HKCU\..Trusted Domains: 2 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {48DF87EE-F2DE-11D8-BE7F-302050C10801} http://www.flyword.c...derword_win.cab (FlyLoader Class)
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} http://www.eset.eu/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_09)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.ma...ash/swflash.cab (Shockwave Flash Object)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - Autorun File - C:\AUTOEXEC.BAT () - [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found

========== Files/Folders - Created Within 30 Days ==========

[2009/03/29 17:10:58 | 00,020,480 | ---- | C] () -- C:\lsass.exe
[2009/03/28 15:16:30 | 00,020,480 | ---- | C] () -- C:\lttph.exe
[2009/03/28 15:15:43 | 00,100,590 | ---- | C] () -- C:\WINDOWS\System32\drivers\a7236f7e.sys
[2009/03/28 15:14:22 | 00,020,480 | ---- | C] () -- C:\ocqkmoc.exe
[2009/03/28 14:56:49 | 00,028,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\irmon.dll
[2009/03/28 14:56:49 | 00,028,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\irmon.dll
[2009/03/28 14:56:49 | 00,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wshirda.dll
[2009/03/28 14:56:49 | 00,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wshirda.dll
[2009/03/28 14:56:48 | 00,151,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\irftp.exe
[2009/03/28 14:56:48 | 00,151,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\irftp.exe
[2009/03/26 14:00:45 | 00,611,328 | ---- | C] () -- C:\Documents and Settings\Steven Anderson\My Documents\Chapter 7.ppt
[2009/03/25 15:33:30 | 00,013,824 | ---- | C] () -- C:\Documents and Settings\Steven Anderson\My Documents\Book1.xls
[2009/03/25 13:38:38 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Steven Anderson\Local Settings\Application Data\UberHour
[2009/03/25 13:35:22 | 00,002,485 | ---- | C] () -- C:\Documents and Settings\Steven Anderson\My Documents\ÜberHour Beta.lnk
[2009/03/25 13:35:22 | 00,000,000 | ---D | C] -- C:\Program Files\ÜberHour
[2009/03/21 18:33:19 | 00,000,000 | ---D | C] -- C:\!KillBox
[2009/03/16 22:53:27 | 00,111,616 | ---- | C] () -- C:\Documents and Settings\Steven Anderson\My Documents\mikes multiplication ppoint.ppt
[2009/03/14 18:40:38 | 14,795,6009 | ---- | C] () -- C:\Documents and Settings\Steven Anderson\My Documents\501 - Scott Tenorman Must Die.mp4
[2009/03/13 22:13:35 | 00,000,650 | ---- | C] () -- C:\Documents and Settings\Steven Anderson\My Documents\iPowerHour.lnk
[2009/03/13 22:13:34 | 00,000,000 | ---D | C] -- C:\Program Files\iPowerHour
[2009/03/13 22:13:17 | 00,724,969 | ---- | C] ( ) -- C:\Documents and Settings\Steven Anderson\My Documents\iPowerHour3_01.exe
[2009/03/10 15:36:15 | 00,487,424 | ---- | C] () -- C:\Documents and Settings\Steven Anderson\My Documents\SlopesideBikes(2).mdb
[2009/03/10 14:02:40 | 00,416,256 | ---- | C] () -- C:\Documents and Settings\Steven Anderson\My Documents\Chapter 6.ppt
[2009/03/10 10:18:07 | 00,024,576 | ---- | C] () -- C:\Documents and Settings\Steven Anderson\My Documents\ferdman.doc
[2009/03/09 16:07:05 | 00,022,553 | ---- | C] () -- C:\Documents and Settings\Steven Anderson\My Documents\glass_edited.jpg
[2009/03/09 16:05:05 | 00,586,374 | ---- | C] () -- C:\Documents and Settings\Steven Anderson\My Documents\glass.bmp
[2009/03/09 02:09:02 | 00,023,288 | ---- | C] () -- C:\Documents and Settings\Steven Anderson\My Documents\delocated.jpg
[2009/03/05 18:50:36 | 00,029,696 | ---- | C] () -- C:\Documents and Settings\Steven Anderson\My Documents\cover letter.doc
[2009/03/05 16:40:45 | 00,327,680 | ---- | C] () -- C:\Documents and Settings\Steven Anderson\My Documents\BIKERENTALS.mdb
[2009/03/05 16:31:26 | 00,000,349 | ---- | C] () -- C:\Documents and Settings\Steven Anderson\Desktop\Shortcut to My Documents.lnk
[2009/03/05 15:57:02 | 00,782,336 | ---- | C] () -- C:\Documents and Settings\Steven Anderson\My Documents\SlopesideBikes.mdb
[2009/03/05 15:07:14 | 00,678,400 | ---- | C] () -- C:\Documents and Settings\Steven Anderson\My Documents\Chapter 5.ppt
[2009/03/05 12:13:54 | 01,550,059 | ---- | C] () -- C:\Documents and Settings\Steven Anderson\My Documents\Cornelius.AmbivalentReception.pdf
[2009/03/04 01:56:18 | 02,495,077 | ---- | C] () -- C:\Documents and Settings\Steven Anderson\My Documents\Street Fighter 2 Plus Champion Edition (J) [!].zip
[2009/03/04 01:52:15 | 01,003,139 | ---- | C] () -- C:\Documents and Settings\Steven Anderson\My Documents\NHL 98 (U) [h3].zip
[2009/03/04 00:54:23 | 00,892,321 | ---- | C] () -- C:\Documents and Settings\Steven Anderson\My Documents\Tecmo Super Bowl 3 Final Edition (U) [a1][x].zip
[2009/03/04 00:29:53 | 01,026,024 | ---- | C] () -- C:\Documents and Settings\Steven Anderson\My Documents\NHL 97 (F) [!].zip
[2009/03/03 17:27:54 | 00,151,552 | ---- | C] () -- C:\Documents and Settings\Steven Anderson\My Documents\studentDB1.mdb
[2009/03/03 16:34:59 | 00,033,280 | ---- | C] () -- C:\Documents and Settings\Steven Anderson\My Documents\Scenario Report.xls
[2009/03/03 16:28:02 | 00,033,792 | ---- | C] () -- C:\Documents and Settings\Steven Anderson\My Documents\bmgt301-0601_assign1a_anderson_steven.xls
[2009/03/03 15:50:44 | 00,304,692 | ---- | C] () -- C:\Documents and Settings\Steven Anderson\My Documents\telephoneline.mp3
[2009/03/03 15:48:52 | 21,725,2932 | ---- | C] () -- C:\Documents and Settings\Steven Anderson\My Documents\The City Of New York Vs. Homer Simpson.mp4
[2009/03/03 11:09:24 | 00,804,090 | ---- | C] () -- C:\Documents and Settings\Steven Anderson\My Documents\Delgado.%20Mujeres%20in%20College.pdf
[2009/03/03 11:09:06 | 02,042,904 | ---- | C] () -- C:\Documents and Settings\Steven Anderson\My Documents\Latinao%20Undergraduate%20Experiences%20in%20Higher%20Education.pdf
[2009/03/03 04:57:30 | 19,305,84737 | ---- | C] () -- C:\Documents and Settings\Steven Anderson\My Documents\Fear and Loathing in Las Vegas.mp4
[2009/03/03 01:26:06 | 00,026,624 | ---- | C] () -- C:\Documents and Settings\Steven Anderson\My Documents\assignment.xls
[2009/03/02 19:39:22 | 00,026,112 | ---- | C] () -- C:\Documents and Settings\Steven Anderson\My Documents\Assignment-VersionA-WorkBook.xls
[2009/03/02 15:50:02 | 17,530,8609 | ---- | C] () -- C:\Documents and Settings\Steven Anderson\My Documents\S08E10 - The Springfield Files.mp4
[2009/03/02 15:33:08 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Steven Anderson\My Documents\Red Kawa
[2009/03/02 15:33:08 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Steven Anderson\Application Data\Red Kawa

========== Files - Modified Within 30 Days ==========

[4 C:\WINDOWS\System32\*.tmp files]
[5 C:\WINDOWS\*.tmp files]
[2009/03/29 17:19:49 | 00,477,670 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/03/29 17:19:49 | 00,406,896 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/03/29 17:19:49 | 00,063,930 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/03/29 17:15:48 | 00,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/03/29 17:15:20 | 00,002,447 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\VPN Client.lnk
[2009/03/29 17:15:11 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/03/29 17:15:08 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/03/29 17:15:07 | 16,002,49856 | -HS- | M] () -- C:\hiberfil.sys
[2009/03/29 17:11:36 | 00,020,480 | ---- | M] () -- C:\ocqkmoc.exe
[2009/03/29 17:11:36 | 00,020,480 | ---- | M] () -- C:\lsass.exe
[2009/03/29 15:13:48 | 00,000,512 | ---- | M] () -- C:\WINDOWS\randseed.rnd
[2009/03/29 15:09:31 | 00,011,168 | -H-- | M] () -- C:\WINDOWS\System32\sonobilo
[2009/03/28 17:57:10 | 00,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2009/03/28 15:16:42 | 00,100,590 | ---- | M] () -- C:\WINDOWS\System32\drivers\a7236f7e.sys
[2009/03/28 15:16:31 | 00,020,480 | ---- | M] () -- C:\lttph.exe
[2009/03/28 15:14:58 | 00,000,002 | ---- | M] () -- C:\-1737809793
[2009/03/28 15:14:09 | 00,105,984 | -HS- | M] (ICQ) -- C:\WINDOWS\System32\jopumeti.dll
[2009/03/26 16:49:56 | 00,038,496 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/03/26 16:49:50 | 00,015,504 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/03/26 15:22:51 | 00,611,328 | ---- | M] () -- C:\Documents and Settings\Steven Anderson\My Documents\Chapter 7.ppt
[2009/03/25 15:33:30 | 00,013,824 | ---- | M] () -- C:\Documents and Settings\Steven Anderson\My Documents\Book1.xls
[2009/03/25 13:36:07 | 00,002,485 | ---- | M] () -- C:\Documents and Settings\Steven Anderson\My Documents\ÜberHour Beta.lnk
[2009/03/23 17:00:03 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2009/03/16 22:58:14 | 00,111,616 | ---- | M] () -- C:\Documents and Settings\Steven Anderson\My Documents\mikes multiplication ppoint.ppt
[2009/03/16 03:25:50 | 02,906,962 | ---- | M] () -- C:\Documents and Settings\Steven Anderson\My Documents\benjamincostello_here_comes_the_sun.mp3
[2009/03/14 19:00:38 | 14,795,6009 | ---- | M] () -- C:\Documents and Settings\Steven Anderson\My Documents\501 - Scott Tenorman Must Die.mp4
[2009/03/13 22:13:35 | 00,000,650 | ---- | M] () -- C:\Documents and Settings\Steven Anderson\My Documents\iPowerHour.lnk
[2009/03/13 22:13:18 | 00,724,969 | ---- | M] ( ) -- C:\Documents and Settings\Steven Anderson\My Documents\iPowerHour3_01.exe
[2009/03/12 17:59:16 | 00,029,696 | ---- | M] () -- C:\Documents and Settings\Steven Anderson\My Documents\cover letter.doc
[2009/03/12 17:55:45 | 00,066,048 | ---- | M] () -- C:\Documents and Settings\Steven Anderson\My Documents\Resume2.doc
[2009/03/12 05:54:05 | 00,213,672 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/03/12 03:02:02 | 00,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/03/10 16:40:56 | 00,782,336 | ---- | M] () -- C:\Documents and Settings\Steven Anderson\My Documents\SlopesideBikes.mdb
[2009/03/10 15:38:20 | 00,487,424 | ---- | M] () -- C:\Documents and Settings\Steven Anderson\My Documents\SlopesideBikes(2).mdb
[2009/03/10 15:14:54 | 00,416,256 | ---- | M] () -- C:\Documents and Settings\Steven Anderson\My Documents\Chapter 6.ppt
[2009/03/10 10:18:08 | 00,024,576 | ---- | M] () -- C:\Documents and Settings\Steven Anderson\My Documents\ferdman.doc
[2009/03/09 16:07:05 | 00,022,553 | ---- | M] () -- C:\Documents and Settings\Steven Anderson\My Documents\glass_edited.jpg
[2009/03/09 16:05:05 | 00,586,374 | ---- | M] () -- C:\Documents and Settings\Steven Anderson\My Documents\glass.bmp
[2009/03/09 02:09:05 | 00,023,288 | ---- | M] () -- C:\Documents and Settings\Steven Anderson\My Documents\delocated.jpg
[2009/03/05 17:18:37 | 00,327,680 | ---- | M] () -- C:\Documents and Settings\Steven Anderson\My Documents\BIKERENTALS.mdb
[2009/03/05 16:31:26 | 00,000,349 | ---- | M] () -- C:\Documents and Settings\Steven Anderson\Desktop\Shortcut to My Documents.lnk
[2009/03/05 16:31:05 | 00,678,400 | ---- | M] () -- C:\Documents and Settings\Steven Anderson\My Documents\Chapter 5.ppt
[2009/03/05 12:13:54 | 01,550,059 | ---- | M] () -- C:\Documents and Settings\Steven Anderson\My Documents\Cornelius.AmbivalentReception.pdf
[2009/03/05 03:45:23 | 02,495,077 | ---- | M] () -- C:\Documents and Settings\Steven Anderson\My Documents\Street Fighter 2 Plus Champion Edition (J) [!].zip
[2009/03/04 01:52:25 | 01,003,139 | ---- | M] () -- C:\Documents and Settings\Steven Anderson\My Documents\NHL 98 (U) [h3].zip
[2009/03/04 00:54:31 | 00,892,321 | ---- | M] () -- C:\Documents and Settings\Steven Anderson\My Documents\Tecmo Super Bowl 3 Final Edition (U) [a1][x].zip
[2009/03/04 00:30:02 | 01,026,024 | ---- | M] () -- C:\Documents and Settings\Steven Anderson\My Documents\NHL 97 (F) [!].zip
[2009/03/03 17:37:39 | 00,151,552 | ---- | M] () -- C:\Documents and Settings\Steven Anderson\My Documents\studentDB1.mdb
[2009/03/03 17:14:37 | 00,033,792 | ---- | M] () -- C:\Documents and Settings\Steven Anderson\My Documents\bmgt301-0601_assign1a_anderson_steven.xls
[2009/03/03 16:55:09 | 00,033,280 | ---- | M] () -- C:\Documents and Settings\Steven Anderson\My Documents\Scenario Report.xls
[2009/03/03 16:26:35 | 00,026,624 | ---- | M] () -- C:\Documents and Settings\Steven Anderson\My Documents\assignment.xls
[2009/03/03 11:09:24 | 00,804,090 | ---- | M] () -- C:\Documents and Settings\Steven Anderson\My Documents\Delgado.%20Mujeres%20in%20College.pdf
[2009/03/03 11:09:06 | 02,042,904 | ---- | M] () -- C:\Documents and Settings\Steven Anderson\My Documents\Latinao%20Undergraduate%20Experiences%20in%20Higher%20Education.pdf
[2009/03/03 07:05:26 | 19,305,84737 | ---- | M] () -- C:\Documents and Settings\Steven Anderson\My Documents\Fear and Loathing in Las Vegas.mp4
[2009/03/03 01:22:51 | 00,026,112 | ---- | M] () -- C:\Documents and Settings\Steven Anderson\My Documents\Assignment-VersionA-WorkBook.xls
[2009/03/02 15:58:54 | 17,530,8609 | ---- | M] () -- C:\Documents and Settings\Steven Anderson\My Documents\S08E10 - The Springfield Files.mp4
[2009/03/02 15:47:59 | 21,725,2932 | ---- | M] () -- C:\Documents and Settings\Steven Anderson\My Documents\The City Of New York Vs. Homer Simpson.mp4
[2009/03/02 14:31:40 | 00,070,144 | ---- | M] () -- C:\Documents and Settings\Steven Anderson\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/02/27 19:02:45 | 00,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
< End of report >
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP