Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Antivirus Live

Started by sheppardwk , Dec 18 2009 06:51 PM

  • Please log in to reply

#1
sheppardwk
Posted 18 December 2009 - 06:51 PM

sheppardwk

    Member

  • Member
  • PipPip
  • 54 posts
My son went to Pirate Bay .org and while browsing our computer now we have this Antivirus Live indicating we have an Antivirus software alert. "Your computer is being attacked by an internet virus. It could be a password-stealing attack, a trojan-dropper or similar." There is a security warning stating "Application cannot be executed. The file wscntfy.exe is infected. Do you want to activate your antivirus software now?"

Now there is a Spyware Alert!
Vulnerabilities found.
Your computer is infected by spyware - 34 serious threats have been found while scanning your files and registry. It is strongly recommended that you disinfect your computer and activate Realtime secure protection against future intrusions.

What should we do?

Edited by sheppardwk, 19 December 2009 - 07:26 AM.

  • 0

Advertisements

#2
sheppardwk
Posted 18 December 2009 - 07:26 PM

sheppardwk

    Member

  • Topic Starter
  • Member
  • PipPip
  • 54 posts
Here is the Log.txt from our computer that I found was the first step in similar posts.

Attached Files

  • Attached File  Log.txt   70bytes   171 downloads

  • 0

#3
sheppardwk
Posted 18 December 2009 - 10:24 PM

sheppardwk

    Member

  • Topic Starter
  • Member
  • PipPip
  • 54 posts
Downloaded rkill and kept trying it until all of the pop-ups disappeared.
Then ran Malwarebytes - it found 5 infections.
Currently running avast.
Will reboot after it finishes.
Then what else should be done?
  • 0

#4
sheppardwk
Posted 19 December 2009 - 07:29 AM

sheppardwk

    Member

  • Topic Starter
  • Member
  • PipPip
  • 54 posts
Avast found several infections and required a reboot. Avast is now updated as well.
Continuing with several other recommendations that I've read, I then ran OTL, below are the results. Please let me know if we need to continue or what to run within OTL. Thanks.

OTL logfile created on: 12/19/2009 8:23:09 AM - Run 2
OTL by OldTimer - Version 3.0.6.4 Folder = C:\My Documents
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 100.00% Memory free
4.00 Gb Paging File | 3.88 Gb Available in Paging File | 96.94% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 145.82 Gb Total Space | 76.22 Gb Free Space | 52.27% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive Y: | 38.27 Gb Total Space | 23.29 Gb Free Space | 60.86% Space Free | Partition Type: FAT32
Drive Z: | 38.27 Gb Total Space | 23.29 Gb Free Space | 60.86% Space Free | Partition Type: FAT32

Computer Name: DELL
Current User Name: Alyssa
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\WINDOWS\System32\Ati2evxx.exe ()
PRC - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe (Lavasoft)
PRC - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe (ALWIL Software)
PRC - C:\Program Files\Alwil Software\Avast4\ashServ.exe (ALWIL Software)
PRC - C:\www\bin\httpd.exe (Apache Software Foundation)
PRC - C:\Program Files\Bonjour\mDNSResponder.exe (Apple Computer, Inc.)
PRC - C:\WINDOWS\System32\CTsvcCDA.EXE (Creative Technology Ltd)
PRC - C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe (Intel Corporation)
PRC - C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
PRC - C:\www\sqldb\bin\mysqld.exe ()
PRC - C:\WINDOWS\System32\MsPMSPSv.exe (Microsoft Corporation)
PRC - C:\www\bin\httpd.exe (Apache Software Foundation)
PRC - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe (ALWIL Software)
PRC - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe (ALWIL Software)
PRC - C:\WINDOWS\Explorer.EXE (Microsoft Corporation)
PRC - C:\Program Files\TortoiseSVN\bin\TSVNCache.exe (http://tortoisesvn.net)
PRC - C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe (Intel Corporation)
PRC - C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe (Creative Technology Ltd)
PRC - C:\WINDOWS\System32\dla\tfswctrl.exe (Sonic Solutions)
PRC - C:\Program Files\Common Files\Dell\EUSW\Support.exe (Dell)
PRC - C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
PRC - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
PRC - C:\My Documents\OTL.exe (OldTimer Tools)

========== Win32 Services (SafeList) ==========

SRV - (aawservice [Auto | Running]) -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe (Lavasoft)
SRV - (Apache [Auto | Running]) -- C:\www\bin\httpd.exe (Apache Software Foundation)
SRV - (Apache2.2 [Auto | Stopped]) -- C:\www\bin\httpd.exe (Apache Software Foundation)
SRV - (aspnet_state [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (Microsoft Corporation)
SRV - (aswUpdSv [Auto | Running]) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe (ALWIL Software)
SRV - (Ati HotKey Poller [Auto | Running]) -- C:\WINDOWS\System32\Ati2evxx.exe ()
SRV - (avast! Antivirus [Auto | Running]) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe (ALWIL Software)
SRV - (avast! Mail Scanner [On_Demand | Running]) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe (ALWIL Software)
SRV - (avast! Web Scanner [On_Demand | Running]) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe (ALWIL Software)
SRV - (Bonjour Service [Auto | Running]) -- C:\Program Files\Bonjour\mDNSResponder.exe (Apple Computer, Inc.)
SRV - (clr_optimization_v2.0.50727_32 [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (Creative Service for CDROM Access [Auto | Running]) -- C:\WINDOWS\System32\CTsvcCDA.EXE (Creative Technology Ltd)
SRV - (FileZilla Server [On_Demand | Stopped]) -- File not found
SRV - (FLEXnet Licensing Service [On_Demand | Stopped]) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (FontCache3.0.0.0 [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation)
SRV - (getPlusHelper [On_Demand | Stopped]) -- C:\Program Files\NOS\bin\getPlus_Helper.dll (NOS Microsystems Ltd.)
SRV - (gusvc [On_Demand | Stopped]) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (Google)
SRV - (helpsvc [Auto | Running]) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)
SRV - (IAANTMon [Auto | Running]) -- C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe (Intel Corporation)
SRV - (IDriverT [On_Demand | Stopped]) -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe (Macrovision Corporation)
SRV - (idsvc [Unknown | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe (Microsoft Corporation)
SRV - (JavaQuickStarterService [Auto | Running]) -- C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
SRV - (MySQL5 [Auto | Running]) -- C:\www\sqldb\bin\mysqld.exe ()
SRV - (NetTcpPortSharing [Disabled | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe (Microsoft Corporation)
SRV - (WMDM PMSP Service [Auto | Running]) -- C:\WINDOWS\System32\MsPMSPSv.exe (Microsoft Corporation)

========== Driver Services (SafeList) ==========

DRV - (Aavmker4 [System | Running]) -- C:\WINDOWS\System32\drivers\aavmker4.sys (ALWIL Software)
DRV - (AliIde [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.)
DRV - (amdagp [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\amdagp.sys (Advanced Micro Devices, Inc.)
DRV - (asc [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\asc.sys (Advanced System Products, Inc.)
DRV - (asc3550 [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\asc3550.sys (Advanced System Products, Inc.)
DRV - (ASCTRM [Auto | Running]) -- C:\WINDOWS\System32\drivers\asctrm.sys (Windows ® 2000 DDK provider)
DRV - (aswFsBlk [Auto | Running]) -- C:\WINDOWS\System32\DRIVERS\aswFsBlk.sys (ALWIL Software)
DRV - (aswMon2 [Auto | Running]) -- C:\WINDOWS\System32\drivers\aswmon2.sys (ALWIL Software)
DRV - (aswRdr [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\aswRdr.sys (ALWIL Software)
DRV - (aswSP [System | Running]) -- C:\WINDOWS\System32\drivers\aswSP.sys (ALWIL Software)
DRV - (aswTdi [System | Running]) -- C:\WINDOWS\System32\drivers\aswTdi.sys (ALWIL Software)
DRV - (ati2mtag [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\ati2mtag.sys (ATI Technologies Inc.)
DRV - (b57w2k [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\b57xp32.sys (Broadcom Corporation)
DRV - (CmdIde [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.)
DRV - (ctsfm2k [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\ctsfm2k.sys (Creative Technology Ltd)
DRV - (dac2w2k [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys (Mylex Corporation)
DRV - (drvmcdb [Boot | Running]) -- C:\WINDOWS\system32\drivers\drvmcdb.sys (Sonic Solutions)
DRV - (drvnddm [Auto | Running]) -- C:\WINDOWS\System32\drivers\drvnddm.sys (Sonic Solutions)
DRV - (E100B [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\e100b325.sys (Intel Corporation)
DRV - (hamachi [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\hamachi.sys (LogMeIn, Inc.)
DRV - (iaStor [Boot | Running]) -- C:\WINDOWS\system32\drivers\iaStor.sys (Intel Corporation)
DRV - (IntelC51 [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\IntelC51.sys (Intel Corporation)
DRV - (IntelC52 [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\IntelC52.sys (Intel Corporation)
DRV - (IntelC53 [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\IntelC53.sys (Intel Corporation)
DRV - (MODEMCSA [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\MODEMCSA.sys (Microsoft Corporation)
DRV - (mohfilt [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\mohfilt.sys (Intel Corporation)
DRV - (mraid35x [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys (American Megatrends Inc.)
DRV - (nv [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\nv4_mini.sys (NVIDIA Corporation)
DRV - (omci [System | Running]) -- C:\WINDOWS\System32\DRIVERS\omci.sys (Dell Computer Corporation)
DRV - (ossrv [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\ctoss2k.sys (Creative Technology Ltd.)
DRV - (P17 [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\P17.sys (Creative Technology Ltd.)
DRV - (PfModNT [Auto | Running]) -- C:\WINDOWS\System32\drivers\PfModNT.sys (Creative Technology Ltd.)
DRV - (Ptilink [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\ptilink.sys (Parallel Technologies, Inc.)
DRV - (PxHelp20 [Boot | Running]) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys (Sonic Solutions)
DRV - (ql1080 [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\ql1080.sys (QLogic Corporation)
DRV - (ql12160 [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\ql12160.sys (QLogic Corporation)
DRV - (ql1280 [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\ql1280.sys (QLogic Corporation)
DRV - (RT25USBAP [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\rt25usbap.sys (Ralink Technology Inc.)
DRV - (SCDEmu [System | Running]) -- C:\WINDOWS\System32\drivers\scdemu.sys (PowerISO Computing, Inc.)
DRV - (Secdrv [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (sisagp [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\sisagp.sys (Silicon Integrated Systems Corporation)
DRV - (slabbus [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\slabbus.sys (MCCI)
DRV - (slabser [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\slabser.sys (MCCI)
DRV - (Sparrow [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\sparrow.sys (Adaptec, Inc.)
DRV - (sscdbhk5 [System | Running]) -- C:\WINDOWS\System32\drivers\sscdbhk5.sys (Sonic Solutions)
DRV - (ssrtln [System | Running]) -- C:\WINDOWS\System32\drivers\ssrtln.sys (Sonic Solutions)
DRV - (symc810 [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\symc810.sys (Symbios Logic Inc.)
DRV - (symc8xx [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys (LSI Logic)
DRV - (sym_hi [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys (LSI Logic)
DRV - (sym_u3 [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys (LSI Logic)
DRV - (tfsnboio [Auto | Running]) -- C:\WINDOWS\System32\dla\tfsnboio.sys (Sonic Solutions)
DRV - (tfsncofs [Auto | Running]) -- C:\WINDOWS\System32\dla\tfsncofs.sys (Sonic Solutions)
DRV - (tfsndrct [Auto | Running]) -- C:\WINDOWS\System32\dla\tfsndrct.sys (Sonic Solutions)
DRV - (tfsndres [Auto | Running]) -- C:\WINDOWS\System32\dla\tfsndres.sys (Sonic Solutions)
DRV - (tfsnifs [Auto | Running]) -- C:\WINDOWS\System32\dla\tfsnifs.sys (Sonic Solutions)
DRV - (tfsnopio [Auto | Running]) -- C:\WINDOWS\System32\dla\tfsnopio.sys (Sonic Solutions)
DRV - (tfsnpool [Auto | Running]) -- C:\WINDOWS\System32\dla\tfsnpool.sys (Sonic Solutions)
DRV - (tfsnudf [Auto | Running]) -- C:\WINDOWS\System32\dla\tfsnudf.sys (Sonic Solutions)
DRV - (tfsnudfa [Auto | Running]) -- C:\WINDOWS\System32\dla\tfsnudfa.sys (Sonic Solutions)
DRV - (ultra [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\ultra.sys (Promise Technology, Inc.)

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://toolbar.ask.c...c...amp;gc=1&q=
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn...st/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...amp;ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1
FF - prefs.js..extensions.enabledItems: 6
FF - prefs.js..extensions.enabledItems: 2
FF - prefs.js..extensions.enabledItems: 48
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}:6.0.17
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.1
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.6
FF - prefs.js..network.proxy.backup.ftp: "warrior.tech-centrum.com"
FF - prefs.js..network.proxy.backup.ftp_port: 3128
FF - prefs.js..network.proxy.backup.gopher: "warrior.tech-centrum.com"
FF - prefs.js..network.proxy.backup.gopher_port: 3128
FF - prefs.js..network.proxy.backup.socks: "warrior.tech-centrum.com"
FF - prefs.js..network.proxy.backup.socks_port: 3128
FF - prefs.js..network.proxy.backup.ssl: "warrior.tech-centrum.com"
FF - prefs.js..network.proxy.backup.ssl_port: 3128
FF - prefs.js..network.proxy.ftp: "208.52.1.1"
FF - prefs.js..network.proxy.ftp_port: 80
FF - prefs.js..network.proxy.gopher: "208.52.1.1"
FF - prefs.js..network.proxy.gopher_port: 80
FF - prefs.js..network.proxy.http: "208.52.1.1"
FF - prefs.js..network.proxy.http_port: 80
FF - prefs.js..network.proxy.no_proxies_on: "*.local"
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.socks: "208.52.1.1"
FF - prefs.js..network.proxy.socks_port: 80
FF - prefs.js..network.proxy.ssl: "208.52.1.1"
FF - prefs.js..network.proxy.ssl_port: 80

FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/07/03 07:07:15 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009/04/05 15:32:37 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/12/16 19:39:53 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/12/16 19:39:52 | 00,000,000 | ---D | M]

[2009/10/17 19:20:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Alyssa\Application Data\mozilla\Extensions
[2009/10/17 19:20:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Alyssa\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/12/18 20:26:53 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Alyssa\Application Data\mozilla\Firefox\Profiles\wqdajewc.default\extensions
[2009/10/17 19:23:05 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Alyssa\Application Data\mozilla\Firefox\Profiles\wqdajewc.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/10/17 19:23:05 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Alyssa\Application Data\mozilla\Firefox\Profiles\wqdajewc.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2009/12/18 20:26:53 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009/12/16 19:39:52 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/11/04 19:59:34 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
[2009/12/16 19:39:44 | 00,023,512 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/12/16 19:39:44 | 00,137,176 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2009/10/11 04:17:27 | 00,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeploytk.dll
[2009/12/16 19:39:47 | 00,064,984 | ---- | M] (mozilla.org) -- C:\Program Files\mozilla firefox\plugins\npnul32.dll
[2004/12/14 01:19:18 | 00,057,344 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\mozilla firefox\plugins\nppdf32.dll
[2009/09/23 15:37:30 | 00,032,448 | ---- | M] (NOS Microsystems Ltd.) -- C:\Program Files\mozilla firefox\plugins\np_gp.dll
[2009/08/24 13:45:46 | 00,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2009/08/24 13:45:46 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2009/08/24 13:45:46 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2009/08/24 13:45:46 | 00,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2009/08/24 13:45:46 | 00,002,371 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2009/08/24 13:45:46 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2009/08/24 13:45:46 | 00,000,792 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml

O1 HOSTS File: (1220 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 activate.adobe.com
O1 - Hosts: 127.0.0.1 practivate.adobe.com
O1 - Hosts: 127.0.0.1 ereg.adobe.com
O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com
O1 - Hosts: 127.0.0.1 wip3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.com
O1 - Hosts: 127.0.0.1 ereg.wip3.adobe.com
O1 - Hosts: 127.0.0.1 activate-sea.adobe.com
O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com
O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (EWPBrowseObject Class) - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll ()
O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll (Google Inc.)
O2 - BHO: (CSolidBrowserObj Object) - {BD08A9D5-0E5C-4f42-99A3-C0CB5E860557} - C:\WINDOWS\System32\SolidStateNetworks\SolidStateION\solidax.dll (Solid State Networks)
O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll (Google Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Easy-WebPrint) - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll ()
O3 - HKLM\..\Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O4 - HKLM..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe (ATI Technologies, Inc.)
O4 - HKLM..\Run: [avast!] C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
O4 - HKLM..\Run: [CTSysVol] C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [dla] C:\WINDOWS\System32\dla\tfswctrl.exe (Sonic Solutions)
O4 - HKLM..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe (Dell)
O4 - HKLM..\Run: [FileZilla Server Interface] C:\www\ftp\FileZilla Server Interface.exe File not found
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe (Intel Corporation)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [P17Helper] C:\WINDOWS\System32\P17.DLL ()
O4 - HKLM..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE (Creative Technology Ltd.)
O4 - HKCU..\Run: [PeerGuardian] C:\Program Files\PeerGuardian2\pg2.exe File not found
O4 - HKCU..\Run: [Steam] c:\program files\steam\steam.exe (Valve Corporation)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKCU..\RunOnce: [Shockwave Updater] File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Easy-WebPrint Add To Print List - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll ()
O8 - Extra context menu item: Easy-WebPrint High Speed Print - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll ()
O8 - Extra context menu item: Easy-WebPrint Preview - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll ()
O8 - Extra context menu item: Easy-WebPrint Print - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll ()
O9 - Extra Button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Documents and Settings\Zachary\My Documents\Zach\ieSpell\iespell.dll File not found
O9 - Extra 'Tools' menuitem : ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Documents and Settings\Zachary\My Documents\Zach\ieSpell\iespell.dll File not found
O9 - Extra 'Tools' menuitem : ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Documents and Settings\Zachary\My Documents\Zach\ieSpell\iespell.dll File not found
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: internet ([]about in Trusted sites)
O15 - HKCU\..Trusted Domains: mcafee.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: mcafee.com ([]https in Trusted sites)
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} http://echat.bellsou...oad/tgctlcm.cab (Support.com Configuration Class)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.micros...tes/ieawsdc.cab (Microsoft Office Template and Media Control)
O16 - DPF: {15B782AF-55D8-11D1-B477-006097098764} http://download.macr...are/awswaxf.cab (Macromedia Authorware Web Player Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} http://download.micr...78f/wvc1dmo.cab (Reg Error: Key error.)
O16 - DPF: {362C56AA-6E4F-40C7-A0B5-85501DBDAD77} http://i.dell.com/im...r/SysProExe.cab (Scanner.SysScanner)
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} http://www1.snapfish...fishActivia.cab (Snapfish Activia)
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.aka...vex-2.2.4.1.cab (DLM Control)
O16 - DPF: {75A6AEA3-F26E-4608-AE9B-8DA78C87576E} https://secure.footp...ameLauncher.CAB (Wizard101GameLauncher)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macr...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 24.25.5.148 24.25.5.147
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/10 14:04:08 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2008/11/22 21:01:20 | 00,000,000 | ---- | M] () - Z:\AUTOEXEC.BAT -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()

========== Files/Folders - Created Within 30 Days ==========

[1 C:\Program Files\*.tmp files]
[2009/12/18 20:28:05 | 03,550,592 | ---- | C] (Sysinternals - www.sysinternals.com) -- C:\Documents and Settings\Alyssa\Desktop\procexp.exe
[2009/12/18 20:19:27 | 00,262,656 | ---- | C] () -- C:\Documents and Settings\Alyssa\Desktop\rkill.pif
[2009/12/18 20:19:21 | 00,262,656 | ---- | C] () -- C:\Documents and Settings\Alyssa\Desktop\rkill.scr
[2009/12/18 20:17:59 | 00,262,656 | ---- | C] () -- C:\Documents and Settings\Alyssa\Desktop\rkill.com
[2009/12/18 20:16:11 | 00,262,656 | ---- | C] () -- C:\Documents and Settings\Alyssa\Desktop\rkill.exe
[2009/12/18 19:25:48 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Alyssa\Local Settings\Application Data\kwdcdj
[2009/12/16 19:21:07 | 00,022,016 | ---- | C] () -- C:\Culture.doc
[2009/11/24 18:03:32 | 00,000,000 | ---D | C] -- C:\21[2008]DvDrip-aXXo
[2009/11/24 17:12:53 | 00,000,000 | ---D | C] -- C:\The.Dark.Knight[2008]DvDrip-aXXo
[2009/11/24 15:44:45 | 06,387,568 | ---- | C] () -- C:\beat.mp3
[2009/11/23 21:20:32 | 00,000,000 | ---D | C] -- C:\Untraceable[2008]R5.DvDrip[Eng]-aXXo
[2009/11/23 19:34:39 | 00,000,000 | ---D | C] -- C:\Program Files\PeerGuardian2
[2009/11/23 19:34:03 | 01,674,242 | ---- | C] (Methlabs Productions ) -- C:\pg2-070309.exe
[2009/11/23 18:40:45 | 00,000,000 | ---D | C] -- C:\HLS
[2009/11/19 21:12:47 | 00,004,096 | ---- | C] () -- C:\WINDOWS\d3dx.dat
[2009/11/19 21:12:25 | 00,000,757 | ---- | C] () -- C:\Documents and Settings\Alyssa\Desktop\Sallys Salon.lnk
[2009/11/19 21:12:19 | 00,000,000 | ---D | C] -- C:\Program Files\Sallys Salon
[2009/11/19 20:31:55 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Alyssa\My Documents\NannyMania
[2009/11/19 18:23:37 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Fugazo
[2009/11/19 18:18:50 | 00,000,000 | ---D | C] -- C:\Program Files\Fashion Fits
[2009/11/19 18:18:20 | 00,000,745 | ---- | C] () -- C:\Documents and Settings\Alyssa\Desktop\Nanny Mania.lnk
[2009/11/19 18:18:16 | 00,000,000 | ---D | C] -- C:\Program Files\Nanny Mania
[2009/11/19 17:33:17 | 00,000,752 | ---- | C] () -- C:\Documents and Settings\Alyssa\Desktop\Cake Mania 2.lnk
[2009/11/19 17:33:08 | 00,000,000 | ---D | C] -- C:\Program Files\Cake Mania 2
[2009/11/19 17:32:58 | 00,000,000 | ---D | C] -- C:\Program Files\ReflexiveArcade
[2009/10/13 18:48:19 | 00,000,146 | ---- | C] () -- C:\WINDOWS\W2W.ini
[2009/10/13 18:33:11 | 00,000,008 | ---- | C] () -- C:\WINDOWS\System32\WIN.INI
[2009/10/13 18:33:11 | 00,000,008 | ---- | C] () -- C:\WINDOWS\System32\SYSTEM.INI
[2009/10/13 18:33:11 | 00,000,008 | ---- | C] () -- C:\WINDOWS\System32\PROTOCOL.INI
[2009/09/06 10:51:36 | 00,000,317 | ---- | C] () -- C:\WINDOWS\hegames.ini
[2009/08/07 18:51:34 | 00,178,430 | ---- | C] () -- C:\WINDOWS\System32\xlive.dll.cat
[2009/04/07 20:35:05 | 00,028,672 | ---- | C] () -- C:\WINDOWS\System32\nnr.dll
[2009/02/20 11:03:51 | 00,819,200 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2009/02/20 11:03:50 | 00,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2008/11/23 12:33:17 | 00,000,171 | ---- | C] () -- C:\WINDOWS\icecast2.ini
[2008/11/17 19:51:04 | 01,073,152 | ---- | C] () -- C:\WINDOWS\System32\libmysql_c.dll
[2008/09/02 18:52:43 | 00,000,000 | ---- | C] () -- C:\WINDOWS\NSREX.INI
[2008/08/21 15:47:35 | 00,000,063 | ---- | C] () -- C:\WINDOWS\mdm.ini
[2008/08/05 10:35:40 | 00,040,960 | ---- | C] () -- C:\WINDOWS\System32\IPPCPUID.DLL
[2008/08/05 10:34:52 | 00,011,776 | ---- | C] () -- C:\WINDOWS\System32\pmsbfn32.dll
[2008/08/05 10:32:53 | 00,000,416 | ---- | C] () -- C:\WINDOWS\MAXLINK.INI
[2008/07/31 17:50:55 | 00,000,479 | ---- | C] () -- C:\WINDOWS\ka.ini
[2008/07/31 11:54:54 | 00,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2008/07/29 12:47:11 | 00,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll
[2008/07/29 12:45:37 | 00,000,685 | ---- | C] () -- C:\WINDOWS\disney.ini
[2008/07/29 11:36:14 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/07/28 11:57:22 | 00,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll
[2008/07/27 17:21:15 | 00,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2005/01/05 15:52:08 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005/01/05 15:46:28 | 00,000,138 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2005/01/05 15:41:51 | 00,000,231 | ---- | C] () -- C:\WINDOWS\AC3API.INI
[2005/01/05 15:41:43 | 00,003,278 | ---- | C] () -- C:\WINDOWS\System32\LudaP17.ini
[2005/01/05 15:41:43 | 00,000,029 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini
[2005/01/05 15:41:37 | 00,000,072 | ---- | C] () -- C:\WINDOWS\SBWIN.INI
[2005/01/05 15:13:34 | 00,000,517 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2004/09/15 23:03:14 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004/08/10 14:13:12 | 00,000,780 | ---- | C] () -- C:\WINDOWS\ORUN32.INI
[2004/08/10 14:04:08 | 00,000,899 | ---- | C] () -- C:\WINDOWS\WIN.INI
[2004/08/10 13:57:52 | 00,000,227 | ---- | C] () -- C:\WINDOWS\SYSTEM.INI
[2004/08/04 06:00:00 | 00,001,793 | ---- | C] () -- C:\WINDOWS\System32\FXSPERF.INI
[2004/04/23 14:17:02 | 00,000,061 | ---- | C] () -- C:\WINDOWS\System32\uninstall.ini
[2003/12/09 23:36:46 | 00,104,671 | ---- | C] () -- C:\WINDOWS\System32\AckUtl.dll
[1999/01/22 13:46:58 | 00,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL
[1980/01/01 01:00:00 | 00,151,552 | ---- | C] ( ) -- C:\WINDOWS\System32\ATIDEMGR.dll
[1980/01/01 01:00:00 | 00,086,016 | ---- | C] () -- C:\WINDOWS\System32\ati2evxx.dll
[1980/01/01 01:00:00 | 00,065,536 | ---- | C] ( ) -- C:\WINDOWS\System32\A3d.dll
[1980/01/01 01:00:00 | 00,060,928 | ---- | C] () -- C:\WINDOWS\System32\P17.dll
[1980/01/01 01:00:00 | 00,053,248 | ---- | C] () -- C:\WINDOWS\System32\P17CPI.dll

========== Files - Modified Within 30 Days ==========

[1 C:\Program Files\*.tmp files]
[2009/12/19 08:10:34 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/12/19 08:10:25 | 00,002,048 | --S- | M] () -- C:\WINDOWS\BOOTSTAT.DAT
[2009/12/19 08:10:23 | 32,192,96256 | -HS- | M] () -- C:\hiberfil.sys
[2009/12/19 08:09:16 | 00,002,626 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2009/12/18 20:28:35 | 03,550,592 | ---- | M] (Sysinternals - www.sysinternals.com) -- C:\Documents and Settings\Alyssa\Desktop\procexp.exe
[2009/12/18 20:19:28 | 00,262,656 | ---- | M] () -- C:\Documents and Settings\Alyssa\Desktop\rkill.pif
[2009/12/18 20:19:21 | 00,262,656 | ---- | M] () -- C:\Documents and Settings\Alyssa\Desktop\rkill.scr
[2009/12/18 20:17:59 | 00,262,656 | ---- | M] () -- C:\Documents and Settings\Alyssa\Desktop\rkill.com
[2009/12/18 20:16:11 | 00,262,656 | ---- | M] () -- C:\Documents and Settings\Alyssa\Desktop\rkill.exe
[2009/12/18 16:56:28 | 00,000,600 | ---- | M] () -- C:\Documents and Settings\Alyssa\Local Settings\Application Data\PUTTY.RND
[2009/12/18 07:28:01 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2009/12/17 16:30:08 | 00,001,728 | -H-- | M] () -- C:\Documents and Settings\Alyssa\My Documents\Default.rdp
[2009/12/16 21:15:03 | 00,022,016 | ---- | M] () -- C:\Culture.doc
[2009/12/15 16:32:09 | 00,014,848 | ---- | M] () -- C:\Documents and Settings\Alyssa\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/12/10 18:00:43 | 00,524,016 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/12/10 18:00:43 | 00,442,466 | ---- | M] () -- C:\WINDOWS\System32\PERFH009.DAT
[2009/12/10 18:00:43 | 00,071,732 | ---- | M] () -- C:\WINDOWS\System32\PERFC009.DAT
[2009/12/10 17:57:33 | 00,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/12/01 15:06:19 | 25,966,024 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe
[2009/11/24 18:54:29 | 01,280,480 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\aswBoot.exe
[2009/11/24 18:51:09 | 00,093,424 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2009/11/24 18:50:59 | 00,094,160 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2009/11/24 18:50:12 | 00,114,768 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2009/11/24 18:50:00 | 00,020,560 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2009/11/24 18:49:07 | 00,048,560 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2009/11/24 18:48:57 | 00,023,120 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2009/11/24 18:47:54 | 00,027,408 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2009/11/24 18:47:28 | 00,097,480 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\AvastSS.scr
[2009/11/24 15:44:57 | 06,387,568 | ---- | M] () -- C:\beat.mp3
[2009/11/23 19:40:46 | 00,002,207 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Steam.lnk
[2009/11/23 19:34:07 | 01,674,242 | ---- | M] (Methlabs Productions ) -- C:\pg2-070309.exe
[2009/11/23 18:25:33 | 00,000,061 | ---- | M] () -- C:\WINDOWS\System32\msn.bat
[2009/11/22 13:57:34 | 00,000,899 | ---- | M] () -- C:\WINDOWS\WIN.INI
[2009/11/22 13:57:34 | 00,000,227 | ---- | M] () -- C:\WINDOWS\SYSTEM.INI
[2009/11/22 13:57:34 | 00,000,211 | -HS- | M] () -- C:\BOOT.INI
[2009/11/19 21:12:47 | 00,004,096 | ---- | M] () -- C:\WINDOWS\d3dx.dat
[2009/11/19 21:12:25 | 00,000,757 | ---- | M] () -- C:\Documents and Settings\Alyssa\Desktop\Sallys Salon.lnk
[2009/11/19 18:18:20 | 00,000,745 | ---- | M] () -- C:\Documents and Settings\Alyssa\Desktop\Nanny Mania.lnk
[2009/11/19 17:33:17 | 00,000,752 | ---- | M] () -- C:\Documents and Settings\Alyssa\Desktop\Cake Mania 2.lnk

========== LOP Check ==========

[2009/11/19 18:23:37 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\All Users\Application Data
[2008/08/22 15:49:03 | 00,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ
[2008/07/28 11:06:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Citrix
[2005/01/05 15:42:54 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Dell
[2008/11/17 20:23:19 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FLEXnet
[2009/11/19 18:23:37 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Fugazo
[2009/06/24 19:53:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IM
[2008/09/18 16:19:29 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Imagine Fashion Designer
[2009/06/24 19:52:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IncrediMail
[2008/08/01 21:36:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MailFrontier
[2009/04/05 15:19:18 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MySQL
[2009/07/25 20:13:39 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PlayFirst
[2005/01/05 15:13:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SBSI
[2008/08/05 10:32:45 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ScanSoft
[2008/09/14 12:20:41 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SkyGolf
[2009/10/03 23:07:24 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sony
[2009/10/26 16:17:39 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/11/18 15:19:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Trymedia
[2005/01/05 15:50:25 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2009/05/22 15:29:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Vivendi Universal Games
[2008/08/09 18:20:09 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WhiteCap (Holiday Edition)
[2009/07/06 07:09:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2009/11/16 17:32:03 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\Alyssa\Application Data
[2009/12/17 21:40:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Alyssa\Application Data\BitTorrent
[2009/10/30 15:23:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Alyssa\Application Data\Canon
[2009/12/10 20:24:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Alyssa\Application Data\FileZilla
[2008/10/12 17:29:39 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Alyssa\Application Data\Free Sound Recorder
[2008/08/09 11:29:45 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Alyssa\Application Data\ieSpell
[2009/02/24 18:35:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Alyssa\Application Data\mIRC
[2008/09/01 16:50:35 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Alyssa\Application Data\Nexon
[2009/10/02 16:59:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Alyssa\Application Data\Notepad++
[2009/07/25 20:13:39 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Alyssa\Application Data\PlayFirst
[2009/10/03 23:29:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Alyssa\Application Data\Publish Providers
[2008/08/05 10:32:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Alyssa\Application Data\ScanSoft
[2009/09/28 23:02:44 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\Alyssa\Application Data\SecuROM
[2009/10/03 23:29:16 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Alyssa\Application Data\Sony
[2009/08/10 08:29:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Alyssa\Application Data\Subversion
[2009/08/10 08:30:16 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Alyssa\Application Data\TortoiseSVN
[2009/11/01 17:58:50 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Alyssa\Application Data\Unity
[2009/12/18 07:28:01 | 00,000,284 | ---- | M] () -- C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
[2004/08/04 06:00:00 | 00,000,065 | RH-- | M] () -- C:\WINDOWS\Tasks\DESKTOP.INI
[2009/12/19 08:10:34 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\Tasks\SA.DAT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 133 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:05EE1EEF
@Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DA3FF453
@Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:888AFB86
< End of report >
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP