Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Possible Infection? Opinion Needed.


  • Please log in to reply

#1
Printer66

Printer66

    Member

  • Member
  • PipPip
  • 17 posts
Hi! I am new here and glad to be a part of this forum and help contribute to it!

I am not sure if i am infected. While searching through image results on Google images with Firefox 4.0b6 a new tab popped open and brought me to hxxp://www3.new-protectionsoft26.in. It said I am infected with several viruses. I quickly recognized this as a Rouge alert and terminated Firefox via task manager. I don't appear to be infected. I did however find three copies of a suspicious file which VirusTotal detected by 17 scanners various things including variants of Koobface-G TDSS. Most however just said it was a generic Fake-AV or Trojan. So far I have scanned with Malwarebytes Kaspersky's TDSSKiller and I Have McAfee VirusScan installed all of which came up negative except for malwarebytes which said that windows security was disabled. I expected this, however, because I intentionally did this to avoid the annoying popups that McAfee was out of date, when I knew that it was not. Could someone please take a look at my OTL log to confirm that I am not infected. Once again I have no symptoms. There are no popups, or search redirects. I am able to fully access task manager and regedit. I did scan scan with HijackThis, before I realized that it should be an OTL log. I have this log available if you would like to see it. Thank you for your help!

OTL logfile created on: 10/29/2010 3:21:03 PM - Run 1
OTL by OldTimer - Version 3.2.17.1 Folder = C:\Documents and Settings\Estano\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 62.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 87.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 111.71 Gb Total Space | 78.34 Gb Free Space | 70.13% Space Free | Partition Type: NTFS

Computer Name: HOME-WSUGSMUL5V | User Name: Estano | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2010/10/29 15:05:32 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Estano\Desktop\OTL.exe
PRC - [2010/09/15 21:15:00 | 000,923,096 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox 4.0 Beta 2\firefox.exe
PRC - [2010/08/13 12:58:56 | 000,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010/05/20 17:19:16 | 000,088,176 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee\SiteAdvisor\McSACore.exe
PRC - [2009/12/10 11:13:56 | 004,562,944 | ---- | M] () -- C:\Program Files\NETGEAR\WNA1100\WNA1100.exe
PRC - [2009/11/27 12:04:44 | 000,278,528 | ---- | M] () -- C:\Program Files\NETGEAR\WNA1100\WifiSvc.exe
PRC - [2009/10/22 20:07:00 | 000,146,448 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
PRC - [2009/10/22 20:07:00 | 000,124,240 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\shstat.exe
PRC - [2009/10/22 20:07:00 | 000,070,728 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\mfevtps.exe
PRC - [2009/10/22 20:07:00 | 000,066,896 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
PRC - [2009/10/22 20:07:00 | 000,027,960 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\mfeann.exe
PRC - [2009/10/22 20:07:00 | 000,021,256 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\EngineServer.exe
PRC - [2009/08/25 16:00:00 | 000,226,624 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\naPrdMgr.exe
PRC - [2009/08/25 16:00:00 | 000,136,512 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\UdaterUI.exe
PRC - [2009/08/25 16:00:00 | 000,103,744 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\FrameworkService.exe
PRC - [2009/08/25 16:00:00 | 000,091,456 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\McTray.exe
PRC - [2009/02/20 13:23:26 | 000,495,700 | ---- | M] (Atheros) -- C:\WINDOWS\system32\acs.exe
PRC - [2004/08/04 00:56:50 | 001,032,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2004/02/25 21:52:30 | 001,855,488 | ---- | M] (C-Media Electronic Inc. (www.cmedia.com.tw)) -- C:\WINDOWS\mixer.exe


========== Modules (SafeList) ==========

MOD - [2010/10/29 15:05:32 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Estano\Desktop\OTL.exe
MOD - [2004/08/04 00:57:02 | 001,050,624 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\hidserv.dll -- (HidServ)
SRV - [2010/08/13 12:58:56 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/05/20 17:19:16 | 000,088,176 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\Program Files\McAfee\SiteAdvisor\McSACore.exe -- (McAfee SiteAdvisor Service)
SRV - [2009/11/27 12:04:44 | 000,278,528 | ---- | M] () [Auto | Running] -- C:\Program Files\NETGEAR\WNA1100\WifiSvc.exe -- (WSWNA1100)
SRV - [2009/11/05 16:08:36 | 000,360,529 | ---- | M] (Atheros Communications, Inc.) [On_Demand | Stopped] -- C:\Program Files\NETGEAR\WNA1100\jswpsapi.exe -- (jswpsapi)
SRV - [2009/10/22 20:07:00 | 000,146,448 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe -- (McShield)
SRV - [2009/10/22 20:07:00 | 000,070,728 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\WINDOWS\system32\mfevtps.exe -- (mfevtp)
SRV - [2009/10/22 20:07:00 | 000,066,896 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe -- (McTaskManager)
SRV - [2009/10/22 20:07:00 | 000,021,256 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Program Files\McAfee\VirusScan Enterprise\EngineServer.exe -- (McAfeeEngineService)
SRV - [2009/08/25 16:00:00 | 000,103,744 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Program Files\McAfee\Common Framework\FrameworkService.exe -- (McAfeeFramework)
SRV - [2009/02/20 13:23:26 | 000,495,700 | ---- | M] (Atheros) [Auto | Running] -- C:\WINDOWS\system32\acs.exe -- (ACS)
SRV - [2008/06/24 09:41:36 | 000,057,344 | ---- | M] (Cepstral, LLC) [Auto | Stopped] -- C:\Program Files\Cepstral\bin\CepstralLicSrv.exe -- (Cepstral License Server)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\Belkin\F5D705~1\GTNDIS5.SYS -- (GTNDIS5)
DRV - [2010/07/09 18:38:00 | 010,604,128 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2009/11/25 12:21:00 | 001,710,944 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\athuw.sys -- (AR9271)
DRV - [2009/10/22 20:07:00 | 000,343,664 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2009/10/22 20:07:00 | 000,091,672 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2009/10/22 20:07:00 | 000,075,704 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfeapfk.sys -- (mfeapfk)
DRV - [2009/10/22 20:07:00 | 000,065,448 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mferkdet.sys -- (mferkdet)
DRV - [2009/10/22 20:07:00 | 000,063,728 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\mfetdik.sys -- (mfetdik)
DRV - [2009/10/22 20:07:00 | 000,043,288 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2009/01/30 17:13:20 | 000,058,208 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wsimd.sys -- (WSIMD)
DRV - [2008/09/25 18:07:00 | 000,057,440 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\jswscimd.sys -- (JSWSCIMD)
DRV - [2008/05/07 22:53:36 | 000,985,472 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2008/05/07 22:52:56 | 000,267,520 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys -- (HSFHWBS2)
DRV - [2008/05/07 22:52:50 | 000,731,264 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2007/10/02 04:06:40 | 000,451,968 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\rt73.sys -- (RT73)
DRV - [2006/04/17 16:54:12 | 000,014,336 | ---- | M] (YAMAHA CORPORATION) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ymidusb.sys -- (YMIDUSB)
DRV - [2004/08/03 23:08:22 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2002/11/17 23:51:40 | 000,377,358 | ---- | M] (C-Media Inc) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\cmaudio.sys -- (cmpci)
DRV - [1999/06/10 13:20:00 | 000,006,112 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\cdenable.sys -- (cdenable)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.useDBForOrder: true

FF - HKLM\software\mozilla\Firefox\extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2010/10/22 18:48:54 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0b6\extensions\\Components: C:\Program Files\Mozilla Firefox 4.0 Beta 2\components [2010/10/06 14:04:19 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0b6\extensions\\Plugins: C:\Program Files\Mozilla Firefox 4.0 Beta 2\plugins

[2010/08/14 19:52:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Estano\Application Data\Mozilla\Extensions
[2010/09/20 07:29:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Estano\Application Data\Mozilla\Firefox\Profiles\yl8wyk8i.default\extensions
[2010/09/20 07:29:14 | 000,000,000 | ---D | M] () -- C:\Documents and Settings\Estano\Application Data\Mozilla\Firefox\Profiles\yl8wyk8i.default\extensions\{000F1EA4-5E08-4564-A29B-29076F63A37A}

O1 HOSTS File: ([2003/07/16 12:23:48 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\scriptsn.dll (McAfee, Inc.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O4 - HKLM..\Run: [C-Media Mixer] C:\WINDOWS\mixer.exe (C-Media Electronic Inc. (www.cmedia.com.tw))
O4 - HKLM..\Run: [jswtrayutil] C:\Program Files\NETGEAR\WNA1100\jswtrayutil.exe File not found
O4 - HKLM..\Run: [McAfeeUpdaterUI] C:\Program Files\McAfee\Common Framework\udaterui.exe (McAfee, Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe ()
O4 - HKLM..\Run: [ShStatEXE] C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE (McAfee, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\NETGEAR WNA1100 Smart Wizard.lnk = C:\Program Files\NETGEAR\WNA1100\WNA1100.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: ([]msn in My Computer)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.micros...b?1282080104421 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Estano\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Estano\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/08/13 13:34:03 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/10/29 15:05:32 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Estano\Desktop\OTL.exe
[2010/10/29 14:56:13 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\Estano\Desktop\HijackThis.exe
[2010/10/27 08:59:53 | 004,411,392 | ---- | C] (Gabest) -- C:\Documents and Settings\Estano\Desktop\mplayerc.exe
[2010/10/26 20:15:49 | 000,000,000 | ---D | C] -- C:\Program Files\Cepstral
[2010/10/26 19:55:05 | 000,000,000 | ---D | C] -- C:\Program Files\OpenSource
[2010/10/15 21:06:28 | 000,007,424 | ---- | C] (Mabry Software, Inc.) -- C:\WINDOWS\System\NOBOOT1.VBX
[2010/10/15 21:06:27 | 000,000,000 | ---D | C] -- C:\KISS
[2010/10/06 14:09:28 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2010/10/06 14:09:25 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2010/10/06 14:03:19 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2010/10/06 13:59:52 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2010/10/06 09:27:25 | 000,000,000 | ---D | C] -- C:\TLCWIN
[2010/10/06 08:03:49 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2010/10/04 21:45:11 | 000,000,000 | ---D | C] -- C:\Program Files\Tunatic
[2010/10/04 21:29:49 | 002,228,534 | ---- | C] ( ) -- C:\Documents and Settings\Estano\My Documents\audacity-win-1.2.6.exe
[2010/10/04 21:29:37 | 001,512,927 | ---- | C] (Audacity Team ) -- C:\Documents and Settings\Estano\My Documents\LADSPA_plugins-win-0.4.15.exe
[2010/10/04 21:29:21 | 000,421,346 | ---- | C] ( ) -- C:\Documents and Settings\Estano\My Documents\Lame_v3.98.2_for_Audacity_on_Windows.exe
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/10/29 15:15:01 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/10/29 15:05:32 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Estano\Desktop\OTL.exe
[2010/10/29 14:56:13 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\Estano\Desktop\HijackThis.exe
[2010/10/29 14:48:57 | 000,271,347 | ---- | M] () -- C:\Documents and Settings\Estano\Desktop\packupdate107_179.zip
[2010/10/29 13:53:16 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/10/29 13:53:07 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/10/29 12:02:33 | 000,691,205 | ---- | M] () -- C:\Documents and Settings\Estano\Desktop\Wfm.jpg
[2010/10/29 11:52:53 | 000,002,401 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Run WeatherSTAR 4000 emulator.lnk
[2010/10/29 10:38:49 | 000,002,497 | ---- | M] () -- C:\Documents and Settings\Estano\Desktop\Microsoft Office Word 2003.lnk
[2010/10/29 10:33:37 | 000,037,888 | ---- | M] () -- C:\Documents and Settings\Estano\My Documents\RSE2.doc
[2010/10/29 10:16:52 | 000,000,534 | ---- | M] () -- C:\WINDOWS\entpack.ini
[2010/10/29 10:16:01 | 000,208,764 | ---- | M] () -- C:\Documents and Settings\Estano\Desktop\chip.zip
[2010/10/29 09:50:53 | 001,278,081 | ---- | M] () -- C:\Documents and Settings\Estano\Desktop\pi.mp3
[2010/10/28 22:35:35 | 000,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/10/28 17:09:47 | 000,042,324 | ---- | M] () -- C:\Documents and Settings\Estano\My Documents\waitingformagictotalremix7.ove
[2010/10/28 16:25:58 | 000,000,281 | ---- | M] () -- C:\Documents and Settings\Estano\Desktop\WFMAOB.mid
[2010/10/28 09:32:36 | 000,000,032 | ---- | M] () -- C:\WINDOWS\CD_Start.INI
[2010/10/27 14:34:42 | 000,528,762 | ---- | M] () -- C:\Documents and Settings\Estano\Desktop\io9000.wav
[2010/10/27 09:39:46 | 000,031,119 | ---- | M] () -- C:\Documents and Settings\Estano\Desktop\wfm.mid
[2010/10/27 09:38:22 | 020,556,538 | ---- | M] () -- C:\Documents and Settings\Estano\Desktop\Track08-2.wav
[2010/10/27 09:01:33 | 041,113,004 | ---- | M] () -- C:\Documents and Settings\Estano\Desktop\Track08.wav
[2010/10/27 08:59:43 | 002,079,423 | ---- | M] () -- C:\Documents and Settings\Estano\Desktop\mplayerc_20100214.zip
[2010/10/26 19:55:05 | 000,000,903 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Simple TTS Reader.lnk
[2010/10/26 19:36:27 | 000,733,274 | ---- | M] () -- C:\Documents and Settings\Estano\Desktop\splash.wav
[2010/10/26 13:26:21 | 000,282,340 | ---- | M] () -- C:\Documents and Settings\Estano\Desktop\tgo.wav
[2010/10/26 13:17:07 | 000,039,424 | ---- | M] () -- C:\Documents and Settings\Estano\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/10/26 13:16:58 | 180,964,174 | ---- | M] () -- C:\vidplay1.avi
[2010/10/26 12:50:54 | 000,069,802 | ---- | M] () -- C:\Documents and Settings\Estano\My Documents\tgo.wv
[2010/10/18 10:47:38 | 000,074,149 | ---- | M] () -- C:\Documents and Settings\Estano\Desktop\cb.jpg
[2010/10/16 18:14:34 | 000,151,584 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/10/15 21:09:47 | 000,000,797 | ---- | M] () -- C:\WINDOWS\KISS.dal
[2010/10/15 21:09:47 | 000,000,576 | ---- | M] () -- C:\WINDOWS\KISS.INI
[2010/10/15 09:28:27 | 056,053,629 | ---- | M] () -- C:\Documents and Settings\Estano\Desktop\videoplayback[1].mp4
[2010/10/15 08:46:05 | 000,006,973 | ---- | M] () -- C:\Documents and Settings\Estano\Desktop\nirvana-a.jpg
[2010/10/14 19:05:09 | 000,055,829 | ---- | M] () -- C:\Documents and Settings\Estano\Desktop\1988-Ford-F25.jpg
[2010/10/14 17:34:28 | 000,194,266 | ---- | M] () -- C:\Documents and Settings\Estano\My Documents\youcantguesswhatisinhere.7z
[2010/10/06 14:04:11 | 000,001,604 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2010/10/06 09:28:17 | 000,000,632 | ---- | M] () -- C:\WINDOWS\E-REGTLC.INI
[2010/10/06 09:27:25 | 000,000,106 | ---- | M] () -- C:\WINDOWS\TLCAPPS.INI
[2010/10/06 08:04:26 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2010/10/04 22:10:10 | 000,043,137 | ---- | M] () -- C:\Documents and Settings\Estano\Desktop\2 unlimited - no limit(2).mid
[2010/10/04 22:08:48 | 000,039,049 | ---- | M] () -- C:\Documents and Settings\Estano\Desktop\no_limit.mid
[2010/10/04 21:45:12 | 000,001,478 | ---- | M] () -- C:\Documents and Settings\Estano\Desktop\Tunatic.lnk
[2010/10/04 21:43:34 | 000,009,096 | ---- | M] () -- C:\Documents and Settings\Estano\My Documents\foofle.wav
[2010/10/04 21:30:10 | 000,000,630 | ---- | M] () -- C:\Documents and Settings\Estano\Desktop\Audacity.lnk
[2010/10/04 21:29:50 | 002,228,534 | ---- | M] ( ) -- C:\Documents and Settings\Estano\My Documents\audacity-win-1.2.6.exe
[2010/10/04 21:29:38 | 001,512,927 | ---- | M] (Audacity Team ) -- C:\Documents and Settings\Estano\My Documents\LADSPA_plugins-win-0.4.15.exe
[2010/10/04 21:29:25 | 000,421,346 | ---- | M] ( ) -- C:\Documents and Settings\Estano\My Documents\Lame_v3.98.2_for_Audacity_on_Windows.exe
[2010/10/04 21:27:26 | 000,603,738 | ---- | M] () -- C:\Documents and Settings\Estano\My Documents\tgo.wav
[2010/09/29 15:44:09 | 000,034,050 | ---- | M] () -- C:\WINDOWS\System32\CoreWavPack-uninstall.exe
[2010/09/29 15:43:42 | 000,349,972 | ---- | M] () -- C:\Documents and Settings\Estano\My Documents\wavpack-4.60.1.zip
[2010/09/29 15:43:36 | 000,106,335 | ---- | M] () -- C:\Documents and Settings\Estano\My Documents\CoreWavPack-1.1.1-Setup.exe
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/10/29 14:48:57 | 000,271,347 | ---- | C] () -- C:\Documents and Settings\Estano\Desktop\packupdate107_179.zip
[2010/10/29 12:02:31 | 000,691,205 | ---- | C] () -- C:\Documents and Settings\Estano\Desktop\Wfm.jpg
[2010/10/29 10:16:46 | 000,000,534 | ---- | C] () -- C:\WINDOWS\entpack.ini
[2010/10/29 10:16:00 | 000,208,764 | ---- | C] () -- C:\Documents and Settings\Estano\Desktop\chip.zip
[2010/10/29 09:50:51 | 001,278,081 | ---- | C] () -- C:\Documents and Settings\Estano\Desktop\pi.mp3
[2010/10/28 16:25:58 | 000,000,281 | ---- | C] () -- C:\Documents and Settings\Estano\Desktop\WFMAOB.mid
[2010/10/27 14:34:39 | 000,528,762 | ---- | C] () -- C:\Documents and Settings\Estano\Desktop\io9000.wav
[2010/10/27 10:16:57 | 000,042,324 | ---- | C] () -- C:\Documents and Settings\Estano\My Documents\waitingformagictotalremix7.ove
[2010/10/27 09:39:42 | 000,031,119 | ---- | C] () -- C:\Documents and Settings\Estano\Desktop\wfm.mid
[2010/10/27 09:36:38 | 020,556,538 | ---- | C] () -- C:\Documents and Settings\Estano\Desktop\Track08-2.wav
[2010/10/27 09:00:49 | 041,113,004 | ---- | C] () -- C:\Documents and Settings\Estano\Desktop\Track08.wav
[2010/10/27 08:59:43 | 002,079,423 | ---- | C] () -- C:\Documents and Settings\Estano\Desktop\mplayerc_20100214.zip
[2010/10/26 19:55:05 | 000,000,903 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Simple TTS Reader.lnk
[2010/10/26 19:36:27 | 000,733,274 | ---- | C] () -- C:\Documents and Settings\Estano\Desktop\splash.wav
[2010/10/26 13:26:21 | 000,282,340 | ---- | C] () -- C:\Documents and Settings\Estano\Desktop\tgo.wav
[2010/10/26 13:16:31 | 180,964,174 | ---- | C] () -- C:\vidplay1.avi
[2010/10/26 12:50:54 | 000,069,802 | ---- | C] () -- C:\Documents and Settings\Estano\My Documents\tgo.wv
[2010/10/25 15:18:10 | 000,037,888 | ---- | C] () -- C:\Documents and Settings\Estano\My Documents\RSE2.doc
[2010/10/18 10:47:32 | 000,074,149 | ---- | C] () -- C:\Documents and Settings\Estano\Desktop\cb.jpg
[2010/10/15 21:07:23 | 000,039,731 | ---- | C] () -- C:\WINDOWS\SETUP1.EXE
[2010/10/15 21:07:23 | 000,007,008 | ---- | C] () -- C:\WINDOWS\System\SETUPKIT.DLL
[2010/10/15 21:06:28 | 000,180,480 | ---- | C] () -- C:\WINDOWS\System\LTKRN62W.DLL
[2010/10/15 21:06:28 | 000,161,792 | ---- | C] () -- C:\WINDOWS\System\LFFAX62W.DLL
[2010/10/15 21:06:28 | 000,140,928 | ---- | C] () -- C:\WINDOWS\System\LFCMP62W.DLL
[2010/10/15 21:06:28 | 000,055,136 | ---- | C] () -- C:\WINDOWS\System\LTIMG62W.DLL
[2010/10/15 21:06:28 | 000,054,320 | ---- | C] () -- C:\WINDOWS\System\LTVBX62W.VBX
[2010/10/15 21:06:28 | 000,040,640 | ---- | C] () -- C:\WINDOWS\System\LFTIF62W.DLL
[2010/10/15 21:06:28 | 000,025,216 | ---- | C] () -- C:\WINDOWS\System\LTFIL62W.DLL
[2010/10/15 21:06:28 | 000,016,960 | ---- | C] () -- C:\WINDOWS\System\LTTWN62W.DLL
[2010/10/15 21:06:28 | 000,010,304 | ---- | C] () -- C:\WINDOWS\System\LFBMP62W.DLL
[2010/10/15 21:06:28 | 000,009,600 | ---- | C] () -- C:\WINDOWS\System\LFGIF62W.DLL
[2010/10/15 21:06:28 | 000,004,698 | ---- | C] () -- C:\WINDOWS\System\VRBTD.386
[2010/10/15 21:06:27 | 000,127,023 | ---- | C] () -- C:\WINDOWS\KISS.SCR
[2010/10/15 21:06:27 | 000,000,797 | ---- | C] () -- C:\WINDOWS\KISS.dal
[2010/10/15 21:06:27 | 000,000,576 | ---- | C] () -- C:\WINDOWS\KISS.INI
[2010/10/15 09:30:30 | 056,053,629 | ---- | C] () -- C:\Documents and Settings\Estano\Desktop\videoplayback[1].mp4
[2010/10/15 08:46:01 | 000,006,973 | ---- | C] () -- C:\Documents and Settings\Estano\Desktop\nirvana-a.jpg
[2010/10/14 19:05:07 | 000,055,829 | ---- | C] () -- C:\Documents and Settings\Estano\Desktop\1988-Ford-F25.jpg
[2010/10/14 17:34:27 | 000,194,266 | ---- | C] () -- C:\Documents and Settings\Estano\My Documents\youcantguesswhatisinhere.7z
[2010/10/06 14:11:02 | 000,002,137 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/10/06 14:04:11 | 000,001,604 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2010/10/06 09:28:10 | 000,000,632 | ---- | C] () -- C:\WINDOWS\E-REGTLC.INI
[2010/10/06 09:27:25 | 000,000,106 | ---- | C] () -- C:\WINDOWS\TLCAPPS.INI
[2010/10/06 08:04:26 | 000,001,729 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2010/10/04 22:10:08 | 000,043,137 | ---- | C] () -- C:\Documents and Settings\Estano\Desktop\2 unlimited - no limit(2).mid
[2010/10/04 22:08:46 | 000,039,049 | ---- | C] () -- C:\Documents and Settings\Estano\Desktop\no_limit.mid
[2010/10/04 21:45:12 | 000,001,478 | ---- | C] () -- C:\Documents and Settings\Estano\Desktop\Tunatic.lnk
[2010/10/04 21:41:43 | 000,009,096 | ---- | C] () -- C:\Documents and Settings\Estano\My Documents\foofle.wav
[2010/10/04 21:27:26 | 000,603,738 | ---- | C] () -- C:\Documents and Settings\Estano\My Documents\tgo.wav
[2010/09/29 15:44:34 | 000,212,992 | ---- | C] () -- C:\Documents and Settings\Estano\My Documents\wavpack.exe
[2010/09/29 15:44:09 | 000,034,050 | ---- | C] () -- C:\WINDOWS\System32\CoreWavPack-uninstall.exe
[2010/09/29 15:43:42 | 000,349,972 | ---- | C] () -- C:\Documents and Settings\Estano\My Documents\wavpack-4.60.1.zip
[2010/09/29 15:43:35 | 000,106,335 | ---- | C] () -- C:\Documents and Settings\Estano\My Documents\CoreWavPack-1.1.1-Setup.exe
[2010/08/30 08:05:49 | 000,000,032 | ---- | C] () -- C:\WINDOWS\CD_Start.INI
[2010/08/27 22:31:31 | 000,001,115 | ---- | C] () -- C:\WINDOWS\HFVExplorer.INI
[2010/08/27 21:52:15 | 000,000,000 | ---- | C] () -- C:\WINDOWS\SETUP32.INI
[2010/08/27 21:43:20 | 000,006,112 | ---- | C] () -- C:\WINDOWS\System32\drivers\cdenable.sys
[2010/08/23 12:23:07 | 000,000,508 | ---- | C] () -- C:\WINDOWS\hegames.ini
[2010/08/17 17:12:15 | 000,262,216 | ---- | C] () -- C:\WINDOWS\System32\IPTests.dll
[2010/08/16 13:38:46 | 000,000,103 | ---- | C] () -- C:\WINDOWS\maketerr.ini
[2010/08/16 12:16:15 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\iyvu9_32.dll
[2010/08/16 12:00:40 | 000,000,166 | ---- | C] () -- C:\WINDOWS\BasiliskII.ini
[2010/08/16 11:27:21 | 000,039,424 | ---- | C] () -- C:\Documents and Settings\Estano\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/08/15 09:29:54 | 000,000,638 | ---- | C] () -- C:\WINDOWS\SIERRA.INI
[2010/08/14 21:34:16 | 000,000,507 | ---- | C] () -- C:\WINDOWS\LMAAM2DD.ini
[2010/08/14 21:16:46 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2010/08/14 20:36:07 | 000,000,129 | ---- | C] () -- C:\Documents and Settings\Estano\Local Settings\Application Data\fusioncache.dat
[2010/08/14 17:47:08 | 000,108,032 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2010/08/14 17:19:46 | 000,839,680 | R--- | C] () -- C:\WINDOWS\System32\timiditydrv.dll
[2010/08/13 14:40:39 | 000,126,976 | ---- | C] () -- C:\WINDOWS\System32\e1000msg.dll
[2010/08/13 14:39:26 | 000,000,025 | ---- | C] () -- C:\WINDOWS\mixerdef.ini
[2010/08/13 14:37:40 | 000,000,092 | ---- | C] () -- C:\WINDOWS\CMISETUP.INI
[2010/08/13 14:37:40 | 000,000,026 | ---- | C] () -- C:\WINDOWS\CMCDPLAY.INI
[2010/08/13 09:26:26 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2007/06/19 08:59:36 | 000,070,400 | ---- | C] () -- C:\WINDOWS\System32\PhysXLoader.dll
[2007/04/20 07:57:30 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll
[2007/04/20 07:57:28 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll
[2007/04/20 07:57:28 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll
[2007/04/20 07:57:28 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll
[2007/04/20 07:57:28 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll
[2007/04/20 07:57:28 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll
[2007/04/20 07:57:28 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll
[2007/04/20 07:57:28 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll
[2007/04/20 07:57:28 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll
[2003/07/16 12:37:58 | 000,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

========== LOP Check ==========

[2010/09/05 11:08:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Buena Vista Games
[2010/08/14 20:13:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Uninstall
[2010/08/19 16:52:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\YAMAHA
[2010/08/28 22:23:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/08/18 12:02:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Estano\Application Data\GenieSoft
[2010/08/19 14:46:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Estano\Application Data\Open Watcom
[2010/10/21 15:07:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Estano\Application Data\Sony Online Entertainment
[2010/09/08 17:30:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Estano\Application Data\Unity

========== Purity Check ==========



< End of report >

Edited by Printer66, 29 October 2010 - 01:35 PM.

  • 0

Advertisements







Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP