vundo, slow computer, etc.
Started by
terpsteve11
, Mar 29 2009 03:27 PM
#1
Posted 29 March 2009 - 03:27 PM
#2
Posted 29 March 2009 - 03:28 PM
Malwarebytes' Anti-Malware 1.35
Database version: 1916
Windows 5.1.2600 Service Pack 3
3/29/09 5:07:22 PM
mbam-log-2009-03-29 (17-07-22).txt
Scan type: Quick Scan
Objects scanned: 71749
Time elapsed: 5 minute(s), 42 second(s)
Memory Processes Infected: 1
Memory Modules Infected: 0
Registry Keys Infected: 4
Registry Values Infected: 0
Registry Data Items Infected: 2
Folders Infected: 0
Files Infected: 29
Memory Processes Infected:
c:\lsass.exe (Trojan.Agent) -> Unloaded process successfully.
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\dslcnnct (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\UAC (Rootkit.Trace) -> Quarantined and deleted successfully.
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFolderOptions (Hijack.FolderOptions) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
Folders Infected:
(No malicious items detected)
Files Infected:
C:\WINDOWS\instsp2.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\papevija.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\nagaduri.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\hakoyevi.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\reader_s.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\UACbiqhnkda.dll (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\UAChdkwmtua.dll (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\aoqckrns.exe (Worm.AutoRun) -> Quarantined and deleted successfully.
C:\dcowt.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\lxdwn.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\wicnin.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\RECYCLER\S-1-5-21-0243636035-3055115376-381863306-1556\pqlmq.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\RECYCLER\S-1-5-21-4466308423-0070945547-499842059-0164\service.exe (Worm.AutoRun) -> Quarantined and deleted successfully.
C:\Documents and Settings\Steven Anderson\Local Settings\Temp\ju9p8pjzuv.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Steven Anderson\Local Settings\Temp\hgiaisx2i.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Steven Anderson\reader_s.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Steven Anderson\Local Settings\Temporary Internet Files\Content.IE5\HQDMNK1K\pqz[1].exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Steven Anderson\Local Settings\Temporary Internet Files\Content.IE5\HQDMNK1K\lebcppdde[2].htm (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Steven Anderson\Local Settings\Temporary Internet Files\Content.IE5\OEE4K143\aasuper2[1].htm (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Steven Anderson\Local Settings\Temporary Internet Files\Content.IE5\RT5EUCDD\loaderadv563[1].exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Steven Anderson\Local Settings\Temporary Internet Files\Content.IE5\YT0MZLXT\aasuper3[1].htm (Worm.AutoRun) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\uacinit.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\lsass.exe (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\UACdojtaxxo.dat (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\UACeekqydgt.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\UACkhylagps.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\UACmpugafwj.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\UACmrduwiry.log (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\UACcxealtyq.sys (Trojan.Agent) -> Quarantined and deleted successfully.
Database version: 1916
Windows 5.1.2600 Service Pack 3
3/29/09 5:07:22 PM
mbam-log-2009-03-29 (17-07-22).txt
Scan type: Quick Scan
Objects scanned: 71749
Time elapsed: 5 minute(s), 42 second(s)
Memory Processes Infected: 1
Memory Modules Infected: 0
Registry Keys Infected: 4
Registry Values Infected: 0
Registry Data Items Infected: 2
Folders Infected: 0
Files Infected: 29
Memory Processes Infected:
c:\lsass.exe (Trojan.Agent) -> Unloaded process successfully.
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\dslcnnct (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\UAC (Rootkit.Trace) -> Quarantined and deleted successfully.
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFolderOptions (Hijack.FolderOptions) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
Folders Infected:
(No malicious items detected)
Files Infected:
C:\WINDOWS\instsp2.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\papevija.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\nagaduri.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\hakoyevi.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\reader_s.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\UACbiqhnkda.dll (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\UAChdkwmtua.dll (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\aoqckrns.exe (Worm.AutoRun) -> Quarantined and deleted successfully.
C:\dcowt.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\lxdwn.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\wicnin.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\RECYCLER\S-1-5-21-0243636035-3055115376-381863306-1556\pqlmq.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\RECYCLER\S-1-5-21-4466308423-0070945547-499842059-0164\service.exe (Worm.AutoRun) -> Quarantined and deleted successfully.
C:\Documents and Settings\Steven Anderson\Local Settings\Temp\ju9p8pjzuv.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Steven Anderson\Local Settings\Temp\hgiaisx2i.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Steven Anderson\reader_s.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Steven Anderson\Local Settings\Temporary Internet Files\Content.IE5\HQDMNK1K\pqz[1].exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Steven Anderson\Local Settings\Temporary Internet Files\Content.IE5\HQDMNK1K\lebcppdde[2].htm (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Steven Anderson\Local Settings\Temporary Internet Files\Content.IE5\OEE4K143\aasuper2[1].htm (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Steven Anderson\Local Settings\Temporary Internet Files\Content.IE5\RT5EUCDD\loaderadv563[1].exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Steven Anderson\Local Settings\Temporary Internet Files\Content.IE5\YT0MZLXT\aasuper3[1].htm (Worm.AutoRun) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\uacinit.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\lsass.exe (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\UACdojtaxxo.dat (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\UACeekqydgt.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\UACkhylagps.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\UACmpugafwj.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\UACmrduwiry.log (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\UACcxealtyq.sys (Trojan.Agent) -> Quarantined and deleted successfully.
#3
Posted 29 March 2009 - 03:28 PM
OTListIt logfile created on: 3/29/09 5:20:45 PM - Run 1
OTListIt2 by OldTimer - Version 2.0.7.2 Folder = C:\Documents and Settings\Steven Anderson\Desktop\Bug Fixers
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18241)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yy
1.49 Gb Total Physical Memory | 0.93 Gb Available Physical Memory | 62.68% Memory free
2.08 Gb Paging File | 1.70 Gb Available in Paging File | 81.65% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512;
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.47 Gb Total Space | 30.98 Gb Free Space | 41.60% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: UMDB8RFXC1
Current User Name: Steven Anderson
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Output = Minimal
File Age = 30 Days
Company Name Whitelist: On
========== Processes (SafeList) ==========
PRC - C:\WINDOWS\Explorer.EXE (Microsoft Corporation)
PRC - C:\ocqkmoc.exe ()
PRC - C:\Program Files\Dtella@UMD\dtella.exe ()
PRC - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
PRC - c:\Program Files\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.)
PRC - c:\Program Files\Network Associates\Common Framework\FrameworkService.exe (McAfee, Inc.)
PRC - c:\Program Files\Network Associates\VirusScan\mcshield.exe (Network Associates, Inc.)
PRC - c:\Program Files\Network Associates\VirusScan\vstskmgr.exe (Network Associates, Inc.)
PRC - c:\Program Files\Network Associates\Common Framework\naPrdMgr.exe (McAfee, Inc.)
PRC - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe (Dell Inc.)
PRC - C:\Program Files\Common Files\NMSAccessU.exe ()
PRC - C:\WINDOWS\system32\wbem\wmiprvse.exe (Microsoft Corporation)
PRC - C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe (Hewlett-Packard Co.)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Documents and Settings\Steven Anderson\Desktop\Bug Fixers\OTListIt2.exe (OldTimer Tools)
========== Win32 Services (SafeList) ==========
SRV - (Apple Mobile Device [Auto | Running]) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (aspnet_state [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (Microsoft Corporation)
SRV - (Bonjour Service [Auto | Running]) -- C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
SRV - (clr_optimization_v2.0.50727_32 [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (CVPND [Auto | Running]) -- c:\Program Files\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.)
SRV - (helpsvc [Auto | Running]) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)
SRV - (hpqcxs08 [On_Demand | Running]) -- C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll (Hewlett-Packard Co.)
SRV - (hpqddsvc [Auto | Running]) -- C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll (Hewlett-Packard Co.)
SRV - (iPod Service [On_Demand | Stopped]) -- C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
SRV - (McAfeeFramework [Auto | Running]) -- c:\Program Files\Network Associates\Common Framework\FrameworkService.exe (McAfee, Inc.)
SRV - (McShield [Auto | Running]) -- c:\Program Files\Network Associates\VirusScan\mcshield.exe (Network Associates, Inc.)
SRV - (McTaskManager [Auto | Running]) -- c:\Program Files\Network Associates\VirusScan\vstskmgr.exe (Network Associates, Inc.)
SRV - (NICCONFIGSVC [Auto | Running]) -- C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe (Dell Inc.)
SRV - (NMSAccessU [Auto | Running]) -- C:\Program Files\Common Files\NMSAccessU.exe ()
SRV - (ose [On_Demand | Stopped]) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (WMPNetworkSvc [On_Demand | Stopped]) -- C:\Program Files\Windows Media Player\WMPNetwk.exe (Microsoft Corporation)
========== Driver Services (SafeList) ==========
DRV - (a320raid [Boot | Running]) -- C:\WINDOWS\System32\DRIVERS\a320raid.sys (Adaptec, Inc.)
DRV - (aac [Boot | Running]) -- C:\WINDOWS\System32\DRIVERS\aac.sys (Adaptec, Inc.)
DRV - (aarich [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\aarich.sys (Adaptec, Inc.)
DRV - (adpu320 [Boot | Running]) -- C:\WINDOWS\system32\drivers\adpu320.sys (Adaptec, Inc.)
DRV - (APPDRV [System | Running]) -- C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS (Dell Inc)
DRV - (b57w2k [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\b57xp32.sys (Broadcom Corporation)
DRV - (cercsr6 [Boot | Running]) -- C:\WINDOWS\system32\drivers\cercsr6.sys (Adaptec, Inc.)
DRV - (CVirtA [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\CVirtA.sys (Cisco Systems, Inc.)
DRV - (CVPNDRVA [Auto | Running]) -- c:\WINDOWS\system32\Drivers\CVPNDRVA.sys (Cisco Systems, Inc.)
DRV - (DNE [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\dne2000.sys (Deterministic Networks, Inc.)
DRV - (fasttx2k [Boot | Running]) -- C:\WINDOWS\System32\DRIVERS\fasttx2k.sys (Promise Technology, Inc.)
DRV - (GEARAspiWDM [On_Demand | Stopped]) -- C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV - (HDAudBus [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\HDAudBus.sys (Windows ® Server 2003 DDK provider)
DRV - (HSF_DPV [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\HSX_DPV.sys (Conexant Systems, Inc.)
DRV - (HSXHWAZL [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\HSXHWAZL.sys (Conexant Systems, Inc.)
DRV - (ialm [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\ialmnt5.sys (Intel Corporation)
DRV - (iastor [Boot | Running]) -- C:\WINDOWS\System32\DRIVERS\iaStor.sys (Intel Corporation)
DRV - (mdmxsdk [Auto | Running]) -- C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys (Conexant)
DRV - (megasas [Boot | Running]) -- C:\WINDOWS\system32\drivers\megasas.sys (LSI Logic Corporation)
DRV - (motmodem [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\motmodem.sys (Motorola)
DRV - (NaiAvFilter1 [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\naiavf5x.sys (McAfee Inc.)
DRV - (NaiAvTdi1 [System | Running]) -- C:\WINDOWS\system32\drivers\mvstdi5x.sys (Network Associates, Inc.)
DRV - (NETw3x32 [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\NETw3x32.sys (Intel® Corporation)
DRV - (pmxmouse [System | Running]) -- C:\WINDOWS\system32\DRIVERS\pmxmouse.sys (Primax Electronics Ltd.)
DRV - (pmxps2m [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\pmxps2m.sys (Primax Electronics Ltd.)
DRV - (Ptilink [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\ptilink.sys (Parallel Technologies, Inc.)
DRV - (PxHelp20 [Boot | Running]) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys (Sonic Solutions)
DRV - (Secdrv [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (STHDA [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\sthda.sys (SigmaTel, Inc.)
DRV - (Symmpi [Boot | Running]) -- C:\WINDOWS\System32\DRIVERS\symmpi.sys (LSI Logic)
DRV - (USBAAPL [On_Demand | Stopped]) -- C:\WINDOWS\System32\Drivers\usbaapl.sys (Apple, Inc.)
DRV - (USBCCID [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\usbccid.sys (Microsoft Corporation)
DRV - (usbsermpt [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\usbsermpt.sys (Microsoft Corporation)
DRV - (winachsf [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\HSX_CNXT.sys (Conexant Systems, Inc.)
DRV - (EntDrv51 [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\EntDrv51.sys (McAfee, Inc)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn...st/srchasst.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...amp;ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.co...m...tf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.imesh.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
========== FireFox ==========
FF - prefs.js..browser.search.defaultenginename: "AIM Search"
FF - prefs.js..browser.search.defaultthis.engineName: "Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.condui...rchSource=3&q="
FF - prefs.js..browser.search.selectedEngine: "Yahoo!"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "https://mail.umd.edu/"
FF - prefs.js..extensions.enabledItems: {3112ca9c-de6d-4884-a869-9855de68056c}:3.1.20081127W
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}:6.0.03
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}:6.0.02
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}:6.0.01
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.0.07103010
FF - prefs.js..extensions.enabledItems: {2bae58c2-79f9-45d1-a286-81f911301c3a}:1.5.43.0
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.8
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:1.5.1.20080205
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.8
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.3
FF - prefs.js..keyword.URL: "http://search.yahoo....00102X001US&p="
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.8\extensions\\Components: C:\PROGRAM FILES\MOZILLA FIREFOX\COMPONENTS [2009/03/28 15:30:02 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.8\extensions\\Plugins: C:\PROGRAM FILES\MOZILLA FIREFOX\PLUGINS [2009/03/28 15:20:05 | 00,000,000 | ---D | M]
[2008/09/09 20:38:40 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Steven Anderson\Application Data\mozilla\Extensions
[2008/09/09 20:38:40 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Steven Anderson\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/03/29 17:12:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Steven Anderson\Application Data\mozilla\Firefox\Profiles\s0ttj862.default\extensions
[2008/08/26 00:21:59 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Steven Anderson\Application Data\mozilla\Firefox\Profiles\s0ttj862.default\extensions\{2bae58c2-79f9-45d1-a286-81f911301c3a}
[2008/12/09 20:29:18 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Steven Anderson\Application Data\mozilla\Firefox\Profiles\s0ttj862.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2008/11/09 13:49:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Steven Anderson\Application Data\mozilla\Firefox\Profiles\s0ttj862.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2008/10/29 21:50:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Steven Anderson\Application Data\mozilla\Firefox\Profiles\s0ttj862.default\extensions\[email protected]
[2008/12/22 20:08:15 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Steven Anderson\Application Data\mozilla\Firefox\Profiles\s0ttj862.default\extensions\[email protected]
[2008/12/23 15:15:15 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Steven Anderson\Application Data\mozilla\Firefox\Profiles\s0ttj862.default\extensions\[email protected]
[2008/12/22 20:08:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Steven Anderson\Application Data\mozilla\Firefox\Profiles\s0ttj862.default\extensions\[email protected]\chrome\mozapps\extensions
[2008/12/05 15:41:33 | 00,001,739 | ---- | M] () -- C:\Documents and Settings\Steven Anderson\Application Data\Mozilla\FireFox\Profiles\s0ttj862.default\searchplugins\aim-search.xml
[2008/02/26 17:16:42 | 00,001,877 | ---- | M] () -- C:\Documents and Settings\Steven Anderson\Application Data\Mozilla\FireFox\Profiles\s0ttj862.default\searchplugins\aolsearch.xml
[2008/12/23 15:15:19 | 00,002,273 | ---- | M] () -- C:\Documents and Settings\Steven Anderson\Application Data\Mozilla\FireFox\Profiles\s0ttj862.default\searchplugins\ask.xml
[2008/12/22 20:08:39 | 00,000,567 | ---- | M] () -- C:\Documents and Settings\Steven Anderson\Application Data\Mozilla\FireFox\Profiles\s0ttj862.default\searchplugins\yahoo.xml
[2009/03/28 14:39:31 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2007/10/08 11:07:39 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2009/03/28 15:19:49 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2007/06/22 11:49:17 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}
[2007/07/22 14:41:49 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}
[2007/12/22 03:01:30 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
[2009/03/28 15:19:48 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/03/28 15:19:48 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2008/09/09 20:38:08 | 00,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2008/09/09 20:38:08 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2008/07/10 18:07:00 | 00,000,928 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\conduit.xml
[2008/09/09 20:38:08 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2008/11/13 18:22:42 | 00,002,343 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2008/09/09 20:38:08 | 00,001,706 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2008/09/09 20:38:09 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2008/09/09 20:38:09 | 00,000,792 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml
O1 HOSTS File: (380 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 82.98.235.133 browser-security.microsoft.com
O1 - Hosts: 82.98.235.133 url.adtrgt.com
O1 - Hosts: 82.98.235.133 best-click-scanner.info
O1 - Hosts: 82.98.235.133 antivirus-xp-pro-2009.com
O1 - Hosts: 82.98.235.133 microsoft.infosecuritycenter.com
O1 - Hosts: 82.98.235.133 microsoft.softwaresecurityhelp.com
O1 - Hosts: 82.98.235.133 onlinenotifyq.net
O1 - Hosts: 82.98.235.133 antivirusxp-pro-2009.com
O1 - Hosts: 82.98.235.133 microsoft.browser-security-center.com
O2 - BHO: (no name) - {C2BA40A2-74F3-42BD-F434-2604812C8954} - Reg Error: Key error. File not found
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {2BAE58C2-79F9-45D1-A286-81F911301C3A} - Reg Error: Key error. File not found
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F} - Reg Error: Key error. File not found
O4 - HKLM..\Run: [10423] C:\ocqkmoc.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Dtella.lnk = C:\Program Files\Dtella@UMD\dtella.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\VPN Client.lnk = c:\WINDOWS\Installer\{D25122BC-A60E-4663-B602-B01718F12044}\Icon3E5562ED7.ico ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFolderOptions = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O8 - Extra context menu item: Download with &Shareaza - res://C:\Program Files\Gnutella Turbo\Plugins\RazaWebHook.dll/3000
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\npjpi160_03.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [mdnsNSP] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [Bluetooth Namespace] - C:\WINDOWS\system32\wshbth.dll (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: macromedia.com ([fpdownload] https in Trusted sites)
O15 - HKCU\..Trusted Domains: 2 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {48DF87EE-F2DE-11D8-BE7F-302050C10801} http://www.flyword.c...derword_win.cab (FlyLoader Class)
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} http://www.eset.eu/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_09)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.ma...ash/swflash.cab (Shockwave Flash Object)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - Autorun File - C:\AUTOEXEC.BAT () - [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
========== Files/Folders - Created Within 30 Days ==========
[2009/03/29 17:10:58 | 00,020,480 | ---- | C] () -- C:\lsass.exe
[2009/03/28 15:16:30 | 00,020,480 | ---- | C] () -- C:\lttph.exe
[2009/03/28 15:15:43 | 00,100,590 | ---- | C] () -- C:\WINDOWS\System32\drivers\a7236f7e.sys
[2009/03/28 15:14:22 | 00,020,480 | ---- | C] () -- C:\ocqkmoc.exe
[2009/03/28 14:56:49 | 00,028,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\irmon.dll
[2009/03/28 14:56:49 | 00,028,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\irmon.dll
[2009/03/28 14:56:49 | 00,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wshirda.dll
[2009/03/28 14:56:49 | 00,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wshirda.dll
[2009/03/28 14:56:48 | 00,151,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\irftp.exe
[2009/03/28 14:56:48 | 00,151,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\irftp.exe
[2009/03/26 14:00:45 | 00,611,328 | ---- | C] () -- C:\Documents and Settings\Steven Anderson\My Documents\Chapter 7.ppt
[2009/03/25 15:33:30 | 00,013,824 | ---- | C] () -- C:\Documents and Settings\Steven Anderson\My Documents\Book1.xls
[2009/03/25 13:38:38 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Steven Anderson\Local Settings\Application Data\UberHour
[2009/03/25 13:35:22 | 00,002,485 | ---- | C] () -- C:\Documents and Settings\Steven Anderson\My Documents\ÜberHour Beta.lnk
[2009/03/25 13:35:22 | 00,000,000 | ---D | C] -- C:\Program Files\ÜberHour
[2009/03/21 18:33:19 | 00,000,000 | ---D | C] -- C:\!KillBox
[2009/03/16 22:53:27 | 00,111,616 | ---- | C] () -- C:\Documents and Settings\Steven Anderson\My Documents\mikes multiplication ppoint.ppt
[2009/03/14 18:40:38 | 14,795,6009 | ---- | C] () -- C:\Documents and Settings\Steven Anderson\My Documents\501 - Scott Tenorman Must Die.mp4
[2009/03/13 22:13:35 | 00,000,650 | ---- | C] () -- C:\Documents and Settings\Steven Anderson\My Documents\iPowerHour.lnk
[2009/03/13 22:13:34 | 00,000,000 | ---D | C] -- C:\Program Files\iPowerHour
[2009/03/13 22:13:17 | 00,724,969 | ---- | C] ( ) -- C:\Documents and Settings\Steven Anderson\My Documents\iPowerHour3_01.exe
[2009/03/10 15:36:15 | 00,487,424 | ---- | C] () -- C:\Documents and Settings\Steven Anderson\My Documents\SlopesideBikes(2).mdb
[2009/03/10 14:02:40 | 00,416,256 | ---- | C] () -- C:\Documents and Settings\Steven Anderson\My Documents\Chapter 6.ppt
[2009/03/10 10:18:07 | 00,024,576 | ---- | C] () -- C:\Documents and Settings\Steven Anderson\My Documents\ferdman.doc
[2009/03/09 16:07:05 | 00,022,553 | ---- | C] () -- C:\Documents and Settings\Steven Anderson\My Documents\glass_edited.jpg
[2009/03/09 16:05:05 | 00,586,374 | ---- | C] () -- C:\Documents and Settings\Steven Anderson\My Documents\glass.bmp
[2009/03/09 02:09:02 | 00,023,288 | ---- | C] () -- C:\Documents and Settings\Steven Anderson\My Documents\delocated.jpg
[2009/03/05 18:50:36 | 00,029,696 | ---- | C] () -- C:\Documents and Settings\Steven Anderson\My Documents\cover letter.doc
[2009/03/05 16:40:45 | 00,327,680 | ---- | C] () -- C:\Documents and Settings\Steven Anderson\My Documents\BIKERENTALS.mdb
[2009/03/05 16:31:26 | 00,000,349 | ---- | C] () -- C:\Documents and Settings\Steven Anderson\Desktop\Shortcut to My Documents.lnk
[2009/03/05 15:57:02 | 00,782,336 | ---- | C] () -- C:\Documents and Settings\Steven Anderson\My Documents\SlopesideBikes.mdb
[2009/03/05 15:07:14 | 00,678,400 | ---- | C] () -- C:\Documents and Settings\Steven Anderson\My Documents\Chapter 5.ppt
[2009/03/05 12:13:54 | 01,550,059 | ---- | C] () -- C:\Documents and Settings\Steven Anderson\My Documents\Cornelius.AmbivalentReception.pdf
[2009/03/04 01:56:18 | 02,495,077 | ---- | C] () -- C:\Documents and Settings\Steven Anderson\My Documents\Street Fighter 2 Plus Champion Edition (J) [!].zip
[2009/03/04 01:52:15 | 01,003,139 | ---- | C] () -- C:\Documents and Settings\Steven Anderson\My Documents\NHL 98 (U) [h3].zip
[2009/03/04 00:54:23 | 00,892,321 | ---- | C] () -- C:\Documents and Settings\Steven Anderson\My Documents\Tecmo Super Bowl 3 Final Edition (U) [a1][x].zip
[2009/03/04 00:29:53 | 01,026,024 | ---- | C] () -- C:\Documents and Settings\Steven Anderson\My Documents\NHL 97 (F) [!].zip
[2009/03/03 17:27:54 | 00,151,552 | ---- | C] () -- C:\Documents and Settings\Steven Anderson\My Documents\studentDB1.mdb
[2009/03/03 16:34:59 | 00,033,280 | ---- | C] () -- C:\Documents and Settings\Steven Anderson\My Documents\Scenario Report.xls
[2009/03/03 16:28:02 | 00,033,792 | ---- | C] () -- C:\Documents and Settings\Steven Anderson\My Documents\bmgt301-0601_assign1a_anderson_steven.xls
[2009/03/03 15:50:44 | 00,304,692 | ---- | C] () -- C:\Documents and Settings\Steven Anderson\My Documents\telephoneline.mp3
[2009/03/03 15:48:52 | 21,725,2932 | ---- | C] () -- C:\Documents and Settings\Steven Anderson\My Documents\The City Of New York Vs. Homer Simpson.mp4
[2009/03/03 11:09:24 | 00,804,090 | ---- | C] () -- C:\Documents and Settings\Steven Anderson\My Documents\Delgado.%20Mujeres%20in%20College.pdf
[2009/03/03 11:09:06 | 02,042,904 | ---- | C] () -- C:\Documents and Settings\Steven Anderson\My Documents\Latinao%20Undergraduate%20Experiences%20in%20Higher%20Education.pdf
[2009/03/03 04:57:30 | 19,305,84737 | ---- | C] () -- C:\Documents and Settings\Steven Anderson\My Documents\Fear and Loathing in Las Vegas.mp4
[2009/03/03 01:26:06 | 00,026,624 | ---- | C] () -- C:\Documents and Settings\Steven Anderson\My Documents\assignment.xls
[2009/03/02 19:39:22 | 00,026,112 | ---- | C] () -- C:\Documents and Settings\Steven Anderson\My Documents\Assignment-VersionA-WorkBook.xls
[2009/03/02 15:50:02 | 17,530,8609 | ---- | C] () -- C:\Documents and Settings\Steven Anderson\My Documents\S08E10 - The Springfield Files.mp4
[2009/03/02 15:33:08 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Steven Anderson\My Documents\Red Kawa
[2009/03/02 15:33:08 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Steven Anderson\Application Data\Red Kawa
========== Files - Modified Within 30 Days ==========
[4 C:\WINDOWS\System32\*.tmp files]
[5 C:\WINDOWS\*.tmp files]
[2009/03/29 17:19:49 | 00,477,670 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/03/29 17:19:49 | 00,406,896 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/03/29 17:19:49 | 00,063,930 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/03/29 17:15:48 | 00,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/03/29 17:15:20 | 00,002,447 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\VPN Client.lnk
[2009/03/29 17:15:11 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/03/29 17:15:08 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/03/29 17:15:07 | 16,002,49856 | -HS- | M] () -- C:\hiberfil.sys
[2009/03/29 17:11:36 | 00,020,480 | ---- | M] () -- C:\ocqkmoc.exe
[2009/03/29 17:11:36 | 00,020,480 | ---- | M] () -- C:\lsass.exe
[2009/03/29 15:13:48 | 00,000,512 | ---- | M] () -- C:\WINDOWS\randseed.rnd
[2009/03/29 15:09:31 | 00,011,168 | -H-- | M] () -- C:\WINDOWS\System32\sonobilo
[2009/03/28 17:57:10 | 00,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2009/03/28 15:16:42 | 00,100,590 | ---- | M] () -- C:\WINDOWS\System32\drivers\a7236f7e.sys
[2009/03/28 15:16:31 | 00,020,480 | ---- | M] () -- C:\lttph.exe
[2009/03/28 15:14:58 | 00,000,002 | ---- | M] () -- C:\-1737809793
[2009/03/28 15:14:09 | 00,105,984 | -HS- | M] (ICQ) -- C:\WINDOWS\System32\jopumeti.dll
[2009/03/26 16:49:56 | 00,038,496 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/03/26 16:49:50 | 00,015,504 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/03/26 15:22:51 | 00,611,328 | ---- | M] () -- C:\Documents and Settings\Steven Anderson\My Documents\Chapter 7.ppt
[2009/03/25 15:33:30 | 00,013,824 | ---- | M] () -- C:\Documents and Settings\Steven Anderson\My Documents\Book1.xls
[2009/03/25 13:36:07 | 00,002,485 | ---- | M] () -- C:\Documents and Settings\Steven Anderson\My Documents\ÜberHour Beta.lnk
[2009/03/23 17:00:03 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2009/03/16 22:58:14 | 00,111,616 | ---- | M] () -- C:\Documents and Settings\Steven Anderson\My Documents\mikes multiplication ppoint.ppt
[2009/03/16 03:25:50 | 02,906,962 | ---- | M] () -- C:\Documents and Settings\Steven Anderson\My Documents\benjamincostello_here_comes_the_sun.mp3
[2009/03/14 19:00:38 | 14,795,6009 | ---- | M] () -- C:\Documents and Settings\Steven Anderson\My Documents\501 - Scott Tenorman Must Die.mp4
[2009/03/13 22:13:35 | 00,000,650 | ---- | M] () -- C:\Documents and Settings\Steven Anderson\My Documents\iPowerHour.lnk
[2009/03/13 22:13:18 | 00,724,969 | ---- | M] ( ) -- C:\Documents and Settings\Steven Anderson\My Documents\iPowerHour3_01.exe
[2009/03/12 17:59:16 | 00,029,696 | ---- | M] () -- C:\Documents and Settings\Steven Anderson\My Documents\cover letter.doc
[2009/03/12 17:55:45 | 00,066,048 | ---- | M] () -- C:\Documents and Settings\Steven Anderson\My Documents\Resume2.doc
[2009/03/12 05:54:05 | 00,213,672 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/03/12 03:02:02 | 00,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/03/10 16:40:56 | 00,782,336 | ---- | M] () -- C:\Documents and Settings\Steven Anderson\My Documents\SlopesideBikes.mdb
[2009/03/10 15:38:20 | 00,487,424 | ---- | M] () -- C:\Documents and Settings\Steven Anderson\My Documents\SlopesideBikes(2).mdb
[2009/03/10 15:14:54 | 00,416,256 | ---- | M] () -- C:\Documents and Settings\Steven Anderson\My Documents\Chapter 6.ppt
[2009/03/10 10:18:08 | 00,024,576 | ---- | M] () -- C:\Documents and Settings\Steven Anderson\My Documents\ferdman.doc
[2009/03/09 16:07:05 | 00,022,553 | ---- | M] () -- C:\Documents and Settings\Steven Anderson\My Documents\glass_edited.jpg
[2009/03/09 16:05:05 | 00,586,374 | ---- | M] () -- C:\Documents and Settings\Steven Anderson\My Documents\glass.bmp
[2009/03/09 02:09:05 | 00,023,288 | ---- | M] () -- C:\Documents and Settings\Steven Anderson\My Documents\delocated.jpg
[2009/03/05 17:18:37 | 00,327,680 | ---- | M] () -- C:\Documents and Settings\Steven Anderson\My Documents\BIKERENTALS.mdb
[2009/03/05 16:31:26 | 00,000,349 | ---- | M] () -- C:\Documents and Settings\Steven Anderson\Desktop\Shortcut to My Documents.lnk
[2009/03/05 16:31:05 | 00,678,400 | ---- | M] () -- C:\Documents and Settings\Steven Anderson\My Documents\Chapter 5.ppt
[2009/03/05 12:13:54 | 01,550,059 | ---- | M] () -- C:\Documents and Settings\Steven Anderson\My Documents\Cornelius.AmbivalentReception.pdf
[2009/03/05 03:45:23 | 02,495,077 | ---- | M] () -- C:\Documents and Settings\Steven Anderson\My Documents\Street Fighter 2 Plus Champion Edition (J) [!].zip
[2009/03/04 01:52:25 | 01,003,139 | ---- | M] () -- C:\Documents and Settings\Steven Anderson\My Documents\NHL 98 (U) [h3].zip
[2009/03/04 00:54:31 | 00,892,321 | ---- | M] () -- C:\Documents and Settings\Steven Anderson\My Documents\Tecmo Super Bowl 3 Final Edition (U) [a1][x].zip
[2009/03/04 00:30:02 | 01,026,024 | ---- | M] () -- C:\Documents and Settings\Steven Anderson\My Documents\NHL 97 (F) [!].zip
[2009/03/03 17:37:39 | 00,151,552 | ---- | M] () -- C:\Documents and Settings\Steven Anderson\My Documents\studentDB1.mdb
[2009/03/03 17:14:37 | 00,033,792 | ---- | M] () -- C:\Documents and Settings\Steven Anderson\My Documents\bmgt301-0601_assign1a_anderson_steven.xls
[2009/03/03 16:55:09 | 00,033,280 | ---- | M] () -- C:\Documents and Settings\Steven Anderson\My Documents\Scenario Report.xls
[2009/03/03 16:26:35 | 00,026,624 | ---- | M] () -- C:\Documents and Settings\Steven Anderson\My Documents\assignment.xls
[2009/03/03 11:09:24 | 00,804,090 | ---- | M] () -- C:\Documents and Settings\Steven Anderson\My Documents\Delgado.%20Mujeres%20in%20College.pdf
[2009/03/03 11:09:06 | 02,042,904 | ---- | M] () -- C:\Documents and Settings\Steven Anderson\My Documents\Latinao%20Undergraduate%20Experiences%20in%20Higher%20Education.pdf
[2009/03/03 07:05:26 | 19,305,84737 | ---- | M] () -- C:\Documents and Settings\Steven Anderson\My Documents\Fear and Loathing in Las Vegas.mp4
[2009/03/03 01:22:51 | 00,026,112 | ---- | M] () -- C:\Documents and Settings\Steven Anderson\My Documents\Assignment-VersionA-WorkBook.xls
[2009/03/02 15:58:54 | 17,530,8609 | ---- | M] () -- C:\Documents and Settings\Steven Anderson\My Documents\S08E10 - The Springfield Files.mp4
[2009/03/02 15:47:59 | 21,725,2932 | ---- | M] () -- C:\Documents and Settings\Steven Anderson\My Documents\The City Of New York Vs. Homer Simpson.mp4
[2009/03/02 14:31:40 | 00,070,144 | ---- | M] () -- C:\Documents and Settings\Steven Anderson\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/02/27 19:02:45 | 00,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
< End of report >
OTListIt2 by OldTimer - Version 2.0.7.2 Folder = C:\Documents and Settings\Steven Anderson\Desktop\Bug Fixers
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18241)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yy
1.49 Gb Total Physical Memory | 0.93 Gb Available Physical Memory | 62.68% Memory free
2.08 Gb Paging File | 1.70 Gb Available in Paging File | 81.65% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512;
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.47 Gb Total Space | 30.98 Gb Free Space | 41.60% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: UMDB8RFXC1
Current User Name: Steven Anderson
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Output = Minimal
File Age = 30 Days
Company Name Whitelist: On
========== Processes (SafeList) ==========
PRC - C:\WINDOWS\Explorer.EXE (Microsoft Corporation)
PRC - C:\ocqkmoc.exe ()
PRC - C:\Program Files\Dtella@UMD\dtella.exe ()
PRC - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
PRC - c:\Program Files\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.)
PRC - c:\Program Files\Network Associates\Common Framework\FrameworkService.exe (McAfee, Inc.)
PRC - c:\Program Files\Network Associates\VirusScan\mcshield.exe (Network Associates, Inc.)
PRC - c:\Program Files\Network Associates\VirusScan\vstskmgr.exe (Network Associates, Inc.)
PRC - c:\Program Files\Network Associates\Common Framework\naPrdMgr.exe (McAfee, Inc.)
PRC - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe (Dell Inc.)
PRC - C:\Program Files\Common Files\NMSAccessU.exe ()
PRC - C:\WINDOWS\system32\wbem\wmiprvse.exe (Microsoft Corporation)
PRC - C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe (Hewlett-Packard Co.)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Documents and Settings\Steven Anderson\Desktop\Bug Fixers\OTListIt2.exe (OldTimer Tools)
========== Win32 Services (SafeList) ==========
SRV - (Apple Mobile Device [Auto | Running]) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (aspnet_state [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (Microsoft Corporation)
SRV - (Bonjour Service [Auto | Running]) -- C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
SRV - (clr_optimization_v2.0.50727_32 [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (CVPND [Auto | Running]) -- c:\Program Files\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.)
SRV - (helpsvc [Auto | Running]) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)
SRV - (hpqcxs08 [On_Demand | Running]) -- C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll (Hewlett-Packard Co.)
SRV - (hpqddsvc [Auto | Running]) -- C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll (Hewlett-Packard Co.)
SRV - (iPod Service [On_Demand | Stopped]) -- C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
SRV - (McAfeeFramework [Auto | Running]) -- c:\Program Files\Network Associates\Common Framework\FrameworkService.exe (McAfee, Inc.)
SRV - (McShield [Auto | Running]) -- c:\Program Files\Network Associates\VirusScan\mcshield.exe (Network Associates, Inc.)
SRV - (McTaskManager [Auto | Running]) -- c:\Program Files\Network Associates\VirusScan\vstskmgr.exe (Network Associates, Inc.)
SRV - (NICCONFIGSVC [Auto | Running]) -- C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe (Dell Inc.)
SRV - (NMSAccessU [Auto | Running]) -- C:\Program Files\Common Files\NMSAccessU.exe ()
SRV - (ose [On_Demand | Stopped]) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (WMPNetworkSvc [On_Demand | Stopped]) -- C:\Program Files\Windows Media Player\WMPNetwk.exe (Microsoft Corporation)
========== Driver Services (SafeList) ==========
DRV - (a320raid [Boot | Running]) -- C:\WINDOWS\System32\DRIVERS\a320raid.sys (Adaptec, Inc.)
DRV - (aac [Boot | Running]) -- C:\WINDOWS\System32\DRIVERS\aac.sys (Adaptec, Inc.)
DRV - (aarich [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\aarich.sys (Adaptec, Inc.)
DRV - (adpu320 [Boot | Running]) -- C:\WINDOWS\system32\drivers\adpu320.sys (Adaptec, Inc.)
DRV - (APPDRV [System | Running]) -- C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS (Dell Inc)
DRV - (b57w2k [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\b57xp32.sys (Broadcom Corporation)
DRV - (cercsr6 [Boot | Running]) -- C:\WINDOWS\system32\drivers\cercsr6.sys (Adaptec, Inc.)
DRV - (CVirtA [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\CVirtA.sys (Cisco Systems, Inc.)
DRV - (CVPNDRVA [Auto | Running]) -- c:\WINDOWS\system32\Drivers\CVPNDRVA.sys (Cisco Systems, Inc.)
DRV - (DNE [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\dne2000.sys (Deterministic Networks, Inc.)
DRV - (fasttx2k [Boot | Running]) -- C:\WINDOWS\System32\DRIVERS\fasttx2k.sys (Promise Technology, Inc.)
DRV - (GEARAspiWDM [On_Demand | Stopped]) -- C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV - (HDAudBus [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\HDAudBus.sys (Windows ® Server 2003 DDK provider)
DRV - (HSF_DPV [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\HSX_DPV.sys (Conexant Systems, Inc.)
DRV - (HSXHWAZL [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\HSXHWAZL.sys (Conexant Systems, Inc.)
DRV - (ialm [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\ialmnt5.sys (Intel Corporation)
DRV - (iastor [Boot | Running]) -- C:\WINDOWS\System32\DRIVERS\iaStor.sys (Intel Corporation)
DRV - (mdmxsdk [Auto | Running]) -- C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys (Conexant)
DRV - (megasas [Boot | Running]) -- C:\WINDOWS\system32\drivers\megasas.sys (LSI Logic Corporation)
DRV - (motmodem [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\motmodem.sys (Motorola)
DRV - (NaiAvFilter1 [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\naiavf5x.sys (McAfee Inc.)
DRV - (NaiAvTdi1 [System | Running]) -- C:\WINDOWS\system32\drivers\mvstdi5x.sys (Network Associates, Inc.)
DRV - (NETw3x32 [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\NETw3x32.sys (Intel® Corporation)
DRV - (pmxmouse [System | Running]) -- C:\WINDOWS\system32\DRIVERS\pmxmouse.sys (Primax Electronics Ltd.)
DRV - (pmxps2m [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\pmxps2m.sys (Primax Electronics Ltd.)
DRV - (Ptilink [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\ptilink.sys (Parallel Technologies, Inc.)
DRV - (PxHelp20 [Boot | Running]) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys (Sonic Solutions)
DRV - (Secdrv [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (STHDA [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\sthda.sys (SigmaTel, Inc.)
DRV - (Symmpi [Boot | Running]) -- C:\WINDOWS\System32\DRIVERS\symmpi.sys (LSI Logic)
DRV - (USBAAPL [On_Demand | Stopped]) -- C:\WINDOWS\System32\Drivers\usbaapl.sys (Apple, Inc.)
DRV - (USBCCID [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\usbccid.sys (Microsoft Corporation)
DRV - (usbsermpt [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\usbsermpt.sys (Microsoft Corporation)
DRV - (winachsf [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\HSX_CNXT.sys (Conexant Systems, Inc.)
DRV - (EntDrv51 [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\EntDrv51.sys (McAfee, Inc)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn...st/srchasst.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...amp;ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.co...m...tf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.imesh.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
========== FireFox ==========
FF - prefs.js..browser.search.defaultenginename: "AIM Search"
FF - prefs.js..browser.search.defaultthis.engineName: "Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.condui...rchSource=3&q="
FF - prefs.js..browser.search.selectedEngine: "Yahoo!"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "https://mail.umd.edu/"
FF - prefs.js..extensions.enabledItems: {3112ca9c-de6d-4884-a869-9855de68056c}:3.1.20081127W
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}:6.0.03
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}:6.0.02
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}:6.0.01
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.0.07103010
FF - prefs.js..extensions.enabledItems: {2bae58c2-79f9-45d1-a286-81f911301c3a}:1.5.43.0
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.8
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:1.5.1.20080205
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.8
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.3
FF - prefs.js..keyword.URL: "http://search.yahoo....00102X001US&p="
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.8\extensions\\Components: C:\PROGRAM FILES\MOZILLA FIREFOX\COMPONENTS [2009/03/28 15:30:02 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.8\extensions\\Plugins: C:\PROGRAM FILES\MOZILLA FIREFOX\PLUGINS [2009/03/28 15:20:05 | 00,000,000 | ---D | M]
[2008/09/09 20:38:40 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Steven Anderson\Application Data\mozilla\Extensions
[2008/09/09 20:38:40 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Steven Anderson\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/03/29 17:12:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Steven Anderson\Application Data\mozilla\Firefox\Profiles\s0ttj862.default\extensions
[2008/08/26 00:21:59 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Steven Anderson\Application Data\mozilla\Firefox\Profiles\s0ttj862.default\extensions\{2bae58c2-79f9-45d1-a286-81f911301c3a}
[2008/12/09 20:29:18 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Steven Anderson\Application Data\mozilla\Firefox\Profiles\s0ttj862.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2008/11/09 13:49:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Steven Anderson\Application Data\mozilla\Firefox\Profiles\s0ttj862.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2008/10/29 21:50:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Steven Anderson\Application Data\mozilla\Firefox\Profiles\s0ttj862.default\extensions\[email protected]
[2008/12/22 20:08:15 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Steven Anderson\Application Data\mozilla\Firefox\Profiles\s0ttj862.default\extensions\[email protected]
[2008/12/23 15:15:15 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Steven Anderson\Application Data\mozilla\Firefox\Profiles\s0ttj862.default\extensions\[email protected]
[2008/12/22 20:08:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Steven Anderson\Application Data\mozilla\Firefox\Profiles\s0ttj862.default\extensions\[email protected]\chrome\mozapps\extensions
[2008/12/05 15:41:33 | 00,001,739 | ---- | M] () -- C:\Documents and Settings\Steven Anderson\Application Data\Mozilla\FireFox\Profiles\s0ttj862.default\searchplugins\aim-search.xml
[2008/02/26 17:16:42 | 00,001,877 | ---- | M] () -- C:\Documents and Settings\Steven Anderson\Application Data\Mozilla\FireFox\Profiles\s0ttj862.default\searchplugins\aolsearch.xml
[2008/12/23 15:15:19 | 00,002,273 | ---- | M] () -- C:\Documents and Settings\Steven Anderson\Application Data\Mozilla\FireFox\Profiles\s0ttj862.default\searchplugins\ask.xml
[2008/12/22 20:08:39 | 00,000,567 | ---- | M] () -- C:\Documents and Settings\Steven Anderson\Application Data\Mozilla\FireFox\Profiles\s0ttj862.default\searchplugins\yahoo.xml
[2009/03/28 14:39:31 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2007/10/08 11:07:39 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2009/03/28 15:19:49 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2007/06/22 11:49:17 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}
[2007/07/22 14:41:49 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}
[2007/12/22 03:01:30 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
[2009/03/28 15:19:48 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/03/28 15:19:48 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2008/09/09 20:38:08 | 00,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2008/09/09 20:38:08 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2008/07/10 18:07:00 | 00,000,928 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\conduit.xml
[2008/09/09 20:38:08 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2008/11/13 18:22:42 | 00,002,343 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2008/09/09 20:38:08 | 00,001,706 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2008/09/09 20:38:09 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2008/09/09 20:38:09 | 00,000,792 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml
O1 HOSTS File: (380 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 82.98.235.133 browser-security.microsoft.com
O1 - Hosts: 82.98.235.133 url.adtrgt.com
O1 - Hosts: 82.98.235.133 best-click-scanner.info
O1 - Hosts: 82.98.235.133 antivirus-xp-pro-2009.com
O1 - Hosts: 82.98.235.133 microsoft.infosecuritycenter.com
O1 - Hosts: 82.98.235.133 microsoft.softwaresecurityhelp.com
O1 - Hosts: 82.98.235.133 onlinenotifyq.net
O1 - Hosts: 82.98.235.133 antivirusxp-pro-2009.com
O1 - Hosts: 82.98.235.133 microsoft.browser-security-center.com
O2 - BHO: (no name) - {C2BA40A2-74F3-42BD-F434-2604812C8954} - Reg Error: Key error. File not found
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {2BAE58C2-79F9-45D1-A286-81F911301C3A} - Reg Error: Key error. File not found
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F} - Reg Error: Key error. File not found
O4 - HKLM..\Run: [10423] C:\ocqkmoc.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Dtella.lnk = C:\Program Files\Dtella@UMD\dtella.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\VPN Client.lnk = c:\WINDOWS\Installer\{D25122BC-A60E-4663-B602-B01718F12044}\Icon3E5562ED7.ico ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFolderOptions = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O8 - Extra context menu item: Download with &Shareaza - res://C:\Program Files\Gnutella Turbo\Plugins\RazaWebHook.dll/3000
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\npjpi160_03.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [mdnsNSP] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [Bluetooth Namespace] - C:\WINDOWS\system32\wshbth.dll (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: macromedia.com ([fpdownload] https in Trusted sites)
O15 - HKCU\..Trusted Domains: 2 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {48DF87EE-F2DE-11D8-BE7F-302050C10801} http://www.flyword.c...derword_win.cab (FlyLoader Class)
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} http://www.eset.eu/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_09)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.ma...ash/swflash.cab (Shockwave Flash Object)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - Autorun File - C:\AUTOEXEC.BAT () - [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
========== Files/Folders - Created Within 30 Days ==========
[2009/03/29 17:10:58 | 00,020,480 | ---- | C] () -- C:\lsass.exe
[2009/03/28 15:16:30 | 00,020,480 | ---- | C] () -- C:\lttph.exe
[2009/03/28 15:15:43 | 00,100,590 | ---- | C] () -- C:\WINDOWS\System32\drivers\a7236f7e.sys
[2009/03/28 15:14:22 | 00,020,480 | ---- | C] () -- C:\ocqkmoc.exe
[2009/03/28 14:56:49 | 00,028,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\irmon.dll
[2009/03/28 14:56:49 | 00,028,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\irmon.dll
[2009/03/28 14:56:49 | 00,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wshirda.dll
[2009/03/28 14:56:49 | 00,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wshirda.dll
[2009/03/28 14:56:48 | 00,151,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\irftp.exe
[2009/03/28 14:56:48 | 00,151,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\irftp.exe
[2009/03/26 14:00:45 | 00,611,328 | ---- | C] () -- C:\Documents and Settings\Steven Anderson\My Documents\Chapter 7.ppt
[2009/03/25 15:33:30 | 00,013,824 | ---- | C] () -- C:\Documents and Settings\Steven Anderson\My Documents\Book1.xls
[2009/03/25 13:38:38 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Steven Anderson\Local Settings\Application Data\UberHour
[2009/03/25 13:35:22 | 00,002,485 | ---- | C] () -- C:\Documents and Settings\Steven Anderson\My Documents\ÜberHour Beta.lnk
[2009/03/25 13:35:22 | 00,000,000 | ---D | C] -- C:\Program Files\ÜberHour
[2009/03/21 18:33:19 | 00,000,000 | ---D | C] -- C:\!KillBox
[2009/03/16 22:53:27 | 00,111,616 | ---- | C] () -- C:\Documents and Settings\Steven Anderson\My Documents\mikes multiplication ppoint.ppt
[2009/03/14 18:40:38 | 14,795,6009 | ---- | C] () -- C:\Documents and Settings\Steven Anderson\My Documents\501 - Scott Tenorman Must Die.mp4
[2009/03/13 22:13:35 | 00,000,650 | ---- | C] () -- C:\Documents and Settings\Steven Anderson\My Documents\iPowerHour.lnk
[2009/03/13 22:13:34 | 00,000,000 | ---D | C] -- C:\Program Files\iPowerHour
[2009/03/13 22:13:17 | 00,724,969 | ---- | C] ( ) -- C:\Documents and Settings\Steven Anderson\My Documents\iPowerHour3_01.exe
[2009/03/10 15:36:15 | 00,487,424 | ---- | C] () -- C:\Documents and Settings\Steven Anderson\My Documents\SlopesideBikes(2).mdb
[2009/03/10 14:02:40 | 00,416,256 | ---- | C] () -- C:\Documents and Settings\Steven Anderson\My Documents\Chapter 6.ppt
[2009/03/10 10:18:07 | 00,024,576 | ---- | C] () -- C:\Documents and Settings\Steven Anderson\My Documents\ferdman.doc
[2009/03/09 16:07:05 | 00,022,553 | ---- | C] () -- C:\Documents and Settings\Steven Anderson\My Documents\glass_edited.jpg
[2009/03/09 16:05:05 | 00,586,374 | ---- | C] () -- C:\Documents and Settings\Steven Anderson\My Documents\glass.bmp
[2009/03/09 02:09:02 | 00,023,288 | ---- | C] () -- C:\Documents and Settings\Steven Anderson\My Documents\delocated.jpg
[2009/03/05 18:50:36 | 00,029,696 | ---- | C] () -- C:\Documents and Settings\Steven Anderson\My Documents\cover letter.doc
[2009/03/05 16:40:45 | 00,327,680 | ---- | C] () -- C:\Documents and Settings\Steven Anderson\My Documents\BIKERENTALS.mdb
[2009/03/05 16:31:26 | 00,000,349 | ---- | C] () -- C:\Documents and Settings\Steven Anderson\Desktop\Shortcut to My Documents.lnk
[2009/03/05 15:57:02 | 00,782,336 | ---- | C] () -- C:\Documents and Settings\Steven Anderson\My Documents\SlopesideBikes.mdb
[2009/03/05 15:07:14 | 00,678,400 | ---- | C] () -- C:\Documents and Settings\Steven Anderson\My Documents\Chapter 5.ppt
[2009/03/05 12:13:54 | 01,550,059 | ---- | C] () -- C:\Documents and Settings\Steven Anderson\My Documents\Cornelius.AmbivalentReception.pdf
[2009/03/04 01:56:18 | 02,495,077 | ---- | C] () -- C:\Documents and Settings\Steven Anderson\My Documents\Street Fighter 2 Plus Champion Edition (J) [!].zip
[2009/03/04 01:52:15 | 01,003,139 | ---- | C] () -- C:\Documents and Settings\Steven Anderson\My Documents\NHL 98 (U) [h3].zip
[2009/03/04 00:54:23 | 00,892,321 | ---- | C] () -- C:\Documents and Settings\Steven Anderson\My Documents\Tecmo Super Bowl 3 Final Edition (U) [a1][x].zip
[2009/03/04 00:29:53 | 01,026,024 | ---- | C] () -- C:\Documents and Settings\Steven Anderson\My Documents\NHL 97 (F) [!].zip
[2009/03/03 17:27:54 | 00,151,552 | ---- | C] () -- C:\Documents and Settings\Steven Anderson\My Documents\studentDB1.mdb
[2009/03/03 16:34:59 | 00,033,280 | ---- | C] () -- C:\Documents and Settings\Steven Anderson\My Documents\Scenario Report.xls
[2009/03/03 16:28:02 | 00,033,792 | ---- | C] () -- C:\Documents and Settings\Steven Anderson\My Documents\bmgt301-0601_assign1a_anderson_steven.xls
[2009/03/03 15:50:44 | 00,304,692 | ---- | C] () -- C:\Documents and Settings\Steven Anderson\My Documents\telephoneline.mp3
[2009/03/03 15:48:52 | 21,725,2932 | ---- | C] () -- C:\Documents and Settings\Steven Anderson\My Documents\The City Of New York Vs. Homer Simpson.mp4
[2009/03/03 11:09:24 | 00,804,090 | ---- | C] () -- C:\Documents and Settings\Steven Anderson\My Documents\Delgado.%20Mujeres%20in%20College.pdf
[2009/03/03 11:09:06 | 02,042,904 | ---- | C] () -- C:\Documents and Settings\Steven Anderson\My Documents\Latinao%20Undergraduate%20Experiences%20in%20Higher%20Education.pdf
[2009/03/03 04:57:30 | 19,305,84737 | ---- | C] () -- C:\Documents and Settings\Steven Anderson\My Documents\Fear and Loathing in Las Vegas.mp4
[2009/03/03 01:26:06 | 00,026,624 | ---- | C] () -- C:\Documents and Settings\Steven Anderson\My Documents\assignment.xls
[2009/03/02 19:39:22 | 00,026,112 | ---- | C] () -- C:\Documents and Settings\Steven Anderson\My Documents\Assignment-VersionA-WorkBook.xls
[2009/03/02 15:50:02 | 17,530,8609 | ---- | C] () -- C:\Documents and Settings\Steven Anderson\My Documents\S08E10 - The Springfield Files.mp4
[2009/03/02 15:33:08 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Steven Anderson\My Documents\Red Kawa
[2009/03/02 15:33:08 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Steven Anderson\Application Data\Red Kawa
========== Files - Modified Within 30 Days ==========
[4 C:\WINDOWS\System32\*.tmp files]
[5 C:\WINDOWS\*.tmp files]
[2009/03/29 17:19:49 | 00,477,670 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/03/29 17:19:49 | 00,406,896 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/03/29 17:19:49 | 00,063,930 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/03/29 17:15:48 | 00,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/03/29 17:15:20 | 00,002,447 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\VPN Client.lnk
[2009/03/29 17:15:11 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/03/29 17:15:08 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/03/29 17:15:07 | 16,002,49856 | -HS- | M] () -- C:\hiberfil.sys
[2009/03/29 17:11:36 | 00,020,480 | ---- | M] () -- C:\ocqkmoc.exe
[2009/03/29 17:11:36 | 00,020,480 | ---- | M] () -- C:\lsass.exe
[2009/03/29 15:13:48 | 00,000,512 | ---- | M] () -- C:\WINDOWS\randseed.rnd
[2009/03/29 15:09:31 | 00,011,168 | -H-- | M] () -- C:\WINDOWS\System32\sonobilo
[2009/03/28 17:57:10 | 00,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2009/03/28 15:16:42 | 00,100,590 | ---- | M] () -- C:\WINDOWS\System32\drivers\a7236f7e.sys
[2009/03/28 15:16:31 | 00,020,480 | ---- | M] () -- C:\lttph.exe
[2009/03/28 15:14:58 | 00,000,002 | ---- | M] () -- C:\-1737809793
[2009/03/28 15:14:09 | 00,105,984 | -HS- | M] (ICQ) -- C:\WINDOWS\System32\jopumeti.dll
[2009/03/26 16:49:56 | 00,038,496 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/03/26 16:49:50 | 00,015,504 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/03/26 15:22:51 | 00,611,328 | ---- | M] () -- C:\Documents and Settings\Steven Anderson\My Documents\Chapter 7.ppt
[2009/03/25 15:33:30 | 00,013,824 | ---- | M] () -- C:\Documents and Settings\Steven Anderson\My Documents\Book1.xls
[2009/03/25 13:36:07 | 00,002,485 | ---- | M] () -- C:\Documents and Settings\Steven Anderson\My Documents\ÜberHour Beta.lnk
[2009/03/23 17:00:03 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2009/03/16 22:58:14 | 00,111,616 | ---- | M] () -- C:\Documents and Settings\Steven Anderson\My Documents\mikes multiplication ppoint.ppt
[2009/03/16 03:25:50 | 02,906,962 | ---- | M] () -- C:\Documents and Settings\Steven Anderson\My Documents\benjamincostello_here_comes_the_sun.mp3
[2009/03/14 19:00:38 | 14,795,6009 | ---- | M] () -- C:\Documents and Settings\Steven Anderson\My Documents\501 - Scott Tenorman Must Die.mp4
[2009/03/13 22:13:35 | 00,000,650 | ---- | M] () -- C:\Documents and Settings\Steven Anderson\My Documents\iPowerHour.lnk
[2009/03/13 22:13:18 | 00,724,969 | ---- | M] ( ) -- C:\Documents and Settings\Steven Anderson\My Documents\iPowerHour3_01.exe
[2009/03/12 17:59:16 | 00,029,696 | ---- | M] () -- C:\Documents and Settings\Steven Anderson\My Documents\cover letter.doc
[2009/03/12 17:55:45 | 00,066,048 | ---- | M] () -- C:\Documents and Settings\Steven Anderson\My Documents\Resume2.doc
[2009/03/12 05:54:05 | 00,213,672 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/03/12 03:02:02 | 00,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/03/10 16:40:56 | 00,782,336 | ---- | M] () -- C:\Documents and Settings\Steven Anderson\My Documents\SlopesideBikes.mdb
[2009/03/10 15:38:20 | 00,487,424 | ---- | M] () -- C:\Documents and Settings\Steven Anderson\My Documents\SlopesideBikes(2).mdb
[2009/03/10 15:14:54 | 00,416,256 | ---- | M] () -- C:\Documents and Settings\Steven Anderson\My Documents\Chapter 6.ppt
[2009/03/10 10:18:08 | 00,024,576 | ---- | M] () -- C:\Documents and Settings\Steven Anderson\My Documents\ferdman.doc
[2009/03/09 16:07:05 | 00,022,553 | ---- | M] () -- C:\Documents and Settings\Steven Anderson\My Documents\glass_edited.jpg
[2009/03/09 16:05:05 | 00,586,374 | ---- | M] () -- C:\Documents and Settings\Steven Anderson\My Documents\glass.bmp
[2009/03/09 02:09:05 | 00,023,288 | ---- | M] () -- C:\Documents and Settings\Steven Anderson\My Documents\delocated.jpg
[2009/03/05 17:18:37 | 00,327,680 | ---- | M] () -- C:\Documents and Settings\Steven Anderson\My Documents\BIKERENTALS.mdb
[2009/03/05 16:31:26 | 00,000,349 | ---- | M] () -- C:\Documents and Settings\Steven Anderson\Desktop\Shortcut to My Documents.lnk
[2009/03/05 16:31:05 | 00,678,400 | ---- | M] () -- C:\Documents and Settings\Steven Anderson\My Documents\Chapter 5.ppt
[2009/03/05 12:13:54 | 01,550,059 | ---- | M] () -- C:\Documents and Settings\Steven Anderson\My Documents\Cornelius.AmbivalentReception.pdf
[2009/03/05 03:45:23 | 02,495,077 | ---- | M] () -- C:\Documents and Settings\Steven Anderson\My Documents\Street Fighter 2 Plus Champion Edition (J) [!].zip
[2009/03/04 01:52:25 | 01,003,139 | ---- | M] () -- C:\Documents and Settings\Steven Anderson\My Documents\NHL 98 (U) [h3].zip
[2009/03/04 00:54:31 | 00,892,321 | ---- | M] () -- C:\Documents and Settings\Steven Anderson\My Documents\Tecmo Super Bowl 3 Final Edition (U) [a1][x].zip
[2009/03/04 00:30:02 | 01,026,024 | ---- | M] () -- C:\Documents and Settings\Steven Anderson\My Documents\NHL 97 (F) [!].zip
[2009/03/03 17:37:39 | 00,151,552 | ---- | M] () -- C:\Documents and Settings\Steven Anderson\My Documents\studentDB1.mdb
[2009/03/03 17:14:37 | 00,033,792 | ---- | M] () -- C:\Documents and Settings\Steven Anderson\My Documents\bmgt301-0601_assign1a_anderson_steven.xls
[2009/03/03 16:55:09 | 00,033,280 | ---- | M] () -- C:\Documents and Settings\Steven Anderson\My Documents\Scenario Report.xls
[2009/03/03 16:26:35 | 00,026,624 | ---- | M] () -- C:\Documents and Settings\Steven Anderson\My Documents\assignment.xls
[2009/03/03 11:09:24 | 00,804,090 | ---- | M] () -- C:\Documents and Settings\Steven Anderson\My Documents\Delgado.%20Mujeres%20in%20College.pdf
[2009/03/03 11:09:06 | 02,042,904 | ---- | M] () -- C:\Documents and Settings\Steven Anderson\My Documents\Latinao%20Undergraduate%20Experiences%20in%20Higher%20Education.pdf
[2009/03/03 07:05:26 | 19,305,84737 | ---- | M] () -- C:\Documents and Settings\Steven Anderson\My Documents\Fear and Loathing in Las Vegas.mp4
[2009/03/03 01:22:51 | 00,026,112 | ---- | M] () -- C:\Documents and Settings\Steven Anderson\My Documents\Assignment-VersionA-WorkBook.xls
[2009/03/02 15:58:54 | 17,530,8609 | ---- | M] () -- C:\Documents and Settings\Steven Anderson\My Documents\S08E10 - The Springfield Files.mp4
[2009/03/02 15:47:59 | 21,725,2932 | ---- | M] () -- C:\Documents and Settings\Steven Anderson\My Documents\The City Of New York Vs. Homer Simpson.mp4
[2009/03/02 14:31:40 | 00,070,144 | ---- | M] () -- C:\Documents and Settings\Steven Anderson\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/02/27 19:02:45 | 00,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
< End of report >
Similar Topics
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users